Security Basics mailing list archives

Re: Open Source database scanning tools

From: "Salvador III Manaois" <badzmanaois () gmail com>
Date: Fri, 14 Nov 2008 00:29:52 +0800

On Thu, Nov 13, 2008 at 6:44 PM,  <jeld7 () yahoo fr> wrote:

I am presently assessing open source database scanning tools that are available and Can you please let me know the 
ones most used to scan multiple databases Oracle,SQL,DB2,etc


Hi,

Off the top of my head, I could think of the following tools:

THC-Hydra (http://freeworld.thc.org/thc-hydra) - can be ran to perform
SQL/MySQL dictionary attack.

Paros proxy (http://www.parosproxy.org/index.shtml) - can scan for SQL
injection flaws

Absinthe (http://www.0x90.org/releases/absinthe) - automates the
process of downloading the schema & contents of a database that is
vulnerable to Blind SQL Injection.

SQLDict (http://ntsecurity.nu/cgi-bin/download/sqldict.exe.cgi) -
dictionary attack tool against SQL Server

Backtrack SQL Tools (http://www.remote-exploit.org/backtrack.html)
- SQL Inject
- SQL Scanner
- SQLLibf
- SQLbrute

Regards,

Salvador Manaois III
MCSE MCSA C|EH MCITP | Enterprise/Server Admin
Bytes & Badz : http://badzmanaois.blogspot.com

Current thread:

Open Source database scanning tools jeld7 (Nov 13)
- Re: Open Source database scanning tools Salvador III Manaois (Nov 13)