PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 20:51:31 +00:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: PenTest:1.1.2
Branches Tags
PenTest:master PenTest:gh-pages
PenTest:1.9.12 PenTest:1.9.11 PenTest:1.9.10 PenTest:1.9.9 PenTest:1.9.8 PenTest:1.9.7 PenTest:1.9.6 PenTest:1.9.5 PenTest:1.9.4 PenTest:1.9.3 PenTest:1.9.2 PenTest:1.9 PenTest:1.8.12 PenTest:1.8.11 PenTest:1.8.10 PenTest:1.8.9 PenTest:1.8.8 PenTest:1.8.7 PenTest:1.8.6 PenTest:1.8.5 PenTest:1.8.4 PenTest:1.8.3 PenTest:1.8.2 PenTest:1.8 PenTest:1.8.1 PenTest:1.7.1 PenTest:1.7.12 PenTest:1.7.11 PenTest:1.7.10 PenTest:1.7.9 PenTest:1.7.8 PenTest:1.7.7 PenTest:1.7.6 PenTest:1.7.5 PenTest:1.7.4 PenTest:1.7.3 PenTest:1.7.2 PenTest:1.7 PenTest:1.6.12 PenTest:1.6.11 PenTest:1.6.10 PenTest:1.6.9 PenTest:1.6.8 PenTest:1.6.7 PenTest:1.6.6 PenTest:1.6.5 PenTest:1.6.4 PenTest:1.6.3 PenTest:1.6.2 PenTest:1.6 PenTest:1.5.12 PenTest:1.5.11 PenTest:1.5.10 PenTest:1.5.9 PenTest:1.5.8 PenTest:1.5.7 PenTest:1.5.6 PenTest:1.5.5 PenTest:1.5.4 PenTest:1.5.3 PenTest:1.5.2 PenTest:1.5 PenTest:1.4.12 PenTest:1.4.11 PenTest:1.4.10 PenTest:1.4.9 PenTest:1.4.8 PenTest:1.4.7 PenTest:1.4.6 PenTest:1.4.5 PenTest:1.4.4 PenTest:0.19 PenTest:1.4.3 PenTest:1.4.2 PenTest:1.4 PenTest:1.3.12 PenTest:1.3.11 PenTest:1.3.10 PenTest:1.3.9 PenTest:1.3.8 PenTest:1.3.7 PenTest:1.3.6 PenTest:1.3.5 PenTest:1.3.4 PenTest:1.3.3 PenTest:1.3.2 PenTest:1.3 PenTest:1.2.12 PenTest:1.2.11 PenTest:1.2.10 PenTest:1.2.9 PenTest:1.2.8 PenTest:1.2.7 PenTest:1.2.6 PenTest:1.2.5 PenTest:1.2.4 PenTest:1.2.3 PenTest:1.2.2 PenTest:1.2 PenTest:1.1.12 PenTest:1.1.11 PenTest:1.1.10 PenTest:1.1.9 PenTest:1.1.8 PenTest:1.1.7 PenTest:1.1.6 PenTest:1.1.5 PenTest:1.1.4 PenTest:1.1.3 PenTest:1.1.2 PenTest:1.1 PenTest:1.0.12 PenTest:1.0.11 PenTest:1.0.10 PenTest:1.0.9 PenTest:1.0.8 PenTest:1.0.7 PenTest:1.0.6 PenTest:1.0.5 PenTest:1.0.4 PenTest:1.0.3 PenTest:1.0 PenTest:0.6.2 PenTest:0.6.3 PenTest:0.6.4 PenTest:0.7-rc1 PenTest:0.8-rc2 PenTest:0.8-rc3 PenTest:0.7 PenTest:0.8-rc4 PenTest:0.8 PenTest:0.9
..
compare: PenTest:1.1.4
Branches Tags
PenTest:master PenTest:gh-pages
PenTest:1.9.12 PenTest:1.9.11 PenTest:1.9.10 PenTest:1.9.9 PenTest:1.9.8 PenTest:1.9.7 PenTest:1.9.6 PenTest:1.9.5 PenTest:1.9.4 PenTest:1.9.3 PenTest:1.9.2 PenTest:1.9 PenTest:1.8.12 PenTest:1.8.11 PenTest:1.8.10 PenTest:1.8.9 PenTest:1.8.8 PenTest:1.8.7 PenTest:1.8.6 PenTest:1.8.5 PenTest:1.8.4 PenTest:1.8.3 PenTest:1.8.2 PenTest:1.8 PenTest:1.8.1 PenTest:1.7.1 PenTest:1.7.12 PenTest:1.7.11 PenTest:1.7.10 PenTest:1.7.9 PenTest:1.7.8 PenTest:1.7.7 PenTest:1.7.6 PenTest:1.7.5 PenTest:1.7.4 PenTest:1.7.3 PenTest:1.7.2 PenTest:1.7 PenTest:1.6.12 PenTest:1.6.11 PenTest:1.6.10 PenTest:1.6.9 PenTest:1.6.8 PenTest:1.6.7 PenTest:1.6.6 PenTest:1.6.5 PenTest:1.6.4 PenTest:1.6.3 PenTest:1.6.2 PenTest:1.6 PenTest:1.5.12 PenTest:1.5.11 PenTest:1.5.10 PenTest:1.5.9 PenTest:1.5.8 PenTest:1.5.7 PenTest:1.5.6 PenTest:1.5.5 PenTest:1.5.4 PenTest:1.5.3 PenTest:1.5.2 PenTest:1.5 PenTest:1.4.12 PenTest:1.4.11 PenTest:1.4.10 PenTest:1.4.9 PenTest:1.4.8 PenTest:1.4.7 PenTest:1.4.6 PenTest:1.4.5 PenTest:1.4.4 PenTest:0.19 PenTest:1.4.3 PenTest:1.4.2 PenTest:1.4 PenTest:1.3.12 PenTest:1.3.11 PenTest:1.3.10 PenTest:1.3.9 PenTest:1.3.8 PenTest:1.3.7 PenTest:1.3.6 PenTest:1.3.5 PenTest:1.3.4 PenTest:1.3.3 PenTest:1.3.2 PenTest:1.3 PenTest:1.2.12 PenTest:1.2.11 PenTest:1.2.10 PenTest:1.2.9 PenTest:1.2.8 PenTest:1.2.7 PenTest:1.2.6 PenTest:1.2.5 PenTest:1.2.4 PenTest:1.2.3 PenTest:1.2.2 PenTest:1.2 PenTest:1.1.12 PenTest:1.1.11 PenTest:1.1.10 PenTest:1.1.9 PenTest:1.1.8 PenTest:1.1.7 PenTest:1.1.6 PenTest:1.1.5 PenTest:1.1.4 PenTest:1.1.3 PenTest:1.1.2 PenTest:1.1 PenTest:1.0.12 PenTest:1.0.11 PenTest:1.0.10 PenTest:1.0.9 PenTest:1.0.8 PenTest:1.0.7 PenTest:1.0.6 PenTest:1.0.5 PenTest:1.0.4 PenTest:1.0.3 PenTest:1.0 PenTest:0.6.2 PenTest:0.6.3 PenTest:0.6.4 PenTest:0.7-rc1 PenTest:0.8-rc2 PenTest:0.8-rc3 PenTest:0.7 PenTest:0.8-rc4 PenTest:0.8 PenTest:0.9

52 Commits
1.1.2 ... 1.1.4

Author SHA1 Message Date
Miroslav Stampar
cfe34f61b8 Implementation for an Issue #1895 2017-04-06 11:33:59 +02:00
Miroslav Stampar
c1c7ea33fe Minor update 2017-03-30 12:05:05 +02:00
Miroslav Stampar
4458a443ef Fixes #1664 2017-03-30 11:58:03 +02:00
Miroslav Stampar
16bd3a1f02 Fixes #2453 2017-03-30 11:42:34 +02:00
Miroslav Stampar
a358bc0a38 Minor update 2017-03-30 10:24:57 +02:00
Miroslav Stampar
aebae6e27b Added (heuristic) support for #1679 2017-03-30 10:16:35 +02:00
Miroslav Stampar
0a3e771b1b Fixes #2449 2017-03-28 15:22:53 +02:00
Miroslav Stampar
f82c0497fa Fixes #2447 2017-03-27 22:36:04 +02:00
Miroslav Stampar
715763885d Fixes #2306 2017-03-24 14:20:18 +01:00
Miroslav Stampar
4aae5d9a9d Fixes #2444 2017-03-19 21:34:47 +01:00
Miroslav Stampar
1bc583d358 Another patch related to the #2440 2017-03-17 09:43:45 +01:00
Miroslav Stampar
e506a390db Minor patch (prevent message spamming of multiple union column possibilities) 2017-03-15 16:18:20 +01:00
Miroslav Stampar
c5b4af8636 Dummy commit (to provoke rehash) 2017-03-15 16:07:52 +01:00
Miroslav Stampar
c29e47f72f Fixes #2440 2017-03-15 16:04:56 +01:00
Miroslav Stampar
4087213501 Merge pull request #2439 from klensy/mysql-fingerprint-update 
updated mysql version numbers
 2017-03-14 21:15:44 +01:00
klensy
e4725366d3 updated mysql version numbers 2017-03-14 15:11:03 +03:00
Miroslav Stampar
60e8c725f9 Fixes #2437 2017-03-12 23:24:13 +01:00
Miroslav Stampar
5dba32b2e1 Fixes #2431 2017-03-12 09:52:37 +01:00
Miroslav Stampar
ef04c99069 No more dumb usage of '--dbms' 2017-03-06 12:53:04 +01:00
Miroslav Stampar
e2fb16c98c Fixes #2425 2017-03-06 12:05:58 +01:00
Miroslav Stampar
d2b16c5c91 Fixes #2422 2017-03-01 11:09:55 +01:00
Miroslav Stampar
9f0c42dde0 Minor leftover 2017-03-01 10:09:13 +01:00
Miroslav Stampar
78ca371162 Adding option --web-root (Issue #2419) 2017-03-01 10:07:26 +01:00
Miroslav Stampar
a35c976759 Proper implementation for an Issue #2418 2017-02-28 14:00:42 +01:00
Miroslav Stampar
89e9f4939d Merge pull request #2418 from Ekultek/ip_regex 
IP address regex updated to not provide a false positive
 2017-02-28 14:00:00 +01:00
Ekultek
71984fc452 updated IP address regex as to not provide false positive 2017-02-28 06:35:37 -06:00
Miroslav Stampar
a0a6702a4e Minor patch (reported via ML) 2017-02-28 13:16:19 +01:00
Miroslav Stampar
b18444f215 Issue #2417 (most probably -> most likely) 2017-02-27 22:14:52 +01:00
Miroslav Stampar
7ea524800a Taking couple of suggestions from #2417 2017-02-27 22:03:15 +01:00
Miroslav Stampar
7960045cf9 Fixes #2277 and #2300 2017-02-27 13:58:07 +01:00
Miroslav Stampar
d253a97a6f Merge pull request #2411 from bbbbbrie/master 
Correct typo in basic.py
 2017-02-27 12:55:59 +01:00
Brie Carranza
1475ba441c Correct typo in basic.py 2017-02-26 09:05:36 -05:00
Miroslav Stampar
b2585cc8ea Patch for #2410 2017-02-25 07:58:59 +01:00
Miroslav Stampar
7b263327cc Update for #2410 2017-02-25 07:54:54 +01:00
Miroslav Stampar
cd31bf4ecb Merge pull request #2410 from qnrq/patch-1 
Adds option command to api client
 2017-02-25 07:47:23 +01:00
Niklas Femerstrand
1b938c758f Adds option command to api client 2017-02-25 10:24:00 +07:00
Miroslav Stampar
5a08b71999 Minor update 2017-02-23 11:36:37 +01:00
Miroslav Stampar
4b420e7579 Removing Google PageRank as it is dead now 2017-02-23 11:33:39 +01:00
Miroslav Stampar
6b580a682a Minor update 2017-02-20 10:06:06 +01:00
Miroslav Stampar
d6e7c2acdc Minor touch 2017-02-19 01:48:12 +01:00
Miroslav Stampar
4d3aa1605c Merge pull request #2401 from tomahock/master 
Fix proxyFile regex to properly match an address with a -
 2017-02-19 01:31:12 +01:00
Tomahock
7fe1820ce4 Fix proxyFile regex to properly match an address with a - 2017-02-17 23:32:32 +00:00
Miroslav Stampar
98e449e38c Adding plus2fnconcat tamper script (Issue #2396) 2017-02-17 10:26:25 +01:00
Miroslav Stampar
9acf122ba6 Patch for an Issue #2396 2017-02-16 16:56:54 +01:00
Miroslav Stampar
2ed144ec85 Patch for wrong encoding reported privately via email 2017-02-16 15:52:07 +01:00
Miroslav Stampar
ec0c103952 Bug fix (reported privately) 2017-02-15 10:30:29 +01:00
Miroslav Stampar
a35d1e5373 Minor patch related to the email from ML 2017-02-14 13:14:35 +01:00
Miroslav Stampar
f5cf22a536 Update for an Issue #2377 2017-02-06 13:57:33 +01:00
Miroslav Stampar
38f16decef Update for an Issue #2384 2017-02-06 13:28:33 +01:00
Miroslav Stampar
15f86e85b1 Minor update for #2379 2017-02-06 12:03:18 +01:00
Miroslav Stampar
5217efc69b Fixes #2379 2017-02-06 12:01:46 +01:00
Miroslav Stampar
03bbf552ef Patch for an Issue #2382 2017-02-06 11:14:45 +01:00
47 changed files with 469 additions and 307 deletions
Expand all files Collapse all files

3
.gitignore vendored
View File

@@ -2,4 +2,5 @@
output/ output/
.sqlmap_history .sqlmap_history
traffic.txt traffic.txt
*~ *~
.idea/

1
doc/COPYING
View File

@@ -361,7 +361,6 @@ This license does not apply to the following components:
* The MultipartPost library located under thirdparty/multipartpost/. * The MultipartPost library located under thirdparty/multipartpost/.
* The Odict library located under thirdparty/odict/. * The Odict library located under thirdparty/odict/.
* The Oset library located under thirdparty/oset/. * The Oset library located under thirdparty/oset/.
* The PageRank library located under thirdparty/pagerank/.
* The PrettyPrint library located under thirdparty/prettyprint/. * The PrettyPrint library located under thirdparty/prettyprint/.
* The PyDes library located under thirdparty/pydes/. * The PyDes library located under thirdparty/pydes/.
* The SocksiPy library located under thirdparty/socks/. * The SocksiPy library located under thirdparty/socks/.

2
doc/THIRD-PARTY.md
View File

@@ -281,8 +281,6 @@ be bound by the terms and conditions of this License Agreement.
* The bottle web framework library located under thirdparty/bottle/. * The bottle web framework library located under thirdparty/bottle/.
Copyright (C) 2012, Marcel Hellkamp. Copyright (C) 2012, Marcel Hellkamp.
* The PageRank library located under thirdparty/pagerank/.
Copyright (C) 2010, Corey Goldberg.
* The Termcolor library located under thirdparty/termcolor/. * The Termcolor library located under thirdparty/termcolor/.
Copyright (C) 2008-2011, Volvox Development Team. Copyright (C) 2008-2011, Volvox Development Team.

22
lib/controller/checks.py
View File

@@ -20,6 +20,7 @@ from lib.core.common import extractRegexResult
from lib.core.common import extractTextTagContent from lib.core.common import extractTextTagContent
from lib.core.common import findDynamicContent from lib.core.common import findDynamicContent
from lib.core.common import Format from lib.core.common import Format
from lib.core.common import getFilteredPageContent
from lib.core.common import getLastRequestHTTPError from lib.core.common import getLastRequestHTTPError
from lib.core.common import getPublicTypeMembers from lib.core.common import getPublicTypeMembers
from lib.core.common import getSafeExString from lib.core.common import getSafeExString
@@ -63,6 +64,7 @@ from lib.core.exception import SqlmapConnectionException
from lib.core.exception import SqlmapNoneDataException from lib.core.exception import SqlmapNoneDataException
from lib.core.exception import SqlmapSilentQuitException from lib.core.exception import SqlmapSilentQuitException
from lib.core.exception import SqlmapUserQuitException from lib.core.exception import SqlmapUserQuitException
from lib.core.settings import CANDIDATE_SENTENCE_MIN_LENGTH
from lib.core.settings import DEFAULT_GET_POST_DELIMITER from lib.core.settings import DEFAULT_GET_POST_DELIMITER
from lib.core.settings import DUMMY_NON_SQLI_CHECK_APPENDIX from lib.core.settings import DUMMY_NON_SQLI_CHECK_APPENDIX
from lib.core.settings import FI_ERROR_REGEX from lib.core.settings import FI_ERROR_REGEX
@@ -478,6 +480,26 @@ def checkSqlInjection(place, parameter, value):
injectable = True injectable = True
elif threadData.lastComparisonRatio > UPPER_RATIO_BOUND and not any((conf.string, conf.notString, conf.regexp, conf.code, kb.nullConnection)):
originalSet = set(getFilteredPageContent(kb.pageTemplate, True, "\n").split("\n"))
trueSet = set(getFilteredPageContent(truePage, True, "\n").split("\n"))
falseSet = set(getFilteredPageContent(falsePage, True, "\n").split("\n"))
if originalSet == trueSet != falseSet:
candidates = trueSet - falseSet
if candidates:
candidates = sorted(candidates, key=lambda _: len(_))
for candidate in candidates:
if re.match(r"\A[\w.,! ]+\Z", candidate) and ' ' in candidate and len(candidate) > CANDIDATE_SENTENCE_MIN_LENGTH:
conf.string = candidate
injectable = True
infoMsg = "%s parameter '%s' appears to be '%s' injectable (with --string=\"%s\")" % (paramType, parameter, title, repr(conf.string).lstrip('u').strip("'"))
logger.info(infoMsg)
break
if injectable: if injectable:
if kb.pageStable and not any((conf.string, conf.notString, conf.regexp, conf.code, kb.nullConnection)): if kb.pageStable and not any((conf.string, conf.notString, conf.regexp, conf.code, kb.nullConnection)):
if all((falseCode, trueCode)) and falseCode != trueCode: if all((falseCode, trueCode)) and falseCode != trueCode:

4
lib/controller/controller.py
View File

@@ -65,7 +65,6 @@ from lib.core.settings import REFERER_ALIASES
from lib.core.settings import USER_AGENT_ALIASES from lib.core.settings import USER_AGENT_ALIASES
from lib.core.target import initTargetEnv from lib.core.target import initTargetEnv
from lib.core.target import setupTargetEnv from lib.core.target import setupTargetEnv
from thirdparty.pagerank.pagerank import get_pagerank
def _selectInjection(): def _selectInjection():
""" """
@@ -163,6 +162,7 @@ def _showInjections():
header = "sqlmap resumed the following injection point(s) from stored session" header = "sqlmap resumed the following injection point(s) from stored session"
if hasattr(conf, "api"): if hasattr(conf, "api"):
conf.dumper.string("", {"url": conf.url, "query": conf.parameters.get(PLACE.GET), "data": conf.parameters.get(PLACE.POST)}, content_type=CONTENT_TYPE.TARGET)
conf.dumper.string("", kb.injections, content_type=CONTENT_TYPE.TECHNIQUES) conf.dumper.string("", kb.injections, content_type=CONTENT_TYPE.TECHNIQUES)
else: else:
data = "".join(set(_formatInjection(_) for _ in kb.injections)).rstrip("\n") data = "".join(set(_formatInjection(_) for _ in kb.injections)).rstrip("\n")
@@ -319,7 +319,7 @@ def start():
if conf.forms and conf.method: if conf.forms and conf.method:
message = "[#%d] form:\n%s %s" % (hostCount, conf.method, targetUrl) message = "[#%d] form:\n%s %s" % (hostCount, conf.method, targetUrl)
else: else:
message = "URL %d:\n%s %s%s" % (hostCount, HTTPMETHOD.GET, targetUrl, " (PageRank: %s)" % get_pagerank(targetUrl) if conf.googleDork and conf.pageRank else "") message = "URL %d:\n%s %s" % (hostCount, HTTPMETHOD.GET, targetUrl)
if conf.cookie: if conf.cookie:
message += "\nCookie: %s" % conf.cookie message += "\nCookie: %s" % conf.cookie

7
lib/controller/handler.py
View File

@@ -77,11 +77,6 @@ def setHandler():
items.insert(0, _) items.insert(0, _)
for dbms, aliases, Handler, Connector in items: for dbms, aliases, Handler, Connector in items:
if conf.dbms and conf.dbms.lower() != dbms and conf.dbms.lower() not in aliases:
debugMsg = "skipping test for %s" % dbms
logger.debug(debugMsg)
continue
handler = Handler() handler = Handler()
conf.dbmsConnector = Connector() conf.dbmsConnector = Connector()
@@ -107,6 +102,8 @@ def setHandler():
conf.dbmsHandler = max(_ for _ in items if _[0] == kb.resolutionDbms)[2]() conf.dbmsHandler = max(_ for _ in items if _[0] == kb.resolutionDbms)[2]()
else: else:
conf.dbmsHandler = handler conf.dbmsHandler = handler
conf.dbmsHandler._dbms = dbms
break break
else: else:
conf.dbmsConnector = None conf.dbmsConnector = None

85
lib/core/common.py
View File

@@ -465,6 +465,8 @@ class Backend:
if not kb: if not kb:
pass pass
elif not kb.get("testMode") and conf.get("dbmsHandler") and getattr(conf.dbmsHandler, "_dbms", None):
dbms = conf.dbmsHandler._dbms
elif Backend.getForcedDbms() is not None: elif Backend.getForcedDbms() is not None:
dbms = Backend.getForcedDbms() dbms = Backend.getForcedDbms()
elif Backend.getDbms() is not None: elif Backend.getDbms() is not None:
@@ -515,10 +517,9 @@ class Backend:
# Comparison methods # Comparison methods
@staticmethod @staticmethod
def isDbms(dbms): def isDbms(dbms):
if Backend.getDbms() is not None: if not kb.get("testMode") and all((Backend.getDbms(), Backend.getIdentifiedDbms())) and Backend.getDbms() != Backend.getIdentifiedDbms():
return Backend.getDbms() == aliasToDbmsEnum(dbms) singleTimeWarnMessage("identified ('%s') and fingerprinted ('%s') DBMSes differ. If you experience problems in enumeration phase please rerun with '--flush-session'" % (Backend.getIdentifiedDbms(), Backend.getDbms()))
else: return Backend.getIdentifiedDbms() == aliasToDbmsEnum(dbms)
return Backend.getIdentifiedDbms() == aliasToDbmsEnum(dbms)
@staticmethod @staticmethod
def isDbmsWithin(aliases): def isDbmsWithin(aliases):
@@ -589,7 +590,7 @@ def paramToDict(place, parameters=None):
or re.search(r'\A9{3,}', _) or re.search(r'\A-\d+\Z', _) or re.search(DUMMY_USER_INJECTION, _))\ or re.search(r'\A9{3,}', _) or re.search(r'\A-\d+\Z', _) or re.search(DUMMY_USER_INJECTION, _))\
and not parameter.upper().startswith(GOOGLE_ANALYTICS_COOKIE_PREFIX): and not parameter.upper().startswith(GOOGLE_ANALYTICS_COOKIE_PREFIX):
warnMsg = "it appears that you have provided tainted parameter values " warnMsg = "it appears that you have provided tainted parameter values "
warnMsg += "('%s') with most probably leftover " % element warnMsg += "('%s') with most likely leftover " % element
warnMsg += "chars/statements from manual SQL injection test(s). " warnMsg += "chars/statements from manual SQL injection test(s). "
warnMsg += "Please, always use only valid parameter values " warnMsg += "Please, always use only valid parameter values "
warnMsg += "so sqlmap could be able to run properly" warnMsg += "so sqlmap could be able to run properly"
@@ -613,7 +614,8 @@ def paramToDict(place, parameters=None):
candidates = OrderedDict() candidates = OrderedDict()
def walk(head, current=None): def walk(head, current=None):
current = current or head if current is None:
current = head
if isListLike(current): if isListLike(current):
for _ in current: for _ in current:
walk(head, _) walk(head, _)
@@ -621,7 +623,8 @@ def paramToDict(place, parameters=None):
for key in current.keys(): for key in current.keys():
value = current[key] value = current[key]
if isinstance(value, (list, tuple, set, dict)): if isinstance(value, (list, tuple, set, dict)):
walk(head, value) if value:
walk(head, value)
elif isinstance(value, (bool, int, float, basestring)): elif isinstance(value, (bool, int, float, basestring)):
original = current[key] original = current[key]
if isinstance(value, bool): if isinstance(value, bool):
@@ -728,7 +731,11 @@ def getManualDirectories():
directories = normalizePath(directories) directories = normalizePath(directories)
if directories: if conf.webRoot:
directories = [conf.webRoot]
infoMsg = "using '%s' as web server document root" % conf.webRoot
logger.info(infoMsg)
elif directories:
infoMsg = "retrieved the web server document root: '%s'" % directories infoMsg = "retrieved the web server document root: '%s'" % directories
logger.info(infoMsg) logger.info(infoMsg)
else: else:
@@ -1491,11 +1498,12 @@ def getLimitRange(count, plusOne=False):
count = int(count) count = int(count)
limitStart, limitStop = 1, count limitStart, limitStop = 1, count
if isinstance(conf.limitStop, int) and conf.limitStop > 0 and conf.limitStop < limitStop: if kb.dumpTable:
limitStop = conf.limitStop if isinstance(conf.limitStop, int) and conf.limitStop > 0 and conf.limitStop < limitStop:
limitStop = conf.limitStop
if isinstance(conf.limitStart, int) and conf.limitStart > 0 and conf.limitStart <= limitStop: if isinstance(conf.limitStart, int) and conf.limitStart > 0 and conf.limitStart <= limitStop:
limitStart = conf.limitStart limitStart = conf.limitStart
retVal = xrange(limitStart, limitStop + 1) if plusOne else xrange(limitStart - 1, limitStop) retVal = xrange(limitStart, limitStop + 1) if plusOne else xrange(limitStart - 1, limitStop)
@@ -1755,7 +1763,7 @@ def safeStringFormat(format_, params):
break break
return retVal return retVal
def getFilteredPageContent(page, onlyText=True): def getFilteredPageContent(page, onlyText=True, split=" "):
""" """
Returns filtered page content without script, style and/or comments Returns filtered page content without script, style and/or comments
or all HTML tags or all HTML tags
@@ -1768,10 +1776,10 @@ def getFilteredPageContent(page, onlyText=True):
# only if the page's charset has been successfully identified # only if the page's charset has been successfully identified
if isinstance(page, unicode): if isinstance(page, unicode):
retVal = re.sub(r"(?si)<script.+?</script>|<!--.+?-->|<style.+?</style>%s" % (r"|<[^>]+>|\t|\n|\r" if onlyText else ""), " ", page) retVal = re.sub(r"(?si)<script.+?</script>|<!--.+?-->|<style.+?</style>%s" % (r"|<[^>]+>|\t|\n|\r" if onlyText else ""), split, page)
while retVal.find(" ") != -1: while retVal.find(2 * split) != -1:
retVal = retVal.replace(" ", " ") retVal = retVal.replace(2 * split, split)
retVal = htmlunescape(retVal.strip()) retVal = htmlunescape(retVal.strip().strip(split))
return retVal return retVal
@@ -2327,7 +2335,7 @@ def wasLastResponseDBMSError():
def wasLastResponseHTTPError(): def wasLastResponseHTTPError():
""" """
Returns True if the last web request resulted in an errornous HTTP code (like 500) Returns True if the last web request resulted in an erroneous HTTP code (like 500)
""" """
threadData = getCurrentThreadData() threadData = getCurrentThreadData()
@@ -2345,7 +2353,7 @@ def wasLastResponseDelayed():
deviation = stdev(kb.responseTimes.get(kb.responseTimeMode, [])) deviation = stdev(kb.responseTimes.get(kb.responseTimeMode, []))
threadData = getCurrentThreadData() threadData = getCurrentThreadData()
if deviation and not conf.direct: if deviation and not conf.direct and not conf.disableStats:
if len(kb.responseTimes[kb.responseTimeMode]) < MIN_TIME_RESPONSES: if len(kb.responseTimes[kb.responseTimeMode]) < MIN_TIME_RESPONSES:
warnMsg = "time-based standard deviation method used on a model " warnMsg = "time-based standard deviation method used on a model "
warnMsg += "with less than %d response times" % MIN_TIME_RESPONSES warnMsg += "with less than %d response times" % MIN_TIME_RESPONSES
@@ -2365,7 +2373,10 @@ def wasLastResponseDelayed():
return retVal return retVal
else: else:
return (threadData.lastQueryDuration - conf.timeSec) >= 0 delta = threadData.lastQueryDuration - conf.timeSec
if Backend.getIdentifiedDbms() in (DBMS.MYSQL,): # MySQL's SLEEP(X) lasts 0.05 seconds shorter on average
delta += 0.05
return delta >= 0
def adjustTimeDelay(lastQueryDuration, lowerStdLimit): def adjustTimeDelay(lastQueryDuration, lowerStdLimit):
""" """
@@ -2604,7 +2615,7 @@ def getPublicTypeMembers(type_, onlyValues=False):
retVal = [] retVal = []
for name, value in inspect.getmembers(type_): for name, value in inspect.getmembers(type_):
if not name.startswith('__'): if not name.startswith("__"):
if not onlyValues: if not onlyValues:
retVal.append((name, value)) retVal.append((name, value))
else: else:
@@ -2664,7 +2675,7 @@ def extractTextTagContent(page):
except MemoryError: except MemoryError:
page = page.replace(REFLECTED_VALUE_MARKER, "") page = page.replace(REFLECTED_VALUE_MARKER, "")
return filter(None, (_.group('result').strip() for _ in re.finditer(TEXT_TAG_REGEX, page))) return filter(None, (_.group("result").strip() for _ in re.finditer(TEXT_TAG_REGEX, page)))
def trimAlphaNum(value): def trimAlphaNum(value):
""" """
@@ -2776,11 +2787,11 @@ def removeDynamicContent(page):
if prefix is None and suffix is None: if prefix is None and suffix is None:
continue continue
elif prefix is None: elif prefix is None:
page = re.sub(r'(?s)^.+%s' % re.escape(suffix), suffix.replace('\\', r'\\'), page) page = re.sub(r"(?s)^.+%s" % re.escape(suffix), suffix.replace('\\', r'\\'), page)
elif suffix is None: elif suffix is None:
page = re.sub(r'(?s)%s.+$' % re.escape(prefix), prefix.replace('\\', r'\\'), page) page = re.sub(r"(?s)%s.+$" % re.escape(prefix), prefix.replace('\\', r'\\'), page)
else: else:
page = re.sub(r'(?s)%s.+%s' % (re.escape(prefix), re.escape(suffix)), '%s%s' % (prefix.replace('\\', r'\\'), suffix.replace('\\', r'\\')), page) page = re.sub(r"(?s)%s.+%s" % (re.escape(prefix), re.escape(suffix)), "%s%s" % (prefix.replace('\\', r'\\'), suffix.replace('\\', r'\\')), page)
return page return page
@@ -3633,13 +3644,31 @@ def randomizeParameterValue(value):
value = re.sub(r"%[0-9a-fA-F]{2}", "", value) value = re.sub(r"%[0-9a-fA-F]{2}", "", value)
for match in re.finditer('[A-Z]+', value): for match in re.finditer('[A-Z]+', value):
retVal = retVal.replace(match.group(), randomStr(len(match.group())).upper()) while True:
original = match.group()
candidate = randomStr(len(match.group())).upper()
if original != candidate:
break
retVal = retVal.replace(original, candidate)
for match in re.finditer('[a-z]+', value): for match in re.finditer('[a-z]+', value):
retVal = retVal.replace(match.group(), randomStr(len(match.group())).lower()) while True:
original = match.group()
candidate = randomStr(len(match.group())).lower()
if original != candidate:
break
retVal = retVal.replace(original, candidate)
for match in re.finditer('[0-9]+', value): for match in re.finditer('[0-9]+', value):
retVal = retVal.replace(match.group(), str(randomInt(len(match.group())))) while True:
original = match.group()
candidate = str(randomInt(len(match.group())))
if original != candidate:
break
retVal = retVal.replace(original, candidate)
return retVal return retVal

51
lib/core/enums.py
View File

@@ -287,31 +287,32 @@ class WEB_API:
JSP = "jsp" JSP = "jsp"
class CONTENT_TYPE: class CONTENT_TYPE:
TECHNIQUES = 0 TARGET = 0
DBMS_FINGERPRINT = 1 TECHNIQUES = 1
BANNER = 2 DBMS_FINGERPRINT = 2
CURRENT_USER = 3 BANNER = 3
CURRENT_DB = 4 CURRENT_USER = 4
HOSTNAME = 5 CURRENT_DB = 5
IS_DBA = 6 HOSTNAME = 6
USERS = 7 IS_DBA = 7
PASSWORDS = 8 USERS = 8
PRIVILEGES = 9 PASSWORDS = 9
ROLES = 10 PRIVILEGES = 10
DBS = 11 ROLES = 11
TABLES = 12 DBS = 12
COLUMNS = 13 TABLES = 13
SCHEMA = 14 COLUMNS = 14
COUNT = 15 SCHEMA = 15
DUMP_TABLE = 16 COUNT = 16
SEARCH = 17 DUMP_TABLE = 17
SQL_QUERY = 18 SEARCH = 18
COMMON_TABLES = 19 SQL_QUERY = 19
COMMON_COLUMNS = 20 COMMON_TABLES = 20
FILE_READ = 21 COMMON_COLUMNS = 21
FILE_WRITE = 22 FILE_READ = 22
OS_CMD = 23 FILE_WRITE = 23
REG_READ = 24 OS_CMD = 24
REG_READ = 25
PART_RUN_CONTENT_TYPES = { PART_RUN_CONTENT_TYPES = {
"checkDbms": CONTENT_TYPE.TECHNIQUES, "checkDbms": CONTENT_TYPE.TECHNIQUES,

2
lib/core/option.py
View File

@@ -2324,7 +2324,7 @@ def _setProxyList():
return return
conf.proxyList = [] conf.proxyList = []
for match in re.finditer(r"(?i)((http[^:]*|socks[^:]*)://)?([\w.]+):(\d+)", readCachedFileContent(conf.proxyFile)): for match in re.finditer(r"(?i)((http[^:]*|socks[^:]*)://)?([\w\-.]+):(\d+)", readCachedFileContent(conf.proxyFile)):
_, type_, address, port = match.groups() _, type_, address, port = match.groups()
conf.proxyList.append("%s://%s:%s" % (type_ or "http", address, port)) conf.proxyList.append("%s://%s:%s" % (type_ or "http", address, port))

2
lib/core/optiondict.py
View File

@@ -225,11 +225,11 @@ optDict = {
"identifyWaf": "boolean", "identifyWaf": "boolean",
"mobile": "boolean", "mobile": "boolean",
"offline": "boolean", "offline": "boolean",
"pageRank": "boolean",
"purgeOutput": "boolean", "purgeOutput": "boolean",
"skipWaf": "boolean", "skipWaf": "boolean",
"smart": "boolean", "smart": "boolean",
"tmpDir": "string", "tmpDir": "string",
"webRoot": "string",
"wizard": "boolean", "wizard": "boolean",
"verbose": "integer", "verbose": "integer",
}, },

9
lib/core/settings.py
View File

@@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
from lib.core.enums import OS from lib.core.enums import OS
# sqlmap version (<major>.<minor>.<month>.<monthly commit>) # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.1.2.0" VERSION = "1.1.4.0"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
@@ -109,7 +109,7 @@ DUMMY_SEARCH_USER_AGENT = "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:49.0) Geck
TEXT_TAG_REGEX = r"(?si)<(abbr|acronym|b|blockquote|br|center|cite|code|dt|em|font|h\d|i|li|p|pre|q|strong|sub|sup|td|th|title|tt|u)(?!\w).*?>(?P<result>[^<]+)" TEXT_TAG_REGEX = r"(?si)<(abbr|acronym|b|blockquote|br|center|cite|code|dt|em|font|h\d|i|li|p|pre|q|strong|sub|sup|td|th|title|tt|u)(?!\w).*?>(?P<result>[^<]+)"
# Regular expression used for recognition of IP addresses # Regular expression used for recognition of IP addresses
IP_ADDRESS_REGEX = r"\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b" IP_ADDRESS_REGEX = r"\b(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\b"
# Regular expression used for recognition of generic "your ip has been blocked" messages # Regular expression used for recognition of generic "your ip has been blocked" messages
BLOCKED_IP_REGEX = r"(?i)(\A|\b)ip\b.*\b(banned|blocked|block list|firewall)" BLOCKED_IP_REGEX = r"(?i)(\A|\b)ip\b.*\b(banned|blocked|block list|firewall)"
@@ -359,6 +359,9 @@ MIN_RATIO = 0.0
# Maximum value for comparison ratio # Maximum value for comparison ratio
MAX_RATIO = 1.0 MAX_RATIO = 1.0
# Minimum length of sentence for automatic choosing of --string (in case of high matching ratio)
CANDIDATE_SENTENCE_MIN_LENGTH = 10
# Character used for marking injectable position inside provided data # Character used for marking injectable position inside provided data
CUSTOM_INJECTION_MARK_CHAR = '*' CUSTOM_INJECTION_MARK_CHAR = '*'
@@ -693,7 +696,7 @@ MAX_HISTORY_LENGTH = 1000
MIN_ENCODED_LEN_CHECK = 5 MIN_ENCODED_LEN_CHECK = 5
# Timeout in seconds in which Metasploit remote session has to be initialized # Timeout in seconds in which Metasploit remote session has to be initialized
METASPLOIT_SESSION_TIMEOUT = 300 METASPLOIT_SESSION_TIMEOUT = 120
# Reference: http://www.postgresql.org/docs/9.0/static/catalog-pg-largeobject.html # Reference: http://www.postgresql.org/docs/9.0/static/catalog-pg-largeobject.html
LOBLKSIZE = 2048 LOBLKSIZE = 2048

1
lib/core/threads.py
View File

@@ -46,6 +46,7 @@ class _ThreadData(threading.local):
self.lastComparisonPage = None self.lastComparisonPage = None
self.lastComparisonHeaders = None self.lastComparisonHeaders = None
self.lastComparisonCode = None self.lastComparisonCode = None
self.lastComparisonRatio = None
self.lastErrorPage = None self.lastErrorPage = None
self.lastHTTPError = None self.lastHTTPError = None
self.lastRedirectMsg = None self.lastRedirectMsg = None

14
lib/parse/cmdline.py
View File

@@ -482,10 +482,10 @@ def cmdLineParser(argv=None):
help="Use WHERE condition while table dumping") help="Use WHERE condition while table dumping")
enumeration.add_option("--start", dest="limitStart", type="int", enumeration.add_option("--start", dest="limitStart", type="int",
help="First query output entry to retrieve") help="First dump table entry to retrieve")
enumeration.add_option("--stop", dest="limitStop", type="int", enumeration.add_option("--stop", dest="limitStop", type="int",
help="Last query output entry to retrieve") help="Last dump table entry to retrieve")
enumeration.add_option("--first", dest="firstChar", type="int", enumeration.add_option("--first", dest="firstChar", type="int",
help="First query output word character to retrieve") help="First query output word character to retrieve")
@@ -738,10 +738,6 @@ def cmdLineParser(argv=None):
action="store_true", action="store_true",
help="Work in offline mode (only use session data)") help="Work in offline mode (only use session data)")
miscellaneous.add_option("--page-rank", dest="pageRank",
action="store_true",
help="Display page rank (PR) for Google dork results")
miscellaneous.add_option("--purge-output", dest="purgeOutput", miscellaneous.add_option("--purge-output", dest="purgeOutput",
action="store_true", action="store_true",
help="Safely remove all content from output directory") help="Safely remove all content from output directory")
@@ -760,6 +756,9 @@ def cmdLineParser(argv=None):
miscellaneous.add_option("--tmp-dir", dest="tmpDir", miscellaneous.add_option("--tmp-dir", dest="tmpDir",
help="Local directory for storing temporary files") help="Local directory for storing temporary files")
miscellaneous.add_option("--web-root", dest="webRoot",
help="Web server document root directory (e.g. \"/var/www\")")
miscellaneous.add_option("--wizard", dest="wizard", miscellaneous.add_option("--wizard", dest="wizard",
action="store_true", action="store_true",
help="Simple wizard interface for beginner users") help="Simple wizard interface for beginner users")
@@ -777,6 +776,9 @@ def cmdLineParser(argv=None):
parser.add_option("--disable-precon", dest="disablePrecon", action="store_true", parser.add_option("--disable-precon", dest="disablePrecon", action="store_true",
help=SUPPRESS_HELP) help=SUPPRESS_HELP)
parser.add_option("--disable-stats", dest="disableStats", action="store_true",
help=SUPPRESS_HELP)
parser.add_option("--profile", dest="profile", action="store_true", parser.add_option("--profile", dest="profile", action="store_true",
help=SUPPRESS_HELP) help=SUPPRESS_HELP)

4
lib/request/basic.py
View File

@@ -102,7 +102,7 @@ def forgeHeaders(items=None):
message = "you provided a HTTP %s header value. " % HTTP_HEADER.COOKIE message = "you provided a HTTP %s header value. " % HTTP_HEADER.COOKIE
message += "The target URL provided its own cookies within " message += "The target URL provided its own cookies within "
message += "the HTTP %s header which intersect with yours. " % HTTP_HEADER.SET_COOKIE message += "the HTTP %s header which intersect with yours. " % HTTP_HEADER.SET_COOKIE
message += "Do you want to merge them in futher requests? [Y/n] " message += "Do you want to merge them in further requests? [Y/n] "
_ = readInput(message, default="Y") _ = readInput(message, default="Y")
kb.mergeCookies = not _ or _[0] in ("y", "Y") kb.mergeCookies = not _ or _[0] in ("y", "Y")
@@ -168,6 +168,8 @@ def checkCharEncoding(encoding, warn=True):
encoding = encoding.replace("8858", "8859") # iso-8858 -> iso-8859 encoding = encoding.replace("8858", "8859") # iso-8858 -> iso-8859
elif "8559" in encoding: elif "8559" in encoding:
encoding = encoding.replace("8559", "8859") # iso-8559 -> iso-8859 encoding = encoding.replace("8559", "8859") # iso-8559 -> iso-8859
elif "8895" in encoding:
encoding = encoding.replace("8895", "8859") # iso-8895 -> iso-8859
elif "5889" in encoding: elif "5889" in encoding:
encoding = encoding.replace("5889", "8859") # iso-5889 -> iso-8859 encoding = encoding.replace("5889", "8859") # iso-5889 -> iso-8859
elif "5589" in encoding: elif "5589" in encoding:

3
lib/request/comparison.py
View File

@@ -144,6 +144,9 @@ def _comparison(page, headers, code, getRatioValue, pageLength):
kb.matchRatio = ratio kb.matchRatio = ratio
logger.debug("setting match ratio for current parameter to %.3f" % kb.matchRatio) logger.debug("setting match ratio for current parameter to %.3f" % kb.matchRatio)
if kb.testMode:
threadData.lastComparisonRatio = ratio
# If it has been requested to return the ratio and not a comparison # If it has been requested to return the ratio and not a comparison
# response # response
if getRatioValue: if getRatioValue:

53
lib/request/connect.py
View File

@@ -146,9 +146,9 @@ class Connect(object):
if kb.testMode and kb.previousMethod == PAYLOAD.METHOD.TIME: if kb.testMode and kb.previousMethod == PAYLOAD.METHOD.TIME:
# timed based payloads can cause web server unresponsiveness # timed based payloads can cause web server unresponsiveness
# if the injectable piece of code is some kind of JOIN-like query # if the injectable piece of code is some kind of JOIN-like query
warnMsg = "most probably web server instance hasn't recovered yet " warnMsg = "most likely web server instance hasn't recovered yet "
warnMsg += "from previous timed based payload. If the problem " warnMsg += "from previous timed based payload. If the problem "
warnMsg += "persists please wait for few minutes and rerun " warnMsg += "persists please wait for a few minutes and rerun "
warnMsg += "without flag 'T' in option '--technique' " warnMsg += "without flag 'T' in option '--technique' "
warnMsg += "(e.g. '--flush-session --technique=BEUS') or try to " warnMsg += "(e.g. '--flush-session --technique=BEUS') or try to "
warnMsg += "lower the value of option '--time-sec' (e.g. '--time-sec=2')" warnMsg += "lower the value of option '--time-sec' (e.g. '--time-sec=2')"
@@ -374,9 +374,7 @@ class Connect(object):
# Reset header values to original in case of provided request file # Reset header values to original in case of provided request file
if target and conf.requestFile: if target and conf.requestFile:
headers = OrderedDict(conf.httpHeaders) headers = forgeHeaders({HTTP_HEADER.COOKIE: cookie})
if cookie:
headers[HTTP_HEADER.COOKIE] = cookie
if auxHeaders: if auxHeaders:
for key, value in auxHeaders.items(): for key, value in auxHeaders.items():
@@ -483,11 +481,16 @@ class Connect(object):
else: else:
page = Connect._connReadProxy(conn) if not skipRead else None page = Connect._connReadProxy(conn) if not skipRead else None
code = code or (conn.code if conn else None) if conn:
responseHeaders = conn.info() code = conn.code
responseHeaders[URI_HTTP_HEADER] = conn.geturl() responseHeaders = conn.info()
responseHeaders[URI_HTTP_HEADER] = conn.geturl()
else:
code = None
responseHeaders = {}
page = decodePage(page, responseHeaders.get(HTTP_HEADER.CONTENT_ENCODING), responseHeaders.get(HTTP_HEADER.CONTENT_TYPE)) page = decodePage(page, responseHeaders.get(HTTP_HEADER.CONTENT_ENCODING), responseHeaders.get(HTTP_HEADER.CONTENT_TYPE))
status = getUnicode(conn.msg) status = getUnicode(conn.msg) if conn else None
kb.connErrorCounter = 0 kb.connErrorCounter = 0
@@ -631,6 +634,14 @@ class Connect(object):
if kb.testMode and kb.testType not in (None, PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED): if kb.testMode and kb.testType not in (None, PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED):
singleTimeWarnMessage("there is a possibility that the target (or WAF/IPS/IDS) is dropping 'suspicious' requests") singleTimeWarnMessage("there is a possibility that the target (or WAF/IPS/IDS) is dropping 'suspicious' requests")
warnMsg = "connection timed out to the target URL" warnMsg = "connection timed out to the target URL"
elif "Connection reset" in tbMsg:
if not conf.disablePrecon:
singleTimeWarnMessage("turning off pre-connect mechanism because of connection reset(s)")
conf.disablePrecon = True
if kb.testMode:
singleTimeWarnMessage("there is a possibility that the target (or WAF/IPS/IDS) is resetting 'suspicious' requests")
warnMsg = "connection reset to the target URL"
elif "URLError" in tbMsg or "error" in tbMsg: elif "URLError" in tbMsg or "error" in tbMsg:
warnMsg = "unable to connect to the target URL" warnMsg = "unable to connect to the target URL"
match = re.search(r"Errno \d+\] ([^>]+)", tbMsg) match = re.search(r"Errno \d+\] ([^>]+)", tbMsg)
@@ -1042,15 +1053,29 @@ class Connect(object):
found = False found = False
value = getUnicode(value) value = getUnicode(value)
if kb.postHint and re.search(r"\b%s\b" % re.escape(name), post or ""):
if kb.postHint in (POST_HINT.XML, POST_HINT.SOAP):
if re.search(r"<%s\b" % re.escape(name), post):
found = True
post = re.sub(r"(?s)(<%s\b[^>]*>)(.*?)(</%s)" % (re.escape(name), re.escape(name)), "\g<1>%s\g<3>" % value, post)
elif re.search(r"\b%s>" % re.escape(name), post):
found = True
post = re.sub(r"(?s)(\b%s>)(.*?)(</[^<]*\b%s>)" % (re.escape(name), re.escape(name)), "\g<1>%s\g<3>" % value, post)
regex = r"\b(%s)\b([^\w]+)(\w+)" % re.escape(name)
if not found and re.search(regex, (post or "")):
found = True
post = re.sub(regex, "\g<1>\g<2>%s" % value, post)
regex = r"((\A|%s)%s=).+?(%s|\Z)" % (re.escape(delimiter), re.escape(name), re.escape(delimiter)) regex = r"((\A|%s)%s=).+?(%s|\Z)" % (re.escape(delimiter), re.escape(name), re.escape(delimiter))
if not found and re.search(regex, (post or "")):
found = True
post = re.sub(regex, "\g<1>%s\g<3>" % value, post)
if re.search(regex, (get or "")): if re.search(regex, (get or "")):
found = True found = True
get = re.sub(regex, "\g<1>%s\g<3>" % value, get) get = re.sub(regex, "\g<1>%s\g<3>" % value, get)
if re.search(regex, (post or "")):
found = True
post = re.sub(regex, "\g<1>%s\g<3>" % value, post)
if re.search(regex, (query or "")): if re.search(regex, (query or "")):
found = True found = True
uri = re.sub(regex.replace(r"\A", r"\?"), "\g<1>%s\g<3>" % value, uri) uri = re.sub(regex.replace(r"\A", r"\?"), "\g<1>%s\g<3>" % value, uri)
@@ -1077,7 +1102,7 @@ class Connect(object):
elif kb.postUrlEncode: elif kb.postUrlEncode:
post = urlencode(post, spaceplus=kb.postSpaceToPlus) post = urlencode(post, spaceplus=kb.postSpaceToPlus)
if timeBasedCompare: if timeBasedCompare and not conf.disableStats:
if len(kb.responseTimes.get(kb.responseTimeMode, [])) < MIN_TIME_RESPONSES: if len(kb.responseTimes.get(kb.responseTimeMode, [])) < MIN_TIME_RESPONSES:
clearConsoleLine() clearConsoleLine()

8
lib/request/redirecthandler.py
View File

@@ -5,6 +5,7 @@ Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission See the file 'doc/COPYING' for copying permission
""" """
import re
import types import types
import urllib2 import urllib2
import urlparse import urlparse
@@ -123,7 +124,12 @@ class SmartRedirectHandler(urllib2.HTTPRedirectHandler):
req.headers[HTTP_HEADER.HOST] = getHostHeader(redurl) req.headers[HTTP_HEADER.HOST] = getHostHeader(redurl)
if headers and HTTP_HEADER.SET_COOKIE in headers: if headers and HTTP_HEADER.SET_COOKIE in headers:
req.headers[HTTP_HEADER.COOKIE] = headers[HTTP_HEADER.SET_COOKIE].split(conf.cookieDel or DEFAULT_COOKIE_DELIMITER)[0] delimiter = conf.cookieDel or DEFAULT_COOKIE_DELIMITER
_ = headers[HTTP_HEADER.SET_COOKIE].split(delimiter)[0]
if HTTP_HEADER.COOKIE not in req.headers:
req.headers[HTTP_HEADER.COOKIE] = _
else:
req.headers[HTTP_HEADER.COOKIE] = re.sub("%s{2,}" % delimiter, delimiter, ("%s%s%s" % (re.sub(r"\b%s=[^%s]*%s?" % (_.split('=')[0], delimiter, delimiter), "", req.headers[HTTP_HEADER.COOKIE]), delimiter, _)).strip(delimiter))
try: try:
result = urllib2.HTTPRedirectHandler.http_error_302(self, req, fp, code, msg, headers) result = urllib2.HTTPRedirectHandler.http_error_302(self, req, fp, code, msg, headers)
except urllib2.HTTPError, e: except urllib2.HTTPError, e:

6
lib/takeover/metasploit.py
View File

@@ -351,7 +351,7 @@ class Metasploit:
self._cliCmd += " E" self._cliCmd += " E"
else: else:
self._cliCmd = "%s -x 'use multi/handler; set PAYLOAD %s" % (self._msfConsole, self.payloadConnStr) self._cliCmd = "%s -L -x 'use multi/handler; set PAYLOAD %s" % (self._msfConsole, self.payloadConnStr)
self._cliCmd += "; set EXITFUNC %s" % exitfunc self._cliCmd += "; set EXITFUNC %s" % exitfunc
self._cliCmd += "; set LPORT %s" % self.portStr self._cliCmd += "; set LPORT %s" % self.portStr
@@ -601,6 +601,8 @@ class Metasploit:
except (EOFError, IOError, select.error): except (EOFError, IOError, select.error):
return proc.returncode return proc.returncode
except KeyboardInterrupt:
pass
def createMsfShellcode(self, exitfunc, format, extra, encode): def createMsfShellcode(self, exitfunc, format, extra, encode):
infoMsg = "creating Metasploit Framework multi-stage shellcode " infoMsg = "creating Metasploit Framework multi-stage shellcode "
@@ -620,7 +622,7 @@ class Metasploit:
pollProcess(process) pollProcess(process)
payloadStderr = process.communicate()[1] payloadStderr = process.communicate()[1]
match = re.search("(Total size:|Length:|succeeded with size) ([\d]+)", payloadStderr) match = re.search("(Total size:|Length:|succeeded with size|Final size of exe file:) ([\d]+)", payloadStderr)
if match: if match:
payloadSize = int(match.group(2)) payloadSize = int(match.group(2))

57
lib/takeover/web.py
View File

@@ -26,6 +26,7 @@ from lib.core.common import ntToPosixSlashes
from lib.core.common import isTechniqueAvailable from lib.core.common import isTechniqueAvailable
from lib.core.common import isWindowsDriveLetterPath from lib.core.common import isWindowsDriveLetterPath
from lib.core.common import normalizePath from lib.core.common import normalizePath
from lib.core.common import parseFilePaths
from lib.core.common import posixToNtSlashes from lib.core.common import posixToNtSlashes
from lib.core.common import randomInt from lib.core.common import randomInt
from lib.core.common import randomStr from lib.core.common import randomStr
@@ -38,8 +39,10 @@ from lib.core.data import kb
from lib.core.data import logger from lib.core.data import logger
from lib.core.data import paths from lib.core.data import paths
from lib.core.enums import DBMS from lib.core.enums import DBMS
from lib.core.enums import HTTP_HEADER
from lib.core.enums import OS from lib.core.enums import OS
from lib.core.enums import PAYLOAD from lib.core.enums import PAYLOAD
from lib.core.enums import PLACE
from lib.core.enums import WEB_API from lib.core.enums import WEB_API
from lib.core.exception import SqlmapNoneDataException from lib.core.exception import SqlmapNoneDataException
from lib.core.settings import BACKDOOR_RUN_CMD_TIMEOUT from lib.core.settings import BACKDOOR_RUN_CMD_TIMEOUT
@@ -196,6 +199,60 @@ class Web:
self.webApi = choices[int(choice) - 1] self.webApi = choices[int(choice) - 1]
break break
if not kb.absFilePaths:
message = "do you want sqlmap to further try to "
message += "provoke the full path disclosure? [Y/n] "
getOutput = readInput(message, default="Y")
if getOutput in ("y", "Y"):
headers = {}
been = {conf.url}
for match in re.finditer(r"=['\"]((https?):)?(//[^/'\"]+)?(/[\w/.-]*)\bwp-", kb.originalPage, re.I):
url = "%s%s" % (conf.url.replace(conf.path, match.group(4)), "wp-content/wp-db.php")
if url not in been:
try:
page, _, _ = Request.getPage(url=url, raise404=False, silent=True)
parseFilePaths(page)
except:
pass
finally:
been.add(url)
url = re.sub(r"(\.\w+)\Z", "~\g<1>", conf.url)
if url not in been:
try:
page, _, _ = Request.getPage(url=url, raise404=False, silent=True)
parseFilePaths(page)
except:
pass
finally:
been.add(url)
for place in (PLACE.GET, PLACE.POST):
if place in conf.parameters:
value = re.sub(r"(\A|&)(\w+)=", "\g<2>[]=", conf.parameters[place])
if "[]" in value:
page, headers = Request.queryPage(value=value, place=place, content=True, raise404=False, silent=True, noteResponseTime=False)
parseFilePaths(page)
cookie = None
if PLACE.COOKIE in conf.parameters:
cookie = conf.parameters[PLACE.COOKIE]
elif headers and HTTP_HEADER.SET_COOKIE in headers:
cookie = headers[HTTP_HEADER.SET_COOKIE]
if cookie:
value = re.sub(r"(\A|;)(\w+)=[^;]*", "\g<2>=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", cookie)
if value != cookie:
page, _ = Request.queryPage(value=value, place=PLACE.COOKIE, content=True, raise404=False, silent=True, noteResponseTime=False)
parseFilePaths(page)
value = re.sub(r"(\A|;)(\w+)=[^;]*", "\g<2>=", cookie)
if value != cookie:
page, _ = Request.queryPage(value=value, place=PLACE.COOKIE, content=True, raise404=False, silent=True, noteResponseTime=False)
parseFilePaths(page)
directories = list(arrayizeValue(getManualDirectories())) directories = list(arrayizeValue(getManualDirectories()))
directories.extend(getAutoDirectories()) directories.extend(getAutoDirectories())
directories = list(oset(directories)) directories = list(oset(directories))

8
lib/techniques/brute/use.py
View File

@@ -70,8 +70,8 @@ def tableExists(tableFile, regex=None):
if result: if result:
errMsg = "can't use table existence check because of detected invalid results " errMsg = "can't use table existence check because of detected invalid results "
errMsg += "(most probably caused by inability of the used injection " errMsg += "(most likely caused by inability of the used injection "
errMsg += "to distinguish errornous results)" errMsg += "to distinguish erroneous results)"
raise SqlmapDataException(errMsg) raise SqlmapDataException(errMsg)
tables = getFileItems(tableFile, lowercase=Backend.getIdentifiedDbms() in (DBMS.ACCESS,), unique=True) tables = getFileItems(tableFile, lowercase=Backend.getIdentifiedDbms() in (DBMS.ACCESS,), unique=True)
@@ -178,8 +178,8 @@ def columnExists(columnFile, regex=None):
if result: if result:
errMsg = "can't use column existence check because of detected invalid results " errMsg = "can't use column existence check because of detected invalid results "
errMsg += "(most probably caused by inability of the used injection " errMsg += "(most likely caused by inability of the used injection "
errMsg += "to distinguish errornous results)" errMsg += "to distinguish erroneous results)"
raise SqlmapDataException(errMsg) raise SqlmapDataException(errMsg)
infoMsg = "checking column existence using items from '%s'" % columnFile infoMsg = "checking column existence using items from '%s'" % columnFile

3
lib/techniques/union/test.py
View File

@@ -5,6 +5,7 @@ Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission See the file 'doc/COPYING' for copying permission
""" """
import logging
import random import random
import re import re
@@ -154,7 +155,7 @@ def _findUnionCharCount(comment, place, parameter, value, prefix, suffix, where=
if retVal: if retVal:
infoMsg = "target URL appears to be UNION injectable with %d columns" % retVal infoMsg = "target URL appears to be UNION injectable with %d columns" % retVal
singleTimeLogMessage(infoMsg) singleTimeLogMessage(infoMsg, logging.INFO, re.sub(r"\d+", "N", infoMsg))
return retVal return retVal

47
lib/utils/api.py
View File

@@ -745,13 +745,34 @@ def client(host=RESTAPI_DEFAULT_ADDRESS, port=RESTAPI_DEFAULT_PORT):
if not res["success"]: if not res["success"]:
logger.error("Failed to execute command %s" % command) logger.error("Failed to execute command %s" % command)
dataToStdout("%s\n" % raw) dataToStdout("%s\n" % raw)
elif command.startswith("option"):
if not taskid:
logger.error("No task ID in use")
continue
try:
command, option = command.split(" ")
except ValueError:
raw = _client("%s/option/%s/list" % (addr, taskid))
else:
options = {"option": option}
raw = _client("%s/option/%s/get" % (addr, taskid), options)
res = dejsonize(raw)
if not res["success"]:
logger.error("Failed to execute command %s" % command)
dataToStdout("%s\n" % raw)
elif command.startswith("new"): elif command.startswith("new"):
if ' ' not in command: if ' ' not in command:
logger.error("Program arguments are missing") logger.error("Program arguments are missing")
continue continue
argv = ["sqlmap.py"] + shlex.split(command)[1:] try:
argv = ["sqlmap.py"] + shlex.split(command)[1:]
except Exception, ex:
logger.error("Error occurred while parsing arguments ('%s')" % ex)
taskid = None
continue
try: try:
cmdLineOptions = cmdLineParser(argv).__dict__ cmdLineOptions = cmdLineParser(argv).__dict__
@@ -803,17 +824,19 @@ def client(host=RESTAPI_DEFAULT_ADDRESS, port=RESTAPI_DEFAULT_PORT):
return return
elif command in ("help", "?"): elif command in ("help", "?"):
msg = "help Show this help message\n" msg = "help Show this help message\n"
msg += "new ARGS Start a new scan task with provided arguments (e.g. 'new -u \"http://testphp.vulnweb.com/artists.php?artist=1\"')\n" msg += "new ARGS Start a new scan task with provided arguments (e.g. 'new -u \"http://testphp.vulnweb.com/artists.php?artist=1\"')\n"
msg += "use TASKID Switch current context to different task (e.g. 'use c04d8c5c7582efb4')\n" msg += "use TASKID Switch current context to different task (e.g. 'use c04d8c5c7582efb4')\n"
msg += "data Retrieve and show data for current task\n" msg += "data Retrieve and show data for current task\n"
msg += "log Retrieve and show log for current task\n" msg += "log Retrieve and show log for current task\n"
msg += "status Retrieve and show status for current task\n" msg += "status Retrieve and show status for current task\n"
msg += "stop Stop current task\n" msg += "option OPTION Retrieve and show option for current task\n"
msg += "kill Kill current task\n" msg += "options Retrieve and show all options for current task\n"
msg += "list Display all tasks\n" msg += "stop Stop current task\n"
msg += "flush Flush tasks (delete all tasks)\n" msg += "kill Kill current task\n"
msg += "exit Exit this client\n" msg += "list Display all tasks\n"
msg += "flush Flush tasks (delete all tasks)\n"
msg += "exit Exit this client\n"
dataToStdout(msg) dataToStdout(msg)

4
lib/utils/crawler.py
View File

@@ -63,14 +63,14 @@ def crawl(target):
if current: if current:
content = Request.getPage(url=current, crawling=True, raise404=False)[0] content = Request.getPage(url=current, crawling=True, raise404=False)[0]
except SqlmapConnectionException, ex: except SqlmapConnectionException, ex:
errMsg = "connection exception detected (%s). skipping " % ex errMsg = "connection exception detected (%s). skipping " % getSafeExString(ex)
errMsg += "URL '%s'" % current errMsg += "URL '%s'" % current
logger.critical(errMsg) logger.critical(errMsg)
except SqlmapSyntaxException: except SqlmapSyntaxException:
errMsg = "invalid URL detected. skipping '%s'" % current errMsg = "invalid URL detected. skipping '%s'" % current
logger.critical(errMsg) logger.critical(errMsg)
except httplib.InvalidURL, ex: except httplib.InvalidURL, ex:
errMsg = "invalid URL detected (%s). skipping " % ex errMsg = "invalid URL detected (%s). skipping " % getSafeExString(ex)
errMsg += "URL '%s'" % current errMsg += "URL '%s'" % current
logger.critical(errMsg) logger.critical(errMsg)

2
lib/utils/versioncheck.py
View File

@@ -18,6 +18,6 @@ try:
__import__(_) __import__(_)
except ImportError: except ImportError:
errMsg = "missing one or more core extensions (%s) " % (", ".join("'%s'" % _ for _ in extensions)) errMsg = "missing one or more core extensions (%s) " % (", ".join("'%s'" % _ for _ in extensions))
errMsg += "most probably because current version of Python has been " errMsg += "most likely because current version of Python has been "
errMsg += "built without appropriate dev packages (e.g. 'libsqlite3-dev')" errMsg += "built without appropriate dev packages (e.g. 'libsqlite3-dev')"
exit(errMsg) exit(errMsg)

2
plugins/dbms/access/fingerprint.py
View File

@@ -146,7 +146,7 @@ class Fingerprint(GenericFingerprint):
return value return value
def checkDbms(self): def checkDbms(self):
if not conf.extensiveFp and (Backend.isDbmsWithin(ACCESS_ALIASES) or (conf.dbms or "").lower() in ACCESS_ALIASES): if not conf.extensiveFp and Backend.isDbmsWithin(ACCESS_ALIASES):
setDbms(DBMS.ACCESS) setDbms(DBMS.ACCESS)
return True return True

1
plugins/dbms/db2/enumeration.py
View File

@@ -18,4 +18,3 @@ class Enumeration(GenericEnumeration):
logger.warn(warnMsg) logger.warn(warnMsg)
return {} return {}

2
plugins/dbms/db2/fingerprint.py
View File

@@ -81,7 +81,7 @@ class Fingerprint(GenericFingerprint):
return value return value
def checkDbms(self): def checkDbms(self):
if not conf.extensiveFp and (Backend.isDbmsWithin(DB2_ALIASES) or (conf.dbms or "").lower() in DB2_ALIASES): if not conf.extensiveFp and Backend.isDbmsWithin(DB2_ALIASES):
setDbms(DBMS.DB2) setDbms(DBMS.DB2)
return True return True

4
plugins/dbms/firebird/fingerprint.py
View File

@@ -103,9 +103,7 @@ class Fingerprint(GenericFingerprint):
return retVal return retVal
def checkDbms(self): def checkDbms(self):
if not conf.extensiveFp and (Backend.isDbmsWithin(FIREBIRD_ALIASES) \ if not conf.extensiveFp and Backend.isDbmsWithin(FIREBIRD_ALIASES):
or (conf.dbms or "").lower() in FIREBIRD_ALIASES) and Backend.getVersion() and \
Backend.getVersion() != UNKNOWN_DBMS_VERSION:
setDbms("%s %s" % (DBMS.FIREBIRD, Backend.getVersion())) setDbms("%s %s" % (DBMS.FIREBIRD, Backend.getVersion()))
self.getBanner() self.getBanner()

4
plugins/dbms/hsqldb/fingerprint.py
View File

@@ -80,9 +80,7 @@ class Fingerprint(GenericFingerprint):
""" """
if not conf.extensiveFp and (Backend.isDbmsWithin(HSQLDB_ALIASES) \ if not conf.extensiveFp and Backend.isDbmsWithin(HSQLDB_ALIASES):
or (conf.dbms or "").lower() in HSQLDB_ALIASES) and Backend.getVersion() and \
Backend.getVersion() != UNKNOWN_DBMS_VERSION:
setDbms("%s %s" % (DBMS.HSQLDB, Backend.getVersion())) setDbms("%s %s" % (DBMS.HSQLDB, Backend.getVersion()))
if Backend.isVersionGreaterOrEqualThan("1.7.2"): if Backend.isVersionGreaterOrEqualThan("1.7.2"):

2
plugins/dbms/informix/fingerprint.py
View File

@@ -56,7 +56,7 @@ class Fingerprint(GenericFingerprint):
return value return value
def checkDbms(self): def checkDbms(self):
if not conf.extensiveFp and (Backend.isDbmsWithin(INFORMIX_ALIASES) or (conf.dbms or "").lower() in INFORMIX_ALIASES): if not conf.extensiveFp and Backend.isDbmsWithin(INFORMIX_ALIASES):
setDbms(DBMS.INFORMIX) setDbms(DBMS.INFORMIX)
self.getBanner() self.getBanner()

2
plugins/dbms/maxdb/fingerprint.py
View File

@@ -91,7 +91,7 @@ class Fingerprint(GenericFingerprint):
return value return value
def checkDbms(self): def checkDbms(self):
if not conf.extensiveFp and (Backend.isDbmsWithin(MAXDB_ALIASES) or (conf.dbms or "").lower() in MAXDB_ALIASES): if not conf.extensiveFp and Backend.isDbmsWithin(MAXDB_ALIASES):
setDbms(DBMS.MAXDB) setDbms(DBMS.MAXDB)
self.getBanner() self.getBanner()

4
plugins/dbms/mssqlserver/fingerprint.py
View File

@@ -65,9 +65,7 @@ class Fingerprint(GenericFingerprint):
return value return value
def checkDbms(self): def checkDbms(self):
if not conf.extensiveFp and (Backend.isDbmsWithin(MSSQL_ALIASES) \ if not conf.extensiveFp and Backend.isDbmsWithin(MSSQL_ALIASES):
or (conf.dbms or "").lower() in MSSQL_ALIASES) and Backend.getVersion() and \
Backend.getVersion().isdigit():
setDbms("%s %s" % (DBMS.MSSQL, Backend.getVersion())) setDbms("%s %s" % (DBMS.MSSQL, Backend.getVersion()))
self.getBanner() self.getBanner()

12
plugins/dbms/mysql/fingerprint.py
View File

@@ -46,12 +46,12 @@ class Fingerprint(GenericFingerprint):
(32300, 32359), # MySQL 3.23 (32300, 32359), # MySQL 3.23
(40000, 40032), # MySQL 4.0 (40000, 40032), # MySQL 4.0
(40100, 40131), # MySQL 4.1 (40100, 40131), # MySQL 4.1
(50000, 50092), # MySQL 5.0 (50000, 50096), # MySQL 5.0
(50100, 50172), # MySQL 5.1 (50100, 50172), # MySQL 5.1
(50400, 50404), # MySQL 5.4 (50400, 50404), # MySQL 5.4
(50500, 50552), # MySQL 5.5 (50500, 50554), # MySQL 5.5
(50600, 50633), # MySQL 5.6 (50600, 50635), # MySQL 5.6
(50700, 50715), # MySQL 5.7 (50700, 50717), # MySQL 5.7
(60000, 60014), # MySQL 6.0 (60000, 60014), # MySQL 6.0
) )
@@ -150,9 +150,7 @@ class Fingerprint(GenericFingerprint):
* http://dev.mysql.com/doc/refman/6.0/en/news-6-0-x.html (manual has been withdrawn) * http://dev.mysql.com/doc/refman/6.0/en/news-6-0-x.html (manual has been withdrawn)
""" """
if not conf.extensiveFp and (Backend.isDbmsWithin(MYSQL_ALIASES) \ if not conf.extensiveFp and Backend.isDbmsWithin(MYSQL_ALIASES):
or (conf.dbms or "").lower() in MYSQL_ALIASES) and Backend.getVersion() and \
Backend.getVersion() != UNKNOWN_DBMS_VERSION:
setDbms("%s %s" % (DBMS.MYSQL, Backend.getVersion())) setDbms("%s %s" % (DBMS.MYSQL, Backend.getVersion()))
if Backend.isVersionGreaterOrEqualThan("5"): if Backend.isVersionGreaterOrEqualThan("5"):

2
plugins/dbms/oracle/fingerprint.py
View File

@@ -58,7 +58,7 @@ class Fingerprint(GenericFingerprint):
return value return value
def checkDbms(self): def checkDbms(self):
if not conf.extensiveFp and (Backend.isDbmsWithin(ORACLE_ALIASES) or (conf.dbms or "").lower() in ORACLE_ALIASES): if not conf.extensiveFp and Backend.isDbmsWithin(ORACLE_ALIASES):
setDbms(DBMS.ORACLE) setDbms(DBMS.ORACLE)
self.getBanner() self.getBanner()

2
plugins/dbms/postgresql/fingerprint.py
View File

@@ -63,7 +63,7 @@ class Fingerprint(GenericFingerprint):
* http://www.postgresql.org/docs/9.1/interactive/release.html (up to 9.1.3) * http://www.postgresql.org/docs/9.1/interactive/release.html (up to 9.1.3)
""" """
if not conf.extensiveFp and (Backend.isDbmsWithin(PGSQL_ALIASES) or (conf.dbms or "").lower() in PGSQL_ALIASES): if not conf.extensiveFp and Backend.isDbmsWithin(PGSQL_ALIASES):
setDbms(DBMS.PGSQL) setDbms(DBMS.PGSQL)
self.getBanner() self.getBanner()

2
plugins/dbms/sqlite/fingerprint.py
View File

@@ -64,7 +64,7 @@ class Fingerprint(GenericFingerprint):
* http://www.sqlite.org/cvstrac/wiki?p=LoadableExtensions * http://www.sqlite.org/cvstrac/wiki?p=LoadableExtensions
""" """
if not conf.extensiveFp and (Backend.isDbmsWithin(SQLITE_ALIASES) or (conf.dbms or "").lower() in SQLITE_ALIASES): if not conf.extensiveFp and Backend.isDbmsWithin(SQLITE_ALIASES):
setDbms(DBMS.SQLITE) setDbms(DBMS.SQLITE)
self.getBanner() self.getBanner()

4
plugins/dbms/sybase/fingerprint.py
View File

@@ -58,9 +58,7 @@ class Fingerprint(GenericFingerprint):
return value return value
def checkDbms(self): def checkDbms(self):
if not conf.extensiveFp and (Backend.isDbmsWithin(SYBASE_ALIASES) \ if not conf.extensiveFp and Backend.isDbmsWithin(SYBASE_ALIASES):
or (conf.dbms or "").lower() in SYBASE_ALIASES) and Backend.getVersion() and \
Backend.getVersion().isdigit():
setDbms("%s %s" % (DBMS.SYBASE, Backend.getVersion())) setDbms("%s %s" % (DBMS.SYBASE, Backend.getVersion()))
self.getBanner() self.getBanner()

5
plugins/generic/connector.py
View File

@@ -11,6 +11,7 @@ from lib.core.data import conf
from lib.core.data import logger from lib.core.data import logger
from lib.core.exception import SqlmapFilePathException from lib.core.exception import SqlmapFilePathException
from lib.core.exception import SqlmapUndefinedMethod from lib.core.exception import SqlmapUndefinedMethod
from lib.core.settings import UNICODE_ENCODING
class Connector: class Connector:
""" """
@@ -22,8 +23,8 @@ class Connector:
self.cursor = None self.cursor = None
def initConnection(self): def initConnection(self):
self.user = conf.dbmsUser self.user = conf.dbmsUser.encode(UNICODE_ENCODING) if conf.dbmsUser is not None else ""
self.password = conf.dbmsPass if conf.dbmsPass is not None else "" self.password = conf.dbmsPass.encode(UNICODE_ENCODING) if conf.dbmsPass is not None else ""
self.hostname = conf.hostname self.hostname = conf.hostname
self.port = conf.port self.port = conf.port
self.db = conf.dbmsDb self.db = conf.dbmsDb

9
plugins/generic/entries.py
View File

@@ -192,7 +192,14 @@ class Entries:
query = agent.whereQuery(query) query = agent.whereQuery(query)
if not entries and query: if not entries and query:
entries = inject.getValue(query, blind=False, time=False, dump=True) try:
entries = inject.getValue(query, blind=False, time=False, dump=True)
except KeyboardInterrupt:
entries = None
kb.dumpKeyboardInterrupt = True
clearConsoleLine()
warnMsg = "Ctrl+C detected in dumping phase"
logger.warn(warnMsg)
if not isNoneValue(entries): if not isNoneValue(entries):
if isinstance(entries, basestring): if isinstance(entries, basestring):

13
sqlmap.conf
View File

@@ -512,13 +512,13 @@ excludeSysDbs = False
# First query output entry to retrieve # First query output entry to retrieve
# Valid: integer # Valid: integer
# Default: 0 (sqlmap will start to retrieve the query output entries from # Default: 0 (sqlmap will start to retrieve the table dump entries from
# the first) # first one)
limitStart = 0 limitStart = 0
# Last query output entry to retrieve # Last query output entry to retrieve
# Valid: integer # Valid: integer
# Default: 0 (sqlmap will detect the number of query output entries and # Default: 0 (sqlmap will detect the number of table dump entries and
# retrieve them until the last) # retrieve them until the last)
limitStop = 0 limitStop = 0
@@ -779,10 +779,6 @@ mobile = False
# Valid: True or False # Valid: True or False
offline = False offline = False
# Display page rank (PR) for Google dork results.
# Valid: True or False
pageRank = False
# Skip heuristic detection of WAF/IPS/IDS protection. # Skip heuristic detection of WAF/IPS/IDS protection.
# Valid: True or False # Valid: True or False
skipWaf = False skipWaf = False
@@ -794,6 +790,9 @@ smart = False
# Local directory for storing temporary files. # Local directory for storing temporary files.
tmpDir = tmpDir =
# Web server document root directory (e.g. "/var/www").
webRoot =
# Simple wizard interface for beginner users. # Simple wizard interface for beginner users.
# Valid: True or False # Valid: True or False
wizard = False wizard = False

21
tamper/plus2concat.py
View File

@@ -5,6 +5,8 @@ Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission See the file 'doc/COPYING' for copying permission
""" """
import re
from lib.core.common import zeroDepthSearch from lib.core.common import zeroDepthSearch
from lib.core.enums import PRIORITY from lib.core.enums import PRIORITY
@@ -28,6 +30,9 @@ def tamper(payload, **kwargs):
>>> tamper('SELECT CHAR(113)+CHAR(114)+CHAR(115) FROM DUAL') >>> tamper('SELECT CHAR(113)+CHAR(114)+CHAR(115) FROM DUAL')
'SELECT CONCAT(CHAR(113),CHAR(114),CHAR(115)) FROM DUAL' 'SELECT CONCAT(CHAR(113),CHAR(114),CHAR(115)) FROM DUAL'
>>> tamper('SELECT (CHAR(113)+CHAR(114)+CHAR(115)) FROM DUAL')
'SELECT CONCAT(CHAR(113),CHAR(114),CHAR(115)) FROM DUAL'
""" """
retVal = payload retVal = payload
@@ -35,6 +40,7 @@ def tamper(payload, **kwargs):
if payload: if payload:
while True: while True:
indexes = zeroDepthSearch(retVal, '+') indexes = zeroDepthSearch(retVal, '+')
if indexes: if indexes:
first, last = 0, 0 first, last = 0, 0
for i in xrange(1, len(indexes)): for i in xrange(1, len(indexes)):
@@ -52,6 +58,19 @@ def tamper(payload, **kwargs):
retVal = "%sCONCAT(%s)%s" % (retVal[:start], ''.join(chars)[start:end], retVal[end:]) retVal = "%sCONCAT(%s)%s" % (retVal[:start], ''.join(chars)[start:end], retVal[end:])
else: else:
break match = re.search(r"\((CHAR\(\d+.+CHAR\(\d+\))\)", retVal)
if match:
part = match.group(0)
indexes = set(zeroDepthSearch(match.group(1), '+'))
if not indexes:
break
chars = [char for char in part]
for i in xrange(1, len(chars)):
if i - 1 in indexes:
chars[i] = ','
replacement = "CONCAT%s" % "".join(chars)
retVal = retVal.replace(part, replacement)
else:
break
return retVal return retVal

89
tamper/plus2fnconcat.py Normal file
View File

@@ -0,0 +1,89 @@
#!/usr/bin/env python
"""
Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission
"""
import re
from lib.core.common import zeroDepthSearch
from lib.core.enums import PRIORITY
__priority__ = PRIORITY.HIGHEST
def dependencies():
pass
def tamper(payload, **kwargs):
"""
Replaces plus ('+') character with ODBC function {fn CONCAT()}
Tested against:
* Microsoft SQL Server 2008
Requirements:
* Microsoft SQL Server 2008+
Notes:
* Useful in case ('+') character is filtered
* https://msdn.microsoft.com/en-us/library/bb630290.aspx
>>> tamper('SELECT CHAR(113)+CHAR(114)+CHAR(115) FROM DUAL')
'SELECT {fn CONCAT({fn CONCAT(CHAR(113),CHAR(114))},CHAR(115))} FROM DUAL'
>>> tamper('SELECT (CHAR(113)+CHAR(114)+CHAR(115)) FROM DUAL')
'SELECT {fn CONCAT({fn CONCAT(CHAR(113),CHAR(114))},CHAR(115))} FROM DUAL'
"""
retVal = payload
if payload:
while True:
indexes = zeroDepthSearch(retVal, '+')
if indexes:
first, last = 0, 0
for i in xrange(1, len(indexes)):
if ' ' in retVal[indexes[0]:indexes[i]]:
break
else:
last = i
start = retVal[:indexes[first]].rfind(' ') + 1
end = (retVal[indexes[last] + 1:].find(' ') + indexes[last] + 1) if ' ' in retVal[indexes[last] + 1:] else len(retVal) - 1
count = 0
chars = [char for char in retVal]
for index in indexes[first:last + 1]:
if count == 0:
chars[index] = ','
else:
chars[index] = '\x01'
count += 1
retVal = "%s%s%s)}%s" % (retVal[:start], "{fn CONCAT(" * count, ''.join(chars)[start:end].replace('\x01', ")},"), retVal[end:])
else:
match = re.search(r"\((CHAR\(\d+.+CHAR\(\d+\))\)", retVal)
if match:
part = match.group(0)
indexes = set(zeroDepthSearch(match.group(1), '+'))
if not indexes:
break
count = 0
chars = [char for char in part]
for i in xrange(1, len(chars)):
if i - 1 in indexes:
if count == 0:
chars[i] = ','
else:
chars[i] = '\x01'
count += 1
replacement = "%s%s}" % (("{fn CONCAT(" * count)[:-1], "".join(chars).replace('\x01', ")},"))
retVal = retVal.replace(part, replacement)
else:
break
return retVal

26
thirdparty/pagerank/__init__.py vendored
View File

@@ -1,26 +0,0 @@
#!/usr/bin/env python
#
# The MIT License
#
# Copyright 2010 Corey Goldberg
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
#
pass

87
thirdparty/pagerank/pagerank.py vendored
View File

@@ -1,87 +0,0 @@
#!/usr/bin/env python
#
# Script for getting Google Page Rank of page
# Google Toolbar 3.0.x/4.0.x Pagerank Checksum Algorithm
#
# original from http://pagerank.gamesaga.net/
# this version was adapted from http://www.djangosnippets.org/snippets/221/
# by Corey Goldberg - 2010
#
# important update (http://www.seroundtable.com/google-pagerank-change-14132.html)
# by Miroslav Stampar - 2012
#
# Licensed under the MIT license: http://www.opensource.org/licenses/mit-license.php
import sys
import urllib
import urllib2
def get_pagerank(url, timeout=10):
url = url.encode('utf8') if isinstance(url, unicode) else url
_ = 'http://toolbarqueries.google.com/tbr?client=navclient-auto&features=Rank&ch=%s&q=info:%s' % (check_hash(hash_url(url)), urllib.quote(url))
try:
req = urllib2.Request(_)
rank = urllib2.urlopen(req, timeout=timeout).read().strip()[9:]
except:
rank = 'N/A'
else:
rank = '0' if not rank or not rank.isdigit() else rank
return rank
def int_str(string_, integer, factor):
for i in xrange(len(string_)) :
integer *= factor
integer &= 0xFFFFFFFF
integer += ord(string_[i])
return integer
def hash_url(string_):
c1 = int_str(string_, 0x1505, 0x21)
c2 = int_str(string_, 0, 0x1003F)
c1 >>= 2
c1 = ((c1 >> 4) & 0x3FFFFC0) | (c1 & 0x3F)
c1 = ((c1 >> 4) & 0x3FFC00) | (c1 & 0x3FF)
c1 = ((c1 >> 4) & 0x3C000) | (c1 & 0x3FFF)
t1 = (c1 & 0x3C0) << 4
t1 |= c1 & 0x3C
t1 = (t1 << 2) | (c2 & 0xF0F)
t2 = (c1 & 0xFFFFC000) << 4
t2 |= c1 & 0x3C00
t2 = (t2 << 0xA) | (c2 & 0xF0F0000)
return (t1 | t2)
def check_hash(hash_int):
hash_str = '%u' % (hash_int)
flag = 0
check_byte = 0
i = len(hash_str) - 1
while i >= 0:
byte = int(hash_str[i])
if 1 == (flag % 2):
byte *= 2;
byte = byte / 10 + byte % 10
check_byte += byte
flag += 1
i -= 1
check_byte %= 10
if 0 != check_byte:
check_byte = 10 - check_byte
if 1 == flag % 2:
if 1 == check_byte % 2:
check_byte += 9
check_byte >>= 1
return '7' + str(check_byte) + hash_str
def main():
print get_pagerank(sys.argv[1]) if len(sys.argv) > 1 else "[x] missing hostname"
if __name__ == "__main__":
main()

