Friday, March 28, 2008

Best SQL Injection Tool

Pangolin - v1.2.590

Pangolin is a GUI tool running on Windows to perform as more as possible pen-testing through SQL injection. This version now supports following databases and operations:

MSSQL : Server informations, Datas, CMD execute, Regedit, Write file, Download file, Read file, File Browser...
ORACLE : Server informations, Datas, Accounts cracking...
PGSQL : Server informations, Datas, Read file...
DB2 : Server informations, Datas, ...
INFORMIX : Server informations, Datas, ...
SQLITE : Server informations, Datas, ...
Access : Server informations, Datas, ...
SYBASE : Server informations, Datas, etc.

And supports:

HTTPS support
Pre-Login
Proxy
Specify any HTTP headers(User-agent, Cookie, Referer and so on)
Bypass firewall setting
Auto-analyzing keyword
Detailed check optio ns
Injection-points management etc.

What's the differents to the others?

Easy-of-use : What I try to do is making pen-tester more care about result, not the process. All you should do is clicking the buttons. Amazing Speed : so many people told you things about brute sql injection, is it really necessary? Forget char-by-char, we can row-by-row(of cource, not every injection-point can do this)?


The exact check method : do you really think automated tools like AWVS,APPSCAN can find all injection-points?

So, whatever, just check it out, and then enjoy your feeling ;)

More information : http://www.nosec.org/web/index.php?q=pangolin


Download : http://seclab.nosec.org/security/pangolin_bin.rar


Declare: Pangolin is designed for security testing by pen-tester when he has been authorized. DO NOT attack any website viciously or accept the consequences!!!

No comments: