Monday, October 11, 2010

Sqlsus 0.5 RC 1

qlsus is an open source MySQL injection and takeover tool, written in perl.
Via a command line interface, you can retrieve the database(s) structure, inject your own SQL queries (even complex ones), download files from the web server, crawl the website for writable directories, upload and control a backdoor, clone the database(s), and much more...
Whenever relevant, sqlsus will mimic a MySQL console output.

Using multithreading on top of that, sqlsus is an extremely fast database dumper, be it for inband or blind injection.
It uses SQLite as a backend, for an easier use of what has been dumped, and integrates a lot of common features (see below) such as cookies support, http proxy, https..

sqlsus has been improved a lot for this release, under the hood (new functionnalities, code refactoring/cleaning of the core) as well as on the CLI side (neater, more verbose and more consitent), see CHANGELOG for more information.


No comments: