Posts

Showing posts with the label open source

SQLmap Automated SQL injection tool

Image
  SQLMap is an open-source penetration testing tool that automates the process of detecting and exploiting SQL injection vulnerabilities in web applications. It is written in Python and is available on Linux, Windows, and macOS. SQLMap is a powerful tool that can be used by security professionals, penetration testers, and ethical hackers to identify and exploit SQL injection vulnerabilities in web applications. SQL injection is a type of security vulnerability that allows an attacker to manipulate a web application's SQL database by injecting malicious SQL statements into an entry field, such as a search field or a login form. This can lead to data theft, data manipulation, and even complete control of the web application and its underlying database. SQLMap works by sending various SQL injection techniques to the targeted web application to identify vulnerabilities. It supports a wide range of database management systems such as MySQL, Oracle, PostgreSQL, Microsoft SQL

OpenVAS Vulnerability Scanner

Image
          Vulnerability scanning is a crucial phase of a penetration test and having an updated vulnerability scanner in your security toolkit can often make a real difference by helping you discover overlooked vulnerable items. OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. The actual security scanner is accompanied with a regularly updated feed of Network Vulnerability Tests (NVTs), over 47,000 in total (as of June 2016). All OpenVAS products are Free Software. Most components are licensed under the GNU General Public License (GNU GPL).     Architecture Overview The OpenVAS Manager is the central service that consolidates plain vulnerability scanning into a full vulnerability management solution. The Manager controls the Scanner via OTP (OpenVAS Transfer Protocol) and itself offers the XML-based, stateles