Minor patch of normalizePath()

Minor patch
Fixes #2755
2025-12-11 18:29:03 +00:00 · 2017-11-02 13:09:31 +01:00 · 2017-11-02 13:02:38 +01:00 · 2017-11-02 11:49:36 +01:00 · 2017-11-01 10:35:01 +01:00 · 2017-10-31 11:48:17 +01:00
367 changed files with 2356 additions and 1357 deletions
--- a/.github/CODE_OF_CONDUCT.md
+++ b/.github/CODE_OF_CONDUCT.md
@@ -0,0 +1,46 @@
 # Contributor Covenant Code of Conduct
 ## Our Pledge
 In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation.
 ## Our Standards
 Examples of behavior that contributes to creating a positive environment include:
 * Using welcoming and inclusive language
 * Being respectful of differing viewpoints and experiences
 * Gracefully accepting constructive criticism
 * Focusing on what is best for the community
 * Showing empathy towards other community members
 Examples of unacceptable behavior by participants include:
 * The use of sexualized language or imagery and unwelcome sexual attention or advances
 * Trolling, insulting/derogatory comments, and personal or political attacks
 * Public or private harassment
 * Publishing others' private information, such as a physical or electronic address, without explicit permission
 * Other conduct which could reasonably be considered inappropriate in a professional setting
 ## Our Responsibilities
 Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior.
 Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful.
 ## Scope
 This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers.
 ## Enforcement
 Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at dev@sqlmap.org. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately.
 Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership.
 ## Attribution
 This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version]
 [homepage]: http://contributor-covenant.org
 [version]: http://contributor-covenant.org/version/1/4/
--- a/.github/CONTRIBUTING.md
+++ b/.github/CONTRIBUTING.md
--- a/.github/ISSUE_TEMPLATE.md
+++ b/.github/ISSUE_TEMPLATE.md
--- a/doc/COPYING
+++ b/doc/COPYING
@@ -31,6 +31,9 @@ interpretation of derived works with some common examples. Our
 interpretation applies only to sqlmap - we do not speak for other people's
 GPL works.
 This license does not apply to the third-party components. More details can
 be found inside the file 'doc/THIRD-PARTY.md'.
 If you have any questions about the GPL licensing restrictions on using
 sqlmap in non-GPL works, we would be happy to help. As mentioned above,
 we also offer alternative license to integrate sqlmap into proprietary
@@ -343,29 +346,3 @@ PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
 POSSIBILITY OF SUCH DAMAGES.
                     END OF TERMS AND CONDITIONS
 ****************************************************************************
 This license does not apply to the following components:
 * The Ansistrm library located under thirdparty/ansistrm/.
 * The Beautiful Soup library located under thirdparty/beautifulsoup/.
 * The Bottle library located under thirdparty/bottle/.
 * The Chardet library located under thirdparty/chardet/.
 * The ClientForm library located under thirdparty/clientform/.
 * The Colorama library located under thirdparty/colorama/.
 * The Fcrypt library located under thirdparty/fcrypt/.
 * The Gprof2dot library located under thirdparty/gprof2dot/.
 * The KeepAlive library located under thirdparty/keepalive/.
 * The Magic library located under thirdparty/magic/.
 * The MultipartPost library located under thirdparty/multipartpost/.
 * The Odict library located under thirdparty/odict/.
 * The Oset library located under thirdparty/oset/.
 * The PrettyPrint library located under thirdparty/prettyprint/.
 * The PyDes library located under thirdparty/pydes/.
 * The SocksiPy library located under thirdparty/socks/.
 * The Termcolor library located under thirdparty/termcolor/.
 * The XDot library located under thirdparty/xdot/.
 * The icmpsh tool located under extra/icmpsh/.
 Details for the above packages can be found in the THIRD-PARTY.md file.
--- a/README.md
+++ b/README.md
@@ -1,9 +1,11 @@
 # sqlmap
-[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/doc/COPYING) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
+[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
 sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.
 **The sqlmap project is sponsored by [Netsparker Web Application Security Scanner](https://www.netsparker.com/?utm_source=github.com&utm_medium=referral&utm_content=sqlmap+repo&utm_campaign=generic+advert).**
 Screenshots
 ----
@@ -60,6 +62,7 @@ Translations
 * [Indonesian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-id-ID.md)
 * [Italian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-it-IT.md)
 * [Japanese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ja-JP.md)
 * [Polish](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-pl-PL.md)
 * [Portuguese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-pt-BR.md)
 * [Spanish](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-es-MX.md)
 * [Turkish](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-tr-TR.md)
--- a/doc/translations/README-bg-BG.md
+++ b/doc/translations/README-bg-BG.md
@@ -1,6 +1,6 @@
 # sqlmap
-[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![Лиценз](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/doc/COPYING) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
+[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![Лиценз](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
 sqlmap e инструмент за тестване и проникване, с отворен код, който автоматизира процеса на откриване и използване на недостатъците на SQL база данните чрез SQL инжекция, която ги взима от сървъра. Снабден е с мощен детектор, множество специални функции за най-добрия тестер и широк спектър от функции, които могат да се използват за множество цели - извличане на данни от базата данни, достъп до основната файлова система и изпълняване на команди на операционната система.
--- a/doc/translations/README-es-MX.md
+++ b/doc/translations/README-es-MX.md
@@ -1,6 +1,6 @@
 # sqlmap
-[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/doc/COPYING) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
+[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
 sqlmap es una herramienta para pruebas de penetración "penetration testing" de software libre que automatiza el proceso de detección y explotación de fallos mediante inyección de SQL además de tomar el control de servidores de bases de datos. Contiene un poderoso motor de detección, así como muchas de las funcionalidades escenciales para el "pentester" y una amplia gama de opciones desde la recopilación de información para identificar el objetivo conocido como "fingerprinting" mediante la extracción de información de la base de datos, hasta el acceso al sistema de archivos subyacente para ejecutar comandos en el sistema operativo a través de conexiones alternativas conocidas como "Out-of-band".
--- a/doc/translations/README-fr-FR.md
+++ b/doc/translations/README-fr-FR.md
@@ -1,6 +1,6 @@
 # sqlmap
-[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/doc/COPYING) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
+[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
 **sqlmap** est un outil Open Source de test d'intrusion. Cet outil permet d'automatiser le processus de détection et d'exploitation des failles d'injection SQL afin de prendre le contrôle des serveurs de base de données. __sqlmap__ dispose d'un puissant moteur de détection utilisant les techniques les plus récentes et les plus dévastatrices de tests d'intrusion comme L'Injection SQL, qui permet d'accéder à la base de données, au système de fichiers sous-jacent et permet aussi l'exécution des commandes sur le système d'exploitation.
--- a/doc/translations/README-gr-GR.md
+++ b/doc/translations/README-gr-GR.md
@@ -1,6 +1,6 @@
 # sqlmap
-[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/doc/COPYING) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
+[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
 Το sqlmap είναι πρόγραμμα ανοιχτού κώδικα, που αυτοματοποιεί την εύρεση και εκμετάλλευση ευπαθειών τύπου SQL Injection σε βάσεις δεδομένων. Έρχεται με μια δυνατή μηχανή αναγνώρισης ευπαθειών, πολλά εξειδικευμένα χαρακτηριστικά για τον απόλυτο penetration tester όπως και με ένα μεγάλο εύρος επιλογών αρχίζοντας από την αναγνώριση της βάσης δεδομένων, κατέβασμα δεδομένων της βάσης, μέχρι και πρόσβαση στο βαθύτερο σύστημα αρχείων και εκτέλεση εντολών στο απευθείας στο λειτουργικό μέσω εκτός ζώνης συνδέσεων.
--- a/doc/translations/README-hr-HR.md
+++ b/doc/translations/README-hr-HR.md
@@ -1,6 +1,6 @@
 # sqlmap
-[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/doc/COPYING) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
+[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
 sqlmap je alat namijenjen za penetracijsko testiranje koji automatizira proces detekcije i eksploatacije sigurnosnih propusta SQL injekcije te preuzimanje poslužitelja baze podataka. Dolazi s moćnim mehanizmom za detekciju, mnoštvom korisnih opcija za napredno penetracijsko testiranje te široki spektar opcija od onih za prepoznavanja baze podataka, preko dohvaćanja podataka iz baze, do pristupa zahvaćenom datotečnom sustavu i izvršavanja komandi na operacijskom sustavu korištenjem tzv. "out-of-band" veza.
--- a/doc/translations/README-id-ID.md
+++ b/doc/translations/README-id-ID.md
@@ -1,6 +1,6 @@
 # sqlmap
-[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/doc/COPYING) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
+[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
 sqlmap merupakan alat _(tool)_ bantu _open source_ dalam melakukan tes penetrasi yang mengotomasi proses deteksi dan eksploitasi kelemahan _SQL injection_ dan pengambil-alihan server basisdata. sqlmap dilengkapi dengan pendeteksi canggih, fitur-fitur hanal bagi _penetration tester_, beragam cara untuk mendeteksi basisdata, hingga mengakses _file system_ dan mengeksekusi perintah dalam sistem operasi melalui koneksi _out-of-band_. 
--- a/doc/translations/README-it-IT.md
+++ b/doc/translations/README-it-IT.md
@@ -1,6 +1,6 @@
 # sqlmap
-[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/doc/COPYING) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
+[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
 sqlmap è uno strumento open source per il penetration testing. Il suo scopo è quello di rendere automatico il processo di scoperta ed exploit di vulnerabilità di tipo SQL injection al fine di compromettere database online. Dispone di un potente motore per la ricerca di vulnerabilità, molti strumenti di nicchia anche per il più esperto penetration tester ed un'ampia gamma di controlli che vanno dal fingerprinting di database allo scaricamento di dati, fino all'accesso al file system sottostante e l'esecuzione di comandi nel sistema operativo attraverso connessioni out-of-band.
--- a/doc/translations/README-ja-JP.md
+++ b/doc/translations/README-ja-JP.md
@@ -1,6 +1,6 @@
 # sqlmap
-[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/doc/COPYING) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
+[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
 sqlmapはオープンソースのペネトレーションテスティングツールです。SQLインジェクションの脆弱性の検出、活用、そしてデータベースサーバ奪取のプロセスを自動化します。
 強力な検出エンジン、ペネトレーションテスターのための多くのニッチ機能、持続的なデータベースのフィンガープリンティングから、データベースのデータ取得やアウトオブバンド接続を介したオペレーティング・システム上でのコマンド実行、ファイルシステムへのアクセスなどの広範囲に及ぶスイッチを提供します。
--- a/doc/translations/README-pl-PL.md
+++ b/doc/translations/README-pl-PL.md
@@ -0,0 +1,50 @@
 # sqlmap
 [![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
 sqlmap to open sourceowe narzędzie do testów penetracyjnych, które automatyzuje procesy detekcji, przejmowania i testowania odporności serwerów SQL na podatność na iniekcję niechcianego kodu. Zawiera potężny mechanizm detekcji, wiele niszowych funkcji dla zaawansowanych testów penetracyjnych oraz szeroki wachlarz opcji począwszy od identyfikacji bazy danych, poprzez wydobywanie z nich danych, a nawet pozwalającuch na dostęp do systemu plików o uruchamianie poleceń w systemie operacyjnym serwera poprzez niestandardowe połączenia.
 Zrzuty ekranowe
 ----
 ![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)
 Możesz odwiedzić [kolekcję zrzutów](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) demonstruującą na wiki niektóre możliwości.
 Instalacja
 ----
 Najnowsze tarball archiwum jest dostępne po klikcięciu [tutaj](https://github.com/sqlmapproject/sqlmap/tarball/master) lub najnowsze zipball archiwum po kliknięciu [tutaj](https://github.com/sqlmapproject/sqlmap/zipball/master).
 Można również pobrać sqlmap klonując rezozytorium [Git](https://github.com/sqlmapproject/sqlmap):
    git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
 do użycia sqlmap potrzebny jest [Python](http://www.python.org/download/) w wersji **2.6.x** lub **2.7.x** na dowolnej platformie systemowej.
