Connect with us

Hi, what are you looking for?


Network Security

SQLi Vulnerability Scanner Available on Hacking Forum at $500

A fully automated SQLi vulnerability scanner is available for purchase on a hacking forum for just $500, Recorded Future security researchers have discovered.

A fully automated SQLi vulnerability scanner is available for purchase on a hacking forum for just $500, Recorded Future security researchers have discovered.

Dubbed Katyusha Scanner, the powerful tool was posted on a popular hacking forum by a Russian-speaking individual, on April 8, 2017. The scanner takes advantage of the functionality of Telegram messenger, as well as of Anarchi Scanner, an open-source penetration testing tool, the security researchers reveal.

The application has already received numerous updates, the last of them introduced on June 26, 2017, as Katyusha 0.8 Pro. Because of “outstanding support” from its author, the scanner immediately gained popularity among users, and started being praised for its intuitive and straightforward interface, and for performance capabilities.

Not only does the scanner allow miscreants to control the hacking process using a standard web interface, but it also provides users with the possibility to “upload a list of websites of interest and launch the concurrent attack against several targets simultaneously,” the researchers say. The operation can be seamlessly controlled via Telegram messenger.

Apparently, the scanner’s name specifically reflects this capability, making reference to the multiple-rocket launcher developed by the Soviet Union during World War II.

“Similar to the very lethal weapon conceived 70 years ago, Katyusha Scanner allows criminals to initiate large-scale penetration attacks against a massive number of targeted websites with several clicks using their smartphones,” Recorded Future explains.

Katyusha Scanner was made available at $500, with a light version released on May 10, 2017 at $250. The latter variant has slightly limited functionality, but was introduced due to the high demand the original scanner registered. Along with the Katyusha 0.8 Pro update at the end of June, the author also made the tool available for rent at $200 per month.

Advertisement. Scroll to continue reading.

Recorded Future researchers warn that “the Pro version offers significantly more robust functionality, not only capable of identification but also establishing a strong foothold within vulnerable web servers and an automatic extraction of privileged information such as login credentials.” 

Once the scan has been completed, the tool can display the Alexa web rating for each identified target, providing cybercriminals with “immediate visibility into the popularity of the resource and possible profit level in the future.”

The scanner can search and export email/password credentials, is multi-threaded (with support for concurrent sessions), and offers a module framework, Telegram messenger interface, and web interface. Furthermore, it allows for automatic dumping of databases, supports SQLMAP reports and file upload (the list of targeted websites), and can be used on both Linux and Windows.

The web shell module features CMS family identification (Bitrix, WordPress, OpenCart, etc.), login credentials brute-forcing (concurrent with SQLi scan), and automatic web shell upload.

Available scanning options include SQL injection (sql_injection) — Error-based detection (Oracle, InterBase, PostgreSQL, MySQL, MSSQL, EMC, SQLite, DB2, Informix, Firebird, SaP Max DB, Sybase, Frontbase, Ingres, HSQLDB, MS Access), Blind SQL injection using differential analysis (sql_injection_differential), and Blind SQL injection using timing attacks (sql_injection_timing – MySQL, PostgreSQL, and MSSQL).

“Despite the fact that SQLi attacks have been around for over 20 years, we are still seeing them successfully being used as common attack vectors by online criminals The availability of a highly robust and inexpensive tool such as Katyusha Scanner to online criminals with limited technical skills will only intensify the compromised data problem experienced by various businesses, highlighting the importance of regular infrastructure security audits,” Recorded Future concludes.

Related: Self-Healing Malware Hits Magento Stores

Related: Russian Black Hat Hacks 60 Universities, Government Agencies

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Network Security

Our networks have become atomized which, for starters, means they’re highly dispersed. Not just in terms of the infrastructure – legacy, on-premises, hybrid, multi-cloud,...