PHP and Website Security ProjectX

PostgreSQL Pentesting Tool Dictionary Attack

Here’s a quick overview on PostgreSQL

PostgreSQL is a powerful, open source object-relational database system. It has more than 15 years of active development and a proven architecture that has earned a strong reputation for reliability, data integrity, and correctness. It runs on all major operating systems, including Linux, UNIX (AIX, BSD, HP-UX, SGI IRIX, Mac OS X, Solaris, Tru64), and Windows. It is fully ACID compliant, has full support for foreign keys, joins, views, triggers, and stored procedures (in multiple languages). It includes most SQL:2008 data types, including INTEGER, NUMERIC, BOOLEAN, CHAR, VARCHAR, DATE, INTERVAL, and TIMESTAMP. It also supports storage of binary large objects, including pictures, sounds, or video. It has native programming interfaces for C/C++, Java, .Net, Perl, Python, Ruby, Tcl, ODBC, among others.”

Some folks and my friends in IRC asked about Dictionary attacks against remote PostgreSQL Database server to test his box. A dictionary based attack uses a targeted technique of successively trying all the words in an exhaustive list, in this application you can see that there are common list in the user.txt and pass.txt dictionary file included in the program.

The GUI app is simple to use, just input the IP of the PostgreSQL daemon, specify database schema, port and number of threads to perform.


PostgreSQL Scanner Pentesting Tool

 Download the tool here

If you want the source code email me at

Leave a Reply