Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: database server audit tools
From: Christian Martorella <laramies2k () yahoo com ar>
Date: Wed, 14 Sep 2005 23:47:57 +0200


Hi all, i would like to inform that we are forking the Metacoretex project, to create an updated and improved version. We started a week ago, and we are working on the first version. The project name is Metacoretex-NG, and the objetive is to create an updated open source vulnerability and assessment framework for databases:

Some of the areas we are working:

-Updated plugin collection
-Html export of reports
-Improved Interface
-Pen test mode
-More databases (db2,postgresql)
-Automatic host discovery
-Better documentation

Everyone who wants to join us, is welcome!

Contact us:   laramies2k () yahoo com ar
                       vdiaz () edge-security com
                       mllovet () edge-security com

Soon in:  http://metacoretex-ng.sourceforge.net

Christian Martorella




Evans, Arian wrote:

Hello Paavan, suggestions and comments inline to Mr. Martin's email:


***Commercial***

-Appsecinc's AppDetective for (insert DB), has a "pen test mode", sort of a brute-force, table-reader
type thing; lots of config options here

-NGS Squirrel for (insert DB), mostly a vuln scanner, very fast, cost effective

-Both Impact and CANVAS have DB exploits, though their focus is not DB auditing.

ISS's DB scanner is dead.


***Open-Source/Freeware***

Metacoretex looked like it had promise, but both plug-in and framework development appears dead now:
http://www.metacoretex.com

Metasploit and the Securityforest Exploittree both have DB exploit code. Metasploit gives you control
over payload, but does not have many DB exploits.

Pete Finnigan also keeps a nice list of tools, though many are gone/dead/no longer in active dev:

http://www.petefinnigan.com/tools.htm


***Books***

The Database Hacker's Handbook is another good resource.
http://www.amazon.com/exec/obidos/tg/detail/-/0764578014/qid=1126556735/sr=8-1/ref=pd_bbs_1/102-613477
4-4798546?v=glance&s=books&n=507846


-----Original Message-----
From: Bénoni MARTIN [mailto:Benoni.MARTIN () libertis ga] Some loose tools:
-  ATK (free)

This is a sort of like Impact, CANVAS, Metasploit, or ExploitTree, but old and irrelevant for DBs

-  Acunetix Web Scanner (free but exists a trial version)

??? This thing was pretty limited last time I looked at it, and had no database audit capabilities.

-  Absinthe

Formerly SQLSqueal, this is a nice SQL injection testing tool. SPI Dynamics also makes a
SQL injection testing tool.

-----Message d'origine-----
De : paavan shah [mailto:paavan.shah () gmail com] Envoyé : vendredi 9 septembre 2005 07:57
À : pen-test () securityfocus com
Objet : database server audit tools

hello friends...

can anyone please suggest me good and easily configurable audit tools for mysql,oracle and sql server?

please send me also some links to harden my database server
from attacks..
regards,
Pavan Shah.

---------------------------------------------------------------

HtH,

Arian J. Evans








------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------




        

        
                
___________________________________________________________ 1GB gratis, Antivirus y Antispam Correo Yahoo!, el mejor correo web del mundo http://correo.yahoo.com.ar

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault