Penetration Testing mailing list archives
RE: database server audit tools
From: "Evans, Arian" <Arian.Evans () fishnetsecurity com>
Date: Mon, 12 Sep 2005 15:26:39 -0500
Hello Paavan, suggestions and comments inline to Mr. Martin's email: ***Commercial*** -Appsecinc's AppDetective for (insert DB), has a "pen test mode", sort of a brute-force, table-reader type thing; lots of config options here -NGS Squirrel for (insert DB), mostly a vuln scanner, very fast, cost effective -Both Impact and CANVAS have DB exploits, though their focus is not DB auditing. ISS's DB scanner is dead. ***Open-Source/Freeware*** Metacoretex looked like it had promise, but both plug-in and framework development appears dead now: http://www.metacoretex.com Metasploit and the Securityforest Exploittree both have DB exploit code. Metasploit gives you control over payload, but does not have many DB exploits. Pete Finnigan also keeps a nice list of tools, though many are gone/dead/no longer in active dev: http://www.petefinnigan.com/tools.htm ***Books*** The Database Hacker's Handbook is another good resource. http://www.amazon.com/exec/obidos/tg/detail/-/0764578014/qid=1126556735/sr=8-1/ref=pd_bbs_1/102-613477 4-4798546?v=glance&s=books&n=507846
-----Original Message----- From: Bénoni MARTIN [mailto:Benoni.MARTIN () libertis ga] Some loose tools: - ATK (free)
This is a sort of like Impact, CANVAS, Metasploit, or ExploitTree, but old and irrelevant for DBs
- Acunetix Web Scanner (free but exists a trial version)
??? This thing was pretty limited last time I looked at it, and had no database audit capabilities.
- Absinthe
Formerly SQLSqueal, this is a nice SQL injection testing tool. SPI Dynamics also makes a SQL injection testing tool.
-----Message d'origine----- De : paavan shah [mailto:paavan.shah () gmail com] Envoyé : vendredi 9 septembre 2005 07:57 À : pen-test () securityfocus com Objet : database server audit tools hello friends... can anyone please suggest me good and easily configurable audit tools for mysql,oracle and sql server? please send me also some links to harden my database server from attacks.. regards, Pavan Shah. ---------------------------------------------------------------
HtH, Arian J. Evans ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Re: SAM user dump, (continued)
- Re: SAM user dump J. Theriault (Sep 18)
- Re: SAM user dump Iván Arce (Sep 22)
- Re: SAM user dump Stephan (Sep 24)
- RE: SAM user dump Roni Bachar (Sep 18)
- Re: SAM user dump frank boldewin (Sep 18)
- RE: SAM user dump dave kleiman (Sep 18)
- RE: database server audit tools Security Focus (Sep 14)
- Re: database server audit tools Christian Martorella (Sep 14)