PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-07 21:21:33 +00:00
Code Issues Projects Releases Wiki Activity

some more refactoring

Browse Source
This commit is contained in:
Miroslav Stampar
2011-12-21 22:09:21 +00:00
parent 0a039d84e0
commit 41ccf88990
6 changed files with 56 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/parse/cmdline.py
View File

@@ -545,7 +545,7 @@ def cmdLineParser():
miscellaneous = OptionGroup(parser, "Miscellaneous")
miscellaneous.add_option("-z", dest="mnemonics",
help="Use mnemonics for shorter parameter setup")
help="Use short mnemonics (e.g. \"flu,bat,ban,tec=EU\")")
miscellaneous.add_option("--beep", dest="beep",
action="store_true",

8
lib/parse/handler.py
View File

@@ -8,6 +8,7 @@ See the file 'doc/COPYING' for copying permission
"""
import re
from xml.sax.handler import ContentHandler
from lib.core.common import sanitizeStr
@@ -33,19 +34,20 @@ class FingerprintHandler(ContentHandler):
if value in ( None, "None" ):
return
if key in ( "dbmsVersion" ):
if key == "dbmsVersion":
self.__info[key] = value
else:
if key not in self.__info.keys():
self.__info[key] = set()
for v in value.split("|"):
self.__info[key].add(v)
for _ in value.split("|"):
self.__info[key].add(_)
def startElement(self, name, attrs):
if name == "regexp":
self.__regexp = sanitizeStr(attrs.get("value"))
_ = re.match("\A[A-Za-z0-9]+", self.__regexp) # minor trick avoiding compiling of large amount of regexes
if _ and _.group(0).lower() in self.__banner.lower() or not _:
self.__match = re.search(self.__regexp, self.__banner, re.I | re.M)
else:

37
lib/parse/headers.py
View File

@@ -7,6 +7,7 @@ Copyright (c) 2006-2011 sqlmap developers (http://www.sqlmap.org/)
See the file 'doc/COPYING' for copying permission
"""
import itertools
import os
from lib.core.common import checkFile
@@ -15,6 +16,7 @@ from lib.core.data import kb
from lib.core.data import paths
from lib.parse.handler import FingerprintHandler
def headersParser(headers):
"""
This function calls a class that parses the input HTTP headers to
@@ -22,24 +24,23 @@ def headersParser(headers):
and the web application technology
"""
topHeaders = {
"cookie": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "cookie.xml"),
"microsoftsharepointteamservices": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "sharepoint.xml"),
"server": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "server.xml"),
"servlet-engine": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "servlet.xml"),
"set-cookie": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "cookie.xml"),
"x-aspnet-version": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "x-aspnet-version.xml"),
"x-powered-by": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "x-powered-by.xml")
}
if not kb.headerPaths:
kb.headerPaths = {
"cookie": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "cookie.xml"),
"microsoftsharepointteamservices": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "sharepoint.xml"),
"server": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "server.xml"),
"servlet-engine": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "servlet.xml"),
"set-cookie": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "cookie.xml"),
"x-aspnet-version": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "x-aspnet-version.xml"),
"x-powered-by": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "x-powered-by.xml")
}
for header in headers:
if header in topHeaders:
value = headers[header]
xmlfile = topHeaders[header]
for header in itertools.ifilter(lambda x: x in kb.headerPaths, headers):
value = headers[header]
xmlfile = kb.headerPaths[header]
checkFile(xmlfile)
checkFile(xmlfile)
handler = FingerprintHandler(value, kb.headersFp)
handler = FingerprintHandler(value, kb.headersFp)
parseXmlFile(xmlfile, handler)
parseXmlFile(paths.GENERIC_XML, handler)
parseXmlFile(xmlfile, handler)
parseXmlFile(paths.GENERIC_XML, handler)