 Sposób użycia
 ----
 Aby uzyskać listę podstawowych funkcji i parametrów użyj polecenia:
    python sqlmap.py -h
 Aby uzyskać listę wszystkich funkcji i parametrów użyj polecenia:
    python sqlmap.py -hh
 Przykładowy wynik działania dostępny [tutaj](https://asciinema.org/a/46601).
 Aby uzyskać listę wszystkich dostępnych fukcji, parametrów i opisów ich działania wraz z przykładami użycia sqlnap proponujemy odwiedzić [instrukjcę użytkowania](https://github.com/sqlmapproject/sqlmap/wiki/Usage).
 Odnośniki
 ----
 * Strona projektu: http://sqlmap.org
 * Pobieranie: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
 * RSS feed: https://github.com/sqlmapproject/sqlmap/commits/master.atom
 * Raportowanie błędów: https://github.com/sqlmapproject/sqlmap/issues
 * Instrukcja użytkowania: https://github.com/sqlmapproject/sqlmap/wiki
 * Często zadawane pytania (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
 * Twitter: [@sqlmap](https://twitter.com/sqlmap)
 * Dema: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos)
 * Zrzuty ekranowe: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots
--- a/doc/translations/README-pt-BR.md
+++ b/doc/translations/README-pt-BR.md
@@ -1,6 +1,6 @@
 # sqlmap
-[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/doc/COPYING) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
+[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
 sqlmap é uma ferramenta de teste de penetração de código aberto que automatiza o processo de detecção e exploração de falhas de injeção SQL. Com essa ferramenta é possível assumir total controle de servidores de banco de dados em páginas web vulneráveis, inclusive de base de dados fora do sistema invadido. Ele possui um motor de detecção poderoso, empregando as últimas e mais devastadoras técnicas de teste de penetração por SQL Injection, que permite acessar a base de dados, o sistema de arquivos subjacente e executar comandos no sistema operacional.
--- a/doc/translations/README-tr-TR.md
+++ b/doc/translations/README-tr-TR.md
@@ -1,6 +1,6 @@
 # sqlmap
-[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/doc/COPYING) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
+[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
 sqlmap sql injection açıklarını otomatik olarak tespit ve istismar etmeye yarayan açık kaynak bir penetrasyon aracıdır. sqlmap gelişmiş tespit özelliğinin yanı sıra penetrasyon testleri sırasında gerekli olabilecek bir çok aracı, -uzak veritabınınından, veri indirmek, dosya sistemine erişmek, dosya çalıştırmak gibi - işlevleri de barındırmaktadır.
--- a/doc/translations/README-zh-CN.md
+++ b/doc/translations/README-zh-CN.md
@@ -1,6 +1,6 @@
 # sqlmap
-[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/doc/COPYING) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
+[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
 sqlmap 是一个开源的渗透测试工具，可以用来自动化的检测，利用SQL注入漏洞，获取数据库服务器的权限。它具有功能强大的检测引擎,针对各种不同类型数据库的渗透测试的功能选项，包括获取数据库中存储的数据，访问操作系统文件甚至可以通过外带数据连接的方式执行操作系统命令。
--- a/extra/init.py
+++ b/extra/init.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 pass
--- a/extra/beep/init.py
+++ b/extra/beep/init.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 pass
--- a/extra/beep/beep.py
+++ b/extra/beep/beep.py
@@ -4,7 +4,7 @@
 beep.py - Make a beep sound
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 import os
--- a/extra/cloak/init.py
+++ b/extra/cloak/init.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 pass
--- a/extra/cloak/cloak.py
+++ b/extra/cloak/cloak.py
@@ -4,7 +4,7 @@
 cloak.py - Simple file encryption/compression utility
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 import os
--- a/extra/dbgtool/init.py
+++ b/extra/dbgtool/init.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 pass
--- a/extra/dbgtool/dbgtool.py
+++ b/extra/dbgtool/dbgtool.py
@@ -4,7 +4,7 @@
 dbgtool.py - Portable executable to ASCII debug script converter
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 import os
--- a/extra/icmpsh/icmpsh-m.pl
+++ b/extra/icmpsh/icmpsh-m.pl
--- a/extra/mssqlsig/update.py
+++ b/extra/mssqlsig/update.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 import codecs
--- a/extra/safe2bin/init.py
