FG-Injector is a tool that leverages the pentester's work by facilitating the exploitation of SQL Injection vulnerabilities.
It includes a a powerful proxy feature for intercepting and modifying HTTP requests, a network spy module to allow the analyst view HTTP requests and their corresponding responses and an inference engine for automating SQL injection exploitation.
The Inference Engine Module of the FG-Injector Framework automates the generation and injection of SQL statements needed for exploitation of a Blind SQL Injection. This module will work also for regular injections using the same method. It can produce blind injections on web/app servers using MS SQL Server, MySQL, and PostgresSql DBMSs.

+ Documentation + Download

StateSim is a statecharts simulation prototype of easy installation and usage that contemplates most of the formalism. The application is developed in Java, therefore it runs on every platform supporting the Java Virtual Machine.

The statecharts can be generated with OpenOffice Draw. StateSim takes in an ODG file and a sequence of events indicated by the user, it then calculates all possible state transtitions and it generates a new ODG file where all final states reached are indicated.

The requirements for a Linux environment are the following:

• Open Office 2.3.0 or superior
• Java SE Runtime Environment 1.6 or superior
• Access through the variable PATH to the following binarys: cp, mv, rm, zip y unzip

Under a MS Windows environment, the requirements are:

• Open Office 2.3.0 or superior
• Java SE Runtime Environment 1.6 or superior
• Access through the variable PATH to the following binarys: copy, move, del, rd y 7z.exe (can be freely downloaded from http://www.7-zip.org.)

The tool is installed jut by uncompressing and unarchiving the file stateSim.tar.gz.

The release includes a user and programmer manual (ManualUsuarioYProgramador.pdf) that describes the tool and its usage.

+ Download + SHA-256 Hash

Repose 1.0 allows to generate functional requirements prototypes for systems based on graphical interfases by using just office software. The prototypes are defined by drawing the interfases with OpenOffice Draw and specifying use cases for each prototype in a OpenOffice Calc spreadsheet. Then a script is run to generate the prototype based on those documents (the script actually runs a Java Program, which is the core of Repose 1.0).

Later on, the engineer runs the prototype in the presence of the customer and analyzes its behavior with the use cases generated. Whether any use case or the interfase does not satisfy the customer, the engineer simply modifies the template or the scheme of the interfase and then runs the script to generate a new prototype.

Currently, the available Repose 1.0 version is an experimental proof of concept, but it still offers enough features to be used in real case scenarios.

Repose 1.0 is a Java program that interacts with Open Office. The requirements to install Repose 1.0 are the following:

• Linux or MS Windows (Vista, XP, 2003, 2000, etc.)
• Java SE Development Kit 6 or superior
• Open Office 2.3.0 or superior (bear in mind that Repose 1.0 uses the Open Document Format from Open Office, which might vary from version to version. Therefore it might stop working with future versions of Open Office)

For installation, simply uncompress and untar the file Repose-1.0.tar.gz in any directory you like.
The distribution includes user manuals in spanish (check back later for english version).

+ Download + SHA-256 hash

Fastest is a tool for model-based testing (MBT). The tool receives a Z specification and generates test cases derived from the specification, almost automatically.

The current version just generates abstract test cases (i.e. test cases written in Z), and it does not implement all of the Z language (just the core of it), but it's still useful enough.

Fastest implements the Test Template Framework (TTF) described in:

P. Stocks and D. Carrington, "A framework for specification-based testing", IEEE Transactions on Software Engineering, vol. 22, no. 11, pp. 777--793, Nov. 1996.

P. Stocks, "Applying formal methods to software testing", Ph.D. dissertation, Department of Computer Science, University of Queensland, 1993.

H. M. Hörcher and J. Peleska, "Using formal specifications to support software testing", Software Quality Journal, vol. 4, pp. 309--327, 1995.

Additionally it implements a client/server, implicit invocation architecture, which implies a better performance and the capability of introducing changes in a simple way. Fastest uses the CZT Framework (http://czt.sourceforge.net).

Fastest works on both Linux and MS-Windows environments. It requires a Java SE Runtime Environment 1.6 or newer. To install the tool, just uncompress and unarchive the file Fastest.tar.gz. The distribution includes a small user manual in English.

# The Fastest User's Guide (pdf) # Modified version of the Z specification of the steam-boiler control software (pdf) # Certified elimination theorems (tex)
+ Download + SHA-256 Hash

FG-SToP is a tool that implements several interesting attacks for the link-layer protocols STP and RSTP (still in development - please check back soon).