PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 12:41:30 +00:00
Code Issues Projects Releases Wiki Activity

Major enhancement to the engine to parse XML files and matches on DBMS banner

Browse Source 
and HTTP response headers.
Initial web application technology fingerprint (for the moment based only on
X-Powered-By HTTP response header and not shown yet to the user).
Minor layout adjustments.
This commit is contained in:
Bernardo Damele
2008-11-17 17:41:02 +00:00
parent 66fb3c3033
commit 7d0724843f
13 changed files with 222 additions and 133 deletions
Download Patch File Download Diff File Expand all files Collapse all files

90
lib/parse/headers.py
View File

@@ -26,10 +26,68 @@ Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
import re
from xml.sax import parse
from xml.sax.handler import ContentHandler
from lib.core.common import checkFile
from lib.core.common import sanitizeStr
from lib.core.data import kb
from lib.core.data import paths
from lib.parse.banner import BannerHandler
class HeadersHandler(ContentHandler):
"""
This class defines methods to parse and extract information from
the given HTTP header based upon the data in XML file
"""
def __init__(self, header):
self.__header = sanitizeStr(header)
self.__regexp = None
self.__match = None
self.__techVersion = None
def __feedInfo(self, key, value):
value = sanitizeStr(value)
if value in ( None, "None" ):
return
if key == "techVersion":
kb.headersFp[key] = value
else:
if key not in kb.headersFp.keys():
kb.headersFp[key] = set()
kb.headersFp[key].add(value)
def startElement(self, name, attrs):
if name == "regexp":
self.__regexp = sanitizeStr(attrs.get("value"))
self.__match = re.search(self.__regexp, self.__header, re.I | re.M)
if name == "info" and self.__match:
self.__feedInfo("type", attrs.get("type"))
self.__feedInfo("distrib", attrs.get("distrib"))
self.__feedInfo("release", attrs.get("release"))
self.__feedInfo("codename", attrs.get("codename"))
self.__feedInfo("technology", attrs.get("codename"))
self.__techVersion = sanitizeStr(attrs.get("tech_version"))
self.__sp = sanitizeStr(attrs.get("sp"))
if self.__techVersion.isdigit():
self.__feedInfo("techVersion", self.__match.group(int(self.__techVersion)))
if self.__sp.isdigit():
self.__feedInfo("sp", "Service Pack %s" % self.__match.group(int(self.__sp)))
self.__regexp = None
self.__match = None
self.__techVersion = None
def headersParser(headers):
@@ -39,17 +97,23 @@ def headersParser(headers):
and the web application technology
"""
topHeaders = (
"cookie",
"microsoftsharepointteamservices",
"server",
"servlet-engine",
"www-authenticate",
"x-aspnet-version",
"x-powered-by",
)
# TODO: ahead here
topHeaders = {
#"cookie": "%s/cookie.xml" % paths.SQLMAP_XML_BANNER_PATH,
#"microsoftsharepointteamservices": "%s/microsoftsharepointteamservices.xml" % paths.SQLMAP_XML_BANNER_PATH,
#"server": "%s/server.xml" % paths.SQLMAP_XML_BANNER_PATH,
#"servlet-engine": "%s/servlet-engine.xml" % paths.SQLMAP_XML_BANNER_PATH,
#"set-cookie": "%s/cookie.xml" % paths.SQLMAP_XML_BANNER_PATH,
#"www-authenticate": "%s/www-authenticate.xml" % paths.SQLMAP_XML_BANNER_PATH,
#"x-aspnet-version": "%s/x-aspnet-version.xml" % paths.SQLMAP_XML_BANNER_PATH,
"x-powered-by": "%s/x-powered-by.xml" % paths.SQLMAP_XML_BANNER_PATH,
}
for header in headers:
if header in topHeaders:
# TODO: fill me
pass
if header in topHeaders.keys():
value = headers[header]
xmlfile = topHeaders[header]
checkFile(xmlfile)
handler = HeadersHandler(value)
parse(xmlfile, handler)
parse(paths.GENERIC_XML, handler)