Recent Articles

Remote Access for Windows Vista »

There is no telnet for Windows Vista. Instead we have WinRM & WinRS. These are powerful new command line management tools give system administrators improved options for remote management and remote execution of programs on Windows machines.

Windows Remote Management (known as WinRM) is a handy new remote management service for Windows Server 2003 R2, Windows Vista, and Windows Server 2008. WinRM is the “server” component of this remote management application and WinRS (Windows Remote Shell) is the “client” for WinRM, which runs on the remote computer attempting to remotely manage the WinRM server. However, I should note that BOTH computers must have WinRM installed and enabled on them for WinRS to work and retrieve information from the remote system.

WinRM is based on the Web Services for Management (WS-Management) standards. What that means is that WinRM uses the HTTP protocol (port 80) and SOAP requests to do its job. The good thing about that is that HTTP request are easy to send and receive through a firewall. And, consequently, the good and bad of that is that it will make it easier to remotely manage someone else’s Windows PC over the Internet OR it makes it easier for a malicious attacker to remotely attack Windows PCs over the Internet. The other benefit to WinRM using HTTP is that no additional ports would have to be opened up on server & client firewalls if HTTP inbound was already permitted.

Popularity: 2% [?]

Open Source Terminal Software »

I have written on Open Source Telnet, SSH and RDP software before. Here is another open source terminal software.

Realterm is a terminal program specially designed for capturing, controlling and debugging binary and other difficult data streams. It is far better for debugging comms than Hyperterminal. It has no support for dialing modems, BBS etc – that is what hyperterminal does.



  • Text or Binary views of data
  • binary viewed as hex, 8 bit, 16 bit, little/big endian, signed, unsigned, special fonts
  • colorised: rx and tx data are different colors
  • ansi terminal or plain text or binary modes
  • protocol analyser / "port spying" mode
  • fixed frame sizes/line lengths
    sync patterns with masks and xors
  • data inversion
  • full remote control through active X/ Windows Scripting
    extensive command-line control
  • can be used for serial I/O component of other programs via activeX. Full support for minimize,hide,iconize, tooltray
  • special ascii+hex font to see hidden control chars
  • capture to file, settable capture size or capture duration
  • timestamping capture files for simple data logging
  • view and change control lines (cts,rts, dcd etc)
  • easy to send binary sequences
  • serial (comports) or telnet via tcp
  • arbitary baud rates
  • reset / power buttons for Pic Programmer
  • hideable to run in invisible or on tool-tray
  • can dump files to serial port
  • Drives I2C and SPI chips via BL233

Popularity: 2% [?]

Open Source SOAP Monitor and HTTP Proxy »

Membrane SOAP Monitor is an open source tool to capture, display and manipulate SOAP and HTTP messages. The monitor can work as HTTP proxy or as forwarding HTTP proxy.


Popularity: 2% [?]

Open Source Personal Finance Software »

Buddi is a personal finance and budgeting program, aimed at those who have little or no financial background.


Popularity: 2% [?]

Open Source Java Server Centric AJAX Framework »

 ItsNat is an innovative open source (dual licensed, GNU Affero General Public License v3/commercial license for closed source projects) Java AJAX Component based Web Framework. It offers a natural approach to the modern web development. Why natural? ItsNat leverages the old tools to build the new AJAX based Web 2.0 applications: pure (X)HTML templates, pure Java W3C DOM!. ItsNat is server centric using a unique approach called TBITS, "The Browser Is The Server": ItsNat simulates a Universal W3C Java Browser at the server, with ItsNat the server mimics the behavior of a web browser, containing a W3C DOM Level 2 node tree and receiving W3C DOM Events. ItsNat is strongly committed with the Single Page Interface web paradigm. 

ItsNat provides many more things: web-continuations (continue events), user defined events, timers, asynchronous long running server tasks, COMET, DOM utils (to simplify DOM manipulation), resolution of ${} based variables in markup, ElementCSSInlineStyle support in the server, automatic page remote/view control of other users/sessions!!, XML generation, non-HTML namepaces support like pure SVG with AJAX and SVG embedded in XHTML, JavaScript generation utilities, events fired by the server sent to the client (server-sent events) simulating user actions (for instance to test the view using the server), custom pretty URLs, previous/forward document navigation (pull and push referrers) with back/forward button support, degraded modes (AJAX disabled and JavaScript disabled modes) etc.

ItsNat provides a web based Component System too. These components are AJAX based from the scratch inspired in Swing and reusing Swing as far as possible such as data and selection models (but is not a forced Swing clone in web). Components included: several button types, text based components, labels, lists, tables, trees (all of them with content editable "in place")… In ItsNat every DOM element or element group can be a component.

Supported desktop browsers: Internet Explorer 6+ (inc. v8), FireFox 1+, Safari 3+, Opera 9+, Google Chrome, QtWebKit and QtJambi (Qt 4.4), Arora (QtWebKit based)

Supported mobile browsers: Opera Mini 4.x, Opera Mobile 8.6x (including 9.5), NetFront 3.4+, Minimo 0.2, Pocket IE of Windows Mobile 6 & 6.1, IE Mobile 6 (WM 6.1.4 or "6 on 6"), iPhone/iPod Touch, Android, S60WebKit (since S60 3rd), S40WebKit (since S40 6th), BlackBerry JDE 4.6+ (Bold, Storm etc), Iris 1.0.8+, QtWebKit of Qt Embedded for Linux and Windows CE (Qt 4.4), SkyFire 0.9 and Fennec 1.0a1 (FireFox Mobile).

Popularity: 2% [?]

Open Source Alternative for Microsoft Project »

OpenProj is a free, open source project management solution. OpenProj is a replacement of Microsoft Project and other commercial project solutions.


Popularity: 2% [?]

Facebook SDK from Microsoft »

The Facebook toolkit is provided as a Facebook Client Library similar to Facebook’s PHP Client Library or Facebook’s JavaScript library. The goal is to enable .NET developers to quickly and easily leverage the various features of the Facebook Platform. This toolkit has evolved over time with input from the community and from Microsoft. The latest release (v3.0) includes new architectural improvements and provides an asynchronous interface for using the toolkit from Silverlight and from WPF.

The main entry point is the API (Facebook.Rest.Api) class in the Facebook.dll assembly. This class wraps the Facebook REST API and provides an easy to use interface for calling the different methods currently available in the Facebook API. We’ve also provided samples and tools for helping develop Facebook applications in the various .NET platforms including: ASP.NET, Silverlight, WPF and WinForms. Additionally, we’ve provided all the source code for the API, components, controls, and samples for you to explore.

The toolkit is comprised of the following core assemblies:

  • Facebook.dll: This is the main assembly that will be used by all applications. This has all the logic to handle communication with the Facebook application. This assembly also has specific support of XAML applications (Silverlight and WPF) to enhance the Facebook platform to make databinding and data caching easier.
  • Facebook.Silverlight.dll: This is the Silverlight version of the main assembly that will be used by all Silverlight applications. This has all the logic to handle communication with the Facebook application. This assembly also has specific support of XAML applications to enhance the Facebook platform to make databinding and data caching easier. The REST API in this assembly is Asynchronous only.
  • Facebook.Web.dll: This assembly should be used by Canvas applications. The main functionality supported in this assembly is to encapsulate the handshake between the Facebook application and a canvas application (both FBML and IFrame)
  • Facebook.Web.Mvc.dll: Provide a support building canvas applications using ASP.NET MVC. Separated from Facebook.Web.dll to avoid all developers from needing to install the MVC bits.
  • Facebook.Winforms.dll: This assembly provides support for writing Facebook applications using Winform technology. This provides a Component that wraps the API to make it easier to use from Winforms. This also contains some user controls to help display Facebook data easily.

