PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2026-01-08 15:49:01 +00:00
Code Issues Projects Releases Wiki Activity

Some refactoring

Browse Source
This commit is contained in:
Miroslav Stampar
2016-12-19 23:47:39 +01:00
parent bb6e8fd4ce
commit edc6f47758
19 changed files with 88 additions and 93 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
lib/controller/checks.py
View File

@@ -10,10 +10,9 @@ import httplib
import random
import re
import socket
import subprocess
import time
from subprocess import Popen as execute
from extra.beep.beep import beep
from lib.core.agent import agent
from lib.core.common import Backend
@@ -200,7 +199,7 @@ def checkSqlInjection(place, parameter, value):
if conf.tech and isinstance(conf.tech, list) and stype not in conf.tech:
debugMsg = "skipping test '%s' because the user " % title
debugMsg += "specified to test only for "
debugMsg += "%s techniques" % " & ".join(map(lambda x: PAYLOAD.SQLINJECTION[x], conf.tech))
debugMsg += "%s techniques" % " & ".join(PAYLOAD.SQLINJECTION[_] for _ in conf.tech)
logger.debug(debugMsg)
continue
@@ -651,20 +650,20 @@ def checkSqlInjection(place, parameter, value):
# Feed with test details every time a test is successful
if hasattr(test, "details"):
for dKey, dValue in test.details.items():
if dKey == "dbms":
injection.dbms = dValue
for key, value in test.details.items():
if key == "dbms":
injection.dbms = value
if not isinstance(dValue, list):
Backend.setDbms(dValue)
if not isinstance(value, list):
Backend.setDbms(value)
else:
Backend.forceDbms(dValue[0], True)
Backend.forceDbms(value[0], True)
elif dKey == "dbms_version" and injection.dbms_version is None and not conf.testFilter:
injection.dbms_version = Backend.setVersion(dValue)
elif key == "dbms_version" and injection.dbms_version is None and not conf.testFilter:
injection.dbms_version = Backend.setVersion(value)
elif dKey == "os" and injection.os is None:
injection.os = Backend.setOs(dValue)
elif key == "os" and injection.os is None:
injection.os = Backend.setOs(value)
if vector is None and "vector" in test and test.vector is not None:
vector = test.vector
@@ -696,7 +695,7 @@ def checkSqlInjection(place, parameter, value):
infoMsg = "executing alerting shell command(s) ('%s')" % conf.alert
logger.info(infoMsg)
process = execute(conf.alert, shell=True)
process = subprocess.Popen(conf.alert, shell=True)
process.wait()
kb.alerted = True
@@ -921,8 +920,10 @@ def heuristicCheckSqlInjection(place, parameter):
origValue = conf.paramDict[place][parameter]
paramType = conf.method if conf.method not in (None, HTTPMETHOD.GET, HTTPMETHOD.POST) else place
prefix = ""
suffix = ""
randStr = ""
if conf.prefix or conf.suffix:
if conf.prefix:
@@ -931,8 +932,6 @@ def heuristicCheckSqlInjection(place, parameter):
if conf.suffix:
suffix = conf.suffix
randStr = ""
while randStr.count('\'') != 1 or randStr.count('\"') != 1:
randStr = randomStr(length=10, alphabet=HEURISTIC_CHECK_ALPHABET)

6
lib/controller/controller.py
View File

@@ -165,7 +165,7 @@ def _showInjections():
if hasattr(conf, "api"):
conf.dumper.string("", kb.injections, content_type=CONTENT_TYPE.TECHNIQUES)
else:
data = "".join(set(map(lambda x: _formatInjection(x), kb.injections))).rstrip("\n")
data = "".join(set(_formatInjection(_) for _ in kb.injections)).rstrip("\n")
conf.dumper.string(header, data)
if conf.tamper:
@@ -224,7 +224,7 @@ def _saveToResultsFile():
return
results = {}
techniques = dict(map(lambda x: (x[1], x[0]), getPublicTypeMembers(PAYLOAD.TECHNIQUE)))
techniques = dict((_[1], _[0]) for _ in getPublicTypeMembers(PAYLOAD.TECHNIQUE))
for injection in kb.injections + kb.falsePositives:
if injection.place is None or injection.parameter is None:
@@ -238,7 +238,7 @@ def _saveToResultsFile():
for key, value in results.items():
place, parameter, notes = key
line = "%s,%s,%s,%s,%s%s" % (safeCSValue(kb.originalUrls.get(conf.url) or conf.url), place, parameter, "".join(map(lambda x: techniques[x][0].upper(), sorted(value))), notes, os.linesep)
line = "%s,%s,%s,%s,%s%s" % (safeCSValue(kb.originalUrls.get(conf.url) or conf.url), place, parameter, "".join(techniques[_][0].upper() for _ in sorted(value)), notes, os.linesep)
conf.resultsFP.writelines(line)
if not results:

