Tag: vulnerability scanner

The Mole

The Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique. Features Support for injections using Mysql, SQL Server, Postgres and Oracle databases. Command …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2012/07/24/the-mole/

MySqloit

MySqloit is a SQL Injection takeover tool focused on LAMP (Linux, Apache,MySql,PHP) and WAMP (Windows, Apache,MySql,PHP) platforms. It has an ability to upload and execute Metasploit shellcodes through the MySql SQL Injection vulnerability. Platform supported 1) Linux Key Features 1) SQL Injection detection using time based injection method 2) Database fingerprint 3) Web server directory …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2012/07/23/mysqloit/

BSQL (Blind SQL) Hacker

BSQL (Blind SQL) Hacker is an automated SQL Injection Framework / Tool designed to exploit SQL injection vulnerabilities virtually in any database. BSQL Hacker aims for experienced users as well as beginners who want to automate SQL Injections (especially Blind SQL Injections). Key Features Easy Mode SQL Injection Wizard Automated Attack Support (database dump) ORACLE …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2012/07/23/bsql-blind-sql-hacker/

Safe3SI

Safe3SI is one of the most powerful and easy usage penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a kick-ass detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2012/07/23/safe3si/

SQL Ninja

Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote access on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2012/07/23/sql-ninja/

Havij

Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page. It can take advantage of a vulnerable web application. By using this software user can perform back-end database fingerprint, retrieve DBMS users and  password hashes, dump tables and columns, fetching data from the …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2012/07/23/havij/

SQL injection digger

SQL injection digger is a command line program that looks for SQL injections and common errors in web sites. Current version can perform the following operations: Look for SQL injections and common errors in web site URLs found by performing a google search. Look for SQL injections and common errors in a given URL or …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2012/07/23/sql-injection-digger/

SQLIer

SQLIer takes an SQL Injection vulnerable URL and attempts to determine all the necessary information to build and exploit an SQL Injection hole by itself, requiring no user interaction at all (unless it can’t guess the table/field names correctly). By doing so, SQLIer can build a UNION SELECT query designed to brute force passwords out …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2012/07/23/sqlier/

Acunetix Web Vulnerability Scanner

Free Edition Features: Acunetix WVS automatically checks your web applications for XSS, SQL Injection & other vulnerabilities. Firewalls, SSL and locked-down servers are futile against web application hacking. Acunetix checks your web applications for coding errors that result in Cross Site Scripting vulnerabilities. Acunetix also checks for other vulnerabilities in popular web applications such as Joomla, …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2012/07/23/acunetix-web-vulnerability-scanner/

WebScarab

WebScarab is a framework for analysing applications that communicate using the HTTP and HTTPS protocols. It is written in Java, and is thus portable to many platforms. WebScarab has several modes of operation, implemented by a number of plugins. In its most common usage, WebScarab operates as an intercepting proxy, allowing the operator to review …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2012/07/23/webscarab/

Exploit-Me

Exploit-Me is a suite of Firefox web application security testing tools designed to be lightweight and easy to use. XSS-Me Cross-Site Scripting (XSS) is a common flaw found in todays web applications. XSS flaws can cause serious damage to a web application. Detecting XSS vulnerabilities early in the development process will help protect a web …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2012/07/23/exploit-me/