border: 1px solid #d2d2d2; padding: 0px 8px 0px 8px; color: #a19999; font-size: 12px; height: 25px; width: 165px; border-radius: 5px; -moz-border-radius: 5px; -webkit-border-radius: 5px; margin:0px; } .submitbutton{ background:#F66303; border: 1px solid #F66303; text-shadow: 1px 1px 1px #333; box-shadow: 3px 3px 3px #666; font:bold 12px Arial, sans-serif; color: #fff; height: 25px; padding: 0 12px 0 12px; margin: 0 0 0 5px; border-radius: 5px; -moz-border-radius: 5px; -webkit-border-radius: 5px; cursor:pointer;}

Receive all updates via Facebook. Just Click the Like Button Below

You can also receive Free Email Updates:

Powered By Blogger Widgets

Related Posts Plugin for WordPress, Blogger...

Monday, July 11, 2011

BSQL Hacker

BSQL Hacker is an automated SQL Injection Framework / Tool designed to exploit SQL injection vulnerabilities virtually in any database.

BSQL Hacker aims for experienced users as well as beginners who want to automate SQL Injections (especially Blind SQL Injections).

It's easy to use for beginners and provide great amount of customisation and automation support for experienced users. Features a nice metasploit alike exploit repository to share and update SQL Injection exploits. 

Key Features

Easy Mode
SQL Injection Wizard
Automated Attack Support (database dump)
MySQL (experimental) 
Fast and Multithreaded
4 Different SQL Injection Support
Blind SQL Injection
Time Based Blind SQL Injection
Deep Blind (based on advanced time delays) SQL Injection
Error Based SQL Injection 
Can automate most of the new SQL Injection methods those relies on Blind SQL Injection
RegEx Signature support
Console and GUI Support
Load / Save Support
Token / Nonce / ViewState etc. Support
Session Sharing Support
Advanced Configuration Support
Automated Attack mode, Automatically extract all database schema and data mode 

Update / Exploit Repository Features
Metasploit alike but exploit repository support
Allows to save and share SQL Injection exploits
Supports auto-update
Custom GUI support for exploits (cookie input, URL input etc.) 

GUI Features
Load and Save
Template and Attack File Support (Users can save sessions and share them. Some sections like username, password or cookie in the templates can be show to the user in a GUI)
Visually view true and false responses as well as full HTML response, including time and stats 

Connection Related
Proxy Support (Authenticated Proxy Support)
NTLM, Basic Auth Support, use default credentials of current user/application
SSL (also invalid certificates) Support
Custom Header Support 

Injection Points (only one of them or combination)
Query String
HTTP Headers

Post Injection data can be stored in a separated file
XML Output (not stable)
CSRF protection support (one time session tokens or viewstate ort similar can be used for separated login sessions, bypassing proxy pages etc.) 

BSQL Hacker Manual.pdf 1.1 MB


No comments:

Post a Comment


Twitter Delicious Facebook Digg Stumbleupon Favorites More