5
lib/core/common.py
View File

@@ -23,6 +23,7 @@ import random
import re
import socket
import string
import subprocess
import sys
import tempfile
import time
@@ -37,8 +38,6 @@ from StringIO import StringIO
from difflib import SequenceMatcher
from math import sqrt
from optparse import OptionValueError
from subprocess import PIPE
from subprocess import Popen as execute
from xml.dom import minidom
from xml.sax import parse
from xml.sax import SAXParseException
@@ -1889,7 +1888,7 @@ def getConsoleWidth(default=80):
FNULL = open(os.devnull, 'w')
except IOError:
FNULL = None
process = execute("stty size", shell=True, stdout=PIPE, stderr=FNULL or PIPE)
process = subprocess.Popen("stty size", shell=True, stdout=subprocess.PIPE, stderr=FNULL or subprocess.PIPE)
stdout, _ = process.communicate()
items = stdout.split()

16
lib/core/option.py
View File

@@ -1335,17 +1335,17 @@ def _setHTTPAuthentication():
debugMsg = "setting the HTTP authentication type and credentials"
logger.debug(debugMsg)
aTypeLower = conf.authType.lower()
authType = conf.authType.lower()
if aTypeLower in (AUTH_TYPE.BASIC, AUTH_TYPE.DIGEST):
if authType in (AUTH_TYPE.BASIC, AUTH_TYPE.DIGEST):
regExp = "^(.*?):(.*?)$"
errMsg = "HTTP %s authentication credentials " % aTypeLower
errMsg = "HTTP %s authentication credentials " % authType
errMsg += "value must be in format 'username:password'"
elif aTypeLower == AUTH_TYPE.NTLM:
elif authType == AUTH_TYPE.NTLM:
regExp = "^(.*\\\\.*):(.*?)$"
errMsg = "HTTP NTLM authentication credentials value must "
errMsg += "be in format 'DOMAIN\username:password'"
elif aTypeLower == AUTH_TYPE.PKI:
elif authType == AUTH_TYPE.PKI:
errMsg = "HTTP PKI authentication require "
errMsg += "usage of option `--auth-pki`"
raise SqlmapSyntaxException(errMsg)
@@ -1362,13 +1362,13 @@ def _setHTTPAuthentication():
_setAuthCred()
if aTypeLower == AUTH_TYPE.BASIC:
if authType == AUTH_TYPE.BASIC:
authHandler = SmartHTTPBasicAuthHandler(kb.passwordMgr)
elif aTypeLower == AUTH_TYPE.DIGEST:
elif authType == AUTH_TYPE.DIGEST:
authHandler = urllib2.HTTPDigestAuthHandler(kb.passwordMgr)
elif aTypeLower == AUTH_TYPE.NTLM:
elif authType == AUTH_TYPE.NTLM:
try:
from ntlm import HTTPNtlmAuthHandler
except ImportError:

6
lib/core/revision.py
View File

@@ -7,9 +7,7 @@ See the file 'doc/COPYING' for copying permission
import os
import re
from subprocess import PIPE
from subprocess import Popen as execute
import subprocess
def getRevisionNumber():
"""
@@ -46,7 +44,7 @@ def getRevisionNumber():
break
if not retVal:
process = execute("git rev-parse --verify HEAD", shell=True, stdout=PIPE, stderr=PIPE)
process = subprocess.Popen("git rev-parse --verify HEAD", shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
stdout, _ = process.communicate()
match = re.search(r"(?i)[0-9a-f]{32}", stdout or "")
retVal = match.group(0) if match else None

4
lib/core/settings.py
View File

@@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
from lib.core.enums import OS
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.0.12.10"
VERSION = "1.0.12.11"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
@@ -527,7 +527,7 @@ UNION_CHAR_REGEX = r"\A\w+\Z"
UNENCODED_ORIGINAL_VALUE = "original"
# Common column names containing usernames (used for hash cracking in some cases)
COMMON_USER_COLUMNS = ("login", "user", "username", "user_name", "user_login", "benutzername", "benutzer", "utilisateur", "usager", "consommateur", "utente", "utilizzatore", "usufrutuario", "korisnik", "usuario", "consumidor")
COMMON_USER_COLUMNS = ("login", "user", "username", "user_name", "user_login", "benutzername", "benutzer", "utilisateur", "usager", "consommateur", "utente", "utilizzatore", "usufrutuario", "korisnik", "usuario", "consumidor", "client", "cuser")
# Default delimiter in GET/POST values
DEFAULT_GET_POST_DELIMITER = '&'

6
lib/core/update.py
View File

@@ -8,11 +8,9 @@ See the file 'doc/COPYING' for copying permission
import locale
import os
import re
import subprocess
import time
from subprocess import PIPE
from subprocess import Popen as execute
from lib.core.common import dataToStdout
from lib.core.common import getSafeExString
from lib.core.common import pollProcess
@@ -44,7 +42,7 @@ def update():
dataToStdout("\r[%s] [INFO] update in progress " % time.strftime("%X"))
try:
process = execute("git checkout . && git pull %s HEAD" % GIT_REPOSITORY, shell=True, stdout=PIPE, stderr=PIPE, cwd=paths.SQLMAP_ROOT_PATH.encode(locale.getpreferredencoding())) # Reference: http://blog.stastnarodina.com/honza-en/spot/python-unicodeencodeerror/
process = subprocess.Popen("git checkout . && git pull %s HEAD" % GIT_REPOSITORY, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, cwd=paths.SQLMAP_ROOT_PATH.encode(locale.getpreferredencoding())) # Reference: http://blog.stastnarodina.com/honza-en/spot/python-unicodeencodeerror/
pollProcess(process, True)
stdout, stderr = process.communicate()
success = not process.returncode

1
lib/request/direct.py
View File

@@ -63,6 +63,7 @@ def direct(query, content=True):
elif output:
infoMsg = "resumed: %s..." % getUnicode(output, UNICODE_ENCODING)[:20]
logger.info(infoMsg)
threadData.lastQueryDuration = calculateDeltaSeconds(start)
if not output:

2
lib/request/inject.py
View File

@@ -364,7 +364,7 @@ def getValue(expression, blind=True, union=True, error=True, time=True, fromUser
if conf.direct:
value = direct(forgeCaseExpression if expected == EXPECTED.BOOL else expression)
elif any(map(isTechniqueAvailable, getPublicTypeMembers(PAYLOAD.TECHNIQUE, onlyValues=True))):
elif any(isTechniqueAvailable(_) for _ in getPublicTypeMembers(PAYLOAD.TECHNIQUE, onlyValues=True)):
query = cleanQuery(expression)
query = expandAsteriskForColumns(query)
value = None

8
lib/takeover/abstraction.py
View File

@@ -25,13 +25,13 @@ from lib.core.shell import autoCompletion
from lib.request import inject
from lib.takeover.udf import UDF
from lib.takeover.web import Web
from lib.takeover.xp_cmdshell import Xp_cmdshell
from lib.takeover.xp_cmdshell import XP_cmdshell
class Abstraction(Web, UDF, Xp_cmdshell):
class Abstraction(Web, UDF, XP_cmdshell):
"""
This class defines an abstraction layer for OS takeover functionalities
to UDF / Xp_cmdshell objects
to UDF / XP_cmdshell objects
"""
def __init__(self):
@@ -40,7 +40,7 @@ class Abstraction(Web, UDF, Xp_cmdshell):
UDF.__init__(self)
Web.__init__(self)
Xp_cmdshell.__init__(self)
XP_cmdshell.__init__(self)
def execCmd(self, cmd, silent=False):
if self.webBackdoorUrl and not isStackingAvailable():

2
lib/takeover/xp_cmdshell.py
View File

@@ -33,7 +33,7 @@ from lib.core.exception import SqlmapUnsupportedFeatureException
from lib.core.threads import getCurrentThreadData
from lib.request import inject
class Xp_cmdshell:
class XP_cmdshell:
"""
This class defines methods to deal with Microsoft SQL Server
xp_cmdshell extended procedure for plugins.

