A new powerful hacking tool called “Katyusha scanner” is making the rounds on the criminal underground. Katyusha allows an attacker to quickly conduct website scans for SQL injection vulnerabilities on a huge range. The tool is based on the open source Arachni web app security scanner for penetration testers.
According to Recorded Future researchers, the tool is offered for sale by a Russian-speaking member of a top-tier hacking forum for just $500. The Katyusha-Scanner can be managed via a standard web interface and its progress monitored via the Telegram messenger.
“While the hacking process could be controlled using a standard web interface, the unique functionality of Katyusha Scanner allows criminals to upload a list of websites of interest and launch the concurrent attack against several targets simultaneously, seamlessly controlling the operation via Telegram messenger.”
“In the ensuing months, the actor has released seven major updates of Katyusha Scanner. The most recent update, Katyusha 0.8 Pro, was introduced on June 26, 2017, and for the first time is available for rent for $200 per month or as a one-time purchase for $500.”
Attackers can enter a list of websites they want to be tested for error-based, time-based and blind SQL injection vulnerabilities, and it will fire off attacks against many targets together.
The tool can also explore for email/password credentials, brute-force login credentials, and automatically dump databases and upload web shells.
“Interestingly, the name Katyusha was not chosen by chance — it represents an iconic multiple rocket launcher, developed by the Soviet Union during World War II known for inflicting panic in Nazi forces with its stealthy and devastating attacks. Similar to the very lethal weapon conceived 70 years ago, the Scanner allows criminals to initiate large-scale penetration attacks against a massive number of targeted websites with several clicks using their smartphones.”