Database security tools

Tools

Acra (database encryption proxy)

data encryption, data leak prevention, data security, vulnerability mitigation

Acra is a database encryption proxy that provides encryption and data leakage prevention to applications. It provides selective encryption, access control, database and data leak prevention, and even intrusion detection capabilities. It is focused on developers and supports most popular programming languages such as Go, PHP, Python, Ruby.

evilredis (Redis security scanner)

security assessment, vulnerability scanning

Evilredis tool is an offensive security program for pentesting Redis databases. It can scan the target and perform different actions, like shutting down a Redis instance.

jSQL Injection (automatic SQL database injection)

database security

jSQL Injection is a security tool to test web applications. It can be used to discover if an application is vulnerable to SQL injection attacks.

MongoSanitizer (defense against MongoDB injection attacks)

application security, database security

Typically this type of tool would be used as an additional defense layer to prevent injection attacks from reaching the database.

NoSQLMap (database enumeration and exploitation)

database security, penetration testing, security assessment

NoSQLMap is designed to audit database, as well to automate injection attacks. It can exploit configuration weaknesses in NoSQL databases and web applications using NoSQL.

Oscanner (Oracle assessment framework)

Oscanner is an Oracle assessment framework to perform enumeration on Oracle installations. It is written in Java and provides a graphical overview of findings.

sqlmap (SQL injection and database takeover tool)

penetration testing, security assessment, vulnerability scanning, web application analysis

Tools like sqlmap are used to test the security of a database. The typical goal is to get control over the database instance by using different types of attacks like SQL injection.

TheDoc (automation tool for sqlmap)

penetration testing

TheDoc is a tool written in shell-script to automate the usage of sqlmap. It comes with a built-in admin finder and hash cracker, using the Hashcat tool.

Missing a favorite tool in this list? Share a tool suggestion and we will review it.