Penetration Testing mailing list archives

Re: Database Scanners

From: Jay Beale <jay () bastille-linux org>
Date: Thu, 17 Jun 2004 23:12:33 -0700

I'm pretty impressed by MetaCortex.

http://www.metacoretex.com/

Quoting:

MetaCoretex is an entirely JAVA vulnerability scanning framework which 
puts special emphasis on databases. Probe objects are written in JAVA by 
means of an easy to extend AbstractProbe class. Additionally, probe 
generators make the process of writting simple probes almost automagic.

Please see the Features FAQ for information on all the junk MetaCoretex 
can do...

Also, check out the Probe List for a current listing of active probes. 


  - Jay



In the wise words of Frank Boldewin:

hi,

the only good database scanner i know is appdetective.

http://www.appsecinc.com/products/appdetective/

scans several databases: oracle, db2, mssql, mysql, notes, sybase and web
apps.

hope that helps.

cheers,
frank




----- Original Message ----- 
From: <brownsec () hotmail com>
To: <pen-test () securityfocus com>
Sent: Wednesday, June 16, 2004 10:39 PM
Subject: Database Scanners



Is anyone aware of a good scanner that will work well against DB2

databases?  I know ISS has a DB-Scanner but it does not appear to be
compatible with DB2.




Thanks...

Current thread:

Database Scanners brownsec (Jun 16)
- Re: Database Scanners Frank Boldewin (Jun 17)
  - Re: Database Scanners Jay Beale (Jun 18)
  - Re: Database Scanners Joey Peloquin (Jun 21)