PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2026-02-13 00:46:33 +00:00
Code Issues Projects Releases Wiki Activity

Some code refactoring

Browse Source
This commit is contained in:
Miroslav Stampar
2017-04-18 15:48:05 +02:00
parent 65b02d4ab0
commit 5f2bb88037
32 changed files with 233 additions and 261 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
lib/controller/checks.py
View File

@@ -137,7 +137,7 @@ def checkSqlInjection(place, parameter, value):
SUPPORTED_DBMS, True) or kb.heuristicDbms or injection.dbms):
msg = "it looks like the back-end DBMS is '%s'. " % (Format.getErrorParsedDBMSes() or kb.heuristicDbms or injection.dbms)
msg += "Do you want to skip test payloads specific for other DBMSes? [Y/n]"
kb.reduceTests = (Backend.getErrorParsedDBMSes() or [kb.heuristicDbms]) if readInput(msg, default='Y').upper() == 'Y' else []
kb.reduceTests = (Backend.getErrorParsedDBMSes() or [kb.heuristicDbms]) if readInput(msg, default='Y', boolean=True) else []
# If the DBMS has been fingerprinted (via DBMS-specific error
# message, via simple heuristic check or via DBMS-specific
@@ -152,7 +152,7 @@ def checkSqlInjection(place, parameter, value):
msg += " and " if conf.level < 5 and conf.risk < 3 else ""
msg += "risk (%d)" % conf.risk if conf.risk < 3 else ""
msg += " values? [Y/n]" if conf.level < 5 and conf.risk < 3 else " value? [Y/n]"
kb.extendTests = (Backend.getErrorParsedDBMSes() or [kb.heuristicDbms]) if readInput(msg, default='Y').upper() == 'Y' else []
kb.extendTests = (Backend.getErrorParsedDBMSes() or [kb.heuristicDbms]) if readInput(msg, default='Y', boolean=True) else []
title = test.title
kb.testType = stype = test.stype
@@ -631,7 +631,8 @@ def checkSqlInjection(place, parameter, value):
msg += "extended UNION tests if there is not "
msg += "at least one other (potential) "
msg += "technique found. Do you want to skip? [Y/n] "
kb.futileUnion = readInput(msg, default="Y").strip().upper() == 'N'
kb.futileUnion = not readInput(msg, default='Y', boolean=True)
if kb.futileUnion is False:
continue
@@ -738,11 +739,9 @@ def checkSqlInjection(place, parameter, value):
logger.warn(warnMsg)
msg = "how do you want to proceed? [(S)kip current test/(e)nd detection phase/(n)ext parameter/(c)hange verbosity/(q)uit]"
choice = readInput(msg, default="S", checkBatch=False)
choice = readInput(msg, default='S', checkBatch=False).strip().upper()
if choice[0] in ("s", "S"):
pass
elif choice[0] in ("c", "C"):
if choice == 'C':
choice = None
while not ((choice or "").isdigit() and 0 <= int(choice) <= 6):
if choice:
@@ -752,11 +751,11 @@ def checkSqlInjection(place, parameter, value):
conf.verbose = int(choice)
setVerbosity()
tests.insert(0, test)
elif choice[0] in ("n", "N"):
elif choice == 'N':
return None
elif choice[0] in ("e", "E"):
elif choice == 'E':
kb.endDetection = True
elif choice[0] in ("q", "Q"):
elif choice == 'Q':
raise SqlmapUserQuitException
finally:
@@ -1177,19 +1176,19 @@ def checkStability():
logger.warn(warnMsg)
message = "how do you want to proceed? [(C)ontinue/(s)tring/(r)egex/(q)uit] "
test = readInput(message, default="C")
choice = readInput(message, default='C').strip().upper()
if test and test[0] in ("q", "Q"):
if choice == 'Q':
raise SqlmapUserQuitException
elif test and test[0] in ("s", "S"):
elif choice == 'S':
showStaticWords(firstPage, secondPage)
message = "please enter value for parameter 'string': "
test = readInput(message)
string = readInput(message)
if test:
conf.string = test
if string:
conf.string = string
if kb.nullConnection:
debugMsg = "turning off NULL connection "
@@ -1201,12 +1200,12 @@ def checkStability():
errMsg = "Empty value supplied"
raise SqlmapNoneDataException(errMsg)
elif test and test[0] in ("r", "R"):
elif choice == 'R':
message = "please enter value for parameter 'regex': "
test = readInput(message)
regex = readInput(message)
if test:
conf.regex = test
if regex:
conf.regex = regex
if kb.nullConnection:
debugMsg = "turning off NULL connection "
@@ -1372,13 +1371,13 @@ def identifyWaf():
if retVal:
message = "are you sure that you want to "
message += "continue with further target testing? [y/N] "
output = readInput(message, default="N")
choice = readInput(message, default='N', boolean=True)
if not conf.tamper:
warnMsg = "please consider usage of tamper scripts (option '--tamper')"
singleTimeWarnMessage(warnMsg)
if output and output[0] not in ("Y", "y"):
if not choice:
raise SqlmapUserQuitException
else:
warnMsg = "WAF/IPS/IDS product hasn't been identified"
@@ -1494,7 +1493,7 @@ def checkConnection(suppressOutput=False):
return False
msg = "it is not recommended to continue in this kind of cases. Do you want to quit and make sure that everything is set up properly? [Y/n] "
if readInput(msg, default="Y") not in ("n", "N"):
if readInput(msg, default='Y', boolean=True):
raise SqlmapSilentQuitException
else:
kb.ignoreNotFound = True

34
lib/controller/controller.py
View File

@@ -183,8 +183,8 @@ def _randomFillBlankFields(value):
if extractRegexResult(EMPTY_FORM_FIELDS_REGEX, value):
message = "do you want to fill blank fields with random values? [Y/n] "
test = readInput(message, default="Y")
if not test or test[0] in ("y", "Y"):
if readInput(message, default="Y", boolean=True):
for match in re.finditer(EMPTY_FORM_FIELDS_REGEX, retVal):
item = match.group("result")
if not any(_ in item for _ in IGNORE_PARAMETERS) and not re.search(ASP_NET_CONTROL_REGEX, item):
@@ -305,7 +305,9 @@ def start():
message = "SQL injection vulnerability has already been detected "
message += "against '%s'. Do you want to skip " % conf.hostname
message += "further tests involving it? [Y/n]"
kb.skipVulnHost = readInput(message, default="Y").upper() != 'N'
kb.skipVulnHost = readInput(message, default="Y", boolean=True)
testSqlInj = not kb.skipVulnHost
if not testSqlInj:
@@ -332,9 +334,8 @@ def start():
continue
message += "\ndo you want to test this form? [Y/n/q] "
test = readInput(message, default="Y")
if not test or test[0] in ("y", "Y"):
if readInput(message, default='Y', boolean=True):
if conf.method != HTTPMETHOD.GET:
message = "Edit %s data [default: %s]%s: " % (conf.method, urlencode(conf.data) if conf.data else "None", " (Warning: blank fields detected)" if conf.data and extractRegexResult(EMPTY_FORM_FIELDS_REGEX, conf.data) else "")
conf.data = readInput(message, default=conf.data)
@@ -359,14 +360,12 @@ def start():
else:
message += "\ndo you want to test this URL? [Y/n/q]"
test = readInput(message, default="Y")
choice = readInput(message, default='Y').strip().upper()
if not test or test[0] in ("y", "Y"):
pass
elif test[0] in ("n", "N"):
if choice == 'N':
dataToStdout(os.linesep)
continue
elif test[0] in ("q", "Q"):
elif choice == 'Q':
break
infoMsg = "testing URL '%s'" % targetUrl
@@ -543,9 +542,8 @@ def start():
msg = "%s parameter '%s' " % (injection.place, injection.parameter)
msg += "is vulnerable. Do you want to keep testing the others (if any)? [y/N] "
test = readInput(msg, default="N")
if test[0] not in ("y", "Y"):
if not readInput(msg, default='N', boolean=True):
proceed = False
paramKey = (conf.hostname, conf.path, None, None)
kb.testedParams.add(paramKey)
@@ -629,9 +627,7 @@ def start():
if kb.injection.place is not None and kb.injection.parameter is not None:
if conf.multipleTargets:
message = "do you want to exploit this SQL injection? [Y/n] "
exploit = readInput(message, default="Y")
condition = not exploit or exploit[0] in ("y", "Y")
condition = readInput(message, default='Y', boolean=True)
else:
condition = True
@@ -644,13 +640,11 @@ def start():
logger.warn(warnMsg)
message = "do you want to skip to the next target in list? [Y/n/q]"
test = readInput(message, default="Y")
choice = readInput(message, default='Y').strip().upper()
if not test or test[0] in ("y", "Y"):
pass
elif test[0] in ("n", "N"):
if choice == 'N':
return False
elif test[0] in ("q", "Q"):
elif choice == 'Q':
raise SqlmapUserQuitException
else:
raise

