The Pillager 0.7 Release

I spent the last couple days recoding the Pillager, getting rid of bugs, optimizing code, making it more extendable and more solid overall. So this post is to release the new code.  However, with that being said, the Pillager is in mass revision right now and I added some more developers to the team to add a whole host of new database attacking features as well as moving past databases and into other areas of post exploitation pillaging. Soon to be released..  As usual this tool and any tool i create is based on my issues when performing penetration tests and solves those problems.. If you have any insight or comments i will certainly take them into consideration for future releases.

For now check out Version 0.7.. Named searches and Data searches via external config files are now functioning properly as well as other bugs fixed along the way... Drop this in a BT5 VM and make sure you have your DB python stuff installed per the help docs and you should be good to go.  If you are looking to use oracle you are going to have to install all the oracle nonsense from oracle or use a BT4r2 vm which has most of the needed drivers minus cxoracle which will need to be installed.

http://consolecowboys.org/pillager/pillage_0.7.zip



Ficti0n$ python pillager.py
 
[---] The Database Pillager (DBPillage) [---]
[---] CcLabs Release [---]
[---] Authors: Ficti0n, [---]
[---] Contributors: Steponequit [---]
[---] Version: 0.7 [---]
[---] Find Me On Twitter: ficti0n [---]
[---] Homepage: http://console-cowboys.blogspot.com [---]

Release Notes:
 --Fixed bugs and optimized code
 --Added Docstrings
 --Fixed Named and Data searches from config files                 

About:
The Database Pillager is a multiplatform database tool for searching and browsing common
database platforms encountered while penetration testing. DBPillage can be used to search
for PCI/HIPAA data automatically or use DBPillage to browse databases,display data.
and search for specified tables/data instances.
DBpillage was designed as a post exploitation pillaging tool with a goal of targeted
extraction of data without the use of database platform specific GUI based tools that
are difficult to use and make my job harder.

Supported Platforms:
        --------------------
-Oracle
-MSSQL
-MYSQL
        -PostGreSQL
     

        Usage Examples:
        ************************************************************************
        
        For Mysql Postgres and MsSQL pillaging:
        ---------------------------------------
        python dbPillage -a [address] -d [dbType] -u [username] -p [password]
        
        
        For Oracle pillaging you need a SID connection string:
        ------------------------------------------------------
        python dbPillage-a [address]/[sid] -d [dbType] -u [username] -p [password]
        

        Grab some hashes and Hipaa specific:(Default is PCI)
        ------------------------------------
        python dbPillage -a [address] -d [dbType] -u [username] -p [password] --hashes -s hipaa


Drop into a SQL CMDShell:
-------------------------
        python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -q

Config file specified searches:
-------------------------------
Search for data Items from inputFiles/data.txt:
        python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -D

Search for specific table names from inputFiles/tables.txt:
python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -N

     
     
        Switch Options:
        ---------------------
        -# --hashes = grab database password hashes
        -l --limit  = limit the amount of rows that are searched or when displaying data (options = any number)
        -s --searchType = Type of data search you want to perform (options:pci, hipaa, all)(PCI default)
        -u --user = Database servers username
        -p --pass = Password for the database server
        -a --address = Ipaddress of the database server
        -d --database = The database type you are pillageing (options: mssql,mysql,oracle,postgres)
        -r --report = report format (HTML, XML, screen(default))
        -N --nameSearch = Search via inputFiles/tables.txt
        -D --dataSearch = Targeted data searches per inputFiles/data.txt
-q --queryShell = Drop into a SQL CMDshell in mysql or mssql
     
     
        Prerequisites:
        -------------
        python v2  (Tested on Python 2.5.2 BT4 R2 and BT5 R3 - Oracle stuff on BT4r2 only unless you install the drivers from oracle)
        cx_oracle (cx-oracle.sourceforge.net)
        psycopg2  (initd.org/psycopg/download/)
        MySQLdb   (should be on BT by default)
        pymssql   (should be on BT by default)
     

Related news

1. Hackrf Tools
2. Best Pentesting Tools 2018
3. Wifi Hacker Tools For Windows
4. Hack Tools For Games
5. Hack Tools Mac
6. Pentest Tools Kali Linux
7. Hacking Tools Usb
8. Hacking Apps
9. Hacking Tools For Windows Free Download
10. Hacker Tools Apk Download
11. World No 1 Hacker Software
12. Hackrf Tools
13. Hacker Tools Linux
14. Pentest Tools Open Source
15. Hack Tools Github
16. Hack Tool Apk
17. Pentest Tools Find Subdomains
18. New Hacker Tools
19. Hacking Tools Download
20. Hacking Tools For Windows
21. Hack Tools Download
22. Pentest Tools Review
23. Hackers Toolbox
24. Pentest Tools List
25. Pentest Tools Subdomain
26. Hacking App
27. Pentest Tools Bluekeep
28. Hacker Tools Free
29. Hacking Tools For Windows
30. Hacking Tools For Windows Free Download
31. Hackrf Tools
32. Hack Tools For Ubuntu
33. Hacks And Tools
34. Hacking Tools Free Download
35. Hacker Tools Mac
36. Best Hacking Tools 2020
37. Pentest Tools Website Vulnerability
38. Hacker Tools 2019
39. Blackhat Hacker Tools
40. Hacking Tools Pc
41. Hack Tools For Mac
42. Hack Website Online Tool
43. Hacker Tools Software
44. Hak5 Tools
45. Pentest Tools Url Fuzzer
46. Hack Apps
47. Hacking Tools Hardware
48. Pentest Tools Windows
49. Beginner Hacker Tools
50. Hack Tools Online
51. Pentest Tools For Android
52. Pentest Tools Website Vulnerability
53. Pentest Tools For Mac
54. Pentest Tools Download
55. Nsa Hacker Tools
56. Android Hack Tools Github
57. Hacker
58. Hacker Tools For Windows
59. Hacker Hardware Tools
60. Hack Apps
61. Pentest Tools Website Vulnerability
62. Usb Pentest Tools
63. Best Hacking Tools 2019
64. Pentest Tools Url Fuzzer
65. Hacker Tools Software
66. Hack Tool Apk
67. Hacking Tools Kit
68. Hacker Tools List
69. Hacking Tools Windows
70. Pentest Tools Linux
71. Hacking Tools Windows
72. Pentest Tools Website Vulnerability
73. Underground Hacker Sites
74. Hacking Tools For Games
75. Pentest Tools Website
76. Pentest Tools Review
77. Bluetooth Hacking Tools Kali
78. Pentest Automation Tools
79. Pentest Tools For Android
80. Pentest Tools Find Subdomains
81. Termux Hacking Tools 2019
82. Hacking Tools
83. Pentest Tools Tcp Port Scanner
84. Pentest Tools Free
85. Hack Tools For Ubuntu
86. Hacker Tools Online
87. Hacker Hardware Tools
88. Hacker Tools Free
89. Tools 4 Hack
90. What Is Hacking Tools
91. Pentest Tools Open Source
92. Hacker Techniques Tools And Incident Handling
93. Pentest Tools For Android
94. Hacking Tools Name