SQID Sql injection Digger

SQL injection digger is a command line program that looks for SQL injections and common errors in web sites.
Current version can perform the following operations:

• Look for SQL injections and common errors in web site URLs found by performing a google search.
• Look for SQL injections and common errors in a given URL or a file with URLs.
• Look for SQL injections and common errors in links from a web page.
• Crawl a web site/web page and do the above.

Also supports

• Load multiple triggers from file.
• Load multiple signature databases from files.
• HTTPS support.
• HTTP proxy support with authentication.
• Basic authentication.
• Specify user agent.
• Specify referer.
• HTTP Cookies loading from command line or a file.

sqid is written in ruby.Find out more about SQL Injection. 

sqid is extensible by adding more signatures to its database (sqid.db). The signatures simply use
regular expressions.



Source
Download

The Mole - python -SQL injection - Tool

The Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique.

Features

Support for injections using Mysql, SQL Server, Postgres and Oracle databases.

Command line interface. Different commands trigger different actions.

Auto-completion for commands, command arguments and database, table and columns names.

Support for query filters, in order to bypass certain IPS/IDS rules using generic filters, and the possibility of creating new ones easily.

Exploits SQL Injections through GET and POST methods.

Developed in python 3.

Download

Documentation

Tutorial

safe3 sql injector - Tool

safe3 sql injector

Safe3SI is one of the most powerful and easy usage penetration tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a AI detection engine. 

Features

• Full support for http, https website.
• Full support for Basic, Digest, NTLM http authentications.
• Full support for GET, Post, Cookie sql injection.
• Full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, SQLite, Firebird, Sybase and SAP MaxDB database management systems.
• Full support for four SQL injection techniques: blind, error-based, UNION query and force guess.
• Powerful AI engine to automatic recognite injection type, database type, sql injection best way.
• Support to enumerate databases, tables, columns and data.
• Support to read,list and write any file from the database server underlying file system when the database software is MySQL or Microsoft SQL Server.
• Support to execute arbitrary commands and retrieve their standard output on the database server underlying operating system when the database software is Oracle or Microsoft SQL Server.
• Support to ip domain query,web path guess,md5 crack etc.
• Support for sql injection scan.

Download :-Safe3SI v9.0.

tested few feature, I request to you guys to test too.. and provide me the comments. no need to say how to find vulnerable website on internet .. Google  Dorks :)

check out MD5 crack in this tool , interesting one.

- Saba

Find ,Exploit and fix web application vulnerabilities - tool

w3af is a Web Application Attack and Audit Framework. The project's goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. To read our short and long term objectives, please click over the Project Objectives item in the main menu. This project is currently hosted at SourceForge , for further information, you may also want to visit w3af SourceForge project page .


Download
Documentation
Features

Source

-Saba

Use Firefox as Hack tool -4 ( Portable Firefox Hack Kit)

Friends, check out this, awesome portable app ,, make it full use .... good luck


This is a Portable version of Mozilla Firefox with several add-ons that  are useful for Web Application Security.
The purpose of this package is to have the best available addons to manually test 
 XSS, SQL, siXSS, CSRF, Trace XSS, RFI, LFI, etc.

Download

Source

old parts for the same topic

 Use Firefox as Hack tool -3

Use Firefox as Hack tool - 2

Use Firefox as Hack tool -1 

21 AP Govt Web sites hacked

Just a day before the Andhra Pradesh Finance Minister, Mr Anam Ramnarayan Reddy, is to present the State Budget in the Legislative Assembly, cyber criminals managed to break into the Government servers and hack the Web site which gives details of the budget. The hacker added an additional page on the site with URL - http://budget.ap.gov.in/Dz.htm.

This is one of the 21 Web sites of the Andhra Pradesh Government that have been hacked on Thursday exposing severe chinks in the cyber security.

Interestingly, the hackers did not deface the home pages of these different departmental Web sites but added additional pages with their messages indicating cyber intruders were not radical hackers who would steal the information or do other mischief, but those who just wanted to prove their capabilities.

The hackers identified themselves as !-Bb0yH4cK3r_Dz-! and Hmei7.

The hacked Web sites belonged to major government departments such as Gazette notifications, government orders, commercial taxes, GAD, horticulture, factories, remote and interior area development, etc.

While one hacker !-Bb0yH4cK3r_Dz-! added the page with URL extension of /Dz.htm the other Hmei7 added the extension /.x.htm to the original URLs

source

Use Firefox as Hack tool - 3

11 Firefox Extensions for Managing Cookies

Cookie Monster :- In a nutshell, Cookie Monster allows for easier managing of what sites a user allows to set cookies and what sites cannot. It works best for users who do NOT accept cookies by default, although this is not necessary. It helps with Cookie Management, especially when you reject cookies by default.

Stealther If there are times you want to surf the web without leaving a trace in your local computer, then this is the right extension for you. What it does is temporarily disable the following:

·         History

·         Downloads

·         Cookies

·         Disk Cache

·         Saved Form Information

·         Referrer Heade

Add & Edit Cookies The main diffirence is that this extension edits and adds cookies not just displays them. it also has a handy filter feature, you can filter for a specific host in the cookies list and the search result will be saved even if you close the browser. See Screenshots.

Cookie Whitelist With Buttons – Gives you a whitelist for all cookie issuing sites.  Use the buttons in the status bar to temporarily accept cookies from the site you are on, or click the add button to quickly add the current site to your list.

CookieCuller – A very straightforward extension that allows you to delete any unwanted cookies and keep the others.

CookieMan Context – Allows you to access a context menu for your cookies via the options privacy menu.  It will allow you to search for desired sites, right click on the site name and quickly change your cookie options.

CookieSwap – A nice extension that will allow you to swap cookies so you can be logged into multiple email accounts at once.  For Web designers, it will allow you to act like different visitors for site testing.

Extended Cookie Manager – Extended Cookie Manager will inform you via the status bar if a cookie was received from a site and then will notify you if it was blocked, allowed, or allowed only for the current session.

Firecookie – Works with Firebug to create cookies, delete them, edit, see all of the current cookies for a site and more.

HttpFox – You can monitor all of the traffic between your browser and a given website, including what cookies it is delivering and receiving.

View Cookies – Adds a tab in the Page Info area so you can easily view what cookies are on your system.

-Saba 

Use Firefox as Hack tool - 2

Use Firefox as Hack tool -1 

Facebook tracks you even after logging out.

Source

Facebook tracks you even after logging out.
An Australian technologist has caused a global stir after discovering Facebook tracks the websites its users visit even when they are logged out of the social networking site.
Separately, Facebook's new Timeline feature, launched last week, has been inadvertently accessed by users early, revealing a feature that allows people to see who removed them from their friends' lists.
Facebook's changes - which turn profiles into a chronological scrapbook of the user's life - are designed to let its 800 million members share what they are reading, listening to or watching in real time. But they have been met with alarm by some who fear over-sharing.

Of course, Facebook's bottom line improves the more users decide to share. Reports suggest that Facebook staff refer internally to "Zuck's law", which describes Facebook founder Mark Zuckerberg's belief that every year people share twice as much online - a trend that has caused Facebook's valuation to skyrocket towards $US100 billion.
"Facebook is a lot more than a social network and ultimately wants to be the premier platform on which people experience, organise and share digital entertainment," said Ovum analyst Eden Zoller.
But in alarming new revelations, Wollongong-based Nik Cubrilovic conducted tests, which revealed that when you log out of Facebook, rather than deleting its tracking cookies, the site merely modifies them, maintaining account information and other unique tokens that can be used to identify you.
Whenever you visit a web page that contains a Facebook button or widget, your browser is still sending details of your movements back to Facebook, Cubrilovic says.
"Even if you are logged out, Facebook still knows and can track every page you visit," Cubrilovic wrote in a blog post.
"The only solution is to delete every Facebook cookie in your browser, or to use a separate browser for Facebook interactions."

Microsoft's India store hacked, usernames & passwords stolen

Microsoft's India store hacked, usernames & passwords stolen


 Hackers, allegedly belonging to a Chinese group called Evil Shadow Team, struck at www.microsoftstore.co.in on Sunday night, stealing login ids and passwords of people who had used the website for shopping Microsoft products.

While it is troublesome that hackers were able to breach security at a website owned by one of the biggest IT companies in the world, it is more alarming that user details - login ids and passwords - were reportedly stored in plain text file, without any encryption.

Source

Web Sql injection tool -Windows

Description

SQL DB INJECTOR, Oracle, SQL SERVER BY WINDOWS .NET(2.0)

Download

Source

Note :- Friends, I did not try this yet, please provide your comments.

-Saba

sqlinject-finder

Simple python script that parses through a pcap and looks at the GET and POST request data for suspicious and possible SQL injects. Rules to check for SQL injection can be easily added. Output can be printed neatly on the command line or in tab delimited format.

The output includes:

• The suspicious IP address
• The attacked webpage
• The parameter and value used
• The frame number of the packet within the pcap (can be used to find exactly where the packet is in Wireshark)
• The reason why the request was flagged

Source :- http://code.google.com/p/sqlinject-finder/

Download :- http://code.google.com/p/sqlinject-finder/downloads/list

Credit:-http://code.google.com/p/sqlinject-finder/

Google Tricks... for fun...

Google  Tricks...

1> Type in “Google Gravity” and click on “I’m
Feeling Lucky”

2> Type in “elgoog”and click on “I’m Feeling
Lucky”

3> Type in “Google Sphere” and click on “I’m
Feeling Lucky”

4> Type in “who is the cutest” and click on “I’m
Feeling Lucky”

5> Type in “Google Loco” and click on “I’m Feeling
Lucky” (see what’s moving.)

6> Type in “ LOL Limewire” and click on “I’m
Feeling Lucky”

7> Type in “Epic Google” and click on “I’m Feeling
Lucky”

8> Type in “Rainbow google” and click on “I’m
Feeling Lucky”

9> Type in “Annoying Google” and click on “I’m
Feeling Lucky”

10> Type in “Google pacman” and click on “I’m
Feeling Lucky”

11> Type in “Google Magic” and click on “I’m
Feeling Lucky”

12> Type in “Google color (Ex: pink,blue)” and
click on “I’m Feeling Lucky”

13> Type in “Google Heart Page” and click on “I’m
Feeling Lucky”

14> Type in “epic box” click on “I’m Feeling Lucky”

15> Type in ” sexy snape” click on “I’m Feeling
Lucky”

16> Type in “weenie google” click on “I’m Feeling
Lucky”

17> Type in “Who’s Awesome” click on “I’m
Feeling Lucky