Common answers to common e-mails
-
How can I help?
All help is greatly appreciated. Just download the tool and have lots of fun with it, using it in your penetration tests. If you find bugs or have ideas for possible improvements, feel free to send me your thoughts. Beta-testers are also welcome, to try new versions before they are released to the public (not a huge task, as new versions are not released that often): just drop me an email and I will add you to the beta-testers list.
-
Will you support Windows?
It would be nice, but I won't. The reason is that a Windows version would require a considerable amount of time to develop and maintain. Sqlninja is targeted to professional penetration testers, who are very likely to have access to a Unix-like box in their job.
-
Will you support other DB?
I am afraid not: sqlninja exploits specific features of Microsoft SQL Server. Trying to do the same things on another DBMS would require a complete rewrite, and the final product wouldn't do much more than other existing tools.
What about some data extraction attack mode?
Great idea. Really. But as for a lot of other great ideas, somebody already thought about it and did a brilliant job. No point in reinventing a perfectly working wheel.
Woot! Sqlninja saved my day during a pen-test!
Awesome! I am always happy to hear success stories! However, if that made your boss earn $$$ in new engagements, tell him to consider a donation to the open source community (not necessarily to this project). Hackers worldwide are always in need of support to pay their bills and buy their booze.
Help! I can't get sqlninja to work!
Sqlninja is not trivial to setup, I know, but that's the price to pay for a tool that is quite flexible and that gives a reasonable chance of success in a real-world attack scenario. I am happy to help, where possible, but please first make sure you have read the documentation carefully.
I want to use sqlninja to hack <some .com/.gov site>... will you help me?
Sorry, no. But thanks for a good laugh.