+++ b/extra/safe2bin/init.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 pass
--- a/extra/safe2bin/safe2bin.py
+++ b/extra/safe2bin/safe2bin.py
@@ -4,7 +4,7 @@
 safe2bin.py - Simple safe(hex) to binary format converter
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 import binascii
--- a/extra/shutils/blanks.sh
+++ b/extra/shutils/blanks.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 # Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
-# See the file 'doc/COPYING' for copying permission
+# See the file 'LICENSE' for copying permission
 # Removes trailing spaces from blank lines inside project files
 find . -type f -iname '*.py' -exec sed -i 's/^[ \t]*$//' {} \;
--- a/extra/shutils/duplicates.py
+++ b/extra/shutils/duplicates.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 # Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-# See the file 'doc/COPYING' for copying permission
+# See the file 'LICENSE' for copying permission
 # Removes duplicate entries in wordlist like files
--- a/extra/shutils/pep8.sh
+++ b/extra/shutils/pep8.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 # Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
-# See the file 'doc/COPYING' for copying permission
+# See the file 'LICENSE' for copying permission
 # Runs pep8 on all python files (prerequisite: apt-get install pep8)
 find . -wholename "./thirdparty" -prune -o -type f -iname "*.py" -exec pep8 '{}' \;
--- a/extra/shutils/postcommit-hook.sh
+++ b/extra/shutils/postcommit-hook.sh
--- a/extra/shutils/precommit-hook.sh
+++ b/extra/shutils/precommit-hook.sh
--- a/extra/shutils/pydiatra.sh
+++ b/extra/shutils/pydiatra.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 # Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
-# See the file 'doc/COPYING' for copying permission
+# See the file 'LICENSE' for copying permission
 # Runs py2diatra on all python files (prerequisite: pip install pydiatra)
 find . -wholename "./thirdparty" -prune -o -type f -iname "*.py" -exec py2diatra '{}' \; | grep -v bare-except
--- a/extra/shutils/pyflakes.sh
+++ b/extra/shutils/pyflakes.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 # Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
-# See the file 'doc/COPYING' for copying permission
+# See the file 'LICENSE' for copying permission
 # Runs pyflakes on all python files (prerequisite: apt-get install pyflakes)
 find . -wholename "./thirdparty" -prune -o -type f -iname "*.py" -exec pyflakes '{}' \;
--- a/extra/shutils/pylint.py
+++ b/extra/shutils/pylint.py
@@ -20,11 +20,11 @@ def check(module):
        print "CHECKING ", module
        pout = os.popen("pylint --rcfile=/dev/null %s" % module, 'r')
        for line in pout:
-            if  re.match("\AE:", line):
+            if re.match(r"\AE:", line):
                print line.strip()
            if __RATING__ and "Your code has been rated at" in line:
                print line
-                score = re.findall("\d.\d\d", line)[0]
+                score = re.findall(r"\d.\d\d", line)[0]
                total += float(score)
                count += 1
--- a/extra/shutils/pypi.sh
+++ b/extra/shutils/pypi.sh
@@ -1,5 +1,10 @@
 #!/bin/bash
 if [ ! -f ~/.pypirc ]; then
    echo "File ~/.pypirc is missing"
    exit 1
 fi
 declare -x SCRIPTPATH="${0}"
 SETTINGS="${SCRIPTPATH%/*}/../../lib/core/settings.py"
 VERSION=$(cat $SETTINGS | grep -E "^VERSION =" | cut -d '"' -f 2 | cut -d '.' -f 1-3)
@@ -12,7 +17,7 @@ cat > $TMP_DIR/setup.py << EOF
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 from setuptools import setup, find_packages
@@ -56,7 +61,7 @@ cat > sqlmap/__init__.py << EOF
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 import os
@@ -156,7 +161,7 @@ Links
 .. |Python 2.6|2.7| image:: https://img.shields.io/badge/python-2.6|2.7-yellow.svg
   :target: https://www.python.org/
 .. |License| image:: https://img.shields.io/badge/license-GPLv2-red.svg
-   :target: https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/doc/COPYING
+   :target: https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE
 .. |Twitter| image:: https://img.shields.io/badge/twitter-@sqlmap-blue.svg
   :target: https://twitter.com/sqlmap
--- a/extra/shutils/regressiontest.py
