first working version of dictionary attack

lib/core/common.py

@@ -662,6 +662,7 @@ def setPaths():
     paths.COMMON_TABLES          = os.path.join(paths.SQLMAP_TXT_PATH, "common-tables.txt")
     paths.COMMON_OUTPUTS         = os.path.join(paths.SQLMAP_TXT_PATH, 'common-outputs.txt')
     paths.SQL_KEYWORDS           = os.path.join(paths.SQLMAP_TXT_PATH, "keywords.txt")
+    paths.WORDLIST_TXT           = os.path.join(paths.SQLMAP_TXT_PATH, "wordlist.txt")
     paths.PHPIDS_RULES_XML       = os.path.join(paths.SQLMAP_XML_PATH, "phpids_rules.xml")
     paths.ERRORS_XML             = os.path.join(paths.SQLMAP_XML_PATH, "errors.xml")
     paths.INJECTIONS_XML         = os.path.join(paths.SQLMAP_XML_PATH, "injections.xml")
@@ -1325,11 +1326,15 @@ def initCommonOutputs():
 
     cfile.close()
 
-def getFileItems(filename, commentPrefix='#'):
+def getFileItems(filename, commentPrefix='#', unicode_=True):
     retVal = []
 
     checkFile(filename)
-    ifile = codecs.open(filename, 'r', conf.dataEncoding)
+
+    if unicode_:
+        ifile = codecs.open(filename, 'r', conf.dataEncoding)
+    else:
+        ifile = open(filename, 'r')
 
     for line in ifile.readlines(): # xreadlines doesn't return unicode strings when codec.open() is used
         if commentPrefix:

lib/core/enums.py

@@ -42,3 +42,15 @@ class HTTPMETHOD:
 class NULLCONNECTION:
     HEAD    = "HEAD"
     RANGE   = "Range"
+
+class HASH:
+    MYSQL        = r'(?i)\A\*[0-9a-f]{40}\Z'
+    MYSQL_OLD    = r'(?i)\A[0-9a-f]{16}\Z'
+    POSTGRES     = r'(?i)\Amd5[0-9a-f]{32}\Z'
+    MSSQL        = r'(?i)\A0x0100[0-9a-f]{8}[0-9a-f]{40}\Z'
+    MSSQL_OLD    = r'(?i)\A0x0100[0-9a-f]{8}[0-9a-f]{80}\Z'
+    ORACLE       = r'(?i)\As:[0-9a-f]{60}\Z'
+    ORACLE_OLD   = r'(?i)\A[0-9a-f]{16}\Z'
+    MD5_GENERIC  = r'(?i)\A[0-9a-f]{32}\Z'
+    SHA1_GENERIC = r'(?i)\A[0-9a-f]{40}\Z'
+    __all__      = (MYSQL, MYSQL_OLD, POSTGRES, MSSQL, MSSQL_OLD, ORACLE, ORACLE_OLD, MD5_GENERIC, SHA1_GENERIC)