Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on

a web application that uses Microsoft SQL Server as its back-end.

Its main goal is to provide a remote shell on the vulnerable DB server,
even in a very hostile environment. It should be used by penetration
testers to help and automate the process of taking over a DB Server when
a SQL Injection vulnerability has been discovered.

WWW: http://sqlninja.sourceforge.net/

PR:		ports/117276
Submitted by:	Valerio Daelli <valerio.daelli at gmail.com>

5 files changed, 72 insertions, 0 deletions

diff --git a/security/Makefile b/security/Makefile
index 9a061e384ca6..8ba85936a872 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -707,6 +707,7 @@
     SUBDIR += snortsms
     SUBDIR += snortsnarf
     SUBDIR += spike-proxy
+    SUBDIR += sqlninja
     SUBDIR += squidclam
     SUBDIR += srm
     SUBDIR += srp
diff --git a/security/sqlninja/Makefile b/security/sqlninja/Makefile
new file mode 100644
index 000000000000..cd9d819852e5
--- /dev/null
+++ b/security/sqlninja/Makefile
@@ -0,0 +1,48 @@
+# New ports collection makefile for:	sqlninja
+# Date created:				2007-10-17
+# Whom:					Valerio Daelli <valerio.daelli@gmail.com>
+#
+# $FreeBSD$
+#
+
+PORTNAME=	sqlninja
+DISTVERSION=	0.2.1-r1
+CATEGORIES=	security
+MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
+MASTER_SITE_SUBDIR=	${PORTNAME}
+EXTRACT_SUFX=	.tgz
+
+MAINTAINER=	valerio.daelli@gmail.com
+COMMENT=	Sql Server exploit toolkit
+
+RUN_DEPENDS=	p5-IO-Socket-SSL>=0:${PORTSDIR}/security/p5-IO-Socket-SSL \
+		p5-Net-DNS>=0:${PORTSDIR}/dns/p5-Net-DNS \
+		p5-Net-Pcap>=0:${PORTSDIR}/net/p5-Net-Pcap \
+		p5-Net-RawIP>=0:${PORTSDIR}/net/p5-Net-RawIP \
+		p5-NetPacket>=0:${PORTSDIR}/net/p5-NetPacket
+
+USE_PERL5=	yes
+
+NO_BUILD=	yes
+
+do-install:
+	${MKDIR} ${ETCDIR}
+	${MKDIR} ${ETCDIR}/scripts
+	${MKDIR} ${ETCDIR}/dnstun
+	${MKDIR} ${DOCSDIR}
+.	for i in sqlninja
+		${INSTALL_SCRIPT} ${WRKSRC}/${i} ${PREFIX}/bin
+.	endfor
+.	for i in dnstun.scr nc.scr
+		${INSTALL_SCRIPT} ${WRKSRC}/scripts/${i} ${ETCDIR}/scripts
+.	endfor
+.	for i in dnstun.c dnstun.exe
+		${INSTALL_SCRIPT} ${WRKSRC}/dnstun/${i} ${ETCDIR}/dnstun
+.	endfor
+.if !defined(NOPORTDOCS)
+.	for i in sqlninja-howto.html sqlninja.conf.example
+		${INSTALL_DATA} ${WRKSRC}/${i} ${DOCSDIR}
+.	endfor
+.endif
+
+.include <bsd.port.mk>
diff --git a/security/sqlninja/distinfo b/security/sqlninja/distinfo
new file mode 100644
index 000000000000..0d5e3d815dfa
--- /dev/null
+++ b/security/sqlninja/distinfo
@@ -0,0 +1,3 @@
+SIZE (sqlninja-0.2.1-r1.tgz) = 118928
+MD5 (sqlninja-0.2.1-r1.tgz) = 4548b90a695eb0707fa38d6f3400cd29
+SHA256 (sqlninja-0.2.1-r1.tgz) = e1f2978750e3d86dc04e6d185157d4936156bc2761f67fb73ff822ccd721f704
diff --git a/security/sqlninja/pkg-descr b/security/sqlninja/pkg-descr
new file mode 100644
index 000000000000..8eebb8184597
--- /dev/null
+++ b/security/sqlninja/pkg-descr
@@ -0,0 +1,9 @@
+Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on
+a web application that uses Microsoft SQL Server as its back-end.
+
+Its main goal is to provide a remote shell on the vulnerable DB server,
+even in a very hostile environment. It should be used by penetration
+testers to help and automate the process of taking over a DB Server when
+a SQL Injection vulnerability has been discovered.
+
+WWW: http://sqlninja.sourceforge.net/
diff --git a/security/sqlninja/pkg-plist b/security/sqlninja/pkg-plist
new file mode 100644
index 000000000000..1ff4632924ea
--- /dev/null
+++ b/security/sqlninja/pkg-plist
@@ -0,0 +1,11 @@
+bin/sqlninja
+%%ETCDIR%%/scripts/dnstun.scr
+%%ETCDIR%%/scripts/nc.scr
+%%ETCDIR%%/dnstun/dnstun.c
+%%ETCDIR%%/dnstun/dnstun.exe
+%%PORTDOCS%%%%DOCSDIR%%/sqlninja-howto.html
+%%PORTDOCS%%%%DOCSDIR%%/sqlninja.conf.example
+@dirrm %%ETCDIR%%/scripts
+@dirrm %%ETCDIR%%/dnstun
+@dirrm %%ETCDIR%%
+%%PORTDOCS%%@dirrm %%DOCSDIR%%