PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-15 12:19:03 +00:00
Code Issues Projects Releases Wiki Activity

removing of unused imports together with some general code refactoring

Browse Source
This commit is contained in:
Miroslav Stampar
2012-02-22 10:40:11 +00:00
parent 386e98a0e3
commit b3bd4144f5
104 changed files with 255 additions and 499 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
lib/controller/checks.py
View File

@@ -8,13 +8,11 @@ See the file 'doc/COPYING' for copying permission
"""
import httplib
import logging
import re
import socket
import time
from lib.core.agent import agent
from lib.core.common import aliasToDbmsEnum
from lib.core.common import arrayizeValue
from lib.core.common import Backend
from lib.core.common import beep
@@ -22,7 +20,6 @@ from lib.core.common import extractRegexResult
from lib.core.common import findDynamicContent
from lib.core.common import Format
from lib.core.common import getComparePageRatio
from lib.core.common import getCompiledRegex
from lib.core.common import getLastRequestHTTPError
from lib.core.common import getSortedInjectionTests
from lib.core.common import getUnicode
@@ -36,13 +33,11 @@ from lib.core.common import randomStr
from lib.core.common import readInput
from lib.core.common import showStaticWords
from lib.core.common import singleTimeWarnMessage
from lib.core.common import trimAlphaNum
from lib.core.common import wasLastRequestDBMSError
from lib.core.common import wasLastRequestHTTPError
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.data import paths
from lib.core.datatype import AttribDict
from lib.core.datatype import InjectionDict
from lib.core.enums import HTTPHEADER
@@ -51,7 +46,6 @@ from lib.core.enums import NULLCONNECTION
from lib.core.enums import PAYLOAD
from lib.core.enums import PLACE
from lib.core.exception import sqlmapConnectionException
from lib.core.exception import sqlmapGenericException
from lib.core.exception import sqlmapNoneDataException
from lib.core.exception import sqlmapSilentQuitException
from lib.core.exception import sqlmapUserQuitException
@@ -614,7 +608,7 @@ def heuristicCheckSqlInjection(place, parameter):
def simpletonCheckSqlInjection(place, parameter, value):
"""
This is a function for the quickest and simplest
This is a function for the quickest and simplest
sql injection check (e.g. AND 1=1) - only works
with integer parameters
"""
@@ -879,7 +873,7 @@ def checkWaf():
conf.parameters[PLACE.GET] += "%s=%d %s" % (randomStr(), randomInt(), IDS_WAF_CHECK_PAYLOAD)
kb.matchRatio = None
_ = Request.queryPage()
Request.queryPage()
if kb.errorIsNone and kb.matchRatio is None:
kb.matchRatio = LOWER_RATIO_BOUND

4
lib/controller/handler.py
View File

@@ -11,9 +11,7 @@ from lib.core.common import Backend
from lib.core.common import popValue
from lib.core.common import pushValue
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.enums import DBMS
from lib.core.settings import MSSQL_ALIASES
from lib.core.settings import MYSQL_ALIASES
from lib.core.settings import ORACLE_ALIASES
@@ -64,7 +62,7 @@ def setHandler():
( FIREBIRD_ALIASES, FirebirdMap, FirebirdConn ),
( MAXDB_ALIASES, MaxDBMap, MaxDBConn ),
( SYBASE_ALIASES, SybaseMap, SybaseConn ),
( DB2_ALIASES, DB2Map, DB2Conn )
( DB2_ALIASES, DB2Map, DB2Conn )
]
if Backend.getIdentifiedDbms() is not None:

2
lib/core/agent.py
View File

@@ -18,11 +18,9 @@ from lib.core.common import isTechniqueAvailable
from lib.core.common import randomInt
from lib.core.common import randomStr
from lib.core.common import singleTimeWarnMessage
from lib.core.convert import urlencode
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import queries
from lib.core.datatype import AttribDict
from lib.core.enums import DBMS
from lib.core.enums import PAYLOAD
from lib.core.enums import PLACE

14
lib/core/common.py
View File

@@ -14,7 +14,6 @@ import httplib
import inspect
import logging
import ntpath
import optparse
import os
import pickle
import posixpath
@@ -25,7 +24,6 @@ import string
import struct
import sys
import time
import types
import urllib
import urlparse
import unicodedata
@@ -49,14 +47,13 @@ from extra.clientform.clientform import ParseError
from extra.cloak.cloak import decloak
from extra.magic import magic
from extra.odict.odict import OrderedDict
from extra.safe2bin.safe2bin import safecharencode
from lib.core.bigarray import BigArray
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.data import paths
from lib.core.data import queries
from lib.core.convert import htmlunescape
from lib.core.convert import safecharencode
from lib.core.convert import unicodeencode
from lib.core.convert import urldecode
from lib.core.convert import urlencode
@@ -120,7 +117,6 @@ from lib.core.settings import TIME_STDEV_COEFF
from lib.core.settings import DYNAMICITY_MARK_LENGTH
from lib.core.settings import REFLECTIVE_MISS_THRESHOLD
from lib.core.settings import SENSITIVE_DATA_REGEX
from lib.core.settings import SUPPORTED_OS
from lib.core.settings import UNION_UNIQUE_FIFO_LENGTH
from lib.core.settings import URI_INJECTION_MARK_CHAR
from lib.core.settings import URI_QUESTION_MARKER
@@ -403,7 +399,7 @@ class Backend:
1. Sort the tests, getSortedInjectionTests() - detection phase.
2. Ask user whether or not skip specific DBMS tests in detection phase,
lib/controller/checks.py - detection phase.
3. Sort the fingerprint of the DBMS, lib/controller/handler.py -
3. Sort the fingerprint of the DBMS, lib/controller/handler.py -
fingerprint phase.
"""
@@ -869,7 +865,7 @@ def randomStr(length=4, lowercase=False, alphabet=None):
"""
if alphabet:
rndStr = "".join(random.choice(alphabet) for _ in xrange(0, length))
rndStr = "".join(random.choice(alphabet) for _ in xrange(0, length))
elif lowercase:
rndStr = "".join(random.choice(string.lowercase) for _ in xrange(0, length))
else:
@@ -1670,7 +1666,7 @@ def readXmlFile(xmlFile):
Reads XML file content and returns it's DOM representation
"""
checkFile(xmlFile)
checkFile(xmlFile)
with codecs.open(xmlFile, 'r', UNICODE_ENCODING) as f:
retVal = minidom.parse(f).documentElement
@@ -2179,7 +2175,7 @@ def enumValueToNameLookup(type_, value_):
def extractRegexResult(regex, content, flags=0):
"""
Returns 'result' group value from a possible match with regex on a given
Returns 'result' group value from a possible match with regex on a given
content
"""

5
lib/core/convert.py
View File

@@ -13,19 +13,14 @@ except:
import md5
import sha
import binascii
import pickle
import re
import sys
import string
import struct
import urllib
from extra.safe2bin.safe2bin import safecharencode
from extra.safe2bin.safe2bin import safechardecode
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.enums import PLACE
from lib.core.settings import UNICODE_ENCODING
from lib.core.settings import URLENCODE_CHAR_LIMIT

4
lib/core/option.py
View File

@@ -9,7 +9,6 @@ See the file 'doc/COPYING' for copying permission
import codecs
import cookielib
import difflib
import inspect
import logging
import os
@@ -44,7 +43,6 @@ from lib.core.common import parseTargetUrl
from lib.core.common import paths
from lib.core.common import randomRange
from lib.core.common import randomStr
from lib.core.common import readCachedFileContent
from lib.core.common import readInput
from lib.core.common import runningAsAdmin
from lib.core.common import sanitizeStr
@@ -55,7 +53,6 @@ from lib.core.convert import urlencode
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.data import paths
from lib.core.data import queries
from lib.core.datatype import AttribDict
from lib.core.datatype import InjectionDict
@@ -87,7 +84,6 @@ from lib.core.settings import DEFAULT_TOR_HTTP_PORTS
from lib.core.settings import DEFAULT_TOR_SOCKS_PORT
from lib.core.settings import IS_WIN
from lib.core.settings import NULL
from lib.core.settings import PLATFORM
from lib.core.settings import PYVERSION
from lib.core.settings import SITE
from lib.core.settings import DBMS_DICT

4
lib/core/replication.py
View File

@@ -7,8 +7,8 @@ Copyright (c) 2006-2012 sqlmap developers (http://www.sqlmap.org/)
See the file 'doc/COPYING' for copying permission
"""
from extra.safe2bin.safe2bin import safechardecode
from lib.core.common import unsafeSQLIdentificatorNaming
from lib.core.convert import safechardecode
from lib.core.exception import sqlmapMissingDependence
from lib.core.exception import sqlmapValueException
@@ -21,7 +21,7 @@ class Replication:
def __init__(self, dbpath):
try:
import sqlite3
except ImportError, _:
except ImportError:
errMsg = "missing module 'sqlite3' needed by switch '--replicate'"
raise sqlmapMissingDependence, errMsg

2
lib/core/revision.py
View File

@@ -23,7 +23,7 @@ def getRevisionNumber():
client = pysvn.Client()
if client.info(curDir):
retVal = client.info(curDir).revision.number
except ImportError, _:
except ImportError:
process = execute("svn info %s" % curDir, shell=True, stdout=PIPE, stderr=PIPE)
svnStdout, svnStderr = process.communicate()

6
lib/core/session.py
View File

@@ -12,7 +12,6 @@ import re
from lib.core.common import Backend
from lib.core.common import Format
from lib.core.common import dataToSessionFile
from lib.core.common import getFilteredPageContent
from lib.core.common import intersect
from lib.core.common import readInput
from lib.core.common import singleTimeWarnMessage
@@ -21,12 +20,7 @@ from lib.core.convert import base64unpickle
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.datatype import InjectionDict
from lib.core.enums import DBMS
from lib.core.enums import OS
from lib.core.enums import PAYLOAD
from lib.core.enums import PLACE
from lib.core.settings import METADB_SUFFIX
from lib.core.settings import SUPPORTED_DBMS
from lib.core.settings import UNKNOWN_DBMS_VERSION

7
lib/core/settings.py
View File

@@ -15,7 +15,6 @@ import sys
from lib.core.enums import CUSTOM_LOGGING
from lib.core.enums import DBMS
from lib.core.enums import DBMS_DIRECTORY_NAME
from lib.core.enums import PLACE
from lib.core.revision import getRevisionNumber
# sqlmap version and site
@@ -258,9 +257,9 @@ NULL = "NULL"
CURRENT_DB = "CD"
# Regular expressions used for parsing error messages (--parse-errors)
ERROR_PARSING_REGEXES = (
r"<b>[^<]*(fatal|error|warning|exception)[^<]*</b>:?\s*(?P<result>.+?)<br\s*/?\s*>",
r"<li>Error Type:<br>(?P<result>.+?)</li>",
ERROR_PARSING_REGEXES = (
r"<b>[^<]*(fatal|error|warning|exception)[^<]*</b>:?\s*(?P<result>.+?)<br\s*/?\s*>",
r"<li>Error Type:<br>(?P<result>.+?)</li>",
r"error '[0-9a-f]{8}'((<[^>]+>)|\s)+(?P<result>[^<>]+)"
)

4
lib/core/shell.py
View File

@@ -13,10 +13,8 @@ import rlcompleter
from lib.core import readlineng as readline
from lib.core.common import Backend
from lib.core.data import kb
from lib.core.data import logger
from lib.core.data import paths
from lib.core.data import queries
from lib.core.enums import OS
def saveHistory():
@@ -70,7 +68,7 @@ def autoCompletion(sqlShell=False, osShell=False):
else:
# Reference: http://en.wikipedia.org/wiki/List_of_Unix_commands
completer = CompleterNG({
"cp": None, "rm": None, "ls": None,
"cp": None, "rm": None, "ls": None,
"echo": None, "mkdir": None, "free": None,
"mv": None, "ifconfig": None, "netstat -natu": None,
"pwd": None, "uname": None, "id": None,

5
lib/core/target.py
View File

@@ -45,7 +45,6 @@ from lib.core.settings import URI_INJECTION_MARK_CHAR
from lib.core.settings import USER_AGENT_ALIASES
from lib.utils.hashdb import HashDB
from lib.core.xmldump import dumper as xmldumper
from lib.request.connect import Connect as Request
def __setRequestParams():
"""
@@ -289,7 +288,7 @@ def __setOutputResume():
def __setResultsFile():
"""
Create results file for storing results of running in a
Create results file for storing results of running in a
multiple target mode.
"""
@@ -374,7 +373,7 @@ def __createTargetDirs():
def __restoreCmdLineOptions():
"""
Restore command line options that could be possibly
Restore command line options that could be possibly
changed during the testing of previous target.
"""
conf.regexp = cmdLineOptions.regexp

1
lib/core/testing.py
View File

@@ -8,7 +8,6 @@ See the file 'doc/COPYING' for copying permission
"""
import doctest
import logging
import os
import re
import shutil

7
lib/core/update.py
View File

@@ -7,14 +7,9 @@ Copyright (c) 2006-2012 sqlmap developers (http://www.sqlmap.org/)
See the file 'doc/COPYING' for copying permission
"""
import os
import re
import shutil
import sys
import time
from distutils.dir_util import mkpath
from subprocess import PIPE
from subprocess import Popen as execute
@@ -23,11 +18,9 @@ from lib.core.common import getUnicode
from lib.core.data import conf
from lib.core.data import logger
from lib.core.data import paths
from lib.core.exception import sqlmapFilePathException
from lib.core.settings import IS_WIN
from lib.core.settings import UNICODE_ENCODING
from lib.core.subprocessng import pollProcess
from lib.request.connect import Connect as Request
def update():
if not conf.updateAll:

2
lib/parse/banner.py
View File

@@ -7,8 +7,6 @@ Copyright (c) 2006-2012 sqlmap developers (http://www.sqlmap.org/)
See the file 'doc/COPYING' for copying permission
"""
import re
from xml.sax.handler import ContentHandler
from lib.core.common import checkFile

17
lib/parse/cmdline.py
View File

@@ -20,7 +20,6 @@ from lib.core.data import logger
from lib.core.defaults import defaults
from lib.core.settings import IS_WIN
from lib.core.settings import VERSION_STRING
from lib.core.settings import UNICODE_ENCODING
def cmdLineParser():
"""
@@ -33,7 +32,7 @@ def cmdLineParser():
parser = OptionParser(usage=usage, version=VERSION_STRING)
try:
parser.add_option("-v", dest="verbose", type="int",
parser.add_option("-v", dest="verbose", type="int",
help="Verbosity level: 0-6 (default %d)" % defaults.verbose)
# Target options
@@ -138,10 +137,10 @@ def cmdLineParser():
help="Retries when the connection timeouts "
"(default %d)" % defaults.retries)
request.add_option("--scope", dest="scope",
request.add_option("--scope", dest="scope",
help="Regexp to filter targets from provided proxy log")
request.add_option("--safe-url", dest="safUrl",
request.add_option("--safe-url", dest="safUrl",
help="Url address to visit frequently during testing")
request.add_option("--safe-freq", dest="saFreq", type="int",
@@ -494,7 +493,7 @@ def cmdLineParser():
general.add_option("--charset", dest="charset",
help="Force character encoding used for data retrieval")
general.add_option("--check-tor", dest="checkTor",
general.add_option("--check-tor", dest="checkTor",
action="store_true",
help="Check to see if Tor is used properly")
@@ -538,14 +537,14 @@ def cmdLineParser():
action="store_true",
help="Save options to a configuration INI file")
general.add_option("--tor", dest="tor",
general.add_option("--tor", dest="tor",
action="store_true",
help="Use Tor anonymity network")
general.add_option("--tor-port", dest="torPort",
general.add_option("--tor-port", dest="torPort",
help="Set Tor proxy port other than default")
general.add_option("--tor-type", dest="torType",
general.add_option("--tor-type", dest="torType",
help="Set Tor proxy type (HTTP - default, SOCKS4 or SOCKS5)")
general.add_option("--update", dest="updateAll",
@@ -665,7 +664,7 @@ def cmdLineParser():
except (OptionError, TypeError), e:
parser.error(e)
except SystemExit, _:
except SystemExit:
# Protection against Windows dummy double clicking
if IS_WIN:
print "\nPress Enter to continue...",

7
lib/request/basic.py
View File

@@ -10,7 +10,6 @@ See the file 'doc/COPYING' for copying permission
import codecs
import gzip
import logging
import os
import re
import StringIO
import zlib
@@ -19,8 +18,6 @@ from extra.chardet import detect
from lib.core.common import extractErrorMessage
from lib.core.common import extractRegexResult
from lib.core.common import getUnicode
from lib.core.common import isWindowsDriveLetterPath
from lib.core.common import posixToNtSlashes
from lib.core.common import readInput
from lib.core.common import singleTimeLogMessage
from lib.core.data import conf
@@ -28,12 +25,10 @@ from lib.core.data import kb
from lib.core.data import logger
from lib.core.enums import HTTPHEADER
from lib.core.enums import PLACE
from lib.core.exception import sqlmapDataException
from lib.core.settings import DEFAULT_COOKIE_DELIMITER
from lib.core.settings import ML
from lib.core.settings import META_CHARSET_REGEX
from lib.core.settings import PARSE_HEADERS_LIMIT
from lib.core.settings import UNICODE_ENCODING
from lib.parse.headers import headersParser
from lib.parse.html import htmlParser
@@ -229,4 +224,4 @@ def processResponse(page, responseHeaders):
msg = extractErrorMessage(page)
if msg:
logger.info("parsed error message: '%s'" % msg)
logger.info("parsed error message: '%s'" % msg)

10
lib/request/connect.py
View File

@@ -20,18 +20,15 @@ from extra.multipart import multipartpost
from lib.core.agent import agent
from lib.core.common import asciifyUrl
from lib.core.common import average
from lib.core.common import calculateDeltaSeconds
from lib.core.common import clearConsoleLine
from lib.core.common import cpuThrottle
from lib.core.common import evaluateCode
from lib.core.common import extractRegexResult
from lib.core.common import getCurrentThreadData
from lib.core.common import getFilteredPageContent
from lib.core.common import getHostHeader
from lib.core.common import getUnicode
from lib.core.common import logHTTPTraffic
from lib.core.common import parseTargetUrl
from lib.core.common import randomizeParameterValue
from lib.core.common import readInput
from lib.core.common import removeReflectiveValues
@@ -61,7 +58,6 @@ from lib.core.settings import MIN_TIME_RESPONSES
from lib.core.settings import WARN_TIME_STDEV
from lib.core.settings import UNENCODED_ORIGINAL_VALUE
from lib.core.settings import URI_HTTP_HEADER
from lib.core.threads import getCurrentThreadData
from lib.request.basic import decodePage
from lib.request.basic import forgeHeaders
from lib.request.basic import processResponse
@@ -171,7 +167,6 @@ class Connect:
url = url.replace(" ", "%20")
page = None
cookieStr = u""
requestMsg = u"HTTP request [#%d]:\n%s " % (threadData.lastRequestUID, method or (HTTPMETHOD.POST if post else HTTPMETHOD.GET))
requestMsg += "%s" % urlparse.urlsplit(url)[2] or "/"
responseMsg = u"HTTP response "
@@ -203,7 +198,7 @@ class Connect:
requestMsg += "?%s" % params
elif multipart:
# Needed in this form because of potential circle dependency
# Needed in this form because of potential circle dependency
# problem (option -> update -> connect -> option)
from lib.core.option import proxyHandler
@@ -563,7 +558,7 @@ class Connect:
elif place:
if place in (PLACE.GET, PLACE.POST, PLACE.URI):
# payloads in GET and/or POST need to be urlencoded
# payloads in GET and/or POST need to be urlencoded
# throughly without safe chars (especially & and =)
# addendum: as we support url encoding in tampering
# functions therefore we need to use % as a safe char
@@ -619,7 +614,6 @@ class Connect:
for randomParameter in conf.rParam:
for item in [PLACE.GET, PLACE.POST, PLACE.COOKIE]:
if item in conf.parameters:
origValue = conf.parameters[item]
if item == PLACE.GET and get:
get = _randomizeParameter(get, randomParameter)
elif item == PLACE.POST and post:

3
lib/request/direct.py
View File

@@ -10,14 +10,11 @@ See the file 'doc/COPYING' for copying permission
import time
from lib.core.agent import agent
from lib.core.common import dataToSessionFile
from lib.core.common import Backend
from lib.core.common import calculateDeltaSeconds
from lib.core.common import getCurrentThreadData
from lib.core.common import getUnicode
from lib.core.convert import base64pickle
from lib.core.convert import base64unpickle
from lib.core.convert import utf8decode
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger

4
lib/takeover/abstraction.py
View File

@@ -7,16 +7,14 @@ Copyright (c) 2006-2012 sqlmap developers (http://www.sqlmap.org/)
See the file 'doc/COPYING' for copying permission
"""
from extra.safe2bin.safe2bin import safechardecode
from lib.core.common import dataToStdout
from lib.core.common import Backend
from lib.core.common import isTechniqueAvailable
from lib.core.common import readInput
from lib.core.convert import safechardecode
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.enums import DBMS
from lib.core.enums import OS
from lib.core.enums import PAYLOAD
from lib.core.exception import sqlmapUnsupportedFeatureException
from lib.core.shell import autoCompletion

1
lib/takeover/icmpsh.py
View File

@@ -19,7 +19,6 @@ from lib.core.common import ntToPosixSlashes
from lib.core.common import randomStr
from lib.core.common import readInput
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.data import paths

3
lib/takeover/metasploit.py
View File

@@ -10,7 +10,6 @@ See the file 'doc/COPYING' for copying permission
import codecs
import os
import re
import stat
import sys
import time
@@ -29,7 +28,6 @@ from lib.core.common import randomRange
from lib.core.common import randomStr
from lib.core.common import readInput
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.data import paths
from lib.core.enums import DBMS
@@ -41,7 +39,6 @@ from lib.core.subprocessng import blockingReadFromFD
from lib.core.subprocessng import blockingWriteToFD
from lib.core.subprocessng import pollProcess
from lib.core.subprocessng import setNonBlocking
from lib.request.connect import Connect as Request
class Metasploit:

2
lib/takeover/web.py
View File

@@ -34,8 +34,6 @@ from lib.core.data import logger
from lib.core.data import paths
from lib.core.enums import OS
from lib.core.enums import PAYLOAD
from lib.core.exception import sqlmapUnsupportedDBMSException
from lib.core.shell import autoCompletion
from lib.request.connect import Connect as Request

2
lib/takeover/xp_cmdshell.py
View File

@@ -10,13 +10,11 @@ See the file 'doc/COPYING' for copying permission
from lib.core.common import Backend
from lib.core.common import getSPLSnippet
from lib.core.common import randomStr
from lib.core.common import readCachedFileContent
from lib.core.common import readInput
from lib.core.common import wasLastRequestDelayed
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.data import paths
from lib.core.enums import DBMS
from lib.core.exception import sqlmapUnsupportedFeatureException
from lib.core.session import setXpCmdshellAvailability

10
lib/techniques/blind/inference.py
View File

@@ -9,8 +9,8 @@ See the file 'doc/COPYING' for copying permission
import threading
import time
import traceback
from extra.safe2bin.safe2bin import safecharencode
from lib.core.agent import agent
from lib.core.common import Backend
from lib.core.common import dataToStdout
@@ -22,21 +22,14 @@ from lib.core.common import getCounter
from lib.core.common import goGoodSamaritan
from lib.core.common import getPartRun
from lib.core.common import incrementCounter
from lib.core.common import popValue
from lib.core.common import pushValue
from lib.core.common import replaceNewlineTabs
from lib.core.common import safeStringFormat
from lib.core.common import singleTimeWarnMessage
from lib.core.common import unhandledExceptionMessage
from lib.core.convert import safecharencode
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.data import queries
from lib.core.enums import DBMS
from lib.core.enums import PAYLOAD
from lib.core.exception import sqlmapConnectionException
from lib.core.exception import sqlmapValueException
from lib.core.exception import sqlmapThreadException
from lib.core.progress import ProgressBar
from lib.core.settings import CHAR_INFERENCE_MARK
@@ -47,7 +40,6 @@ from lib.core.settings import INFERENCE_EQUALS_CHAR
from lib.core.settings import INFERENCE_NOT_EQUALS_CHAR
from lib.core.settings import MAX_TIME_REVALIDATION_STEPS
from lib.core.settings import PARTIAL_VALUE_MARKER
from lib.core.settings import PYVERSION
from lib.core.threads import getCurrentThreadData
from lib.core.threads import runThreads
from lib.core.unescaper import unescaper

7
lib/techniques/brute/use.py
View File

@@ -7,7 +7,6 @@ Copyright (c) 2006-2012 sqlmap developers (http://www.sqlmap.org/)
See the file 'doc/COPYING' for copying permission
"""
import threading
import time
from lib.core.common import clearConsoleLine
@@ -16,11 +15,8 @@ from lib.core.common import filterListValue
from lib.core.common import getFileItems
from lib.core.common import Backend
from lib.core.common import getPageWordSet
from lib.core.common import popValue
from lib.core.common import pushValue
from lib.core.common import randomInt
from lib.core.common import randomStr
from lib.core.common import readInput
from lib.core.common import safeStringFormat
from lib.core.common import safeSQLIdentificatorNaming
from lib.core.data import conf
@@ -30,12 +26,9 @@ from lib.core.enums import DBMS
from lib.core.enums import HASHDB_KEYS
from lib.core.exception import sqlmapDataException
from lib.core.exception import sqlmapMissingMandatoryOptionException
from lib.core.exception import sqlmapThreadException
from lib.core.settings import MAX_NUMBER_OF_THREADS
from lib.core.settings import METADB_SUFFIX
from lib.core.settings import BRUTE_COLUMN_EXISTS_TEMPLATE
from lib.core.settings import BRUTE_TABLE_EXISTS_TEMPLATE
from lib.core.session import safeFormatString
from lib.core.threads import getCurrentThreadData
from lib.core.threads import runThreads
from lib.request import inject

8
lib/techniques/error/use.py
View File

@@ -8,9 +8,9 @@ See the file 'doc/COPYING' for copying permission
"""
import re
import threading
import time
from extra.safe2bin.safe2bin import safecharencode
from lib.core.agent import agent
from lib.core.bigarray import BigArray
from lib.core.common import Backend
@@ -23,19 +23,14 @@ from lib.core.common import incrementCounter
from lib.core.common import initTechnique
from lib.core.common import isNumPosStrValue
from lib.core.common import listToStrValue
from lib.core.common import randomInt
from lib.core.common import readInput
from lib.core.common import safeStringFormat
from lib.core.convert import htmlunescape
from lib.core.convert import safecharencode
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.data import queries
from lib.core.enums import DBMS
from lib.core.enums import EXPECTED
from lib.core.enums import PAYLOAD
from lib.core.exception import sqlmapConnectionException
from lib.core.settings import FROM_DUMMY_TABLE
from lib.core.settings import MYSQL_ERROR_CHUNK_LENGTH
from lib.core.settings import MSSQL_ERROR_CHUNK_LENGTH
@@ -203,7 +198,6 @@ def errorUse(expression, expected=None, dump=False):
output = None
outputs = []
untilLimitChar = None
untilOrderChar = None
_, _, _, _, _, expressionFieldsList, expressionFields, _ = agent.getFields(expression)

7
lib/techniques/union/test.py
View File

@@ -9,15 +9,10 @@ See the file 'doc/COPYING' for copying permission
import random
import re
import time
from lib.core.agent import agent
from lib.core.common import average
from lib.core.common import Backend
from lib.core.common import clearConsoleLine
from lib.core.common import dataToStdout
from lib.core.common import extractRegexResult
from lib.core.common import getUnicode
from lib.core.common import isNullValue
from lib.core.common import listToStrValue
from lib.core.common import popValue
@@ -32,8 +27,6 @@ from lib.core.common import wasLastRequestDBMSError
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.data import queries
from lib.core.enums import DBMS
from lib.core.enums import PAYLOAD
from lib.core.settings import FROM_DUMMY_TABLE
from lib.core.settings import UNION_MIN_RESPONSE_CHARS

4
lib/techniques/union/use.py
View File

@@ -8,9 +8,9 @@ See the file 'doc/COPYING' for copying permission
"""
import re
import threading
import time
from extra.safe2bin.safe2bin import safecharencode
from lib.core.agent import agent
from lib.core.bigarray import BigArray
from lib.core.common import Backend
@@ -27,14 +27,12 @@ from lib.core.common import listToStrValue
from lib.core.common import parseUnionPage
from lib.core.common import removeReflectiveValues
from lib.core.common import singleTimeWarnMessage
from lib.core.convert import safecharencode
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.data import queries
from lib.core.enums import DBMS
from lib.core.enums import PAYLOAD
from lib.core.exception import sqlmapConnectionException
from lib.core.exception import sqlmapSyntaxException
from lib.core.settings import FROM_DUMMY_TABLE
from lib.core.settings import SQL_SCALAR_REGEX

1
lib/utils/checkpayload.py
View File

@@ -12,7 +12,6 @@ import re
from lib.core.common import getCompiledRegex
from lib.core.common import readXmlFile
from lib.core.convert import urldecode
from lib.core.data import conf
from lib.core.data import paths
from lib.core.data import logger

7
lib/utils/crawler.py
View File

@@ -9,7 +9,6 @@ See the file 'doc/COPYING' for copying permission
import httplib
import re
import threading
import urlparse
import time
@@ -73,16 +72,16 @@ class Crawler:
for tag in soup('a'):
if tag.get("href"):
url = urlparse.urljoin(conf.url, tag.get("href"))
# flag to know if we are dealing with the same target host
target = reduce(lambda x, y: x == y, map(lambda x: urlparse.urlparse(x).netloc.split(':')[0], [url, conf.url]))
if conf.scope:
if not re.search(conf.scope, url, re.I):
continue
elif not target:
continue
if url.split('.')[-1].lower() not in CRAWL_EXCLUDE_EXTENSIONS:
kb.locks.outputs.acquire()
threadData.shared.deeper.add(url)

