finds.dev← search

// the find

Hel10-Web/Databasetools

★ 866 · Go · updated Aug 2023

一款用Go语言编写的数据库自动化提权工具,支持Mysql、MSSQL、Postgresql、Oracle、Redis数据库提权、命令执行、爆破以及ssh连接

A Go-based database post-exploitation toolkit targeting MySQL, MSSQL, PostgreSQL, Oracle, and Redis. It wraps common privilege escalation techniques — UDF injection, xp_cmdshell, CLR assembly loading, Redis master-replica RCE, and several named CVEs — into a single CLI. Aimed at penetration testers who want one tool across database types rather than juggling db-specific scripts.

Covers five database engines with multiple escalation paths each — for MSSQL alone you get xp_cmdshell, sp_oacreate, CLR, and two backup-based webshell writes, which is more thorough than most similar tools. The Go single-binary model means easy deployment on target systems without dependency headaches. It includes CVE-specific exploits (CVE-2022-0543 for Redis Lua sandbox escape, CVE-2019-9193 for PostgreSQL COPY TO/FROM) alongside the classic manual techniques, so you're not stuck if the obvious paths are locked down. The interactive shell mode across all backends is genuinely useful for iterative post-exploitation.

Last commit was August 2023 and the repo shows no signs of active maintenance — you're adopting technical debt on day one. The repo ships precompiled exp.so and exp.dll binaries with no build instructions or source for them; using someone else's unsigned native exploit binary on an engagement is a supply chain risk that most red team policies won't accept. Oracle support requires installing the Oracle Instant Client separately, which breaks the portability story entirely. The static webshell templates (shell.php, shell.jsp, etc.) are trivially signatured by any AV or EDR — no obfuscation, no variation, no templating — so they'll be caught on any defended target.

View on GitHub →

// want more like this?

We dig through GitHub every week and send a few repos picked for what you actually care about — each with an honest take like this one.

Get finds in your inbox → Search again →