81
txt/checksum.md5
View File

@@ -20,13 +20,13 @@ c55b400b72acc43e0e59c87dd8bb8d75 extra/shellcodeexec/windows/shellcodeexec.x32.
310efc965c862cfbd7b0da5150a5ad36 extra/sqlharvest/__init__.py 310efc965c862cfbd7b0da5150a5ad36 extra/sqlharvest/__init__.py
7713aa366c983cdf1f3dbaa7383ea9e1 extra/sqlharvest/sqlharvest.py 7713aa366c983cdf1f3dbaa7383ea9e1 extra/sqlharvest/sqlharvest.py
5df358defc488bee9b40084892e3d1cb lib/controller/action.py 5df358defc488bee9b40084892e3d1cb lib/controller/action.py
699fd4757390aedb5ad17f4316d17972 lib/controller/checks.py 9cb94acd4c59822a5e1a258c4d1a4860 lib/controller/checks.py
10edc8d1057e89c145218d4c5ccaaa31 lib/controller/controller.py dc386321e8813788f155dc557a78be8d lib/controller/controller.py
b3eec7f44bcc5d784d171a187b7fe8cb lib/controller/handler.py d79481ab99acd739615e747d4a79d9d0 lib/controller/handler.py
310efc965c862cfbd7b0da5150a5ad36 lib/controller/__init__.py 310efc965c862cfbd7b0da5150a5ad36 lib/controller/__init__.py
19905ecb4437b94512cf21d5f1720091 lib/core/agent.py 19905ecb4437b94512cf21d5f1720091 lib/core/agent.py
6cc95a117fbd34ef31b9aa25520f0e31 lib/core/bigarray.py 6cc95a117fbd34ef31b9aa25520f0e31 lib/core/bigarray.py
9ca4206c06f8a2a859b076ab7520c3ea lib/core/common.py 145d131884dd5401d7a52effaea2ee9e lib/core/common.py
5065a4242a8cccf72f91e22e1007ae63 lib/core/convert.py 5065a4242a8cccf72f91e22e1007ae63 lib/core/convert.py
a8143dab9d3a27490f7d49b6b29ea530 lib/core/data.py a8143dab9d3a27490f7d49b6b29ea530 lib/core/data.py
7936d78b1a7f1f008ff92bf2f88574ba lib/core/datatype.py 7936d78b1a7f1f008ff92bf2f88574ba lib/core/datatype.py
@@ -34,29 +34,29 @@ a8143dab9d3a27490f7d49b6b29ea530 lib/core/data.py
47eecd5499eaa15e931793e1d1ac3566 lib/core/defaults.py 47eecd5499eaa15e931793e1d1ac3566 lib/core/defaults.py
4029f6869b36eb5f796c2bcc948f4fae lib/core/dicts.py 4029f6869b36eb5f796c2bcc948f4fae lib/core/dicts.py
77edcfd3d7c5522bb64baf59ac23a047 lib/core/dump.py 77edcfd3d7c5522bb64baf59ac23a047 lib/core/dump.py
18554d2eafd721a2b92dcfd202b9a0ab lib/core/enums.py 2acf5449c71bfae4feec8da538e70116 lib/core/enums.py
9381a0c7e8bc19986299e84f4edda1a0 lib/core/exception.py 9381a0c7e8bc19986299e84f4edda1a0 lib/core/exception.py
310efc965c862cfbd7b0da5150a5ad36 lib/core/__init__.py 310efc965c862cfbd7b0da5150a5ad36 lib/core/__init__.py
9ba39bf66e9ecd469446bdbbeda906c3 lib/core/log.py 9ba39bf66e9ecd469446bdbbeda906c3 lib/core/log.py
e544108e2238d756c94a240e8a1ce061 lib/core/optiondict.py 66c9795e2e7da32f46f04497ae910070 lib/core/optiondict.py
42b491edce8822786c32f77a9b7fe5be lib/core/option.py 0324fce84ef88ed0416123f73c54a6d7 lib/core/option.py
5f2f56e6c5f274408df61943f1e080c0 lib/core/profiling.py 5f2f56e6c5f274408df61943f1e080c0 lib/core/profiling.py
40be71cd774662a7b420caeb7051e7d5 lib/core/readlineng.py 40be71cd774662a7b420caeb7051e7d5 lib/core/readlineng.py
d8e9250f3775119df07e9070eddccd16 lib/core/replication.py d8e9250f3775119df07e9070eddccd16 lib/core/replication.py
785f86e3f963fa3798f84286a4e83ff2 lib/core/revision.py 785f86e3f963fa3798f84286a4e83ff2 lib/core/revision.py
40c80b28b3a5819b737a5a17d4565ae9 lib/core/session.py 40c80b28b3a5819b737a5a17d4565ae9 lib/core/session.py
689a9339741e81a2c460fc794c978163 lib/core/settings.py 50edc9861e7441371210f5fae263207c lib/core/settings.py
d91291997d2bd2f6028aaf371bf1d3b6 lib/core/shell.py d91291997d2bd2f6028aaf371bf1d3b6 lib/core/shell.py
2ad85c130cc5f2b3701ea85c2f6bbf20 lib/core/subprocessng.py 2ad85c130cc5f2b3701ea85c2f6bbf20 lib/core/subprocessng.py
afd0636d2e93c23f4f0a5c9b6023ea17 lib/core/target.py afd0636d2e93c23f4f0a5c9b6023ea17 lib/core/target.py
8970b88627902239d695280b1160e16c lib/core/testing.py 8970b88627902239d695280b1160e16c lib/core/testing.py
1504e8c6bdd69edc17b5f240eaa73fb2 lib/core/threads.py 5521241c750855a4e44747fbac7771c6 lib/core/threads.py
ad74fc58fc7214802fd27067bce18dd2 lib/core/unescaper.py ad74fc58fc7214802fd27067bce18dd2 lib/core/unescaper.py
1f1fa616b5b19308d78c610ec8046399 lib/core/update.py 1f1fa616b5b19308d78c610ec8046399 lib/core/update.py
4d13ed693401a498b6d073a2a494bd83 lib/core/wordlist.py 4d13ed693401a498b6d073a2a494bd83 lib/core/wordlist.py
310efc965c862cfbd7b0da5150a5ad36 lib/__init__.py 310efc965c862cfbd7b0da5150a5ad36 lib/__init__.py
8c4b04062db2245d9e190b413985202a lib/parse/banner.py 8c4b04062db2245d9e190b413985202a lib/parse/banner.py
9b12924e9da625f97b7ec87773214000 lib/parse/cmdline.py 54f06c50771ce894a3c6a418d545f4bf lib/parse/cmdline.py
3a31657bc38f277d0016ff6d50bde61f lib/parse/configfile.py 3a31657bc38f277d0016ff6d50bde61f lib/parse/configfile.py
14539f1be714d4f1ed042067d63bc50a lib/parse/handler.py 14539f1be714d4f1ed042067d63bc50a lib/parse/handler.py
64e5bb3ecbdd75144500588b437ba8da lib/parse/headers.py 64e5bb3ecbdd75144500588b437ba8da lib/parse/headers.py
@@ -65,9 +65,9 @@ ad74fc58fc7214802fd27067bce18dd2 lib/core/unescaper.py
0b010b7cdb2e42b5aa0caa59607279ad lib/parse/payloads.py 0b010b7cdb2e42b5aa0caa59607279ad lib/parse/payloads.py
a0444cc351cd6d29015ad16d9eb46ff4 lib/parse/sitemap.py a0444cc351cd6d29015ad16d9eb46ff4 lib/parse/sitemap.py
403d873f1d2fd0c7f73d83f104e41850 lib/request/basicauthhandler.py 403d873f1d2fd0c7f73d83f104e41850 lib/request/basicauthhandler.py
6d04ee525e75bf0082e9f1f6d8506546 lib/request/basic.py 0035612a620934d7ebe6d18426cfb065 lib/request/basic.py
4e89d0e13de2eb3576f5412b21e9b648 lib/request/comparison.py ef48de622b0a6b4a71df64b0d2785ef8 lib/request/comparison.py
9853a53cc7dd567b74e04bb2acadb7fe lib/request/connect.py 74a2a83e3af11ab02088c79b6367ef29 lib/request/connect.py
fb6b788d0016ab4ec5e5f661f0f702ad lib/request/direct.py fb6b788d0016ab4ec5e5f661f0f702ad lib/request/direct.py
cc1163d38e9b7ee5db2adac6784c02bb lib/request/dns.py cc1163d38e9b7ee5db2adac6784c02bb lib/request/dns.py
5dcdb37823a0b5eff65cd1018bcf09e4 lib/request/httpshandler.py 5dcdb37823a0b5eff65cd1018bcf09e4 lib/request/httpshandler.py
@@ -76,20 +76,20 @@ e68e1f00c7bb47b2c4ea6201995c56fb lib/request/inject.py
dc1e0af84ee8eb421797d61c8cb8f172 lib/request/methodrequest.py dc1e0af84ee8eb421797d61c8cb8f172 lib/request/methodrequest.py
bb9c165b050f7696b089b96b5947fac3 lib/request/pkihandler.py bb9c165b050f7696b089b96b5947fac3 lib/request/pkihandler.py
602d4338a9fceaaee40c601410d8ac0b lib/request/rangehandler.py 602d4338a9fceaaee40c601410d8ac0b lib/request/rangehandler.py
e687a727b641211dfae7346b671059c5 lib/request/redirecthandler.py b581e0c5e27cd927883f2c7f1705bf4e lib/request/redirecthandler.py
20a0e6dac2edcf98fa8c47ee9a332c28 lib/request/templates.py 20a0e6dac2edcf98fa8c47ee9a332c28 lib/request/templates.py
36518b36ae0cf199490457916a85b367 lib/takeover/abstraction.py 36518b36ae0cf199490457916a85b367 lib/takeover/abstraction.py
c6bc7961a186baabe0a9f5b7e0d8974b lib/takeover/icmpsh.py c6bc7961a186baabe0a9f5b7e0d8974b lib/takeover/icmpsh.py
310efc965c862cfbd7b0da5150a5ad36 lib/takeover/__init__.py 310efc965c862cfbd7b0da5150a5ad36 lib/takeover/__init__.py
71d45fd7f11804872284ee3ae5e60970 lib/takeover/metasploit.py c90c993b020a6ae0f0e497fd84f37466 lib/takeover/metasploit.py
ac541a0d38e4ecb4e41e97799a7235f4 lib/takeover/registry.py ac541a0d38e4ecb4e41e97799a7235f4 lib/takeover/registry.py
4cd0322f22fbc26284cffa9f8f7545ef lib/takeover/udf.py 4cd0322f22fbc26284cffa9f8f7545ef lib/takeover/udf.py
a610e0ef2fb8512604c2b6c081174850 lib/takeover/web.py ab021269ad7f4d552025448ae08c51d0 lib/takeover/web.py
e5a82481947e798d0c11f3acf3e9db60 lib/takeover/xp_cmdshell.py e5a82481947e798d0c11f3acf3e9db60 lib/takeover/xp_cmdshell.py
cae752650755c706272a45ae84519a4b lib/techniques/blind/inference.py cae752650755c706272a45ae84519a4b lib/techniques/blind/inference.py
310efc965c862cfbd7b0da5150a5ad36 lib/techniques/blind/__init__.py 310efc965c862cfbd7b0da5150a5ad36 lib/techniques/blind/__init__.py
310efc965c862cfbd7b0da5150a5ad36 lib/techniques/brute/__init__.py 310efc965c862cfbd7b0da5150a5ad36 lib/techniques/brute/__init__.py
b24fa5fe58828e00a84991015c561f59 lib/techniques/brute/use.py a693c023a9fed1eebb9ca9ef51e0aeb8 lib/techniques/brute/use.py
310efc965c862cfbd7b0da5150a5ad36 lib/techniques/dns/__init__.py 310efc965c862cfbd7b0da5150a5ad36 lib/techniques/dns/__init__.py
ab1601a7f429b47637c4fb8af703d0f1 lib/techniques/dns/test.py ab1601a7f429b47637c4fb8af703d0f1 lib/techniques/dns/test.py
d3da4c7ceaf57c4687a052d58722f6bb lib/techniques/dns/use.py d3da4c7ceaf57c4687a052d58722f6bb lib/techniques/dns/use.py
@@ -97,10 +97,10 @@ d3da4c7ceaf57c4687a052d58722f6bb lib/techniques/dns/use.py
2fb0eb698fc9d6e19960d2136bce787d lib/techniques/error/use.py 2fb0eb698fc9d6e19960d2136bce787d lib/techniques/error/use.py
310efc965c862cfbd7b0da5150a5ad36 lib/techniques/__init__.py 310efc965c862cfbd7b0da5150a5ad36 lib/techniques/__init__.py
310efc965c862cfbd7b0da5150a5ad36 lib/techniques/union/__init__.py 310efc965c862cfbd7b0da5150a5ad36 lib/techniques/union/__init__.py
4bed3ed51faad9b910899cacf56e8eac lib/techniques/union/test.py 19fd73af7a278fd72b46a5a60f5bdd09 lib/techniques/union/test.py
8cd5655c60a638caa30ca1220896aeda lib/techniques/union/use.py 8cd5655c60a638caa30ca1220896aeda lib/techniques/union/use.py
2503710e4b6316e40ddde872d5bbd04a lib/utils/api.py b8c9bbf1a50f1b2fdd0d3644922e252a lib/utils/api.py
6842092e1d27b71d28acd0e421f90693 lib/utils/crawler.py 29e32d59fcdd63c5a13498af1f367c8c lib/utils/crawler.py
ba12c69a90061aa14d848b8396e79191 lib/utils/deps.py ba12c69a90061aa14d848b8396e79191 lib/utils/deps.py
3b9fd519164e0bf275d5fd361c3f11ff lib/utils/getch.py 3b9fd519164e0bf275d5fd361c3f11ff lib/utils/getch.py
ccfdad414ce2ec0c394c3deaa39a82bf lib/utils/hashdb.py ccfdad414ce2ec0c394c3deaa39a82bf lib/utils/hashdb.py
@@ -113,40 +113,40 @@ e76a08237ee6a4cd6855af79610ea8a5 lib/utils/htmlentities.py
2da1b35339667646e51101adaa1dfc32 lib/utils/search.py 2da1b35339667646e51101adaa1dfc32 lib/utils/search.py
569521a83b2b6c62497879267b963b21 lib/utils/sqlalchemy.py 569521a83b2b6c62497879267b963b21 lib/utils/sqlalchemy.py
caeea96ec9c9d489f615f282259b32ca lib/utils/timeout.py caeea96ec9c9d489f615f282259b32ca lib/utils/timeout.py
0b84e74f9eb7681bab7364617e2f2577 lib/utils/versioncheck.py 6fa36b9742293756b226cddee11b7d52 lib/utils/versioncheck.py
31c51a3cc73120ee9490f2e3fa6d0dca lib/utils/xrange.py 31c51a3cc73120ee9490f2e3fa6d0dca lib/utils/xrange.py
b90aae84100a6c4c2bd5eeb4197fbc6e plugins/dbms/access/connector.py b90aae84100a6c4c2bd5eeb4197fbc6e plugins/dbms/access/connector.py
a71f7c8ffcb9b250cc785cad830e8980 plugins/dbms/access/enumeration.py a71f7c8ffcb9b250cc785cad830e8980 plugins/dbms/access/enumeration.py
38a0c758d9b86915fce894b779e79e4d plugins/dbms/access/filesystem.py 38a0c758d9b86915fce894b779e79e4d plugins/dbms/access/filesystem.py
818482929a68a270bc4331cf6c436d13 plugins/dbms/access/fingerprint.py fe34217a0b79ac25e3af007dd46cd340 plugins/dbms/access/fingerprint.py
5a691580a59eca29bae2283b57682025 plugins/dbms/access/__init__.py 5a691580a59eca29bae2283b57682025 plugins/dbms/access/__init__.py
c12f4f266830636462eac98e35ebb73e plugins/dbms/access/syntax.py c12f4f266830636462eac98e35ebb73e plugins/dbms/access/syntax.py
3fc75c350a30597962bc692c973eeeb3 plugins/dbms/access/takeover.py 3fc75c350a30597962bc692c973eeeb3 plugins/dbms/access/takeover.py
a763887d6e6e99c5a73d9cf450cd84fe plugins/dbms/db2/connector.py a763887d6e6e99c5a73d9cf450cd84fe plugins/dbms/db2/connector.py
c1f6eeb6fccbcb75b53566568c582e9c plugins/dbms/db2/enumeration.py 9d54e01e1576a423159f0e47aeb2837a plugins/dbms/db2/enumeration.py
667e50aa06883f0f194bef335015d694 plugins/dbms/db2/filesystem.py 667e50aa06883f0f194bef335015d694 plugins/dbms/db2/filesystem.py
d82e641f156d7c0fe015510a2f593b16 plugins/dbms/db2/fingerprint.py 9c6ef13c056a256e4704b924af0d7cc6 plugins/dbms/db2/fingerprint.py
35ed6e262cf68d4ab2c6111dd5fb0414 plugins/dbms/db2/__init__.py 35ed6e262cf68d4ab2c6111dd5fb0414 plugins/dbms/db2/__init__.py
ce8bc86383f2ade41e08f2dbee1844bf plugins/dbms/db2/syntax.py ce8bc86383f2ade41e08f2dbee1844bf plugins/dbms/db2/syntax.py
744fb5044f2b9f9d5ebda6e3f08e3be7 plugins/dbms/db2/takeover.py 744fb5044f2b9f9d5ebda6e3f08e3be7 plugins/dbms/db2/takeover.py
b8dcd6e97166f58ee452e68c46bfe2c4 plugins/dbms/firebird/connector.py b8dcd6e97166f58ee452e68c46bfe2c4 plugins/dbms/firebird/connector.py
147afe5f4a3d09548a8a1dbc954fe29e plugins/dbms/firebird/enumeration.py 147afe5f4a3d09548a8a1dbc954fe29e plugins/dbms/firebird/enumeration.py
4e421504f59861bf1ed1a89abda583d1 plugins/dbms/firebird/filesystem.py 4e421504f59861bf1ed1a89abda583d1 plugins/dbms/firebird/filesystem.py
fc6fdb1fb1be84db541995c87746efe1 plugins/dbms/firebird/fingerprint.py bbd239cd27b35c2fbd29443f0af5d973 plugins/dbms/firebird/fingerprint.py
f86ace7fcaea5ff3f9e86ab2dce052c5 plugins/dbms/firebird/__init__.py f86ace7fcaea5ff3f9e86ab2dce052c5 plugins/dbms/firebird/__init__.py
04f7c2977ab5198c6f4aa6233b872ae0 plugins/dbms/firebird/syntax.py 04f7c2977ab5198c6f4aa6233b872ae0 plugins/dbms/firebird/syntax.py
1cb1ab93e4b8c97e81586acfe4d030a2 plugins/dbms/firebird/takeover.py 1cb1ab93e4b8c97e81586acfe4d030a2 plugins/dbms/firebird/takeover.py
3a97bd07cce66bc812309341e7b54697 plugins/dbms/hsqldb/connector.py 3a97bd07cce66bc812309341e7b54697 plugins/dbms/hsqldb/connector.py
