Re: database server audit tools

From: Christian Martorella (laramies2k@yahoo.com.ar)
Date: Wed Sep 14 2005 - 17:47:57 EDT

• Next message: Craig Wright: "RE: Whitespace in passwords"
• Previous message: Curt Purdy: "RE: [lists] root kit detection/penetration"
• In reply to: Evans, Arian: "RE: database server audit tools"
• Next in thread: rohytbelani@hotmail.com: "Re: Re: database server audit tools"
• Maybe reply: rohytbelani@hotmail.com: "Re: Re: database server audit tools"
• Maybe reply: jay.tomas@infosecguru.com: "Re: Re: database server audit tools"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi all, i would like to inform that we are forking the Metacoretex
project, to create an updated and improved version.
We started a week ago, and we are working on the first version. The
project name is Metacoretex-NG, and the objetive is to
create an updated open source vulnerability and assessment framework for
databases:

Some of the areas we are working:

-Updated plugin collection
-Html export of reports
-Improved Interface
-Pen test mode
-More databases (db2,postgresql)
-Automatic host discovery
-Better documentation

Everyone who wants to join us, is welcome!

Contact us: laramies2k@yahoo.com.ar
                        vdiaz@edge-security.com
                        mllovet@edge-security.com

Soon in: http://metacoretex-ng.sourceforge.net

Christian Martorella

Evans, Arian wrote:

>Hello Paavan, suggestions and comments inline to Mr. Martin's email:
>
>
>***Commercial***
>
>-Appsecinc's AppDetective for (insert DB), has a "pen test mode", sort of a brute-force, table-reader
>type thing; lots of config options here
>
>-NGS Squirrel for (insert DB), mostly a vuln scanner, very fast, cost effective
>
>-Both Impact and CANVAS have DB exploits, though their focus is not DB auditing.
>
>ISS's DB scanner is dead.
>
>
>***Open-Source/Freeware***
>
>Metacoretex looked like it had promise, but both plug-in and framework development appears dead now:
>http://www.metacoretex.com
>
>Metasploit and the Securityforest Exploittree both have DB exploit code. Metasploit gives you control
>over payload, but does not have many DB exploits.
>
>Pete Finnigan also keeps a nice list of tools, though many are gone/dead/no longer in active dev:
>
>http://www.petefinnigan.com/tools.htm
>
>
>***Books***
>
>The Database Hacker's Handbook is another good resource.
>http://www.amazon.com/exec/obidos/tg/detail/-/0764578014/qid=1126556735/sr=8-1/ref=pd_bbs_1/102-613477
>4-4798546?v=glance&s=books&n=507846
>
>
>
>
>>-----Original Message-----
>>From: Bénoni MARTIN [mailto:Benoni.MARTIN@libertis.ga]
>>Some loose tools:
>>- ATK (free)
>>
>>
>
>This is a sort of like Impact, CANVAS, Metasploit, or ExploitTree, but old and irrelevant for DBs
>
>
>
>>- Acunetix Web Scanner (free but exists a trial version)
>>
>>
>
>??? This thing was pretty limited last time I looked at it, and had no database audit capabilities.
>
>
>
>>- Absinthe
>>
>>
>
>Formerly SQLSqueal, this is a nice SQL injection testing tool. SPI Dynamics also makes a
>SQL injection testing tool.
>
>
>
>>-----Message d'origine-----
>>De : paavan shah [mailto:paavan.shah@gmail.com]
>>Envoyé : vendredi 9 septembre 2005 07:57
>>À : pen-test@securityfocus.com
>>Objet : database server audit tools
>>
>>hello friends...
>>
>>can anyone please suggest me good and easily configurable
>>audit tools for mysql,oracle and sql server?
>>
>>please send me also some links to harden my database server
>>
>>
>>from attacks..
>
>
>>regards,
>>Pavan Shah.
>>
>>---------------------------------------------------------------
>>
>>
>
>HtH,
>
>Arian J. Evans
>
>
>
>
>
>
>
>
>------------------------------------------------------------------------------
>Audit your website security with Acunetix Web Vulnerability Scanner:
>
>Hackers are concentrating their efforts on attacking applications on your
>website. Up to 75% of cyber attacks are launched on shopping carts, forms,
>login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
>futile against web application hacking. Check your website for vulnerabilities
>to SQL injection, Cross site scripting and other web attacks before hackers do!
>Download Trial at:
>
>http://www.securityfocus.com/sponsor/pen-test_050831
>-------------------------------------------------------------------------------
>
>
>
>

        
                
___________________________________________________________
1GB gratis, Antivirus y Antispam
Correo Yahoo!, el mejor correo web del mundo
http://correo.yahoo.com.ar

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Next message: Craig Wright: "RE: Whitespace in passwords"
• Previous message: Curt Purdy: "RE: [lists] root kit detection/penetration"
• In reply to: Evans, Arian: "RE: database server audit tools"
• Next in thread: rohytbelani@hotmail.com: "Re: Re: database server audit tools"
• Maybe reply: rohytbelani@hotmail.com: "Re: Re: database server audit tools"
• Maybe reply: jay.tomas@infosecguru.com: "Re: Re: database server audit tools"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:54 EDT