Home page logo

basics logo Security Basics mailing list archives

Re: Open Source database scanning tools
From: "Salvador III Manaois" <badzmanaois () gmail com>
Date: Fri, 14 Nov 2008 00:29:52 +0800

On Thu, Nov 13, 2008 at 6:44 PM,  <jeld7 () yahoo fr> wrote:
I am presently assessing open source database scanning tools that are available and Can you please let me know the 
ones most used to scan multiple databases Oracle,SQL,DB2,etc


Off the top of my head, I could think of the following tools:

THC-Hydra (http://freeworld.thc.org/thc-hydra) - can be ran to perform
SQL/MySQL dictionary attack.

Paros proxy (http://www.parosproxy.org/index.shtml) - can scan for SQL
injection flaws

Absinthe (http://www.0x90.org/releases/absinthe) - automates the
process of downloading the schema & contents of a database that is
vulnerable to Blind SQL Injection.

SQLDict (http://ntsecurity.nu/cgi-bin/download/sqldict.exe.cgi) -
dictionary attack tool against SQL Server

Backtrack SQL Tools (http://www.remote-exploit.org/backtrack.html)
- SQL Inject
- SQL Scanner
- SQLLibf
- SQLbrute


Salvador Manaois III
MCSE MCSA C|EH MCITP | Enterprise/Server Admin
Bytes & Badz : http://badzmanaois.blogspot.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]