The start of SQLSploit, the first bit of code has been written and will be committed soon.
The aim to create a penetration testing framework focusing on SQL databases.
As a basis it needs to do the following:
- Automatically identify sensitive data such as credit cards and passport numbers;
- Identify vulnerabilities such as privilege escalation, poor access controls, problems in stored procedures etc.
I've seen a need for this due to time constraints put on tests, generally you don't have time to do a full deep dive on a database.
At the moment it is being developed in python (hopefully that should make it easier for people to develop modules for it).