After a year of hardcore development, sqlmap 0.9 is out!
Introduction:sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a kick-ass detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying filesystem and executing commands on the operating system via out-of-band connections.
New Features:
- Rewritten SQL injection detection engine
- Support to directly connect to the database without passing via a SQL injection, -d switch
- Added full support for both time-based blind SQL injection and error-based SQL injection techniques
- Implemented support for SQLite 2 and 3
- Implemented support for Firebird
- Implemented support for Microsoft Access, Sybase and SAP MaxDB
- Added support to tamper injection data with –tamper switch
- Added automatic recognition of password hashes format and support to crack them with a dictionary-based attack
- Added support to fetch unicode data
- Added support to use persistent HTTP(s) connection for speed improvement, –keep-alive switch
- Implemented several optimization switches to speed up the exploitation of SQL injections
- Support to parse and test forms on target url, –forms switch
- Added switches to brute-force tables names and columns names with a dictionary attack, –common-tables and –common-columns.
No comments:
Post a Comment