lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <30034643.1206541578254.JavaMail.postfix@mx70.mail.sohu.com>
Date: Wed, 26 Mar 2008 22:26:18 +0800 (CST)
From: <zwell@...u.com>
To: <full-disclosure@...ts.grok.org.uk>,
	<webappsec@...urityfocus.com>
Subject: Pangolin v1.2.590 - The best SQL injector you've
	ever seen

<p>Pangolin is a GUI tool running on Windows to perform as more as possible pen-testing through SQL injection. This version now supports following databases and operations:</p><p>* MSSQL : Server informations, Datas, CMD execute, Regedit, Write file, Download file, Read file, File Browser...<br />* MYSQL : Server informations, Datas, Read file, Write file...<br />* ORACLE : Server informations, Datas, Accounts cracking...<br />* PGSQL : Server informations, Datas, Read file...<br />* DB2 : Server informations, Datas, ...<br />* INFORMIX : Server informations, Datas, ...<br />* SQLITE : Server informations, Datas, ...<br />* ACCESS : Server informations, Datas, ...<br />* SYBASE : Server informations, Datas, ...<br />etc.</p><p>And supports:<br />* HTTPS support<br />* Pre-Login<br />* Proxy<br />* Specify any HTTP headers(User-agent, Cookie, Referer and so on)<br />* Bypass firewall setting<br />* Auto-analyzing keyword<br />* Detailed check options<br />* Injection-points ma
 nagement<br />etc.</p><p>What's the differents to the others?<br />* Easy-of-use : What I try to do is making pen-tester more care about result, not the process. All you should do is clicking the buttons.<br />* Amazing Speed : so many people told you things about brute sql injection, is it really necessary? Forget char-by-char, we can row-by-row(of cource, not every injection-point can do this)?<br />* The exact check mothod : do you really think automated tools like AWVS,APPSCAN can find all injection-points?</p><p>So, whatever, just check it out, and then enjoy your feeling ;)<br />More information : http://www.nosec.org/web/index.php?q=pangolin<br />Download : http://seclab.nosec.org/security/pangolin_bin.rar</p><p>Declare: Pangolin is designed for security testing by pen-tester when he has been authorized. DO NOT attack any website viciously or accept the consequences!!!</p>
Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