Database Assessment

13 tools

DBeaverDatabase Assessment

DBeaver is a free multi-platform database tool for developers, SQL programmers, database administrators, and analysts. It supports all popular databases including MySQL, PostgreSQL, SQLite, Oracle, DB2, SQL Server, Sybase, Teradata, and Cassandra.

jSQL InjectionDatabase Assessment

jSQL Injection is a lightweight Java application for automated SQL injection testing to extract database information from vulnerable servers. It supports 33 database engines with multiple injection strategies including blind, time-based, and error-based techniques.

MongoDB ToolsDatabase Assessment

MongoDB tools package containing utilities for database administration, data import/export, backup/restore operations, and GridFS file management. Provides command-line interfaces for interacting with MongoDB servers, replica sets, and sharded clusters.

MSSqlPwnerDatabase Assessment

MSSqlPwner is an advanced pentesting tool for interacting with and compromising MSSQL servers. It supports authentication via clear-text passwords, NTLM hashes, and Kerberos tickets, enabling execution of custom commands through methods like custom assembly, xp_cmdshell, and sp_oacreate.

MySQL DefaultsDatabase Assessment

Metapackage collection providing default implementations for MySQL/MariaDB client, server, and development libraries in Kali Linux. Ensures compatibility by depending on the system's default MySQL or MariaDB versions.

ODATDatabase Assessment

ODAT is an open source penetration testing tool that tests the security of Oracle Databases remotely. It helps identify valid SIDs and credentials, escalate privileges, and execute system commands on the host operating system.

OscannerDatabase Assessment

Oscanner is an Oracle assessment framework developed in Java with a plugin-based architecture. It performs various enumeration tasks including SID enumeration, password tests, version detection, account roles, privileges, hashes, audit information, password policies, and database links.

SIDGuesserDatabase Assessment

SIDGuesser guesses SIDs and instances against an Oracle database using a predefined dictionary file. It performs slow but effective dictionary attacks at 80-100 guesses per second.

SQLiteBrowserDatabase Assessment

SQLiteBrowser is a visual GUI tool for creating, designing, and editing SQLite database files using a spreadsheet-like interface. It enables users to manage databases without needing to learn SQL commands.

sqlmapDatabase Assessment

Automatic SQL injection tool that detects and exploits SQL injection vulnerabilities in web applications. It allows fingerprinting of the back-end DBMS, enumeration of databases, users, tables, and data dumping.

sqlninjaDatabase Assessment

SQL server injection and takeover tool that escalates SQL injection vulnerabilities on Microsoft SQL Server to full GUI access on the database. It employs advanced techniques including registry modifications, debug scripts, and Metasploit integration for remote code execution.

sqlsusDatabase Assessment

sqlsus is an open source MySQL injection and takeover tool written in Perl. It allows retrieving database structure, injecting SQL queries, downloading files, and controlling backdoors via a command line interface.

tnscmd10gDatabase Assessment

tnscmd10g is a tool to prod the Oracle TNSLSNR process on port 1521/tcp. It sends TNS commands like version, ping, and status to query the target Oracle listener.