Proper form for excluded case in escaper

2025-12-06 20:51:31 +00:00 · 2016-10-01 21:15:35 +02:00
358 changed files with 1577 additions and 2616 deletions
--- a/ISSUE_TEMPLATE.md
+++ b/ISSUE_TEMPLATE.md
@@ -1,26 +0,0 @@
 ## What's the problem (or question)?
 <!--- If describing a bug, tell us what happens instead of the expected behavior -->
 <!--- If suggesting a change/improvement, explain the difference from current behavior -->
 ## Do you have an idea for a solution?
 <!--- Not obligatory, but suggest a fix/reason for the bug, -->
 <!--- or ideas how to implement the addition or change -->
 ## How can we reproduce the issue?
 <!--- Provide unambiguous set of steps to reproduce this bug. Include command to reproduce, if relevant (you can mask the sensitive data) -->
 1.
 2.
 3.
 4.
 ## What are the running context details?
 <!--- Include as many relevant details about the running context you experienced the bug/problem in -->
 * Installation method (e.g. `pip`, `apt-get`, `git clone` or `zip`/`tar.gz`):
 * Client OS (e.g. `Microsoft Windows 10`)
 * Program version (`python sqlmap.py --version` or `sqlmap --version` depending on installation): 
 * Target DBMS (e.g. `Microsoft SQL Server`): 
 * Detected WAF/IDS/IPS protection (e.g. `ModSecurity` or `unknown`):
 * SQLi techniques found by sqlmap (e.g. `error-based` and `boolean-based blind`):
 * Results of manual target assessment (e.g. found that the payload `query=test' AND 4113 IN ((SELECT 'foobar'))-- qKLV` works):
 * Relevant console output (if any):
 * Exception traceback (if any):
--- a/README.md
+++ b/README.md
@@ -18,7 +18,7 @@ You can download the latest tarball by clicking [here](https://github.com/sqlmap
 Preferably, you can download sqlmap by cloning the [Git](https://github.com/sqlmapproject/sqlmap) repository:
-    git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
+    git clone https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
 sqlmap works out of the box with [Python](http://www.python.org/download/) version **2.6.x** and **2.7.x** on any platform.
--- a/doc/CHANGELOG.md
+++ b/doc/CHANGELOG.md
@@ -76,7 +76,7 @@
 * Added option `--safe-post` to set POST data for sending to safe URL.
 * Added option `--safe-req` for loading HTTP request from a file that will be used during sending to safe URL.
 * Added option `--skip` to skip testing of given parameter(s).
-* Added switch `--skip-static` to skip testing parameters that not appear to be dynamic.
+* Added switch `--skip-static` to skip testing parameters that not appear dynamic.
 * Added switch `--skip-urlencode` to skip URL encoding of payload data.
 * Added switch `--skip-waf` to skip heuristic detection of WAF/IPS/IDS protection.
 * Added switch `--smart` to conduct thorough tests only if positive heuristic(s).
--- a/doc/COPYING
+++ b/doc/COPYING
@@ -1,7 +1,7 @@
 COPYING -- Describes the terms under which sqlmap is distributed. A copy
 of the GNU General Public License (GPL) is appended to this file.
-sqlmap is (C) 2006-2017 Bernardo Damele Assumpcao Guimaraes, Miroslav Stampar.
+sqlmap is (C) 2006-2016 Bernardo Damele Assumpcao Guimaraes, Miroslav Stampar.
 This program is free software; you may redistribute and/or modify it under
 the terms of the GNU General Public License as published by the Free
--- a/doc/THIRD-PARTY.md
+++ b/doc/THIRD-PARTY.md
@@ -312,5 +312,3 @@ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 * The PyDes library located under thirdparty/pydes/.
   Copyleft 2009, Todd Whiteman.
 * The win_inet_pton library located under thirdparty/wininetpton/.
   Copyleft 2014, Ryan Vennell.
--- a/doc/translations/README-es-MX.md
+++ b/doc/translations/README-es-MX.md
@@ -17,7 +17,7 @@ Se puede descargar el "tarball" más actual haciendo clic [aquí](https://github
 Preferentemente, se puede descargar sqlmap clonando el repositorio [Git](https://github.com/sqlmapproject/sqlmap):
-    git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
+    git clone https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
 sqlmap funciona con las siguientes versiones de [Python](http://www.python.org/download/) ** 2.6.x** y ** 2.7.x** en cualquier plataforma.
@@ -26,7 +26,7 @@ Uso
 Para obtener una lista de opciones básicas: 
-    python sqlmap.py -h
+    python sqlmap.py -h 
 Para obtener una lista de todas las opciones:
--- a/doc/translations/README-fr-FR.md
+++ b/doc/translations/README-fr-FR.md
@@ -17,7 +17,7 @@ Vous pouvez télécharger le plus récent fichier tarball en cliquant [ici](http
 De préférence, télécharger __sqlmap__ en le [clonant](https://github.com/sqlmapproject/sqlmap):
-    git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
+    git clone https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
 sqlmap fonctionne sur n'importe quel système d'exploitation avec la version **2.6.x** et **2.7.x** de [Python](http://www.python.org/download/)  
--- a/doc/translations/README-gr-GR.md
+++ b/doc/translations/README-gr-GR.md
@@ -18,7 +18,7 @@
 Κατά προτίμηση, μπορείτε να κατεβάσετε το sqlmap κάνοντας κλώνο το [Git](https://github.com/sqlmapproject/sqlmap) αποθετήριο:
-    git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
+    git clone https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
 Το sqlmap λειτουργεί χωρίς περαιτέρω κόπο με την [Python](http://www.python.org/download/) έκδοσης **2.6.x** και **2.7.x** σε όποια πλατφόρμα.
--- a/doc/translations/README-hr-HR.md
+++ b/doc/translations/README-hr-HR.md
@@ -18,7 +18,7 @@ Možete preuzeti zadnji tarball klikom [ovdje](https://github.com/sqlmapproject/
 Po mogućnosti, možete preuzeti sqlmap kloniranjem [Git](https://github.com/sqlmapproject/sqlmap) repozitorija:
-    git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
+    git clone https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
 sqlmap radi bez posebnih zahtjeva korištenjem [Python](http://www.python.org/download/) verzije **2.6.x** i/ili **2.7.x** na bilo kojoj platformi.
--- a/doc/translations/README-id-ID.md
+++ b/doc/translations/README-id-ID.md
@@ -19,7 +19,7 @@ Anda dapat mengunduh tarball versi terbaru [di sini]
 Sebagai alternatif, Anda dapat mengunduh sqlmap dengan men-_clone_ repositori [Git](https://github.com/sqlmapproject/sqlmap):
-    git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
+    git clone https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
 sqlmap berfungsi langsung pada [Python](http://www.python.org/download/) versi **2.6.x** dan **2.7.x** pada platform apapun.
--- a/doc/translations/README-it-IT.md
+++ b/doc/translations/README-it-IT.md
@@ -18,7 +18,7 @@ Puoi scaricare l'ultima tarball cliccando [qui](https://github.com/sqlmapproject
 La cosa migliore sarebbe però scaricare sqlmap clonando la repository [Git](https://github.com/sqlmapproject/sqlmap):
-    git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
+    git clone https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
 sqlmap è in grado di funzionare con le versioni **2.6.x** e **2.7.x** di [Python](http://www.python.org/download/) su ogni piattaforma.
--- a/doc/translations/README-ja-JP.md
+++ b/doc/translations/README-ja-JP.md
@@ -19,7 +19,7 @@ wikiに載っているいくつかの機能のデモをスクリーンショッ
 [Git](https://github.com/sqlmapproject/sqlmap) レポジトリをクローンして、sqlmapをダウンロードすることも可能です。:
-    git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
+    git clone https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
 sqlmapは、 [Python](http://www.python.org/download/) バージョン **2.6.x** または **2.7.x** がインストールされていれば、全てのプラットフォームですぐに使用できます。
--- a/doc/translations/README-pt-BR.md
+++ b/doc/translations/README-pt-BR.md
@@ -19,7 +19,7 @@ Você pode baixar o arquivo tar mais recente clicando [aqui]
 De preferência, você pode baixar o sqlmap clonando o repositório [Git](https://github.com/sqlmapproject/sqlmap):
-    git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
+    git clone https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
 sqlmap funciona em [Python](http://www.python.org/download/) nas versões **2.6.x** e **2.7.x** em todas as plataformas.
--- a/doc/translations/README-tr-TR.md
+++ b/doc/translations/README-tr-TR.md
@@ -21,7 +21,7 @@ Kurulum
 Veya tercihen, [Git](https://github.com/sqlmapproject/sqlmap) reposunu klonlayarak indirebilirsiniz
-    git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
+    git clone https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
 sqlmap [Python](http://www.python.org/download/) sitesinde bulunan **2.6.x** and **2.7.x** versiyonları ile bütün platformlarda çalışabilmektedir.
--- a/doc/translations/README-zh-CN.md
+++ b/doc/translations/README-zh-CN.md
@@ -18,7 +18,7 @@ sqlmap 是一个开源的渗透测试工具，可以用来自动化的检测，
 推荐你从 [Git](https://github.com/sqlmapproject/sqlmap) 仓库获取最新的源代码:
-    git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
+    git clone https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
 sqlmap 可以运行在 [Python](http://www.python.org/download/)  **2.6.x**  和  **2.7.x** 版本的任何平台上
--- a/extra/init.py
+++ b/extra/init.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
--- a/extra/beep/init.py
+++ b/extra/beep/init.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
--- a/extra/beep/beep.py
+++ b/extra/beep/beep.py
@@ -3,7 +3,7 @@
 """
 beep.py - Make a beep sound
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
--- a/extra/cloak/init.py
+++ b/extra/cloak/init.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
--- a/extra/cloak/cloak.py
+++ b/extra/cloak/cloak.py
@@ -3,7 +3,7 @@
 """
 cloak.py - Simple file encryption/compression utility
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
--- a/extra/dbgtool/init.py
+++ b/extra/dbgtool/init.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
--- a/extra/dbgtool/dbgtool.py
+++ b/extra/dbgtool/dbgtool.py
@@ -3,7 +3,7 @@
 """
 dbgtool.py - Portable executable to ASCII debug script converter
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
--- a/extra/mssqlsig/update.py
+++ b/extra/mssqlsig/update.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
--- a/extra/safe2bin/init.py
+++ b/extra/safe2bin/init.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
--- a/extra/safe2bin/safe2bin.py
+++ b/extra/safe2bin/safe2bin.py
@@ -3,7 +3,7 @@
 """
 safe2bin.py - Simple safe(hex) to binary format converter
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
--- a/extra/shutils/duplicates.py
+++ b/extra/shutils/duplicates.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python
-# Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+# Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 # See the file 'doc/COPYING' for copying permission
 # Removes duplicate entries in wordlist like files
--- a/extra/shutils/postcommit-hook.sh
+++ b/extra/shutils/postcommit-hook.sh
@@ -13,7 +13,7 @@ then
    NEW_TAG=$(python -c "import re, sys, time; version = re.search('\"([0-9.]*)\"', sys.argv[1]).group(1); _ = version.split('.'); print '.'.join(_[:-1]) if len(_) == 4 and _[-1] == '0' else ''" "$LINE")
    if [ -n "$NEW_TAG" ]
    then
-        #git commit -am "Automatic monthly tagging"
+        git commit -am "Automatic monthly tagging"
        echo "Creating new tag ${NEW_TAG}"
        git tag $NEW_TAG
        git push origin $NEW_TAG
--- a/extra/shutils/precommit-hook.sh
+++ b/extra/shutils/precommit-hook.sh
@@ -10,8 +10,6 @@ PROJECT_FULLPATH=${SCRIPTPATH%/*}/$PROJECT
 SETTINGS_FULLPATH=${SCRIPTPATH%/*}/$SETTINGS
 CHECKSUM_FULLPATH=${SCRIPTPATH%/*}/$CHECKSUM
 git diff $SETTINGS_FULLPATH | grep "VERSION =" > /dev/null && exit 0
 if [ -f $SETTINGS_FULLPATH ]
 then
    LINE=$(grep -o ${SETTINGS_FULLPATH} -e 'VERSION = "[0-9.]*"')
--- a/extra/shutils/pylint.py
+++ b/extra/shutils/pylint.py
@@ -20,8 +20,8 @@ def check(module):
        print "CHECKING ", module
        pout = os.popen("pylint --rcfile=/dev/null %s" % module, 'r')
        for line in pout:
-            if  re.match("\AE:", line):
+            if  re.match("E....:.", line):
-                print line.strip()
+                print line
            if __RATING__ and "Your code has been rated at" in line:
                print line
                score = re.findall("\d.\d\d", line)[0]
--- a/extra/shutils/pypi.sh
+++ b/extra/shutils/pypi.sh
@@ -11,7 +11,7 @@ cat > $TMP_DIR/setup.py << EOF
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
@@ -55,7 +55,7 @@ cat > sqlmap/__init__.py << EOF
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
@@ -107,7 +107,7 @@ If you prefer fetching daily updates, you can download sqlmap by cloning the
 ::
-    git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
+    git clone https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
 sqlmap works out of the box with
 `Python <http://www.python.org/download/>`__ version **2.6.x** and
--- a/extra/shutils/regressiontest.py
+++ b/extra/shutils/regressiontest.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python
-# Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+# Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 # See the file 'doc/COPYING' for copying permission
 import codecs
@@ -22,6 +22,7 @@ from lib.core.revision import getRevisionNumber
 START_TIME = time.strftime("%H:%M:%S %d-%m-%Y", time.gmtime())
 SQLMAP_HOME = "/opt/sqlmap"
 REVISION = getRevisionNumber()
 SMTP_SERVER = "127.0.0.1"
 SMTP_PORT = 25
@@ -29,7 +30,7 @@ SMTP_TIMEOUT = 30
 FROM = "regressiontest@sqlmap.org"
 #TO = "dev@sqlmap.org"
 TO = ["bernardo.damele@gmail.com", "miroslav.stampar@gmail.com"]
-SUBJECT = "regression test started on %s using revision %s" % (START_TIME, getRevisionNumber())
+SUBJECT = "regression test started on %s using revision %s" % (START_TIME, REVISION)
 TARGET = "debian"
 def prepare_email(content):
--- a/extra/sqlharvest/init.py
+++ b/extra/sqlharvest/init.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
--- a/extra/sqlharvest/sqlharvest.py
+++ b/extra/sqlharvest/sqlharvest.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
--- a/lib/init.py
+++ b/lib/init.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
--- a/lib/controller/init.py
+++ b/lib/controller/init.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
--- a/lib/controller/action.py
+++ b/lib/controller/action.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
@@ -10,9 +10,10 @@ import httplib
 import random
 import re
 import socket
 import subprocess
 import time
 from subprocess import Popen as execute
 from extra.beep.beep import beep
 from lib.core.agent import agent
 from lib.core.common import Backend
@@ -199,7 +200,7 @@ def checkSqlInjection(place, parameter, value):
            if conf.tech and isinstance(conf.tech, list) and stype not in conf.tech:
                debugMsg = "skipping test '%s' because the user " % title
                debugMsg += "specified to test only for "
-                debugMsg += "%s techniques" % " & ".join(PAYLOAD.SQLINJECTION[_] for _ in conf.tech)
+                debugMsg += "%s techniques" % " & ".join(map(lambda x: PAYLOAD.SQLINJECTION[x], conf.tech))
                logger.debug(debugMsg)
                continue
@@ -650,20 +651,20 @@ def checkSqlInjection(place, parameter, value):
                        # Feed with test details every time a test is successful
                        if hasattr(test, "details"):
-                            for key, value in test.details.items():
+                            for dKey, dValue in test.details.items():
-                                if key == "dbms":
+                                if dKey == "dbms":
-                                    injection.dbms = value
+                                    injection.dbms = dValue
-                                    if not isinstance(value, list):
+                                    if not isinstance(dValue, list):
-                                        Backend.setDbms(value)
+                                        Backend.setDbms(dValue)
                                    else:
-                                        Backend.forceDbms(value[0], True)
+                                        Backend.forceDbms(dValue[0], True)
-                                elif key == "dbms_version" and injection.dbms_version is None and not conf.testFilter:
+                                elif dKey == "dbms_version" and injection.dbms_version is None and not conf.testFilter:
-                                    injection.dbms_version = Backend.setVersion(value)
+                                    injection.dbms_version = Backend.setVersion(dValue)
-                                elif key == "os" and injection.os is None:
+                                elif dKey == "os" and injection.os is None:
-                                    injection.os = Backend.setOs(value)
+                                    injection.os = Backend.setOs(dValue)
                        if vector is None and "vector" in test and test.vector is not None:
                            vector = test.vector
@@ -695,7 +696,7 @@ def checkSqlInjection(place, parameter, value):
                                infoMsg = "executing alerting shell command(s) ('%s')" % conf.alert
                                logger.info(infoMsg)
-                                process = subprocess.Popen(conf.alert, shell=True)
+                                process = execute(conf.alert, shell=True)
                                process.wait()
                            kb.alerted = True
@@ -920,10 +921,8 @@ def heuristicCheckSqlInjection(place, parameter):
    origValue = conf.paramDict[place][parameter]
    paramType = conf.method if conf.method not in (None, HTTPMETHOD.GET, HTTPMETHOD.POST) else place
    prefix = ""
    suffix = ""
    randStr = ""
    if conf.prefix or conf.suffix:
        if conf.prefix:
@@ -932,7 +931,9 @@ def heuristicCheckSqlInjection(place, parameter):
        if conf.suffix:
            suffix = conf.suffix
-    while randStr.count('\'') != 1 or randStr.count('\"') != 1:
+    randStr = ""
    while '\'' not in randStr:
        randStr = randomStr(length=10, alphabet=HEURISTIC_CHECK_ALPHABET)
    kb.heuristicMode = True
@@ -1332,7 +1333,7 @@ def identifyWaf():
    for function, product in kb.wafFunctions:
        try:
-            logger.debug("checking for WAF/IPS/IDS product '%s'" % product)
+            logger.debug("checking for WAF/IDS/IPS product '%s'" % product)
            found = function(_)
        except Exception, ex:
            errMsg = "exception occurred while running "
@@ -1342,7 +1343,7 @@ def identifyWaf():
            found = False
        if found:
-            errMsg = "WAF/IPS/IDS identified as '%s'" % product
+            errMsg = "WAF/IDS/IPS identified as '%s'" % product
            logger.critical(errMsg)
            retVal.append(product)
@@ -1359,7 +1360,7 @@ def identifyWaf():
        if output and output[0] not in ("Y", "y"):
            raise SqlmapUserQuitException
    else:
-        warnMsg = "WAF/IPS/IDS product hasn't been identified"
+        warnMsg = "WAF/IDS/IPS product hasn't been identified"
        logger.warn(warnMsg)
    kb.testType = None
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
@@ -165,7 +165,7 @@ def _showInjections():
    if hasattr(conf, "api"):
        conf.dumper.string("", kb.injections, content_type=CONTENT_TYPE.TECHNIQUES)
    else:
-        data = "".join(set(_formatInjection(_) for _ in kb.injections)).rstrip("\n")
+        data = "".join(set(map(lambda x: _formatInjection(x), kb.injections))).rstrip("\n")
        conf.dumper.string(header, data)
    if conf.tamper:
@@ -224,7 +224,7 @@ def _saveToResultsFile():
        return
    results = {}
-    techniques = dict((_[1], _[0]) for _ in getPublicTypeMembers(PAYLOAD.TECHNIQUE))
+    techniques = dict(map(lambda x: (x[1], x[0]), getPublicTypeMembers(PAYLOAD.TECHNIQUE)))
    for injection in kb.injections + kb.falsePositives:
        if injection.place is None or injection.parameter is None:
@@ -238,7 +238,7 @@ def _saveToResultsFile():
    for key, value in results.items():
        place, parameter, notes = key
-        line = "%s,%s,%s,%s,%s%s" % (safeCSValue(kb.originalUrls.get(conf.url) or conf.url), place, parameter, "".join(techniques[_][0].upper() for _ in sorted(value)), notes, os.linesep)
+        line = "%s,%s,%s,%s,%s%s" % (safeCSValue(kb.originalUrls.get(conf.url) or conf.url), place, parameter, "".join(map(lambda x: techniques[x][0].upper(), sorted(value))), notes, os.linesep)
        conf.resultsFP.writelines(line)
    if not results:
@@ -470,12 +470,6 @@ def start():
                            infoMsg = "skipping %s parameter '%s'" % (paramType, parameter)
                            logger.info(infoMsg)
                        elif conf.paramExclude and (re.search(conf.paramExclude, parameter, re.I) or kb.postHint and re.search(conf.paramExclude, parameter.split(' ')[-1], re.I)):
                            testSqlInj = False
                            infoMsg = "skipping %s parameter '%s'" % (paramType, parameter)
                            logger.info(infoMsg)
                        elif parameter == conf.csrfToken:
                            testSqlInj = False
@@ -493,7 +487,7 @@ def start():
                            check = checkDynParam(place, parameter, value)
                            if not check:
-                                warnMsg = "%s parameter '%s' does not appear to be dynamic" % (paramType, parameter)
+                                warnMsg = "%s parameter '%s' does not appear dynamic" % (paramType, parameter)
                                logger.warn(warnMsg)
                                if conf.skipStatic:
@@ -668,7 +662,7 @@ def start():
                _saveToResultsFile()
                errMsg += ", skipping to the next %s" % ("form" if conf.forms else "URL")
-                logger.error(errMsg.lstrip(", "))
+                logger.error(errMsg)
            else:
                logger.critical(errMsg)
                return False
--- a/lib/controller/handler.py
+++ b/lib/controller/handler.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
@@ -86,6 +86,9 @@ def setHandler():
        conf.dbmsConnector = Connector()
        if conf.direct:
            logger.debug("forcing timeout to 10 seconds")
            conf.timeout = 10
            dialect = DBMS_DICT[dbms][3]
            if dialect:
--- a/lib/core/init.py
+++ b/lib/core/init.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
@@ -529,8 +529,6 @@ class Agent(object):
        elif fieldsSelect:
            fieldsToCastStr = fieldsSelect.group(1)
        fieldsToCastStr = fieldsToCastStr or ""
        # Function
        if re.search("\A\w+\(.*\)", fieldsToCastStr, re.I) or (fieldsSelectCase and "WHEN use" not in query) or fieldsSubstr:
            fieldsToCastList = [fieldsToCastStr]
@@ -1079,20 +1077,5 @@ class Agent(object):
        return query
    def whereQuery(self, query):
        if conf.dumpWhere and query:
            prefix, suffix = query.split(" ORDER BY ") if " ORDER BY " in query else (query, "")
            if "%s)" % conf.tbl.upper() in prefix.upper():
                prefix = re.sub(r"(?i)%s\)" % re.escape(conf.tbl), "%s WHERE %s)" % (conf.tbl, conf.dumpWhere), prefix)
            elif re.search(r"(?i)\bWHERE\b", prefix):
                prefix += " AND %s" % conf.dumpWhere
            else:
                prefix += " WHERE %s" % conf.dumpWhere
            query = "%s ORDER BY %s" % (prefix, suffix) if suffix else prefix
        return query
 # SQL agent
 agent = Agent()
--- a/lib/core/bigarray.py
+++ b/lib/core/bigarray.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
@@ -23,7 +23,6 @@ import random
 import re
 import socket
 import string
 import subprocess
 import sys
 import tempfile
 import time
@@ -38,6 +37,8 @@ from StringIO import StringIO
 from difflib import SequenceMatcher
 from math import sqrt
 from optparse import OptionValueError
 from subprocess import PIPE
 from subprocess import Popen as execute
 from xml.dom import minidom
 from xml.sax import parse
 from xml.sax import SAXParseException
@@ -118,7 +119,6 @@ from lib.core.settings import IP_ADDRESS_REGEX
 from lib.core.settings import ISSUES_PAGE
 from lib.core.settings import IS_WIN
 from lib.core.settings import LARGE_OUTPUT_THRESHOLD
 from lib.core.settings import LOCALHOST
 from lib.core.settings import MIN_ENCODED_LEN_CHECK
 from lib.core.settings import MIN_TIME_RESPONSES
 from lib.core.settings import MIN_VALID_DELAYED_RESPONSE
@@ -140,7 +140,6 @@ from lib.core.settings import REFLECTED_REPLACEMENT_REGEX
 from lib.core.settings import REFLECTED_VALUE_MARKER
 from lib.core.settings import REFLECTIVE_MISS_THRESHOLD
 from lib.core.settings import SENSITIVE_DATA_REGEX
 from lib.core.settings import SENSITIVE_OPTIONS
 from lib.core.settings import SUPPORTED_DBMS
 from lib.core.settings import TEXT_TAG_REGEX
 from lib.core.settings import TIME_STDEV_COEFF
@@ -628,7 +627,7 @@ def paramToDict(place, parameters=None):
                                                    current[key] = "%s%s" % (str(value).lower(), BOUNDED_INJECTION_MARKER)
                                                else:
                                                    current[key] = "%s%s" % (value, BOUNDED_INJECTION_MARKER)
-                                                candidates["%s (%s)" % (parameter, key)] = re.sub("(%s\s*=\s*)%s" % (re.escape(parameter), re.escape(testableParameters[parameter])), r"\g<1>%s" % json.dumps(deserialized), parameters)
+                                                candidates["%s (%s)" % (parameter, key)] = json.dumps(deserialized)
                                                current[key] = original
                                deserialized = json.loads(testableParameters[parameter])
@@ -886,12 +885,12 @@ def dataToStdout(data, forceOutput=False, bold=False, content_type=None, status=
            else:
                message = data
-            try:
+            if hasattr(conf, "api"):
-                if hasattr(conf, "api"):
+                sys.stdout.write(message, status, content_type)
-                    sys.stdout.write(message, status, content_type)
+            else:
-                else:
+                sys.stdout.write(setColor(message, bold))
                    sys.stdout.write(setColor(message, bold))
            try:
                sys.stdout.flush()
            except IOError:
                pass
@@ -931,26 +930,15 @@ def dataToOutFile(filename, data):
    retVal = None
    if data:
-        while True:
+        retVal = os.path.join(conf.filePath, filePathToSafeString(filename))
            retVal = os.path.join(conf.filePath, filePathToSafeString(filename))
-            try:
+        try:
-                with open(retVal, "w+b") as f:  # has to stay as non-codecs because data is raw ASCII encoded data
+            with open(retVal, "w+b") as f:  # has to stay as non-codecs because data is raw ASCII encoded data
-                    f.write(unicodeencode(data))
+                f.write(unicodeencode(data))
-            except UnicodeEncodeError, ex:
+        except IOError, ex:
-                _ = normalizeUnicode(filename)
+            errMsg = "something went wrong while trying to write "
-                if filename != _:
+            errMsg += "to the output file ('%s')" % getSafeExString(ex)
-                    filename = _
+            raise SqlmapGenericException(errMsg)
                else:
                    errMsg = "couldn't write to the "
                    errMsg += "output file ('%s')" % getSafeExString(ex)
                    raise SqlmapGenericException(errMsg)
            except IOError, ex:
                errMsg = "something went wrong while trying to write "
                errMsg += "to the output file ('%s')" % getSafeExString(ex)
                raise SqlmapGenericException(errMsg)
            else:
                break
    return retVal
@@ -1260,7 +1248,7 @@ def parseTargetDirect():
    remote = False
    for dbms in SUPPORTED_DBMS:
-        details = re.search("^(?P<dbms>%s)://(?P<credentials>(?P<user>.+?)\:(?P<pass>.*)\@)?(?P<remote>(?P<hostname>[\w.-]+?)\:(?P<port>[\d]+)\/)?(?P<db>[\w\d\ \:\.\_\-\/\\\\]+?)$" % dbms, conf.direct, re.I)
+        details = re.search("^(?P<dbms>%s)://(?P<credentials>(?P<user>.+?)\:(?P<pass>.*)\@)?(?P<remote>(?P<hostname>.+?)\:(?P<port>[\d]+)\/)?(?P<db>[\w\d\ \:\.\_\-\/\\\\]+?)$" % dbms, conf.direct, re.I)
        if details:
            conf.dbms = details.group("dbms")
@@ -1342,7 +1330,7 @@ def parseTargetDirect():
                else:
                    errMsg = "sqlmap requires '%s' third-party library " % data[1]
                    errMsg += "in order to directly connect to the DBMS "
-                    errMsg += "'%s'. You can download it from '%s'" % (dbmsName, data[2])
+                    errMsg += "%s. You can download it from '%s'" % (dbmsName, data[2])
                    errMsg += ". Alternative is to use a package 'python-sqlalchemy' "
                    errMsg += "with support for dialect '%s' installed" % data[3]
                    raise SqlmapMissingDependence(errMsg)
@@ -1888,7 +1876,7 @@ def getConsoleWidth(default=80):
                FNULL = open(os.devnull, 'w')
            except IOError:
                FNULL = None
-            process = subprocess.Popen("stty size", shell=True, stdout=subprocess.PIPE, stderr=FNULL or subprocess.PIPE)
+            process = execute("stty size", shell=True, stdout=PIPE, stderr=FNULL or PIPE)
            stdout, _ = process.communicate()
            items = stdout.split()
@@ -2412,32 +2400,6 @@ def extractErrorMessage(page):
    return retVal
 def findLocalPort(ports):
    """
    Find the first opened localhost port from a given list of ports (e.g. for Tor port checks)
    """
    retVal = None
    for port in ports:
        try:
            try:
                s = socket._orig_socket(socket.AF_INET, socket.SOCK_STREAM)
            except AttributeError:
                s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
            s.connect((LOCALHOST, port))
            retVal = port
            break
        except socket.error:
            pass
        finally:
            try:
                s.close()
            except socket.error:
                pass
    return retVal
 def findMultipartPostBoundary(post):
    """
    Finds value for a boundary parameter in given multipart POST body
@@ -3154,16 +3116,7 @@ def unhandledExceptionMessage():
    errMsg += "Operating system: %s\n" % PLATFORM
    errMsg += "Command line: %s\n" % re.sub(r".+?\bsqlmap.py\b", "sqlmap.py", getUnicode(" ".join(sys.argv), encoding=sys.stdin.encoding))
    errMsg += "Technique: %s\n" % (enumValueToNameLookup(PAYLOAD.TECHNIQUE, kb.technique) if kb.get("technique") else ("DIRECT" if conf.get("direct") else None))
-    errMsg += "Back-end DBMS:"
+    errMsg += "Back-end DBMS: %s" % ("%s (fingerprinted)" % Backend.getDbms() if Backend.getDbms() is not None else "%s (identified)" % Backend.getIdentifiedDbms())
    if Backend.getDbms() is not None:
        errMsg += " %s (fingerprinted)" % Backend.getDbms()
    if Backend.getIdentifiedDbms() is not None and (Backend.getDbms() is None or Backend.getIdentifiedDbms() != Backend.getDbms()):
        errMsg += " %s (identified)" % Backend.getIdentifiedDbms()
    if not errMsg.endswith(')'):
        errMsg += " None"
    return errMsg
@@ -3201,28 +3154,13 @@ def createGithubIssue(errMsg, excMsg):
        ex = None
        errMsg = errMsg[errMsg.find("\n"):]
        req = urllib2.Request(url="https://api.github.com/search/issues?q=%s" % urllib.quote("repo:sqlmapproject/sqlmap Unhandled exception (#%s)" % key))
        try:
            content = urllib2.urlopen(req).read()
            _ = json.loads(content)
            duplicate = _["total_count"] > 0
            closed = duplicate and _["items"][0]["state"] == "closed"
            if duplicate:
                warnMsg = "issue seems to be already reported"
                if closed:
                    warnMsg += " and resolved. Please update to the latest "
                    warnMsg += "development version from official GitHub repository at '%s'" % GIT_PAGE
                logger.warn(warnMsg)
                return
        except:
            pass
        data = {"title": "Unhandled exception (#%s)" % key, "body": "```%s\n```\n```\n%s```" % (errMsg, excMsg)}
        req = urllib2.Request(url="https://api.github.com/repos/sqlmapproject/sqlmap/issues", data=json.dumps(data), headers={"Authorization": "token %s" % GITHUB_REPORT_OAUTH_TOKEN.decode("base64")})
        try:
-            content = urllib2.urlopen(req).read()
+            f = urllib2.urlopen(req)
            content = f.read()
        except Exception, ex:
            content = None
@@ -3251,7 +3189,7 @@ def maskSensitiveData(msg):
    retVal = getUnicode(msg)
-    for item in filter(None, map(lambda x: conf.get(x), SENSITIVE_OPTIONS)):
+    for item in filter(None, map(lambda x: conf.get(x), ("hostname", "data", "googleDork", "authCred", "proxyCred", "tbl", "db", "col", "user", "cookie", "proxy", "rFile", "wFile", "dFile"))):
        regex = SENSITIVE_DATA_REGEX % re.sub("(\W)", r"\\\1", getUnicode(item))
        while extractRegexResult(regex, retVal):
            value = extractRegexResult(regex, retVal)
@@ -3715,7 +3653,7 @@ def asciifyUrl(url, forceQuote=False):
 def isAdminFromPrivileges(privileges):
    """
-    Inspects privileges to see if those are coming from an admin user
+    Inspects privileges to see if those are comming from an admin user
    """
    # In PostgreSQL the usesuper privilege means that the
@@ -3736,6 +3674,7 @@ def isAdminFromPrivileges(privileges):
    # In Firebird there is no specific privilege that means
    # that the user is DBA
    # TODO: confirm
    retVal |= (Backend.isDbms(DBMS.FIREBIRD) and all(_ in privileges for _ in ("SELECT", "INSERT", "UPDATE", "DELETE", "REFERENCES", "EXECUTE")))
    return retVal
@@ -3793,11 +3732,6 @@ def findPageForms(content, url, raise_=False, addToTargets=False):
                                    item.selected = True
                                break
                if conf.crawlExclude and re.search(conf.crawlExclude, form.action or ""):
                    dbgMsg = "skipping '%s'" % form.action
                    logger.debug(dbgMsg)
                    continue
                request = form.click()
            except (ValueError, TypeError), ex:
                errMsg = "there has been a problem while "
@@ -3818,7 +3752,7 @@ def findPageForms(content, url, raise_=False, addToTargets=False):
                    continue
                # flag to know if we are dealing with the same target host
-                _ = checkSameHost(response.geturl(), url)
+                _ = reduce(lambda x, y: x == y, map(lambda x: urlparse.urlparse(x).netloc.split(':')[0], (response.geturl(), url)))
                if conf.scope:
                    if not re.search(conf.scope, url, re.I):
@@ -3841,23 +3775,6 @@ def findPageForms(content, url, raise_=False, addToTargets=False):
    return retVal
 def checkSameHost(*urls):
    """
    Returns True if all provided urls share that same host
    >>> checkSameHost('http://www.target.com/page1.php?id=1', 'http://www.target.com/images/page2.php')
    True
    >>> checkSameHost('http://www.target.com/page1.php?id=1', 'http://www.target2.com/images/page2.php')
    False
    """
    if not urls:
        return None
    elif len(urls) == 1:
        return True
    else:
        return all(urlparse.urlparse(url or "").netloc.split(':')[0] == urlparse.urlparse(urls[0] or "").netloc.split(':')[0] for url in urls[1:])
 def getHostHeader(url):
    """
    Returns proper Host header value for a given target URL
@@ -3927,13 +3844,6 @@ def evaluateCode(code, variables=None):
 def serializeObject(object_):
    """
    Serializes given object
    >>> serializeObject([1, 2, 3, ('a', 'b')])
    'gAJdcQEoSwFLAksDVQFhVQFihnECZS4='
    >>> serializeObject(None)
    'gAJOLg=='
    >>> serializeObject('foobar')
    'gAJVBmZvb2JhcnEBLg=='
    """
    return base64pickle(object_)
@@ -3944,8 +3854,6 @@ def unserializeObject(value):
    >>> unserializeObject(serializeObject([1, 2, 3])) == [1, 2, 3]
    True
    >>> unserializeObject('gAJVBmZvb2JhcnEBLg==')
    'foobar'
    """
    return base64unpickle(value) if value else None
@@ -3992,8 +3900,6 @@ def decodeHexValue(value, raw=False):
    >>> decodeHexValue('3132332031')
    u'123 1'
    >>> decodeHexValue(['0x31', '0x32'])
    [u'1', u'2']
    """
    retVal = value
--- a/lib/core/convert.py
+++ b/lib/core/convert.py
@@ -1,19 +1,13 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 try:
    import cPickle as pickle
 except:
    import pickle
 finally:
    import pickle as picklePy
 import base64
 import json
 import pickle
 import re
 import StringIO
 import sys
@@ -47,7 +41,7 @@ def base64pickle(value):
    Serializes (with pickle) and encodes to Base64 format supplied (binary) value
    >>> base64pickle('foobar')
-    'gAJVBmZvb2JhcnEBLg=='
+    'gAJVBmZvb2JhcnEALg=='
    """
    retVal = None
@@ -66,11 +60,11 @@ def base64pickle(value):
    return retVal
-def base64unpickle(value, unsafe=False):
+def base64unpickle(value):
    """
    Decodes value from Base64 to plain format and deserializes (with pickle) its content
-    >>> base64unpickle('gAJVBmZvb2JhcnEBLg==')
+    >>> base64unpickle('gAJVBmZvb2JhcnEALg==')
    'foobar'
    """
@@ -84,12 +78,9 @@ def base64unpickle(value, unsafe=False):
        self.load_reduce()
    def loads(str):
-        f = StringIO.StringIO(str)
+        file = StringIO.StringIO(str)
-        if unsafe:
+        unpickler = pickle.Unpickler(file)
-            unpickler = picklePy.Unpickler(f)
+        unpickler.dispatch[pickle.REDUCE] = _
            unpickler.dispatch[picklePy.REDUCE] = _
        else:
            unpickler = pickle.Unpickler(f)
        return unpickler.load()
    try:
--- a/lib/core/data.py
+++ b/lib/core/data.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
--- a/lib/core/datatype.py
+++ b/lib/core/datatype.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
--- a/lib/core/decorators.py
+++ b/lib/core/decorators.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
--- a/lib/core/defaults.py
+++ b/lib/core/defaults.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
--- a/lib/core/dicts.py
+++ b/lib/core/dicts.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
@@ -150,6 +150,7 @@ FIREBIRD_PRIVS = {
    "U": "UPDATE",
    "D": "DELETE",
    "R": "REFERENCE",
    "E": "EXECUTE",
    "X": "EXECUTE",
    "A": "ALL",
    "M": "MEMBER",
@@ -183,15 +184,15 @@ DB2_PRIVS = {
 DUMP_REPLACEMENTS = {" ": NULL, "": BLANK}
 DBMS_DICT = {
-    DBMS.MSSQL: (MSSQL_ALIASES, "python-pymssql", "https://github.com/pymssql/pymssql", "mssql+pymssql"),
+    DBMS.MSSQL: (MSSQL_ALIASES, "python-pymssql", "http://pymssql.sourceforge.net/", "mssql+pymssql"),
-    DBMS.MYSQL: (MYSQL_ALIASES, "python-pymysql", "https://github.com/petehunt/PyMySQL/", "mysql"),
+    DBMS.MYSQL: (MYSQL_ALIASES, "python pymysql", "https://github.com/petehunt/PyMySQL/", "mysql"),
    DBMS.PGSQL: (PGSQL_ALIASES, "python-psycopg2", "http://initd.org/psycopg/", "postgresql"),
    DBMS.ORACLE: (ORACLE_ALIASES, "python cx_Oracle", "http://cx-oracle.sourceforge.net/", "oracle"),
    DBMS.SQLITE: (SQLITE_ALIASES, "python-sqlite", "http://packages.ubuntu.com/quantal/python-sqlite", "sqlite"),
-    DBMS.ACCESS: (ACCESS_ALIASES, "python-pyodbc", "https://github.com/mkleehammer/pyodbc", "access"),
+    DBMS.ACCESS: (ACCESS_ALIASES, "python-pyodbc", "http://pyodbc.googlecode.com/", "access"),
    DBMS.FIREBIRD: (FIREBIRD_ALIASES, "python-kinterbasdb", "http://kinterbasdb.sourceforge.net/", "firebird"),
    DBMS.MAXDB: (MAXDB_ALIASES, None, None, "maxdb"),
-    DBMS.SYBASE: (SYBASE_ALIASES, "python-pymssql", "https://github.com/pymssql/pymssql", "sybase"),
+    DBMS.SYBASE: (SYBASE_ALIASES, "python-pymssql", "http://pymssql.sourceforge.net/", "sybase"),
    DBMS.DB2: (DB2_ALIASES, "python ibm-db", "https://github.com/ibmdb/python-ibmdb", "ibm_db_sa"),
    DBMS.HSQLDB: (HSQLDB_ALIASES, "python jaydebeapi & python-jpype", "https://pypi.python.org/pypi/JayDeBeApi/ & http://jpype.sourceforge.net/", None),
    DBMS.INFORMIX: (INFORMIX_ALIASES, "python ibm-db", "https://github.com/ibmdb/python-ibmdb", "ibm_db_sa"),
--- a/lib/core/dump.py
+++ b/lib/core/dump.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
--- a/lib/core/enums.py
+++ b/lib/core/enums.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
@@ -176,7 +176,6 @@ class HTTP_HEADER:
    PROXY_CONNECTION = "Proxy-Connection"
    RANGE = "Range"
    REFERER = "Referer"
    REFRESH = "Refresh"  # Reference: http://stackoverflow.com/a/283794
    SERVER = "Server"
    SET_COOKIE = "Set-Cookie"
    TRANSFER_ENCODING = "Transfer-Encoding"
@@ -367,8 +366,3 @@ class MKSTEMP_PREFIX:
    RESULTS = "sqlmapresults-"
    COOKIE_JAR = "sqlmapcookiejar-"
    BIG_ARRAY = "sqlmapbigarray-"
 class TIMEOUT_STATE:
    NORMAL = 0
    EXCEPTION = 1
    TIMEOUT = 2
--- a/lib/core/exception.py
+++ b/lib/core/exception.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
--- a/lib/core/log.py
+++ b/lib/core/log.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -1,11 +1,10 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 import binascii
 import cookielib
 import glob
 import inspect
@@ -39,7 +38,6 @@ from lib.core.common import getPublicTypeMembers
 from lib.core.common import getSafeExString
 from lib.core.common import extractRegexResult
 from lib.core.common import filterStringValue
 from lib.core.common import findLocalPort
 from lib.core.common import findPageForms
 from lib.core.common import getConsoleWidth
 from lib.core.common import getFileItems
@@ -110,7 +108,7 @@ from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR
 from lib.core.settings import DBMS_ALIASES
 from lib.core.settings import DEFAULT_PAGE_ENCODING
 from lib.core.settings import DEFAULT_TOR_HTTP_PORTS
-from lib.core.settings import DEFAULT_TOR_SOCKS_PORTS
+from lib.core.settings import DEFAULT_TOR_SOCKS_PORT
 from lib.core.settings import DUMMY_URL
 from lib.core.settings import IGNORE_SAVE_OPTIONS
 from lib.core.settings import INJECT_HERE_MARK
@@ -170,12 +168,6 @@ redirectHandler = SmartRedirectHandler()
 rangeHandler = HTTPRangeHandler()
 multipartPostHandler = multipartpost.MultipartPostHandler()
 # Reference: https://mail.python.org/pipermail/python-list/2009-November/558615.html
 try:
    WindowsError
 except NameError:
    WindowsError = None
 def _feedTargetsDict(reqFile, addedTargetUrls):
    """
    Parses web scarab and burp logs and adds results to the target URL list
@@ -219,10 +211,7 @@ def _feedTargetsDict(reqFile, addedTargetUrls):
                reqResList = []
                for match in re.finditer(BURP_XML_HISTORY_REGEX, content, re.I | re.S):
                    port, request = match.groups()
-                    try:
+                    request = request.decode("base64")
                        request = request.decode("base64")
                    except binascii.Error:
                        continue
                    _ = re.search(r"%s:.+" % re.escape(HTTP_HEADER.HOST), request)
                    if _:
                        host = _.group(0).strip()
@@ -897,25 +886,20 @@ def _setTamperingFunctions():
        for script in re.split(PARAMETER_SPLITTING_REGEX, conf.tamper):
            found = False
            path = paths.SQLMAP_TAMPER_PATH.encode(sys.getfilesystemencoding() or UNICODE_ENCODING)
            script = script.strip().encode(sys.getfilesystemencoding() or UNICODE_ENCODING)
-            try:
+            if not script:
-                if not script:
+                continue
                    continue
-                elif os.path.exists(os.path.join(path, script if script.endswith(".py") else "%s.py" % script)):
+            elif os.path.exists(os.path.join(paths.SQLMAP_TAMPER_PATH, script if script.endswith(".py") else "%s.py" % script)):
-                    script = os.path.join(path, script if script.endswith(".py") else "%s.py" % script)
+                script = os.path.join(paths.SQLMAP_TAMPER_PATH, script if script.endswith(".py") else "%s.py" % script)
-                elif not os.path.exists(script):
+            elif not os.path.exists(script):
-                    errMsg = "tamper script '%s' does not exist" % script
+                errMsg = "tamper script '%s' does not exist" % script
-                    raise SqlmapFilePathException(errMsg)
+                raise SqlmapFilePathException(errMsg)
-                elif not script.endswith(".py"):
+            elif not script.endswith(".py"):
-                    errMsg = "tamper script '%s' should have an extension '.py'" % script
+                errMsg = "tamper script '%s' should have an extension '.py'" % script
                    raise SqlmapSyntaxException(errMsg)
            except UnicodeDecodeError:
                errMsg = "invalid character provided in option '--tamper'"
                raise SqlmapSyntaxException(errMsg)
            dirname, filename = os.path.split(script)
@@ -933,7 +917,7 @@ def _setTamperingFunctions():
                sys.path.insert(0, dirname)
            try:
-                module = __import__(filename[:-3].encode(sys.getfilesystemencoding() or UNICODE_ENCODING))
+                module = __import__(filename[:-3])
            except (ImportError, SyntaxError), ex:
                raise SqlmapSyntaxException("cannot import tamper script '%s' (%s)" % (filename[:-3], getSafeExString(ex)))
@@ -986,7 +970,7 @@ def _setTamperingFunctions():
 def _setWafFunctions():
    """
-    Loads WAF/IPS/IDS detecting functions from script(s)
+    Loads WAF/IDS/IPS detecting functions from script(s)
    """
    if conf.identifyWaf:
@@ -1006,7 +990,7 @@ def _setWafFunctions():
            try:
                if filename[:-3] in sys.modules:
                    del sys.modules[filename[:-3]]
-                module = __import__(filename[:-3].encode(sys.getfilesystemencoding() or UNICODE_ENCODING))
+                module = __import__(filename[:-3])
            except ImportError, msg:
                raise SqlmapSyntaxException("cannot import WAF script '%s' (%s)" % (filename[:-3], msg))
@@ -1050,7 +1034,7 @@ def _setSocketPreConnect():
        return
    def _():
-        while kb.get("threadContinue") and not conf.get("disablePrecon"):
+        while kb.threadContinue and not conf.disablePrecon:
            try:
                for key in socket._ready:
                    if len(socket._ready[key]) < SOCKET_PRE_CONNECT_QUEUE_SIZE:
@@ -1214,7 +1198,7 @@ def _setSafeVisit():
    """
    Check and set the safe visit options.
    """
-    if not any((conf.safeUrl, conf.safeReqFile)):
+    if not any ((conf.safeUrl, conf.safeReqFile)):
        return
    if conf.safeReqFile:
@@ -1340,17 +1324,17 @@ def _setHTTPAuthentication():
        debugMsg = "setting the HTTP authentication type and credentials"
        logger.debug(debugMsg)
-        authType = conf.authType.lower()
+        aTypeLower = conf.authType.lower()
-        if authType in (AUTH_TYPE.BASIC, AUTH_TYPE.DIGEST):
+        if aTypeLower in (AUTH_TYPE.BASIC, AUTH_TYPE.DIGEST):
            regExp = "^(.*?):(.*?)$"
-            errMsg = "HTTP %s authentication credentials " % authType
+            errMsg = "HTTP %s authentication credentials " % aTypeLower
            errMsg += "value must be in format 'username:password'"
-        elif authType == AUTH_TYPE.NTLM:
+        elif aTypeLower == AUTH_TYPE.NTLM:
            regExp = "^(.*\\\\.*):(.*?)$"
            errMsg = "HTTP NTLM authentication credentials value must "
            errMsg += "be in format 'DOMAIN\username:password'"
-        elif authType == AUTH_TYPE.PKI:
+        elif aTypeLower == AUTH_TYPE.PKI:
            errMsg = "HTTP PKI authentication require "
            errMsg += "usage of option `--auth-pki`"
            raise SqlmapSyntaxException(errMsg)
@@ -1367,13 +1351,13 @@ def _setHTTPAuthentication():
        _setAuthCred()
-        if authType == AUTH_TYPE.BASIC:
+        if aTypeLower == AUTH_TYPE.BASIC:
            authHandler = SmartHTTPBasicAuthHandler(kb.passwordMgr)
-        elif authType == AUTH_TYPE.DIGEST:
+        elif aTypeLower == AUTH_TYPE.DIGEST:
            authHandler = urllib2.HTTPDigestAuthHandler(kb.passwordMgr)
-        elif authType == AUTH_TYPE.NTLM:
+        elif aTypeLower == AUTH_TYPE.NTLM:
            try:
                from ntlm import HTTPNtlmAuthHandler
            except ImportError:
@@ -1779,32 +1763,15 @@ def _cleanupOptions():
    if conf.binaryFields:
        conf.binaryFields = re.sub(r"\s*,\s*", ",", conf.binaryFields)
    if any((conf.proxy, conf.proxyFile, conf.tor)):
        conf.disablePrecon = True
    threadData = getCurrentThreadData()
    threadData.reset()
 def _cleanupEnvironment():
    """
    Cleanup environment (e.g. from leftovers after --sqlmap-shell).
    """
    if issubclass(urllib2.socket.socket, socks.socksocket):
        socks.unwrapmodule(urllib2)
    if hasattr(socket, "_ready"):
        socket._ready.clear()
 def _dirtyPatches():
    """
    Place for "dirty" Python related patches
    """
-    httplib._MAXLINE = 1 * 1024 * 1024                          # accept overly long result lines (e.g. SQLi results in HTTP header responses)
+    httplib._MAXLINE = 1 * 1024 * 1024  # to accept overly long result lines (e.g. SQLi results in HTTP header responses)
    if IS_WIN:
        from thirdparty.wininetpton import win_inet_pton        # add support for inet_pton() on Windows OS
 def _purgeOutput():
    """
@@ -1890,8 +1857,6 @@ def _setKnowledgeBaseAttributes(flushAll=True):
    kb.columnExistsChoice = None
    kb.commonOutputs = None
    kb.connErrorChoice = None
    kb.connErrorCounter = 0
    kb.cookieEncodeChoice = None
    kb.counters = {}
    kb.data = AttribDict()
@@ -1941,7 +1906,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
    kb.lastParserStatus = None
    kb.locks = AttribDict()
-    for _ in ("cache", "connError", "count", "index", "io", "limit", "log", "socket", "redirect", "request", "value"):
+    for _ in ("cache", "count", "index", "io", "limit", "log", "socket", "redirect", "request", "value"):
        kb.locks[_] = threading.Lock()
    kb.matchRatio = None
@@ -2231,22 +2196,13 @@ def _mergeOptions(inputOptions, overrideOptions):
    if inputOptions.pickledOptions:
        try:
-            unpickledOptions = base64unpickle(inputOptions.pickledOptions, unsafe=True)
+            inputOptions = base64unpickle(inputOptions.pickledOptions)
-
+            if type(inputOptions) == dict:
-            if type(unpickledOptions) == dict:
+                inputOptions = AttribDict(inputOptions)
-                unpickledOptions = AttribDict(unpickledOptions)
+            _normalizeOptions(inputOptions)
            _normalizeOptions(unpickledOptions)
            unpickledOptions["pickledOptions"] = None
            for key in inputOptions:
                if key not in unpickledOptions:
                    unpickledOptions[key] = inputOptions[key]
            inputOptions = unpickledOptions
        except Exception, ex:
            errMsg = "provided invalid value '%s' for option '--pickled-options'" % inputOptions.pickledOptions
-            errMsg += " (%s)" % repr(ex)
+            errMsg += " ('%s')" % ex if ex.message else ""
            raise SqlmapSyntaxException(errMsg)
    if inputOptions.configFile:
@@ -2261,10 +2217,9 @@ def _mergeOptions(inputOptions, overrideOptions):
        if key not in conf or value not in (None, False) or overrideOptions:
            conf[key] = value
-    if not hasattr(conf, "api"):
+    for key, value in conf.items():
-        for key, value in conf.items():
+        if value is not None:
-            if value is not None:
+            kb.explicitSettings.add(key)
                kb.explicitSettings.add(key)
    for key, value in defaults.items():
        if hasattr(conf, key) and conf[key] is None:
@@ -2296,7 +2251,7 @@ def _setTrafficOutputFP():
        conf.trafficFP = openFile(conf.trafficFile, "w+")
 def _setDNSServer():
-    if not conf.dnsDomain:
+    if not conf.dnsName:
        return
    infoMsg = "setting up DNS server instance"
@@ -2341,14 +2296,28 @@ def _setTorHttpProxySettings():
    infoMsg = "setting Tor HTTP proxy settings"
    logger.info(infoMsg)
-    port = findLocalPort(DEFAULT_TOR_HTTP_PORTS if not conf.torPort else (conf.torPort,))
+    s = None
    found = None
-    if port:
+    for port in (DEFAULT_TOR_HTTP_PORTS if not conf.torPort else (conf.torPort,)):
-        conf.proxy = "http://%s:%d" % (LOCALHOST, port)
+        try:
            s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
            s.connect((LOCALHOST, port))
            found = port
            break
        except socket.error:
            pass
    if s:
        s.close()
    if found:
        conf.proxy = "http://%s:%d" % (LOCALHOST, found)
    else:
        errMsg = "can't establish connection with the Tor HTTP proxy. "
-        errMsg += "Please make sure that you have Tor (bundle) installed and setup "
+        errMsg += "Please make sure that you have Vidalia, Privoxy or "
-        errMsg += "so you could be able to successfully use switch '--tor' "
+        errMsg += "Polipo bundle installed for you to be able to "
        errMsg += "successfully use switch '--tor' "
        raise SqlmapConnectionException(errMsg)
@@ -2364,17 +2333,8 @@ def _setTorSocksProxySettings():
    infoMsg = "setting Tor SOCKS proxy settings"
    logger.info(infoMsg)
-    port = findLocalPort(DEFAULT_TOR_SOCKS_PORTS if not conf.torPort else (conf.torPort,))
+    # Has to be SOCKS5 to prevent DNS leaks (http://en.wikipedia.org/wiki/Tor_%28anonymity_network%29)
-
+    socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5 if conf.torType == PROXY_TYPE.SOCKS5 else socks.PROXY_TYPE_SOCKS4, LOCALHOST, conf.torPort or DEFAULT_TOR_SOCKS_PORT)
    if not port:
        errMsg = "can't establish connection with the Tor SOCKS proxy. "
        errMsg += "Please make sure that you have Tor service installed and setup "
        errMsg += "so you could be able to successfully use switch '--tor' "
        raise SqlmapConnectionException(errMsg)
    # SOCKS5 to prevent DNS leaks (http://en.wikipedia.org/wiki/Tor_%28anonymity_network%29)
    socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5 if conf.torType == PROXY_TYPE.SOCKS5 else socks.PROXY_TYPE_SOCKS4, LOCALHOST, port)
    socks.wrapmodule(urllib2)
 def _checkWebSocket():
@@ -2436,10 +2396,6 @@ def _basicOptionValidation():
        errMsg = "switch '--text-only' is incompatible with switch '--null-connection'"
        raise SqlmapSyntaxException(errMsg)
    if conf.eta and conf.verbose > defaults.verbose:
        errMsg = "switch '--eta' is incompatible with option '-v'"
        raise SqlmapSyntaxException(errMsg)
    if conf.direct and conf.url:
        errMsg = "option '-d' is incompatible with option '-u' ('--url')"
        raise SqlmapSyntaxException(errMsg)
@@ -2487,14 +2443,14 @@ def _basicOptionValidation():
    if conf.regexp:
        try:
            re.compile(conf.regexp)
-        except Exception, ex:
+        except re.error, ex:
            errMsg = "invalid regular expression '%s' ('%s')" % (conf.regexp, getSafeExString(ex))
            raise SqlmapSyntaxException(errMsg)
    if conf.crawlExclude:
        try:
            re.compile(conf.crawlExclude)
-        except Exception, ex:
+        except re.error, ex:
            errMsg = "invalid regular expression '%s' ('%s')" % (conf.crawlExclude, getSafeExString(ex))
            raise SqlmapSyntaxException(errMsg)
@@ -2653,7 +2609,6 @@ def init():
    _saveConfig()
    _setRequestFromFile()
    _cleanupOptions()
    _cleanupEnvironment()
    _dirtyPatches()
    _purgeOutput()
    _checkDependencies()
--- a/lib/core/optiondict.py
+++ b/lib/core/optiondict.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
@@ -38,13 +38,10 @@ optDict = {
                               "authType":          "string",
                               "authCred":          "string",
                               "authFile":          "string",
                               "ignore401":         "boolean",
                               "ignoreProxy":       "boolean",
                               "ignoreRedirects":   "boolean",
                               "ignoreTimeouts":    "boolean",
                               "proxy":             "string",
                               "proxyCred":         "string",
                               "proxyFile":         "string",
                               "ignoreProxy":       "boolean",
                               "tor":               "boolean",
                               "torPort":           "integer",
                               "torType":           "string",
@@ -77,8 +74,7 @@ optDict = {
                               "testParameter":     "string",
                               "skip":              "string",
                               "skipStatic":        "boolean",
-                               "skip":              "string",
+                               "dbms":              "string",
                               "paramExclude":      "string",
                               "dbmsCred":          "string",
                               "os":                "string",
                               "invalidBignum":     "boolean",
@@ -108,7 +104,7 @@ optDict = {
                               "uCols":             "string",
                               "uChar":             "string",
                               "uFrom":             "string",
-                               "dnsDomain":         "string",
+                               "dnsName":           "string",
                               "secondOrder":       "string",
                             },
@@ -238,6 +234,7 @@ optDict = {
                               "disablePrecon":     "boolean",
                               "profile":           "boolean",
                               "forceDns":          "boolean",
                               "ignore401":         "boolean",
                               "murphyRate":        "integer",
                               "smokeTest":         "boolean",
                               "liveTest":          "boolean",
--- a/lib/core/profiling.py
+++ b/lib/core/profiling.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
@@ -75,11 +75,6 @@ def profile(profileOutputFile=None, dotOutputFile=None, imageOutputFile=None):
    # Create graph image (png) by using pydot (python-pydot)
    # http://code.google.com/p/pydot/
    pydotGraph = pydot.graph_from_dot_file(dotOutputFile)
    # Reference: http://stackoverflow.com/questions/38176472/graph-write-pdfiris-pdf-attributeerror-list-object-has-no-attribute-writ
    if isinstance(pydotGraph, list):
        pydotGraph = pydotGraph[0]
    pydotGraph.write_png(imageOutputFile)
    infoMsg = "displaying interactive graph with xdot library"
--- a/lib/core/readlineng.py
+++ b/lib/core/readlineng.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
--- a/lib/core/replication.py
+++ b/lib/core/replication.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
@@ -10,7 +10,6 @@ import sqlite3
 from extra.safe2bin.safe2bin import safechardecode
 from lib.core.common import getSafeExString
 from lib.core.common import unsafeSQLIdentificatorNaming
 from lib.core.exception import SqlmapConnectionException
 from lib.core.exception import SqlmapGenericException
 from lib.core.exception import SqlmapValueException
 from lib.core.settings import UNICODE_ENCODING
@@ -22,15 +21,10 @@ class Replication(object):
    """
    def __init__(self, dbpath):
-        try:
+        self.dbpath = dbpath
-            self.dbpath = dbpath
+        self.connection = sqlite3.connect(dbpath)
-            self.connection = sqlite3.connect(dbpath)
+        self.connection.isolation_level = None
-            self.connection.isolation_level = None
+        self.cursor = self.connection.cursor()
            self.cursor = self.connection.cursor()
        except sqlite3.OperationalError, ex:
            errMsg = "error occurred while opening a replication "
            errMsg += "file '%s' ('%s')" % (self.filepath, getSafeExString(ex))
            raise SqlmapConnectionException(errMsg)
    class DataType:
        """
--- a/lib/core/revision.py
+++ b/lib/core/revision.py
@@ -1,13 +1,15 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 import os
 import re
-import subprocess
+
 from subprocess import PIPE
 from subprocess import Popen as execute
 def getRevisionNumber():
    """
@@ -44,7 +46,7 @@ def getRevisionNumber():
            break
    if not retVal:
-        process = subprocess.Popen("git rev-parse --verify HEAD", shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+        process = execute("git rev-parse --verify HEAD", shell=True, stdout=PIPE, stderr=PIPE)
        stdout, _ = process.communicate()
        match = re.search(r"(?i)[0-9a-f]{32}", stdout or "")
        retVal = match.group(0) if match else None
--- a/lib/core/session.py
+++ b/lib/core/session.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
@@ -17,9 +17,11 @@ from lib.core.datatype import AttribDict
 from lib.core.enums import DBMS
 from lib.core.enums import DBMS_DIRECTORY_NAME
 from lib.core.enums import OS
 from lib.core.revision import getRevisionNumber
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.1.2.0"
+VERSION = "1.0.10.0"
 REVISION = getRevisionNumber()
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
@@ -43,10 +45,10 @@ BANNER = """\033[01;33m\
 DIFF_TOLERANCE = 0.05
 CONSTANT_RATIO = 0.9
-# Ratio used in heuristic check for WAF/IPS/IDS protected targets
+# Ratio used in heuristic check for WAF/IDS/IPS protected targets
 IDS_WAF_CHECK_RATIO = 0.5
-# Timeout used in heuristic check for WAF/IPS/IDS protected targets
+# Timeout used in heuristic check for WAF/IDS/IPS protected targets
 IDS_WAF_CHECK_TIMEOUT = 10
 # Lower and upper values for match ratio in case of stable page
@@ -84,9 +86,6 @@ PERMISSION_DENIED_REGEX = r"(command|permission|access)\s*(was|is)?\s*denied"
 # Regular expression used for recognition of generic maximum connection messages
 MAX_CONNECTIONS_REGEX = r"max.+connections"
 # Maximum consecutive connection errors before asking the user if he wants to continue
 MAX_CONSECUTIVE_CONNECTION_ERRORS = 15
 # Timeout before the pre-connection candidate is being disposed (because of high probability that the web server will reset it)
 PRECONNECT_CANDIDATE_TIMEOUT = 10
@@ -103,7 +102,7 @@ DUCKDUCKGO_REGEX = r'"u":"([^"]+)'
 DISCONNECT_SEARCH_REGEX = r'<p class="url wrapword">([^<]+)</p>'
 # Dummy user agent for search (if default one returns different results)
-DUMMY_SEARCH_USER_AGENT = "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0"
+DUMMY_SEARCH_USER_AGENT = "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0"
 # Regular expression used for extracting content from "textual" tags
 TEXT_TAG_REGEX = r"(?si)<(abbr|acronym|b|blockquote|br|center|cite|code|dt|em|font|h\d|i|li|p|pre|q|strong|sub|sup|td|th|title|tt|u)(?!\w).*?>(?P<result>[^<]+)"
@@ -208,20 +207,27 @@ PYVERSION = sys.version.split()[0]
 # DBMS system databases
 MSSQL_SYSTEM_DBS = ("Northwind", "master", "model", "msdb", "pubs", "tempdb")
-MYSQL_SYSTEM_DBS = ("information_schema", "mysql", "performance_schema")
+MYSQL_SYSTEM_DBS = ("information_schema", "mysql")                   # Before MySQL 5.0 only "mysql"
-PGSQL_SYSTEM_DBS = ("information_schema", "pg_catalog", "pg_toast", "pgagent")
+PGSQL_SYSTEM_DBS = ("information_schema", "pg_catalog", "pg_toast")
-ORACLE_SYSTEM_DBS = ("ANONYMOUS", "APEX_PUBLIC_USER", "CTXSYS", "DBSNMP", "DIP", "EXFSYS", "FLOWS_%", "FLOWS_FILES", "LBACSYS", "MDDATA", "MDSYS", "MGMT_VIEW", "OLAPSYS", "ORACLE_OCM", "ORDDATA", "ORDPLUGINS", "ORDSYS", "OUTLN", "OWBSYS", "SI_INFORMTN_SCHEMA", "SPATIAL_CSW_ADMIN_USR", "SPATIAL_WFS_ADMIN_USR", "SYS", "SYSMAN", "SYSTEM", "WKPROXY", "WKSYS", "WK_TEST", "WMSYS", "XDB", "XS$NULL")  # Reference: https://blog.vishalgupta.com/2011/06/19/predefined-oracle-system-schemas/ 
+ORACLE_SYSTEM_DBS = ("CTXSYS", "DBSNMP", "DMSYS", "EXFSYS", "MDSYS", "OLAPSYS", "ORDSYS", "OUTLN", "SYS", "SYSAUX", "SYSMAN", "SYSTEM", "TSMSYS", "WMSYS", "XDB")                      # These are TABLESPACE_NAME
 SQLITE_SYSTEM_DBS = ("sqlite_master", "sqlite_temp_master")
-ACCESS_SYSTEM_DBS = ("MSysAccessObjects", "MSysACEs", "MSysObjects", "MSysQueries", "MSysRelationships", "MSysAccessStorage", "MSysAccessXML", "MSysModules", "MSysModules2")
+ACCESS_SYSTEM_DBS = ("MSysAccessObjects", "MSysACEs", "MSysObjects", "MSysQueries", "MSysRelationships", "MSysAccessStorage",\
-FIREBIRD_SYSTEM_DBS = ("RDB$BACKUP_HISTORY", "RDB$CHARACTER_SETS", "RDB$CHECK_CONSTRAINTS", "RDB$COLLATIONS", "RDB$DATABASE", "RDB$DEPENDENCIES", "RDB$EXCEPTIONS", "RDB$FIELDS", "RDB$FIELD_DIMENSIONS", " RDB$FILES", "RDB$FILTERS", "RDB$FORMATS", "RDB$FUNCTIONS", "RDB$FUNCTION_ARGUMENTS", "RDB$GENERATORS", "RDB$INDEX_SEGMENTS", "RDB$INDICES", "RDB$LOG_FILES", "RDB$PAGES", "RDB$PROCEDURES", "RDB$PROCEDURE_PARAMETERS", "RDB$REF_CONSTRAINTS", "RDB$RELATIONS", "RDB$RELATION_CONSTRAINTS", "RDB$RELATION_FIELDS", "RDB$ROLES", "RDB$SECURITY_CLASSES", "RDB$TRANSACTIONS", "RDB$TRIGGERS", "RDB$TRIGGER_MESSAGES", "RDB$TYPES", "RDB$USER_PRIVILEGES", "RDB$VIEW_RELATIONS")
+                        "MSysAccessXML", "MSysModules", "MSysModules2")
 FIREBIRD_SYSTEM_DBS = ("RDB$BACKUP_HISTORY", "RDB$CHARACTER_SETS", "RDB$CHECK_CONSTRAINTS", "RDB$COLLATIONS", "RDB$DATABASE",\
                        "RDB$DEPENDENCIES", "RDB$EXCEPTIONS", "RDB$FIELDS", "RDB$FIELD_DIMENSIONS", " RDB$FILES", "RDB$FILTERS",\
                        "RDB$FORMATS", "RDB$FUNCTIONS", "RDB$FUNCTION_ARGUMENTS", "RDB$GENERATORS", "RDB$INDEX_SEGMENTS", "RDB$INDICES",\
                        "RDB$LOG_FILES", "RDB$PAGES", "RDB$PROCEDURES", "RDB$PROCEDURE_PARAMETERS", "RDB$REF_CONSTRAINTS", "RDB$RELATIONS",\
                        "RDB$RELATION_CONSTRAINTS", "RDB$RELATION_FIELDS", "RDB$ROLES", "RDB$SECURITY_CLASSES", "RDB$TRANSACTIONS", "RDB$TRIGGERS",\
                        "RDB$TRIGGER_MESSAGES", "RDB$TYPES", "RDB$USER_PRIVILEGES", "RDB$VIEW_RELATIONS")
 MAXDB_SYSTEM_DBS = ("SYSINFO", "DOMAIN")
 SYBASE_SYSTEM_DBS = ("master", "model", "sybsystemdb", "sybsystemprocs")
-DB2_SYSTEM_DBS = ("NULLID", "SQLJ", "SYSCAT", "SYSFUN", "SYSIBM", "SYSIBMADM", "SYSIBMINTERNAL", "SYSIBMTS", "SYSPROC", "SYSPUBLIC", "SYSSTAT", "SYSTOOLS")
+DB2_SYSTEM_DBS = ("NULLID", "SQLJ", "SYSCAT", "SYSFUN", "SYSIBM", "SYSIBMADM", "SYSIBMINTERNAL", "SYSIBMTS",\
                   "SYSPROC", "SYSPUBLIC", "SYSSTAT", "SYSTOOLS")
 HSQLDB_SYSTEM_DBS = ("INFORMATION_SCHEMA", "SYSTEM_LOB")
 INFORMIX_SYSTEM_DBS = ("sysmaster", "sysutils", "sysuser", "sysadmin")
 MSSQL_ALIASES = ("microsoft sql server", "mssqlserver", "mssql", "ms")
-MYSQL_ALIASES = ("mysql", "my", "mariadb", "maria")
+MYSQL_ALIASES = ("mysql", "my")
 PGSQL_ALIASES = ("postgresql", "postgres", "pgsql", "psql", "pg")
 ORACLE_ALIASES = ("oracle", "orcl", "ora", "or")
 SQLITE_ALIASES = ("sqlite", "sqlite3")
@@ -251,39 +257,39 @@ WINDOWS_RESERVED_NAMES = ("CON", "PRN", "AUX", "NUL", "COM1", "COM2", "COM3", "C
 # Items displayed in basic help (-h) output
 BASIC_HELP_ITEMS = (
-    "url",
+                        "url",
-    "googleDork",
+                        "googleDork",
-    "data",
+                        "data",
-    "cookie",
+                        "cookie",
-    "randomAgent",
+                        "randomAgent",
-    "proxy",
+                        "proxy",
-    "testParameter",
+                        "testParameter",
-    "dbms",
+                        "dbms",
-    "level",
+                        "level",
-    "risk",
+                        "risk",
-    "tech",
+                        "tech",
-    "getAll",
+                        "getAll",
-    "getBanner",
+                        "getBanner",
-    "getCurrentUser",
+                        "getCurrentUser",
-    "getCurrentDb",
+                        "getCurrentDb",
-    "getPasswordHashes",
+                        "getPasswordHashes",
-    "getTables",
+                        "getTables",
-    "getColumns",
+                        "getColumns",
-    "getSchema",
+                        "getSchema",
-    "dumpTable",
+                        "dumpTable",
-    "dumpAll",
+                        "dumpAll",
-    "db",
+                        "db",
-    "tbl",
+                        "tbl",
-    "col",
+                        "col",
-    "osShell",
+                        "osShell",
-    "osPwn",
+                        "osPwn",
-    "batch",
+                        "batch",
-    "checkTor",
+                        "checkTor",
-    "flushSession",
+                        "flushSession",
-    "tor",
+                        "tor",
-    "sqlmapShell",
+                        "sqlmapShell",
-    "wizard",
+                        "wizard",
-)
+                   )
 # String representation for NULL value
 NULL = "NULL"
@@ -299,14 +305,13 @@ FILE_PATH_REGEXES = (r" in (file )?<b>(?P<result>.*?)</b> on line \d+", r"in (?P
 # Regular expressions used for parsing error messages (--parse-errors)
 ERROR_PARSING_REGEXES = (
-    r"<b>[^<]*(fatal|error|warning|exception)[^<]*</b>:?\s*(?P<result>.+?)<br\s*/?\s*>",
+                          r"<b>[^<]*(fatal|error|warning|exception)[^<]*</b>:?\s*(?P<result>.+?)<br\s*/?\s*>",
-    r"(?m)^(fatal|error|warning|exception):?\s*(?P<result>[^\n]+?)$",
+                          r"(?m)^(fatal|error|warning|exception):?\s*(?P<result>[^\n]+?)$",
-    r"(?P<result>[^\n>]*SQL Syntax[^\n<]+)",
+                          r"(?P<result>[^\n>]*SQL Syntax[^\n<]+)",
-    r"<li>Error Type:<br>(?P<result>.+?)</li>",
+                          r"<li>Error Type:<br>(?P<result>.+?)</li>",
-    r"CDbCommand (?P<result>[^<>\n]*SQL[^<>\n]+)",
+                          r"error '[0-9a-f]{8}'((<[^>]+>)|\s)+(?P<result>[^<>]+)",
-    r"error '[0-9a-f]{8}'((<[^>]+>)|\s)+(?P<result>[^<>]+)",
+                          r"\[[^\n\]]+(ODBC|JDBC)[^\n\]]+\](\[[^\]]+\])?(?P<result>[^\n]+(in query expression|\(SQL| at /[^ ]+pdo)[^\n<]+)"
-    r"\[[^\n\]]+(ODBC|JDBC)[^\n\]]+\](\[[^\]]+\])?(?P<result>[^\n]+(in query expression|\(SQL| at /[^ ]+pdo)[^\n<]+)"
+                        )
 )
 # Regular expression used for parsing charset info from meta html headers
 META_CHARSET_REGEX = r'(?si)<head>.*<meta[^>]+charset="?(?P<result>[^"> ]+).*</head>'
@@ -344,9 +349,6 @@ URI_INJECTABLE_REGEX = r"//[^/]*/([^\.*?]+)\Z"
 # Regex used for masking sensitive data
 SENSITIVE_DATA_REGEX = "(\s|=)(?P<result>[^\s=]*%s[^\s]*)\s"
 # Options to explicitly mask in anonymous (unhandled exception) reports (along with anything carrying the <hostname> inside)
 SENSITIVE_OPTIONS = ("hostname", "data", "dnsDomain", "googleDork", "authCred", "proxyCred", "tbl", "db", "col", "user", "cookie", "proxy", "rFile", "wFile", "dFile", "testParameter", "authCred")
 # Maximum number of threads (avoiding connection issues and/or DoS)
 MAX_NUMBER_OF_THREADS = 10
@@ -372,7 +374,7 @@ MIN_ERROR_CHUNK_LENGTH = 8
 MAX_ERROR_CHUNK_LENGTH = 1024
 # Do not escape the injected statement if it contains any of the following SQL keywords
-EXCLUDE_UNESCAPE = ("WAITFOR DELAY ", " INTO DUMPFILE ", " INTO OUTFILE ", "CREATE ", "BULK ", "EXEC ", "RECONFIGURE ", "DECLARE ", "'%s'" % CHAR_INFERENCE_MARK)
+EXCLUDE_UNESCAPE = ("WAITFOR DELAY ", " INTO DUMPFILE ", " INTO OUTFILE ", "CREATE ", "BULK ", "EXEC ", "RECONFIGURE ", "DECLARE ", "DBINFO(", "'%s'" % CHAR_INFERENCE_MARK)
 # Mark used for replacement of reflected values
 REFLECTED_VALUE_MARKER = "__REFLECTED_VALUE__"
@@ -402,10 +404,10 @@ HASH_MOD_ITEM_DISPLAY = 11
 MAX_INT = sys.maxint
 # Options that need to be restored in multiple targets run mode
-RESTORE_MERGED_OPTIONS = ("col", "db", "dnsDomain", "privEsc", "tbl", "regexp", "string", "textOnly", "threads", "timeSec", "tmpPath", "uChar", "user")
+RESTORE_MERGED_OPTIONS = ("col", "db", "dnsName", "privEsc", "tbl", "regexp", "string", "textOnly", "threads", "timeSec", "tmpPath", "uChar", "user")
 # Parameters to be ignored in detection phase (upper case)
-IGNORE_PARAMETERS = ("__VIEWSTATE", "__VIEWSTATEENCRYPTED", "__VIEWSTATEGENERATOR", "__EVENTARGUMENT", "__EVENTTARGET", "__EVENTVALIDATION", "ASPSESSIONID", "ASP.NET_SESSIONID", "JSESSIONID", "CFID", "CFTOKEN")
+IGNORE_PARAMETERS = ("__VIEWSTATE", "__VIEWSTATEENCRYPTED", "__EVENTARGUMENT", "__EVENTTARGET", "__EVENTVALIDATION", "ASPSESSIONID", "ASP.NET_SESSIONID", "JSESSIONID", "CFID", "CFTOKEN")
 # Regular expression used for recognition of ASP.NET control parameters
 ASP_NET_CONTROL_REGEX = r"(?i)\Actl\d+\$"
@@ -434,10 +436,10 @@ IGNORE_SAVE_OPTIONS = ("saveConfig",)
 # IP address of the localhost
 LOCALHOST = "127.0.0.1"
-# Default SOCKS ports used by Tor
+# Default port used by Tor
-DEFAULT_TOR_SOCKS_PORTS = (9050, 9150)
+DEFAULT_TOR_SOCKS_PORT = 9050
-# Default HTTP ports used by Tor
+# Default ports used in Tor proxy bundles
 DEFAULT_TOR_HTTP_PORTS = (8123, 8118)
 # Percentage below which comparison engine could have problems
@@ -484,14 +486,14 @@ IDS_WAF_CHECK_PAYLOAD = "AND 1=1 UNION ALL SELECT 1,NULL,'<script>alert(\"XSS\")
 # Data inside shellcodeexec to be filled with random string
 SHELLCODEEXEC_RANDOM_STRING_MARKER = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
-# Vectors used for provoking specific WAF/IPS/IDS behavior(s)
+# Vectors used for provoking specific WAF/IDS/IPS behavior(s)
 WAF_ATTACK_VECTORS = (
-    "",  # NIL
+                        "",  # NIL
-    "search=<script>alert(1)</script>",
+                        "search=<script>alert(1)</script>",
-    "file=../../../../etc/passwd",
+                        "file=../../../../etc/passwd",
-    "q=<invalid>foobar",
+                        "q=<invalid>foobar",
-    "id=1 %s" % IDS_WAF_CHECK_PAYLOAD
+                        "id=1 %s" % IDS_WAF_CHECK_PAYLOAD
-)
+                     )
 # Used for status representation in dictionary attack phase
 ROTATING_CHARS = ('\\', '|', '|', '/', '-')
@@ -528,7 +530,7 @@ UNION_CHAR_REGEX = r"\A\w+\Z"
 UNENCODED_ORIGINAL_VALUE = "original"
 # Common column names containing usernames (used for hash cracking in some cases)
-COMMON_USER_COLUMNS = ("login", "user", "username", "user_name", "user_login", "benutzername", "benutzer", "utilisateur", "usager", "consommateur", "utente", "utilizzatore", "usufrutuario", "korisnik", "usuario", "consumidor", "client", "cuser")
+COMMON_USER_COLUMNS = ("user", "username", "user_name", "benutzername", "benutzer", "utilisateur", "usager", "consommateur", "utente", "utilizzatore", "usufrutuario", "korisnik", "usuario", "consumidor")
 # Default delimiter in GET/POST values
 DEFAULT_GET_POST_DELIMITER = '&'
@@ -548,14 +550,11 @@ HASHDB_FLUSH_THRESHOLD = 32
 # Number of retries for unsuccessful HashDB flush attempts
 HASHDB_FLUSH_RETRIES = 3
 # Number of retries for unsuccessful HashDB retrieve attempts
 HASHDB_RETRIEVE_RETRIES = 3
 # Number of retries for unsuccessful HashDB end transaction attempts
 HASHDB_END_TRANSACTION_RETRIES = 3
 # Unique milestone value used for forced deprecation of old HashDB values (e.g. when changing hash/pickle mechanism)
-HASHDB_MILESTONE_VALUE = "dPHoJRQYvs"  # python -c 'import random, string; print "".join(random.sample(string.ascii_letters, 10))'
+HASHDB_MILESTONE_VALUE = "BkfRWrtCYK"  # python -c 'import random, string; print "".join(random.sample(string.ascii_letters, 10))'
 # Warn user of possible delay due to large page dump in full UNION query injections
 LARGE_OUTPUT_THRESHOLD = 1024 ** 2
@@ -588,7 +587,7 @@ BANNER = re.sub(r"\[.\]", lambda _: "[\033[01;41m%s\033[01;49m]" % random.sample
 DUMMY_NON_SQLI_CHECK_APPENDIX = "<'\">"
 # Regular expression used for recognition of file inclusion errors
-FI_ERROR_REGEX = "(?i)[^\n]{0,100}(no such file|failed (to )?open)[^\n]{0,100}"
+FI_ERROR_REGEX = "(?i)[^\n]*(no such file|failed (to )?open)[^\n]*"
 # Length of prefix and suffix used in non-SQLI heuristic checks
 NON_SQLI_CHECK_PREFIX_SUFFIX_LENGTH = 6
--- a/lib/core/shell.py
+++ b/lib/core/shell.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
--- a/lib/core/subprocessng.py
+++ b/lib/core/subprocessng.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
--- a/lib/core/target.py
+++ b/lib/core/target.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
--- a/lib/core/testing.py
+++ b/lib/core/testing.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
--- a/lib/core/threads.py
+++ b/lib/core/threads.py
@@ -1,17 +1,18 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 import difflib
 import random
 import thread
 import threading
 import time
 import traceback
 from thread import error as ThreadError
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
@@ -19,7 +20,6 @@ from lib.core.datatype import AttribDict
 from lib.core.enums import PAYLOAD
 from lib.core.exception import SqlmapConnectionException
 from lib.core.exception import SqlmapThreadException
 from lib.core.exception import SqlmapUserQuitException
 from lib.core.exception import SqlmapValueException
 from lib.core.settings import MAX_NUMBER_OF_THREADS
 from lib.core.settings import PYVERSION
@@ -150,7 +150,7 @@ def runThreads(numThreads, threadFunction, cleanupFunction=None, forwardExceptio
            try:
                thread.start()
-            except thread.error, ex:
+            except ThreadError, ex:
                errMsg = "error occurred while starting new thread ('%s')" % ex.message
                logger.critical(errMsg)
                break
@@ -166,13 +166,13 @@ def runThreads(numThreads, threadFunction, cleanupFunction=None, forwardExceptio
                    alive = True
                    time.sleep(0.1)
-    except (KeyboardInterrupt, SqlmapUserQuitException), ex:
+    except KeyboardInterrupt:
        print
        kb.threadContinue = False
        kb.threadException = True
        if numThreads > 1:
-            logger.info("waiting for threads to finish%s" % (" (Ctrl+C was pressed)" if isinstance(ex, KeyboardInterrupt) else ""))
+            logger.info("waiting for threads to finish (Ctrl+C was pressed)")
        try:
            while (threading.activeCount() > 1):
                pass
--- a/lib/core/unescaper.py
+++ b/lib/core/unescaper.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
--- a/lib/core/update.py
+++ b/lib/core/update.py
@@ -1,16 +1,18 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 import locale
 import os
 import re
 import subprocess
 import time
 from subprocess import PIPE
 from subprocess import Popen as execute
 from lib.core.common import dataToStdout
 from lib.core.common import getSafeExString
 from lib.core.common import pollProcess
@@ -29,7 +31,7 @@ def update():
    if not os.path.exists(os.path.join(paths.SQLMAP_ROOT_PATH, ".git")):
        errMsg = "not a git repository. Please checkout the 'sqlmapproject/sqlmap' repository "
-        errMsg += "from GitHub (e.g. 'git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap')"
+        errMsg += "from GitHub (e.g. 'git clone https://github.com/sqlmapproject/sqlmap.git sqlmap')"
        logger.error(errMsg)
    else:
        infoMsg = "updating sqlmap to the latest development version from the "
@@ -42,7 +44,7 @@ def update():
        dataToStdout("\r[%s] [INFO] update in progress " % time.strftime("%X"))
        try:
-            process = subprocess.Popen("git checkout . && git pull %s HEAD" % GIT_REPOSITORY, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, cwd=paths.SQLMAP_ROOT_PATH.encode(locale.getpreferredencoding()))  # Reference: http://blog.stastnarodina.com/honza-en/spot/python-unicodeencodeerror/
+            process = execute("git checkout . && git pull %s HEAD" % GIT_REPOSITORY, shell=True, stdout=PIPE, stderr=PIPE, cwd=paths.SQLMAP_ROOT_PATH.encode(locale.getpreferredencoding()))  # Reference: http://blog.stastnarodina.com/honza-en/spot/python-unicodeencodeerror/
            pollProcess(process, True)
            stdout, stderr = process.communicate()
            success = not process.returncode
@@ -51,11 +53,13 @@ def update():
            stderr = getSafeExString(ex)
        if success:
-            logger.info("%s the latest revision '%s'" % ("already at" if "Already" in stdout else "updated to", getRevisionNumber()))
+            import lib.core.settings
            _ = lib.core.settings.REVISION = getRevisionNumber()
            logger.info("%s the latest revision '%s'" % ("already at" if "Already" in stdout else "updated to", _))
        else:
            if "Not a git repository" in stderr:
                errMsg = "not a valid git repository. Please checkout the 'sqlmapproject/sqlmap' repository "
-                errMsg += "from GitHub (e.g. 'git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap')"
+                errMsg += "from GitHub (e.g. 'git clone https://github.com/sqlmapproject/sqlmap.git sqlmap')"
                logger.error(errMsg)
            else:
                logger.error("update could not be completed ('%s')" % re.sub(r"\W+", " ", stderr).strip())
--- a/lib/core/wordlist.py
+++ b/lib/core/wordlist.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
--- a/lib/parse/init.py
+++ b/lib/parse/init.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
--- a/lib/parse/banner.py
+++ b/lib/parse/banner.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
@@ -152,15 +152,6 @@ def cmdLineParser(argv=None):
        request.add_option("--ignore-401", dest="ignore401", action="store_true",
                          help="Ignore HTTP Error 401 (Unauthorized)")
        request.add_option("--ignore-proxy", dest="ignoreProxy", action="store_true",
                           help="Ignore system default proxy settings")
        request.add_option("--ignore-redirects", dest="ignoreRedirects", action="store_true",
                          help="Ignore redirection attempts")
        request.add_option("--ignore-timeouts", dest="ignoreTimeouts", action="store_true",
                          help="Ignore connection timeouts")
        request.add_option("--proxy", dest="proxy",
                           help="Use a proxy to connect to the target URL")
@@ -171,6 +162,9 @@ def cmdLineParser(argv=None):
        request.add_option("--proxy-file", dest="proxyFile",
                           help="Load proxy list from a file")
        request.add_option("--ignore-proxy", dest="ignoreProxy", action="store_true",
                           help="Ignore system default proxy settings")
        request.add_option("--tor", dest="tor",
                                  action="store_true",
                                  help="Use Tor anonymity network")
@@ -267,10 +261,7 @@ def cmdLineParser(argv=None):
                             help="Skip testing for given parameter(s)")
        injection.add_option("--skip-static", dest="skipStatic", action="store_true",
-                             help="Skip testing parameters that not appear to be dynamic")
+                             help="Skip testing parameters that not appear dynamic")
        injection.add_option("--param-exclude", dest="paramExclude",
                           help="Regexp to exclude parameters from testing (e.g. \"ses\")")
        injection.add_option("--dbms", dest="dbms",
                             help="Force back-end DBMS to this value")
@@ -370,7 +361,7 @@ def cmdLineParser(argv=None):
        techniques.add_option("--union-from", dest="uFrom",
                              help="Table to use in FROM part of UNION query SQL injection")
-        techniques.add_option("--dns-domain", dest="dnsDomain",
+        techniques.add_option("--dns-domain", dest="dnsName",
                              help="Domain name used for DNS exfiltration attack")
        techniques.add_option("--second-order", dest="secondOrder",
@@ -897,12 +888,6 @@ def cmdLineParser(argv=None):
        for i in xrange(len(argv)):
            if argv[i] == "-hh":
                argv[i] = "-h"
            elif len(argv[i]) > 1 and all(ord(_) in xrange(0x2018, 0x2020) for _ in ((argv[i].split('=', 1)[-1].strip() or ' ')[0], argv[i][-1])):
                dataToStdout("[!] copy-pasting illegal (non-console) quote characters from Internet is, well, illegal (%s)\n" % argv[i])
                raise SystemExit
            elif len(argv[i]) > 1 and u"\uff0c" in argv[i].split('=', 1)[-1]:
                dataToStdout("[!] copy-pasting illegal (non-console) comma characters from Internet is, well, illegal (%s)\n" % argv[i])
                raise SystemExit
            elif re.search(r"\A-\w=.+", argv[i]):
                dataToStdout("[!] potentially miswritten (illegal '=') short option detected ('%s')\n" % argv[i])
                raise SystemExit
@@ -915,7 +900,7 @@ def cmdLineParser(argv=None):
            elif argv[i] == "--version":
                print VERSION_STRING.split('/')[-1]
                raise SystemExit
-            elif argv[i] in ("-h", "--help"):
+            elif argv[i] == "-h":
                advancedHelp = False
                for group in parser.option_groups[:]:
                    found = False
--- a/lib/parse/configfile.py
+++ b/lib/parse/configfile.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
@@ -14,14 +14,13 @@ from lib.core.common import UnicodeRawConfigParser
 from lib.core.data import cmdLineOptions
 from lib.core.data import conf
 from lib.core.data import logger
 from lib.core.enums import OPTION_TYPE
 from lib.core.exception import SqlmapMissingMandatoryOptionException
 from lib.core.exception import SqlmapSyntaxException
 from lib.core.optiondict import optDict
 config = None
-def configFileProxy(section, option, datatype):
+def configFileProxy(section, option, boolean=False, integer=False):
    """
    Parse configuration file and save settings into the configuration
    advanced dictionary.
@@ -31,12 +30,10 @@ def configFileProxy(section, option, datatype):
    if config.has_option(section, option):
        try:
-            if datatype == OPTION_TYPE.BOOLEAN:
+            if boolean:
                value = config.getboolean(section, option) if config.get(section, option) else False
-            elif datatype == OPTION_TYPE.INTEGER:
+            elif integer:
                value = config.getint(section, option) if config.get(section, option) else 0
            elif datatype == OPTION_TYPE.FLOAT:
                value = config.getfloat(section, option) if config.get(section, option) else 0.0
            else:
                value = config.get(section, option)
        except ValueError, ex:
@@ -94,4 +91,8 @@ def configFileParser(configFile):
    for family, optionData in optDict.items():
        for option, datatype in optionData.items():
            datatype = unArrayizeValue(datatype)
-            configFileProxy(family, option, datatype)
+
            boolean = datatype == "boolean"
            integer = datatype == "integer"
            configFileProxy(family, option, boolean, integer)
--- a/lib/parse/handler.py
+++ b/lib/parse/handler.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
--- a/lib/parse/headers.py
+++ b/lib/parse/headers.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
--- a/lib/parse/html.py
+++ b/lib/parse/html.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
--- a/lib/parse/payloads.py
+++ b/lib/parse/payloads.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
--- a/lib/parse/sitemap.py
+++ b/lib/parse/sitemap.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
--- a/lib/request/init.py
+++ b/lib/request/init.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
--- a/lib/request/basic.py
+++ b/lib/request/basic.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
@@ -314,12 +314,6 @@ def decodePage(page, contentEncoding, contentType):
            page = re.sub(r"&([^;]+);", lambda _: chr(htmlEntities[_.group(1)]) if htmlEntities.get(_.group(1), 256) < 256 else _.group(0), page)
            kb.pageEncoding = kb.pageEncoding or checkCharEncoding(getHeuristicCharEncoding(page))
            if kb.pageEncoding and kb.pageEncoding.lower() == "utf-8-sig":
                kb.pageEncoding = "utf-8"
                if page and page.startswith("\xef\xbb\xbf"):  # Reference: https://docs.python.org/2/library/codecs.html (Note: noticed problems when "utf-8-sig" is left to Python for handling)
                    page = page[3:]
            page = getUnicode(page, kb.pageEncoding)
            # e.g. &#8217;&#8230;&#8482;
@@ -369,7 +363,7 @@ def processResponse(page, responseHeaders):
                        if readInput(msg, default='N').strip().upper() != 'Y':
                            continue
                        conf.paramDict[PLACE.POST][name] = value
-                conf.parameters[PLACE.POST] = re.sub("(?i)(%s=)[^&]+" % re.escape(name), r"\g<1>%s" % re.escape(value), conf.parameters[PLACE.POST])
+                conf.parameters[PLACE.POST] = re.sub("(?i)(%s=)[^&]+" % name, r"\g<1>%s" % value, conf.parameters[PLACE.POST])
    if not kb.captchaDetected and re.search(r"(?i)captcha", page or ""):
        for match in re.finditer(r"(?si)<form.+?</form>", page):
--- a/lib/request/basicauthhandler.py
+++ b/lib/request/basicauthhandler.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
--- a/lib/request/comparison.py
+++ b/lib/request/comparison.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
@@ -31,7 +31,6 @@ from extra.safe2bin.safe2bin import safecharencode
 from lib.core.agent import agent
 from lib.core.common import asciifyUrl
 from lib.core.common import calculateDeltaSeconds
 from lib.core.common import checkSameHost
 from lib.core.common import clearConsoleLine
 from lib.core.common import dataToStdout
 from lib.core.common import evaluateCode
@@ -91,7 +90,6 @@ from lib.core.settings import HTTP_ACCEPT_ENCODING_HEADER_VALUE
 from lib.core.settings import MAX_CONNECTION_CHUNK_SIZE
 from lib.core.settings import MAX_CONNECTIONS_REGEX
 from lib.core.settings import MAX_CONNECTION_TOTAL_SIZE
 from lib.core.settings import MAX_CONSECUTIVE_CONNECTION_ERRORS
 from lib.core.settings import MAX_MURPHY_SLEEP_TIME
 from lib.core.settings import META_REFRESH_REGEX
 from lib.core.settings import MIN_TIME_RESPONSES
@@ -252,7 +250,7 @@ class Connect(object):
        timeout = kwargs.get("timeout",             None) or conf.timeout
        auxHeaders = kwargs.get("auxHeaders",       None)
        response = kwargs.get("response",           False)
-        ignoreTimeout = kwargs.get("ignoreTimeout", False) or kb.ignoreTimeout or conf.ignoreTimeouts
+        ignoreTimeout = kwargs.get("ignoreTimeout", False) or kb.ignoreTimeout
        refreshing = kwargs.get("refreshing",       False)
        retrying = kwargs.get("retrying",           False)
        crawling = kwargs.get("crawling",           False)
@@ -267,7 +265,7 @@ class Connect(object):
            url = urlparse.urljoin(conf.url, url)
        # flag to know if we are dealing with the same target host
-        target = checkSameHost(url, conf.url)
+        target = reduce(lambda x, y: x == y, map(lambda x: urlparse.urlparse(x).netloc.split(':')[0], [url, conf.url or ""]))
        if not retrying:
            # Reset the number of connection retries
@@ -397,7 +395,6 @@ class Connect(object):
            if websocket_:
                ws = websocket.WebSocket()
                ws.settimeout(timeout)
                ws.connect(url, header=("%s: %s" % _ for _ in headers.items() if _[0] not in ("Host",)), cookie=cookie)  # WebSocket will add Host field of headers automatically
                ws.send(urldecode(post or ""))
                page = ws.recv()
@@ -475,7 +472,7 @@ class Connect(object):
                    return conn, None, None
                # Get HTTP response
-                if hasattr(conn, "redurl"):
+                if hasattr(conn, 'redurl'):
                    page = (threadData.lastRedirectMsg[1] if kb.redirectChoice == REDIRECTION.NO\
                    else Connect._connReadProxy(conn)) if not skipRead else None
                    skipLogTraffic = kb.redirectChoice == REDIRECTION.NO
@@ -483,49 +480,43 @@ class Connect(object):
                else:
                    page = Connect._connReadProxy(conn) if not skipRead else None
-                code = code or (conn.code if conn else None)
+                code = code or conn.code
                responseHeaders = conn.info()
                responseHeaders[URI_HTTP_HEADER] = conn.geturl()
                page = decodePage(page, responseHeaders.get(HTTP_HEADER.CONTENT_ENCODING), responseHeaders.get(HTTP_HEADER.CONTENT_TYPE))
                status = getUnicode(conn.msg)
-            kb.connErrorCounter = 0
+            if extractRegexResult(META_REFRESH_REGEX, page) and not refreshing:
                refresh = extractRegexResult(META_REFRESH_REGEX, page)
-            if not refreshing:
+                debugMsg = "got HTML meta refresh header"
-                refresh = responseHeaders.get(HTTP_HEADER.REFRESH, "").split("url=")[-1].strip()
+                logger.debug(debugMsg)
-                if extractRegexResult(META_REFRESH_REGEX, page):
+                if kb.alwaysRefresh is None:
-                    refresh = extractRegexResult(META_REFRESH_REGEX, page)
+                    msg = "sqlmap got a refresh request "
                    msg += "(redirect like response common to login pages). "
                    msg += "Do you want to apply the refresh "
                    msg += "from now on (or stay on the original page)? [Y/n]"
                    choice = readInput(msg, default="Y")
-                    debugMsg = "got HTML meta refresh header"
+                    kb.alwaysRefresh = choice not in ("n", "N")
                    logger.debug(debugMsg)
-                if refresh:
+                if kb.alwaysRefresh:
-                    if kb.alwaysRefresh is None:
+                    if re.search(r"\Ahttps?://", refresh, re.I):
-                        msg = "sqlmap got a refresh request "
+                        url = refresh
-                        msg += "(redirect like response common to login pages). "
+                    else:
-                        msg += "Do you want to apply the refresh "
+                        url = urlparse.urljoin(url, refresh)
                        msg += "from now on (or stay on the original page)? [Y/n]"
                        choice = readInput(msg, default="Y")
-                        kb.alwaysRefresh = choice not in ("n", "N")
+                    threadData.lastRedirectMsg = (threadData.lastRequestUID, page)
                    kwargs['refreshing'] = True
                    kwargs['url'] = url
                    kwargs['get'] = None
                    kwargs['post'] = None
-                    if kb.alwaysRefresh:
+                    try:
-                        if re.search(r"\Ahttps?://", refresh, re.I):
+                        return Connect._getPageProxy(**kwargs)
-                            url = refresh
+                    except SqlmapSyntaxException:
-                        else:
+                        pass
                            url = urlparse.urljoin(url, refresh)
                        threadData.lastRedirectMsg = (threadData.lastRequestUID, page)
                        kwargs["refreshing"] = True
                        kwargs["url"] = url
                        kwargs["get"] = None
                        kwargs["post"] = None
                        try:
