database-storage-tools.md

opensource-re-tools

A collection of database tools

Collections

Uncategorized

• delta-io/delta - An open-source storage framework that enables building a Lakehouse architecture with compute engines including Spark, PrestoDB, Flink, Trino, and Hive and APIs - 6.5K star
• sqlancer - Detecting Logic Bugs in DBMS - 不知道干啥的
• orginly/navicat-keygen - Navicat Premium 15 linux 安装与激活 ArchLinux

MySQL

• twindb/undrop-for-innodb - TwinDB data recovery toolkit for MySQL/InnoDB - 可以读取IBD文件，测试MySQL 8.X有效
  • Restore table from .frm and .ibd file - undrop使用起来很复杂，上面的仓库没有对应的说明
• rmb122/rogue_mysql_server - A rouge mysql server supports reading files from most mysql libraries of multiple programming languages
  • jib1337/Rogue-MySQL-Server - Fake MySQL Server that attempts to steal files from clients
  • fnmsd/MySQL_Fake_Server - MySQL Fake Server use to help MySQL Client File Reading and JDBC Client Java Deserialize
  • BeichenDream/MysqlT - 伪造Mysql服务端,并利用Mysql逻辑漏洞来获取客户端的任意文件反击攻击者
  • 4ra1n/mysql-fake-server - MySQL Fake Server (纯Java实现，内置常见Java反序列化Payload，支持GUI版和命令行版，提供Dockerfile)
• mysqludf - 各种 MySQL UDF
• sqlmapproject/udfhack - SQLMap UDF，支持 MySQL/PG + Linux/Windows；目前sqlmap自带的二进制免杀
• co01cat/SqlmapXPlus - SqlmapXPlus 基于 Sqlmap，对经典的数据库漏洞利用工具进行二开！
• cyrus-and/mysql-unsha1 - Authenticate against a MySQL server without knowing the cleartext password - 当获取了mysql hash却无法解密的时候，可以用这个嗅探工具获取sha1；之后可以PTH，也可以去破解
• codeplutos/MySQL-JDBC-Deserialization-Payload - MySQL客户端jdbc反序列化漏洞 - 包含一个 query rewrite 插件例子
• MariaDB Audit Plugin - 默认就带了，装一下就可以

SQLite

• aramosf/recoversqlite - recover deleted information from sqlite file

Postgres

• djrobstep/migra - Like diff but for PostgreSQL schemas
• mkopec3/postgres-pth - PostgreSQL Pass-The-Hash - 基于9.5版本改的，很老了
• Dionach/pgexec - Script and resources to execute shell commands using access to a PostgreSQL service - lo_export写文件
  • SQL Injection Double Uppercut :: How to Achieve Remote Code Execution Against PostgreSQL

MSSQL

• IamLeandrooooo/SQLServerLinkedServersPasswords - A Powershell Script that automates all the needed configurations in order to get the SQL Server Linked Server Passwords
• sqlcollaborative/dbachecks - a framework created by and for SQL Server pros who need to validate their environments
• https://github.com/Ignitetechnologies/MSSQL-Pentest-Cheatsheet
• nccgroup/nccfsas - main/Tools/Squeak - Connect to an MSSQL instance (as DBA/SA) and execute shellcode via a .net DLL - 可以执行MSF的payload
  • nccgroup: MSSQL Lateral Movement
• aleenzz/MSSQL_SQL_BYPASS_WIKI - MSSQL注入提权,bypass的一些总结 - 2019停更
  • evi1ox/MSSQL_BackDoor - 目的主要是摆脱MSSMS和 Navicat 调用执行 sp_cmdExec
• NetSPI/ESC - an interactive .NET SQL console client with enhanced SQL Server discovery, access, and data exfiltration features
• OpenDBDiff/OpenDBDiff - A database comparison tool for Microsoft SQL Server 2005+ that reports schema differences and creates a synchronization script
• NetSPI/SQLC2 - a PowerShell script for deploying and managing a command and control system that uses SQL Server as both the control server and the agent
• NetSPI/PowerUpSQL - A PowerShell Toolkit for Attacking SQL Server
  • mlcsec/SharpSQL - Simple C# implementation of PowerUpSQL
• quentinhardy/msdat - Microsoft SQL Database Attacking Tool
• EPICROUTERSS/MSSQL-Fileless-Rootkit-WarSQLKit - 类似 xp_cmdshell 一样的后门扩展
• jas502n/mssql-command-tool - mssql 终端连接工具|命令执行
• blackarrowsec/mssqlproxy - a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse - 作者说不支持并发连接；读写文件用 sp_OACreate 实现的
• uknowsec/SharpSQLTools - 命令行版sqltools
  • Ridter/MSSQL_CLR - 在 SharpSQLTools CLR的基础上进行了功能增加和修改

NoSQL

• torque59/Nosql-Exploitation-Framework - A Python Framework For NoSQL Scanning and Exploitation
• codingo/NoSQLMap - Automated NoSQL database enumeration and web application exploitation tool
• Charlie-belmer/nosqli - NoSql Injection CLI tool, for finding vulnerable websites using MongoDB

Oracle

• quentinhardy/odat - Oracle Database Attacking Tool

Firebase

• Turr0n/firebase - Exploiting misconfigured firebase databases

GraphQL

• nikitastupin/clairvoyance - Obtain GraphQL API schema even if the introspection is disabled
• dolevf/graphw00f - graphw00f is GraphQL Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology is behind a given GraphQL endpoint
• assetnote/batchql - GraphQL security auditing script with a focus on performing batch GraphQL queries and mutations
• dee-see/graphql-path-enum - Tool that lists the different ways of reaching a given type in a GraphQL schema
• swisskyrepo/GraphQLmap - a scripting engine to interact with a graphql endpoint for pentesting purposes
• GraphQL Voyager

Resources

Uncategorized

• Postgresql 渗透总结
• mssql 提权总结 - 介绍存储过程
• 深信服千里目安全实验室 - MSSQL数据库攻击实战指北 | 防守方攻略
• slideshare: Beyond xp_cmdshell: Owning the Empire through SQL Server - netspi 写的，主要讲解 PowerUpSQL 相关的技巧
• Using SQL Injection to perform SSRF/XSPA attacks - 讲解各种数据库的内置HTTP、TCP请求函数
• CVE-2020-25695 Privilege Escalation in Postgresql

Data format

• mtf - a Microsoft Tape Format reader
• Microsoft Tape Format Specification 中文，2000年的文档
  • chenjianlong/mtf-in-chinese - Microsoft Tape Format Specification Version 1.00a - document rev. 1.8 in chinese