sâmbătă, 20 octombrie 2012

My first open source project - Seringa: The SQLi Framework

I publically launched my first open source project today. It's hosted at github.
https://github.com/paratechnical/Seringa
A short description copied from the Wiki:
Seringa(Romanian for seringe) is an SQL injection framework featuring high customizability and a user-friendly interface. It is completely open source. It uses the .NET 4.0 framework and Windows Presentation Foundation(WPF) for the GUI. With regard to design it utilizes the Strategy Pattern to distinguish between various SQLi strategies whilst storing other relevant data such as exploits, payloads and patterns in xml files so that the framework can be easily customized from the outside(a manifestation of the Open-Closed Principle).
Seringa allows you to:
  • scan Google search results given a search string
  • test search results for SQLi vulnerability
  • test a single url for vulnerability
  • extract a database structure(databases,tables,columns) in a tree form
  • execute given payloads and receive results(some predefined queries include current database name, current database user, current database version etc)
  • save your penetration testing process to a file(mapping file) and load it later
  • use a proxy(regular or socks) when testing

Everyone is welcomed to contribute.

Contribuited to my first open source project - jQGrid

I had some problems with a jqGrid that contained a table within it. Turned out there was a bug in jQGrid. I fixed the problem locally and I thought others might be having the same problem as well so I tried to commit my changes to the jQGrid source repository. That didn't exactly go as planned but I managed to push the code throgh eventually. Check it out.
Anyway jqGrid is great. I really recommend it.