Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: database server audit tools
From: "Evans, Arian" <Arian.Evans () fishnetsecurity com>
Date: Mon, 12 Sep 2005 15:26:39 -0500

Hello Paavan, suggestions and comments inline to Mr. Martin's email:


***Commercial***

-Appsecinc's AppDetective for (insert DB), has a "pen test mode", sort of a brute-force, table-reader
type thing; lots of config options here

-NGS Squirrel for (insert DB), mostly a vuln scanner, very fast, cost effective

-Both Impact and CANVAS have DB exploits, though their focus is not DB auditing.

ISS's DB scanner is dead.


***Open-Source/Freeware***

Metacoretex looked like it had promise, but both plug-in and framework development appears dead now:
http://www.metacoretex.com

Metasploit and the Securityforest Exploittree both have DB exploit code. Metasploit gives you control
over payload, but does not have many DB exploits.

Pete Finnigan also keeps a nice list of tools, though many are gone/dead/no longer in active dev:

http://www.petefinnigan.com/tools.htm


***Books***

The Database Hacker's Handbook is another good resource.
http://www.amazon.com/exec/obidos/tg/detail/-/0764578014/qid=1126556735/sr=8-1/ref=pd_bbs_1/102-613477
4-4798546?v=glance&s=books&n=507846


-----Original Message-----
From: Bénoni MARTIN [mailto:Benoni.MARTIN () libertis ga] 
Some loose tools:
-  ATK (free)

This is a sort of like Impact, CANVAS, Metasploit, or ExploitTree, but old and irrelevant for DBs

-  Acunetix Web Scanner (free but exists a trial version)

??? This thing was pretty limited last time I looked at it, and had no database audit capabilities.

-  Absinthe

Formerly SQLSqueal, this is a nice SQL injection testing tool. SPI Dynamics also makes a
SQL injection testing tool.

-----Message d'origine-----
De : paavan shah [mailto:paavan.shah () gmail com] 
Envoyé : vendredi 9 septembre 2005 07:57
À : pen-test () securityfocus com
Objet : database server audit tools

hello friends...

can anyone please suggest me good and easily configurable 
audit tools for mysql,oracle and sql server?

please send me also some links to harden my database server 
from attacks..

regards,
Pavan Shah.

---------------------------------------------------------------

HtH,

Arian J. Evans








------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]