[WEB SECURITY] Pangolin v1.3.0.624 is out

Vincent Chao zwell.nosec at gmail.com
Sun May 25 12:42:16 EDT 2008

Hi, all:

I’m glad to tell you that Pangolin, the wonderful Sql injection tool, has been updated to version In this version, I’ve added some new functions in it, and fixed some bugs:
1.Added Oracle Remote Data Reader function
2.Multi-language supported
3.Fixed corrupted characters problem
4.Support MSSQL2005 now ( you know, how to restore stored procedure in MSSQL 2005)
5.Fixed proxy issues which cannot use localhost proxy
6.anything else......
You can download it from here: http://www.nosec.org/web/pangolin
Please feel free to contact us with any questions you may have, thanks ;)


Pangolin is a GUI tool running on Windows to perform as more as possible pen-testing through SQL injection. This version now supports following databases and operations:

* MSSQL : Server informations, Datas, CMD execute, Regedit, Write file, Download file, Read file, File Browser...
* MYSQL : Server informations, Datas, Read file, Write file...
* ORACLE : Server informations, Datas, Accounts cracking...
* PGSQL : Server informations, Datas, Read file...
* DB2 : Server informations, Datas, ...
* INFORMIX : Server informations, Datas, ...
* SQLITE : Server informations, Datas, ...
* ACCESS : Server informations, Datas, ...
* SYBASE : Server informations, Datas, ...

And supports:
* HTTPS support
* Pre-Login
* Proxy
* Specify any HTTP headers(User-agent, Cookie, Referer and so on)
* Bypass firewall setting
* Auto-analyzing keyword
* Detailed check options
* Injection-points management

What's the differents to the others?
* Easy-of-use : What I try to do is making pen-tester more care about result, not the process. All you should do is clicking the buttons.
* Amazing Speed : so many people told you things about brute sql injection, is it really necessary? Forget char-by-char, we can row-by-row(of cource, not every injection-point can do this)?
* The exact check mothod : do you really think automated tools like AWVS,APPSCAN can find all injection-points?

So, whatever, just check it out, and then enjoy your feeling ;)


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20080526/083791ec/attachment.html>

More information about the websecurity mailing list