[skydance]

Absinthe - Automated Blind SQL Injection

Absinthe was designed to automate the process of exploiting blind SQL
injection holes on Microsoft SQL Server. It currently supports SQL
Server, Oracle and Postgres.

LiLith : http forms scanner/injector

LiLith is an http scanner to perform web application audits. This tool
analyses webpages and looks for html <form> tags , which often refer to
dynamic pages that might be subject to sql injection or other flaws.

WIS (Web Injection Scanner)

C:\>wis http://www.someaspsite.com/

Web Injection Scanner (Protype 0.4)
by netXeyes, 2004.05.08 http://www.netXeyes.com security@vip.sina.com
¡¡

Scanning http://www.someaspsite.com/, Page: Unlimited
Patient, Please....

(001 + 000) Checking: /shownews.asp?newsid=204
SQL Injection Found: /shownews.asp?newsid=204


WED (Web Entry Detector)

enjoy ;)

Attached File(s)

•  Absinthe_1.1.tar.gz (142.87K)
  Number of downloads: 604
•  lilith_0.4c.tar.gz (6.86K)
  Number of downloads: 391
•  wis.rar (60.82K)
  Number of downloads: 701
•  wed.rar (61.48K)
  Number of downloads: 579

[sandalwood]

I appreciate you putting these tools together in one post. Auditing SQL injection is often a time consuming process and unless you know the right tools to use you can end up wasting a lot of time. I think absinthe is the most useful of these tools but still requires you find the holes yourself first. The nessus module for finding sql injection is pretty good (sql_injection.nasl). I tried to quote the relevant code from that module here, but the forum software choked and didn't let it post. You can find it with nessus or xscan in the nasl modules folder.

[skydance]

never played with that nessus module.... i'll give it a try, thanx for the info sandalwood.

[silos]

Yeah, good tools.
There is a windows prog. called 'Acunetix Vulnerability Scanner' that does SQL injection testing among other things like CGI, Parameter Testing , Directory Traversal stuff etc.

http://www.acunetix.com/

[skydance]

well i tryed nessus and xscan with sql_inject module against foundsone's hacme bank and didnt find any sql vuln but that app is loaded with sql inject bugs... :blink:

acunetix is not free and with the trial ver you can scan only their test site....

[DataStreaM]

I know this might be kind of out of date and all, but jave you ever tried using Perl script for SQL injections? There is a .pl called Injector.pl made by magicsqlinjector.zip. Check it out. NOTE: YOU need active state perl if you have windows and another version if you have any other operating system. You must have perl installed.

...::: DataStreaM :::...

[inko.gnito]

more tools on SQL injection:

BobCat: http://www.northern-...cat/bobcat.html
Automagical SQL injector (the tool mentioned by DataStreaM): http://scoobygang.org/automagic.zip ()
DataThief by AppSecInc: they removed it from their site, but may be found using search engines
WPoison: http://wpoison.sourceforge.net/ (currently not available)
Blind SQL Injection Perl Tool (bsqlbf): http://www.unsec.net...nload/bsqlbf.pl and a demo: http://www.unsec.net...load/bsqlbf.avi
Sqlbftools: http://www.reversing.org/node/view/11
Ecyware GreenBlue Inspector - Integrated Web Analyzer Environment: http://www.ecyware.com/ (commercial analysis tool for testing your web apps)
and the PHP injection scanner posted by LittleHacker: http://www.governmen...=0&#entry131613

[Xenos]

Many thanks to all of you ;)

Sql injection auditing was not my best pentests skill.

I used to trust weel-known commercial tools such as Retina or Qualysguard or Nessus 3 (THAT I CONSIDER AS A COMMERCIAL ONE :( )

Thanks a lot again. I'll try to use these tools for my next security assesment ;)

Xenos

[skydance]

sql power injector: hxxp://www.sqlpowerinjector.com/

and wpoison ;) enjoy!

Attached File(s)

•  wpoison.zip (24.6K)
  Number of downloads: 154

[EhTi]

very nice post...

oh and here's DataThief. guess what.. it's already posted on GSO :P

here it is.. (its only available in google's cache) http://72.14.203.104...n&ct=clnk&cd=16

download: http://www.governmen...type=post&id=25

[fuxord22]

acunetix isnt free, but you can make it free..if you know what i mean :ph34r: B)

[snafkin]

very nice post...Bro

[grimm703]

nice man tks :P

edit Edu: man, dindt u read our rules?... NO thks post, and dont bump up topics from the last century without adding good quality info. warned