Popularity: 2% [?]

SQL Injection Tool »

SQL Power Injector is an application created in .Net 1.1 that helps the penetration tester to find and exploit SQL injections on a web page.

For now it is SQL Server, Oracle, MySQL, Sybase/Adaptive Server and DB2 compliant, but it is possible to use it with any existing DBMS when using the inline injection (Normal mode). Indeed, the normal mode is basically the SQL command that someone will put in the parameter sent to the server.



  • Supported on Windows, Unix and Linux operating systems
  • SQL Server, Oracle, MySQL, Sybase/Adaptive Server and DB2 compliant
  • SSL support
  • Load automatically the parameters from a form or a IFrame on a web page (GET or POST)
  • Detect and browse the framesets
  • Option that auto detects the language of the web site
  • Detect and add cookies used during the Load Page process (Set-Cookie detection)
  • Find automatically the submit page(s) with its method (GET or POST) displayed in a different color
  • Can create/modify/delete loaded string and cookies parameters directly in the Datagrids
  • Single SQL injection
  • Blind SQL injection
    • Comparison of true and false response of the page or results in the cookie
    • Time delay
  • Response of the SQL injection in a customized browser
  • Can view the HTML code source of the returned page in HTML contextual colors and search in it
  • Fine tuning parameters and cookies injection
  • Can parameterize the size of the length and count of the expected result to optimize the time taken by the application to execute the SQL injection
  • Create/edit ASCII characters preset in order to optimize the blind SQL injection number of requests/speed
  • Multithreading (configurable up to 50)
  • Option to replace space by empty comments /**/ against IDS or filter detection
  • Automatically encode special characters before sending them
  • Automatically detect predefined SQL errors in the response page
  • Automatically detect a predefined word or sentence in the response page
  • Real time result
  • Save and load sessions in a XML file
  • Feature that automatically finds the differences between the response page of a positive answer with a negative one
  • Can create a range list that will replace the variable (<<@>>) inside a blind SQL injection string and automatically play them for you
  • Automatic replaying a variable range with a predefined list from a text file
  • Firefox plugin that will launch SQL Power Injector with all the information of the current webpage with its session context (parameters and cookies)
  • Two integrated tools: Hex and Char encoder and MS SQL @options interpreter
  • Can edit the Referer
  • Can choose a User-Agent (or even create one in the User-Agent XML file)
  • Can configure the application with the settings window
  • Support configurable proxies

Popularity: 3% [?]

WEP Attack »

WepAttack is a WLAN open source Linux tool for breaking 802.11 WEP keys. This tool is based on an active dictionary attack that tests millions of words to find the right key. Only one packet is required to start an attack.

The  requirements:

The network data has been captured by a WLAN card in monitor mode. A network sniffer captures the data to a dumpfile. The use of a Lucent Orinoco Gold Card in combination with Kismet seems to work without any problems.

A working WLAN card is required to work with WepAttack.

WepAttack accepts every dumpfile of pcap structure. Every Tool that can handle dumpfiles in pcap format, as Kismet, Tcpdump or Ethereal does, can be used for sniffing data. Kismet is highly recommended because it offers lots of convenience.

Popularity: 2% [?]

Open Source Wireless Network Sniffer and IDS »

Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, and 802.11g traffic.

Kismet identifies networks by passively collecting packets and detecting standard named networks, detecting (and given time, decloaking) hidden networks, and infering the presence of nonbeaconing networks via data traffic.

Kismet also sports a plugin architecture allowing for additional
non-802.11 protocols to be decoded.

Popularity: 2% [?]

Open Source IDE for C++ »

UDev is an Integrated development environment for C++. Its main asset is its exclusive package system which allows to create projects using libraries or SDK in a simple and efficient way. It has also a form editor to make the design of your applications a painless task. The priority goes to ease-of-use for efficient and quick programming with advanced compilers support, automatic project creation, etc.

Either you want to program console or windowed applications, precise code control remains. The code execution speed level only depends on the used compiler : all requirements can be achieved, including office applications, advanced 3D video games and plugins development (DLL), your creativity is your only limit…


RAD C++ Studio is a Visual IDE like VB/VC/Kylix/Borland CB. A truely Rapid Application Development tool. Also generates source for WIN32 API, Dev C++ Project, and best for exporting resource .rc files.



Dev-C++ is an full-featured Integrated Development Environment (IDE) for Win32. It uses GCC, Mingw or Cygwin as compiler and libraries set.

Popularity: 2% [?]

Open Source RAD Tool for Database Application »

The aim of dataweb project is to create a rapid development tool for applications oriented to the manipulations of database. The applications created with this tool are immediately usable in net. The main features of dataweb are:

Architecture Client/Server

Dataweb Project is composed of a Server part that manages the access to the data store and a client application that acts as a user interface. The two components comunicate over the tcp-ip protocol with the possiblity to encrypt the comunication.


Both Server and Client can run con all java runtime compatible operating systems:

  • Linux
  • Windows
  • Apple
  • Solaris

Thanks to an interface implementation Dataweb Project suppots a number of databases. Currently it can use the following database engines:

  • PostgreSQL
  • Hsqldb

Dataweb Project is a multiuser environment with the following capabilities:

  • Possibility  to set various object permissions (tables,views,masks,prints,etc..).
  • User operation logging.
  • Record concurrency management.

Dataweb Project is a multilingual platform and offers the users the possiblity to set the language they wish to use through out their interaction with the system.

Reduced size client, auto-installing and auto-updating.

The client is very small in size (roughly 900 kb), it is installable via browser, once downloaded it also verifies if the java runtime is available else it proposes it’s installation. Client updating is automatic from the moment that you connect to the server. Once the connection is established the client checks its version with the one on the server so it is also up to date.

Application management in packages

Dataweb Project groups all the objects (Tables, Views, Forms, Reports, etc..) required by a specific application into a package, there for there will be as many packages as applications.

Remote development, administration and usage of the packages

By installing the client it is possible to reach and server local or remote by specifying a name or ip. From this point on with the right permissions you are able to develope packages (create Tables, Views, Forms, Reports, etc…), administer the server (Users, Services, etc…) or use the created application.

Package version management

When a change is made to a package Dataweb Project automatically creates a script to manage the update assigning a version. This way al clients will be updated on the next connection

Installation management and package update

Dataweb Project generates installation/update packages in a file. To install the file you need to connect to the server you wish to update in administrator mode and choose the installation procedure which will install the package or update it if it already exists.

Integration with third party modules

Dataweb Project is a data-store oriented application, but thanks to the possiblity to add third party modules (jar) it is possible to manage practically any applciation.

Creation and use of webservices

Webservices are the best way to allow the comnunication of two processes in complete transparency.

With Dataweb Project we havethe possbility to create functions that can be invoked by any programming language that supports SOAP protocol (.net, php, java, etc..).
Viceversa it is also possible to call other webservices from Dataweb Project.

Popularity: 2% [?]

Good Read: SOA Best Practices »

Service-Oriented Architecture (SOA) is creating a lot of buzz across the IT industry. Propelled by standards-based technologies like XML, Web Services, and SOAP, SOA is quickly moving from pilot projects to mainstream applications critical to business operations.

One of the key standard accelerating the adoption of SOA is Business Process Execution Language (BPEL) for Web Services. BPEL enables organizations to automate their business processes by orchestrating services. It forces organizations to think in terms of services: Existing functionality is exposed as services. New applications are composed using services. Services are reused across different applications. Services everywhere!

In this cookbook, 10 SOA practitioners share their SOA best practices and provide practical viewpoint to tackle many of the common problems SOA promises to solve. It’s organized into three sections: "Service Oriented Integration," "Building Modern Applications," and "SOA Techniques." Sections 1 and 2 will "inspire" you to take the plunge into the world of services and test-drive SOA yourself; Section 3 will "equip" you with best-practice techniques for building a better SOA application.

The cookbook is available here.

Popularity: 2% [?]

Open Source Python IDE »

Boa Constructor is a cross platform Python IDE and wxPython GUI Builder. It offers visual frame creation and manipulation, an object inspector, many views on the source like object browsers, inheritance hierarchies, doc string generated html documentation, an advanced debugger and integrated help.


Zope support: Object creation and editing. Cut, copy, paste, import and export. Property creation and editing in the Inspector and Python Script debugging.

It is written in Python and uses the wxPython library which wraps wxWindows.

Popularity: 2% [?]

Project Lombok »

This is an interesting project – Project Lombok

@Getter / @Setter

Never write public int getFoo() {return foo;} again.
No need to start a debugger to see your fields: Just let lombok generate a toString for you!
Equality made easy: Generates hashCode and equals implementations from the fields of your object.
All together now: A shortcut for @ToString, @EqualsAndHashCode, @Getter on all fields, and @Setter on all non-final fields. You even get a free constructor to initialize your final fields!
Automatic resource management: Call your close() methods safely with no hassle.
synchronized done right: Don’t expose your locks.
To boldly throw checked exceptions where no one has thrown them before!

Popularity: 1% [?]

PHP for Applications »

P4A (PHP For Applications) is a PHP5 RAD and object oriented PHP framework for building event-driven stateful web applications. It is based on Zend Framework and features tableless HTML, multiple databases, accesskey support, auto data type recognition, transparent AJAX, UTF-8, i18n/l10n.

P4A is empowered by Zend Framework, jQuery, jQuery UI and FCKEditor and is:

  • 100% PHP5
  • Compatible with PHP 5.2.x, Apache 1.3.x/2.0.x and Microsoft IIS 6.0 web servers on Linux/Unix/Windows operating systems
  • Completely object oriented and event based programming
  • Based on Zend Framework 1.5 (using Zend_Date, Zend_Db, Zend_Locale, Zend_Validate, Zend_Translate)
  • Stateful as a classical client application
  • Easy access to all major database engines (MySQL, PostgreSQL, Oracle, SQLite) through Zend_DB, with automatic data input mask generation
  • Multiple database connections at the same time
  • Automatic database data type recognition and consequent functionalities for automatic formatting and normalizing (integers, decimals, floats, date and time formats, booleans) coherent with the national locale settings
  • Many user interface elements (Widgets) such as single line or multiple lines text fields with advanced rich WYSIWYG text editing support, checkboxes, single/multiple selection fields, tables, buttons, tree navigators, toolbars, fieldsets etc…
  • WYSIWYG advanced editor (FCKEditor) with file upload
  • Transparent AJAX support (forget about javascript programming, everything is AJAX based in P4A but you can completely disable ajax with a single line of code, redesign one or more or every widgets on the screen after every AJAX call only using PHP instructions)
  • methods calls chainability
  • 440 locales supported (numeric and date formats) thanks to the ZF implementation of the Unicode’s CLDR
  • More than 40 translations bundled
  • Completely UTF-8
  • Hyper customizable with color schemas, icons packs, additional CSS

Popularity: 1% [?]

Alternative for HSQLDB and Derby »

H2 is another Java SQL database that you can use other than HSQLDB or Derby. The main features of H2 are:

  • Very fast, open source, JDBC API
  • Embedded and server modes; in-memory databases
  • Browser based Console application
  • Small footprint: around 1 MB jar file size

Main Features

  • Very fast database engine
  • Open source
  • Written in Java
  • Supports standard SQL, JDBC API
  • Embedded and Server mode, Clustering support
  • Strong security features
  • The PostgreSQL ODBC driver can be used
  • Multi version concurrency
Additional Features
  • Disk based or in-memory databases and tables, read-only database support, temporary tables
  • Transaction support (read committed and serializable transaction isolation), 2-phase-commit
  • Multiple connections, table level locking
  • Cost based optimizer, using a genetic algorithm for complex queries, zero-administration
  • Scrollable and updatable result set support, large result set, external result sorting, functions can return a result set
  • Encrypted database (AES or XTEA), SHA-256 password encryption, encryption functions, SSL
SQL Support
  • Support for multiple schemas, information schema
  • Referential integrity / foreign key constraints with cascade, check constraints
  • Inner and outer joins, subqueries, read only views and inline views
  • Triggers and Java functions / stored procedures
  • Many built-in functions, including XML and lossless data compression
  • Wide range of data types including large objects (BLOB/CLOB) and arrays
  • Sequence and autoincrement columns, computed columns (can be used for function based indexes)
  • Collation support, users, roles
  • Compatibility modes for IBM DB2, Apache Derby, HSQLDB, MS SQL Server, MySQL, Oracle, and PostgreSQL.
Security Features
  • Includes a solution for the SQL injection problem
  • User password authentication uses SHA-256 and salt
  • For server mode connections, user passwords are never transmitted in plain text over the network (even when using insecure connections; this only applies to the TCP server and not to the H2 Console however; it also doesn’t apply if you set the password in the database URL)
  • All database files (including script files that can be used to backup data) can be encrypted using AES-256 and XTEA encryption algorithms
  • The remote JDBC driver supports TCP/IP connections over SSL/TLS
  • The built-in web server supports connections over SSL/TLS
  • Passwords can be sent to the database using char arrays instead of Strings
Other Features and Tools
  • Small footprint (smaller than 1 MB), low memory requirements
  • Multiple index types (b-tree, tree, hash)
  • Support for multi-dimensional indexes
  • CSV (comma separated values) file support
  • Support for linked tables, and a built-in virtual ‘range’ table
  • EXPLAIN PLAN support, sophisticated trace options
  • Database closing can be delayed or disabled to improve the performance
  • Web-based Console application (translated to many languages) with autocomplete
  • The database can generate SQL script files
  • Contains a recovery tool that can dump the contents of the database
  • Support for variables (for example to calculate running totals)
  • Automatic re-compilation of prepared statements
  • Uses a small number of database files
  • Uses a checksum for each record and log entry for data integrity
  • Well tested (high code coverage, randomized stress tests)

Popularity: 1% [?]

Good Reading: BigTable – Distribute Storage System »

Bigtable is a distributed storage system for managing structured data that is designed to scale to a very large size: petabytes of data across thousands of commodity servers. Many projects at Google store data in Bigtable, including web indexing, Google Earth, and Google Finance. These applications place very different demands on Bigtable, both in terms of data size (from URLs to web pages to satellite imagery) and latency requirements (from backend bulk processing to real-time data serving). Despite these varied demands, Bigtable has successfully provided a flexible, high-performance solution for all of these Google products. In this paper we describe the simple data model provided by Bigtable, which gives clients dynamic control over data layout and format, and we describe the design and implementation of Bigtable.

Popularity: 1% [?]

Open Source Java SSHD »

Apache SSHD is a 100% pure java library to support the SSH protocols on both the client and server side.

This library is based on Apache MINA, a scalable and high performance asynchronous IO library.

SSHD does not really aim at being a replacement for the SSH client or SSH server from Unix operating systems, but rather provides support for Java based applications requiring SSH support.

Popularity: 1% [?]

Open Source Git Based Code Review Tool »

Gerrit is a web based code review system, facilitating online code reviews for projects using the Git version control system.

Gerrit makes reviews easier by showing changes in a side-by-side display, and allowing inline comments to be added by any reviewer.

Gerrit simplifies Git based project maintainership by permitting any authorized user to submit changes to the master Git repository, rather than requiring all approved changes to be merged in by hand by the project maintainer. This functionality enables a more centralized usage of Git.

Popularity: 1% [?]