Dubbed Katyusha Scanner, the fully automated powerful SQLi vulnerability scanner was starting fourth dimension surfaced inwards Apr this twelvemonth when a Russian-speaking private published it on a pop hacking forum.
Researchers at Recorded Future's Insikt Group threat tidings segmentation found this tool for sale on an undercover hacking forum for merely $500. Users tin fifty-fifty rent the Katyusha Scanner tool for $200.
According to the researchers, Katyusha Scanner is a web-based tool that's a combination of Arachni Scanner and a basic SQL Injection exploitation tool that allows users to automatically position SQLi vulnerable sites in addition to thence exploits it to stimulate got over its databases.
Arachni is an opened upwards source vulnerability scanning tool aimed towards helping users evaluate the safety of their spider web applications.
What makes this tool stand upwards out of draw is its 'Infrastructure-as-a-Service' model.
Remotely Control Hacking Tool Via Telegram
The Katyusha Scanner tool is quite slowly to setup in addition to use, allowing anyone to deport large-scale penetration attacks against a large issue of targeted websites simultaneously amongst the mere usage of their smartphones.
The Pro version of the tool non merely identifies vulnerable websites, but also allows hackers to constitute a "strong foothold inside vulnerable spider web servers" in addition to automatically extract "privileged information such equally login credentials."
Once the scan is complete, Katyusha Scanner sends a text message to the criminals amongst the vulnerable site name, its Alexa spider web ratings, helping criminals position pop websites that would probable endure to a greater extent than profitable for them to attack, in addition to the issue of databases.
The criminals, fifty-fifty amongst no technical knowledge, tin download whatever exfiltrated information available yesteryear merely clicking on their smartphones to final result commands.
Katyusha Scanner also allows for the automatic dumping of databases in addition to tin endure used on both Linux equally good equally Windows machines.
"The availability of a highly robust in addition to cheap tool...Katyusha Scanner to online criminals amongst express technical skills volition alone intensify the compromised information occupation experienced yesteryear diverse businesses, highlighting the importance of regular infrastructure safety audits," researchers at Recorded Future wrote.Many buyers praised the character of the tool on the dark marketplace site, i of the satisfied customers who got immediate success inwards obtaining access to viii spider web servers wrote:
"Excellent support! The seller has configured the software for my server, which was failing before, however, correct at nowadays it flies divinely! I highly recommend the software, in addition to it has found viii SQL vulnerabilities inwards one-half a day, groovy automation of the routine. Very grateful to the seller."Another wrote: "The writer has helped amongst the production setup subsequently the purchase, in addition to (Katyusha) has directly found SQL vulnerability. Thank y'all for the groovy product."
Initially, Katyusha Scanner was sold for $500, but due to unexpectedly high demand, a low-cal version of the tool amongst slightly express functionality was released on May 10, 2017, at merely $250.
With the loose of the nigh recent Katyusha 0.8 Pro update at the halt of June, the writer also made the scanner available for rent at $200 per calendar month for the starting fourth dimension time.