015281fb8f96dbade0d2e30fc8da9c4c plugins/dbms/hsqldb/enumeration.py 015281fb8f96dbade0d2e30fc8da9c4c plugins/dbms/hsqldb/enumeration.py
c0b14e62e1ecbb679569a1abb9cf1913 plugins/dbms/hsqldb/filesystem.py c0b14e62e1ecbb679569a1abb9cf1913 plugins/dbms/hsqldb/filesystem.py
205ec651547b3fef04afc9580ab35672 plugins/dbms/hsqldb/fingerprint.py 82304c5d7b06bb564dcdd8cda84dbeae plugins/dbms/hsqldb/fingerprint.py
0b18e3cf582b128cf9f16ee34ef85727 plugins/dbms/hsqldb/__init__.py 0b18e3cf582b128cf9f16ee34ef85727 plugins/dbms/hsqldb/__init__.py
65e8f8edc9d18fe482deb474a29f83ff plugins/dbms/hsqldb/syntax.py 65e8f8edc9d18fe482deb474a29f83ff plugins/dbms/hsqldb/syntax.py
0a1584e2b01f33abe3ef91d99bafbd3f plugins/dbms/hsqldb/takeover.py 0a1584e2b01f33abe3ef91d99bafbd3f plugins/dbms/hsqldb/takeover.py
f8eaeb71239369e6ceff47596439871b plugins/dbms/informix/connector.py f8eaeb71239369e6ceff47596439871b plugins/dbms/informix/connector.py
989e75a65503dd648a45258217ae3371 plugins/dbms/informix/enumeration.py 989e75a65503dd648a45258217ae3371 plugins/dbms/informix/enumeration.py
667e50aa06883f0f194bef335015d694 plugins/dbms/informix/filesystem.py 667e50aa06883f0f194bef335015d694 plugins/dbms/informix/filesystem.py
df241894bc46576590fae7809650aa58 plugins/dbms/informix/fingerprint.py f06d263b2c9b52ea7a120593eb5806c4 plugins/dbms/informix/fingerprint.py
859d2ed1e0c1b8a1b92c8b2044e6afc5 plugins/dbms/informix/__init__.py 859d2ed1e0c1b8a1b92c8b2044e6afc5 plugins/dbms/informix/__init__.py
0aa8ec7b83435a1ecec19c5320728051 plugins/dbms/informix/syntax.py 0aa8ec7b83435a1ecec19c5320728051 plugins/dbms/informix/syntax.py
744fb5044f2b9f9d5ebda6e3f08e3be7 plugins/dbms/informix/takeover.py 744fb5044f2b9f9d5ebda6e3f08e3be7 plugins/dbms/informix/takeover.py
@@ -154,56 +154,56 @@ df241894bc46576590fae7809650aa58 plugins/dbms/informix/fingerprint.py
e50b624ff23c3e180d80e065deb1763f plugins/dbms/maxdb/connector.py e50b624ff23c3e180d80e065deb1763f plugins/dbms/maxdb/connector.py
cbd90f22ce862409fe392e65f0ea94ac plugins/dbms/maxdb/enumeration.py cbd90f22ce862409fe392e65f0ea94ac plugins/dbms/maxdb/enumeration.py
815ea8e7b9bd714d73d9d6c454aff774 plugins/dbms/maxdb/filesystem.py 815ea8e7b9bd714d73d9d6c454aff774 plugins/dbms/maxdb/filesystem.py
30ace2bbd22cf6152e4a7e9d8176bdc1 plugins/dbms/maxdb/fingerprint.py 017c723354eff28188773670d3837c01 plugins/dbms/maxdb/fingerprint.py
c03001c1f70e76de39d26241dfcbd033 plugins/dbms/maxdb/__init__.py c03001c1f70e76de39d26241dfcbd033 plugins/dbms/maxdb/__init__.py
e6036f5b2e39aec37ba036a8cf0efd6f plugins/dbms/maxdb/syntax.py e6036f5b2e39aec37ba036a8cf0efd6f plugins/dbms/maxdb/syntax.py
0be362015605e26551e5d79cc83ed466 plugins/dbms/maxdb/takeover.py 0be362015605e26551e5d79cc83ed466 plugins/dbms/maxdb/takeover.py
e3e78fab9b5eb97867699f0b20e59b62 plugins/dbms/mssqlserver/connector.py e3e78fab9b5eb97867699f0b20e59b62 plugins/dbms/mssqlserver/connector.py
a7ed0510e47384eaf93164d53e2b6b36 plugins/dbms/mssqlserver/enumeration.py a7ed0510e47384eaf93164d53e2b6b36 plugins/dbms/mssqlserver/enumeration.py
8554437c437052c30237be170ba8ce3a plugins/dbms/mssqlserver/filesystem.py 8554437c437052c30237be170ba8ce3a plugins/dbms/mssqlserver/filesystem.py
4e4bb17dfb175b5f6485d7513e4c8fb1 plugins/dbms/mssqlserver/fingerprint.py 13cb15e8abfb05818e6f66c687b78664 plugins/dbms/mssqlserver/fingerprint.py
40bd890988f9acd3942255d687445371 plugins/dbms/mssqlserver/__init__.py 40bd890988f9acd3942255d687445371 plugins/dbms/mssqlserver/__init__.py
400ce654ff6bc57a40fb291322a18282 plugins/dbms/mssqlserver/syntax.py 400ce654ff6bc57a40fb291322a18282 plugins/dbms/mssqlserver/syntax.py
20c669e084ea4d6b968a5834f7fec66c plugins/dbms/mssqlserver/takeover.py 20c669e084ea4d6b968a5834f7fec66c plugins/dbms/mssqlserver/takeover.py
48fb283a0dbf980495ca054f7b55783f plugins/dbms/mysql/connector.py 48fb283a0dbf980495ca054f7b55783f plugins/dbms/mysql/connector.py
7fe94b803fa273baf479b76ce7a3fb51 plugins/dbms/mysql/enumeration.py 7fe94b803fa273baf479b76ce7a3fb51 plugins/dbms/mysql/enumeration.py
1bd5e659962e814b66a451b807de9110 plugins/dbms/mysql/filesystem.py 1bd5e659962e814b66a451b807de9110 plugins/dbms/mysql/filesystem.py
e9076fe684eb3fe037f945601c7017f0 plugins/dbms/mysql/fingerprint.py 1a17c2dea2cd7554cf9082fdf96f8360 plugins/dbms/mysql/fingerprint.py
42568a66a13a43ed46748290c503a652 plugins/dbms/mysql/__init__.py 42568a66a13a43ed46748290c503a652 plugins/dbms/mysql/__init__.py
96dfafcc4aecc1c574148ac05dbdb6da plugins/dbms/mysql/syntax.py 96dfafcc4aecc1c574148ac05dbdb6da plugins/dbms/mysql/syntax.py
33b2dc28075ab560fd8a4dc898682a0d plugins/dbms/mysql/takeover.py 33b2dc28075ab560fd8a4dc898682a0d plugins/dbms/mysql/takeover.py
ea4b9cd238075b79945bd2607810934a plugins/dbms/oracle/connector.py ea4b9cd238075b79945bd2607810934a plugins/dbms/oracle/connector.py
3a08ef0037de6df9f9a92ec5b126d705 plugins/dbms/oracle/enumeration.py 3a08ef0037de6df9f9a92ec5b126d705 plugins/dbms/oracle/enumeration.py
dc5962a1d4d69d4206b6c03e00e7f33d plugins/dbms/oracle/filesystem.py dc5962a1d4d69d4206b6c03e00e7f33d plugins/dbms/oracle/filesystem.py
d19215a6aee5d04d67ee67eb2cac9893 plugins/dbms/oracle/fingerprint.py 525381f48505095b14e567c1f59ca9c7 plugins/dbms/oracle/fingerprint.py
25a99a9dd7072b6b7346438599c78050 plugins/dbms/oracle/__init__.py 25a99a9dd7072b6b7346438599c78050 plugins/dbms/oracle/__init__.py
783d4795fac75f73a7cfba3cd9c3d01c plugins/dbms/oracle/syntax.py 783d4795fac75f73a7cfba3cd9c3d01c plugins/dbms/oracle/syntax.py
c05176f6efe66069756fb78dfa0ed3f6 plugins/dbms/oracle/takeover.py c05176f6efe66069756fb78dfa0ed3f6 plugins/dbms/oracle/takeover.py
e087d54b9b2617a9f40be15a2bd478c2 plugins/dbms/postgresql/connector.py e087d54b9b2617a9f40be15a2bd478c2 plugins/dbms/postgresql/connector.py
8377c5ab3de500f9a495fcd9e2a75d3e plugins/dbms/postgresql/enumeration.py 8377c5ab3de500f9a495fcd9e2a75d3e plugins/dbms/postgresql/enumeration.py
48822058c620ffaa2acc599b4d39c667 plugins/dbms/postgresql/filesystem.py 48822058c620ffaa2acc599b4d39c667 plugins/dbms/postgresql/filesystem.py
1d514afa3106fa5fbd6fa2dd33970917 plugins/dbms/postgresql/fingerprint.py c10df993e8b243ba3d6a94e8ae28a875 plugins/dbms/postgresql/fingerprint.py
a3a4e82e9a68329c44762897c87acfec plugins/dbms/postgresql/__init__.py a3a4e82e9a68329c44762897c87acfec plugins/dbms/postgresql/__init__.py
76bde1ffb3040ae709156449a583e9ed plugins/dbms/postgresql/syntax.py 76bde1ffb3040ae709156449a583e9ed plugins/dbms/postgresql/syntax.py
286f95526a6ce0b8ae9bff6fc3117af0 plugins/dbms/postgresql/takeover.py 286f95526a6ce0b8ae9bff6fc3117af0 plugins/dbms/postgresql/takeover.py
719fdd12e360458e822950f245d67ad0 plugins/dbms/sqlite/connector.py 719fdd12e360458e822950f245d67ad0 plugins/dbms/sqlite/connector.py
28b9d7d0614e52275a30b5a57fc76027 plugins/dbms/sqlite/enumeration.py 28b9d7d0614e52275a30b5a57fc76027 plugins/dbms/sqlite/enumeration.py
954e503cfc8dd1acf9fc50868f5dafb0 plugins/dbms/sqlite/filesystem.py 954e503cfc8dd1acf9fc50868f5dafb0 plugins/dbms/sqlite/filesystem.py
60febaa44bd2fe5919e80e3bd7f0c2dd plugins/dbms/sqlite/fingerprint.py ee430d142fa8f9ee571578d0a0916679 plugins/dbms/sqlite/fingerprint.py
6b17cc8cc94a912a0a5cf15acbad5ba4 plugins/dbms/sqlite/__init__.py 6b17cc8cc94a912a0a5cf15acbad5ba4 plugins/dbms/sqlite/__init__.py
4827722159a89652005f49265bb55c43 plugins/dbms/sqlite/syntax.py 4827722159a89652005f49265bb55c43 plugins/dbms/sqlite/syntax.py
02ab8ff465da9dd31ffe6a963c676180 plugins/dbms/sqlite/takeover.py 02ab8ff465da9dd31ffe6a963c676180 plugins/dbms/sqlite/takeover.py
e3e78fab9b5eb97867699f0b20e59b62 plugins/dbms/sybase/connector.py e3e78fab9b5eb97867699f0b20e59b62 plugins/dbms/sybase/connector.py
a7f4d3a194f52fbb4fb4488be41273b1 plugins/dbms/sybase/enumeration.py a7f4d3a194f52fbb4fb4488be41273b1 plugins/dbms/sybase/enumeration.py
62d772c7cd08275e3503304ba90c4e8a plugins/dbms/sybase/filesystem.py 62d772c7cd08275e3503304ba90c4e8a plugins/dbms/sybase/filesystem.py
9e3e9a1f8dd491a95e833155a4157662 plugins/dbms/sybase/fingerprint.py deed74334b637767fc9de8f74b37647a plugins/dbms/sybase/fingerprint.py
45436a42c2bb8075e1482a950d993d55 plugins/dbms/sybase/__init__.py 45436a42c2bb8075e1482a950d993d55 plugins/dbms/sybase/__init__.py
89412a921c8c598c19d36762d5820f05 plugins/dbms/sybase/syntax.py 89412a921c8c598c19d36762d5820f05 plugins/dbms/sybase/syntax.py
654cd5e69cf5e5c644bfa5d284e61206 plugins/dbms/sybase/takeover.py 654cd5e69cf5e5c644bfa5d284e61206 plugins/dbms/sybase/takeover.py
1f46f2eac95cfdc3fa150ec5b0500eba plugins/generic/connector.py be7481a96214220bcd8f51ca00239bed plugins/generic/connector.py
a8f9d0516509e9e4226516ab4f13036a plugins/generic/custom.py a8f9d0516509e9e4226516ab4f13036a plugins/generic/custom.py
3b54fd65feb9f70c551d315e82653384 plugins/generic/databases.py 3b54fd65feb9f70c551d315e82653384 plugins/generic/databases.py
45c32855126546a0d9936ecdc943ab3f plugins/generic/entries.py f7387352380136ac05c0bc3decb85638 plugins/generic/entries.py
55802d1d5d65938414c77ccc27731cab plugins/generic/enumeration.py 55802d1d5d65938414c77ccc27731cab plugins/generic/enumeration.py
bc32b21a3ab5421b5307ff7317256229 plugins/generic/filesystem.py bc32b21a3ab5421b5307ff7317256229 plugins/generic/filesystem.py
feca57a968c528a2fe3ccafbc83a17f8 plugins/generic/fingerprint.py feca57a968c528a2fe3ccafbc83a17f8 plugins/generic/fingerprint.py
@@ -252,7 +252,8 @@ a3a0e76922b4f40f422a0daca4e71af3 tamper/htmlencode.py
54e1793f30c755202ee1acaacfac45fb tamper/nonrecursivereplacement.py 54e1793f30c755202ee1acaacfac45fb tamper/nonrecursivereplacement.py
00ba60e5869055aaa7ba0cd23b5ed1f4 tamper/overlongutf8.py 00ba60e5869055aaa7ba0cd23b5ed1f4 tamper/overlongutf8.py
3cadacb0f39de03e0f8612c656104e03 tamper/percentage.py 3cadacb0f39de03e0f8612c656104e03 tamper/percentage.py
7805efc7af932c2ab452f41967f9eb7b tamper/plus2concat.py 3e09fc9f1a6f3fee03f9213aaee97191 tamper/plus2concat.py
7a18480b27d62eb574cf0150a57e81b1 tamper/plus2fnconcat.py
24753ed4e8ceab6f1a1fc13ee621943b tamper/randomcase.py 24753ed4e8ceab6f1a1fc13ee621943b tamper/randomcase.py
4d5fdfe77668fa44967e1d44f8a50ce7 tamper/randomcomments.py 4d5fdfe77668fa44967e1d44f8a50ce7 tamper/randomcomments.py
22561b429f41fc0bdd23e36b9a8de9e5 tamper/securesphere.py 22561b429f41fc0bdd23e36b9a8de9e5 tamper/securesphere.py
@@ -344,8 +345,6 @@ d41d8cd98f00b204e9800998ecf8427e thirdparty/multipart/__init__.py
08801ea0ba9ae22885275ef65d3ee9dc thirdparty/oset/_abc.py 08801ea0ba9ae22885275ef65d3ee9dc thirdparty/oset/_abc.py
54a861de0f08bb80c2e8846579ec83bd thirdparty/oset/__init__.py 54a861de0f08bb80c2e8846579ec83bd thirdparty/oset/__init__.py
179f0c584ef3fb39437bdb6e15d9c867 thirdparty/oset/pyoset.py 179f0c584ef3fb39437bdb6e15d9c867 thirdparty/oset/pyoset.py
d24924d878e24946e83cfc1459f806af thirdparty/pagerank/__init__.py
7616693115d08f9b815a567515a0db56 thirdparty/pagerank/pagerank.py
94a4abc0fdac64ef0661b82aff68d791 thirdparty/prettyprint/__init__.py 94a4abc0fdac64ef0661b82aff68d791 thirdparty/prettyprint/__init__.py
ff80a22ee858f5331b0c088efa98b3ff thirdparty/prettyprint/prettyprint.py ff80a22ee858f5331b0c088efa98b3ff thirdparty/prettyprint/prettyprint.py
5c70f8e5f7353aedc6d8d21d4fb72b37 thirdparty/pydes/__init__.py 5c70f8e5f7353aedc6d8d21d4fb72b37 thirdparty/pydes/__init__.py
@@ -401,9 +400,9 @@ ab6f6e3169cb43efcf5b6ed84b58252f waf/comodo.py
7bde9f5ec27b41167d25a3a24853107b waf/dotdefender.py 7bde9f5ec27b41167d25a3a24853107b waf/dotdefender.py
e4b058d759198216d24f8fed6ef97be4 waf/edgecast.py e4b058d759198216d24f8fed6ef97be4 waf/edgecast.py
f633953970fb181b9ac5420a47e6a610 waf/expressionengine.py f633953970fb181b9ac5420a47e6a610 waf/expressionengine.py
f2295bb96025aeeca7e38661aef7c883 waf/fortiweb.py 1df78b6ad49259514cb6e4d68371cbcf waf/fortiweb.py
ef151fbc34f16620958ba61dd415ae59 waf/generic.py ef151fbc34f16620958ba61dd415ae59 waf/generic.py
9126fc8101dee36c27866df731e2d841 waf/hyperguard.py d50e17ed49e1a3cb846e652ed98e3b3c waf/hyperguard.py
5b5382ccfb82ee6afdc1b47c8a4bce70 waf/incapsula.py 5b5382ccfb82ee6afdc1b47c8a4bce70 waf/incapsula.py
310efc965c862cfbd7b0da5150a5ad36 waf/__init__.py 310efc965c862cfbd7b0da5150a5ad36 waf/__init__.py
5a364b68519a5872c4d60be11d2a23c1 waf/isaserver.py 5a364b68519a5872c4d60be11d2a23c1 waf/isaserver.py

2
waf/fortiweb.py
View File

@@ -10,7 +10,7 @@ import re
from lib.core.enums import HTTP_HEADER from lib.core.enums import HTTP_HEADER
from lib.core.settings import WAF_ATTACK_VECTORS from lib.core.settings import WAF_ATTACK_VECTORS
__product__ = "FortiWeb Web Application Firewall (Fortinet Inc.)" __product__ = "FortiWeb Web Application Firewall (Fortinet)"
def detect(get_page): def detect(get_page):
retval = False retval = False

2
waf/hyperguard.py
View File

@@ -10,7 +10,7 @@ import re
from lib.core.enums import HTTP_HEADER from lib.core.enums import HTTP_HEADER
from lib.core.settings import WAF_ATTACK_VECTORS from lib.core.settings import WAF_ATTACK_VECTORS
__product__ = "Hyperguard Web Application Firewall (art of defence Inc.)" __product__ = "Hyperguard Web Application Firewall (art of defence)"
def detect(get_page): def detect(get_page):
retval = False retval = False