Friday, June 1, 2007

SQL injection detection tools

I collected recent posts from SecGuru about SQL injection (vulnerability detection) tools:

SQLiX

"SQLiX, coded in Perl, is a SQL Injection scanner, able to crawl, detect SQL injection vectors, identify the back-end database and grab function call/UDF results (even execute system commands for MS-SQL). The concepts in use are different than the one used in other SQL injection scanners. SQLiX is able to find normal and blind SQL injection vectors and doesn't need to reverse engineer the original SQL request (using only function calls)."


See: http://www.owasp.org/index.php/Category:OWASP_SQLiX_Project


FJ - Injector Framwork

"FG-Injector is a free open source framework designed to help find SQL injection vulnerabilities in web applications. It includes a proxy feature for intercepting and modifying HTTP requests, and an interface for automating SQL injection exploitation."
See: http://sourceforge.net/project/showfiles.php?group_id=183841

SQLIer - SQL Injection Hole Detection

"SQLIer takes an SQL Injection vulnerable URL and attempts to determine all the necessary information to build and exploit an SQL Injection hole by itself, requiring no user interaction at all (unless it can't guess the table/field names correctly). By doing so, SQLIer can build a UNION SELECT query designed to brute force passwords out of the database. This script also does not use quotes in the exploit to operate, meaning it will work for a wider range of sites.

An 8 character password (containing any character from decimal ASCII code 1-127) takes approximately 1 minute to crack."

See: http://bcable.net/project.php?sqlier


Sqlbftools - Blind MySQL injection and database stressing

"Currently tools are being used to get SQL data from a blind (Microsoft) sql injection, like datathief of absinthe. The problem in Mysql is the dificulty to get the database structure. In Mysql there are no Objects database or alike, so it's not possible to create an stored procedure to walktrough a database catalog as these programs do with other database managers.

The approach explained here is from a web service viewpoint. It's, from a web service vulnerable to sql injection."

See: http://www.reversing.org/node/view/11

SqliBF - SQL Injection Brute forcer
"SQLibf is a tool for automatizing the work of detecting and exploiting SQL Injection vulnerabilities. SQLibf can work in Visible and Blind SQL Injection. It works by doing simple logic SQL operations to determine the exposure level of the vulnerable application."

See: http://www.open-labs.org/sqlibf19beta1.tar.gz

SQLBrute - Blind Sql Injection Tool

"SQLBrute is a tool for brute forcing data out of databases using blind SQL injection vulnerabilities. It supports time based and error based exploit types on Microsoft SQL Server, and error based exploit on Oracle. It is written in Python, uses multi-threading, and doesn’t require non-standard libraries."

See: http://www.justinclarke.com/security/sqlbrute.py

Blind SQL Injection Perl Tool

"bsqlbf is a Perl script that lets auditors retrieve information from web sites that are vulnerable to SQL Injection."


See: http://www.unsec.net/download/bsqlbf.pl

SQL Power Injection

"SQL Power Injection helps the penetration tester to inject SQL commands on a web page. It’s main strength is its capacity to automate tedious blind SQL injection with several threads."

See: http://sourceforge.net/project/showfiles.php?group_id=159131

No comments:

Post a Comment