Database security tools
Acra (database encryption proxy)
data encryption, data leak prevention, data security, vulnerability mitigation
Acra is a database encryption proxy that provides encryption and data leakage prevention to applications. It provides selective encryption, access control, database and data leak prevention, and even intrusion detection capabilities. It is focused on developers and supports most popular programming languages such as Go, PHP, Python, Ruby.
evilredis (Redis security scanner)
security assessment, vulnerability scanning
Evilredis tool is an offensive security program for pentesting Redis databases. It can scan the target and perform different actions, like shutting down a Redis instance.
jSQL Injection (automatic SQL database injection)
jSQL Injection is a security tool to test web applications. It can be used to discover if an application is vulnerable to SQL injection attacks.
MongoSanitizer (defense against MongoDB injection attacks)
application security, database security
Typically this type of tool would be used as an additional defense layer to prevent injection attacks from reaching the database.
NoSQLMap (database enumeration and exploitation)
database security, penetration testing, security assessment
NoSQLMap is designed to audit database, as well to automate injection attacks. It can exploit configuration weaknesses in NoSQL databases and web applications using NoSQL.
Oscanner (Oracle assessment framework)
Oscanner is an Oracle assessment framework to perform enumeration on Oracle installations. It is written in Java and provides a graphical overview of findings.
sqlmap (SQL injection and database takeover tool)
penetration testing, security assessment, vulnerability scanning, web application analysis
Tools like sqlmap are used to test the security of a database. The typical goal is to get control over the database instance by using different types of attacks like SQL injection.
Missing a favorite tool in this list? Share a tool suggestion and we will review it.