'자동화툴'에 해당되는 글 6건

  1. 2008.09.03 sqlmap 0.6
  2. 2008.01.06 Site List
  3. 2007.11.25 Bruter 1.0Beta1 released
  4. 2007.11.18 penetrationtest.com
  5. 2007.11.13 Nikto 2.0 released!!
  6. 2007.11.09 Security Database Tool Search Site

sqlmap 0.6

보안/Web 2008.09.03 12:45
Introduction
============

sqlmap is an automatic SQL injection tool developed in Python. Its goal
is to detect and take advantage of SQL injection vulnerabilities on web
applications. Once it detects one or more SQL injections on the target
host, the user can choose among a variety of options to perform an
extensive back-end database management system fingerprint, retrieve DBMS
session user and database, enumerate users, password hashes, privileges,
databases, dump entire or user's specific DBMS tables/columns, run his
own SQL SELECT statement, read specific files on the file system and
much more.


Changes
=======

Some of the new features include:

* Added multithreading support to set the maximum number of concurrent
HTTP requests.

* Implemented SQL shell (--sql-shell) functionality and fixed SQL query
(--sql-query, before called -e) to be able to run whatever SELECT
statement and get its output in both inband and blind SQL injection attack.

* Added an option (--privileges) to retrieve DBMS users privileges, it
also notifies if the user is a DBMS administrator.

* Added support (-c) to read options from configuration file, an example
of valid INI file is sqlmap.conf and support (--save) to save command
line options on a configuration file.

* Implemented support for HTTPS requests over HTTP(S) proxy.

* Enhanced logging system: added three more levels of verbosity to show
also HTTP sent and received traffic.

Complete list of changes at http://sqlmap.sourceforge.net/doc/ChangeLog.


Download
========

You can download it in various formats:

* Source gzip compressed,
http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.tar.gz

* Source bzip2 compressed,
http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.tar.bz2

* Source zip compressed,
http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.zip

* DEB binary package,
http://downloads.sourceforge.net/sqlmap/sqlmap_0.6-1_all.deb

* RPM binary package,
http://downloads.sourceforge.net/sqlmap/sqlmap-0.6-1.noarch.rpm

* Portable executable for Windows that does not require the Python
interpreter to be installed on the operating system,
http://downloads.sourceforge.net/sqlmap/sqlmap-0.6_exe.zip

Note: the subversion repository is not accessible anymore so the only
way to get the new release is to download it from one of the above links.


Documentation
=============

* sqlmap user's manual: http://sqlmap.sourceforge.net/doc/README.pdf

* sqlmap developer's documentation: http://sqlmap.sourceforge.net/dev/
신고
Posted by She쥐포s

Site List

보안 2008.01.06 23:18

○ Vulnerability
    - http://packetstormsecurity.org/
    - http://www.elsenot.com/
    - http://milw0rm.com/
    - http://www.osvdb.org/

○ Education & Study
    - http://www.hackerhighschool.org/

○ Tool
    - http://www.nagiosexchange.org/
    - http://www.ntop.org/
    - http://www.splintered.net/sw/flow-tools/
    - http://www.google.com/search?hl=en&q=prtg

○ Article for Log Level Security
    - http://support.microsoft.com/kb/282791/en-us
    - http://support.microsoft.com/kb/314980/en-us
    - http://support.microsoft.com/kb/300549/en-us
    - http://support.microsoft.com/kb/262177/en-us
    - http://support.microsoft.com/kb/310399/en-us
    - http://msdn2.microsoft.com/en-us/library/aa392285.aspx

○ Database Security
    - http://www.petefinnigan.com/

○ MS Security Info
    - http://securityadmin.info/

○ Security Videos
    - http://security-freak.net/videos.html

○ Other Sources
    - http://chaosreader.sourceforge.net/
    - http://gentoo-wiki.com/HOWTO_setup_a_gentoo_bridge
    - http://www.wireshark.org/
    - http://cmrr.ucsd.edu/people/Hughes/CmrrSecureEraseProtocols.pdf
    - http://tinyurl.com/24vuj8
    - http://tinyurl.com/35mbc9
    - http://www.nber.org/sys-admin/overwritten-data-guttman.html
    - http://www.DaveKleiman.com/Files
    - http://tinyurl.com/8zblp
    - http://tinyurl.com/iqx3
    - http://www.giac.net/certified_professionals/practicals/gcfa/265.php
    - http://www.payam.com.au/hard-disk-data-recovery.htm
    - http://ocw.mit.edu/OcwWeb/web/courses/courses/index.htm
    - http://csrc.nist.gov/publications/nistpubs/800-88/NISTSP800-88_rev1.pdf
    - https://strikecenter.bpointsys.com/articles/2007/08/26/vista-gadget-patches-in-ms07-048


    -
    -

신고
Posted by She쥐포s
o Bruter 1.0Beta1 released
http://sourceforge.net/projects/worawita/


o BruteForce Tool
o Win32 플랫폼만 지원
신고
Posted by She쥐포s

penetrationtest.com

보안 2007.11.18 23:42
o 아직은 많은 볼거리는 없지만 앞으로 기대해 볼만한 Site로 생각됨

o 특히 Tools-Software부분이 볼만하다. 각종 툴과 Train Resource가 있음.
http://www.penetrationtests.com/Tools-Software/


신고
Posted by She쥐포s
o Nikto란?
Nikto는 3500개 이상의 잠재적 위험 파일/CGI, 900개 이상의 버전과 250개 이상의 서버 버전에 따른
특정 문제점을 포함하는 다양한 항목의 웹서버 점검을 수행하는오픈소스(GPL) 웹서버 스캐너이다.

o 2.0에서 개선된 점들
    - Fingerprinting web servers via favicon.ico files
    - 404 error checking for each file type
    - Enhanced false positive reduction via multiple methods: headers, page content, and content hashing
    - Scan tuning to include or exclude entire classes of vulnerability checks
    - Uses LibWhisker 2, which has its own long list of enhancements
    - A "single" scan mode that allows you to craft an HTTP request manually
    - Basic template engine so that HTML reports can be easily customized
    - An experimental knowledge base for scans, which will allow regenerated reports and retests (future)
    - Optimizations, bug fixes and more...

o URL
http://www.cirt.net/code/nikto.shtml




신고
Posted by She쥐포s
○ Security Database Tool Search Site

http://www.security-database.com/toolswatch
신고
Posted by She쥐포s