Marathon Tool

Project Description

Marathon Tool is a POC for using heavy queries to perform a Time-Based Blind SQL Injection attack. This tool is still work in progress but is right now in a very good alpha version to extract information from web applications using Microsoft SQL Server, Microsoft Access, MySQL or Oracle Databases.

Application Supported features:

Database Schema extraction from SQL Server, Oracle and MySQL
Data extraction from Microsoft Access 97/2000/2003/2007 databases
Parameter Injection using HTTP GET or POST
SSL support
HTTP proxy connection available
Authentication methods: Anonymous, Basic, Digest and NTLM
Variable and value insertion in cookies (Does not support dynamic values)
Configuration available an flexible for injections
Configurable Log

Common Help Topics

Configuration

Reference Links

http://technet.microsoft.com/en-us/library/cc512676.aspx

Telefonica/marathontool

Marathon Tool

Project Description

Application Supported features:

Common Help Topics

Reference Links