Major enhancement to directly connect to the dbms without passing via a sql injection: adapted code accordingly - see #158. This feature relies on python third-party libraries to be able to connect to the database. For the moment it has been implemented for MySQL (with python-mysqldb module) and PostgreSQL (with python-psycopg2 module).

Minor layout adjustments.
2025-12-06 12:41:30 +00:00 · 2010-03-26 23:23:25 +00:00
parent 4ca1adba2c
commit 1416cd0d86
32 changed files with 791 additions and 122 deletions
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -48,6 +48,9 @@ def cmdLineParser():
                             "options has to be specified to set the source "
                             "to get target urls from.")

+        target.add_option("-d", dest="direct", help="Direct "
+                          "connection to the database")
+
        target.add_option("-u", "--url", dest="url", help="Target url")

        target.add_option("-l", dest="list", help="Parse targets from Burp "
@@ -437,8 +440,8 @@ def cmdLineParser():

        (args, _) = parser.parse_args()

-        if not args.url and not args.list and not args.googleDork and not args.configFile and not args.requestFile and not args.updateAll:
-            errMsg  = "missing a mandatory parameter ('-u', '-l', '-r', '-g', '-c' or '--update'), "
+        if not args.direct and not args.url and not args.list and not args.googleDork and not args.configFile and not args.requestFile and not args.updateAll:
+            errMsg  = "missing a mandatory parameter ('-d', '-u', '-l', '-r', '-g', '-c' or '--update'), "
            errMsg += "-h for help"
            parser.error(errMsg)