Chapter 1, Introduction
1.1 What is Pangolin?
Pangolin is a security tool that helps penetration testers perform Sql injection testing.
The so-called SQL injection test is to obtain, modify, delete data, and even control the database server and web server by exploiting the loopholes that appear when a certain page of the target website lacks control of the parameters passed by the user or the control is not good enough. test method. Pangolin can achieve the maximum attack test effect through a series of very simple operations. It gives the test steps from the detection of injection to the final control of the target system. There have been many SQL injection tools in the past, but some of them are not fully functional, do not support enough databases, or are relatively slow. However, after the release of Pangolin, these problems have been resolved. Pangolin is perhaps one of the best injection tools out there.
1.2 What can Pangolin be used for
Here are some examples:
Used by penetration testers to discover vulnerabilities in their targets and assess the severity of the possible consequences of the vulnerabilities.
Used by webmasters to perform security checks on their own code for patching.
Security researchers can use Pangolin to update More in-depth understanding of the technical details of SQL injection
- 1.3 Features
The following are some of the features provided by Pangolin:
Comprehensive database support
Original automatic keyword analysis can reduce manual operations and make more accurate judgments The
original content size judgment method can reduce the maximum network data traffic
, and the Union operation can be greatly improved SQL injection operation speed
Pre-login function, in the case of need to verify, still inject
proxy support
Support HTTPS
custom HTTP header function-
rich bypass firewall filtering function
Injection site (point) management function
Data export function
and more
1.4 What it can't do
Pangolin is just an injection verification exploit tool, not a web vulnerability scanning software. So you can't use it to scan the whole website.
In addition, it does not support functions such as injection directory traversal, which you can use with other security tools of Xiaocan Blog.
https://www.exehack.net/179.html
https://www.exehack.net/90.html
1.5 Where to get Pangolin
Pangolin is updated very quickly, you can often go to http://www.nosec.org/web/pangolin to download the latest version.
1.6 Operating Environment
Currently, Pangolin can only run on the Windows system platform, and supports 32-bit/64-bit Windows NT/2000/XP/2003/Vista/2008.
Supported database types
MS SQL, Oracle, Mysql, Access, PostgreSQL, DB2, Sybase, Informix, Sqlite
Version 3.3:
1. Right-click to run crack patch.exe as an administrator under win7
2. Open keygen.exe
3. Copy the machine code to crack patch.exe, click to modify
4. keygen.exe click makekeyfile
Version 4.0:
The steps are exactly the same, but it seems to have requirements for system compatibility. It is said that it can
run under winxp X32. It is recommended to copy the main program of 3.3 to the directory of 4.0 to run.
Download address: http://pan.baidu.com/s/1cyXmjk
Extraction password: 0td2