Commix (short for [comm]and [i]njection e[x]ploiter) has a simple environment and it can be used by web developers, penetration testers or even security researchers to test web applications with the view to find bugs, errors or vulnerabilities related to command injection attacks. By using this command injection attack tool, it is very easy to find […]
Safe3 SQL Injector is one of the most powerful penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of back-end database servers. Features Full support for GET/Post/Cookie Injection Full support for HTTP Basic, Digest, NTLM and Certificate authentications Full support for MySQL, Oracle, PostgreSQL, MSSQL, ACESS, DB2, […]
Tags: detect sql injection, safe3, safe3 sql injector, sql injector, sql scanning, sql scanning tool, sql-injection, sql-injection-tool, sqli, web application security scanner, Web Hacking, web-applications-security, web-hacking-tool, web-security
Posted in: Database Hacking, Hacking Tools, Web Hacking | Add a CommentOur last mention of w3af was back in 2008 when the fifth BETA was released, the team have recently released a new version 1.0 – Release Candidate 3. w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to find and exploit web application vulnerabilities that is easy […]
WSFuzzer is a fuzzing tool targetting HTTP and SOAP based web services. The program currently targets Web Services. In the current version HTTP based SOAP services are the only supported targets. This tool was created based on, and to automate, some of the manual SOAP pen testing work we perform. This tool is NOT meant […]
Sandcat allows web administrators to perform aggressive and comprehensive scans of an organization’s web server to isolate vulnerabilities and identify security holes. The Sandcat scanner requires basic inputs such as host names, start URLs and port numbers to scan a complete web site and test all the web applications for security vulnerabilities. This is a […]
Yes that means all versions including the current version and before, 2.0.4 has not yet been released at the current time. An exploit has been discovered in the current release of WordPress, affecting WordPress 2.0.3 and below (including 1.5.x) that allows these subscribed users to cause some serious damage. It’s recommended at present if you […]
sqlninja is a little toy that has been coded during a couple of pen-tests done lately and it is aimed to exploit SQL Injection vulnerabilities on web applications that use Microsoft SQL Server as their back-end. It borrows some ideas from similar tools like bobcat, but it is more targeted in providing a remote shell […]