2
lib/utils/deps.py
View File

@@ -7,10 +7,8 @@ Copyright (c) 2006-2012 sqlmap developers (http://www.sqlmap.org/)
See the file 'doc/COPYING' for copying permission
"""
from lib.core.data import conf
from lib.core.data import logger
from lib.core.enums import DBMS
from lib.core.exception import sqlmapMissingDependence
from lib.core.settings import DBMS_DICT
from lib.core.settings import IS_WIN

7
lib/utils/google.py
View File

@@ -15,7 +15,6 @@ import urllib2
from lib.core.common import getUnicode
from lib.core.common import readInput
from lib.core.convert import htmlunescape
from lib.core.convert import urldecode
from lib.core.convert import urlencode
from lib.core.data import conf
@@ -51,7 +50,7 @@ class Google:
retVal = re.findall(GOOGLE_REGEX, page, re.I | re.S)
return retVal
return retVal
def getTargetUrls(self):
"""
@@ -84,7 +83,7 @@ class Google:
_ = conn.info()
except urllib2.HTTPError, e:
_ = e.info()
except urllib2.URLError, _:
except urllib2.URLError:
errMsg = "unable to connect to Google"
raise sqlmapConnectionException, errMsg
@@ -134,7 +133,7 @@ class Google:
warnMsg += "to get error page information (%d)" % e.code
logger.critical(warnMsg)
return None
except (urllib2.URLError, socket.error, socket.timeout), _:
except (urllib2.URLError, socket.error, socket.timeout):
errMsg = "unable to connect to Google"
raise sqlmapConnectionException, errMsg

16
lib/utils/hash.py
View File

@@ -23,14 +23,11 @@ except (ImportError, OSError):
else:
_multiprocessing = multiprocessing
import os
import re
import time
from hashlib import md5
from hashlib import sha1
from Queue import Queue
from zipfile import ZipFile
from extra.pydes.pyDes import des
from extra.pydes.pyDes import CBC
@@ -63,7 +60,6 @@ from lib.core.settings import HASH_MOD_ITEM_DISPLAY
from lib.core.settings import HASH_RECOGNITION_QUIT_THRESHOLD
from lib.core.settings import IS_WIN
from lib.core.settings import ITOA64
from lib.core.settings import PYVERSION
from lib.core.settings import ML
from lib.core.settings import UNICODE_ENCODING
from lib.core.settings import ROTATING_CHARS
@@ -289,14 +285,14 @@ def wordpress_passwd(password, salt, count, prefix, uppercase=False):
return retVal.upper() if uppercase else retVal
__functions__ = {
HASH.MYSQL: mysql_passwd,
HASH.MYSQL: mysql_passwd,
HASH.MYSQL_OLD: mysql_old_passwd,
HASH.POSTGRES: postgres_passwd,
HASH.MSSQL: mssql_passwd,
HASH.MSSQL_OLD: mssql_old_passwd,
HASH.POSTGRES: postgres_passwd,
HASH.MSSQL: mssql_passwd,
HASH.MSSQL_OLD: mssql_old_passwd,
HASH.ORACLE: oracle_passwd,
HASH.ORACLE_OLD: oracle_old_passwd,
HASH.MD5_GENERIC: md5_generic_passwd,
HASH.ORACLE_OLD: oracle_old_passwd,
HASH.MD5_GENERIC: md5_generic_passwd,
HASH.SHA1_GENERIC: sha1_generic_passwd,
HASH.CRYPT_GENERIC: crypt_generic_passwd,
HASH.WORDPRESS: wordpress_passwd

1
lib/utils/hashdb.py
View File

@@ -13,7 +13,6 @@ import threading
from lib.core.common import serializeObject
from lib.core.common import unserializeObject
from lib.core.data import conf
from lib.core.settings import HASHDB_FLUSH_THRESHOLD
from lib.core.settings import UNICODE_ENCODING
from lib.core.threads import getCurrentThreadData

1
lib/utils/resume.py
View File

@@ -24,7 +24,6 @@ from lib.core.data import kb
from lib.core.data import logger
from lib.core.data import queries
from lib.core.enums import DBMS
from lib.core.enums import PAYLOAD
from lib.core.unescaper import unescaper
from lib.techniques.blind.inference import bisection