30
lib/core/common.py
View File

@@ -601,8 +601,8 @@ def paramToDict(place, parameters=None):
logger.warn(warnMsg)
message = "are you really sure that you want to continue (sqlmap could have problems)? [y/N] "
test = readInput(message, default="N")
if test[0] not in ("y", "Y"):
if not readInput(message, default='N', boolean=True):
raise SqlmapSilentQuitException
elif not _:
warnMsg = "provided value for parameter '%s' is empty. " % parameter
@@ -644,8 +644,8 @@ def paramToDict(place, parameters=None):
if candidates:
message = "it appears that provided value for %s parameter '%s' " % (place, parameter)
message += "is JSON deserializable. Do you want to inject inside? [y/N] "
test = readInput(message, default="N")
if test[0] in ("y", "Y"):
if not readInput(message, default='N', boolean=True):
del testableParameters[parameter]
testableParameters.update(candidates)
break
@@ -657,8 +657,8 @@ def paramToDict(place, parameters=None):
_ = re.sub(regex, "\g<1>%s\g<%d>" % (CUSTOM_INJECTION_MARK_CHAR, len(match.groups())), testableParameters[parameter])
message = "it appears that provided value for %s parameter '%s' " % (place, parameter)
message += "has boundaries. Do you want to inject inside? ('%s') [y/N] " % _
test = readInput(message, default="N")
if test[0] in ("y", "Y"):
if readInput(message, default='N', boolean=True):
testableParameters[parameter] = re.sub(regex, "\g<1>%s\g<2>" % BOUNDED_INJECTION_MARKER, testableParameters[parameter])
break
@@ -965,7 +965,7 @@ def dataToOutFile(filename, data):
return retVal
def readInput(message, default=None, checkBatch=True):
def readInput(message, default=None, checkBatch=True, boolean=False):
"""
Reads input from terminal
"""
@@ -1038,6 +1038,9 @@ def readInput(message, default=None, checkBatch=True):
finally:
logging._releaseLock()
if boolean:
retVal = retVal.strip().upper == 'Y'
return retVal
def randomRange(start=0, stop=1000, seed=None):
@@ -1979,9 +1982,8 @@ def getSQLSnippet(dbms, sfile, **variables):
logger.error(errMsg)
msg = "do you want to provide the substitution values? [y/N] "
choice = readInput(msg, default="N")
if choice and choice[0].lower() == "y":
if readInput(msg, default='N', boolean=True):
for var in variables:
msg = "insert value for variable '%s': " % var
val = readInput(msg, default="")
@@ -2370,8 +2372,8 @@ def wasLastResponseDelayed():
if kb.adjustTimeDelay is None:
msg = "do you want sqlmap to try to optimize value(s) "
msg += "for DBMS delay responses (option '--time-sec')? [Y/n] "
choice = readInput(msg, default='Y')
kb.adjustTimeDelay = ADJUST_TIME_DELAY.DISABLE if choice.upper() == 'N' else ADJUST_TIME_DELAY.YES
kb.adjustTimeDelay = ADJUST_TIME_DELAY.DISABLE if not readInput(msg, default='Y', boolean=True) else ADJUST_TIME_DELAY.YES
if kb.adjustTimeDelay is ADJUST_TIME_DELAY.YES:
adjustTimeDelay(threadData.lastQueryDuration, lowerStdLimit)
@@ -3263,11 +3265,11 @@ def createGithubIssue(errMsg, excMsg):
msg += "with the unhandled exception information at "
msg += "the official Github repository? [y/N] "
try:
test = readInput(msg, default="N")
choice = readInput(msg, default='N', boolean=True)
except:
test = None
choice = None
if test and test[0] in ("y", "Y"):
if choice:
ex = None
errMsg = errMsg[errMsg.find("\n"):]

16
lib/core/option.py
View File

@@ -542,8 +542,7 @@ def _doSearch():
elif re.search(URI_INJECTABLE_REGEX, link, re.I):
if kb.data.onlyGETs is None and conf.data is None and not conf.googleDork:
message = "do you want to scan only results containing GET parameters? [Y/n] "
test = readInput(message, default="Y")
kb.data.onlyGETs = test.lower() != 'n'
kb.data.onlyGETs = readInput(message, default='Y', boolean=True)
if not kb.data.onlyGETs or conf.googleDork:
kb.targets.add((link, conf.method, conf.data, conf.cookie, None))
@@ -570,9 +569,8 @@ def _doSearch():
message += "for your search dork expression, but none of them "
message += "have GET parameters to test for SQL injection. "
message += "Do you want to skip to the next result page? [Y/n]"
test = readInput(message, default="Y")
if test[0] in ("n", "N"):
if not readInput(message, default='Y', boolean=True):
raise SqlmapSilentQuitException
else:
conf.googlePage += 1
@@ -946,14 +944,14 @@ def _setTamperingFunctions():
message = "it appears that you might have mixed "
message += "the order of tamper scripts. "
message += "Do you want to auto resolve this? [Y/n/q] "
test = readInput(message, default="Y")
choice = readInput(message, default='Y').strip().upper()
if not test or test[0] in ("y", "Y"):
resolve_priorities = True
elif test[0] in ("n", "N"):
if choice == 'N':
resolve_priorities = False
elif test[0] in ("q", "Q"):
elif choice == 'Q':
raise SqlmapUserQuitException
else:
resolve_priorities = True
check_priority = False