10
lib/techniques/union/test.py
View File

@@ -114,9 +114,9 @@ def _findUnionCharCount(comment, place, parameter, value, prefix, suffix, where=
if not isNullValue(kb.uChar):
for regex in (kb.uChar, r'>\s*%s\s*<' % kb.uChar):
contains = [(count, re.search(regex, page or "", re.IGNORECASE) is not None) for count, page in pages.items()]
if len(filter(lambda x: x[1], contains)) == 1:
retVal = filter(lambda x: x[1], contains)[0][0]
contains = [(count, re.search(regex, _ or "", re.IGNORECASE) is not None) for count, _ in pages.items()]
if len(filter(lambda _: _[1], contains)) == 1:
retVal = filter(lambda _: _[1], contains)[0][0]
break
if not retVal:
@@ -133,10 +133,10 @@ def _findUnionCharCount(comment, place, parameter, value, prefix, suffix, where=
elif item[1] == max_:
maxItem = item
if all(map(lambda x: x == min_ and x != max_, ratios)):
if all(_ == min_ and _ != max_ for _ in ratios):
retVal = maxItem[0]
elif all(map(lambda x: x != min_ and x == max_, ratios)):
elif all(_ != min_ and _ == max_ for _ in ratios):
retVal = minItem[0]
elif abs(max_ - min_) >= MIN_STATISTICAL_RANGE:

2
lib/techniques/union/use.py
View File

@@ -337,7 +337,7 @@ def unionUse(expression, unpack=True, dump=False):
if output:
with kb.locks.value:
if all(map(lambda _: _ in output, (kb.chars.start, kb.chars.stop))):
if all(_ in output for _ in (kb.chars.start, kb.chars.stop)):
items = parseUnionPage(output)
if threadData.shared.showEta:

32
lib/utils/deps.py
View File

@@ -19,33 +19,33 @@ def checkDependencies():
try:
if dbmsName in (DBMS.MSSQL, DBMS.SYBASE):
import _mssql
import pymssql
__import__("_mssql")
import pymssql
if not hasattr(pymssql, "__version__") or pymssql.__version__ < "1.0.2":
warnMsg = "'%s' third-party library must be " % data[1]
warnMsg += "version >= 1.0.2 to work properly. "
warnMsg += "Download from %s" % data[2]
logger.warn(warnMsg)
elif dbmsName == DBMS.MYSQL:
import pymysql
__import__("pymysql")
elif dbmsName == DBMS.PGSQL:
import psycopg2
__import__("psycopg2")
elif dbmsName == DBMS.ORACLE:
import cx_Oracle
__import__("cx_Oracle")
elif dbmsName == DBMS.SQLITE:
import sqlite3
__import__("sqlite3")
elif dbmsName == DBMS.ACCESS:
import pyodbc
__import__("pyodbc")
elif dbmsName == DBMS.FIREBIRD:
import kinterbasdb
__import__("kinterbasdb")
elif dbmsName == DBMS.DB2:
import ibm_db_dbi
__import__("ibm_db_dbi")
elif dbmsName == DBMS.HSQLDB:
import jaydebeapi
import jpype
__import__("jaydebeapi")
__import__("jpype")
elif dbmsName == DBMS.INFORMIX:
import ibm_db_dbi
__import__("ibm_db_dbi")
except ImportError:
warnMsg = "sqlmap requires '%s' third-party library " % data[1]
warnMsg += "in order to directly connect to the DBMS "
@@ -59,7 +59,7 @@ def checkDependencies():
logger.debug(debugMsg)
try:
import impacket
__import__("impacket")
debugMsg = "'python-impacket' third-party library is found"
logger.debug(debugMsg)
except ImportError:
@@ -70,7 +70,7 @@ def checkDependencies():
missing_libraries.add('python-impacket')
try:
import ntlm
__import__("ntlm")
debugMsg = "'python-ntlm' third-party library is found"
logger.debug(debugMsg)
except ImportError:
@@ -81,7 +81,7 @@ def checkDependencies():
missing_libraries.add('python-ntlm')
try:
from websocket import ABNF
__import__("websocket.ABNF")
debugMsg = "'python websocket-client' library is found"
logger.debug(debugMsg)
except ImportError:
@@ -93,7 +93,7 @@ def checkDependencies():
if IS_WIN:
try:
import pyreadline
__import__("pyreadline")
debugMsg = "'python-pyreadline' third-party library is found"
logger.debug(debugMsg)
except ImportError:

2
lib/utils/versioncheck.py
View File

@@ -10,7 +10,7 @@ import sys
PYVERSION = sys.version.split()[0]
if PYVERSION >= "3" or PYVERSION < "2.6":
exit("[CRITICAL] incompatible Python version detected ('%s'). For successfully running sqlmap you'll have to use version 2.6 or 2.7 (visit 'http://www.python.org/download/')" % PYVERSION)
exit("[CRITICAL] incompatible Python version detected ('%s'). For successfully running sqlmap you'll have to use version 2.6.x or 2.7.x (visit 'http://www.python.org/download/')" % PYVERSION)
extensions = ("gzip", "ssl", "sqlite3", "zlib")
try: