[WEB SECURITY] Pangolin is updated(

Vincent Chao zwell.nosec at gmail.com
Sat May 17 11:40:27 EDT 2008

Hi, all:

I'm glad to tell you that Pangolin, the wonderful Sql injection tool, has
been updated to version You can download it from here:

Pangolin is a GUI tool running on Windows to perform as more as possible
pen-testing through SQL injection. This version now supports following
databases and operations:

* MSSQL : Server informations, Datas, CMD execute, Regedit, Write file,
Download file, Read file, File Browser...
* MYSQL : Server informations, Datas, Read file, Write file...
* ORACLE : Server informations, Datas, Accounts cracking...
* PGSQL : Server informations, Datas, Read file...
* DB2 : Server informations, Datas, ...
* INFORMIX : Server informations, Datas, ...
* SQLITE : Server informations, Datas, ...
* ACCESS : Server informations, Datas, ...
* SYBASE : Server informations, Datas, ...

And supports:
* HTTPS support
* Pre-Login
* Proxy
* Specify any HTTP headers(User-agent, Cookie, Referer and so on)
* Bypass firewall setting
* Auto-analyzing keyword
* Detailed check options
* Injection-points management

What's the differents to the others?
* Easy-of-use : What I try to do is making pen-tester more care about
result, not the process. All you should do is clicking the buttons.
* Amazing Speed : so many people told you things about brute sql injection,
is it really necessary? Forget char-by-char, we can row-by-row(of cource,
not every injection-point can do this)?
* The exact check mothod : do you really think automated tools like
AWVS,APPSCAN can find all injection-points?

So, whatever, just check it out, and then enjoy your feeling ;)


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20080517/aa206b7d/attachment.html>

More information about the websecurity mailing list