Another interesting hacking tool was introduced in underground forums, allowing anybody to quickly conduct site scanning for SQL injection on a huge scale — all controlled from a phone utilizing the Telegram application.
Named Katyusha Scanner, the completely automated SQLi vulnerability scanner was first intorduced in April this year when a presumably Russian individual distributed it on a hacking forum. Researchers found this tool for sale on forum for $500, which also can be rented for only $200.
According to experts, Katyusha Scanner is an online web-based tool that is a mix of Arachni Scanner and a regular SQL Injection exploitation tool that enables the user to automatically find SQLi vulnerable web-sites and exploit those in order to take over the website databases.
Arachni is an open source tool instrument pointed towards helping clients to test the security of their web applications.
Katyusha is abusing the Telegram application in order to send and receive commands. It is very easy to setup and use, allowing anyone with sufficient money to conduct attacks against large number of websites with the use of their smartphones. It is not just vulnerability detection tool, it also extracts login credentials on vulnerable sites automatically.
With the release of the most recent Katyusha 0.8 Pro update at the end of June, the scanner was made available for rent costing $200 per month first time you rent it. Katyusha also allows for the automatic dumping of DB’s and can be used on both Linux as well as Windows.
