Pixy-Open-Source Vulnerability Scanner for PHP Applications

January 9, 2010 · Leave a Comment
Filed under: Databases, DB Tool, Featured, MS SQL Server, MySql, Oracle, PHP, Postgres, SQL 

An Open-Source Vulnerability Scanner for PHP Applications.

The Secure Systems Lab at the Technical University of Vienna has released the newest version of Pixy, an open-source vulnerability scanner. Here are some of the highlights:

Detection of SQL injection and XSS vulnerabilities in PHP source code

  1. Automatic resolution of file inclusions
  2. Computation of dependence graphs that help you understand the causes of reported vulnerabilities
  3. Static analysis engine (flow-sensitive, interprocedural, context-sensitive)
  4. Platform-independent written in Java.

http://pixybox.seclab.tuwien.ac.at




Pixy-Open-Source Vulnerability Scanner for PHP Applications

List SQL injection tools for exploiting

January 9, 2010 · Leave a Comment
Filed under: Databases, DB Tool, Featured, MS SQL Server, MySql, Oracle, Postgres, SQL 

List SQL injection tools for exploiting.

sqlmap

SQLInjector

Bobcat

Automagic

HacmeBank

Absinthe

clover DB Tool

clover.ETL and clover.GUI are ETL tools meant for developing data transformations and data integration applications. They are based on Java technology and therefore platform independent and resource-efficient. clover.ETL is an open source project, released under both LGPL and commercial license. clover.GUI is free for non-commercial purposes.

http://www.cloveretl.org

clover.ETL

clover.ETL is an Open Source, Java based data integration framework which can be used to transform data.

Clover.ETL is released under dual-license:

Feature Highlights

  • internally represents all character data as Unicode – any character from any codepage can be represented – ASCII, LATIN, ASIAN, etc.
  • converts data from & to common character sets (ASCII, UTF-8, ISO-8859-1,ISO-8859-2, etc)
  • contains palette of more than 40 specialized transformation components
  • nativelly supports all major industry standard databases (Oracle, MS SQL, DB2, Infromix, Sybase) and several open source variants (MySQL, PostgreSQL). Other databases are supported through JDBC layer
  • reads & writes XML data/ Excel (XLS) data/ variable length data (CSV) / fix-length data and several other not so common formats (dBase/FoxPro/FlashFiler)
  • supports remote reading/writing of data through FTP/SFTP/HTTP/HTTPS protocols, also works with ZIPed & GZIPed data
  • runs on 32bit & 64bit platforms – Windows, Linux, AIX, Solaris, HP-UX, AS/400 and many others

More Features

  • data records are internally handled as a variable-length data structures – can handle very large records (theoretical limit 231)
  • fields can have default values, text formats, NULL value checkers
  • contains connectors to other systems through standard protocols: middleware – JMS, LDAP, SOAP
  • transformation of data is performed by independent components, each running as an independent thread – can utilize more than one CPU (is very scalable)
  • framework implements so called pipeline-parallelism – when data record is processed by component, it is immediately sent to the following component for additional processing.
  • contains interpreter of specialized transformation language – CTL
  • transformations (mappings) of data can be also coded directly in Java or any other scripting language
  • metadata describing structures of data (records) and transformations can be read/written from/to XML
  • works with common Source Code Management Systems – CVS, SVN, SourceSafe
  • can be easily extended by custom components

clover.ETL Overview

More detailed information on clover.ETL’s functionality can be found in the clover.ETL Overview slides (in PDF format).