2
lib/core/settings.py
View File

@@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
from lib.core.enums import OS
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.1.4.31"
VERSION = "1.1.4.32"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

65
lib/core/target.py
View File

@@ -118,11 +118,12 @@ def _setRequestParams():
if kb.processUserMarks is None and CUSTOM_INJECTION_MARK_CHAR in conf.data:
message = "custom injection marking character ('%s') found in option " % CUSTOM_INJECTION_MARK_CHAR
message += "'--data'. Do you want to process it? [Y/n/q] "
test = readInput(message, default="Y")
if test and test[0] in ("q", "Q"):
choice = readInput(message, default='Y')
if choice == 'Q':
raise SqlmapUserQuitException
else:
kb.processUserMarks = not test or test[0] not in ("n", "N")
kb.processUserMarks = choice == 'Y'
if kb.processUserMarks:
kb.testOnlyCustom = True
@@ -131,10 +132,11 @@ def _setRequestParams():
if re.search(JSON_RECOGNITION_REGEX, conf.data):
message = "JSON data found in %s data. " % conf.method
message += "Do you want to process it? [Y/n/q] "
test = readInput(message, default="Y")
if test and test[0] in ("q", "Q"):
choice = readInput(message, default='Y')
if choice == 'Q':
raise SqlmapUserQuitException
elif test[0] not in ("n", "N"):
elif choice == 'N':
conf.data = getattr(conf.data, UNENCODED_ORIGINAL_VALUE, conf.data)
conf.data = conf.data.replace(CUSTOM_INJECTION_MARK_CHAR, ASTERISK_MARKER)
conf.data = re.sub(r'("(?P<name>[^"]+)"\s*:\s*"[^"]+)"', functools.partial(process, repl=r'\g<1>%s"' % CUSTOM_INJECTION_MARK_CHAR), conf.data)
@@ -150,10 +152,11 @@ def _setRequestParams():
elif re.search(JSON_LIKE_RECOGNITION_REGEX, conf.data):
message = "JSON-like data found in %s data. " % conf.method
message += "Do you want to process it? [Y/n/q] "
test = readInput(message, default="Y")
if test and test[0] in ("q", "Q"):
choice = readInput(message, default='Y').strip().upper()
if choice == 'Q':
raise SqlmapUserQuitException
elif test[0] not in ("n", "N"):
elif choice == 'N':
conf.data = getattr(conf.data, UNENCODED_ORIGINAL_VALUE, conf.data)
conf.data = conf.data.replace(CUSTOM_INJECTION_MARK_CHAR, ASTERISK_MARKER)
conf.data = re.sub(r"('(?P<name>[^']+)'\s*:\s*'[^']+)'", functools.partial(process, repl=r"\g<1>%s'" % CUSTOM_INJECTION_MARK_CHAR), conf.data)
@@ -163,10 +166,11 @@ def _setRequestParams():
elif re.search(ARRAY_LIKE_RECOGNITION_REGEX, conf.data):
message = "Array-like data found in %s data. " % conf.method
message += "Do you want to process it? [Y/n/q] "
test = readInput(message, default="Y")
if test and test[0] in ("q", "Q"):
choice = readInput(message, default='Y').strip().upper()
if choice == 'Q':
raise SqlmapUserQuitException
elif test[0] not in ("n", "N"):
elif choice == 'N':
conf.data = conf.data.replace(CUSTOM_INJECTION_MARK_CHAR, ASTERISK_MARKER)
conf.data = re.sub(r"(=[^%s]+)" % DEFAULT_GET_POST_DELIMITER, r"\g<1>%s" % CUSTOM_INJECTION_MARK_CHAR, conf.data)
kb.postHint = POST_HINT.ARRAY_LIKE
@@ -174,10 +178,11 @@ def _setRequestParams():
elif re.search(XML_RECOGNITION_REGEX, conf.data):
message = "SOAP/XML data found in %s data. " % conf.method
message += "Do you want to process it? [Y/n/q] "
test = readInput(message, default="Y")
if test and test[0] in ("q", "Q"):
choice = readInput(message, default='Y').strip().upper()
if choice == 'Q':
raise SqlmapUserQuitException
elif test[0] not in ("n", "N"):
elif choice == 'N':
conf.data = getattr(conf.data, UNENCODED_ORIGINAL_VALUE, conf.data)
conf.data = conf.data.replace(CUSTOM_INJECTION_MARK_CHAR, ASTERISK_MARKER)
conf.data = re.sub(r"(<(?P<name>[^>]+)( [^<]*)?>)([^<]+)(</\2)", functools.partial(process, repl=r"\g<1>\g<4>%s\g<5>" % CUSTOM_INJECTION_MARK_CHAR), conf.data)
@@ -186,10 +191,11 @@ def _setRequestParams():
elif re.search(MULTIPART_RECOGNITION_REGEX, conf.data):
message = "Multipart-like data found in %s data. " % conf.method
message += "Do you want to process it? [Y/n/q] "
test = readInput(message, default="Y")
if test and test[0] in ("q", "Q"):
choice = readInput(message, default='Y').strip().upper()
if choice == 'Q':
raise SqlmapUserQuitException
elif test[0] not in ("n", "N"):
elif choice == 'N':
conf.data = getattr(conf.data, UNENCODED_ORIGINAL_VALUE, conf.data)
conf.data = conf.data.replace(CUSTOM_INJECTION_MARK_CHAR, ASTERISK_MARKER)
conf.data = re.sub(r"(?si)((Content-Disposition[^\n]+?name\s*=\s*[\"'](?P<name>[^\n]+?)[\"']).+?)(((\r)?\n)+--)", functools.partial(process, repl=r"\g<1>%s\g<4>" % CUSTOM_INJECTION_MARK_CHAR), conf.data)
@@ -222,11 +228,11 @@ def _setRequestParams():
message = "do you want to try URI injections "
message += "in the target URL itself? [Y/n/q] "
test = readInput(message, default="Y")
choice = readInput(message, default='Y').strip().upper()
if test and test[0] in ("q", "Q"):
if choice == 'Q':
raise SqlmapUserQuitException
elif not test or test[0] not in ("n", "N"):
elif choice == 'Y':
conf.url = "%s%s" % (conf.url, CUSTOM_INJECTION_MARK_CHAR)
kb.processUserMarks = True
@@ -237,11 +243,12 @@ def _setRequestParams():
lut = {PLACE.URI: '-u', PLACE.CUSTOM_POST: '--data', PLACE.CUSTOM_HEADER: '--headers/--user-agent/--referer/--cookie'}
message = "custom injection marking character ('%s') found in option " % CUSTOM_INJECTION_MARK_CHAR
message += "'%s'. Do you want to process it? [Y/n/q] " % lut[place]
test = readInput(message, default="Y")
if test and test[0] in ("q", "Q"):
choice = readInput(message, default='Y').strip().upper()
if choice == 'Q':
raise SqlmapUserQuitException
else:
kb.processUserMarks = not test or test[0] not in ("n", "N")
kb.processUserMarks = choice == 'Y'
if kb.processUserMarks:
kb.testOnlyCustom = True
@@ -381,8 +388,8 @@ def _setRequestParams():
if any(parameter.lower().count(_) for _ in CSRF_TOKEN_PARAMETER_INFIXES):
message = "%s parameter '%s' appears to hold anti-CSRF token. " % (place, parameter)
message += "Do you want sqlmap to automatically update it in further requests? [y/N] "
test = readInput(message, default="N")
if test and test[0] in ("y", "Y"):
if readInput(message, default='N', boolean=True):
conf.csrfToken = parameter
break
@@ -471,9 +478,8 @@ def _resumeDBMS():
message += "sqlmap assumes the back-end DBMS is '%s'. " % dbms
message += "Do you really want to force the back-end "
message += "DBMS value? [y/N] "
test = readInput(message, default="N")
if not test or test[0] in ("n", "N"):
if not readInput(message, default='N', boolean=True):
conf.dbms = None
Backend.setDbms(dbms)
Backend.setVersionList(dbmsVersion)
@@ -507,9 +513,8 @@ def _resumeOS():
message += "operating system is %s. " % os
message += "Do you really want to force the back-end DBMS "
message += "OS value? [y/N] "
test = readInput(message, default="N")
if not test or test[0] in ("n", "N"):
if not readInput(message, default='N', boolean=True):
conf.os = os
else:
conf.os = os

2
lib/core/threads.py
View File

@@ -67,7 +67,7 @@ ThreadData = _ThreadData()
def getCurrentThreadUID():
return hash(threading.currentThread())
def readInput(message, default=None):
def readInput(message, default=None, checkBatch=True, boolean=False):
# It will be overwritten by original from lib.core.common
pass

3
lib/parse/sitemap.py
View File

@@ -41,8 +41,7 @@ def parseSitemap(url, retVal=None):
if url.endswith(".xml") and "sitemap" in url.lower():
if kb.followSitemapRecursion is None:
message = "sitemap recursion detected. Do you want to follow? [y/N] "
test = readInput(message, default="N")
kb.followSitemapRecursion = test[0] in ("y", "Y")
kb.followSitemapRecursion = readInput(message, default='N', boolean=True)
if kb.followSitemapRecursion:
parseSitemap(url, retVal)
else:

8
lib/request/basic.py
View File

@@ -103,8 +103,8 @@ def forgeHeaders(items=None):
message += "The target URL provided its own cookies within "
message += "the HTTP %s header which intersect with yours. " % HTTP_HEADER.SET_COOKIE
message += "Do you want to merge them in further requests? [Y/n] "
_ = readInput(message, default="Y")
kb.mergeCookies = not _ or _[0] in ("y", "Y")
kb.mergeCookies = readInput(message, default='Y', boolean=True)
if kb.mergeCookies and kb.injection.place != PLACE.COOKIE:
_ = lambda x: re.sub(r"(?i)\b%s=[^%s]+" % (re.escape(getUnicode(cookie.name)), conf.cookieDel or DEFAULT_COOKIE_DELIMITER), ("%s=%s" % (getUnicode(cookie.name), getUnicode(cookie.value))).replace('\\', r'\\'), x)
@@ -368,8 +368,10 @@ def processResponse(page, responseHeaders):
continue
else:
msg = "do you want to automatically adjust the value of '%s'? [y/N]" % name
if readInput(msg, default='N').strip().upper() != 'Y':
if not readInput(msg, default='N', boolean=True):
continue
conf.paramDict[PLACE.POST][name] = value
conf.parameters[PLACE.POST] = re.sub("(?i)(%s=)[^&]+" % re.escape(name), r"\g<1>%s" % re.escape(value), conf.parameters[PLACE.POST])

8
lib/request/connect.py
View File

@@ -509,9 +509,8 @@ class Connect(object):
msg += "(redirect like response common to login pages). "
msg += "Do you want to apply the refresh "
msg += "from now on (or stay on the original page)? [Y/n]"
choice = readInput(msg, default="Y")
kb.alwaysRefresh = choice not in ("n", "N")
kb.alwaysRefresh = readInput(msg, default='Y', boolean=True)
if kb.alwaysRefresh:
if re.search(r"\Ahttps?://", refresh, re.I):
@@ -675,7 +674,8 @@ class Connect(object):
message = "there seems to be a continuous problem with connection to the target. "
message += "Are you sure that you want to continue "
message += "with further target testing? [y/N] "
kb.connErrorChoice = readInput(message, default="N") in ("Y", "y")
kb.connErrorChoice = readInput(message, default='N', boolean=True)
if kb.connErrorChoice is False:
raise SqlmapConnectionException(warnMsg)
@@ -832,7 +832,7 @@ class Connect(object):
if kb.cookieEncodeChoice is None:
msg = "do you want to URL encode cookie values (implementation specific)? %s" % ("[Y/n]" if not conf.url.endswith(".aspx") else "[y/N]") # Reference: https://support.microsoft.com/en-us/kb/313282
choice = readInput(msg, default='Y' if not conf.url.endswith(".aspx") else 'N')
kb.cookieEncodeChoice = choice.upper().strip() == "Y"
kb.cookieEncodeChoice = choice.upper().strip() == 'Y'
if not kb.cookieEncodeChoice:
skip = True

12
lib/request/inject.py
View File

@@ -208,22 +208,22 @@ def _goInferenceProxy(expression, fromUser=False, batch=False, unpack=True, char
message += "entries do you want to retrieve?\n"
message += "[a] All (default)\n[#] Specific number\n"
message += "[q] Quit"
test = readInput(message, default="a")
choice = readInput(message, default='A').strip().upper()
if not test or test[0] in ("a", "A"):
if choice == 'A':
stopLimit = count
elif test[0] in ("q", "Q"):
elif choice == 'Q':
raise SqlmapUserQuitException
elif test.isdigit() and int(test) > 0 and int(test) <= count:
stopLimit = int(test)
elif choice.isdigit() and int(choice) > 0 and int(choice) <= count:
stopLimit = int(choice)
infoMsg = "sqlmap is now going to retrieve the "
infoMsg += "first %d query output entries" % stopLimit
logger.info(infoMsg)
elif test[0] in ("#", "s", "S"):
elif choice in ('#', 'S'):
message = "how many? "
stopLimit = readInput(message, default="10")

6
lib/request/redirecthandler.py
View File

@@ -50,18 +50,16 @@ class SmartRedirectHandler(urllib2.HTTPRedirectHandler):
if kb.redirectChoice is None:
msg = "sqlmap got a %d redirect to " % redcode
msg += "'%s'. Do you want to follow? [Y/n] " % redurl
choice = readInput(msg, default="Y")
kb.redirectChoice = choice.upper()
kb.redirectChoice = REDIRECTION.YES if readInput(msg, default='Y', boolean=True) else REDIRECTION.NO
if kb.redirectChoice == REDIRECTION.YES and method == HTTPMETHOD.POST and kb.resendPostOnRedirect is None:
msg = "redirect is a result of a "
msg += "POST request. Do you want to "
msg += "resend original POST data to a new "
msg += "location? [%s] " % ("Y/n" if not kb.originalPage else "y/N")
choice = readInput(msg, default=("Y" if not kb.originalPage else "N"))
kb.resendPostOnRedirect = choice.upper() == 'Y'
kb.resendPostOnRedirect = readInput(msg, default=("Y" if not kb.originalPage else "N"), boolean=True)
if kb.resendPostOnRedirect:
self.redirect_request = self._redirect_request