                            return Connect._getPageProxy(**kwargs)
                        except SqlmapSyntaxException:
                            pass
            # Explicit closing of connection object
            if conn and not conf.keepAlive:
@@ -596,7 +587,7 @@ class Connect(object):
                    processResponse(page, responseHeaders)
            elif ex.code == httplib.GATEWAY_TIMEOUT:
                if ignoreTimeout:
-                    return None if not conf.ignoreTimeouts else "", None, None
+                    return None, None, None
                else:
                    warnMsg = "unable to connect to the target URL (%d - %s)" % (ex.code, httplib.responses[ex.code])
                    if threadData.retriesCount < conf.retries and not kb.threadException:
@@ -629,7 +620,7 @@ class Connect(object):
                        kb.responseTimes.clear()
                if kb.testMode and kb.testType not in (None, PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED):
-                    singleTimeWarnMessage("there is a possibility that the target (or WAF/IPS/IDS) is dropping 'suspicious' requests")
+                    singleTimeWarnMessage("there is a possibility that the target (or WAF) is dropping 'suspicious' requests")
                warnMsg = "connection timed out to the target URL"
            elif "URLError" in tbMsg or "error" in tbMsg:
                warnMsg = "unable to connect to the target URL"
@@ -657,25 +648,13 @@ class Connect(object):
            if "BadStatusLine" not in tbMsg and any((conf.proxy, conf.tor)):
                warnMsg += " or proxy"
            with kb.locks.connError:
                kb.connErrorCounter += 1
                if kb.connErrorCounter >= MAX_CONSECUTIVE_CONNECTION_ERRORS and kb.connErrorChoice is None:
                    message = "there seems to be a continuous problem with connection to the target. "
                    message += "Are you sure that you want to continue "
                    message += "with further target testing? [y/N] "
                    kb.connErrorChoice = readInput(message, default="N") in ("Y", "y")
                if kb.connErrorChoice is False:
                    raise SqlmapConnectionException(warnMsg)
            if silent:
                return None, None, None
            elif "forcibly closed" in tbMsg:
                logger.critical(warnMsg)
                return None, None, None
            elif ignoreTimeout and any(_ in tbMsg for _ in ("timed out", "IncompleteRead")):
-                return None if not conf.ignoreTimeouts else "", None, None
+                return None, None, None
            elif threadData.retriesCount < conf.retries and not kb.threadException:
                warnMsg += ". sqlmap is going to retry the request"
                if not retrying:
@@ -894,21 +873,18 @@ class Connect(object):
            uri = conf.url
        if value and place == PLACE.CUSTOM_HEADER:
-            if value.split(',')[0].capitalize() == PLACE.COOKIE:
+            auxHeaders[value.split(',')[0]] = value.split(',', 1)[1]
                cookie = value.split(',', 1)[1]
            else:
                auxHeaders[value.split(',')[0]] = value.split(',', 1)[1]
        if conf.csrfToken:
            def _adjustParameter(paramString, parameter, newValue):
                retVal = paramString
                match = re.search("%s=[^&]*" % re.escape(parameter), paramString)
                if match:
-                    retVal = re.sub(re.escape(match.group(0)), "%s=%s" % (parameter, newValue), paramString)
+                    retVal = re.sub(match.group(0), "%s=%s" % (parameter, newValue), paramString)
                else:
                    match = re.search("(%s[\"']:[\"'])([^\"']+)" % re.escape(parameter), paramString)
                    if match:
-                        retVal = re.sub(re.escape(match.group(0)), "%s%s" % (match.group(1), newValue), paramString)
+                        retVal = re.sub(match.group(0), "%s%s" % (match.group(1), newValue), paramString)
                return retVal
            page, headers, code = Connect.getPage(url=conf.csrfUrl or conf.url, data=conf.data if conf.csrfUrl == conf.url else None, method=conf.method if conf.csrfUrl == conf.url else None, cookie=conf.parameters.get(PLACE.COOKIE), direct=True, silent=True, ua=conf.parameters.get(PLACE.USER_AGENT), referer=conf.parameters.get(PLACE.REFERER), host=conf.parameters.get(PLACE.HOST))
@@ -928,7 +904,7 @@ class Connect(object):
                    for _ in conf.cj:
                        if _.name == conf.csrfToken:
                            token = _.value
-                            if not any(conf.csrfToken in _ for _ in (conf.paramDict.get(PLACE.GET, {}), conf.paramDict.get(PLACE.POST, {}))):
+                            if not any (conf.csrfToken in _ for _ in (conf.paramDict.get(PLACE.GET, {}), conf.paramDict.get(PLACE.POST, {}))):
                                if post:
                                    post = "%s%s%s=%s" % (post, conf.paramDel or DEFAULT_GET_POST_DELIMITER, conf.csrfToken, token)
                                elif get:
@@ -1159,7 +1135,7 @@ class Connect(object):
                warnMsg = "site returned insanely large response"
                if kb.testMode:
                    warnMsg += " in testing phase. This is a common "
-                    warnMsg += "behavior in custom WAF/IPS/IDS solutions"
+                    warnMsg += "behavior in custom WAF/IDS/IPS solutions"
                singleTimeWarnMessage(warnMsg)
        if conf.secondOrder:
--- a/lib/request/direct.py
+++ b/lib/request/direct.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
@@ -24,7 +24,6 @@ from lib.core.dicts import SQL_STATEMENTS
 from lib.core.enums import CUSTOM_LOGGING
 from lib.core.enums import DBMS
 from lib.core.enums import EXPECTED
 from lib.core.enums import TIMEOUT_STATE
 from lib.core.settings import UNICODE_ENCODING
 from lib.utils.timeout import timeout
@@ -52,18 +51,13 @@ def direct(query, content=True):
    start = time.time()
    if not select and "EXEC " not in query.upper():
-        timeout(func=conf.dbmsConnector.execute, args=(query,), duration=conf.timeout, default=None)
+        _ = timeout(func=conf.dbmsConnector.execute, args=(query,), duration=conf.timeout, default=None)
    elif not (output and "sqlmapoutput" not in query and "sqlmapfile" not in query):
-        output, state = timeout(func=conf.dbmsConnector.select, args=(query,), duration=conf.timeout, default=None)
+        output = timeout(func=conf.dbmsConnector.select, args=(query,), duration=conf.timeout, default=None)
-        if state == TIMEOUT_STATE.NORMAL:
+        hashDBWrite(query, output, True)
            hashDBWrite(query, output, True)
        elif state == TIMEOUT_STATE.TIMEOUT:
            conf.dbmsConnector.close()
            conf.dbmsConnector.connect()
    elif output:
        infoMsg = "resumed: %s..." % getUnicode(output, UNICODE_ENCODING)[:20]
        logger.info(infoMsg)
    threadData.lastQueryDuration = calculateDeltaSeconds(start)
    if not output:
--- a/lib/request/dns.py
+++ b/lib/request/dns.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
@@ -62,10 +62,7 @@ class DNSServer(object):
        self._check_localhost()
        self._requests = []
        self._lock = threading.Lock()
-        try:
+        self._socket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
            self._socket = socket._orig_socket(socket.AF_INET, socket.SOCK_DGRAM)
        except AttributeError:
            self._socket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
        self._socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
        self._socket.bind(("", 53))
        self._running = False
--- a/lib/request/httpshandler.py
+++ b/lib/request/httpshandler.py
@@ -1,13 +1,12 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 import distutils.version
 import httplib
 import re
 import socket
 import urllib2
@@ -48,7 +47,7 @@ class HTTPSConnection(httplib.HTTPSConnection):
        # Reference(s): https://docs.python.org/2/library/ssl.html#ssl.SSLContext
        #               https://www.mnot.net/blog/2014/12/27/python_2_and_tls_sni
-        if re.search(r"\A[\d.]+\Z", self.host) is None and kb.tlsSNI.get(self.host) != False and hasattr(ssl, "SSLContext"):
+        if kb.tlsSNI.get(self.host) != False and hasattr(ssl, "SSLContext"):
            for protocol in filter(lambda _: _ >= ssl.PROTOCOL_TLSv1, _protocols):
                try:
                    sock = create_sock()
--- a/lib/request/inject.py
+++ b/lib/request/inject.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
@@ -57,7 +57,7 @@ from lib.techniques.union.use import unionUse
 def _goDns(payload, expression):
    value = None
-    if conf.dnsDomain and kb.dnsTest is not False and not kb.testMode and Backend.getDbms() is not None:
+    if conf.dnsName and kb.dnsTest is not False and not kb.testMode and Backend.getDbms() is not None:
        if kb.dnsTest is None:
            dnsTest(payload)
@@ -293,7 +293,7 @@ def _goBooleanProxy(expression):
    initTechnique(kb.technique)
-    if conf.dnsDomain:
+    if conf.dnsName:
        query = agent.prefixQuery(kb.injection.data[kb.technique].vector)
        query = agent.suffixQuery(query)
        payload = agent.payload(newValue=query)
@@ -364,7 +364,7 @@ def getValue(expression, blind=True, union=True, error=True, time=True, fromUser
        if conf.direct:
            value = direct(forgeCaseExpression if expected == EXPECTED.BOOL else expression)
-        elif any(isTechniqueAvailable(_) for _ in getPublicTypeMembers(PAYLOAD.TECHNIQUE, onlyValues=True)):
+        elif any(map(isTechniqueAvailable, getPublicTypeMembers(PAYLOAD.TECHNIQUE, onlyValues=True))):
            query = cleanQuery(expression)
            query = expandAsteriskForColumns(query)
            value = None
@@ -413,7 +413,7 @@ def getValue(expression, blind=True, union=True, error=True, time=True, fromUser
                    count += 1
                    found = (value is not None) or (value is None and expectingNone) or count >= MAX_TECHNIQUES_PER_VALUE
-                if found and conf.dnsDomain:
+                if found and conf.dnsName:
                    _ = "".join(filter(None, (key if isTechniqueAvailable(value) else None for key, value in {"E": PAYLOAD.TECHNIQUE.ERROR, "Q": PAYLOAD.TECHNIQUE.QUERY, "U": PAYLOAD.TECHNIQUE.UNION}.items())))
                    warnMsg = "option '--dns-domain' will be ignored "
                    warnMsg += "as faster techniques are usable "
--- a/lib/request/methodrequest.py
+++ b/lib/request/methodrequest.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
--- a/lib/request/pkihandler.py
+++ b/lib/request/pkihandler.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
--- a/lib/request/rangehandler.py
+++ b/lib/request/rangehandler.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
--- a/lib/request/redirecthandler.py
+++ b/lib/request/redirecthandler.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
@@ -71,7 +71,7 @@ class SmartRedirectHandler(urllib2.HTTPRedirectHandler):
    def http_error_302(self, req, fp, code, msg, headers):
        content = None
-        redurl = self._get_header_redirect(headers) if not conf.ignoreRedirects else None
+        redurl = self._get_header_redirect(headers)
        try:
            content = fp.read(MAX_CONNECTION_TOTAL_SIZE)
--- a/lib/request/templates.py
+++ b/lib/request/templates.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
--- a/lib/takeover/init.py
+++ b/lib/takeover/init.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
--- a/lib/takeover/abstraction.py
+++ b/lib/takeover/abstraction.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
@@ -25,13 +25,13 @@ from lib.core.shell import autoCompletion
 from lib.request import inject
 from lib.takeover.udf import UDF
 from lib.takeover.web import Web
-from lib.takeover.xp_cmdshell import XP_cmdshell
+from lib.takeover.xp_cmdshell import Xp_cmdshell
-class Abstraction(Web, UDF, XP_cmdshell):
+class Abstraction(Web, UDF, Xp_cmdshell):
    """
    This class defines an abstraction layer for OS takeover functionalities
-    to UDF / XP_cmdshell objects
+    to UDF / Xp_cmdshell objects
    """
    def __init__(self):
@@ -40,7 +40,7 @@ class Abstraction(Web, UDF, XP_cmdshell):
        UDF.__init__(self)
        Web.__init__(self)
-        XP_cmdshell.__init__(self)
+        Xp_cmdshell.__init__(self)
    def execCmd(self, cmd, silent=False):
        if self.webBackdoorUrl and not isStackingAvailable():
--- a/lib/takeover/icmpsh.py
+++ b/lib/takeover/icmpsh.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
--- a/lib/takeover/metasploit.py
+++ b/lib/takeover/metasploit.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
--- a/lib/takeover/registry.py
+++ b/lib/takeover/registry.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
--- a/lib/takeover/udf.py
+++ b/lib/takeover/udf.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
--- a/lib/takeover/web.py
+++ b/lib/takeover/web.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
--- a/lib/takeover/xp_cmdshell.py
+++ b/lib/takeover/xp_cmdshell.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
-Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
@@ -33,7 +33,7 @@ from lib.core.exception import SqlmapUnsupportedFeatureException
 from lib.core.threads import getCurrentThreadData
 from lib.request import inject
-class XP_cmdshell:
+class Xp_cmdshell:
    """
    This class defines methods to deal with Microsoft SQL Server
    xp_cmdshell extended procedure for plugins.
--- a/Show More
+++ b/Show More