PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-07 05:01:30 +00:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: PenTest:1.1.4
Branches Tags
PenTest:master PenTest:gh-pages
PenTest:1.9.12 PenTest:1.9.11 PenTest:1.9.10 PenTest:1.9.9 PenTest:1.9.8 PenTest:1.9.7 PenTest:1.9.6 PenTest:1.9.5 PenTest:1.9.4 PenTest:1.9.3 PenTest:1.9.2 PenTest:1.9 PenTest:1.8.12 PenTest:1.8.11 PenTest:1.8.10 PenTest:1.8.9 PenTest:1.8.8 PenTest:1.8.7 PenTest:1.8.6 PenTest:1.8.5 PenTest:1.8.4 PenTest:1.8.3 PenTest:1.8.2 PenTest:1.8 PenTest:1.8.1 PenTest:1.7.1 PenTest:1.7.12 PenTest:1.7.11 PenTest:1.7.10 PenTest:1.7.9 PenTest:1.7.8 PenTest:1.7.7 PenTest:1.7.6 PenTest:1.7.5 PenTest:1.7.4 PenTest:1.7.3 PenTest:1.7.2 PenTest:1.7 PenTest:1.6.12 PenTest:1.6.11 PenTest:1.6.10 PenTest:1.6.9 PenTest:1.6.8 PenTest:1.6.7 PenTest:1.6.6 PenTest:1.6.5 PenTest:1.6.4 PenTest:1.6.3 PenTest:1.6.2 PenTest:1.6 PenTest:1.5.12 PenTest:1.5.11 PenTest:1.5.10 PenTest:1.5.9 PenTest:1.5.8 PenTest:1.5.7 PenTest:1.5.6 PenTest:1.5.5 PenTest:1.5.4 PenTest:1.5.3 PenTest:1.5.2 PenTest:1.5 PenTest:1.4.12 PenTest:1.4.11 PenTest:1.4.10 PenTest:1.4.9 PenTest:1.4.8 PenTest:1.4.7 PenTest:1.4.6 PenTest:1.4.5 PenTest:1.4.4 PenTest:0.19 PenTest:1.4.3 PenTest:1.4.2 PenTest:1.4 PenTest:1.3.12 PenTest:1.3.11 PenTest:1.3.10 PenTest:1.3.9 PenTest:1.3.8 PenTest:1.3.7 PenTest:1.3.6 PenTest:1.3.5 PenTest:1.3.4 PenTest:1.3.3 PenTest:1.3.2 PenTest:1.3 PenTest:1.2.12 PenTest:1.2.11 PenTest:1.2.10 PenTest:1.2.9 PenTest:1.2.8 PenTest:1.2.7 PenTest:1.2.6 PenTest:1.2.5 PenTest:1.2.4 PenTest:1.2.3 PenTest:1.2.2 PenTest:1.2 PenTest:1.1.12 PenTest:1.1.11 PenTest:1.1.10 PenTest:1.1.9 PenTest:1.1.8 PenTest:1.1.7 PenTest:1.1.6 PenTest:1.1.5 PenTest:1.1.4 PenTest:1.1.3 PenTest:1.1.2 PenTest:1.1 PenTest:1.0.12 PenTest:1.0.11 PenTest:1.0.10 PenTest:1.0.9 PenTest:1.0.8 PenTest:1.0.7 PenTest:1.0.6 PenTest:1.0.5 PenTest:1.0.4 PenTest:1.0.3 PenTest:1.0 PenTest:0.6.2 PenTest:0.6.3 PenTest:0.6.4 PenTest:0.7-rc1 PenTest:0.8-rc2 PenTest:0.8-rc3 PenTest:0.7 PenTest:0.8-rc4 PenTest:0.8 PenTest:0.9
..
compare: PenTest:1.1.5
Branches Tags
PenTest:master PenTest:gh-pages
PenTest:1.9.12 PenTest:1.9.11 PenTest:1.9.10 PenTest:1.9.9 PenTest:1.9.8 PenTest:1.9.7 PenTest:1.9.6 PenTest:1.9.5 PenTest:1.9.4 PenTest:1.9.3 PenTest:1.9.2 PenTest:1.9 PenTest:1.8.12 PenTest:1.8.11 PenTest:1.8.10 PenTest:1.8.9 PenTest:1.8.8 PenTest:1.8.7 PenTest:1.8.6 PenTest:1.8.5 PenTest:1.8.4 PenTest:1.8.3 PenTest:1.8.2 PenTest:1.8 PenTest:1.8.1 PenTest:1.7.1 PenTest:1.7.12 PenTest:1.7.11 PenTest:1.7.10 PenTest:1.7.9 PenTest:1.7.8 PenTest:1.7.7 PenTest:1.7.6 PenTest:1.7.5 PenTest:1.7.4 PenTest:1.7.3 PenTest:1.7.2 PenTest:1.7 PenTest:1.6.12 PenTest:1.6.11 PenTest:1.6.10 PenTest:1.6.9 PenTest:1.6.8 PenTest:1.6.7 PenTest:1.6.6 PenTest:1.6.5 PenTest:1.6.4 PenTest:1.6.3 PenTest:1.6.2 PenTest:1.6 PenTest:1.5.12 PenTest:1.5.11 PenTest:1.5.10 PenTest:1.5.9 PenTest:1.5.8 PenTest:1.5.7 PenTest:1.5.6 PenTest:1.5.5 PenTest:1.5.4 PenTest:1.5.3 PenTest:1.5.2 PenTest:1.5 PenTest:1.4.12 PenTest:1.4.11 PenTest:1.4.10 PenTest:1.4.9 PenTest:1.4.8 PenTest:1.4.7 PenTest:1.4.6 PenTest:1.4.5 PenTest:1.4.4 PenTest:0.19 PenTest:1.4.3 PenTest:1.4.2 PenTest:1.4 PenTest:1.3.12 PenTest:1.3.11 PenTest:1.3.10 PenTest:1.3.9 PenTest:1.3.8 PenTest:1.3.7 PenTest:1.3.6 PenTest:1.3.5 PenTest:1.3.4 PenTest:1.3.3 PenTest:1.3.2 PenTest:1.3 PenTest:1.2.12 PenTest:1.2.11 PenTest:1.2.10 PenTest:1.2.9 PenTest:1.2.8 PenTest:1.2.7 PenTest:1.2.6 PenTest:1.2.5 PenTest:1.2.4 PenTest:1.2.3 PenTest:1.2.2 PenTest:1.2 PenTest:1.1.12 PenTest:1.1.11 PenTest:1.1.10 PenTest:1.1.9 PenTest:1.1.8 PenTest:1.1.7 PenTest:1.1.6 PenTest:1.1.5 PenTest:1.1.4 PenTest:1.1.3 PenTest:1.1.2 PenTest:1.1 PenTest:1.0.12 PenTest:1.0.11 PenTest:1.0.10 PenTest:1.0.9 PenTest:1.0.8 PenTest:1.0.7 PenTest:1.0.6 PenTest:1.0.5 PenTest:1.0.4 PenTest:1.0.3 PenTest:1.0 PenTest:0.6.2 PenTest:0.6.3 PenTest:0.6.4 PenTest:0.7-rc1 PenTest:0.8-rc2 PenTest:0.8-rc3 PenTest:0.7 PenTest:0.8-rc4 PenTest:0.8 PenTest:0.9

52 Commits
1.1.4 ... 1.1.5

Author SHA1 Message Date
Miroslav Stampar
347ce87e27 Fixes #2511 2017-05-01 22:53:12 +02:00
Miroslav Stampar
ff5a954980 Fixes #2508 2017-04-30 08:32:26 +02:00
Miroslav Stampar
1a8de2aee1 Fixes #2504 2017-04-27 13:18:29 +02:00
Miroslav Stampar
ab08273d82 Fixes #2501 2017-04-23 23:50:30 +02:00
Miroslav Stampar
fbb845ad7c Fixes #2500 2017-04-23 23:30:51 +02:00
Miroslav Stampar
15a1d55812 Fixes #2500 2017-04-23 23:14:05 +02:00
Miroslav Stampar
4643bd6517 Quick patch for #2498 2017-04-21 17:44:51 +02:00
Miroslav Stampar
1c5f01e2a2 Fixes #2487 2017-04-20 11:54:27 +02:00
Miroslav Stampar
ebbc68853d Fixes #2496 2017-04-20 10:48:04 +02:00
Miroslav Stampar
3140fd0ca6 Fixes #2495 2017-04-20 10:29:05 +02:00
Miroslav Stampar
5bcbf63ddb Fixes #2491 2017-04-19 16:13:31 +02:00
Miroslav Stampar
01fbda4bc9 Fixes #2490 2017-04-19 16:13:05 +02:00
Miroslav Stampar
ba22171a51 PEP 3113 cleanup 2017-04-19 14:56:32 +02:00
Miroslav Stampar
fc8eede952 Minor cleanup and one bug fix 2017-04-19 14:46:27 +02:00
Miroslav Stampar
c8a0c525fc Fixes #2489 2017-04-19 14:19:39 +02:00
Miroslav Stampar
46c7c28919 Implementation for an Issue #2485 2017-04-19 13:56:29 +02:00
Miroslav Stampar
81e3395975 Minor update 2017-04-19 13:35:36 +02:00
Miroslav Stampar
0340ecd38a Minor patch related to the #2487 2017-04-18 16:49:58 +02:00
Miroslav Stampar
2d05174545 Trivial update 2017-04-18 15:56:24 +02:00
Miroslav Stampar
5f2bb88037 Some code refactoring 2017-04-18 15:48:05 +02:00
Miroslav Stampar
65b02d4ab0 Minor update 2017-04-18 14:22:37 +02:00
Miroslav Stampar
ea58d29e2c Minor update 2017-04-18 14:11:23 +02:00
Miroslav Stampar
47e0fc36c7 Minor consistency update 2017-04-18 14:02:25 +02:00
Miroslav Stampar
7ebba5614a Moving brute from techniques to utils 2017-04-18 13:53:41 +02:00
Miroslav Stampar
686f53a7c6 Minor patch 2017-04-16 23:32:58 +02:00
Miroslav Stampar
67a3e8cd75 Minor patch 2017-04-14 13:19:00 +02:00
Miroslav Stampar
d9a931f77a Minor cleanup 2017-04-14 13:14:53 +02:00
Miroslav Stampar
0e206da7c0 Minor patches (pydiatra) 2017-04-14 13:08:51 +02:00
Miroslav Stampar
81e6dab965 New extra script 2017-04-14 12:54:33 +02:00
Miroslav Stampar
a702dafd03 Fixes #2481 2017-04-14 12:47:24 +02:00
Miroslav Stampar
6b48f6ec26 Merge pull request #2480 from jwilk/spelling 
Fix typos
 2017-04-14 12:22:15 +02:00
Jakub Wilk
06148cd610 Fix typos 2017-04-14 11:37:54 +02:00
Miroslav Stampar
36dfad192f Better link to user's manual 2017-04-13 12:47:14 +02:00
Miroslav Stampar
9436c43306 Mailing list is dead. Long live the mailing list 2017-04-13 12:40:37 +02:00
Miroslav Stampar
c198fd7939 Update for an Issue #13 2017-04-12 10:54:29 +02:00
Miroslav Stampar
1e092c4e8d Just in case update for an Issue #2474 2017-04-11 13:34:40 +02:00
Miroslav Stampar
1e310631ab Minor stability patch 2017-04-11 10:01:37 +02:00
Miroslav Stampar
47ee1a991f Update for an Issue #2472 2017-04-11 09:47:27 +02:00
Miroslav Stampar
9b3d229294 Fixes #2471 2017-04-10 19:21:22 +02:00
Miroslav Stampar
c74756c3bc Update regarding the #2467 2017-04-10 16:44:12 +02:00
Miroslav Stampar
1196a1b7f8 Fixes #405 2017-04-10 14:50:17 +02:00
Miroslav Stampar
c2262eda1a Update of smalldict.txt with 7 (small) more from SecLists 2017-04-07 16:30:36 +02:00
Miroslav Stampar
02eacc32c1 Minor cleanup 2017-04-07 16:30:02 +02:00
Miroslav Stampar
b1a112f72c Updating wordlist.zip file with 15 dicts from SecLists 2017-04-07 16:18:21 +02:00
Miroslav Stampar
464caf056b Minor update 2017-04-07 15:55:18 +02:00
Miroslav Stampar
44c85f8351 Reverting back the bottle.py revision because of numerous Python 2.6 incompatibilities 2017-04-07 15:10:28 +02:00
Miroslav Stampar
ad3283fd24 Another Python 2.6 patch 2017-04-07 15:05:54 +02:00
Miroslav Stampar
07208c45ef Patch of bottle.py for Python 2.6 2017-04-07 14:59:24 +02:00
Miroslav Stampar
751f423ae0 Adding latest revision of bottle.py 2017-04-07 14:55:25 +02:00
Miroslav Stampar
c124086021 Minor update for #1282 2017-04-07 14:46:41 +02:00
Miroslav Stampar
f285bc7459 Minor update 2017-04-07 14:30:52 +02:00
Miroslav Stampar
b4c4d3f72a Fixes latest Python 2.6 compatibility issues 2017-04-06 11:37:42 +02:00
90 changed files with 1501 additions and 740 deletions
Expand all files Collapse all files

2
.gitattributes vendored
View File

@@ -1,6 +1,8 @@
*.conf text eol=lf
*.md text eol=lf
*.md5 text eol=lf
*.py text eol=lf
*.xml text eol=lf
*_ binary
*.dll binary

5
README.md
View File

@@ -34,7 +34,7 @@ To get a list of all options and switches use:
python sqlmap.py -hh
You can find a sample run [here](https://asciinema.org/a/46601).
To get an overview of sqlmap capabilities, list of supported features and description of all options and switches, along with examples, you are advised to consult the [user's manual](https://github.com/sqlmapproject/sqlmap/wiki).
To get an overview of sqlmap capabilities, list of supported features and description of all options and switches, along with examples, you are advised to consult the [user's manual](https://github.com/sqlmapproject/sqlmap/wiki/Usage).
Links
----
@@ -45,9 +45,6 @@ Links
* Issue tracker: https://github.com/sqlmapproject/sqlmap/issues
* User's manual: https://github.com/sqlmapproject/sqlmap/wiki
* Frequently Asked Questions (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
* Mailing list subscription: https://lists.sourceforge.net/lists/listinfo/sqlmap-users
* Mailing list RSS feed: http://rss.gmane.org/messages/complete/gmane.comp.security.sqlmap
* Mailing list archive: http://news.gmane.org/gmane.comp.security.sqlmap
* Twitter: [@sqlmap](https://twitter.com/sqlmap)
* Demos: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos)
* Screenshots: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots

8
doc/CHANGELOG.md
View File

@@ -83,7 +83,7 @@
* Added option `--sql-file` for setting file(s) holding SQL statements to be executed (in case of stacked SQLi).
* Added switch `--sqlmap-shell` to turn on interactive sqlmap shell prompt.
* Added option `--test-filter` for test filtration by payloads and/or titles (e.g. `ROW`).
* Added option `--test-skip` for skiping tests by payloads and/or titles (e.g. `BENCHMARK`).
* Added option `--test-skip` for skipping tests by payloads and/or titles (e.g. `BENCHMARK`).
* Added switch `--titles` to turn on comparison of pages based only on their titles.
* Added option `--tor-port` to explicitly set Tor proxy port.
* Added option `--tor-type` to set Tor proxy type (`HTTP` (default), `SOCKS4` or `SOCKS5`).
@@ -149,7 +149,7 @@
* Major bugs fixed.
* Cleanup of UDF source code repository, https://svn.sqlmap.org/sqlmap/trunk/sqlmap/extra/udfhack.
* Major code cleanup.
* Added simple file encryption/compression utility, extra/cloak/cloak.py, used by sqlmap to decrypt on the fly Churrasco, UPX executable and web shells consequently reducing drastically the number of anti-virus softwares that mistakenly mark sqlmap as a malware.
* Added simple file encryption/compression utility, extra/cloak/cloak.py, used by sqlmap to decrypt on the fly Churrasco, UPX executable and web shells consequently reducing drastically the number of anti-virus software that mistakenly mark sqlmap as a malware.
* Updated user's manual.
* Created several demo videos, hosted on YouTube (http://www.youtube.com/user/inquisb) and linked from http://sqlmap.org/demo.html.
@@ -302,7 +302,7 @@
* Added support to extract database users password hash on Microsoft SQL Server;
* Added a fuzzer function with the aim to parse HTML page looking for standard database error messages consequently improving database fingerprinting;
* Added support for SQL injection on HTTP Cookie and User-Agent headers;
* Reviewed HTTP request library (lib/request.py) to support the extended inband SQL injection functionality. Splitted getValue() into getInband() and getBlind();
* Reviewed HTTP request library (lib/request.py) to support the extended inband SQL injection functionality. Split getValue() into getInband() and getBlind();
* Major enhancements in common library and added checkForBrackets() method to check if the bracket(s) are needed to perform a UNION query SQL injection attack;
* Implemented `--dump-all` functionality to dump entire DBMS data from all databases tables;
* Added support to exclude DBMS system databases' when enumeration tables and dumping their entries (`--exclude-sysdbs`);
@@ -335,7 +335,7 @@
* Added inband SQL injection (UNION query) support (`--union-use`);
* Complete code refactoring, a lot of minor and some major fixes in libraries, many minor improvements;
* Reviewed the directory tree structure;
* Splitted lib/common.py: inband injection functionalities now are moved to lib/union.py;
* Split lib/common.py: inband injection functionalities now are moved to lib/union.py;
* Updated documentation files.
# Version 0.3 (2007-01-20)

75
doc/CONTRIBUTING.md
View File

@@ -1,38 +1,37 @@
# Contributing to sqlmap
## Reporting bugs
**Bug reports are welcome**!
Please report all bugs on the [issue tracker](https://github.com/sqlmapproject/sqlmap/issues).
### Guidelines
* Before you submit a bug report, search both [open](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aopen+is%3Aissue) and [closed](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) issues to make sure the issue has not come up before. Also, check the [user's manual](https://github.com/sqlmapproject/sqlmap/wiki) for anything relevant.
* Make sure you can reproduce the bug with the latest development version of sqlmap.
* Your report should give detailed instructions on how to reproduce the problem. If sqlmap raises an unhandled exception, the entire traceback is needed. Details of the unexpected behaviour are welcome too. A small test case (just a few lines) is ideal.
* If you are making an enhancement request, lay out the rationale for the feature you are requesting. *Why would this feature be useful?*
* If you are not sure whether something is a bug, or want to discuss a potential new feature before putting in an enhancement request, the [mailing list](https://lists.sourceforge.net/lists/listinfo/sqlmap-users) is a good place to bring it up.
## Submitting code changes
All code contributions are greatly appreciated. First off, clone the [Git repository](https://github.com/sqlmapproject/sqlmap), read the [user's manual](https://github.com/sqlmapproject/sqlmap/wiki) carefully, go through the code yourself and [drop us an email](mailto:dev@sqlmap.org) if you are having a hard time grasping its structure and meaning. We apologize for not commenting the code enough - you could take a chance to read it through and [improve it](https://github.com/sqlmapproject/sqlmap/issues/37).
Our preferred method of patch submission is via a Git [pull request](https://help.github.com/articles/using-pull-requests).
Many [people](https://raw.github.com/sqlmapproject/sqlmap/master/doc/THANKS.md) have contributed in different ways to the sqlmap development. **You** can be the next!
### Guidelines
In order to maintain consistency and readability throughout the code, we ask that you adhere to the following instructions:
* Each patch should make one logical change.
* Wrap code to 76 columns when possible.
* Avoid tabbing, use four blank spaces instead.
* Before you put time into a non-trivial patch, it is worth discussing it on the [mailing list](https://lists.sourceforge.net/lists/listinfo/sqlmap-users) or privately by [email](mailto:dev@sqlmap.org).
* Do not change style on numerous files in one single pull request, we can [discuss](mailto:dev@sqlmap.org) about those before doing any major restyling, but be sure that personal preferences not having a strong support in [PEP 8](http://www.python.org/dev/peps/pep-0008/) will likely to be rejected.
* Make changes on less than five files per single pull request - there is rarely a good reason to have more than five files changed on one pull request, as this dramatically increases the review time required to land (commit) any of those pull requests.
* Style that is too different from main branch will be ''adapted'' by the developers side.
* Do not touch anything inside `thirdparty/` and `extra/` folders.
### Licensing
By submitting code contributions to the sqlmap developers, to the mailing list, or via Git pull request, checking them into the sqlmap source code repository, it is understood (unless you specify otherwise) that you are offering the sqlmap copyright holders the unlimited, non-exclusive right to reuse, modify, and relicense the code. This is important because the inability to relicense code has caused devastating problems for other software projects (such as KDE and NASM). If you wish to specify special license conditions of your contributions, just say so when you send them.
# Contributing to sqlmap
## Reporting bugs
**Bug reports are welcome**!
Please report all bugs on the [issue tracker](https://github.com/sqlmapproject/sqlmap/issues).
### Guidelines
* Before you submit a bug report, search both [open](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aopen+is%3Aissue) and [closed](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) issues to make sure the issue has not come up before. Also, check the [user's manual](https://github.com/sqlmapproject/sqlmap/wiki) for anything relevant.
* Make sure you can reproduce the bug with the latest development version of sqlmap.
* Your report should give detailed instructions on how to reproduce the problem. If sqlmap raises an unhandled exception, the entire traceback is needed. Details of the unexpected behaviour are welcome too. A small test case (just a few lines) is ideal.
* If you are making an enhancement request, lay out the rationale for the feature you are requesting. *Why would this feature be useful?*
## Submitting code changes
All code contributions are greatly appreciated. First off, clone the [Git repository](https://github.com/sqlmapproject/sqlmap), read the [user's manual](https://github.com/sqlmapproject/sqlmap/wiki) carefully, go through the code yourself and [drop us an email](mailto:dev@sqlmap.org) if you are having a hard time grasping its structure and meaning. We apologize for not commenting the code enough - you could take a chance to read it through and [improve it](https://github.com/sqlmapproject/sqlmap/issues/37).
Our preferred method of patch submission is via a Git [pull request](https://help.github.com/articles/using-pull-requests).
Many [people](https://raw.github.com/sqlmapproject/sqlmap/master/doc/THANKS.md) have contributed in different ways to the sqlmap development. **You** can be the next!
### Guidelines
In order to maintain consistency and readability throughout the code, we ask that you adhere to the following instructions:
* Each patch should make one logical change.
* Wrap code to 76 columns when possible.
* Avoid tabbing, use four blank spaces instead.
* Before you put time into a non-trivial patch, it is worth discussing it privately by [email](mailto:dev@sqlmap.org).
* Do not change style on numerous files in one single pull request, we can [discuss](mailto:dev@sqlmap.org) about those before doing any major restyling, but be sure that personal preferences not having a strong support in [PEP 8](http://www.python.org/dev/peps/pep-0008/) will likely to be rejected.
* Make changes on less than five files per single pull request - there is rarely a good reason to have more than five files changed on one pull request, as this dramatically increases the review time required to land (commit) any of those pull requests.
* Style that is too different from main branch will be ''adapted'' by the developers side.
* Do not touch anything inside `thirdparty/` and `extra/` folders.
### Licensing
By submitting code contributions to the sqlmap developers or via Git pull request, checking them into the sqlmap source code repository, it is understood (unless you specify otherwise) that you are offering the sqlmap copyright holders the unlimited, non-exclusive right to reuse, modify, and relicense the code. This is important because the inability to relicense code has caused devastating problems for other software projects (such as KDE and NASM). If you wish to specify special license conditions of your contributions, just say so when you send them.

16
doc/COPYING
View File

@@ -46,14 +46,14 @@ to know exactly what a program is going to do before they run it.
Source code also allows you to fix bugs and add new features. You are
highly encouraged to send your changes to dev@sqlmap.org for possible
incorporation into the main distribution. By sending these changes to the
sqlmap developers, to the mailing lists, or via Git pull request, checking
them into the sqlmap source code repository, it is understood (unless you
specify otherwise) that you are offering the sqlmap project the unlimited,
non-exclusive right to reuse, modify, and relicense the code. sqlmap will
always be available Open Source, but this is important because the
inability to relicense code has caused devastating problems for other Free
Software projects (such as KDE and NASM). If you wish to specify special
license conditions of your contributions, just say so when you send them.
sqlmap developers or via Git pull request, checking them into the sqlmap
source code repository, it is understood (unless you specify otherwise)
that you are offering the sqlmap project the unlimited, non-exclusive
right to reuse, modify, and relicense the code. sqlmap will always be
available Open Source, but this is important because the inability to
relicense code has caused devastating problems for other Free Software
projects (such as KDE and NASM). If you wish to specify special license
conditions of your contributions, just say so when you send them.
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of

4
doc/THANKS.md
View File

@@ -139,7 +139,7 @@ Jim Forster, <jimforster(at)goldenwest.com>
* for reporting a bug
Rong-En Fan, <rafan(at)freebsd.org>
* for commiting the sqlmap 0.5 port to the official FreeBSD project repository
* for committing the sqlmap 0.5 port to the official FreeBSD project repository
Giorgio Fedon, <giorgio.fedon(at)gmail.com>
* for suggesting a speed improvement for bisection algorithm
@@ -562,7 +562,7 @@ Kazim Bugra Tombul, <mhackmail(at)gmail.com>
* for reporting a minor bug
Efrain Torres, <et(at)metasploit.com>
* for helping out to improve the Metasploit Framework sqlmap auxiliary module and for commiting it on the Metasploit official subversion repository
* for helping out to improve the Metasploit Framework sqlmap auxiliary module and for committing it on the Metasploit official subversion repository
* for his great Metasploit WMAP Framework
Sandro Tosi, <matrixhasu(at)gmail.com>

5
doc/translations/README-es-MX.md
View File

@@ -33,7 +33,7 @@ Para obtener una lista de todas las opciones:
python sqlmap.py -hh
Se puede encontrar una muestra de su funcionamiento [aquí](https://asciinema.org/a/46601).
Para obtener una visión general de las capacidades de sqlmap, así como un listado funciones soportadas y descripción de todas las opciones y modificadores, junto con ejemplos, se recomienda consultar el [manual de usuario](https://github.com/sqlmapproject/sqlmap/wiki).
Para obtener una visión general de las capacidades de sqlmap, así como un listado funciones soportadas y descripción de todas las opciones y modificadores, junto con ejemplos, se recomienda consultar el [manual de usuario](https://github.com/sqlmapproject/sqlmap/wiki/Usage).
Enlaces
---
@@ -44,9 +44,6 @@ Enlaces
* Seguimiento de problemas "Issue tracker": https://github.com/sqlmapproject/sqlmap/issues
* Manual de usuario: https://github.com/sqlmapproject/sqlmap/wiki
* Preguntas frecuentes (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
* Subscripción a la lista de correo: https://lists.sourceforge.net/lists/listinfo/sqlmap-users
* Fuente de la lista de correo "RSS feed": http://rss.gmane.org/messages/complete/gmane.comp.security.sqlmap
* Archivos de lista de correo: http://news.gmane.org/gmane.comp.security.sqlmap
* Twitter: [@sqlmap](https://twitter.com/sqlmap)
* Demostraciones: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos)
* Imágenes: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots

5
doc/translations/README-fr-FR.md
View File

@@ -33,7 +33,7 @@ Pour afficher une liste complète des options et des commutateurs (switches), ta
python sqlmap.py -hh
Vous pouvez regarder un vidéo [ici](https://asciinema.org/a/46601) pour plus d'exemples.
Pour obtenir un aperçu des ressources de __sqlmap__, une liste des fonctionnalités prises en charge et la description de toutes les options, ainsi que des exemples , nous vous recommandons de consulter [le wiki](https://github.com/sqlmapproject/sqlmap/wiki).
Pour obtenir un aperçu des ressources de __sqlmap__, une liste des fonctionnalités prises en charge et la description de toutes les options, ainsi que des exemples , nous vous recommandons de consulter [le wiki](https://github.com/sqlmapproject/sqlmap/wiki/Usage).
Liens
----
@@ -44,9 +44,6 @@ Liens
* Issue tracker: https://github.com/sqlmapproject/sqlmap/issues
* Manuel de l'utilisateur: https://github.com/sqlmapproject/sqlmap/wiki
* Foire aux questions (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
* Mailing list subscription: https://lists.sourceforge.net/lists/listinfo/sqlmap-users
* Mailing list RSS feed: http://rss.gmane.org/messages/complete/gmane.comp.security.sqlmap
* Mailing list archive: http://news.gmane.org/gmane.comp.security.sqlmap
* Twitter: [@sqlmap](https://twitter.com/sqlmap)
* Démonstrations: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos)
* Les captures d'écran: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots

5
doc/translations/README-gr-GR.md
View File

@@ -34,7 +34,7 @@
python sqlmap.py -hh
Μπορείτε να δείτε ένα δείγμα λειτουργίας του προγράμματος [εδώ](https://asciinema.org/a/46601).
Για μια γενικότερη άποψη των δυνατοτήτων του sqlmap, μια λίστα των υποστηριζόμενων χαρακτηριστικών και περιγραφή για όλες τις επιλογές, μαζί με παραδείγματα, καλείστε να συμβουλευτείτε το [εγχειρίδιο χρήστη](https://github.com/sqlmapproject/sqlmap/wiki).
Για μια γενικότερη άποψη των δυνατοτήτων του sqlmap, μια λίστα των υποστηριζόμενων χαρακτηριστικών και περιγραφή για όλες τις επιλογές, μαζί με παραδείγματα, καλείστε να συμβουλευτείτε το [εγχειρίδιο χρήστη](https://github.com/sqlmapproject/sqlmap/wiki/Usage).
Σύνδεσμοι
----
@@ -45,9 +45,6 @@
* Προβλήματα: https://github.com/sqlmapproject/sqlmap/issues
* Εγχειρίδιο Χρήστη: https://github.com/sqlmapproject/sqlmap/wiki
* Συχνές Ερωτήσεις (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
* Εγγραφή σε Mailing list: https://lists.sourceforge.net/lists/listinfo/sqlmap-users
* Mailing list RSS feed: http://rss.gmane.org/messages/complete/gmane.comp.security.sqlmap
* Mailing list αρχείο: http://news.gmane.org/gmane.comp.security.sqlmap
* Twitter: [@sqlmap](https://twitter.com/sqlmap)
* Demos: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos)
* Εικόνες: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots

5
doc/translations/README-hr-HR.md
View File

@@ -34,7 +34,7 @@ Kako biste dobili listu svih opcija i prekidača koristite:
python sqlmap.py -hh
Možete pronaći primjer izvršavanja [ovdje](https://asciinema.org/a/46601).
Kako biste dobili pregled mogućnosti sqlmap-a, liste podržanih značajki te opis svih opcija i prekidača, zajedno s primjerima, preporučen je uvid u [korisnički priručnik](https://github.com/sqlmapproject/sqlmap/wiki).
Kako biste dobili pregled mogućnosti sqlmap-a, liste podržanih značajki te opis svih opcija i prekidača, zajedno s primjerima, preporučen je uvid u [korisnički priručnik](https://github.com/sqlmapproject/sqlmap/wiki/Usage).
Poveznice
----
@@ -45,9 +45,6 @@ Poveznice
* Prijava problema: https://github.com/sqlmapproject/sqlmap/issues
* Korisnički priručnik: https://github.com/sqlmapproject/sqlmap/wiki
* Najčešće postavljena pitanja (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
* Pretplata na mailing listu: https://lists.sourceforge.net/lists/listinfo/sqlmap-users
* RSS feed mailing liste: http://rss.gmane.org/messages/complete/gmane.comp.security.sqlmap
* Arhiva mailing liste: http://news.gmane.org/gmane.comp.security.sqlmap
* Twitter: [@sqlmap](https://twitter.com/sqlmap)
* Demo: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos)
* Slike zaslona: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots

5
doc/translations/README-id-ID.md
View File

@@ -35,7 +35,7 @@ Untuk mendapatkan daftar opsi lanjut gunakan:
python sqlmap.py -hh
Anda dapat mendapatkan contoh penggunaan [di sini](https://asciinema.org/a/46601).
Untuk mendapatkan gambaran singkat kemampuan sqlmap, daftar fitur yang didukung, deskripsi dari semua opsi, berikut dengan contohnya, Anda disarankan untuk membaca [manual pengguna](https://github.com/sqlmapproject/sqlmap/wiki).
Untuk mendapatkan gambaran singkat kemampuan sqlmap, daftar fitur yang didukung, deskripsi dari semua opsi, berikut dengan contohnya, Anda disarankan untuk membaca [manual pengguna](https://github.com/sqlmapproject/sqlmap/wiki/Usage).
Tautan
----
@@ -46,9 +46,6 @@ Tautan
* Issue tracker: https://github.com/sqlmapproject/sqlmap/issues
* Wiki Manual Penggunaan: https://github.com/sqlmapproject/sqlmap/wiki
* Pertanyaan yang Sering Ditanyakan (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
* Berlangganan milis: https://lists.sourceforge.net/lists/listinfo/sqlmap-users
* RSS feed dari milis: http://rss.gmane.org/messages/complete/gmane.comp.security.sqlmap
* Arsip milis: http://news.gmane.org/gmane.comp.security.sqlmap
* Twitter: [@sqlmap](https://twitter.com/sqlmap)
* Video Demo [#1](http://www.youtube.com/user/inquisb/videos) dan [#2](http://www.youtube.com/user/stamparm/videos)
* Tangkapan Layar: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots

5
doc/translations/README-it-IT.md
View File

@@ -34,7 +34,7 @@ Per una lista di tutte le opzioni e di tutti i controlli:
python sqlmap.py -hh
Puoi trovare un esempio di esecuzione [qui](https://asciinema.org/a/46601).
Per una panoramica delle capacità di sqlmap, una lista delle sue funzionalità e la descrizione di tutte le sue opzioni e controlli, insieme ad un gran numero di esempi, siete pregati di visitare lo [user's manual](https://github.com/sqlmapproject/sqlmap/wiki) (disponibile solo in inglese).
Per una panoramica delle capacità di sqlmap, una lista delle sue funzionalità e la descrizione di tutte le sue opzioni e controlli, insieme ad un gran numero di esempi, siete pregati di visitare lo [user's manual](https://github.com/sqlmapproject/sqlmap/wiki/Usage) (disponibile solo in inglese).
Link
----
@@ -45,9 +45,6 @@ Link
* Issue tracker: https://github.com/sqlmapproject/sqlmap/issues
* Manuale dell'utente: https://github.com/sqlmapproject/sqlmap/wiki
* Domande più frequenti (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
* Iscrizione alla Mailing list: https://lists.sourceforge.net/lists/listinfo/sqlmap-users
* Mailing list RSS feed: http://rss.gmane.org/messages/complete/gmane.comp.security.sqlmap
* Archivio della Mailing list: http://news.gmane.org/gmane.comp.security.sqlmap
* Twitter: [@sqlmap](https://twitter.com/sqlmap)
* Dimostrazioni: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos)
* Screenshot: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots

5
doc/translations/README-ja-JP.md
View File

@@ -35,7 +35,7 @@ sqlmapは、 [Python](http://www.python.org/download/) バージョン **2.6.x**
python sqlmap.py -hh
実行例を [こちら](https://asciinema.org/a/46601) で見ることができます。
sqlmapの概要、機能の一覧、全てのオプションやスイッチの使用法を例とともに、 [ユーザーマニュアル](https://github.com/sqlmapproject/sqlmap/wiki) で確認することができます。
sqlmapの概要、機能の一覧、全てのオプションやスイッチの使用法を例とともに、 [ユーザーマニュアル](https://github.com/sqlmapproject/sqlmap/wiki/Usage) で確認することができます。
リンク
----
@@ -46,9 +46,6 @@ sqlmapの概要、機能の一覧、全てのオプションやスイッチの
* 課題管理: https://github.com/sqlmapproject/sqlmap/issues
* ユーザーマニュアル: https://github.com/sqlmapproject/sqlmap/wiki
* よくある質問 (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
* メーリングリストへの参加: https://lists.sourceforge.net/lists/listinfo/sqlmap-users
* メーリングリストのRSSフィード: http://rss.gmane.org/messages/complete/gmane.comp.security.sqlmap
* メーリングリストのアーカイブ: http://news.gmane.org/gmane.comp.security.sqlmap
* Twitter: [@sqlmap](https://twitter.com/sqlmap)
* デモ: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos)
* スクリーンショット: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots

3
doc/translations/README-pt-BR.md
View File

@@ -46,9 +46,6 @@ Links
* Issue tracker: https://github.com/sqlmapproject/sqlmap/issues
* Manual do Usuário: https://github.com/sqlmapproject/sqlmap/wiki
* Perguntas frequentes (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
* Mailing list subscription: https://lists.sourceforge.net/lists/listinfo/sqlmap-users
* Mailing list RSS feed: http://rss.gmane.org/messages/complete/gmane.comp.security.sqlmap
* Mailing list archive: http://news.gmane.org/gmane.comp.security.sqlmap
* Twitter: [@sqlmap](https://twitter.com/sqlmap)
* Demonstrações: [#1](http://www.youtube.com/user/inquisb/videos) e [#2](http://www.youtube.com/user/stamparm/videos)
* Imagens: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots

5
doc/translations/README-tr-TR.md
View File

@@ -37,7 +37,7 @@ Bütün seçenekleri gösterir
python sqlmap.py -hh
Program ile ilgili örnekleri [burada](https://asciinema.org/a/46601) bulabilirsiniz. Daha fazlası içinsqlmap'in bütün açıklamaları ile birlikte bütün özelliklerinin, örnekleri ile bulunduğu [manuel sayfamıza](https://github.com/sqlmapproject/sqlmap/wiki) bakmanızı tavsiye ediyoruz
Program ile ilgili örnekleri [burada](https://asciinema.org/a/46601) bulabilirsiniz. Daha fazlası içinsqlmap'in bütün açıklamaları ile birlikte bütün özelliklerinin, örnekleri ile bulunduğu [manuel sayfamıza](https://github.com/sqlmapproject/sqlmap/wiki/Usage) bakmanızı tavsiye ediyoruz
Links
----
@@ -48,9 +48,6 @@ Links
* Hata takip etme sistemi: https://github.com/sqlmapproject/sqlmap/issues
* Kullanıcı Manueli: https://github.com/sqlmapproject/sqlmap/wiki
* Sıkça Sorulan Sorular(SSS): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
* Mail listesi: https://lists.sourceforge.net/lists/listinfo/sqlmap-users
* Mail RSS takibi: http://rss.gmane.org/messages/complete/gmane.comp.security.sqlmap
* Mail listesi arşivi: http://news.gmane.org/gmane.comp.security.sqlmap
* Twitter: [@sqlmap](https://twitter.com/sqlmap)
* Demolar: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos)
* Ekran görüntüleri: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots

5
doc/translations/README-zh-CN.md
View File

@@ -33,7 +33,7 @@ sqlmap 可以运行在 [Python](http://www.python.org/download/) **2.6.x** 和
python sqlmap.py -hh
你可以从 [这里](https://asciinema.org/a/46601) 看到一个sqlmap 的使用样例。除此以外,你还可以查看 [使用手册](https://github.com/sqlmapproject/sqlmap/wiki)。获取sqlmap所有支持的特性、参数、命令行选项开关及说明的使用帮助。
你可以从 [这里](https://asciinema.org/a/46601) 看到一个sqlmap 的使用样例。除此以外,你还可以查看 [使用手册](https://github.com/sqlmapproject/sqlmap/wiki/Usage)。获取sqlmap所有支持的特性、参数、命令行选项开关及说明的使用帮助。
链接
----
@@ -44,9 +44,6 @@ sqlmap 可以运行在 [Python](http://www.python.org/download/) **2.6.x** 和
* Issue tracker: https://github.com/sqlmapproject/sqlmap/issues
* 使用手册: https://github.com/sqlmapproject/sqlmap/wiki
* 常见问题 (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
* 邮件讨论列表: https://lists.sourceforge.net/lists/listinfo/sqlmap-users
* 邮件列表 RSS 订阅: http://rss.gmane.org/messages/complete/gmane.comp.security.sqlmap
* 邮件列表归档: http://news.gmane.org/gmane.comp.security.sqlmap
* Twitter: [@sqlmap](https://twitter.com/sqlmap)
* 教程: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos)
* 截图: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots

4
extra/mssqlsig/update.py
View File

@@ -43,7 +43,7 @@ def updateMSSQLXML():
return
releases = re.findall("class=\"BCC_DV_01DarkBlueTitle\">SQL Server\s(.+?)\sBuilds", mssqlVersionsHtmlString, re.I | re.M)
releases = re.findall("class=\"BCC_DV_01DarkBlueTitle\">SQL Server\s(.+?)\sBuilds", mssqlVersionsHtmlString, re.I)
releasesCount = len(releases)
# Create the minidom document
@@ -74,7 +74,7 @@ def updateMSSQLXML():
stopIdx = mssqlVersionsHtmlString.index("SQL Server %s Builds" % releases[index + 1])
mssqlVersionsReleaseString = mssqlVersionsHtmlString[startIdx:stopIdx]
servicepackVersion = re.findall("</td><td>[7\.0|2000|2005|2008|2008 R2]*(.*?)</td><td.*?([\d\.]+)</td>[\r]*\n", mssqlVersionsReleaseString, re.I | re.M)
servicepackVersion = re.findall("</td><td>(7\.0|2000|2005|2008|2008 R2)*(.*?)</td><td.*?([\d\.]+)</td>[\r]*\n", mssqlVersionsReleaseString, re.I)
for servicePack, version in servicepackVersion:
if servicePack.startswith(" "):

6
extra/runcmd/README.txt
View File

@@ -1,3 +1,3 @@
Files in this folder can be used to compile auxiliary program that can
be used for running command prompt commands skipping standard "cmd /c" way.
They are licensed under the terms of the GNU Lesser General Public License.
runcmd.exe is an auxiliary program that can be used for running command prompt
commands skipping standard "cmd /c" way. It is licensed under the terms of the
GNU Lesser General Public License.

0
shell/runcmd.exe_ → extra/runcmd/runcmd.exe_
View File

0
extra/runcmd/windows/README.txt → extra/runcmd/src/README.txt
View File

0
extra/runcmd/windows/runcmd.sln → extra/runcmd/src/runcmd.sln
View File

0
extra/runcmd/windows/runcmd/runcmd.cpp → extra/runcmd/src/runcmd/runcmd.cpp
View File

0
extra/runcmd/windows/runcmd/runcmd.vcproj → extra/runcmd/src/runcmd/runcmd.vcproj
View File

0
extra/runcmd/windows/runcmd/stdafx.cpp → extra/runcmd/src/runcmd/stdafx.cpp
View File

0
extra/runcmd/windows/runcmd/stdafx.h → extra/runcmd/src/runcmd/stdafx.h
View File

7
extra/shutils/pydiatra.sh Normal file
View File

@@ -0,0 +1,7 @@
#!/bin/bash
# Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
# See the file 'doc/COPYING' for copying permission
# Runs py2diatra on all python files (prerequisite: pip install pydiatra)
find . -wholename "./thirdparty" -prune -o -type f -iname "*.py" -exec py2diatra '{}' \; | grep -v bare-except

8
extra/shutils/pypi.sh
View File

@@ -132,7 +132,7 @@ You can find a sample run `here <https://asciinema.org/a/46601>`__. To
get an overview of sqlmap capabilities, list of supported features and
description of all options and switches, along with examples, you are
advised to consult the `user's
manual <https://github.com/sqlmapproject/sqlmap/wiki>`__.
manual <https://github.com/sqlmapproject/sqlmap/wiki/Usage>`__.
Links
-----
@@ -147,12 +147,6 @@ Links
- User's manual: https://github.com/sqlmapproject/sqlmap/wiki
- Frequently Asked Questions (FAQ):
https://github.com/sqlmapproject/sqlmap/wiki/FAQ
- Mailing list subscription:
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
- Mailing list RSS feed:
http://rss.gmane.org/messages/complete/gmane.comp.security.sqlmap
- Mailing list archive:
http://news.gmane.org/gmane.comp.security.sqlmap
- Twitter: [@sqlmap](https://twitter.com/sqlmap)
- Demos: http://www.youtube.com/user/inquisb/videos
- Screenshots: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots

4
extra/shutils/regressiontest.py
View File

@@ -40,7 +40,7 @@ def prepare_email(content):
msg = MIMEMultipart()
msg["Subject"] = SUBJECT
msg["From"] = FROM
msg["To"] = TO if isinstance(TO, basestring) else ",".join(TO)
msg["To"] = TO if isinstance(TO, basestring) else ','.join(TO)
msg.attach(MIMEText(content))
@@ -83,7 +83,7 @@ def main():
if stderr:
failure_email("Execution of regression test failed with error:\n\n%s" % stderr)
failed_tests = re.findall("running live test case: (.+?) \((\d+)\/\d+\)[\r]*\n.+test failed (at parsing items: (.+))?\s*\- scan folder: (\/.+) \- traceback: (.*?)( - SQL injection not detected)?[\r]*\n", stdout, re.M)
failed_tests = re.findall("running live test case: (.+?) \((\d+)\/\d+\)[\r]*\n.+test failed (at parsing items: (.+))?\s*\- scan folder: (\/.+) \- traceback: (.*?)( - SQL injection not detected)?[\r]*\n", stdout)
for failed_test in failed_tests:
title = failed_test[0]

4
lib/controller/action.py
View File

@@ -16,8 +16,8 @@ from lib.core.enums import CONTENT_TYPE
from lib.core.exception import SqlmapNoneDataException
from lib.core.exception import SqlmapUnsupportedDBMSException
from lib.core.settings import SUPPORTED_DBMS
from lib.techniques.brute.use import columnExists
from lib.techniques.brute.use import tableExists
from lib.utils.brute import columnExists
from lib.utils.brute import tableExists
def action():
"""

52
lib/controller/checks.py
View File

@@ -137,7 +137,7 @@ def checkSqlInjection(place, parameter, value):
SUPPORTED_DBMS, True) or kb.heuristicDbms or injection.dbms):
msg = "it looks like the back-end DBMS is '%s'. " % (Format.getErrorParsedDBMSes() or kb.heuristicDbms or injection.dbms)
msg += "Do you want to skip test payloads specific for other DBMSes? [Y/n]"
kb.reduceTests = (Backend.getErrorParsedDBMSes() or [kb.heuristicDbms]) if readInput(msg, default='Y').upper() == 'Y' else []
kb.reduceTests = (Backend.getErrorParsedDBMSes() or [kb.heuristicDbms]) if readInput(msg, default='Y', boolean=True) else []
# If the DBMS has been fingerprinted (via DBMS-specific error
# message, via simple heuristic check or via DBMS-specific
@@ -152,7 +152,7 @@ def checkSqlInjection(place, parameter, value):
msg += " and " if conf.level < 5 and conf.risk < 3 else ""
msg += "risk (%d)" % conf.risk if conf.risk < 3 else ""
msg += " values? [Y/n]" if conf.level < 5 and conf.risk < 3 else " value? [Y/n]"
kb.extendTests = (Backend.getErrorParsedDBMSes() or [kb.heuristicDbms]) if readInput(msg, default='Y').upper() == 'Y' else []
kb.extendTests = (Backend.getErrorParsedDBMSes() or [kb.heuristicDbms]) if readInput(msg, default='Y', boolean=True) else []
title = test.title
kb.testType = stype = test.stype
@@ -631,7 +631,8 @@ def checkSqlInjection(place, parameter, value):
msg += "extended UNION tests if there is not "
msg += "at least one other (potential) "
msg += "technique found. Do you want to skip? [Y/n] "
kb.futileUnion = readInput(msg, default="Y").strip().upper() == 'N'
kb.futileUnion = not readInput(msg, default='Y', boolean=True)
if kb.futileUnion is False:
continue
@@ -738,25 +739,23 @@ def checkSqlInjection(place, parameter, value):
logger.warn(warnMsg)
msg = "how do you want to proceed? [(S)kip current test/(e)nd detection phase/(n)ext parameter/(c)hange verbosity/(q)uit]"
choice = readInput(msg, default="S", checkBatch=False)
choice = readInput(msg, default='S', checkBatch=False).upper()
if choice[0] in ("s", "S"):
pass
elif choice[0] in ("c", "C"):
if choice == 'C':
choice = None
while not ((choice or "").isdigit() and 0 <= int(choice) <= 6):
if choice:
logger.warn("invalid value")
msg = "enter new verbosity level: [0-6] "
choice = readInput(msg, default=str(conf.verbose), checkBatch=False).strip()
choice = readInput(msg, default=str(conf.verbose), checkBatch=False)
conf.verbose = int(choice)
setVerbosity()
tests.insert(0, test)
elif choice[0] in ("n", "N"):
elif choice == 'N':
return None
elif choice[0] in ("e", "E"):
elif choice == 'E':
kb.endDetection = True
elif choice[0] in ("q", "Q"):
elif choice == 'Q':
raise SqlmapUserQuitException
finally:
@@ -999,7 +998,7 @@ def heuristicCheckSqlInjection(place, parameter):
if kb.ignoreCasted is None:
message = "do you want to skip those kind of cases (and save scanning time)? %s " % ("[Y/n]" if conf.multipleTargets else "[y/N]")
kb.ignoreCasted = readInput(message, default='Y' if conf.multipleTargets else 'N').upper() != 'N'
kb.ignoreCasted = readInput(message, default='Y' if conf.multipleTargets else 'N', boolean=True)
elif result:
infoMsg += "be injectable"
@@ -1177,19 +1176,19 @@ def checkStability():
logger.warn(warnMsg)
message = "how do you want to proceed? [(C)ontinue/(s)tring/(r)egex/(q)uit] "
test = readInput(message, default="C")
choice = readInput(message, default='C').upper()
if test and test[0] in ("q", "Q"):
if choice == 'Q':
raise SqlmapUserQuitException
elif test and test[0] in ("s", "S"):
elif choice == 'S':
showStaticWords(firstPage, secondPage)
message = "please enter value for parameter 'string': "
test = readInput(message)
string = readInput(message)
if test:
conf.string = test
if string:
conf.string = string
if kb.nullConnection:
debugMsg = "turning off NULL connection "
@@ -1201,12 +1200,12 @@ def checkStability():
errMsg = "Empty value supplied"
raise SqlmapNoneDataException(errMsg)
elif test and test[0] in ("r", "R"):
elif choice == 'R':
message = "please enter value for parameter 'regex': "
test = readInput(message)
regex = readInput(message)
if test:
conf.regex = test
if regex:
conf.regex = regex
if kb.nullConnection:
debugMsg = "turning off NULL connection "
@@ -1307,9 +1306,8 @@ def checkWaf():
if not conf.identifyWaf:
message = "do you want sqlmap to try to detect backend "
message += "WAF/IPS/IDS? [y/N] "
output = readInput(message, default="N")
if output and output[0] in ("Y", "y"):
if readInput(message, default='N', boolean=True):
conf.identifyWaf = True
if conf.timeout == defaults.timeout:
@@ -1372,13 +1370,13 @@ def identifyWaf():
if retVal:
message = "are you sure that you want to "
message += "continue with further target testing? [y/N] "
output = readInput(message, default="N")
choice = readInput(message, default='N', boolean=True)
if not conf.tamper:
warnMsg = "please consider usage of tamper scripts (option '--tamper')"
singleTimeWarnMessage(warnMsg)
if output and output[0] not in ("Y", "y"):
if not choice:
raise SqlmapUserQuitException
else:
warnMsg = "WAF/IPS/IDS product hasn't been identified"
@@ -1494,7 +1492,7 @@ def checkConnection(suppressOutput=False):
return False
msg = "it is not recommended to continue in this kind of cases. Do you want to quit and make sure that everything is set up properly? [Y/n] "
if readInput(msg, default="Y") not in ("n", "N"):
if readInput(msg, default='Y', boolean=True):
raise SqlmapSilentQuitException
else:
kb.ignoreNotFound = True

56
lib/controller/controller.py
View File

@@ -116,11 +116,11 @@ def _selectInjection():
message += "\n"
message += "[q] Quit"
select = readInput(message, default="0")
choice = readInput(message, default='0').upper()
if select.isdigit() and int(select) < len(kb.injections) and int(select) >= 0:
index = int(select)
elif select[0] in ("Q", "q"):
if choice.isdigit() and int(choice) < len(kb.injections) and int(choice) >= 0:
index = int(choice)
elif choice == 'Q':
raise SqlmapUserQuitException
else:
errMsg = "invalid choice"
@@ -140,7 +140,7 @@ def _formatInjection(inj):
if inj.place == PLACE.CUSTOM_HEADER:
payload = payload.split(',', 1)[1]
if stype == PAYLOAD.TECHNIQUE.UNION:
count = re.sub(r"(?i)(\(.+\))|(\blimit[^A-Za-z]+)", "", sdata.payload).count(',') + 1
count = re.sub(r"(?i)(\(.+\))|(\blimit[^a-z]+)", "", sdata.payload).count(',') + 1
title = re.sub(r"\d+ to \d+", str(count), title)
vector = agent.forgeUnionQuery("[QUERY]", vector[0], vector[1], vector[2], None, None, vector[5], vector[6])
if count == 1:
@@ -161,7 +161,7 @@ def _showInjections():
else:
header = "sqlmap resumed the following injection point(s) from stored session"
if hasattr(conf, "api"):
if conf.api:
conf.dumper.string("", {"url": conf.url, "query": conf.parameters.get(PLACE.GET), "data": conf.parameters.get(PLACE.POST)}, content_type=CONTENT_TYPE.TARGET)
conf.dumper.string("", kb.injections, content_type=CONTENT_TYPE.TECHNIQUES)
else:
@@ -183,8 +183,8 @@ def _randomFillBlankFields(value):
if extractRegexResult(EMPTY_FORM_FIELDS_REGEX, value):
message = "do you want to fill blank fields with random values? [Y/n] "
test = readInput(message, default="Y")
if not test or test[0] in ("y", "Y"):
if readInput(message, default='Y', boolean=True):
for match in re.finditer(EMPTY_FORM_FIELDS_REGEX, retVal):
item = match.group("result")
if not any(_ in item for _ in IGNORE_PARAMETERS) and not re.search(ASP_NET_CONTROL_REGEX, item):
@@ -305,7 +305,9 @@ def start():
message = "SQL injection vulnerability has already been detected "
message += "against '%s'. Do you want to skip " % conf.hostname
message += "further tests involving it? [Y/n]"
kb.skipVulnHost = readInput(message, default="Y").upper() != 'N'
kb.skipVulnHost = readInput(message, default='Y', boolean=True)
testSqlInj = not kb.skipVulnHost
if not testSqlInj:
@@ -332,9 +334,13 @@ def start():
continue
message += "\ndo you want to test this form? [Y/n/q] "
test = readInput(message, default="Y")
choice = readInput(message, default='Y').upper()
if not test or test[0] in ("y", "Y"):
if choice == 'N':
continue
elif choice == 'Q':
break
else:
if conf.method != HTTPMETHOD.GET:
message = "Edit %s data [default: %s]%s: " % (conf.method, urlencode(conf.data) if conf.data else "None", " (Warning: blank fields detected)" if conf.data and extractRegexResult(EMPTY_FORM_FIELDS_REGEX, conf.data) else "")
conf.data = readInput(message, default=conf.data)
@@ -352,21 +358,14 @@ def start():
parseTargetUrl()
elif test[0] in ("n", "N"):
continue
elif test[0] in ("q", "Q"):
break
else:
message += "\ndo you want to test this URL? [Y/n/q]"
test = readInput(message, default="Y")
choice = readInput(message, default='Y').upper()
if not test or test[0] in ("y", "Y"):
pass
elif test[0] in ("n", "N"):
if choice == 'N':
dataToStdout(os.linesep)
continue
elif test[0] in ("q", "Q"):
elif choice == 'Q':
break
infoMsg = "testing URL '%s'" % targetUrl
@@ -543,9 +542,8 @@ def start():
msg = "%s parameter '%s' " % (injection.place, injection.parameter)
msg += "is vulnerable. Do you want to keep testing the others (if any)? [y/N] "
test = readInput(msg, default="N")
if test[0] not in ("y", "Y"):
if not readInput(msg, default='N', boolean=True):
proceed = False
paramKey = (conf.hostname, conf.path, None, None)
kb.testedParams.add(paramKey)
@@ -629,9 +627,7 @@ def start():
if kb.injection.place is not None and kb.injection.parameter is not None:
if conf.multipleTargets:
message = "do you want to exploit this SQL injection? [Y/n] "
exploit = readInput(message, default="Y")
condition = not exploit or exploit[0] in ("y", "Y")
condition = readInput(message, default='Y', boolean=True)
else:
condition = True
@@ -644,13 +640,11 @@ def start():
logger.warn(warnMsg)
message = "do you want to skip to the next target in list? [Y/n/q]"
test = readInput(message, default="Y")
choice = readInput(message, default='Y').upper()
if not test or test[0] in ("y", "Y"):
pass
elif test[0] in ("n", "N"):
if choice == 'N':
return False
elif test[0] in ("q", "Q"):
elif choice == 'Q':
raise SqlmapUserQuitException
else:
raise

1
lib/controller/handler.py
View File

@@ -8,7 +8,6 @@ See the file 'doc/COPYING' for copying permission
from lib.core.common import Backend
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.dicts import DBMS_DICT
from lib.core.enums import DBMS
from lib.core.settings import MSSQL_ALIASES

7
lib/core/agent.py
View File

@@ -63,7 +63,7 @@ class Agent(object):
if Backend.getIdentifiedDbms() in (DBMS.ORACLE,): # non-standard object(s) make problems to a database connector while returned (e.g. XMLTYPE)
_, _, _, _, _, _, fieldsToCastStr, _ = self.getFields(query)
for field in fieldsToCastStr.split(","):
for field in fieldsToCastStr.split(','):
query = query.replace(field, self.nullAndCastField(field))
if kb.tamperFunctions:
@@ -296,7 +296,7 @@ class Agent(object):
elif suffix and not comment:
expression += suffix.replace('\\', BOUNDARY_BACKSLASH_MARKER)
return re.sub(r"(?s);\W*;", ";", expression)
return re.sub(r";\W*;", ";", expression)
def cleanupPayload(self, payload, origValue=None):
if payload is None:
@@ -316,6 +316,7 @@ class Agent(object):
payload = payload.replace(_, randomStr())
if origValue is not None and "[ORIGVALUE]" in payload:
origValue = getUnicode(origValue)
payload = getUnicode(payload).replace("[ORIGVALUE]", origValue if origValue.isdigit() else unescaper.escape("'%s'" % origValue))
if "[INFERENCE]" in payload:
@@ -452,7 +453,7 @@ class Agent(object):
@rtype: C{str}
"""
if not Backend.getDbms():
if not Backend.getIdentifiedDbms():
return fields
if fields.startswith("(CASE") or fields.startswith("(IIF") or fields.startswith("SUBSTR") or fields.startswith("MID(") or re.search(r"\A'[^']+'\Z", fields):

190
lib/core/common.py
View File

@@ -26,6 +26,7 @@ import string
import subprocess
import sys
import tempfile
import threading
import time
import urllib
import urllib2
@@ -72,6 +73,7 @@ from lib.core.enums import HEURISTIC_TEST
from lib.core.enums import HTTP_HEADER
from lib.core.enums import HTTPMETHOD
from lib.core.enums import MKSTEMP_PREFIX
from lib.core.enums import OPTION_TYPE
from lib.core.enums import OS
from lib.core.enums import PLACE
from lib.core.enums import PAYLOAD
@@ -112,6 +114,7 @@ from lib.core.settings import GITHUB_REPORT_OAUTH_TOKEN
from lib.core.settings import GOOGLE_ANALYTICS_COOKIE_PREFIX
from lib.core.settings import HASHDB_MILESTONE_VALUE
from lib.core.settings import HOST_ALIASES
from lib.core.settings import IGNORE_SAVE_OPTIONS
from lib.core.settings import INFERENCE_UNKNOWN_CHAR
from lib.core.settings import INVALID_UNICODE_CHAR_FORMAT
from lib.core.settings import IP_ADDRESS_REGEX
@@ -137,6 +140,7 @@ from lib.core.settings import REFERER_ALIASES
from lib.core.settings import REFLECTED_BORDER_REGEX
from lib.core.settings import REFLECTED_MAX_REGEX_PARTS
from lib.core.settings import REFLECTED_REPLACEMENT_REGEX
from lib.core.settings import REFLECTED_REPLACEMENT_TIMEOUT
from lib.core.settings import REFLECTED_VALUE_MARKER
from lib.core.settings import REFLECTIVE_MISS_THRESHOLD
from lib.core.settings import SENSITIVE_DATA_REGEX
@@ -268,7 +272,7 @@ class Format(object):
infoApi = {}
if info and "type" in info:
if hasattr(conf, "api"):
if conf.api:
infoApi["%s operating system" % target] = info
else:
infoStr += "%s operating system: %s" % (target, Format.humanize(info["type"]))
@@ -286,12 +290,12 @@ class Format(object):
infoStr += " (%s)" % Format.humanize(info["codename"])
if "technology" in info:
if hasattr(conf, "api"):
if conf.api:
infoApi["web application technology"] = Format.humanize(info["technology"], ", ")
else:
infoStr += "\nweb application technology: %s" % Format.humanize(info["technology"], ", ")
if hasattr(conf, "api"):
if conf.api:
return infoApi
else:
return infoStr.lstrip()
@@ -318,14 +322,14 @@ class Backend:
msg += "correct [%s (default)/%s] " % (kb.dbms, dbms)
while True:
_ = readInput(msg, default=kb.dbms)
choice = readInput(msg, default=kb.dbms)
if aliasToDbmsEnum(_) == kb.dbms:
if aliasToDbmsEnum(choice) == kb.dbms:
kb.dbmsVersion = []
kb.resolutionDbms = kb.dbms
break
elif aliasToDbmsEnum(_) == dbms:
kb.dbms = aliasToDbmsEnum(_)
elif aliasToDbmsEnum(choice) == dbms:
kb.dbms = aliasToDbmsEnum(choice)
break
else:
warnMsg = "invalid value"
@@ -378,12 +382,12 @@ class Backend:
msg += "correct [%s (default)/%s] " % (kb.os, os)
while True:
_ = readInput(msg, default=kb.os)
choice = readInput(msg, default=kb.os)
if _ == kb.os:
if choice == kb.os:
break
elif _ == os:
kb.os = _.capitalize()
elif choice == os:
kb.os = choice.capitalize()
break
else:
warnMsg = "invalid value"
@@ -417,10 +421,10 @@ class Backend:
msg += "\n[2] 64-bit"
while True:
_ = readInput(msg, default='1')
choice = readInput(msg, default='1')
if isinstance(_, basestring) and _.isdigit() and int(_) in (1, 2):
kb.arch = 32 if int(_) == 1 else 64
if isinstance(choice, basestring) and choice.isdigit() and int(choice) in (1, 2):
kb.arch = 32 if int(choice) == 1 else 64
break
else:
warnMsg = "invalid value. Valid values are 1 and 2"
@@ -597,8 +601,8 @@ def paramToDict(place, parameters=None):
logger.warn(warnMsg)
message = "are you really sure that you want to continue (sqlmap could have problems)? [y/N] "
test = readInput(message, default="N")
if test[0] not in ("y", "Y"):
if not readInput(message, default='N', boolean=True):
raise SqlmapSilentQuitException
elif not _:
warnMsg = "provided value for parameter '%s' is empty. " % parameter
@@ -640,8 +644,8 @@ def paramToDict(place, parameters=None):
if candidates:
message = "it appears that provided value for %s parameter '%s' " % (place, parameter)
message += "is JSON deserializable. Do you want to inject inside? [y/N] "
test = readInput(message, default="N")
if test[0] in ("y", "Y"):
if not readInput(message, default='N', boolean=True):
del testableParameters[parameter]
testableParameters.update(candidates)
break
@@ -652,9 +656,9 @@ def paramToDict(place, parameters=None):
_ = re.sub(regex, "\g<1>%s\g<%d>" % (CUSTOM_INJECTION_MARK_CHAR, len(match.groups())), testableParameters[parameter])
message = "it appears that provided value for %s parameter '%s' " % (place, parameter)
message += "has boundaries. Do you want to inject inside? ('%s') [y/N] " % _
test = readInput(message, default="N")
if test[0] in ("y", "Y"):
message += "has boundaries. Do you want to inject inside? ('%s') [y/N] " % getUnicode(_)
if readInput(message, default='N', boolean=True):
testableParameters[parameter] = re.sub(regex, "\g<1>%s\g<2>" % BOUNDED_INJECTION_MARKER, testableParameters[parameter])
break
@@ -750,17 +754,17 @@ def getManualDirectories():
message += "[2] custom location(s)\n"
message += "[3] custom directory list file\n"
message += "[4] brute force search"
choice = readInput(message, default="1").strip()
choice = readInput(message, default='1')
if choice == "2":
if choice == '2':
message = "please provide a comma separate list of absolute directory paths: "
directories = readInput(message, default="").split(',')
elif choice == "3":
elif choice == '3':
message = "what's the list file location?\n"
listPath = readInput(message, default="")
checkFile(listPath)
directories = getFileItems(listPath)
elif choice == "4":
elif choice == '4':
targets = set([conf.hostname])
_ = conf.hostname.split('.')
@@ -894,7 +898,7 @@ def dataToStdout(data, forceOutput=False, bold=False, content_type=None, status=
message = data
try:
if hasattr(conf, "api"):
if conf.get("api"):
sys.stdout.write(message, status, content_type)
else:
sys.stdout.write(setColor(message, bold))
@@ -961,7 +965,7 @@ def dataToOutFile(filename, data):
return retVal
def readInput(message, default=None, checkBatch=True):
def readInput(message, default=None, checkBatch=True, boolean=False):
"""
Reads input from terminal
"""
@@ -998,7 +1002,7 @@ def readInput(message, default=None, checkBatch=True):
if retVal is None:
if checkBatch and conf.get("batch"):
if isListLike(default):
options = ",".join(getUnicode(opt, UNICODE_ENCODING) for opt in default)
options = ','.join(getUnicode(opt, UNICODE_ENCODING) for opt in default)
elif default:
options = getUnicode(default, UNICODE_ENCODING)
else:
@@ -1034,6 +1038,12 @@ def readInput(message, default=None, checkBatch=True):
finally:
logging._releaseLock()
if retVal and default and isinstance(default, basestring) and len(default) == 1:
retVal = retVal.strip()
if boolean:
retVal = retVal.strip().upper() == 'Y'
return retVal
def randomRange(start=0, stop=1000, seed=None):
@@ -1145,7 +1155,7 @@ def banner():
This function prints sqlmap banner with its version
"""
if not any(_ in sys.argv for _ in ("--version", "--pickled-options")):
if not any(_ in sys.argv for _ in ("--version", "--api")):
_ = BANNER
if not getattr(LOGGER_HANDLER, "is_tty", False) or "--disable-coloring" in sys.argv:
@@ -1434,13 +1444,13 @@ def parseTargetUrl():
if not conf.referer and (intersect(REFERER_ALIASES, conf.testParameter, True) or conf.level >= 3):
debugMsg = "setting the HTTP Referer header to the target URL"
logger.debug(debugMsg)
conf.httpHeaders = filter(lambda (key, value): key != HTTP_HEADER.REFERER, conf.httpHeaders)
conf.httpHeaders = [_ for _ in conf.httpHeaders if _[0] != HTTP_HEADER.REFERER]
conf.httpHeaders.append((HTTP_HEADER.REFERER, conf.url.replace(CUSTOM_INJECTION_MARK_CHAR, "")))
if not conf.host and (intersect(HOST_ALIASES, conf.testParameter, True) or conf.level >= 5):
debugMsg = "setting the HTTP Host header to the target URL"
logger.debug(debugMsg)
conf.httpHeaders = filter(lambda (key, value): key != HTTP_HEADER.HOST, conf.httpHeaders)
conf.httpHeaders = [_ for _ in conf.httpHeaders if _[0] != HTTP_HEADER.HOST]
conf.httpHeaders.append((HTTP_HEADER.HOST, getHostHeader(conf.url)))
if conf.url != originalUrl:
@@ -1957,7 +1967,7 @@ def getSQLSnippet(dbms, sfile, **variables):
retVal = readCachedFileContent(filename)
retVal = re.sub(r"#.+", "", retVal)
retVal = re.sub(r"(?s);\s+", "; ", retVal).strip("\r\n")
retVal = re.sub(r";\s+", "; ", retVal).strip("\r\n")
for _ in variables.keys():
retVal = re.sub(r"%%%s%%" % _, variables[_], retVal)
@@ -1975,9 +1985,8 @@ def getSQLSnippet(dbms, sfile, **variables):
logger.error(errMsg)
msg = "do you want to provide the substitution values? [y/N] "
choice = readInput(msg, default="N")
if choice and choice[0].lower() == "y":
if readInput(msg, default='N', boolean=True):
for var in variables:
msg = "insert value for variable '%s': " % var
val = readInput(msg, default="")
@@ -2366,8 +2375,8 @@ def wasLastResponseDelayed():
if kb.adjustTimeDelay is None:
msg = "do you want sqlmap to try to optimize value(s) "
msg += "for DBMS delay responses (option '--time-sec')? [Y/n] "
choice = readInput(msg, default='Y')
kb.adjustTimeDelay = ADJUST_TIME_DELAY.DISABLE if choice.upper() == 'N' else ADJUST_TIME_DELAY.YES
kb.adjustTimeDelay = ADJUST_TIME_DELAY.DISABLE if not readInput(msg, default='Y', boolean=True) else ADJUST_TIME_DELAY.YES
if kb.adjustTimeDelay is ADJUST_TIME_DELAY.YES:
adjustTimeDelay(threadData.lastQueryDuration, lowerStdLimit)
@@ -2928,6 +2937,58 @@ def setOptimize():
debugMsg = "turning off switch '--null-connection' used indirectly by switch '-o'"
logger.debug(debugMsg)
def saveConfig(conf, filename):
"""
Saves conf to configuration filename
"""
config = UnicodeRawConfigParser()
userOpts = {}
for family in optDict.keys():
userOpts[family] = []
for option, value in conf.items():
for family, optionData in optDict.items():
if option in optionData:
userOpts[family].append((option, value, optionData[option]))
for family, optionData in userOpts.items():
config.add_section(family)
optionData.sort()
for option, value, datatype in optionData:
if datatype and isListLike(datatype):
datatype = datatype[0]
if option in IGNORE_SAVE_OPTIONS:
continue
if value is None:
if datatype == OPTION_TYPE.BOOLEAN:
value = "False"
elif datatype in (OPTION_TYPE.INTEGER, OPTION_TYPE.FLOAT):
if option in defaults:
value = str(defaults[option])
else:
value = "0"
elif datatype == OPTION_TYPE.STRING:
value = ""
if isinstance(value, basestring):
value = value.replace("\n", "\n ")
config.set(family, option, value)
with openFile(filename, "wb") as f:
try:
config.write(f)
except IOError, ex:
errMsg = "something went wrong while trying "
errMsg += "to write to the configuration file '%s' ('%s')" % (filename, getSafeExString(ex))
raise SqlmapSystemException(errMsg)
def initTechnique(technique=None):
"""
Prepares data for technique specified
@@ -3129,11 +3190,29 @@ def decodeIntToUnicode(value):
return retVal
def md5File(filename):
"""
Calculates MD5 digest of a file
Reference: http://stackoverflow.com/a/3431838
"""
checkFile(filename)
digest = hashlib.md5()
with open(filename, "rb") as f:
for chunk in iter(lambda: f.read(4096), ""):
digest.update(chunk)
return digest.hexdigest()
def checkIntegrity():
"""
Checks integrity of code files during the unhandled exceptions
"""
if not paths:
return
logger.debug("running code integrity check")
retVal = True
@@ -3142,7 +3221,7 @@ def checkIntegrity():
if not os.path.isfile(path):
logger.error("missing file detected '%s'" % path)
retVal = False
elif hashlib.md5(open(path, 'rb').read()).hexdigest() != checksum:
elif md5File(path) != checksum:
logger.error("wrong checksum of file '%s' detected" % path)
retVal = False
return retVal
@@ -3204,11 +3283,11 @@ def createGithubIssue(errMsg, excMsg):
msg += "with the unhandled exception information at "
msg += "the official Github repository? [y/N] "
try:
test = readInput(msg, default="N")
choice = readInput(msg, default='N', boolean=True)
except:
test = None
choice = None
if test and test[0] in ("y", "Y"):
if choice:
ex = None
errMsg = errMsg[errMsg.find("\n"):]
@@ -3372,11 +3451,32 @@ def removeReflectiveValues(content, payload, suppressWarning=False):
else:
regex = r"%s\b" % regex
retVal = re.sub(r"(?i)%s" % regex, REFLECTED_VALUE_MARKER, retVal)
_retVal = [retVal]
def _thread(regex):
try:
_retVal[0] = re.sub(r"(?i)%s" % regex, REFLECTED_VALUE_MARKER, _retVal[0])
if len(parts) > 2:
regex = REFLECTED_REPLACEMENT_REGEX.join(parts[1:])
retVal = re.sub(r"(?i)\b%s\b" % regex, REFLECTED_VALUE_MARKER, retVal)
if len(parts) > 2:
regex = REFLECTED_REPLACEMENT_REGEX.join(parts[1:])
_retVal[0] = re.sub(r"(?i)\b%s\b" % regex, REFLECTED_VALUE_MARKER, _retVal[0])
except KeyboardInterrupt:
raise
except:
pass
thread = threading.Thread(target=_thread, args=(regex,))
thread.daemon = True
thread.start()
thread.join(REFLECTED_REPLACEMENT_TIMEOUT)
if thread.isAlive():
kb.reflectiveMechanism = False
retVal = content
if not suppressWarning:
debugMsg = "turning off reflection removal mechanism (because of timeouts)"
logger.debug(debugMsg)
else:
retVal = _retVal[0]
if retVal != content:
kb.reflectiveCounters[REFLECTIVE_COUNTER.HIT] += 1
@@ -4031,7 +4131,7 @@ def decodeHexValue(value, raw=False):
retVal = value
if value and isinstance(value, basestring):
if len(value) % 2 != 0:
retVal = "%s?" % hexdecode(value[:-1])
retVal = "%s?" % hexdecode(value[:-1]) if len(value) > 1 else value
singleTimeWarnMessage("there was a problem decoding value '%s' from expected hexadecimal form" % value)
else:
retVal = hexdecode(value)

2
lib/core/defaults.py
View File

@@ -8,7 +8,7 @@ See the file 'doc/COPYING' for copying permission
from lib.core.datatype import AttribDict
_defaults = {
"csvDel": ",",
"csvDel": ',',
"timeSec": 5,
"googlePage": 1,
"verbose": 1,

1
lib/core/dicts.py
View File

@@ -274,6 +274,7 @@ DEPRECATED_OPTIONS = {
"--auth-private": "use '--auth-file' instead",
"--check-payload": None,
"--check-waf": None,
"--pickled-options": "use '--api -c ...' instead",
}
DUMP_DATA_PREPROCESS = {

18
lib/core/dump.py
View File

@@ -63,7 +63,7 @@ class Dump(object):
self._lock = threading.Lock()
def _write(self, data, newline=True, console=True, content_type=None):
if hasattr(conf, "api"):
if conf.api:
dataToStdout(data, content_type=content_type, status=CONTENT_STATUS.COMPLETE)
return
@@ -110,7 +110,7 @@ class Dump(object):
def string(self, header, data, content_type=None, sort=True):
kb.stickyLevel = None
if hasattr(conf, "api"):
if conf.api:
self._write(data, content_type=content_type)
return
@@ -144,7 +144,7 @@ class Dump(object):
except:
pass
if hasattr(conf, "api"):
if conf.api:
self._write(elements, content_type=content_type)
return
@@ -193,7 +193,7 @@ class Dump(object):
users = userSettings.keys()
users.sort(key=lambda x: x.lower() if isinstance(x, basestring) else x)
if hasattr(conf, "api"):
if conf.api:
self._write(userSettings, content_type=content_type)
return
@@ -227,7 +227,7 @@ class Dump(object):
def dbTables(self, dbTables):
if isinstance(dbTables, dict) and len(dbTables) > 0:
if hasattr(conf, "api"):
if conf.api:
self._write(dbTables, content_type=CONTENT_TYPE.TABLES)
return
@@ -270,7 +270,7 @@ class Dump(object):
def dbTableColumns(self, tableColumns, content_type=None):
if isinstance(tableColumns, dict) and len(tableColumns) > 0:
if hasattr(conf, "api"):
if conf.api:
self._write(tableColumns, content_type=content_type)
return
@@ -344,7 +344,7 @@ class Dump(object):
def dbTablesCount(self, dbTables):
if isinstance(dbTables, dict) and len(dbTables) > 0:
if hasattr(conf, "api"):
if conf.api:
self._write(dbTables, content_type=CONTENT_TYPE.COUNT)
return
@@ -403,7 +403,7 @@ class Dump(object):
db = "All"
table = tableValues["__infos__"]["table"]
if hasattr(conf, "api"):
if conf.api:
self._write(tableValues, content_type=CONTENT_TYPE.DUMP_TABLE)
return
@@ -666,7 +666,7 @@ class Dump(object):
logger.warn(msg)
def dbColumns(self, dbColumnsDict, colConsider, dbs):
if hasattr(conf, "api"):
if conf.api:
self._write(dbColumnsDict, content_type=CONTENT_TYPE.COLUMNS)
return

1
lib/core/enums.py
View File

@@ -364,6 +364,7 @@ class MKSTEMP_PREFIX:
HASHES = "sqlmaphashes-"
CRAWLER = "sqlmapcrawler-"
IPC = "sqlmapipc-"
CONFIG = "sqlmapconfig-"
TESTING = "sqlmaptesting-"
RESULTS = "sqlmapresults-"
COOKIE_JAR = "sqlmapcookiejar-"

113
lib/core/option.py
View File

@@ -45,7 +45,6 @@ from lib.core.common import getConsoleWidth
from lib.core.common import getFileItems
from lib.core.common import getFileType
from lib.core.common import getUnicode
from lib.core.common import isListLike
from lib.core.common import normalizePath
from lib.core.common import ntToPosixSlashes
from lib.core.common import openFile
@@ -58,12 +57,11 @@ from lib.core.common import readInput
from lib.core.common import resetCookieJar
from lib.core.common import runningAsAdmin
from lib.core.common import safeExpandUser
from lib.core.common import saveConfig
from lib.core.common import setOptimize
from lib.core.common import setPaths
from lib.core.common import singleTimeWarnMessage
from lib.core.common import UnicodeRawConfigParser
from lib.core.common import urldecode
from lib.core.convert import base64unpickle
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
@@ -112,7 +110,6 @@ from lib.core.settings import DEFAULT_PAGE_ENCODING
from lib.core.settings import DEFAULT_TOR_HTTP_PORTS
from lib.core.settings import DEFAULT_TOR_SOCKS_PORTS
from lib.core.settings import DUMMY_URL
from lib.core.settings import IGNORE_SAVE_OPTIONS
from lib.core.settings import INJECT_HERE_MARK
from lib.core.settings import IS_WIN
from lib.core.settings import KB_CHARS_BOUNDARY_CHAR
@@ -235,7 +232,7 @@ def _feedTargetsDict(reqFile, addedTargetUrls):
reqResList = re.finditer(BURP_REQUEST_REGEX, content, re.I | re.S)
for match in reqResList:
request = match if isinstance(match, basestring) else match.group(0)
request = match if isinstance(match, basestring) else match.group(1)
request = re.sub(r"\A[^\w]+", "", request)
schemePort = re.search(r"(http[\w]*)\:\/\/.*?\:([\d]+).+?={10,}", request, re.I | re.S)
@@ -486,14 +483,14 @@ def _setRequestFromFile():
conf.requestFile = safeExpandUser(conf.requestFile)
infoMsg = "parsing HTTP request from '%s'" % conf.requestFile
logger.info(infoMsg)
if not os.path.isfile(conf.requestFile):
errMsg = "the specified HTTP request file "
errMsg += "does not exist"
raise SqlmapFilePathException(errMsg)
infoMsg = "parsing HTTP request from '%s'" % conf.requestFile
logger.info(infoMsg)
_feedTargetsDict(conf.requestFile, addedTargetUrls)
def _setCrawler():
@@ -545,8 +542,7 @@ def _doSearch():
elif re.search(URI_INJECTABLE_REGEX, link, re.I):
if kb.data.onlyGETs is None and conf.data is None and not conf.googleDork:
message = "do you want to scan only results containing GET parameters? [Y/n] "
test = readInput(message, default="Y")
kb.data.onlyGETs = test.lower() != 'n'
kb.data.onlyGETs = readInput(message, default='Y', boolean=True)
if not kb.data.onlyGETs or conf.googleDork:
kb.targets.add((link, conf.method, conf.data, conf.cookie, None))
@@ -573,9 +569,8 @@ def _doSearch():
message += "for your search dork expression, but none of them "
message += "have GET parameters to test for SQL injection. "
message += "Do you want to skip to the next result page? [Y/n]"
test = readInput(message, default="Y")
if test[0] in ("n", "N"):
if not readInput(message, default='Y', boolean=True):
raise SqlmapSilentQuitException
else:
conf.googlePage += 1
@@ -949,14 +944,14 @@ def _setTamperingFunctions():
message = "it appears that you might have mixed "
message += "the order of tamper scripts. "
message += "Do you want to auto resolve this? [Y/n/q] "
test = readInput(message, default="Y")
choice = readInput(message, default='Y').upper()
if not test or test[0] in ("y", "Y"):
resolve_priorities = True
elif test[0] in ("n", "N"):
if choice == 'N':
resolve_priorities = False
elif test[0] in ("q", "Q"):
elif choice == 'Q':
raise SqlmapUserQuitException
else:
resolve_priorities = True
check_priority = False
@@ -1689,10 +1684,10 @@ def _cleanupOptions():
setOptimize()
if conf.data:
conf.data = re.sub(INJECT_HERE_MARK.replace(" ", r"[^A-Za-z]*"), CUSTOM_INJECTION_MARK_CHAR, conf.data, re.I)
conf.data = re.sub("(?i)%s" % INJECT_HERE_MARK.replace(" ", r"[^A-Za-z]*"), CUSTOM_INJECTION_MARK_CHAR, conf.data)
if conf.url:
conf.url = re.sub(INJECT_HERE_MARK.replace(" ", r"[^A-Za-z]*"), CUSTOM_INJECTION_MARK_CHAR, conf.url, re.I)
conf.url = re.sub("(?i)%s" % INJECT_HERE_MARK.replace(" ", r"[^A-Za-z]*"), CUSTOM_INJECTION_MARK_CHAR, conf.url)
if conf.os:
conf.os = conf.os.capitalize()
@@ -1771,13 +1766,13 @@ def _cleanupOptions():
conf.torType = conf.torType.upper()
if conf.col:
conf.col = re.sub(r"\s*,\s*", ",", conf.col)
conf.col = re.sub(r"\s*,\s*", ',', conf.col)
if conf.excludeCol:
conf.excludeCol = re.sub(r"\s*,\s*", ",", conf.excludeCol)
conf.excludeCol = re.sub(r"\s*,\s*", ',', conf.excludeCol)
if conf.binaryFields:
conf.binaryFields = re.sub(r"\s*,\s*", ",", conf.binaryFields)
conf.binaryFields = re.sub(r"\s*,\s*", ',', conf.binaryFields)
if any((conf.proxy, conf.proxyFile, conf.tor)):
conf.disablePrecon = True
@@ -2107,53 +2102,7 @@ def _saveConfig():
debugMsg = "saving command line options to a sqlmap configuration INI file"
logger.debug(debugMsg)
config = UnicodeRawConfigParser()
userOpts = {}
for family in optDict.keys():
userOpts[family] = []
for option, value in conf.items():
for family, optionData in optDict.items():
if option in optionData:
userOpts[family].append((option, value, optionData[option]))
for family, optionData in userOpts.items():
config.add_section(family)
optionData.sort()
for option, value, datatype in optionData:
if datatype and isListLike(datatype):
datatype = datatype[0]
if option in IGNORE_SAVE_OPTIONS:
continue
if value is None:
if datatype == OPTION_TYPE.BOOLEAN:
value = "False"
elif datatype in (OPTION_TYPE.INTEGER, OPTION_TYPE.FLOAT):
if option in defaults:
value = str(defaults[option])
else:
value = "0"
elif datatype == OPTION_TYPE.STRING:
value = ""
if isinstance(value, basestring):
value = value.replace("\n", "\n ")
config.set(family, option, value)
confFP = openFile(conf.saveConfig, "wb")
try:
config.write(confFP)
except IOError, ex:
errMsg = "something went wrong while trying "
errMsg += "to write to the configuration file '%s' ('%s')" % (conf.saveConfig, getSafeExString(ex))
raise SqlmapSystemException(errMsg)
saveConfig(conf, conf.saveConfig)
infoMsg = "saved command line options to the configuration file '%s'" % conf.saveConfig
logger.info(infoMsg)
@@ -2229,26 +2178,6 @@ def _mergeOptions(inputOptions, overrideOptions):
@type inputOptions: C{instance}
"""
if inputOptions.pickledOptions:
try:
unpickledOptions = base64unpickle(inputOptions.pickledOptions, unsafe=True)
if type(unpickledOptions) == dict:
unpickledOptions = AttribDict(unpickledOptions)
_normalizeOptions(unpickledOptions)
unpickledOptions["pickledOptions"] = None
for key in inputOptions:
if key not in unpickledOptions:
unpickledOptions[key] = inputOptions[key]
inputOptions = unpickledOptions
except Exception, ex:
errMsg = "provided invalid value '%s' for option '--pickled-options'" % inputOptions.pickledOptions
errMsg += " (%s)" % repr(ex)
raise SqlmapSyntaxException(errMsg)
if inputOptions.configFile:
configFileParser(inputOptions.configFile)
@@ -2261,7 +2190,7 @@ def _mergeOptions(inputOptions, overrideOptions):
if key not in conf or value not in (None, False) or overrideOptions:
conf[key] = value
if not hasattr(conf, "api"):
if not conf.api:
for key, value in conf.items():
if value is not None:
kb.explicitSettings.add(key)
@@ -2456,6 +2385,10 @@ def _basicOptionValidation():
errMsg = "switch '--dump' is incompatible with switch '--search'"
raise SqlmapSyntaxException(errMsg)
if conf.api and not conf.configFile:
errMsg = "switch '--api' requires usage of option '-c'"
raise SqlmapSyntaxException(errMsg)
if conf.data and conf.nullConnection:
errMsg = "option '--data' is incompatible with switch '--null-connection'"
raise SqlmapSyntaxException(errMsg)

5
lib/core/optiondict.py
View File

@@ -243,5 +243,10 @@ optDict = {
"liveTest": "boolean",
"stopFail": "boolean",
"runCase": "string",
},
"API": {
"api": "boolean",
"taskid": "string",
"database": "string",
}
}

5
lib/core/settings.py
View File

@@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
from lib.core.enums import OS
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.1.4.0"
VERSION = "1.1.5.0"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
@@ -386,6 +386,9 @@ REFLECTED_BORDER_REGEX = r"[^A-Za-z]+"
# Regular expression used for replacing non-alphanum characters
REFLECTED_REPLACEMENT_REGEX = r".+"
# Maximum time (in seconds) spent per reflective value(s) replacement
REFLECTED_REPLACEMENT_TIMEOUT = 3
# Maximum number of alpha-numerical parts in reflected regex (for speed purposes)
REFLECTED_MAX_REGEX_PARTS = 10

70
lib/core/target.py
View File

@@ -118,11 +118,12 @@ def _setRequestParams():
if kb.processUserMarks is None and CUSTOM_INJECTION_MARK_CHAR in conf.data:
message = "custom injection marking character ('%s') found in option " % CUSTOM_INJECTION_MARK_CHAR
message += "'--data'. Do you want to process it? [Y/n/q] "
test = readInput(message, default="Y")
if test and test[0] in ("q", "Q"):
choice = readInput(message, default='Y')
if choice == 'Q':
raise SqlmapUserQuitException
else:
kb.processUserMarks = not test or test[0] not in ("n", "N")
kb.processUserMarks = choice == 'Y'
if kb.processUserMarks:
kb.testOnlyCustom = True
@@ -131,10 +132,11 @@ def _setRequestParams():
if re.search(JSON_RECOGNITION_REGEX, conf.data):
message = "JSON data found in %s data. " % conf.method
message += "Do you want to process it? [Y/n/q] "
test = readInput(message, default="Y")
if test and test[0] in ("q", "Q"):
choice = readInput(message, default='Y')
if choice == 'Q':
raise SqlmapUserQuitException
elif test[0] not in ("n", "N"):
elif choice == 'N':
conf.data = getattr(conf.data, UNENCODED_ORIGINAL_VALUE, conf.data)
conf.data = conf.data.replace(CUSTOM_INJECTION_MARK_CHAR, ASTERISK_MARKER)
conf.data = re.sub(r'("(?P<name>[^"]+)"\s*:\s*"[^"]+)"', functools.partial(process, repl=r'\g<1>%s"' % CUSTOM_INJECTION_MARK_CHAR), conf.data)
@@ -150,10 +152,11 @@ def _setRequestParams():
elif re.search(JSON_LIKE_RECOGNITION_REGEX, conf.data):
message = "JSON-like data found in %s data. " % conf.method
message += "Do you want to process it? [Y/n/q] "
test = readInput(message, default="Y")
if test and test[0] in ("q", "Q"):
choice = readInput(message, default='Y').upper()
if choice == 'Q':
raise SqlmapUserQuitException
elif test[0] not in ("n", "N"):
elif choice == 'N':
conf.data = getattr(conf.data, UNENCODED_ORIGINAL_VALUE, conf.data)
conf.data = conf.data.replace(CUSTOM_INJECTION_MARK_CHAR, ASTERISK_MARKER)
conf.data = re.sub(r"('(?P<name>[^']+)'\s*:\s*'[^']+)'", functools.partial(process, repl=r"\g<1>%s'" % CUSTOM_INJECTION_MARK_CHAR), conf.data)
@@ -163,10 +166,11 @@ def _setRequestParams():
elif re.search(ARRAY_LIKE_RECOGNITION_REGEX, conf.data):
message = "Array-like data found in %s data. " % conf.method
message += "Do you want to process it? [Y/n/q] "
test = readInput(message, default="Y")
if test and test[0] in ("q", "Q"):
choice = readInput(message, default='Y').upper()
if choice == 'Q':
raise SqlmapUserQuitException
elif test[0] not in ("n", "N"):
elif choice == 'N':
conf.data = conf.data.replace(CUSTOM_INJECTION_MARK_CHAR, ASTERISK_MARKER)
conf.data = re.sub(r"(=[^%s]+)" % DEFAULT_GET_POST_DELIMITER, r"\g<1>%s" % CUSTOM_INJECTION_MARK_CHAR, conf.data)
kb.postHint = POST_HINT.ARRAY_LIKE
@@ -174,10 +178,11 @@ def _setRequestParams():
elif re.search(XML_RECOGNITION_REGEX, conf.data):
message = "SOAP/XML data found in %s data. " % conf.method
message += "Do you want to process it? [Y/n/q] "
test = readInput(message, default="Y")
if test and test[0] in ("q", "Q"):
choice = readInput(message, default='Y').upper()
if choice == 'Q':
raise SqlmapUserQuitException
elif test[0] not in ("n", "N"):
elif choice == 'N':
conf.data = getattr(conf.data, UNENCODED_ORIGINAL_VALUE, conf.data)
conf.data = conf.data.replace(CUSTOM_INJECTION_MARK_CHAR, ASTERISK_MARKER)
conf.data = re.sub(r"(<(?P<name>[^>]+)( [^<]*)?>)([^<]+)(</\2)", functools.partial(process, repl=r"\g<1>\g<4>%s\g<5>" % CUSTOM_INJECTION_MARK_CHAR), conf.data)
@@ -186,10 +191,11 @@ def _setRequestParams():
elif re.search(MULTIPART_RECOGNITION_REGEX, conf.data):
message = "Multipart-like data found in %s data. " % conf.method
message += "Do you want to process it? [Y/n/q] "
test = readInput(message, default="Y")
if test and test[0] in ("q", "Q"):
choice = readInput(message, default='Y').upper()
if choice == 'Q':
raise SqlmapUserQuitException
elif test[0] not in ("n", "N"):
elif choice == 'N':
conf.data = getattr(conf.data, UNENCODED_ORIGINAL_VALUE, conf.data)
conf.data = conf.data.replace(CUSTOM_INJECTION_MARK_CHAR, ASTERISK_MARKER)
conf.data = re.sub(r"(?si)((Content-Disposition[^\n]+?name\s*=\s*[\"'](?P<name>[^\n]+?)[\"']).+?)(((\r)?\n)+--)", functools.partial(process, repl=r"\g<1>%s\g<4>" % CUSTOM_INJECTION_MARK_CHAR), conf.data)
@@ -222,11 +228,11 @@ def _setRequestParams():
message = "do you want to try URI injections "
message += "in the target URL itself? [Y/n/q] "
test = readInput(message, default="Y")
choice = readInput(message, default='Y').upper()
if test and test[0] in ("q", "Q"):
if choice == 'Q':
raise SqlmapUserQuitException
elif not test or test[0] not in ("n", "N"):
elif choice == 'Y':
conf.url = "%s%s" % (conf.url, CUSTOM_INJECTION_MARK_CHAR)
kb.processUserMarks = True
@@ -237,11 +243,12 @@ def _setRequestParams():
lut = {PLACE.URI: '-u', PLACE.CUSTOM_POST: '--data', PLACE.CUSTOM_HEADER: '--headers/--user-agent/--referer/--cookie'}
message = "custom injection marking character ('%s') found in option " % CUSTOM_INJECTION_MARK_CHAR
message += "'%s'. Do you want to process it? [Y/n/q] " % lut[place]
test = readInput(message, default="Y")
if test and test[0] in ("q", "Q"):
choice = readInput(message, default='Y').upper()
if choice == 'Q':
raise SqlmapUserQuitException
else:
kb.processUserMarks = not test or test[0] not in ("n", "N")
kb.processUserMarks = choice == 'Y'
if kb.processUserMarks:
kb.testOnlyCustom = True
@@ -381,8 +388,8 @@ def _setRequestParams():
if any(parameter.lower().count(_) for _ in CSRF_TOKEN_PARAMETER_INFIXES):
message = "%s parameter '%s' appears to hold anti-CSRF token. " % (place, parameter)
message += "Do you want sqlmap to automatically update it in further requests? [y/N] "
test = readInput(message, default="N")
if test and test[0] in ("y", "Y"):
if readInput(message, default='N', boolean=True):
conf.csrfToken = parameter
break
@@ -431,7 +438,7 @@ def _resumeHashDBValues():
if not conf.tech or intersect(conf.tech, injection.data.keys()):
if intersect(conf.tech, injection.data.keys()):
injection.data = dict(filter(lambda (key, item): key in conf.tech, injection.data.items()))
injection.data = dict(_ for _ in injection.data.items() if _[0] in conf.tech)
if injection not in kb.injections:
kb.injections.append(injection)
@@ -471,9 +478,8 @@ def _resumeDBMS():
message += "sqlmap assumes the back-end DBMS is '%s'. " % dbms
message += "Do you really want to force the back-end "
message += "DBMS value? [y/N] "
test = readInput(message, default="N")
if not test or test[0] in ("n", "N"):
if not readInput(message, default='N', boolean=True):
conf.dbms = None
Backend.setDbms(dbms)
Backend.setVersionList(dbmsVersion)
@@ -507,9 +513,8 @@ def _resumeOS():
message += "operating system is %s. " % os
message += "Do you really want to force the back-end DBMS "
message += "OS value? [y/N] "
test = readInput(message, default="N")
if not test or test[0] in ("n", "N"):
if not readInput(message, default='N', boolean=True):
conf.os = os
else:
conf.os = os
@@ -532,7 +537,8 @@ def _setResultsFile():
except (OSError, IOError), ex:
try:
warnMsg = "unable to create results file '%s' ('%s'). " % (conf.resultsFilename, getUnicode(ex))
conf.resultsFilename = tempfile.mkstemp(prefix=MKSTEMP_PREFIX.RESULTS, suffix=".csv")[1]
handle, conf.resultsFilename = tempfile.mkstemp(prefix=MKSTEMP_PREFIX.RESULTS, suffix=".csv")
os.close(handle)
conf.resultsFP = openFile(conf.resultsFilename, "w+", UNICODE_ENCODING, buffering=0)
warnMsg += "Using temporary file '%s' instead" % conf.resultsFilename
logger.warn(warnMsg)

13
lib/core/threads.py
View File

@@ -7,7 +7,6 @@ See the file 'doc/COPYING' for copying permission
import difflib
import random
import thread
import threading
import time
import traceback
@@ -68,7 +67,7 @@ ThreadData = _ThreadData()
def getCurrentThreadUID():
return hash(threading.currentThread())
def readInput(message, default=None):
def readInput(message, default=None, checkBatch=True, boolean=False):
# It will be overwritten by original from lib.core.common
pass
@@ -88,7 +87,7 @@ def getCurrentThreadName():
return threading.current_thread().getName()
def exceptionHandledFunction(threadFunction):
def exceptionHandledFunction(threadFunction, silent=False):
try:
threadFunction()
except KeyboardInterrupt:
@@ -96,8 +95,8 @@ def exceptionHandledFunction(threadFunction):
kb.threadException = True
raise
except Exception, ex:
# thread is just going to be silently killed
logger.error("thread %s: %s" % (threading.currentThread().getName(), ex.message))
if not silent:
logger.error("thread %s: %s" % (threading.currentThread().getName(), ex.message))
def setDaemon(thread):
# Reference: http://stackoverflow.com/questions/190010/daemon-threads-explanation
@@ -151,7 +150,7 @@ def runThreads(numThreads, threadFunction, cleanupFunction=None, forwardExceptio
try:
thread.start()
except thread.error, ex:
except Exception, ex:
errMsg = "error occurred while starting new thread ('%s')" % ex.message
logger.critical(errMsg)
break
@@ -208,7 +207,7 @@ def runThreads(numThreads, threadFunction, cleanupFunction=None, forwardExceptio
if lock.locked():
try:
lock.release()
except thread.error:
except:
pass
if conf.get("hashDB"):

13
lib/parse/cmdline.py
View File

@@ -770,9 +770,6 @@ def cmdLineParser(argv=None):
parser.add_option("--murphy-rate", dest="murphyRate", type="int",
help=SUPPRESS_HELP)
parser.add_option("--pickled-options", dest="pickledOptions",
help=SUPPRESS_HELP)
parser.add_option("--disable-precon", dest="disablePrecon", action="store_true",
help=SUPPRESS_HELP)
@@ -799,6 +796,14 @@ def cmdLineParser(argv=None):
parser.add_option("--run-case", dest="runCase", help=SUPPRESS_HELP)
# API options
parser.add_option("--api", dest="api", action="store_true",
help=SUPPRESS_HELP)
parser.add_option("--taskid", dest="taskid", help=SUPPRESS_HELP)
parser.add_option("--database", dest="database", help=SUPPRESS_HELP)
parser.add_option_group(target)
parser.add_option_group(request)
parser.add_option_group(optimization)
@@ -963,7 +968,7 @@ def cmdLineParser(argv=None):
if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, \
args.requestFile, args.updateAll, args.smokeTest, args.liveTest, args.wizard, args.dependencies, \
args.purgeOutput, args.pickledOptions, args.sitemapUrl)):
args.purgeOutput, args.sitemapUrl)):
errMsg = "missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, -x, --wizard, --update, --purge-output or --dependencies), "
errMsg += "use -h for basic or -hh for advanced help\n"
parser.error(errMsg)

3
lib/parse/sitemap.py
View File

@@ -41,8 +41,7 @@ def parseSitemap(url, retVal=None):
if url.endswith(".xml") and "sitemap" in url.lower():
if kb.followSitemapRecursion is None:
message = "sitemap recursion detected. Do you want to follow? [y/N] "
test = readInput(message, default="N")
kb.followSitemapRecursion = test[0] in ("y", "Y")
kb.followSitemapRecursion = readInput(message, default='N', boolean=True)
if kb.followSitemapRecursion:
parseSitemap(url, retVal)
else:

8
lib/request/basic.py
View File

@@ -103,8 +103,8 @@ def forgeHeaders(items=None):
message += "The target URL provided its own cookies within "
message += "the HTTP %s header which intersect with yours. " % HTTP_HEADER.SET_COOKIE
message += "Do you want to merge them in further requests? [Y/n] "
_ = readInput(message, default="Y")
kb.mergeCookies = not _ or _[0] in ("y", "Y")
kb.mergeCookies = readInput(message, default='Y', boolean=True)
if kb.mergeCookies and kb.injection.place != PLACE.COOKIE:
_ = lambda x: re.sub(r"(?i)\b%s=[^%s]+" % (re.escape(getUnicode(cookie.name)), conf.cookieDel or DEFAULT_COOKIE_DELIMITER), ("%s=%s" % (getUnicode(cookie.name), getUnicode(cookie.value))).replace('\\', r'\\'), x)
@@ -368,8 +368,10 @@ def processResponse(page, responseHeaders):
continue
else:
msg = "do you want to automatically adjust the value of '%s'? [y/N]" % name
if readInput(msg, default='N').strip().upper() != 'Y':
if not readInput(msg, default='N', boolean=True):
continue
conf.paramDict[PLACE.POST][name] = value
conf.parameters[PLACE.POST] = re.sub("(?i)(%s=)[^&]+" % re.escape(name), r"\g<1>%s" % re.escape(value), conf.parameters[PLACE.POST])

12
lib/request/connect.py
View File

@@ -310,8 +310,8 @@ class Connect(object):
elif target:
if conf.forceSSL and urlparse.urlparse(url).scheme != "https":
url = re.sub("\Ahttp:", "https:", url, re.I)
url = re.sub(":80/", ":443/", url, re.I)
url = re.sub("(?i)\Ahttp:", "https:", url)
url = re.sub("(?i):80/", ":443/", url)
if PLACE.GET in conf.parameters and not get:
get = conf.parameters[PLACE.GET]
@@ -509,9 +509,8 @@ class Connect(object):
msg += "(redirect like response common to login pages). "
msg += "Do you want to apply the refresh "
msg += "from now on (or stay on the original page)? [Y/n]"
choice = readInput(msg, default="Y")
kb.alwaysRefresh = choice not in ("n", "N")
kb.alwaysRefresh = readInput(msg, default='Y', boolean=True)
if kb.alwaysRefresh:
if re.search(r"\Ahttps?://", refresh, re.I):
@@ -675,7 +674,8 @@ class Connect(object):
message = "there seems to be a continuous problem with connection to the target. "
message += "Are you sure that you want to continue "
message += "with further target testing? [y/N] "
kb.connErrorChoice = readInput(message, default="N") in ("Y", "y")
kb.connErrorChoice = readInput(message, default='N', boolean=True)
if kb.connErrorChoice is False:
raise SqlmapConnectionException(warnMsg)
@@ -832,7 +832,7 @@ class Connect(object):
if kb.cookieEncodeChoice is None:
msg = "do you want to URL encode cookie values (implementation specific)? %s" % ("[Y/n]" if not conf.url.endswith(".aspx") else "[y/N]") # Reference: https://support.microsoft.com/en-us/kb/313282
choice = readInput(msg, default='Y' if not conf.url.endswith(".aspx") else 'N')
kb.cookieEncodeChoice = choice.upper().strip() == "Y"
kb.cookieEncodeChoice = choice.upper().strip() == 'Y'
if not kb.cookieEncodeChoice:
skip = True

12
lib/request/inject.py
View File

@@ -208,22 +208,22 @@ def _goInferenceProxy(expression, fromUser=False, batch=False, unpack=True, char
message += "entries do you want to retrieve?\n"
message += "[a] All (default)\n[#] Specific number\n"
message += "[q] Quit"
test = readInput(message, default="a")
choice = readInput(message, default='A').upper()
if not test or test[0] in ("a", "A"):
if choice == 'A':
stopLimit = count
elif test[0] in ("q", "Q"):
elif choice == 'Q':
raise SqlmapUserQuitException
elif test.isdigit() and int(test) > 0 and int(test) <= count:
stopLimit = int(test)
elif choice.isdigit() and int(choice) > 0 and int(choice) <= count:
stopLimit = int(choice)
infoMsg = "sqlmap is now going to retrieve the "
infoMsg += "first %d query output entries" % stopLimit
logger.info(infoMsg)
elif test[0] in ("#", "s", "S"):
elif choice in ('#', 'S'):
message = "how many? "
stopLimit = readInput(message, default="10")

6
lib/request/redirecthandler.py
View File

@@ -50,18 +50,16 @@ class SmartRedirectHandler(urllib2.HTTPRedirectHandler):
if kb.redirectChoice is None:
msg = "sqlmap got a %d redirect to " % redcode
msg += "'%s'. Do you want to follow? [Y/n] " % redurl
choice = readInput(msg, default="Y")
kb.redirectChoice = choice.upper()
kb.redirectChoice = REDIRECTION.YES if readInput(msg, default='Y', boolean=True) else REDIRECTION.NO
if kb.redirectChoice == REDIRECTION.YES and method == HTTPMETHOD.POST and kb.resendPostOnRedirect is None:
msg = "redirect is a result of a "
msg += "POST request. Do you want to "
msg += "resend original POST data to a new "
msg += "location? [%s] " % ("Y/n" if not kb.originalPage else "y/N")
choice = readInput(msg, default=("Y" if not kb.originalPage else "N"))
kb.resendPostOnRedirect = choice.upper() == 'Y'
kb.resendPostOnRedirect = readInput(msg, default=('Y' if not kb.originalPage else 'N'), boolean=True)
if kb.resendPostOnRedirect:
self.redirect_request = self._redirect_request

11
lib/takeover/abstraction.py
View File

@@ -75,17 +75,17 @@ class Abstraction(Web, UDF, XP_cmdshell):
return safechardecode(retVal)
def runCmd(self, cmd):
getOutput = None
choice = None
if not self.alwaysRetrieveCmdOutput:
message = "do you want to retrieve the command standard "
message += "output? [Y/n/a] "
getOutput = readInput(message, default="Y")
choice = readInput(message, default='Y')
if getOutput in ("a", "A"):
if choice in ('a', 'A'):
self.alwaysRetrieveCmdOutput = True
if not getOutput or getOutput in ("y", "Y") or self.alwaysRetrieveCmdOutput:
if not choice or choice in ('y', 'Y') or self.alwaysRetrieveCmdOutput:
output = self.evalCmd(cmd)
if output:
@@ -166,9 +166,8 @@ class Abstraction(Web, UDF, XP_cmdshell):
msg += "statements as another DBMS user since you provided the "
msg += "option '--dbms-creds'. If you are DBA, you can enable it. "
msg += "Do you want to enable it? [Y/n] "
choice = readInput(msg, default="Y")
if not choice or choice in ("y", "Y"):
if readInput(msg, default='Y', boolean=True):
expression = getSQLSnippet(DBMS.MSSQL, "configure_openrowset", ENABLE="1")
inject.goStacked(expression)

47
lib/takeover/udf.py
View File

@@ -42,12 +42,8 @@ class UDF:
def _askOverwriteUdf(self, udf):
message = "UDF '%s' already exists, do you " % udf
message += "want to overwrite it? [y/N] "
output = readInput(message, default="N")
if output and output[0] in ("y", "Y"):
return True
else:
return False
return readInput(message, default='N', boolean=True)
def _checkExistUdf(self, udf):
logger.info("checking if UDF '%s' already exist" % udf)
@@ -158,9 +154,8 @@ class UDF:
message = "do you want to proceed anyway? Beware that the "
message += "operating system takeover will fail [y/N] "
choice = readInput(message, default="N")
if choice and choice.lower() == "y":
if readInput(message, default='N', boolean=True):
written = True
else:
return False
@@ -241,9 +236,9 @@ class UDF:
msg += "from the shared library? "
while True:
udfCount = readInput(msg, default=1)
udfCount = readInput(msg, default='1')
if isinstance(udfCount, basestring) and udfCount.isdigit():
if udfCount.isdigit():
udfCount = int(udfCount)
if udfCount <= 0:
@@ -251,10 +246,6 @@ class UDF:
return
else:
break
elif isinstance(udfCount, int):
break
else:
logger.warn("invalid value, only digits are allowed")
@@ -276,20 +267,16 @@ class UDF:
self.udfs[udfName]["input"] = []
default = 1
msg = "how many input parameters takes UDF "
msg += "'%s'? (default: %d) " % (udfName, default)
msg += "'%s'? (default: 1) " % udfName
while True:
parCount = readInput(msg, default=default)
parCount = readInput(msg, default='1')
if isinstance(parCount, basestring) and parCount.isdigit() and int(parCount) >= 0:
if parCount.isdigit() and int(parCount) >= 0:
parCount = int(parCount)
break
elif isinstance(parCount, int):
break
else:
logger.warn("invalid value, only digits >= 0 are allowed")
@@ -298,9 +285,9 @@ class UDF:
msg += "number %d? (default: %s) " % ((y + 1), defaultType)
while True:
parType = readInput(msg, default=defaultType)
parType = readInput(msg, default=defaultType).strip()
if isinstance(parType, basestring) and parType.isdigit():
if parType.isdigit():
logger.warn("you need to specify the data-type of the parameter")
else:
@@ -327,12 +314,12 @@ class UDF:
msg = "do you want to call your injected user-defined "
msg += "functions now? [Y/n/q] "
choice = readInput(msg, default="Y")
choice = readInput(msg, default='Y').upper()
if choice[0] in ("n", "N"):
if choice == 'N':
self.cleanup(udfDict=self.udfs)
return
elif choice[0] in ("q", "Q"):
elif choice == 'Q':
self.cleanup(udfDict=self.udfs)
raise SqlmapUserQuitException
@@ -347,9 +334,9 @@ class UDF:
msg += "\n[q] Quit"
while True:
choice = readInput(msg)
choice = readInput(msg).upper()
if choice and choice[0] in ("q", "Q"):
if choice == 'Q':
break
elif isinstance(choice, basestring) and choice.isdigit() and int(choice) > 0 and int(choice) <= len(udfList):
choice = int(choice)
@@ -390,9 +377,8 @@ class UDF:
cmd = cmd[:-1]
msg = "do you want to retrieve the return value of the "
msg += "UDF? [Y/n] "
choice = readInput(msg, default="Y")
if choice[0] in ("y", "Y"):
if readInput(msg, default='Y', boolean=True):
output = self.udfEvalCmd(cmd, udfName=udfToCall)
if output:
@@ -403,9 +389,8 @@ class UDF:
self.udfExecCmd(cmd, udfName=udfToCall, silent=True)
msg = "do you want to call this or another injected UDF? [Y/n] "
choice = readInput(msg, default="Y")
if choice[0] not in ("y", "Y"):
if not readInput(msg, default='Y', boolean=True):
break
self.cleanup(udfDict=self.udfs)

10
lib/takeover/web.py
View File

@@ -202,11 +202,10 @@ class Web:
if not kb.absFilePaths:
message = "do you want sqlmap to further try to "
message += "provoke the full path disclosure? [Y/n] "
getOutput = readInput(message, default="Y")
if getOutput in ("y", "Y"):
if readInput(message, default='Y', boolean=True):
headers = {}
been = {conf.url}
been = set([conf.url])
for match in re.finditer(r"=['\"]((https?):)?(//[^/'\"]+)?(/[\w/.-]*)\bwp-", kb.originalPage, re.I):
url = "%s%s" % (conf.url.replace(conf.path, match.group(4)), "wp-content/wp-db.php")
@@ -371,7 +370,7 @@ class Web:
_ = "tmpe%s.exe" % randomStr(lowercase=True)
if self.webUpload(backdoorName, backdoorDirectory, content=backdoorContent.replace("WRITABLE_DIR", backdoorDirectory).replace("RUNCMD_EXE", _)):
self.webUpload(_, backdoorDirectory, filepath=os.path.join(paths.SQLMAP_SHELL_PATH, 'runcmd.exe_'))
self.webUpload(_, backdoorDirectory, filepath=os.path.join(paths.SQLMAP_EXTRAS_PATH, "runcmd", "runcmd.exe_"))
self.webBackdoorUrl = "%s/Scripts/%s" % (self.webBaseUrl, backdoorName)
self.webDirectory = backdoorDirectory
else:
@@ -391,9 +390,8 @@ class Web:
message = "do you want to try the same method used "
message += "for the file stager? [Y/n] "
getOutput = readInput(message, default="Y")
if getOutput in ("y", "Y"):
if readInput(message, default='Y', boolean=True):
self._webFileInject(backdoorContent, backdoorName, directory)
else:
continue

3
lib/takeover/xp_cmdshell.py
View File

@@ -255,9 +255,8 @@ class XP_cmdshell:
message = "xp_cmdshell extended procedure does not seem to "
message += "be available. Do you want sqlmap to try to "
message += "re-enable it? [Y/n] "
choice = readInput(message, default="Y")
if not choice or choice in ("y", "Y"):
if readInput(message, default='Y', boolean=True):
self._xpCmdshellConfigure(1)
if self._xpCmdshellCheck():

16
lib/techniques/blind/inference.py
View File

@@ -97,7 +97,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
# Set kb.partRun in case "common prediction" feature (a.k.a. "good samaritan") is used or the engine is called from the API
if conf.predictOutput:
kb.partRun = getPartRun()
elif hasattr(conf, "api"):
elif conf.api:
kb.partRun = getPartRun(alias=False)
else:
kb.partRun = None
@@ -168,7 +168,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
warnMsg += "usage of option '--threads' for faster data retrieval"
singleTimeWarnMessage(warnMsg)
if conf.verbose in (1, 2) and not showEta and not hasattr(conf, "api"):
if conf.verbose in (1, 2) and not showEta and not conf.api:
if isinstance(length, int) and conf.threads > 1:
dataToStdout("[%s] [INFO] retrieved: %s" % (time.strftime("%X"), "_" * min(length, conf.progressWidth)))
dataToStdout("\r[%s] [INFO] retrieved: " % time.strftime("%X"))
@@ -492,7 +492,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
if (endCharIndex - startCharIndex == conf.progressWidth) and (endCharIndex < length - 1):
output = output[:-2] + '..'
if conf.verbose in (1, 2) and not showEta and not hasattr(conf, "api"):
if conf.verbose in (1, 2) and not showEta and not conf.api:
_ = count - firstChar
output += '_' * (min(length, conf.progressWidth) - len(output))
status = ' %d/%d (%d%%)' % (_, length, round(100.0 * _ / length))
@@ -522,7 +522,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
finalValue = "".join(value)
infoMsg = "\r[%s] [INFO] retrieved: %s" % (time.strftime("%X"), filterControlChars(finalValue))
if conf.verbose in (1, 2) and not showEta and infoMsg and not hasattr(conf, "api"):
if conf.verbose in (1, 2) and not showEta and infoMsg and not conf.api:
dataToStdout(infoMsg)
# No multi-threading (--threads = 1)
@@ -558,7 +558,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
if result:
if showEta:
progress.progress(time.time() - charStart, len(commonValue))
elif conf.verbose in (1, 2) or hasattr(conf, "api"):
elif conf.verbose in (1, 2) or conf.api:
dataToStdout(filterControlChars(commonValue[index - 1:]))
finalValue = commonValue
@@ -608,7 +608,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
if showEta:
progress.progress(time.time() - charStart, index)
elif conf.verbose in (1, 2) or hasattr(conf, "api"):
elif conf.verbose in (1, 2) or conf.api:
dataToStdout(filterControlChars(val))
# some DBMSes (e.g. Firebird, DB2, etc.) have issues with trailing spaces
@@ -635,11 +635,11 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
elif partialValue:
hashDBWrite(expression, "%s%s" % (PARTIAL_VALUE_MARKER if not conf.hexConvert else PARTIAL_HEX_VALUE_MARKER, partialValue))
if conf.hexConvert and not abortedFlag and not hasattr(conf, "api"):
if conf.hexConvert and not abortedFlag and not conf.api:
infoMsg = "\r[%s] [INFO] retrieved: %s %s\n" % (time.strftime("%X"), filterControlChars(finalValue), " " * retrievedLength)
dataToStdout(infoMsg)
else:
if conf.verbose in (1, 2) and not showEta and not hasattr(conf, "api"):
if conf.verbose in (1, 2) and not showEta and not conf.api:
dataToStdout("\n")
if (conf.verbose in (1, 2) and showEta) or conf.verbose >= 3:

8
lib/techniques/brute/__init__.py
View File

@@ -1,8 +0,0 @@
#!/usr/bin/env python
"""
Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission
"""
pass

11
lib/techniques/error/use.py
View File

@@ -176,7 +176,7 @@ def _oneShotErrorUse(expression, field=None, chunkTest=False):
else:
break
if output:
if output and conf.verbose in (1, 2) and not conf.api:
if kb.fileReadMode:
dataToStdout(_formatPartialContent(output).replace(r"\n", "\n").replace(r"\t", "\t"))
elif offset > 1:
@@ -301,7 +301,7 @@ def errorUse(expression, dump=False):
_, _, _, _, _, expressionFieldsList, expressionFields, _ = agent.getFields(expression)
# Set kb.partRun in case the engine is called from the API
kb.partRun = getPartRun(alias=False) if hasattr(conf, "api") else None
kb.partRun = getPartRun(alias=False) if conf.api else None
# We have to check if the SQL query might return multiple entries
# and in such case forge the SQL limiting the query output one
@@ -358,9 +358,8 @@ def errorUse(expression, dump=False):
if " ORDER BY " in expression and (stopLimit - startLimit) > SLOW_ORDER_COUNT_THRESHOLD:
message = "due to huge table size do you want to remove "
message += "ORDER BY clause gaining speed over consistency? [y/N] "
_ = readInput(message, default="N")
if _ and _[0] in ("y", "Y"):
if readInput(message, default="N", boolean=True):
expression = expression[:expression.index(" ORDER BY ")]
numThreads = min(conf.threads, (stopLimit - startLimit))
@@ -422,8 +421,8 @@ def errorUse(expression, dump=False):
index = None
if threadData.shared.showEta:
threadData.shared.progress.progress(time.time() - valueStart, threadData.shared.counter)
for index in xrange(len(threadData.shared.buffered)):
if threadData.shared.buffered[index][0] >= num:
for index in xrange(1 + len(threadData.shared.buffered)):
if index < len(threadData.shared.buffered) and threadData.shared.buffered[index][0] >= num:
break
threadData.shared.buffered.insert(index or 0, (num, output))
while threadData.shared.buffered and threadData.shared.lastFlushed + 1 == threadData.shared.buffered[0][0]:

4
lib/techniques/union/test.py
View File

@@ -283,8 +283,8 @@ def _unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix)
if not conf.uChar and count > 1 and kb.uChar == NULL:
message = "injection not exploitable with NULL values. Do you want to try with a random integer value for option '--union-char'? [Y/n] "
test = readInput(message, default="Y")
if test[0] not in ("y", "Y"):
if not readInput(message, default="Y", boolean=True):
warnMsg += "usage of option '--union-char' "
warnMsg += "(e.g. '--union-char=1') "
else:

14
lib/techniques/union/use.py
View File

@@ -215,7 +215,7 @@ def unionUse(expression, unpack=True, dump=False):
_, _, _, _, _, expressionFieldsList, expressionFields, _ = agent.getFields(origExpr)
# Set kb.partRun in case the engine is called from the API
kb.partRun = getPartRun(alias=False) if hasattr(conf, "api") else None
kb.partRun = getPartRun(alias=False) if conf.api else None
if Backend.isDbms(DBMS.MSSQL) and kb.dumpColumns:
kb.rowXmlMode = True
@@ -226,7 +226,7 @@ def unionUse(expression, unpack=True, dump=False):
if expressionFieldsList and len(expressionFieldsList) > 1 and "ORDER BY" in expression.upper():
# Removed ORDER BY clause because UNION does not play well with it
expression = re.sub("\s*ORDER BY\s+[\w,]+", "", expression, re.I)
expression = re.sub("(?i)\s*ORDER BY\s+[\w,]+", "", expression)
debugMsg = "stripping ORDER BY clause from statement because "
debugMsg += "it does not play well with UNION query SQL injection"
singleTimeDebugMessage(debugMsg)
@@ -356,16 +356,16 @@ def unionUse(expression, unpack=True, dump=False):
items = filtered.values()
items = [items]
index = None
for index in xrange(len(threadData.shared.buffered)):
if threadData.shared.buffered[index][0] >= num:
for index in xrange(1 + len(threadData.shared.buffered)):
if index < len(threadData.shared.buffered) and threadData.shared.buffered[index][0] >= num:
break
threadData.shared.buffered.insert(index or 0, (num, items))
else:
index = None
if threadData.shared.showEta:
threadData.shared.progress.progress(time.time() - valueStart, threadData.shared.counter)
for index in xrange(len(threadData.shared.buffered)):
if threadData.shared.buffered[index][0] >= num:
for index in xrange(1 + len(threadData.shared.buffered)):
if index < len(threadData.shared.buffered) and threadData.shared.buffered[index][0] >= num:
break
threadData.shared.buffered.insert(index or 0, (num, None))
@@ -378,7 +378,7 @@ def unionUse(expression, unpack=True, dump=False):
del threadData.shared.buffered[0]
if conf.verbose == 1 and not (threadData.resumed and kb.suppressResumeInfo) and not threadData.shared.showEta:
_ = ",".join("\"%s\"" % _ for _ in flattenValue(arrayizeValue(items))) if not isinstance(items, basestring) else items
_ = ','.join("\"%s\"" % _ for _ in flattenValue(arrayizeValue(items))) if not isinstance(items, basestring) else items
status = "[%s] [INFO] %s: %s" % (time.strftime("%X"), "resumed" if threadData.resumed else "retrieved", _ if kb.safeCharEncode else safecharencode(_))
if len(status) > width:

34
lib/utils/api.py
View File

@@ -20,8 +20,8 @@ import urllib2
from lib.core.common import dataToStdout
from lib.core.common import getSafeExString
from lib.core.common import saveConfig
from lib.core.common import unArrayizeValue
from lib.core.convert import base64pickle
from lib.core.convert import hexencode
from lib.core.convert import dejsonize
from lib.core.convert import jsonize
@@ -50,6 +50,7 @@ from thirdparty.bottle.bottle import post
from thirdparty.bottle.bottle import request
from thirdparty.bottle.bottle import response
from thirdparty.bottle.bottle import run
from thirdparty.bottle.bottle import server_names
# global settings
@@ -162,12 +163,16 @@ class Task(object):
self.options = AttribDict(self._original_options)
def engine_start(self):
handle, configFile = tempfile.mkstemp(prefix=MKSTEMP_PREFIX.CONFIG, text=True)
os.close(handle)
saveConfig(self.options, configFile)
if os.path.exists("sqlmap.py"):
self.process = Popen(["python", "sqlmap.py", "--pickled-options", base64pickle(self.options)], shell=False, close_fds=not IS_WIN)
self.process = Popen(["python", "sqlmap.py", "--api", "-c", configFile], shell=False, close_fds=not IS_WIN)
elif os.path.exists(os.path.join(os.getcwd(), "sqlmap.py")):
self.process = Popen(["python", "sqlmap.py", "--pickled-options", base64pickle(self.options)], shell=False, cwd=os.getcwd(), close_fds=not IS_WIN)
self.process = Popen(["python", "sqlmap.py", "--api", "-c", configFile], shell=False, cwd=os.getcwd(), close_fds=not IS_WIN)
else:
self.process = Popen(["sqlmap", "--pickled-options", base64pickle(self.options)], shell=False, close_fds=not IS_WIN)
self.process = Popen(["sqlmap", "--api", "-c", configFile], shell=False, close_fds=not IS_WIN)
def engine_stop(self):
if self.process:
@@ -278,7 +283,7 @@ class LogRecorder(logging.StreamHandler):
def setRestAPILog():
if hasattr(conf, "api"):
if conf.api:
try:
conf.databaseCursor = Database(conf.database)
conf.databaseCursor.connect("client")
@@ -647,7 +652,8 @@ def server(host=RESTAPI_DEFAULT_ADDRESS, port=RESTAPI_DEFAULT_PORT, adapter=REST
REST-JSON API server
"""
DataStore.admin_id = hexencode(os.urandom(16))
Database.filepath = tempfile.mkstemp(prefix=MKSTEMP_PREFIX.IPC, text=False)[1]
handle, Database.filepath = tempfile.mkstemp(prefix=MKSTEMP_PREFIX.IPC, text=False)
os.close(handle)
if port == 0: # random
with contextlib.closing(socket.socket(socket.AF_INET, socket.SOCK_STREAM)) as s:
@@ -656,7 +662,7 @@ def server(host=RESTAPI_DEFAULT_ADDRESS, port=RESTAPI_DEFAULT_PORT, adapter=REST
logger.info("Running REST-JSON API server at '%s:%d'.." % (host, port))
logger.info("Admin ID: %s" % DataStore.admin_id)
logger.debug("IPC database: %s" % Database.filepath)
logger.debug("IPC database: '%s'" % Database.filepath)
# Initialize IPC database
DataStore.current_db = Database()
@@ -665,6 +671,9 @@ def server(host=RESTAPI_DEFAULT_ADDRESS, port=RESTAPI_DEFAULT_PORT, adapter=REST
# Run RESTful API
try:
# Supported adapters: aiohttp, auto, bjoern, cgi, cherrypy, diesel, eventlet, fapws3, flup, gae, gevent, geventSocketIO, gunicorn, meinheld, paste, rocket, tornado, twisted, waitress, wsgiref
# Reference: https://bottlepy.org/docs/dev/deployment.html || bottle.server_names
if adapter == "gevent":
from gevent import monkey
monkey.patch_all()
@@ -679,9 +688,12 @@ def server(host=RESTAPI_DEFAULT_ADDRESS, port=RESTAPI_DEFAULT_PORT, adapter=REST
else:
raise
except ImportError:
errMsg = "Adapter '%s' is not available on this system" % adapter
if adapter in ("gevent", "eventlet"):
errMsg += " (e.g.: 'sudo apt-get install python-%s')" % adapter
if adapter.lower() not in server_names:
errMsg = "Adapter '%s' is unknown. " % adapter
errMsg += "(Note: available adapters '%s')" % ', '.join(sorted(server_names.keys()))
else:
errMsg = "Server support for adapter '%s' is not installed on this system " % adapter
errMsg += "(Note: you can try to install it with 'sudo apt-get install python-%s' or 'sudo pip install %s')" % (adapter, adapter)
logger.critical(errMsg)
def _client(url, options=None):
@@ -690,7 +702,7 @@ def _client(url, options=None):
data = None
if options is not None:
data = jsonize(options)
req = urllib2.Request(url, data, {'Content-Type': 'application/json'})
req = urllib2.Request(url, data, {"Content-Type": "application/json"})
response = urllib2.urlopen(req)
text = response.read()
except:

29
lib/techniques/brute/use.py → lib/utils/brute.py
View File

@@ -57,8 +57,7 @@ def tableExists(tableFile, regex=None):
logger.warn(warnMsg)
message = "are you sure you want to continue? [y/N] "
test = readInput(message, default="N")
kb.tableExistsChoice = test[0] in ("y", "Y")
kb.tableExistsChoice = readInput(message, default='N', boolean=True)
if not kb.tableExistsChoice:
return None
@@ -74,11 +73,19 @@ def tableExists(tableFile, regex=None):
errMsg += "to distinguish erroneous results)"
raise SqlmapDataException(errMsg)
tables = getFileItems(tableFile, lowercase=Backend.getIdentifiedDbms() in (DBMS.ACCESS,), unique=True)
message = "which common tables (wordlist) file do you want to use?\n"
message += "[1] default '%s' (press Enter)\n" % tableFile
message += "[2] custom"
choice = readInput(message, default='1')
if choice == '2':
message = "what's the custom common tables file location?\n"
tableFile = readInput(message) or tableFile
infoMsg = "checking table existence using items from '%s'" % tableFile
logger.info(infoMsg)
tables = getFileItems(tableFile, lowercase=Backend.getIdentifiedDbms() in (DBMS.ACCESS,), unique=True)
tables.extend(_addPageTextWords())
tables = filterListValue(tables, regex)
@@ -114,7 +121,7 @@ def tableExists(tableFile, regex=None):
threadData.shared.value.append(table)
threadData.shared.unique.add(table.lower())
if conf.verbose in (1, 2) and not hasattr(conf, "api"):
if conf.verbose in (1, 2) and not conf.api:
clearConsoleLine(True)
infoMsg = "[%s] [INFO] retrieved: %s\n" % (time.strftime("%X"), unsafeSQLIdentificatorNaming(table))
dataToStdout(infoMsg, True)
@@ -161,8 +168,7 @@ def columnExists(columnFile, regex=None):
logger.warn(warnMsg)
message = "are you sure you want to continue? [y/N] "
test = readInput(message, default="N")
kb.columnExistsChoice = test[0] in ("y", "Y")
kb.columnExistsChoice = readInput(message, default='N', boolean=True)
if not kb.columnExistsChoice:
return None
@@ -182,6 +188,15 @@ def columnExists(columnFile, regex=None):
errMsg += "to distinguish erroneous results)"
raise SqlmapDataException(errMsg)
message = "which common columns (wordlist) file do you want to use?\n"
message += "[1] default '%s' (press Enter)\n" % columnFile
message += "[2] custom"
choice = readInput(message, default='1')
if choice == '2':
message = "what's the custom common columns file location?\n"
columnFile = readInput(message) or columnFile
infoMsg = "checking column existence using items from '%s'" % columnFile
logger.info(infoMsg)
@@ -222,7 +237,7 @@ def columnExists(columnFile, regex=None):
if result:
threadData.shared.value.append(column)
if conf.verbose in (1, 2) and not hasattr(conf, "api"):
if conf.verbose in (1, 2) and not conf.api:
clearConsoleLine(True)
infoMsg = "[%s] [INFO] retrieved: %s\n" % (time.strftime("%X"), unsafeSQLIdentificatorNaming(column))
dataToStdout(infoMsg, True)

13
lib/utils/crawler.py
View File

@@ -20,6 +20,7 @@ from lib.core.common import getSafeExString
from lib.core.common import openFile
from lib.core.common import readInput
from lib.core.common import safeCSValue
from lib.core.common import urldecode
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
@@ -87,7 +88,7 @@ def crawl(target):
tags = soup('a')
if not tags:
tags = re.finditer(r'(?si)<a[^>]+href="(?P<href>[^>"]+)"', content)
tags = re.finditer(r'(?i)<a[^>]+href="(?P<href>[^>"]+)"', content)
for tag in tags:
href = tag.get("href") if hasattr(tag, "get") else tag.group("href")
@@ -130,8 +131,8 @@ def crawl(target):
if not conf.sitemapUrl:
message = "do you want to check for the existence of "
message += "site's sitemap(.xml) [y/N] "
test = readInput(message, default="n")
if test[0] in ("y", "Y"):
if readInput(message, default='N', boolean=True):
found = True
items = None
url = urlparse.urljoin(target, "/sitemap.xml")
@@ -187,7 +188,7 @@ def crawl(target):
logger.warn(warnMsg)
else:
for url in threadData.shared.value:
kb.targets.add((url, None, None, None, None))
kb.targets.add((urldecode(url, kb.pageEncoding), None, None, None, None))
storeResultsToFile(kb.targets)
@@ -198,8 +199,8 @@ def storeResultsToFile(results):
if kb.storeCrawlingChoice is None:
message = "do you want to store crawling results to a temporary file "
message += "for eventual further processing with other tools [y/N] "
test = readInput(message, default="N")
kb.storeCrawlingChoice = test[0] in ("y", "Y")
kb.storeCrawlingChoice = readInput(message, default='N', boolean=True)
if kb.storeCrawlingChoice:
handle, filename = tempfile.mkstemp(prefix=MKSTEMP_PREFIX.CRAWLER, suffix=".csv" if conf.forms else ".txt")

59
lib/utils/hash.py
View File

@@ -382,8 +382,8 @@ def storeHashesToFile(attack_dict):
if kb.storeHashesChoice is None:
message = "do you want to store hashes to a temporary file "
message += "for eventual further processing with other tools [y/N] "
test = readInput(message, default="N")
kb.storeHashesChoice = test[0] in ("y", "Y")
kb.storeHashesChoice = readInput(message, default='N', boolean=True)
if not kb.storeHashesChoice:
return
@@ -482,11 +482,11 @@ def attackDumpedTable():
storeHashesToFile(attack_dict)
message = "do you want to crack them via a dictionary-based attack? %s" % ("[y/N/q]" if conf.multipleTargets else "[Y/n/q]")
test = readInput(message, default="N" if conf.multipleTargets else "Y")
choice = readInput(message, default='N' if conf.multipleTargets else 'Y').upper()
if test[0] in ("n", "N"):
if choice == 'N':
return
elif test[0] in ("q", "Q"):
elif choice == 'Q':
raise SqlmapUserQuitException
results = dictionaryAttack(attack_dict)
@@ -529,7 +529,7 @@ def hashRecognition(value):
return retVal
def _bruteProcessVariantA(attack_info, hash_regex, suffix, retVal, proc_id, proc_count, wordlists, custom_wordlist):
def _bruteProcessVariantA(attack_info, hash_regex, suffix, retVal, proc_id, proc_count, wordlists, custom_wordlist, api):
if IS_WIN:
coloramainit()
@@ -583,7 +583,7 @@ def _bruteProcessVariantA(attack_info, hash_regex, suffix, retVal, proc_id, proc
status = 'current status: %s... %s' % (word.ljust(5)[:5], ROTATING_CHARS[rotator])
if not hasattr(conf, "api"):
if not api:
dataToStdout("\r[%s] [INFO] %s" % (time.strftime("%X"), status))
except KeyboardInterrupt:
@@ -605,7 +605,7 @@ def _bruteProcessVariantA(attack_info, hash_regex, suffix, retVal, proc_id, proc
with proc_count.get_lock():
proc_count.value -= 1
def _bruteProcessVariantB(user, hash_, kwargs, hash_regex, suffix, retVal, found, proc_id, proc_count, wordlists, custom_wordlist):
def _bruteProcessVariantB(user, hash_, kwargs, hash_regex, suffix, retVal, found, proc_id, proc_count, wordlists, custom_wordlist, api):
if IS_WIN:
coloramainit()
@@ -657,7 +657,7 @@ def _bruteProcessVariantB(user, hash_, kwargs, hash_regex, suffix, retVal, found
if user and not user.startswith(DUMMY_USER_PREFIX):
status += ' (user: %s)' % user
if not hasattr(conf, "api"):
if not api:
dataToStdout("\r[%s] [INFO] %s" % (time.strftime("%X"), status))
except KeyboardInterrupt:
@@ -766,20 +766,20 @@ def dictionaryAttack(attack_dict):
message += "[1] default dictionary file '%s' (press Enter)\n" % dictPaths[0]
message += "[2] custom dictionary file\n"
message += "[3] file with list of dictionary files"
choice = readInput(message, default="1")
choice = readInput(message, default='1')
try:
if choice == "2":
if choice == '2':
message = "what's the custom dictionary's location?\n"
dictPaths = [readInput(message)]
logger.info("using custom dictionary")
elif choice == "3":
_ = readInput(message)
if _:
dictPaths = [readInput(message)]
logger.info("using custom dictionary")
elif choice == '3':
message = "what's the list file location?\n"
listPath = readInput(message)
checkFile(listPath)
dictPaths = getFileItems(listPath)
logger.info("using custom list of dictionaries")
else:
logger.info("using default dictionary")
@@ -805,9 +805,8 @@ def dictionaryAttack(attack_dict):
logger.critical(warnMsg)
message = "do you want to use common password suffixes? (slow!) [y/N] "
test = readInput(message, default="N")
if test[0] in ("y", "Y"):
if readInput(message, default='N', boolean=True):
suffix_list += COMMON_PASSWORD_SUFFIXES
infoMsg = "starting dictionary-based cracking (%s)" % __functions__[hash_regex].func_name
@@ -843,12 +842,12 @@ def dictionaryAttack(attack_dict):
count = _multiprocessing.Value('i', _multiprocessing.cpu_count())
for i in xrange(_multiprocessing.cpu_count()):
p = _multiprocessing.Process(target=_bruteProcessVariantA, args=(attack_info, hash_regex, suffix, retVal, i, count, kb.wordlists, custom_wordlist))
processes.append(p)
process = _multiprocessing.Process(target=_bruteProcessVariantA, args=(attack_info, hash_regex, suffix, retVal, i, count, kb.wordlists, custom_wordlist, conf.api))
processes.append(process)
for p in processes:
p.daemon = True
p.start()
for process in processes:
process.daemon = True
process.start()
while count.value > 0:
time.sleep(0.5)
@@ -859,7 +858,7 @@ def dictionaryAttack(attack_dict):
singleTimeWarnMessage(warnMsg)
retVal = Queue()
_bruteProcessVariantA(attack_info, hash_regex, suffix, retVal, 0, 1, kb.wordlists, custom_wordlist)
_bruteProcessVariantA(attack_info, hash_regex, suffix, retVal, 0, 1, kb.wordlists, custom_wordlist, conf.api)
except KeyboardInterrupt:
print
@@ -927,12 +926,12 @@ def dictionaryAttack(attack_dict):
count = _multiprocessing.Value('i', _multiprocessing.cpu_count())
for i in xrange(_multiprocessing.cpu_count()):
p = _multiprocessing.Process(target=_bruteProcessVariantB, args=(user, hash_, kwargs, hash_regex, suffix, retVal, found_, i, count, kb.wordlists, custom_wordlist))
processes.append(p)
process = _multiprocessing.Process(target=_bruteProcessVariantB, args=(user, hash_, kwargs, hash_regex, suffix, retVal, found_, i, count, kb.wordlists, custom_wordlist, conf.api))
processes.append(process)
for p in processes:
p.daemon = True
p.start()
for process in processes:
process.daemon = True
process.start()
while count.value > 0:
time.sleep(0.5)
@@ -951,7 +950,7 @@ def dictionaryAttack(attack_dict):
found_ = Value()
found_.value = False
_bruteProcessVariantB(user, hash_, kwargs, hash_regex, suffix, retVal, found_, 0, 1, kb.wordlists, custom_wordlist)
_bruteProcessVariantB(user, hash_, kwargs, hash_regex, suffix, retVal, found_, 0, 1, kb.wordlists, custom_wordlist, conf.api)
found = found_.value

6
lib/utils/search.py
View File

@@ -111,11 +111,11 @@ def _search(dork):
message += "\n[1] (re)try with DuckDuckGo (default)"
message += "\n[2] (re)try with Disconnect Search"
message += "\n[3] quit"
choice = readInput(message, default="1").strip().upper()
choice = readInput(message, default='1')
if choice == "Q":
if choice == '3':
raise SqlmapUserQuitException
elif choice == "2":
elif choice == '2':
url = "https://search.disconnect.me/searchTerms/search?"
url += "start=nav&option=Web"
url += "&query=%s" % urlencode(dork, convall=True)

1
plugins/dbms/firebird/fingerprint.py
View File

@@ -18,7 +18,6 @@ from lib.core.enums import DBMS
from lib.core.session import setDbms
from lib.core.settings import FIREBIRD_ALIASES
from lib.core.settings import METADB_SUFFIX
from lib.core.settings import UNKNOWN_DBMS_VERSION
from lib.request import inject
from plugins.generic.fingerprint import Fingerprint as GenericFingerprint

1
plugins/dbms/hsqldb/enumeration.py
View File

@@ -10,7 +10,6 @@ from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.data import queries
from lib.core.common import Backend
from lib.core.common import unArrayizeValue
from lib.core.enums import DBMS
from lib.core.settings import HSQLDB_DEFAULT_SCHEMA

5
plugins/dbms/hsqldb/fingerprint.py
View File

@@ -16,7 +16,6 @@ from lib.core.data import logger
from lib.core.enums import DBMS
from lib.core.session import setDbms
from lib.core.settings import HSQLDB_ALIASES
from lib.core.settings import UNKNOWN_DBMS_VERSION
from lib.request import inject
from plugins.generic.fingerprint import Fingerprint as GenericFingerprint
@@ -28,13 +27,13 @@ class Fingerprint(GenericFingerprint):
value = ""
wsOsFp = Format.getOs("web server", kb.headersFp)
if wsOsFp and not hasattr(conf, "api"):
if wsOsFp and not conf.api:
value += "%s\n" % wsOsFp
if kb.data.banner:
dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp)
if dbmsOsFp and not hasattr(conf, "api"):
if dbmsOsFp and not conf.api:
value += "%s\n" % dbmsOsFp
value += "back-end DBMS: "

15
plugins/dbms/maxdb/enumeration.py
View File

@@ -5,7 +5,6 @@ Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission
"""
from lib.core.common import Backend
from lib.core.common import randomStr
from lib.core.common import readInput
from lib.core.common import safeSQLIdentificatorNaming
@@ -20,8 +19,8 @@ from lib.core.exception import SqlmapMissingMandatoryOptionException
from lib.core.exception import SqlmapNoneDataException
from lib.core.exception import SqlmapUserQuitException
from lib.core.settings import CURRENT_DB
from lib.utils.brute import columnExists
from lib.utils.pivotdumptable import pivotDumpTable
from lib.techniques.brute.use import columnExists
from plugins.generic.enumeration import Enumeration as GenericEnumeration
class Enumeration(GenericEnumeration):
@@ -66,7 +65,7 @@ class Enumeration(GenericEnumeration):
conf.db = self.getCurrentDb()
if conf.db:
dbs = conf.db.split(",")
dbs = conf.db.split(',')
else:
dbs = self.getDbs()
@@ -117,7 +116,7 @@ class Enumeration(GenericEnumeration):
conf.db = safeSQLIdentificatorNaming(conf.db)
if conf.col:
colList = conf.col.split(",")
colList = conf.col.split(',')
else:
colList = []
@@ -128,7 +127,7 @@ class Enumeration(GenericEnumeration):
colList[colList.index(col)] = safeSQLIdentificatorNaming(col)
if conf.tbl:
tblList = conf.tbl.split(",")
tblList = conf.tbl.split(',')
else:
self.getTables()
@@ -173,11 +172,11 @@ class Enumeration(GenericEnumeration):
return kb.data.cachedColumns
message = "do you want to use common column existence check? [y/N/q] "
test = readInput(message, default="Y" if "Y" in message else "N")
choice = readInput(message, default='Y' if 'Y' in message else 'N').upper()
if test[0] in ("n", "N"):
if choice == 'N':
return
elif test[0] in ("q", "Q"):
elif choice == 'Q':
raise SqlmapUserQuitException
else:
return columnExists(paths.COMMON_COLUMNS)

15
plugins/dbms/mssqlserver/enumeration.py
View File

@@ -7,7 +7,6 @@ See the file 'doc/COPYING' for copying permission
from lib.core.agent import agent
from lib.core.common import arrayizeValue
from lib.core.common import Backend
from lib.core.common import getLimitRange
from lib.core.common import isInferenceAvailable
from lib.core.common import isNoneValue
@@ -76,7 +75,7 @@ class Enumeration(GenericEnumeration):
conf.db = self.getCurrentDb()
if conf.db:
dbs = conf.db.split(",")
dbs = conf.db.split(',')
else:
dbs = self.getDbs()
@@ -164,7 +163,7 @@ class Enumeration(GenericEnumeration):
def searchTable(self):
foundTbls = {}
tblList = conf.tbl.split(",")
tblList = conf.tbl.split(',')
rootQuery = queries[DBMS.MSSQL].search_table
tblCond = rootQuery.inband.condition
tblConsider, tblCondParam = self.likeOrExact("table")
@@ -173,7 +172,7 @@ class Enumeration(GenericEnumeration):
conf.db = self.getCurrentDb()
if conf.db:
enumDbs = conf.db.split(",")
enumDbs = conf.db.split(',')
elif not len(kb.data.cachedDbs):
enumDbs = self.getDbs()
else:
@@ -270,7 +269,7 @@ class Enumeration(GenericEnumeration):
whereTblsQuery = ""
infoMsgTbl = ""
infoMsgDb = ""
colList = conf.col.split(",")
colList = conf.col.split(',')
if conf.excludeCol:
colList = [_ for _ in colList if _ not in conf.excludeCol.split(',')]
@@ -285,7 +284,7 @@ class Enumeration(GenericEnumeration):
conf.db = self.getCurrentDb()
if conf.db:
enumDbs = conf.db.split(",")
enumDbs = conf.db.split(',')
elif not len(kb.data.cachedDbs):
enumDbs = self.getDbs()
else:
@@ -308,7 +307,7 @@ class Enumeration(GenericEnumeration):
foundCols[column] = {}
if conf.tbl:
_ = conf.tbl.split(",")
_ = conf.tbl.split(',')
whereTblsQuery = " AND (" + " OR ".join("%s = '%s'" % (tblCond, unsafeSQLIdentificatorNaming(tbl)) for tbl in _) + ")"
infoMsgTbl = " for table%s '%s'" % ("s" if len(_) > 1 else "", ", ".join(tbl for tbl in _))
@@ -316,7 +315,7 @@ class Enumeration(GenericEnumeration):
conf.db = self.getCurrentDb()
if conf.db:
_ = conf.db.split(",")
_ = conf.db.split(',')
infoMsgDb = " in database%s '%s'" % ("s" if len(_) > 1 else "", ", ".join(db for db in _))
elif conf.excludeSysDbs:
msg = "skipping system database%s '%s'" % ("s" if len(self.excludeDbsList) > 1 else "", ", ".join(db for db in self.excludeDbsList))

9
plugins/dbms/mssqlserver/filesystem.py
View File

@@ -382,27 +382,24 @@ class Filesystem(GenericFilesystem):
if written is False:
message = "do you want to try to upload the file with "
message += "the custom Visual Basic script technique? [Y/n] "
choice = readInput(message, default="Y")
if not choice or choice.lower() == "y":
if readInput(message, default='Y', boolean=True):
self._stackedWriteFileVbs(tmpPath, wFileContent, dFile, fileType)
written = self.askCheckWrittenFile(wFile, dFile, forceCheck)
if written is False:
message = "do you want to try to upload the file with "
message += "the built-in debug.exe technique? [Y/n] "
choice = readInput(message, default="Y")
if not choice or choice.lower() == "y":
if readInput(message, default='Y', boolean=True):
self._stackedWriteFileDebugExe(tmpPath, wFile, wFileContent, dFile, fileType)
written = self.askCheckWrittenFile(wFile, dFile, forceCheck)
if written is False:
message = "do you want to try to upload the file with "
message += "the built-in certutil.exe technique? [Y/n] "
choice = readInput(message, default="Y")
if not choice or choice.lower() == "y":
if readInput(message, default='Y', boolean=True):
self._stackedWriteFileCertutilExe(tmpPath, wFile, wFileContent, dFile, fileType)
written = self.askCheckWrittenFile(wFile, dFile, forceCheck)

5
plugins/dbms/mysql/fingerprint.py
View File

@@ -20,7 +20,6 @@ from lib.core.enums import HASHDB_KEYS
from lib.core.enums import OS
from lib.core.session import setDbms
from lib.core.settings import MYSQL_ALIASES
from lib.core.settings import UNKNOWN_DBMS_VERSION
from lib.request import inject
from plugins.generic.fingerprint import Fingerprint as GenericFingerprint
@@ -95,13 +94,13 @@ class Fingerprint(GenericFingerprint):
value = ""
wsOsFp = Format.getOs("web server", kb.headersFp)
if wsOsFp and not hasattr(conf, "api"):
if wsOsFp and not conf.api:
value += "%s\n" % wsOsFp
if kb.data.banner:
dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp)
if dbmsOsFp and not hasattr(conf, "api"):
if dbmsOsFp and not conf.api:
value += "%s\n" % dbmsOsFp
value += "back-end DBMS: "

5
plugins/dbms/oracle/enumeration.py
View File

@@ -5,7 +5,6 @@ Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission
"""
from lib.core.common import Backend
from lib.core.common import getLimitRange
from lib.core.common import isAdminFromPrivileges
from lib.core.common import isInferenceAvailable
@@ -51,7 +50,7 @@ class Enumeration(GenericEnumeration):
condition = rootQuery.inband.condition
if conf.user:
users = conf.user.split(",")
users = conf.user.split(',')
query += " WHERE "
query += " OR ".join("%s = '%s'" % (condition, user) for user in sorted(users))
@@ -87,7 +86,7 @@ class Enumeration(GenericEnumeration):
if not kb.data.cachedUsersRoles and isInferenceAvailable() and not conf.direct:
if conf.user:
users = conf.user.split(",")
users = conf.user.split(',')
else:
if not len(kb.data.cachedUsers):
users = self.getUsers()

15
plugins/dbms/sybase/enumeration.py
View File

@@ -5,7 +5,6 @@ Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission
"""
from lib.core.common import Backend
from lib.core.common import filterPairValues
from lib.core.common import isTechniqueAvailable
from lib.core.common import randomStr
@@ -25,8 +24,8 @@ from lib.core.exception import SqlmapMissingMandatoryOptionException
from lib.core.exception import SqlmapNoneDataException
from lib.core.exception import SqlmapUserQuitException
from lib.core.settings import CURRENT_DB
from lib.utils.brute import columnExists
from lib.utils.pivotdumptable import pivotDumpTable
from lib.techniques.brute.use import columnExists
from plugins.generic.enumeration import Enumeration as GenericEnumeration
class Enumeration(GenericEnumeration):
@@ -125,7 +124,7 @@ class Enumeration(GenericEnumeration):
conf.db = self.getCurrentDb()
if conf.db:
dbs = conf.db.split(",")
dbs = conf.db.split(',')
else:
dbs = self.getDbs()
@@ -185,7 +184,7 @@ class Enumeration(GenericEnumeration):
conf.db = safeSQLIdentificatorNaming(conf.db)
if conf.col:
colList = conf.col.split(",")
colList = conf.col.split(',')
else:
colList = []
@@ -196,7 +195,7 @@ class Enumeration(GenericEnumeration):
colList[colList.index(col)] = safeSQLIdentificatorNaming(col)
if conf.tbl:
tblList = conf.tbl.split(",")
tblList = conf.tbl.split(',')
else:
self.getTables()
@@ -241,11 +240,11 @@ class Enumeration(GenericEnumeration):
return kb.data.cachedColumns
message = "do you want to use common column existence check? [y/N/q] "
test = readInput(message, default="Y" if "Y" in message else "N")
choice = readInput(message, default='Y' if 'Y' in message else 'N').upper()
if test[0] in ("n", "N"):
if choice == 'N':
return
elif test[0] in ("q", "Q"):
elif choice == 'Q':
raise SqlmapUserQuitException
else:
return columnExists(paths.COMMON_COLUMNS)

2
plugins/generic/custom.py
View File

@@ -51,7 +51,7 @@ class Custom:
return output
elif not isStackingAvailable() and not conf.direct:
warnMsg = "execution of custom SQL queries is only "
warnMsg = "execution of non-query SQL statements is only "
warnMsg += "available when stacked queries are supported"
logger.warn(warnMsg)

26
plugins/generic/databases.py
View File

@@ -42,9 +42,9 @@ from lib.core.exception import SqlmapNoneDataException
from lib.core.exception import SqlmapUserQuitException
from lib.core.settings import CURRENT_DB
from lib.request import inject
from lib.techniques.brute.use import columnExists
from lib.techniques.brute.use import tableExists
from lib.techniques.union.use import unionUse
from lib.utils.brute import columnExists
from lib.utils.brute import tableExists
class Databases:
"""
@@ -215,7 +215,7 @@ class Databases:
conf.db = conf.db.upper()
if conf.db:
dbs = conf.db.split(",")
dbs = conf.db.split(',')
else:
dbs = self.getDbs()
@@ -243,11 +243,11 @@ class Databases:
return kb.data.cachedTables
message = "do you want to use common table existence check? %s " % ("[Y/n/q]" if Backend.getIdentifiedDbms() in (DBMS.ACCESS,) else "[y/N/q]")
test = readInput(message, default="Y" if "Y" in message else "N")
choice = readInput(message, default='Y' if 'Y' in message else 'N').upper()
if test[0] in ("n", "N"):
if choice == 'N':
return
elif test[0] in ("q", "Q"):
elif choice == 'Q':
raise SqlmapUserQuitException
else:
return tableExists(paths.COMMON_TABLES)
@@ -269,9 +269,9 @@ class Databases:
if conf.excludeSysDbs:
infoMsg = "skipping system database%s '%s'" % ("s" if len(self.excludeDbsList) > 1 else "", ", ".join(unsafeSQLIdentificatorNaming(db) for db in self.excludeDbsList))
logger.info(infoMsg)
query += " IN (%s)" % ",".join("'%s'" % unsafeSQLIdentificatorNaming(db) for db in sorted(dbs) if db not in self.excludeDbsList)
query += " IN (%s)" % ','.join("'%s'" % unsafeSQLIdentificatorNaming(db) for db in sorted(dbs) if db not in self.excludeDbsList)
else:
query += " IN (%s)" % ",".join("'%s'" % unsafeSQLIdentificatorNaming(db) for db in sorted(dbs))
query += " IN (%s)" % ','.join("'%s'" % unsafeSQLIdentificatorNaming(db) for db in sorted(dbs))
if len(dbs) < 2 and ("%s," % condition) in query:
query = query.replace("%s," % condition, "", 1)
@@ -422,7 +422,7 @@ class Databases:
if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.HSQLDB):
conf.tbl = conf.tbl.upper()
tblList = conf.tbl.split(",")
tblList = conf.tbl.split(',')
else:
self.getTables()
@@ -486,11 +486,11 @@ class Databases:
return kb.data.cachedColumns
message = "do you want to use common column existence check? %s" % ("[Y/n/q]" if Backend.getIdentifiedDbms() in (DBMS.ACCESS,) else "[y/N/q]")
test = readInput(message, default="Y" if "Y" in message else "N")
choice = readInput(message, default='Y' if 'Y' in message else 'N').upper()
if test[0] in ("n", "N"):
if choice == 'N':
return
elif test[0] in ("q", "Q"):
elif choice == 'Q':
raise SqlmapUserQuitException
else:
return columnExists(paths.COMMON_COLUMNS)
@@ -883,7 +883,7 @@ class Databases:
self.forceDbmsEnum()
if conf.tbl:
for table in conf.tbl.split(","):
for table in conf.tbl.split(','):
self._tableGetCount(conf.db, table)
else:
self.getTables()

46
plugins/generic/entries.py
View File

@@ -79,7 +79,7 @@ class Entries:
if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.HSQLDB):
conf.tbl = conf.tbl.upper()
tblList = conf.tbl.split(",")
tblList = conf.tbl.split(',')
else:
self.getTables()
@@ -422,9 +422,8 @@ class Entries:
def dumpFoundColumn(self, dbs, foundCols, colConsider):
message = "do you want to dump entries? [Y/n] "
output = readInput(message, default="Y")
if output and output[0] not in ("y", "Y"):
if not readInput(message, default='Y', boolean=True):
return
dumpFromDbs = []
@@ -435,14 +434,14 @@ class Entries:
message += "[%s]\n" % unsafeSQLIdentificatorNaming(db)
message += "[q]uit"
test = readInput(message, default="a")
choice = readInput(message, default='a')
if not test or test in ("a", "A"):
if not choice or choice in ('a', 'A'):
dumpFromDbs = dbs.keys()
elif test in ("q", "Q"):
elif choice in ('q', 'Q'):
return
else:
dumpFromDbs = test.replace(" ", "").split(",")
dumpFromDbs = choice.replace(" ", "").split(',')
for db, tblData in dbs.items():
if db not in dumpFromDbs or not tblData:
@@ -458,16 +457,16 @@ class Entries:
message += "[s]kip\n"
message += "[q]uit"
test = readInput(message, default="a")
choice = readInput(message, default='a')
if not test or test in ("a", "A"):
if not choice or choice in ('a', 'A'):
dumpFromTbls = tblData
elif test in ("s", "S"):
elif choice in ('s', 'S'):
continue
elif test in ("q", "Q"):
elif choice in ('q', 'Q'):
return
else:
dumpFromTbls = test.replace(" ", "").split(",")
dumpFromTbls = choice.replace(" ", "").split(',')
for table, columns in tblData.items():
if table not in dumpFromTbls:
@@ -479,7 +478,7 @@ class Entries:
if conf.excludeCol:
colList = [_ for _ in colList if _ not in conf.excludeCol.split(',')]
conf.col = ",".join(colList)
conf.col = ','.join(colList)
kb.data.cachedColumns = {}
kb.data.dumpedTable = {}
@@ -490,9 +489,8 @@ class Entries:
def dumpFoundTables(self, tables):
message = "do you want to dump tables' entries? [Y/n] "
output = readInput(message, default="Y")
if output and output[0].lower() != "y":
if not readInput(message, default='Y', boolean=True):
return
dumpFromDbs = []
@@ -503,14 +501,14 @@ class Entries:
message += "[%s]\n" % unsafeSQLIdentificatorNaming(db)
message += "[q]uit"
test = readInput(message, default="a")
choice = readInput(message, default='a')
if not test or test.lower() == "a":
if not choice or choice.lower() == 'a':
dumpFromDbs = tables.keys()
elif test.lower() == "q":
elif choice.lower() == 'q':
return
else:
dumpFromDbs = test.replace(" ", "").split(",")
dumpFromDbs = choice.replace(" ", "").split(',')
for db, tablesList in tables.items():
if db not in dumpFromDbs or not tablesList:
@@ -526,16 +524,16 @@ class Entries:
message += "[s]kip\n"
message += "[q]uit"
test = readInput(message, default="a")
choice = readInput(message, default='a')
if not test or test.lower() == "a":
if not choice or choice.lower() == 'a':
dumpFromTbls = tablesList
elif test.lower() == "s":
elif choice.lower() == 's':
continue
elif test.lower() == "q":
elif choice.lower() == 'q':
return
else:
dumpFromTbls = test.replace(" ", "").split(",")
dumpFromTbls = choice.replace(" ", "").split(',')
for table in dumpFromTbls:
conf.tbl = table

11
plugins/generic/filesystem.py
View File

@@ -156,15 +156,15 @@ class Filesystem:
return retVal
def askCheckWrittenFile(self, localFile, remoteFile, forceCheck=False):
output = None
choice = None
if forceCheck is not True:
message = "do you want confirmation that the local file '%s' " % localFile
message += "has been successfully written on the back-end DBMS "
message += "file system ('%s')? [Y/n] " % remoteFile
output = readInput(message, default="Y")
choice = readInput(message, default='Y', boolean=True)
if forceCheck or (output and output.lower() == "y"):
if forceCheck or choice:
return self._checkFileLength(localFile, remoteFile)
return True
@@ -173,9 +173,8 @@ class Filesystem:
message = "do you want confirmation that the remote file '%s' " % remoteFile
message += "has been successfully downloaded from the back-end "
message += "DBMS file system? [Y/n] "
output = readInput(message, default="Y")
if not output or output in ("y", "Y"):
if readInput(message, default='Y', boolean=True):
return self._checkFileLength(localFile, remoteFile, True)
return None
@@ -205,7 +204,7 @@ class Filesystem:
self.checkDbmsOs()
for remoteFile in remoteFiles.split(","):
for remoteFile in remoteFiles.split(','):
fileContent = None
kb.fileReadMode = True

6
plugins/generic/fingerprint.py
View File

@@ -45,12 +45,12 @@ class Fingerprint:
msg = "do you want to provide the OS? [(W)indows/(l)inux]"
while True:
os = readInput(msg, default="W")
os = readInput(msg, default='W').upper()
if os[0].lower() == "w":
if os == 'W':
Backend.setOs(OS.WINDOWS)
break
elif os[0].lower() == "l":
elif os == 'L':
Backend.setOs(OS.LINUX)
break
else:

5
plugins/generic/misc.py
View File

@@ -101,7 +101,7 @@ class Miscellaneous:
query = "SELECT %s" % query
kb.bannerFp["dbmsVersion"] = unArrayizeValue(inject.getValue(query))
kb.bannerFp["dbmsVersion"] = (kb.bannerFp["dbmsVersion"] or "").replace(",", "").replace("-", "").replace(" ", "")
kb.bannerFp["dbmsVersion"] = (kb.bannerFp["dbmsVersion"] or "").replace(',', "").replace('-', "").replace(' ', "")
def delRemoteFile(self, filename):
if not filename:
@@ -169,9 +169,8 @@ class Miscellaneous:
for udf, inpRet in udfDict.items():
message = "do you want to remove UDF '%s'? [Y/n] " % udf
output = readInput(message, default="Y")
if not output or output in ("y", "Y"):
if readInput(message, default='Y', boolean=True):
dropStr = "DROP FUNCTION %s" % udf
if Backend.isDbms(DBMS.PGSQL):

45
plugins/generic/search.py
View File

@@ -33,8 +33,8 @@ from lib.core.exception import SqlmapUserQuitException
from lib.core.settings import CURRENT_DB
from lib.core.settings import METADB_SUFFIX
from lib.request import inject
from lib.techniques.brute.use import columnExists
from lib.techniques.brute.use import tableExists
from lib.utils.brute import columnExists
from lib.utils.brute import tableExists
class Search:
"""
@@ -47,7 +47,7 @@ class Search:
def searchDb(self):
foundDbs = []
rootQuery = queries[Backend.getIdentifiedDbms()].search_db
dbList = conf.db.split(",")
dbList = conf.db.split(',')
if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:
dbCond = rootQuery.inband.condition2
@@ -146,18 +146,18 @@ class Search:
if bruteForce:
message = "do you want to use common table existence check? %s" % ("[Y/n/q]" if Backend.getIdentifiedDbms() in (DBMS.ACCESS,) else "[y/N/q]")
test = readInput(message, default="Y" if "Y" in message else "N")
choice = readInput(message, default='Y' if 'Y' in message else 'N').upper()
if test[0] in ("n", "N"):
if choice == 'N':
return
elif test[0] in ("q", "Q"):
elif choice == 'Q':
raise SqlmapUserQuitException
else:
regex = "|".join(conf.tbl.split(","))
regex = '|'.join(conf.tbl.split(','))
return tableExists(paths.COMMON_TABLES, regex)
foundTbls = {}
tblList = conf.tbl.split(",")
tblList = conf.tbl.split(',')
rootQuery = queries[Backend.getIdentifiedDbms()].search_table
tblCond = rootQuery.inband.condition
dbCond = rootQuery.inband.condition2
@@ -171,7 +171,7 @@ class Search:
tbl = tbl.upper()
infoMsg = "searching table"
if tblConsider == "1":
if tblConsider == '1':
infoMsg += "s LIKE"
infoMsg += " '%s'" % unsafeSQLIdentificatorNaming(tbl)
@@ -179,7 +179,7 @@ class Search:
conf.db = self.getCurrentDb()
if dbCond and conf.db:
_ = conf.db.split(",")
_ = conf.db.split(',')
whereDbsQuery = " AND (" + " OR ".join("%s = '%s'" % (dbCond, unsafeSQLIdentificatorNaming(db)) for db in _) + ")"
infoMsg += " for database%s '%s'" % ("s" if len(_) > 1 else "", ", ".join(db for db in _))
elif conf.excludeSysDbs:
@@ -264,7 +264,7 @@ class Search:
if tblConsider == "2":
continue
else:
for db in conf.db.split(",") if conf.db else (self.getCurrentDb(),):
for db in conf.db.split(',') if conf.db else (self.getCurrentDb(),):
db = safeSQLIdentificatorNaming(db)
if db not in foundTbls:
foundTbls[db] = []
@@ -345,20 +345,19 @@ class Search:
if bruteForce:
message = "do you want to use common column existence check? %s" % ("[Y/n/q]" if Backend.getIdentifiedDbms() in (DBMS.ACCESS,) else "[y/N/q]")
test = readInput(message, default="Y" if "Y" in message else "N")
choice = readInput(message, default='Y' if 'Y' in message else 'N').upper()
if test[0] in ("n", "N"):
if choice == 'N':
return
elif test[0] in ("q", "Q"):
elif choice == 'Q':
raise SqlmapUserQuitException
else:
regex = '|'.join(conf.col.split(','))
conf.dumper.dbTableColumns(columnExists(paths.COMMON_COLUMNS, regex))
message = "do you want to dump entries? [Y/n] "
output = readInput(message, default="Y")
if output and output[0] not in ("n", "N"):
if readInput(message, default='Y', boolean=True):
self.dumpAll()
return
@@ -370,7 +369,7 @@ class Search:
whereTblsQuery = ""
infoMsgTbl = ""
infoMsgDb = ""
colList = conf.col.split(",")
colList = conf.col.split(',')
if conf.excludeCol:
colList = [_ for _ in colList if _ not in conf.excludeCol.split(',')]
@@ -399,7 +398,7 @@ class Search:
foundCols[column] = {}
if conf.tbl:
_ = conf.tbl.split(",")
_ = conf.tbl.split(',')
whereTblsQuery = " AND (" + " OR ".join("%s = '%s'" % (tblCond, unsafeSQLIdentificatorNaming(tbl)) for tbl in _) + ")"
infoMsgTbl = " for table%s '%s'" % ("s" if len(_) > 1 else "", ", ".join(unsafeSQLIdentificatorNaming(tbl) for tbl in _))
@@ -407,7 +406,7 @@ class Search:
conf.db = self.getCurrentDb()
if conf.db:
_ = conf.db.split(",")
_ = conf.db.split(',')
whereDbsQuery = " AND (" + " OR ".join("%s = '%s'" % (dbCond, unsafeSQLIdentificatorNaming(db)) for db in _) + ")"
infoMsgDb = " in database%s '%s'" % ("s" if len(_) > 1 else "", ", ".join(unsafeSQLIdentificatorNaming(db) for db in _))
elif conf.excludeSysDbs:
@@ -434,13 +433,13 @@ class Search:
# column(s) provided
values = []
for db in conf.db.split(","):
for tbl in conf.tbl.split(","):
for db in conf.db.split(','):
for tbl in conf.tbl.split(','):
values.append([safeSQLIdentificatorNaming(db), safeSQLIdentificatorNaming(tbl, True)])
for db, tbl in filterPairValues(values):
db = safeSQLIdentificatorNaming(db)
tbls = tbl.split(",") if not isNoneValue(tbl) else []
tbls = tbl.split(',') if not isNoneValue(tbl) else []
for tbl in tbls:
tbl = safeSQLIdentificatorNaming(tbl, True)
@@ -507,7 +506,7 @@ class Search:
if db not in foundCols[column]:
foundCols[column][db] = []
else:
for db in conf.db.split(",") if conf.db else (self.getCurrentDb(),):
for db in conf.db.split(',') if conf.db else (self.getCurrentDb(),):
db = safeSQLIdentificatorNaming(db)
if db not in foundCols[column]:
foundCols[column][db] = []

2
plugins/generic/syntax.py
View File

@@ -22,7 +22,7 @@ class Syntax:
retVal = expression
if quote:
for item in re.findall(r"'[^']*'+", expression, re.S):
for item in re.findall(r"'[^']*'+", expression):
_ = item[1:-1]
if _:
retVal = retVal.replace(item, escaper(_))

27
plugins/generic/takeover.py
View File

@@ -96,20 +96,16 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
msg = "how do you want to establish the tunnel?"
msg += "\n[1] TCP: Metasploit Framework (default)"
msg += "\n[2] ICMP: icmpsh - ICMP tunneling"
valids = (1, 2)
while True:
tunnel = readInput(msg, default=1)
tunnel = readInput(msg, default='1')
if isinstance(tunnel, basestring) and tunnel.isdigit() and int(tunnel) in valids:
if tunnel.isdigit() and int(tunnel) in (1, 2):
tunnel = int(tunnel)
break
elif isinstance(tunnel, int) and tunnel in valids:
break
else:
warnMsg = "invalid value, valid values are 1 and 2"
warnMsg = "invalid value, valid values are '1' and '2'"
logger.warn(warnMsg)
else:
tunnel = 1
@@ -170,17 +166,14 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
msg += "\n[2] Via shellcodeexec (file system way, preferred on 64-bit systems)"
while True:
choice = readInput(msg, default=1)
choice = readInput(msg, default='1')
if isinstance(choice, basestring) and choice.isdigit() and int(choice) in (1, 2):
if choice.isdigit() and int(choice) in (1, 2):
choice = int(choice)
break
elif isinstance(choice, int) and choice in (1, 2):
break
else:
warnMsg = "invalid value, valid values are 1 and 2"
warnMsg = "invalid value, valid values are '1' and '2'"
logger.warn(warnMsg)
if choice == 1:
@@ -336,11 +329,8 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
msg = "this technique is likely to DoS the DBMS process, are you "
msg += "sure that you want to carry with the exploit? [y/N] "
choice = readInput(msg, default="N")
dos = choice and choice[0].lower() == "y"
if dos:
if readInput(msg, default='N', boolean=True):
self.initEnv(mandatory=False, detailed=True)
self.getRemoteTempPath()
self.createMsfShellcode(exitfunc="seh", format="raw", extra="-b 27", encode=True)
@@ -460,9 +450,8 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
message = "are you sure that you want to delete the Windows "
message += "registry path '%s\%s? [y/N] " % (regKey, regVal)
output = readInput(message, default="N")
if output and output[0] not in ("Y", "y"):
if not readInput(message, default='N', boolean=True):
return
infoMsg = "deleting Windows registry path '%s\%s'. " % (regKey, regVal)

26
plugins/generic/users.py
View File

@@ -161,7 +161,7 @@ class Users:
conf.user = conf.user.upper()
if conf.user:
users = conf.user.split(",")
users = conf.user.split(',')
if Backend.isDbms(DBMS.MYSQL):
for user in users:
@@ -319,11 +319,11 @@ class Users:
message = "do you want to perform a dictionary-based attack "
message += "against retrieved password hashes? [Y/n/q]"
test = readInput(message, default="Y")
choice = readInput(message, default='Y').upper()
if test[0] in ("n", "N"):
if choice == 'N':
pass
elif test[0] in ("q", "Q"):
elif choice == 'Q':
raise SqlmapUserQuitException
else:
attackCachedUsersPasswords()
@@ -345,7 +345,7 @@ class Users:
conf.user = conf.user.upper()
if conf.user:
users = conf.user.split(",")
users = conf.user.split(',')
if Backend.isDbms(DBMS.MYSQL):
for user in users:
@@ -429,7 +429,7 @@ class Users:
# In DB2 we get Y or G if the privilege is
# True, N otherwise
elif Backend.isDbms(DBMS.DB2):
privs = privilege.split(",")
privs = privilege.split(',')
privilege = privs[0]
if len(privs) > 1:
privs = privs[1]
@@ -537,8 +537,8 @@ class Users:
# In PostgreSQL we get 1 if the privilege is True,
# 0 otherwise
if Backend.isDbms(DBMS.PGSQL) and ", " in privilege:
privilege = privilege.replace(", ", ",")
privs = privilege.split(",")
privilege = privilege.replace(", ", ',')
privs = privilege.split(',')
i = 1
for priv in privs:
@@ -557,12 +557,12 @@ class Users:
# In MySQL < 5.0 we get Y if the privilege is
# True, N otherwise
elif Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:
privilege = privilege.replace(", ", ",")
privs = privilege.split(",")
privilege = privilege.replace(", ", ',')
privs = privilege.split(',')
i = 1
for priv in privs:
if priv.upper() == "Y":
if priv.upper() == 'Y':
for position, mysqlPriv in MYSQL_PRIVS.items():
if position == i:
privileges.add(mysqlPriv)
@@ -580,14 +580,14 @@ class Users:
# In DB2 we get Y or G if the privilege is
# True, N otherwise
elif Backend.isDbms(DBMS.DB2):
privs = privilege.split(",")
privs = privilege.split(',')
privilege = privs[0]
privs = privs[1]
privs = list(privs.strip())
i = 1
for priv in privs:
if priv.upper() in ("Y", "G"):
if priv.upper() in ('Y', 'G'):
for position, db2Priv in DB2_PRIVS.items():
if position == i:
privilege += ", " + db2Priv

10
sqlmap.py
View File

@@ -115,7 +115,6 @@ def main():
try:
checkEnvironment()
setPaths(modulePath())
banner()
@@ -123,7 +122,7 @@ def main():
cmdLineOptions.update(cmdLineParser().__dict__)
initOptions(cmdLineOptions)
if hasattr(conf, "api"):
if conf.get("api"):
# heavy imports
from lib.utils.api import StdDbOut
from lib.utils.api import setRestAPILog
@@ -203,9 +202,10 @@ def main():
print
errMsg = unhandledExceptionMessage()
excMsg = traceback.format_exc()
valid = checkIntegrity()
try:
if not checkIntegrity():
if valid is False:
errMsg = "code integrity check failed (turning off automatic issue creation). "
errMsg += "You should retrieve the latest development version from official GitHub "
errMsg += "repository at '%s'" % GIT_PAGE
@@ -285,7 +285,7 @@ def main():
errMsg = maskSensitiveData(errMsg)
excMsg = maskSensitiveData(excMsg)
if hasattr(conf, "api"):
if conf.get("api") or not valid:
logger.critical("%s\n%s" % (errMsg, excMsg))
else:
logger.critical(errMsg)
@@ -326,7 +326,7 @@ def main():
kb.clear()
main()
if hasattr(conf, "api"):
if conf.get("api"):
try:
conf.databaseCursor.disconnect()
except KeyboardInterrupt:

40
tamper/commentbeforeparentheses.py Normal file
View File

@@ -0,0 +1,40 @@
#!/usr/bin/env python
"""
Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission
"""
import re
from lib.core.enums import PRIORITY
__priority__ = PRIORITY.LOW
def dependencies():
pass
def tamper(payload, **kwargs):
"""
Prepends (inline) comment before parentheses
Tested against:
* Microsoft SQL Server
* MySQL
* Oracle
* PostgreSQL
Notes:
* Useful to bypass web application firewalls that block usage
of function calls
>>> tamper('SELECT ABS(1)')
'SELECT ABS/**/(1)'
"""
retVal = payload
if payload:
retVal = re.sub(r"\b(\w+)\(", "\g<1>/**/(", retVal)
return retVal

122
txt/checksum.md5
View File

@@ -8,7 +8,8 @@ acba8b5dc93db0fe6b2b04ff0138c33c extra/icmpsh/icmpsh.exe_
2176d964f2d5ba2d871383d6a1868b8f extra/icmpsh/icmpsh_m.py
2d020d2bdcee1170805f48839fdb89df extra/icmpsh/__init__.py
310efc965c862cfbd7b0da5150a5ad36 extra/__init__.py
c7973dc651586ba26d9553ad1ecfee74 extra/mssqlsig/update.py
f31ab783fd49a9e29ec34dd0a8e3873d extra/mssqlsig/update.py
ff90cb0366f7cefbdd6e573e27e6238c extra/runcmd/runcmd.exe_
310efc965c862cfbd7b0da5150a5ad36 extra/safe2bin/__init__.py
d3e99da5b5c2209e97836af9098124ee extra/safe2bin/safe2bin.py
d229479d02d21b29f209143cb0547780 extra/shellcodeexec/linux/shellcodeexec.x32_
@@ -16,101 +17,100 @@ d229479d02d21b29f209143cb0547780 extra/shellcodeexec/linux/shellcodeexec.x32_
c55b400b72acc43e0e59c87dd8bb8d75 extra/shellcodeexec/windows/shellcodeexec.x32.exe_
3c07d5ecd7208748892c0459f6ca084a extra/shutils/duplicates.py
8cd064eea3506e5dd913e03171bc418f extra/shutils/pylint.py
02b87ce441efb4e9e6249237a6ce9655 extra/shutils/regressiontest.py
2b2aeec7b63d7e3b75940111b94db7b6 extra/shutils/regressiontest.py
310efc965c862cfbd7b0da5150a5ad36 extra/sqlharvest/__init__.py
7713aa366c983cdf1f3dbaa7383ea9e1 extra/sqlharvest/sqlharvest.py
5df358defc488bee9b40084892e3d1cb lib/controller/action.py
9cb94acd4c59822a5e1a258c4d1a4860 lib/controller/checks.py
dc386321e8813788f155dc557a78be8d lib/controller/controller.py
d79481ab99acd739615e747d4a79d9d0 lib/controller/handler.py
7afe836fd97271ccba67b4c0da2482ff lib/controller/action.py
95fda7f284e0a882634cf5e94cbb73e1 lib/controller/checks.py
df647d57cf02cc0e4bda6b8ccc9d8138 lib/controller/controller.py
52a3969f57170e935e3fc0156335bf2c lib/controller/handler.py
310efc965c862cfbd7b0da5150a5ad36 lib/controller/__init__.py
19905ecb4437b94512cf21d5f1720091 lib/core/agent.py
60599fbb43b7d5e658b84371d3ad0b42 lib/core/agent.py
6cc95a117fbd34ef31b9aa25520f0e31 lib/core/bigarray.py
145d131884dd5401d7a52effaea2ee9e lib/core/common.py
6c8507976da31524e7afa3886d13bf4f lib/core/common.py
5065a4242a8cccf72f91e22e1007ae63 lib/core/convert.py
a8143dab9d3a27490f7d49b6b29ea530 lib/core/data.py
7936d78b1a7f1f008ff92bf2f88574ba lib/core/datatype.py
36c85e9ef109c5b4af3ca9bb1065ef1f lib/core/decorators.py
47eecd5499eaa15e931793e1d1ac3566 lib/core/defaults.py
4029f6869b36eb5f796c2bcc948f4fae lib/core/dicts.py
77edcfd3d7c5522bb64baf59ac23a047 lib/core/dump.py
2acf5449c71bfae4feec8da538e70116 lib/core/enums.py
94b06df2dfd9f6c7a2ad3f04a846b686 lib/core/defaults.py
7309cf449b009723d1a4655fcf1a96d7 lib/core/dicts.py
65b9187de3d8c9c28ddab53ef2b399bc lib/core/dump.py
b9ff4e622c416116bee6024c0f050349 lib/core/enums.py
9381a0c7e8bc19986299e84f4edda1a0 lib/core/exception.py
310efc965c862cfbd7b0da5150a5ad36 lib/core/__init__.py
9ba39bf66e9ecd469446bdbbeda906c3 lib/core/log.py
66c9795e2e7da32f46f04497ae910070 lib/core/optiondict.py
0324fce84ef88ed0416123f73c54a6d7 lib/core/option.py
ebb778c2d26eba8b34d7d8658e4105a6 lib/core/optiondict.py
97231fc3987ffce83f59a7aa545ef4c9 lib/core/option.py
5f2f56e6c5f274408df61943f1e080c0 lib/core/profiling.py
40be71cd774662a7b420caeb7051e7d5 lib/core/readlineng.py
d8e9250f3775119df07e9070eddccd16 lib/core/replication.py
785f86e3f963fa3798f84286a4e83ff2 lib/core/revision.py
40c80b28b3a5819b737a5a17d4565ae9 lib/core/session.py
50edc9861e7441371210f5fae263207c lib/core/settings.py
6a82bb3548afc52b7cecfcc81273c52e lib/core/settings.py
d91291997d2bd2f6028aaf371bf1d3b6 lib/core/shell.py
2ad85c130cc5f2b3701ea85c2f6bbf20 lib/core/subprocessng.py
afd0636d2e93c23f4f0a5c9b6023ea17 lib/core/target.py
155e2d3fda87b2e3ffa4f7a770513946 lib/core/target.py
8970b88627902239d695280b1160e16c lib/core/testing.py
5521241c750855a4e44747fbac7771c6 lib/core/threads.py
40881e63d516d8304fc19971049cded0 lib/core/threads.py
ad74fc58fc7214802fd27067bce18dd2 lib/core/unescaper.py
1f1fa616b5b19308d78c610ec8046399 lib/core/update.py
4d13ed693401a498b6d073a2a494bd83 lib/core/wordlist.py
310efc965c862cfbd7b0da5150a5ad36 lib/__init__.py
8c4b04062db2245d9e190b413985202a lib/parse/banner.py
54f06c50771ce894a3c6a418d545f4bf lib/parse/cmdline.py
aa89ea0c7c44eb74eaaeeccaddc94d39 lib/parse/cmdline.py
3a31657bc38f277d0016ff6d50bde61f lib/parse/configfile.py
14539f1be714d4f1ed042067d63bc50a lib/parse/handler.py
64e5bb3ecbdd75144500588b437ba8da lib/parse/headers.py
165dc27660c8559318009d44354f27cb lib/parse/html.py
310efc965c862cfbd7b0da5150a5ad36 lib/parse/__init__.py
0b010b7cdb2e42b5aa0caa59607279ad lib/parse/payloads.py
a0444cc351cd6d29015ad16d9eb46ff4 lib/parse/sitemap.py
997d0452e6fc22411f81a334511bcb3d lib/parse/sitemap.py
403d873f1d2fd0c7f73d83f104e41850 lib/request/basicauthhandler.py
0035612a620934d7ebe6d18426cfb065 lib/request/basic.py
aa8abda6eab79646b1759c0653925328 lib/request/basic.py
ef48de622b0a6b4a71df64b0d2785ef8 lib/request/comparison.py
74a2a83e3af11ab02088c79b6367ef29 lib/request/connect.py
95363c8973208dd95295a23acc9674bc lib/request/connect.py
fb6b788d0016ab4ec5e5f661f0f702ad lib/request/direct.py
cc1163d38e9b7ee5db2adac6784c02bb lib/request/dns.py
5dcdb37823a0b5eff65cd1018bcf09e4 lib/request/httpshandler.py
310efc965c862cfbd7b0da5150a5ad36 lib/request/__init__.py
e68e1f00c7bb47b2c4ea6201995c56fb lib/request/inject.py
70ec3f5bce37cdd7bf085ba2ddda30ac lib/request/inject.py
dc1e0af84ee8eb421797d61c8cb8f172 lib/request/methodrequest.py
bb9c165b050f7696b089b96b5947fac3 lib/request/pkihandler.py
602d4338a9fceaaee40c601410d8ac0b lib/request/rangehandler.py
b581e0c5e27cd927883f2c7f1705bf4e lib/request/redirecthandler.py
111b3ee936f23167b5654a5f72e9731b lib/request/redirecthandler.py
20a0e6dac2edcf98fa8c47ee9a332c28 lib/request/templates.py
36518b36ae0cf199490457916a85b367 lib/takeover/abstraction.py
992a02767d12254784f15501a7ab8dd8 lib/takeover/abstraction.py
c6bc7961a186baabe0a9f5b7e0d8974b lib/takeover/icmpsh.py
310efc965c862cfbd7b0da5150a5ad36 lib/takeover/__init__.py
c90c993b020a6ae0f0e497fd84f37466 lib/takeover/metasploit.py
ac541a0d38e4ecb4e41e97799a7235f4 lib/takeover/registry.py
4cd0322f22fbc26284cffa9f8f7545ef lib/takeover/udf.py
ab021269ad7f4d552025448ae08c51d0 lib/takeover/web.py
e5a82481947e798d0c11f3acf3e9db60 lib/takeover/xp_cmdshell.py
cae752650755c706272a45ae84519a4b lib/techniques/blind/inference.py
d466eab3ff82dbe29dc820e303eb4cff lib/takeover/udf.py
e7f3012f4f9e822d39eabd934d050b0e lib/takeover/web.py
604b087dc52dbcb4c3938ad1bf63829c lib/takeover/xp_cmdshell.py
9f03972ea5ce2df74d43be5f30f068eb lib/techniques/blind/inference.py
310efc965c862cfbd7b0da5150a5ad36 lib/techniques/blind/__init__.py
310efc965c862cfbd7b0da5150a5ad36 lib/techniques/brute/__init__.py
a693c023a9fed1eebb9ca9ef51e0aeb8 lib/techniques/brute/use.py
310efc965c862cfbd7b0da5150a5ad36 lib/techniques/dns/__init__.py
ab1601a7f429b47637c4fb8af703d0f1 lib/techniques/dns/test.py
d3da4c7ceaf57c4687a052d58722f6bb lib/techniques/dns/use.py
310efc965c862cfbd7b0da5150a5ad36 lib/techniques/error/__init__.py
2fb0eb698fc9d6e19960d2136bce787d lib/techniques/error/use.py
8e918c27b796dada3f87ed2fafeb9d8c lib/techniques/error/use.py
310efc965c862cfbd7b0da5150a5ad36 lib/techniques/__init__.py
310efc965c862cfbd7b0da5150a5ad36 lib/techniques/union/__init__.py
19fd73af7a278fd72b46a5a60f5bdd09 lib/techniques/union/test.py
8cd5655c60a638caa30ca1220896aeda lib/techniques/union/use.py
b8c9bbf1a50f1b2fdd0d3644922e252a lib/utils/api.py
29e32d59fcdd63c5a13498af1f367c8c lib/utils/crawler.py
211e6dc49af6ad6bd3590d16d41e86db lib/techniques/union/test.py
d17ca7177a29d7d07094fc7dd747d4c5 lib/techniques/union/use.py
67f0ad96ec2207d7e59c788b858afd6d lib/utils/api.py
7d10ba0851da8ee9cd3c140dcd18798e lib/utils/brute.py
ed70f1ca9113664043ec9e6778e48078 lib/utils/crawler.py
ba12c69a90061aa14d848b8396e79191 lib/utils/deps.py
3b9fd519164e0bf275d5fd361c3f11ff lib/utils/getch.py
ccfdad414ce2ec0c394c3deaa39a82bf lib/utils/hashdb.py
aff7355d582fc6c00a675eeee2a5217a lib/utils/hash.py
12e0e0ab70c6fe5786bc561c35dc067f lib/utils/hash.py
e76a08237ee6a4cd6855af79610ea8a5 lib/utils/htmlentities.py
310efc965c862cfbd7b0da5150a5ad36 lib/utils/__init__.py
9d8c858417d356e49e1959ba253aede4 lib/utils/pivotdumptable.py
8520a745c9b4db3814fe46f4c34c6fbc lib/utils/progress.py
2c3638d499f3c01c34187e531f77d004 lib/utils/purge.py
2da1b35339667646e51101adaa1dfc32 lib/utils/search.py
4bd7dd4fc8f299f1566a26ed6c2cefb5 lib/utils/search.py
569521a83b2b6c62497879267b963b21 lib/utils/sqlalchemy.py
caeea96ec9c9d489f615f282259b32ca lib/utils/timeout.py
6fa36b9742293756b226cddee11b7d52 lib/utils/versioncheck.py
@@ -132,14 +132,14 @@ ce8bc86383f2ade41e08f2dbee1844bf plugins/dbms/db2/syntax.py
b8dcd6e97166f58ee452e68c46bfe2c4 plugins/dbms/firebird/connector.py
147afe5f4a3d09548a8a1dbc954fe29e plugins/dbms/firebird/enumeration.py
4e421504f59861bf1ed1a89abda583d1 plugins/dbms/firebird/filesystem.py
bbd239cd27b35c2fbd29443f0af5d973 plugins/dbms/firebird/fingerprint.py
d5d19126fec00967932dc75fe7880d6d plugins/dbms/firebird/fingerprint.py
f86ace7fcaea5ff3f9e86ab2dce052c5 plugins/dbms/firebird/__init__.py
04f7c2977ab5198c6f4aa6233b872ae0 plugins/dbms/firebird/syntax.py
1cb1ab93e4b8c97e81586acfe4d030a2 plugins/dbms/firebird/takeover.py
3a97bd07cce66bc812309341e7b54697 plugins/dbms/hsqldb/connector.py
015281fb8f96dbade0d2e30fc8da9c4c plugins/dbms/hsqldb/enumeration.py
6d76854ebce4cad900b47a124a1867a9 plugins/dbms/hsqldb/enumeration.py
c0b14e62e1ecbb679569a1abb9cf1913 plugins/dbms/hsqldb/filesystem.py
82304c5d7b06bb564dcdd8cda84dbeae plugins/dbms/hsqldb/fingerprint.py
cf5681143cd900fdf198ecd574842ecb plugins/dbms/hsqldb/fingerprint.py
0b18e3cf582b128cf9f16ee34ef85727 plugins/dbms/hsqldb/__init__.py
65e8f8edc9d18fe482deb474a29f83ff plugins/dbms/hsqldb/syntax.py
0a1584e2b01f33abe3ef91d99bafbd3f plugins/dbms/hsqldb/takeover.py
@@ -152,15 +152,15 @@ f06d263b2c9b52ea7a120593eb5806c4 plugins/dbms/informix/fingerprint.py
744fb5044f2b9f9d5ebda6e3f08e3be7 plugins/dbms/informix/takeover.py
310efc965c862cfbd7b0da5150a5ad36 plugins/dbms/__init__.py
e50b624ff23c3e180d80e065deb1763f plugins/dbms/maxdb/connector.py
cbd90f22ce862409fe392e65f0ea94ac plugins/dbms/maxdb/enumeration.py
affabeab69a2c5d4fc66f84b5aeaf24a plugins/dbms/maxdb/enumeration.py
815ea8e7b9bd714d73d9d6c454aff774 plugins/dbms/maxdb/filesystem.py
017c723354eff28188773670d3837c01 plugins/dbms/maxdb/fingerprint.py
c03001c1f70e76de39d26241dfcbd033 plugins/dbms/maxdb/__init__.py
e6036f5b2e39aec37ba036a8cf0efd6f plugins/dbms/maxdb/syntax.py
0be362015605e26551e5d79cc83ed466 plugins/dbms/maxdb/takeover.py
e3e78fab9b5eb97867699f0b20e59b62 plugins/dbms/mssqlserver/connector.py
a7ed0510e47384eaf93164d53e2b6b36 plugins/dbms/mssqlserver/enumeration.py
8554437c437052c30237be170ba8ce3a plugins/dbms/mssqlserver/filesystem.py
b8de437eaa3e05c3db666968b7d142e4 plugins/dbms/mssqlserver/enumeration.py
5de6074ee2f7dc5b04b70307d36dbe1d plugins/dbms/mssqlserver/filesystem.py
13cb15e8abfb05818e6f66c687b78664 plugins/dbms/mssqlserver/fingerprint.py
40bd890988f9acd3942255d687445371 plugins/dbms/mssqlserver/__init__.py
400ce654ff6bc57a40fb291322a18282 plugins/dbms/mssqlserver/syntax.py
@@ -168,12 +168,12 @@ a7ed0510e47384eaf93164d53e2b6b36 plugins/dbms/mssqlserver/enumeration.py
48fb283a0dbf980495ca054f7b55783f plugins/dbms/mysql/connector.py
7fe94b803fa273baf479b76ce7a3fb51 plugins/dbms/mysql/enumeration.py
1bd5e659962e814b66a451b807de9110 plugins/dbms/mysql/filesystem.py
1a17c2dea2cd7554cf9082fdf96f8360 plugins/dbms/mysql/fingerprint.py
e43fda42decf2a70bad470b884674fbe plugins/dbms/mysql/fingerprint.py
42568a66a13a43ed46748290c503a652 plugins/dbms/mysql/__init__.py
96dfafcc4aecc1c574148ac05dbdb6da plugins/dbms/mysql/syntax.py
33b2dc28075ab560fd8a4dc898682a0d plugins/dbms/mysql/takeover.py
ea4b9cd238075b79945bd2607810934a plugins/dbms/oracle/connector.py
3a08ef0037de6df9f9a92ec5b126d705 plugins/dbms/oracle/enumeration.py
73fc1502dff934f008e3e2590b2609e7 plugins/dbms/oracle/enumeration.py
dc5962a1d4d69d4206b6c03e00e7f33d plugins/dbms/oracle/filesystem.py
525381f48505095b14e567c1f59ca9c7 plugins/dbms/oracle/fingerprint.py
25a99a9dd7072b6b7346438599c78050 plugins/dbms/oracle/__init__.py
@@ -194,37 +194,36 @@ ee430d142fa8f9ee571578d0a0916679 plugins/dbms/sqlite/fingerprint.py
4827722159a89652005f49265bb55c43 plugins/dbms/sqlite/syntax.py
02ab8ff465da9dd31ffe6a963c676180 plugins/dbms/sqlite/takeover.py
e3e78fab9b5eb97867699f0b20e59b62 plugins/dbms/sybase/connector.py
a7f4d3a194f52fbb4fb4488be41273b1 plugins/dbms/sybase/enumeration.py
e98b82180be4fc5bbf4dfe7247afcbfe plugins/dbms/sybase/enumeration.py
62d772c7cd08275e3503304ba90c4e8a plugins/dbms/sybase/filesystem.py
deed74334b637767fc9de8f74b37647a plugins/dbms/sybase/fingerprint.py
45436a42c2bb8075e1482a950d993d55 plugins/dbms/sybase/__init__.py
89412a921c8c598c19d36762d5820f05 plugins/dbms/sybase/syntax.py
654cd5e69cf5e5c644bfa5d284e61206 plugins/dbms/sybase/takeover.py
be7481a96214220bcd8f51ca00239bed plugins/generic/connector.py
a8f9d0516509e9e4226516ab4f13036a plugins/generic/custom.py
3b54fd65feb9f70c551d315e82653384 plugins/generic/databases.py
f7387352380136ac05c0bc3decb85638 plugins/generic/entries.py
5390591ca955036d492de11355b52e8f plugins/generic/custom.py
4ad4bccc03256b8f3d21ba4f8f759404 plugins/generic/databases.py
5eae2e0992a719bfce9cf78ed0a0ea2f plugins/generic/entries.py
55802d1d5d65938414c77ccc27731cab plugins/generic/enumeration.py
bc32b21a3ab5421b5307ff7317256229 plugins/generic/filesystem.py
feca57a968c528a2fe3ccafbc83a17f8 plugins/generic/fingerprint.py
0d10a0410c416fece51c26a935e68568 plugins/generic/filesystem.py
2e397afd83939889d1a7a07893b19ae7 plugins/generic/fingerprint.py
310efc965c862cfbd7b0da5150a5ad36 plugins/generic/__init__.py
8fd5913823e97e21a8eea717cd12fc96 plugins/generic/misc.py
64b052d1df6d7fe34d73b51196f68ae3 plugins/generic/search.py
dca509ef83bf7d74ad26ebe4a03e4c6a plugins/generic/syntax.py
25cc2788cc3da6f8a0bcff0e41ff586e plugins/generic/takeover.py
02c8da99874f1cfd869d9e3bbb7c84e6 plugins/generic/users.py
84c16ffdf7047831355d1ecc09060e59 plugins/generic/misc.py
070f58c52e2a04e7a9896b42b2d17dc2 plugins/generic/search.py
562cfa80a15d5f7f1d52e10c5736d7e2 plugins/generic/syntax.py
fca9946e960942cc9b22ef26e12b8b3a plugins/generic/takeover.py
156ea264f3f1c7fc18faa251cc1f1a4b plugins/generic/users.py
310efc965c862cfbd7b0da5150a5ad36 plugins/__init__.py
b04db3e861edde1f9dd0a3850d5b96c8 shell/backdoor.asp_
158bfa168128393dde8d6ed11fe9a1b8 shell/backdoor.aspx_
1add5a9a67539e7fd1999c8c20a69d15 shell/backdoor.jsp_
09fc3ed6543f4d1885e338b271e5e97a shell/backdoor.php_
ff90cb0366f7cefbdd6e573e27e6238c shell/runcmd.exe_
0e7aba05423c272f051f31165b0e416d shell/stager.asp_
c3cc8b7727161e64ab59f312c33b541a shell/stager.aspx_
1f7f125f30e0e800beb21e2ebbab18e1 shell/stager.jsp_
01e3505e796edf19aad6a996101c81c9 shell/stager.php_
0751a45ac4c130131f2cdb74d866b664 sqlmapapi.py
dee6a537359c049dabe4ffe3de881359 sqlmap.py
d715e78922d1b6bee7c9c03fdfa7ccfd sqlmap.py
08c711a470d7e0bf705320ba3c48b886 tamper/apostrophemask.py
e8509df10d3f1c28014d7825562d32dd tamper/apostrophenullencode.py
bb27f7dc980ea07fcfedbd7da5e5e029 tamper/appendnullbyte.py
@@ -236,6 +235,7 @@ e6e3ae32bc3c3d5acb4b93289e3fe698 tamper/bluecoat.py
893e7d907bcd370394b70a30d502be2b tamper/charunicodeencode.py
596883203fbdd81ee760e4a00071bf39 tamper/commalesslimit.py
f341a48112354a50347546fa73f4f531 tamper/commalessmid.py
1a368a32530c04a11a531cd21d587682 tamper/commentbeforeparentheses.py
28c21fd9c9801d398698c646bb894260 tamper/concat2concatws.py
d496b8abd40ea1a86c771d9d20174f61 tamper/equaltolike.py
fb3c31b72675f6ef27fa420a4e974a55 tamper/escapequotes.py
@@ -388,7 +388,7 @@ a0200fc79bae0ec597b98c82894562a5 waf/armor.py
d764bf3b9456a02a7f8a0149a93ff950 waf/aws.py
dbc89fc642074c6d17a04532e623f976 waf/baidu.py
e4e713cc4e5504eed0311fa62b05a6f9 waf/barracuda.py
8a6f2edc3ff9c031e2b58733ee76cfa0 waf/bigip.py
81af1707c0783d205075d887c9868043 waf/bigip.py
2adee01cbf513944cd3d281af1c05a86 waf/binarysec.py
db312318ee5309577917faca1cd2c077 waf/blockdos.py
520ef7b59340b96b4a43e7fdba760967 waf/ciscoacexml.py
@@ -408,7 +408,7 @@ d50e17ed49e1a3cb846e652ed98e3b3c waf/hyperguard.py
5a364b68519a5872c4d60be11d2a23c1 waf/isaserver.py
8bfbae2b692538da0fb1a812330b2649 waf/jiasule.py
0b50798c12802bf98a850dd716b0d96d waf/knownsec.py
6d47157944211d758483ff8f97b810e8 waf/kona.py
bb4177a5a1b4a8d590bf556b409625ac waf/kona.py
4fed33de1ffb2214bc1baa9f925c3eb9 waf/modsecurity.py
fe690dfc4b2825c3682ceecef7ee9e6e waf/netcontinuum.py
bd55ed30291b31db63b761db472f41ea waf/netscaler.py
@@ -428,7 +428,7 @@ d4fbb2af37ad3ade3118668f2b516693 waf/requestvalidationmode.py
c1062e5c165cdaeca51113e60973afb2 waf/sophos.py
e909c359a9181e64271e6c7c8347fe15 waf/stingray.py
33f3bdac403519a1f96fb9015680c575 waf/sucuri.py
507f7c1019afd1c45c76bbcd179ddfe9 waf/tencent.py
c863940e74f8ecab70a80bb62548b130 waf/tencent.py
3de96df7edeae2f21ba7b9d77c90f4d6 waf/teros.py
d428df1e83a6fac9d8dbc90d6b5dab20 waf/trafficshield.py
385c84908b482c7f0fe93262ab5320fa waf/urlscan.py

752
txt/smalldict.txt
View File

File diff suppressed because it is too large Load Diff

BIN
txt/wordlist.zip
View File

Binary file not shown.

2
waf/bigip.py
View File

@@ -18,7 +18,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
_, headers, _ = get_page(get=vector)
retval = headers.get("X-Cnection", "").lower() == "close"
retval |= re.search(r"\ATS[a-zA-Z0-9]{4,}=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None
retval |= re.search(r"\ATS\w{4,}=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None
retval |= re.search(r"BigIP|BIGipServer", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None
retval |= re.search(r"BigIP|BIGipServer", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
retval |= re.search(r"\AF5\Z", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None

2
waf/kona.py
View File

@@ -17,7 +17,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector)
retval = code in (400, 403, 501) and re.search(r"Reference #[0-9A-Fa-f.]+", page or "", re.I) is not None
retval = code in (400, 403, 501) and re.search(r"Reference #[0-9a-f.]+", page or "", re.I) is not None
retval |= re.search(r"AkamaiGHost", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
if retval:
break

2
waf/tencent.py
View File

@@ -5,8 +5,6 @@ Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission
"""
import re
from lib.core.settings import WAF_ATTACK_VECTORS
__product__ = "Tencent Cloud Web Application Firewall (Tencent Cloud Computing)"