11
lib/takeover/abstraction.py
View File

@@ -75,17 +75,17 @@ class Abstraction(Web, UDF, XP_cmdshell):
return safechardecode(retVal)
def runCmd(self, cmd):
getOutput = None
choice = None
if not self.alwaysRetrieveCmdOutput:
message = "do you want to retrieve the command standard "
message += "output? [Y/n/a] "
getOutput = readInput(message, default="Y")
choice = readInput(message, default='Y')
if getOutput in ("a", "A"):
if choice in ('a', 'A'):
self.alwaysRetrieveCmdOutput = True
if not getOutput or getOutput in ("y", "Y") or self.alwaysRetrieveCmdOutput:
if not choice or choice in ('y', 'Y') or self.alwaysRetrieveCmdOutput:
output = self.evalCmd(cmd)
if output:
@@ -166,9 +166,8 @@ class Abstraction(Web, UDF, XP_cmdshell):
msg += "statements as another DBMS user since you provided the "
msg += "option '--dbms-creds'. If you are DBA, you can enable it. "
msg += "Do you want to enable it? [Y/n] "
choice = readInput(msg, default="Y")
if not choice or choice in ("y", "Y"):
if readInput(msg, default='Y', boolean=True):
expression = getSQLSnippet(DBMS.MSSQL, "configure_openrowset", ENABLE="1")
inject.goStacked(expression)

22
lib/takeover/udf.py
View File

@@ -42,12 +42,8 @@ class UDF:
def _askOverwriteUdf(self, udf):
message = "UDF '%s' already exists, do you " % udf
message += "want to overwrite it? [y/N] "
output = readInput(message, default="N")
if output and output[0] in ("y", "Y"):
return True
else:
return False
return readInput(message, default='N', boolean=True)
def _checkExistUdf(self, udf):
logger.info("checking if UDF '%s' already exist" % udf)
@@ -327,12 +323,12 @@ class UDF:
msg = "do you want to call your injected user-defined "
msg += "functions now? [Y/n/q] "
choice = readInput(msg, default="Y")
choice = readInput(msg, default='Y').strip().upper()
if choice[0] in ("n", "N"):
if choice == 'N':
self.cleanup(udfDict=self.udfs)
return
elif choice[0] in ("q", "Q"):
elif choice == 'Q':
self.cleanup(udfDict=self.udfs)
raise SqlmapUserQuitException
@@ -347,9 +343,9 @@ class UDF:
msg += "\n[q] Quit"
while True:
choice = readInput(msg)
choice = readInput(msg).strip().upper()
if choice and choice[0] in ("q", "Q"):
if choice == 'Q':
break
elif isinstance(choice, basestring) and choice.isdigit() and int(choice) > 0 and int(choice) <= len(udfList):
choice = int(choice)
@@ -390,9 +386,8 @@ class UDF:
cmd = cmd[:-1]
msg = "do you want to retrieve the return value of the "
msg += "UDF? [Y/n] "
choice = readInput(msg, default="Y")
if choice[0] in ("y", "Y"):
if readInput(msg, default='Y', boolean=True):
output = self.udfEvalCmd(cmd, udfName=udfToCall)
if output:
@@ -403,9 +398,8 @@ class UDF:
self.udfExecCmd(cmd, udfName=udfToCall, silent=True)
msg = "do you want to call this or another injected UDF? [Y/n] "
choice = readInput(msg, default="Y")
if choice[0] not in ("y", "Y"):
if not readInput(msg, default='Y', boolean=True):
break
self.cleanup(udfDict=self.udfs)

6
lib/takeover/web.py
View File

@@ -202,9 +202,8 @@ class Web:
if not kb.absFilePaths:
message = "do you want sqlmap to further try to "
message += "provoke the full path disclosure? [Y/n] "
getOutput = readInput(message, default="Y")
if getOutput in ("y", "Y"):
if readInput(message, default='Y', boolean=True):
headers = {}
been = set([conf.url])
@@ -391,9 +390,8 @@ class Web:
message = "do you want to try the same method used "
message += "for the file stager? [Y/n] "
getOutput = readInput(message, default="Y")
if getOutput in ("y", "Y"):
if readInput(message, default='Y', boolean=True):
self._webFileInject(backdoorContent, backdoorName, directory)
else:
continue

3
lib/takeover/xp_cmdshell.py
View File

@@ -255,9 +255,8 @@ class XP_cmdshell:
message = "xp_cmdshell extended procedure does not seem to "
message += "be available. Do you want sqlmap to try to "
message += "re-enable it? [Y/n] "
choice = readInput(message, default="Y")
if not choice or choice in ("y", "Y"):
if readInput(message, default='Y', boolean=True):
self._xpCmdshellConfigure(1)
if self._xpCmdshellCheck():

3
lib/techniques/error/use.py
View File

@@ -358,9 +358,8 @@ def errorUse(expression, dump=False):
if " ORDER BY " in expression and (stopLimit - startLimit) > SLOW_ORDER_COUNT_THRESHOLD:
message = "due to huge table size do you want to remove "
message += "ORDER BY clause gaining speed over consistency? [y/N] "
_ = readInput(message, default="N")
if _ and _[0] in ("y", "Y"):
if readInput(message, default="N", boolean=True):
expression = expression[:expression.index(" ORDER BY ")]
numThreads = min(conf.threads, (stopLimit - startLimit))

4
lib/techniques/union/test.py
View File

@@ -283,8 +283,8 @@ def _unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix)
if not conf.uChar and count > 1 and kb.uChar == NULL:
message = "injection not exploitable with NULL values. Do you want to try with a random integer value for option '--union-char'? [Y/n] "
test = readInput(message, default="Y")
if test[0] not in ("y", "Y"):
if not readInput(message, default="Y", boolean=True):
warnMsg += "usage of option '--union-char' "
warnMsg += "(e.g. '--union-char=1') "
else:

6
lib/utils/brute.py
View File

@@ -57,8 +57,7 @@ def tableExists(tableFile, regex=None):
logger.warn(warnMsg)
message = "are you sure you want to continue? [y/N] "
test = readInput(message, default="N")
kb.tableExistsChoice = test[0] in ("y", "Y")
kb.tableExistsChoice = readInput(message, default='N', boolean=True)
if not kb.tableExistsChoice:
return None
@@ -161,8 +160,7 @@ def columnExists(columnFile, regex=None):
logger.warn(warnMsg)
message = "are you sure you want to continue? [y/N] "
test = readInput(message, default="N")
kb.columnExistsChoice = test[0] in ("y", "Y")
kb.columnExistsChoice = readInput(message, default='N', boolean=True)
if not kb.columnExistsChoice:
return None

8
lib/utils/crawler.py
View File

@@ -130,8 +130,8 @@ def crawl(target):
if not conf.sitemapUrl:
message = "do you want to check for the existence of "
message += "site's sitemap(.xml) [y/N] "
test = readInput(message, default="n")
if test[0] in ("y", "Y"):
if readInput(message, default='N', boolean=True):
found = True
items = None
url = urlparse.urljoin(target, "/sitemap.xml")
@@ -198,8 +198,8 @@ def storeResultsToFile(results):
if kb.storeCrawlingChoice is None:
message = "do you want to store crawling results to a temporary file "
message += "for eventual further processing with other tools [y/N] "
test = readInput(message, default="N")
kb.storeCrawlingChoice = test[0] in ("y", "Y")
kb.storeCrawlingChoice = readInput(message, default='N', boolean=True)
if kb.storeCrawlingChoice:
handle, filename = tempfile.mkstemp(prefix=MKSTEMP_PREFIX.CRAWLER, suffix=".csv" if conf.forms else ".txt")

13
lib/utils/hash.py
View File

@@ -382,8 +382,8 @@ def storeHashesToFile(attack_dict):
if kb.storeHashesChoice is None:
message = "do you want to store hashes to a temporary file "
message += "for eventual further processing with other tools [y/N] "
test = readInput(message, default="N")
kb.storeHashesChoice = test[0] in ("y", "Y")
kb.storeHashesChoice = readInput(message, default='N', boolean=True)
if not kb.storeHashesChoice:
return
@@ -482,11 +482,11 @@ def attackDumpedTable():
storeHashesToFile(attack_dict)
message = "do you want to crack them via a dictionary-based attack? %s" % ("[y/N/q]" if conf.multipleTargets else "[Y/n/q]")
test = readInput(message, default="N" if conf.multipleTargets else "Y")
choice = readInput(message, default='N' if conf.multipleTargets else 'Y').strip().upper()
if test[0] in ("n", "N"):
if choice == 'N':
return
elif test[0] in ("q", "Q"):
elif choice == 'Q':
raise SqlmapUserQuitException
results = dictionaryAttack(attack_dict)
@@ -805,9 +805,8 @@ def dictionaryAttack(attack_dict):
logger.critical(warnMsg)
message = "do you want to use common password suffixes? (slow!) [y/N] "
test = readInput(message, default="N")
if test[0] in ("y", "Y"):
if readInput(message, default='N', boolean=True):
suffix_list += COMMON_PASSWORD_SUFFIXES
infoMsg = "starting dictionary-based cracking (%s)" % __functions__[hash_regex].func_name