Automatic SQL Injection Tool: Pangolin
Pangolin is an automatic SQL injection penetration testing (Pen-testing) tool for Website manager or IT Security analyst. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications.
Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or users specific DBMS tables/columns, run his own SQL statement, read specific files on the file system and more.
How dangerous SQL Injection is?
Injection was listed in OWASP top 10 Web Application Security Risks for 2007, 2008, 2009 and 2010. Injection flaws, particularly SQL injection, are common in web applications. Injection occurs when user-supplied data is sent to an interpreter as part of a command or query. The attacker's hostile data tricks the interpreter into executing unintended commands or changing data.
Protects your financial and intellectual property
One your website been tested by Pangolin. Website manager will know what should do to protect databases from SQL injection attacks. It prevents the theft from happening and protects the valuable assets stored in your databases.
Supported types of databases
Your web applications are using Access,DB2,Informix,Microsoft SQL Server 2000,Microsoft SQL Server 2005,Microsoft SQL Server 2008,MySQL,Oracle,PostgreSQL,Sqlite3,Sybase? Pangolin supports all of them.
Protects your reputation
Hackers can gain access to your web server and database console through vulnerability if SQL injection was exist. Once in control, they can use your servers to do whatever they want – such as sending spam and/or attacking other destinations from your servers. Pangolin can tell you all SQL inject possibility.