SOLDIERX.COM Nobody Can Stop Information Insemination

bsqlbf-v2 or Blind Sql Injection Brute Forcer version 2 is a perl script that allows extraction of data from Blind SQL Injections. It accepts custom SQL queries as a command line parameter and it works for both integer and string based injections. It supports MySQL, Oracle, PostgreSQL and Microsoft SQL Server databases.

strace is a system call tracer, i.e. a debugging tool which prints out a trace of all the system calls made by a another process/program.

ltrace intercepts and records dynamic library calls which are called by an executed process and the signals received by that process. It can also intercept and print the system calls executed by the program.

nm command, is used to list the symbols from the target program. By using nm, we can get to know the local and library functions and also the global variables used. nm cannot work on a program which is striped using ‘strip’ command. Below is a link on usage for reverse engineering with linux.

http://www.thegeekstuff.com/2012/03/linux-nm-command/

This is a tool that is built into unix based systems to print the strings of printable characters in files or programs.. Used for information gathering while reverse engineering a file. Below I have supplied a link to a man page for the command along with usage of the tool.

http://www.thegeekstuff.com/2010/11/strings-command-examples/
http://unixhelp.ed.ac.uk/CGI/man-cgi?strings

Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page.
It can take advantage of a vulnerable web application. By using this software user can perform back-end database fingerprint, retrieve DBMS users and password hashes, dump tables and columns, fetching data from the database, running SQL statements and even accessing the underlying file system and executing commands on the operating system.

Pangolin is a penetration testing, SQL Injection test tool on database security. It finds SQL Injection vulnerabilities.Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user”s specific DBMS tables/columns, run his own SQL statement, read specific files on the file system and more.

creepy is an application that allows you to gather geolocation related information about users from social networking platforms and image hosting services. The information is presented in a map inside the application where all the retrieved data is shown accompanied with relevant information (i.e. what was posted from that specific location) to provide context to the presentation.

MSSQLScanner is a multithreaded java based dictionary attack tool with the capability of spawning an SQL Query Shell and xp_cmdshell for pentesting your MS SQL Database server.

“PostgreSQL is a powerful, open source object-relational database system. It has more than 15 years of active development and a proven architecture that has earned a strong reputation for reliability, data integrity, and correctness.