First off, thank you for considering contributing to this project! This is a security research tool, and we welcome contributions that improve its functionality, documentation, or educational value.
- Code of Conduct
- How Can I Contribute?
- Development Setup
- Coding Standards
- Commit Guidelines
- Pull Request Process
This project is dedicated to ethical security research and education. By contributing, you agree to:
- ✅ Use this tool only for legal and authorized purposes
- ✅ Respect responsible disclosure practices
- ✅ Help improve security education
- ✅ Be respectful and professional
- ❌ Never promote or facilitate illegal activities
- ❌ Never use this for unauthorized access
- ❌ Never share exploitation techniques for malicious purposes
If you find a bug, please create an issue with:
- Clear title: "Bug: [Brief description]"
- Environment details:
- Python version
- OS (Windows/Linux/Mac)
- Dependencies versions
- Steps to reproduce
- Expected behavior
- Actual behavior
- Error messages (if any)
- Screenshots (if applicable)
Example:
### Bug: CSRF token extraction fails on custom domains
**Environment:**
- Python 3.9.5
- Windows 10
- requests 2.31.0
**Steps to reproduce:**
1. Run: `python invision-sqli-exploit.py -u http://custom-domain.local/forum/`
2. Script attempts to extract CSRF token
3. Error occurs
**Expected:** CSRF token extracted successfully
**Actual:** "CSRF token not found in response!"
**Error message:**
[Paste full error here]We welcome suggestions for:
- New features: Additional exploitation techniques, output formats, etc.
- Improvements: Better error handling, performance optimizations
- Documentation: Clearer explanations, more examples
- Testing: Additional test cases, validation methods
Create an issue with:
- Clear title: "Enhancement: [Brief description]"
- Use case: Why is this useful?
- Proposed solution: How would it work?
- Alternatives considered: Other approaches?
Documentation improvements are always welcome:
- Fix typos or clarify confusing sections
- Add more usage examples
- Translate documentation to other languages
- Create video tutorials or blog posts
We accept pull requests for:
- Bug fixes
- New features (discuss in an issue first)
- Performance improvements
- Code refactoring
- Test coverage improvements
# Fork the repository on GitHub, then:
git clone https://github.com/YOUR-USERNAME/invision-sqli-exploit.git
cd invision-sqli-exploit# Windows
python -m venv venv
.\venv\Scripts\activate
# Linux/Mac
python3 -m venv venv
source venv/bin/activatepip install -r requirements.txt
# Install development dependencies
pip install black flake8 pylint pytestgit checkout -b feature/your-feature-name
# or
git checkout -b bugfix/issue-number-descriptionWe follow PEP 8 with some modifications:
- Line length: Maximum 100 characters (not 79)
- Indentation: 4 spaces (no tabs)
- Quotes: Double quotes for strings, single quotes for dict keys
- Docstrings: Google style
Use black for automatic formatting:
black invision-sqli-exploit.pyRun linters before committing:
# Flake8 - Style checker
flake8 invision-sqli-exploit.py --max-line-length=100
# Pylint - Code analyzer
pylint invision-sqli-exploit.pyUse Google-style docstrings:
def example_function(param1, param2):
"""
Brief description of function.
Longer description if needed, explaining what the function does,
its purpose, and any important details.
Args:
param1 (str): Description of param1
param2 (int): Description of param2
Returns:
bool: Description of return value
Raises:
ValueError: When param1 is invalid
Example:
>>> result = example_function("test", 42)
>>> print(result)
True
"""
# Implementation here
pass- Write self-documenting code when possible
- Use comments for complex logic or non-obvious decisions
- Avoid redundant comments that just repeat the code
Good:
# Binary search requires testing values in descending bit order
for i in range(7, -1, -1):
test = min_val ? test - pow(2, i) : test + pow(2, i)Bad:
# Loop through range
for i in range(7, -1, -1): # This loops from 7 to 0Always use specific exception types:
# Good
try:
response = self.session.get(url)
response.raise_for_status()
except requests.exceptions.HTTPError as e:
self.log_error(f"HTTP error: {e}")
except requests.exceptions.ConnectionError as e:
self.log_error(f"Connection error: {e}")
# Bad
try:
response = self.session.get(url)
except:
print("Error!")When contributing code:
- Never hardcode credentials or sensitive data
- Validate all user inputs to prevent injection
- Use secure defaults (e.g., HTTPS over HTTP when possible)
- Avoid unnecessary privileges in code execution
- Document security implications of new features
<type>(<scope>): <subject>
<body>
<footer>
- feat: New feature
- fix: Bug fix
- docs: Documentation changes
- style: Code style changes (formatting, no logic change)
- refactor: Code refactoring (no feature change)
- perf: Performance improvements
- test: Adding or updating tests
- chore: Maintenance tasks
# Feature
git commit -m "feat(extraction): Add support for custom SQL queries"
# Bug fix
git commit -m "fix(csrf): Handle CSRF token in different HTML formats"
# Documentation
git commit -m "docs(readme): Add troubleshooting section for SSL errors"
# Refactoring
git commit -m "refactor(sqli): Optimize binary search algorithm"✅ Good:
feat(proxy): Add SOCKS proxy support
- Added proxy configuration in session setup
- Updated documentation with proxy examples
- Added error handling for proxy connection failures
Closes #42
❌ Bad:
fixed stuff
- Test your changes thoroughly
- Update documentation if needed
- Add/update tests if applicable
- Run linters and fix any issues
- Update CHANGELOG.md with your changes
- [ ] Code follows project style guidelines
- [ ] Code has been tested and works as expected
- [ ] Documentation has been updated
- [ ] Commit messages follow guidelines
- [ ] No merge conflicts with main branch
- [ ] All tests pass (if applicable)When creating a PR, include:
## Description
Brief description of changes
## Type of Change
- [ ] Bug fix
- [ ] New feature
- [ ] Documentation update
- [ ] Code refactoring
- [ ] Performance improvement
## Testing
How was this tested?
## Checklist
- [ ] Code follows style guidelines
- [ ] Self-review completed
- [ ] Documentation updated
- [ ] No new warnings generated
## Related Issues
Closes #(issue number)- Automated checks will run on your PR
- Maintainers will review your code
- Feedback will be provided if changes needed
- Approval and merge once everything looks good
- Delete your feature branch
- Pull the latest main branch
- Celebrate! 🎉
If you have questions about contributing:
- Check existing issues and PRs
- Read the documentation thoroughly
- Create a new issue with your question
Contributors will be:
- Listed in CONTRIBUTORS.md
- Mentioned in release notes
- Given credit in documentation
Thank you for helping make security research more accessible and educational! 🛡️
Remember: All contributions must comply with ethical hacking principles and responsible disclosure practices.