Re: Open Source database scanning tools



On Thu, Nov 13, 2008 at 6:44 PM, <jeld7@xxxxxxxx> wrote:
I am presently assessing open source database scanning tools that are available and Can you please let me know the ones most used to scan multiple databases Oracle,SQL,DB2,etc

Hi,

Off the top of my head, I could think of the following tools:

THC-Hydra (http://freeworld.thc.org/thc-hydra) - can be ran to perform
SQL/MySQL dictionary attack.

Paros proxy (http://www.parosproxy.org/index.shtml) - can scan for SQL
injection flaws

Absinthe (http://www.0x90.org/releases/absinthe) - automates the
process of downloading the schema & contents of a database that is
vulnerable to Blind SQL Injection.

SQLDict (http://ntsecurity.nu/cgi-bin/download/sqldict.exe.cgi) -
dictionary attack tool against SQL Server

Backtrack SQL Tools (http://www.remote-exploit.org/backtrack.html)
- SQL Inject
- SQL Scanner
- SQLLibf
- SQLbrute

Regards,

Salvador Manaois III
MCSE MCSA C|EH MCITP | Enterprise/Server Admin
Bytes & Badz : http://badzmanaois.blogspot.com



Relevant Pages