[sqlmap-users] sqlmap state of art - 3 years later
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] sqlmap state of art - 3 years later
|
From: Bernardo D. A. G. <ber...@gm...> - 2009-12-15 13:59:38
|
Hi, A few months ago sqlmap has passed its 3rd year of virtual life. I would like to personally thank Daniele Bellucci for starting the project back in July 2006 and letting me to succeed him in sqlmap development since September 2006. During the last 12 months, sqlmap has seen a lot of improvements in (post-)exploitation functionalities[1][2][3] ranging from underlying file system read and write access to database buffer overflow exploitation with memory protection bypass passing by UDF injection to execute Metasploit payload in-memory or via payload stager executable and more[4] (thanks to Guido Landi for helping me out with some of these features). I've received tons of great feedback (dumb questions too) privately by email, face to face and via this mailing list from you all and I really appreciate it, thank you[5]! Sorry if I did not get back right away, I might have missed your email: send it again privately and I will try to get back promptly. The media/blogger attention to the tool and SQL injection as a vector not only to expose sensible data but also to own the whole underlying system and internal network in general has been higher in the last 12 months. Personally speaking, since my talk at Black Hat Europe[6][7][8] and the recent Corporate websites ownage[9]. Surprisingly sqlmap is the most downloaded SQL injection tool on SourceForge[10], however I've no statistics about the downloads from third-party mirrors so this information does *not* count globally. Also, a search on Google for "sql injection"[11] places sqlmap at the 21st place, first tool of its category to be mentioned: good to see that many whitepapers and tutorials showed up first, symptom maybe that many people do care about learning how it works before just firing up a tool. Now I see sqlmap development for 2010 going in two directions: 1. I would like to brainstorm with *you* then rewrite from scratch the detection engine, it's the weak part of sqlmap in my opinion, it upsets many users, requires reading and understanding of the user's manual for not-straightforward SQL injections and, sadly, is not as mature as some other tools (very few though[12] ;)). I've some thoughts about it and will share them soon. Please, do reply to this point if you've anything to say either publicly or privately, feel free to get in touch also via Jabber if you prefer. All comments, suggestions and critics will be answered, taken into account and eventually summarized afterwards in an email open to the mailing list. 2. It would be great that someone joins actively the development team (me, sigh..) to maintain the code, refactor it a bit, document it to ease new developers to code over it, fix bugs and add new features. I've a list of about 60 unique items in the ticketing system, so there's plenty of work to do, time permitting. Yes, you've got it right, I am looking for help as in code: software engineers experienced in Python development (no, I won't follow the Ruby hype so please don't ask for a change of technology) so if you ever thought it would be cool to join sqlmap development now it's your time to do so. I can provide you with write access to a personal branch on the sqlmap subversion repository, access to the project management interface (this include ticketing system) and if you show up in London area we can meet for a beer too or, if you prefer, a more typical English tea! ;) I hope this will bring a lot of good ideas and I am open to read all your thoughts. Thanks if you spent your time to the end of this email. [1] http://sqlmap.sourceforge.net/doc/BlackHat-Europe-09-Damele-A-G-Advanced-SQL-injection-whitepaper.pdf [2] http://www.slideshare.net/inquis/advanced-sql-injection-to-operating-system-full-control-slides [3] http://www.slideshare.net/inquis/expanding-the-control-over-the-operating-system-from-the-database [4] https://svn.sqlmap.org/sqlmap/trunk/sqlmap/doc/ChangeLog [5] https://svn.sqlmap.org/sqlmap/trunk/sqlmap/doc/THANKS [6] http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=216402297 [7] http://www.theregister.co.uk/2009/04/02/new_sql_injection_attack/ [8] http://www.h-online.com/security/SQL-injection-reloaded-access-to-the-operating-system--/news/113095 [9] http://www.theregister.co.uk/2009/11/23/symantec_website_security_snafu/ [10] http://sourceforge.net/search/?words=%22sql+injection%22&sort=num_downloads&sortdir=desc&offset=0&type_of_search=soft&pmode=0&form_cat=18 [11] http://www.google.com/search?hl=en&q=sql+injection&start=20&sa=N [12] http://code.google.com/p/sqlibench/ Cheers, -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F |
