Shulou(Shulou.com)05/31 Report--

This article is to share with you about how to use Pangolin tools, the editor thinks it is very practical, so I share it with you to learn. I hope you can get something after reading this article.

1.1 what is Pangolin?

Pangolin is a security tool that helps testers conduct Sql injection testing. The so-called SQL injection test is a test method to obtain, modify and delete data by taking advantage of the loophole that occurs when a page of the target website lacks the control of user transmission parameters or is not good enough, and even controls the database server and Web server. Pangolin can maximize the testing effect through a series of very simple operations. It gives the test steps from the beginning of the detection injection to the final control target system.

There have been many Sql injection tools in the past, but some of them are not fully functional, do not support enough databases, or are slow. However, after the release of Pangolin, these issues have been resolved. Pangolin is probably one of the best injection tools available so far.

1.2 using Pangolin can be used to

Here are some examples:

* testers are used to identify vulnerabilities in the target and assess the severity of the possible consequences.

Webmasters can be used to perform security checks on their own developed code and fix them.

Security technology researchers can understand more and more in-depth technical details of SQL injection through Pangolin.

1.3 Features

Here are some of the features provided by Pangolin:

Comprehensive database support

Original automatic keyword analysis can reduce human operation and judge the result more accurately.

The original content size judgment method can reduce network data traffic.

The Union operation of maximum words can greatly improve the speed of SQL injection operation.

Pre-login function, which can be injected in case of verification.

Agent support

Support for HTTPS

Customize the HTTP header function

Rich filtering capabilities to bypass the firewall

Injection station (point) management function

Data export function

…… Wait for more.

1.4 what can it do?

Pangolin is only an injection verification exploit tool, not an Web vulnerability scanning software. So you can't use it to scan the entire site. In addition, he does not support features such as injection directory traversal, which you can do with other security tools.

1.5 where to get Pangolin

The update speed of Pangolin is very fast, you can often go to http://www.nosec.org/web/pangolin to download the latest version.

1.6 operating environment

Currently, Pangolin can only run on the Windows system platform and supports 32-bit / 64-bit Windows NT/2000/XP/2003/Vista/2008.

The above is how to use Pangolin tools, the editor believes that there are some knowledge points that we may see or use in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.