From: Evans, Arian (Arian.Evans@fishnetsecurity.com)
Date: Mon Sep 12 2005 - 16:26:39 EDT
Hello Paavan, suggestions and comments inline to Mr. Martin's email:
***Commercial***
-Appsecinc's AppDetective for (insert DB), has a "pen test mode", sort of a brute-force, table-reader
type thing; lots of config options here
-NGS Squirrel for (insert DB), mostly a vuln scanner, very fast, cost effective
-Both Impact and CANVAS have DB exploits, though their focus is not DB auditing.
ISS's DB scanner is dead.
***Open-Source/Freeware***
Metacoretex looked like it had promise, but both plug-in and framework development appears dead now:
http://www.metacoretex.com
Metasploit and the Securityforest Exploittree both have DB exploit code. Metasploit gives you control
over payload, but does not have many DB exploits.
Pete Finnigan also keeps a nice list of tools, though many are gone/dead/no longer in active dev:
http://www.petefinnigan.com/tools.htm
***Books***
The Database Hacker's Handbook is another good resource.
http://www.amazon.com/exec/obidos/tg/detail/-/0764578014/qid=1126556735/sr=8-1/ref=pd_bbs_1/102-613477
4-4798546?v=glance&s=books&n=507846
>-----Original Message-----
>From: Bénoni MARTIN [mailto:Benoni.MARTIN@libertis.ga]
>Some loose tools:
>- ATK (free)
This is a sort of like Impact, CANVAS, Metasploit, or ExploitTree, but old and irrelevant for DBs
>- Acunetix Web Scanner (free but exists a trial version)
??? This thing was pretty limited last time I looked at it, and had no database audit capabilities.
>- Absinthe
Formerly SQLSqueal, this is a nice SQL injection testing tool. SPI Dynamics also makes a
SQL injection testing tool.
>-----Message d'origine-----
>De : paavan shah [mailto:paavan.shah@gmail.com]
>Envoyé : vendredi 9 septembre 2005 07:57
>À : pen-test@securityfocus.com
>Objet : database server audit tools
>
>hello friends...
>
>can anyone please suggest me good and easily configurable
>audit tools for mysql,oracle and sql server?
>
>please send me also some links to harden my database server
>from attacks..
>
>regards,
>Pavan Shah.
>
>---------------------------------------------------------------
HtH,
Arian J. Evans
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:53 EDT