News

Follow Safe3SI on Twitter
For Safe3 Web Vulnerability Scanner , click here.

Introduction

Safe3SI is one of the most powerful and easy usage penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a kick-ass detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

Features

  • Full support for http, https website.
  • Full support for Basic, Digest, NTLM http authentications.
  • Full support for GET, Post, Cookie sql injection.
  • Full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, SQLite, Firebird, Sybase and SAP MaxDB database management systems.
  • Full support for four SQL injection techniques: blind, error-based, UNION query and force guess.
  • Powerful AI engine to automatic recognite injection type, database type, sql injection best way.
  • Support to enumerate databases, tables, columns and data.
  • Support to read,list and write any file from the database server underlying file system when the database software is MySQL or Microsoft SQL Server.
  • Support to execute arbitrary commands and retrieve their standard output on the database server underlying operating system when the database software is Oracle or Microsoft SQL Server.
  • Support to ip domain query,web path guess,md5 crack etc.
  • Support for sql injection scan.

Download

Safe3SI can be downloaded from:


This is strongly recommended before reporting any bug to the mailing list.

Documentation

  • Safe3SI ChangeLog.
  • SQL injection: Not only AND 1=1 slides presented at the 2nd Digital Security Forum in Lisbon (Portugal) on June 27, 2009.
  • Advanced SQL injection to operating system full control whitepaper and slides presented at Black Hat Europe 2009 in Amsterdam (The Netherlands) on April 16, 2009.
  • Expanding the control over the operating system from the database slides presented at SOURCE Conference 2009 in Barcelona (Spain) on September 21, 2009.
  • Got database access? Own the network! slides presented at AthCon 2010 in Athens (Greece) on June 3, 2010.

Screenshot

Screenshot

Mailing list

Mailing list

The mailing list is admin[AT]safe3.com.cn the preferred way to ask questions, report bugs, suggest new features and discuss with other users.

License

License

Safe3SI is copyrighted by its company.



Developers

David Shee - Lead developer

You can contact both developers by writing to safe3q@gmail.com.

Contribute

Contribute

We are looking for people who can translate to any other language, are up to do security research, know about web application security, database assessment and takeover, software refactoring and are motivated to join the development team.

If this sounds interesting to you, get in touch!

Purchase

Donate
Your purchase by paypal will please the development team - It will pay for the subversion server's bills and ideally for some night-life around the damn good old Continent.