SQLSploit Development

The start of SQLSploit, the first bit of code has been written and will be committed soon.

The aim to create a penetration testing framework focusing on SQL databases.
As a basis it needs to do the following:

  • Automatically identify sensitive data such as credit cards and passport numbers;
  • Identify vulnerabilities such as privilege escalation, poor access controls, problems in stored procedures etc.

I've seen a need for this due to time constraints put on tests, generally you don't have time to do a full deep dive on a database.

At the moment it is being developed in python (hopefully that should make it easier for people to develop modules for it).