Projects

sqlmap

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting ... [More] from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections. [Less]

2gwvs

2G's Free Web Vulnerability ScannerPROJECT IS IN ALPHA STAGE / LE PROJET EST EN ALPHA ;) So use it carefully / Alors faites-gaffe ;) SummaryThis software is a Web Vulnerability Scanner, it is supposed to scan a whole website testing urls and forms's possible issue like SQL Injection, XSS ... [More] , and ... The aim is to create a useful and free software to webmaster that doesn't wan't to buy expensive software like Acunetix and ... The name of the project is in alpha too ^^ I need a better name xD As it use QT, the project can be used on Windows, Nix Platform (Linux, Max, Bsd). Ce logiciel est un Scanneur de vulnérabilité Web, il est supposé ^^ scanner un site web, en testant les urls et les formulaires du site pour trouver de possible faille (XSS, SQl Injection et ...). Résumé du logicielThe but du projet est de créer un logiciel utile et gratuit pour les webmestres qui ne veulent pas dépenser de l'argent dans des logiciels du genre Acunetix (bien qu'il propose une version gratuite ^^) Le nom du projet est en alpha aussi ... si vous avez un nom moins nombriliste je suis preneur Comme ce logiciel utilise QT, il peut être utilisé sur Windows, Unix, Linux et les Macs RoadMapDONE 2GWVS_0.0.1-crawl-a (first working crawler/un crawler fonctionnel) DONE 2GWVS_0.0.1-crawl-b (crawler with more option/un peu plus d'option) DONE 2GWVS_0.0.2-scan-a (first scanner working : can detect very simple XSS) NOW 2GWVS_0.0.2-scan-b (building a more powerful scanner) TODOFirst : the Crawler. Fully written and working (may be need some optimisation)! scanner. Need research and enginering. list some possible attack xD(doable??no but...). We use a sqlite3 database to store multiple payload. Secondly : a manual mode to test specific attack - an integrated browser - a requestHeader forger proxy support (DONE) -use different proxy (DONE) one for crawler only (example : ratproxy to get more information) another one for the scanner (can't use ratproxy in this case) Crawler's option only scan specific content-type (mime) (DONE) specify some different user-agent string (DONE) different option for "parsing" url (xml, regexp). (DONE) [Less]