The Web Local





DBAppSecurity Inc released MatriXay at BlackHat Las Vegas in Aug 2006.  They specialise in pen-testing and auditing Databases i.e. Oracle, SQL server, DB2, Sybase, Infomix, Mysql.

This tool has been geared to support both proxy and active URL enumeration of exploitable features.  It has been built as a combined SQL Injector/ Database vulnerability scanning tool and supports utilisation against web applications run on Oracle, MS SQL, MS Access and DB2.  Its easy to use with a nice intuitive graphical front-end.


It has a number of features, (requiring no database authentication), including:


  • Backend Database detection,

  • Browsing database objects,

  • Database table data search,

  • Enumerate potential areas of privilege escalation,

  • OS Command-line execution,

  • On-the-fly Database password cracking.


Matrixay is available from here


IT Security News:


Pen Testing Framework:


Latest Tool Reviews: