PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-31 20:09:03 +00:00
Code Issues Projects Releases Wiki Activity

Taking some goodies from Pull request #284

Browse Source
This commit is contained in:
Miroslav Stampar
2012-12-06 10:21:53 +01:00
parent 6b39e661a7
commit 0f191f624c
18 changed files with 49 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
lib/core/xmldump.py
View File

@@ -32,7 +32,7 @@ DB_TABLE_ELEM_NAME = "DBTable"
IS_DBA_ELEM_NAME = "isDBA"
FILE_CONTENT_ELEM_NAME = "FileContent"
DB_ATTR = "db"
UNKNOWN_COLUMN_TYPE= "unknown"
UNKNOWN_COLUMN_TYPE = "unknown"
USER_SETTINGS_ELEM_NAME = "UserSettings"
USER_SETTING_ELEM_NAME = "UserSetting"
USERS_ELEM_NAME = "Users"
@@ -72,7 +72,7 @@ XMLNS_ATTR = "xmlns:xsi"
SCHEME_NAME = "sqlmap.xsd"
SCHEME_NAME_ATTR = "xsi:noNamespaceSchemaLocation"
CHARACTERS_TO_ENCODE = range(32) + range(127, 256)
ENTITIES = {'"':'"',"'":"'"}
ENTITIES = {'"': '"', "'": "'"}
class XMLDump:
'''
@@ -86,7 +86,7 @@ class XMLDump:
self.__root = None
self.__doc = Document()
def __addToRoot(self,element):
def __addToRoot(self, element):
'''
Adds element to the root element
'''
@@ -105,36 +105,36 @@ class XMLDump:
kb.dataOutputFlag = True
def __getRootChild(self,elemName):
def __getRootChild(self, elemName):
'''
Returns the child of the root with the described name
'''
elements = self.__root.getElementsByTagName(elemName)
if elements :
if elements:
return elements[0]
return elements
def __createTextNode(self,data):
def __createTextNode(self, data):
'''
Creates a text node with utf8 data inside.
The text is escaped to an fit the xml text Format.
'''
if data is None :
if data is None:
return self.__doc.createTextNode(u'')
else :
else:
escaped_data = saxutils.escape(data, ENTITIES)
return self.__doc.createTextNode(escaped_data)
def __createAttribute(self,attrName,attrValue):
def __createAttribute(self, attrName, attrValue):
'''
Creates an attribute node with utf8 data inside.
The text is escaped to an fit the xml text Format.
'''
attr = self.__doc.createAttribute(attrName)
if attrValue is None :
if attrValue is None:
attr.nodeValue = u''
else :
else:
attr.nodeValue = getUnicode(attrValue)
return attr
@@ -153,7 +153,7 @@ class XMLDump:
if data:
data = self.__formatString(data)
else :
else:
data = ""
elem = self.__doc.createElement(MESSAGE_ELEM)
@@ -168,7 +168,6 @@ class XMLDump:
lstElem = self.__doc.createElement(LST_ELEM_NAME)
lstElem.setAttributeNode(self.__createAttribute(TYPE_ATTR, header))
if elements:
if sort:
try:
elements = set(elements)
@@ -185,7 +184,7 @@ class XMLDump:
memberElem.appendChild(self.__createTextNode(element))
elif isinstance(element, (list, tuple, set)):
memberElem.setAttributeNode(self.__createAttribute(TYPE_ATTR, "list"))
for e in element :
for e in element:
memberElemStr = self.__doc.createElement(MEMBER_ELEM)
memberElemStr.setAttributeNode(self.__createAttribute(TYPE_ATTR, "string"))
memberElemStr.appendChild(self.__createTextNode(getUnicode(e)))
@@ -196,7 +195,7 @@ class XMLDump:
self.__addToRoot(listsElem)
listsElem.appendChild(lstElem)
def technic(self,technicType,data):
def technic(self, technicType, data):
'''
Adds information about the technic used to extract data from the db
'''
@@ -210,7 +209,7 @@ class XMLDump:
self.__addToRoot(technicsElem)
technicsElem.appendChild(technicElem)
def banner(self,data):
def banner(self, data):
'''
Adds information about the database banner to the xml.
The banner contains information about the type and the version of the database.
@@ -219,7 +218,7 @@ class XMLDump:
bannerElem.appendChild(self.__createTextNode(data))
self.__addToRoot(bannerElem)
def currentUser(self,data):
def currentUser(self, data):
'''
Adds information about the current database user to the xml
'''
@@ -228,7 +227,7 @@ class XMLDump:
currentUserElem.appendChild(textNode)
self.__addToRoot(currentUserElem)
def currentDb(self,data):
def currentDb(self, data):
'''
Adds information about the current database is use to the xml
'''
@@ -237,7 +236,7 @@ class XMLDump:
currentDBElem.appendChild(textNode)
self.__addToRoot(currentDBElem)
def dba(self,isDBA):
def dba(self, isDBA):
'''
Adds information to the xml that indicates whether the user has DBA privileges
'''
@@ -245,7 +244,7 @@ class XMLDump:
isDBAElem.setAttributeNode(self.__createAttribute(VALUE_ATTR, getUnicode(isDBA)))
self.__addToRoot(isDBAElem)
def users(self,users):
def users(self, users):
'''
Adds a list of the existing users to the xml
'''
@@ -325,7 +324,7 @@ class XMLDump:
for db, tables in dbTables.items():
tables.sort(key=lambda x: x.lower())
dbElem = self.__doc.createElement(DATABASE_ELEM_NAME)
dbElem.setAttributeNode(self.__createAttribute(NAME_ATTR,db))
dbElem.setAttributeNode(self.__createAttribute(NAME_ATTR, db))
dbTablesElem.appendChild(dbElem)
for table in tables:
tableElem = self.__doc.createElement(DB_TABLE_ELEM_NAME)
@@ -361,7 +360,7 @@ class XMLDump:
colElem = self.__doc.createElement(COLUMN_ELEM_NAME)
if colType is not None:
colElem.setAttributeNode(self.__createAttribute(TYPE_ATTR, colType))
else :
else:
colElem.setAttributeNode(self.__createAttribute(TYPE_ATTR, UNKNOWN_COLUMN_TYPE))
colElem.appendChild(self.__createTextNode(column))
tableElem.appendChild(colElem)
@@ -426,16 +425,16 @@ class XMLDump:
if tbl in printDbs[db]:
printDbs[db][tbl][col] = dataType
else:
printDbs[db][tbl] = { col: dataType }
printDbs[db][tbl] = {col: dataType}
else:
printDbs[db] = {}
printDbs[db][tbl] = { col: dataType }
printDbs[db][tbl] = {col: dataType}
continue
self.dbTableColumns(printDbs)
def query(self,query,queryRes):
def query(self, query, queryRes):
'''
Adds details of an executed query to the xml.
The query details are the query itself and it's results.
@@ -449,7 +448,7 @@ class XMLDump:
self.__addToRoot(queriesElem)
queriesElem.appendChild(queryElem)
def registerValue(self,registerData):
def registerValue(self, registerData):
'''
Adds information about an extracted registry key to the xml
'''
@@ -474,8 +473,8 @@ class XMLDump:
'''
Initiates the xml file from the configuration.
'''
if (conf.xmlFile) :
try :
if (conf.xmlFile):
try:
self.__outputFile = conf.xmlFile
self.__root = None
@@ -490,8 +489,8 @@ class XMLDump:
if self.__root is None:
self.__root = self.__doc.createElementNS(NAME_SPACE_ATTR, RESULTS_ELEM_NAME)
self.__root.setAttributeNode(self.__createAttribute(XMLNS_ATTR,NAME_SPACE_ATTR))
self.__root.setAttributeNode(self.__createAttribute(SCHEME_NAME_ATTR,SCHEME_NAME))
self.__root.setAttributeNode(self.__createAttribute(XMLNS_ATTR, NAME_SPACE_ATTR))
self.__root.setAttributeNode(self.__createAttribute(SCHEME_NAME_ATTR, SCHEME_NAME))
self.__doc.appendChild(self.__root)
except IOError:
raise sqlmapFilePathException("Wrong filename provided for saving the xml file: %s" % conf.xmlFile)
@@ -508,7 +507,7 @@ class XMLDump:
'''
if ((self.__outputFP is not None) and not(self.__outputFP.closed)):
statusElem = self.__doc.createElement(STATUS_ELEM_NAME)
statusElem.setAttributeNode(self.__createAttribute(SUCESS_ATTR,getUnicode(resultStatus)))
statusElem.setAttributeNode(self.__createAttribute(SUCESS_ATTR, getUnicode(resultStatus)))
if not resultStatus:
errorElem = self.__doc.createElement(ERROR_ELEM_NAME)
@@ -525,6 +524,7 @@ class XMLDump:
self.__write(prettyprint.formatXML(self.__doc, encoding=UNICODE_ENCODING))
self.__outputFP.close()
def closeDumper(status, msg=""):
"""
Closes the dumper of the session

2
lib/request/rangehandler.py
View File

@@ -18,7 +18,7 @@ class HTTPRangeHandler(urllib2.BaseHandler):
This was extremely simple. The Range header is a HTTP feature to
begin with so all this class does is tell urllib2 that the
"206 Partial Content" reponse from the HTTP server is what we
"206 Partial Content" response from the HTTP server is what we
expected.
Example:

8
lib/utils/deps.py
View File

@@ -39,7 +39,7 @@ def checkDependencies():
import pyodbc
elif dbmsName == DBMS.FIREBIRD:
import kinterbasdb
except ImportError, _:
except ImportError:
warnMsg = "sqlmap requires '%s' third-party library " % data[1]
warnMsg += "in order to directly connect to the database "
warnMsg += "%s. Download from %s" % (dbmsName, data[2])
@@ -55,7 +55,7 @@ def checkDependencies():
import impacket
debugMsg = "'python-impacket' third-party library is found"
logger.debug(debugMsg)
except ImportError, _:
except ImportError:
warnMsg = "sqlmap requires 'python-impacket' third-party library for "
warnMsg += "out-of-band takeover feature. Download from "
warnMsg += "http://code.google.com/p/impacket/"
@@ -66,7 +66,7 @@ def checkDependencies():
import ntlm
debugMsg = "'python-ntlm' third-party library is found"
logger.debug(debugMsg)
except ImportError, _:
except ImportError:
warnMsg = "sqlmap requires 'python-ntlm' third-party library for "
warnMsg += "if you plan to attack a web application behind NTLM "
warnMsg += "authentication. Download from http://code.google.com/p/python-ntlm/"
@@ -78,7 +78,7 @@ def checkDependencies():
import pyreadline
debugMsg = "'python-pyreadline' third-party library is found"
logger.debug(debugMsg)
except ImportError, _:
except ImportError:
warnMsg = "sqlmap requires 'pyreadline' third-party library to "
warnMsg += "be able to take advantage of the sqlmap TAB "
warnMsg += "completion and history support features in the SQL "

2
lib/utils/hash.py
View File

@@ -7,7 +7,7 @@ See the file 'doc/COPYING' for copying permission
try:
from crypt import crypt
except ImportError, _:
except ImportError:
from thirdparty.fcrypt.fcrypt import crypt
_multiprocessing = None