FREE TOOL: SQLRecon released by Special Ops Labs!!!
From: Erik Pace Birkholz (erik_at_SPECIALOPSSECURITY.COM)
Date: 03/23/05
- Previous message: Michael Howard: "Security Development Lifecycle Whitepaper Available"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 23 Mar 2005 01:57:49 -0500 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Chip Andrews of SQL Server Security fame has completed SQLRecon v1.0,
the successor to SQLPing2, which aggregates multiple SQL Server
discovery methods into a single, easy-to-use tool.
And now for the good news! SQLRecon v1.0 has been released to the public
as a free tool.
SQLRecon performs both active and passive scans of your network in order
to identify all of the SQL Server/MSDE installations in your enterprise.
Due to the proliferation of personal firewalls, inconsistent network
library configurations, and multiple-instance support, SQL Server
installations are becoming increasingly difficult to discover, assess,
and maintain. SQLRecon is designed to remedy this problem by combining
all known means of SQL Server/MSDE discovery into a single tool which
can be used to ferret-out servers you never knew existed on your network
so you can properly secure them.
FEATURES
* Multi-threaded scanning engine
* 6 Active scanning techniques
* 2 Stealth scanning techniques
* IP Range scanning
* IP List scanning
* Export results as XML or text file
* Export IP list for use in future scans (i.e. Passive to Active)
* ICMP check to increase scan speed
* Debug mode to allow for greater scan visibility
* Allows alternate credentials
* Custom source port for UDP packets for firewall evasion
Features, screenshots, documentation and download available here:
http://www.specialopssecurity.com/labs/sqlrecon/
<http://www.specialopssecurity.com/labs/sqlrecon/>
The press release is available here:
http://www.specialopssecurity.com/news/2005/
ABOUT SPECIAL OPS LABS:
Led by industry expert and co-founder of Special Ops Security, Inc.,
Chip Andrews (Founder of SQLSecurity.com), Special Ops Labs is a
dedicated research and development team tasked with the creation and
evolution of applications, scripts, templates, utilities and tools for
use during consulting and training engagements. When appropriate,
Special Ops Labs freely provides these tools to the security community.
P.S. Stay tuned for SQLassault. If you have product feature suggestions,
please go here http://www.specialopssecurity.com/labs/sqlassault/ and
let us know.
Enjoy,
Erik
________________________________
Erik Pace Birkholz CISSP,ISSAP,MCSE
President/CEO
Special Ops Security <http://sopsec.com/> 888-R-U-OWNED x187
ERIK@SpecialOpsSecurity.com vCard <http://sopsec.com/pgp/birkholz.vcf>
PGP Public Key <http://sopsec.com/pgp/birkholz.pgp>
------------------------------------------------------------------------
--- ------------------------------------------------------------------------ --- -- NTBugtraq Editor's Note: Most viruses these days use spoofed email addresses. As such, using an Anti-Virus product which automatically notifies the perceived sender of a message it believes is infected may well cause more harm than good. Someone who did not actually send you a virus may receive the notification and scramble their support staff to find an infection which never existed in the first place. Suggest such notifications be disabled by whomever is responsible for your AV, or at least that the idea is considered. --
- Previous message: Michael Howard: "Security Development Lifecycle Whitepaper Available"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
