lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Sat, 17 May 2008 23:40:27 +0800
From: "Vincent Chao" <zwell.nosec@...il.com>
To: <full-disclosure@...ts.grok.org.uk>, <pen-test@...urityfocus.com>,
	<webappsec@...urityfocus.com>, <websecurity@...appsec.org>
Subject: Pangolin is updated(1.2.5.604)

Hi, all:

I'm glad to tell you that Pangolin, the wonderful Sql injection tool, has
been updated to version 1.2.5.604. You can download it from here:
http://www.nosec.org/web/pangolin

Pangolin is a GUI tool running on Windows to perform as more as possible
pen-testing through SQL injection. This version now supports following
databases and operations:

* MSSQL : Server informations, Datas, CMD execute, Regedit, Write file,
Download file, Read file, File Browser...
* MYSQL : Server informations, Datas, Read file, Write file...
* ORACLE : Server informations, Datas, Accounts cracking...
* PGSQL : Server informations, Datas, Read file...
* DB2 : Server informations, Datas, ...
* INFORMIX : Server informations, Datas, ...
* SQLITE : Server informations, Datas, ...
* ACCESS : Server informations, Datas, ...
* SYBASE : Server informations, Datas, ...
etc.

And supports:
* HTTPS support
* Pre-Login
* Proxy
* Specify any HTTP headers(User-agent, Cookie, Referer and so on)
* Bypass firewall setting
* Auto-analyzing keyword
* Detailed check options
* Injection-points management
etc.

What's the differents to the others?
* Easy-of-use : What I try to do is making pen-tester more care about
result, not the process. All you should do is clicking the buttons.
* Amazing Speed : so many people told you things about brute sql injection,
is it really necessary? Forget char-by-char, we can row-by-row(of cource,
not every injection-point can do this)?
* The exact check mothod : do you really think automated tools like
AWVS,APPSCAN can find all injection-points?

So, whatever, just check it out, and then enjoy your feeling ;)

 


Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