sâmbătă, 20 octombrie 2012

My first open source project - Seringa: The SQLi Framework

I publically launched my first open source project today. It's hosted at github.
A short description copied from the Wiki:
Seringa(Romanian for seringe) is an SQL injection framework featuring high customizability and a user-friendly interface. It is completely open source. It uses the .NET 4.0 framework and Windows Presentation Foundation(WPF) for the GUI. With regard to design it utilizes the Strategy Pattern to distinguish between various SQLi strategies whilst storing other relevant data such as exploits, payloads and patterns in xml files so that the framework can be easily customized from the outside(a manifestation of the Open-Closed Principle).
Seringa allows you to:
  • scan Google search results given a search string
  • test search results for SQLi vulnerability
  • test a single url for vulnerability
  • extract a database structure(databases,tables,columns) in a tree form
  • execute given payloads and receive results(some predefined queries include current database name, current database user, current database version etc)
  • save your penetration testing process to a file(mapping file) and load it later
  • use a proxy(regular or socks) when testing

Everyone is welcomed to contribute.

3 comentarii:

  1. poti explica te rog cum se instaleaza? ms

    1. Nu se instaleaza. Se ia codul sursa si se compileaza cu Visual Studio.

    2. Inainte se puteau adauga pe GitHub si fisiere binare la Downloads dar s-au scos asa ca nu se pot urca fisiere binare.