+++ b/extra/shutils/regressiontest.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 # Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-# See the file 'doc/COPYING' for copying permission
+# See the file 'LICENSE' for copying permission
 import codecs
 import inspect
--- a/extra/shutils/strip.sh
+++ b/extra/shutils/strip.sh
--- a/extra/sqlharvest/init.py
+++ b/extra/sqlharvest/init.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 pass
--- a/extra/sqlharvest/sqlharvest.py
+++ b/extra/sqlharvest/sqlharvest.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 import cookielib
--- a/lib/init.py
+++ b/lib/init.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 pass
--- a/lib/controller/init.py
+++ b/lib/controller/init.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 pass
--- a/lib/controller/action.py
+++ b/lib/controller/action.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 from lib.controller.handler import setHandler
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -2,15 +2,17 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 import copy
 import httplib
 import os
 import random
 import re
 import socket
 import subprocess
 import tempfile
 import time
 from extra.beep.beep import beep
@@ -30,6 +32,7 @@ from lib.core.common import hashDBRetrieve
 from lib.core.common import hashDBWrite
 from lib.core.common import intersect
 from lib.core.common import listToStrValue
 from lib.core.common import openFile
 from lib.core.common import parseFilePaths
 from lib.core.common import popValue
 from lib.core.common import pushValue
@@ -55,6 +58,7 @@ from lib.core.enums import HASHDB_KEYS
 from lib.core.enums import HEURISTIC_TEST
 from lib.core.enums import HTTP_HEADER
 from lib.core.enums import HTTPMETHOD
 from lib.core.enums import MKSTEMP_PREFIX
 from lib.core.enums import NOTE
 from lib.core.enums import NULLCONNECTION
 from lib.core.enums import PAYLOAD
@@ -63,11 +67,13 @@ from lib.core.enums import REDIRECTION
 from lib.core.exception import SqlmapConnectionException
 from lib.core.exception import SqlmapNoneDataException
 from lib.core.exception import SqlmapSilentQuitException
 from lib.core.exception import SqlmapSkipTargetException
 from lib.core.exception import SqlmapUserQuitException
 from lib.core.settings import CANDIDATE_SENTENCE_MIN_LENGTH
 from lib.core.settings import CHECK_INTERNET_ADDRESS
 from lib.core.settings import CHECK_INTERNET_VALUE
 from lib.core.settings import DEFAULT_GET_POST_DELIMITER
 from lib.core.settings import DEV_EMAIL_ADDRESS
 from lib.core.settings import DUMMY_NON_SQLI_CHECK_APPENDIX
 from lib.core.settings import FI_ERROR_REGEX
 from lib.core.settings import FORMAT_EXCEPTION_STRINGS
@@ -162,6 +168,13 @@ def checkSqlInjection(place, parameter, value):
            unionExtended = False
            trueCode, falseCode = None, None
            if conf.httpCollector is not None:
                conf.httpCollector.setExtendedArguments({
                    "_title": title,
                    "_place": place,
                    "_parameter": parameter,
                })
            if stype == PAYLOAD.TECHNIQUE.UNION:
                configUnion(test.request.char)
@@ -245,17 +258,23 @@ def checkSqlInjection(place, parameter, value):
            if payloadDbms is not None:
                # Skip DBMS-specific test if it does not match the user's
                # provided DBMS
-                if conf.dbms is not None and not intersect(payloadDbms, conf.dbms, True):
+                if conf.dbms and not intersect(payloadDbms, conf.dbms, True):
                    debugMsg = "skipping test '%s' because " % title
-                    debugMsg += "the provided DBMS is %s" % conf.dbms
+                    debugMsg += "its declared DBMS is different than provided"
                    logger.debug(debugMsg)
                    continue
                if kb.dbmsFilter and not intersect(payloadDbms, kb.dbmsFilter, True):
                    debugMsg = "skipping test '%s' because " % title
                    debugMsg += "its declared DBMS is different than provided"
                    logger.debug(debugMsg)
                    continue
                # Skip DBMS-specific test if it does not match the
                # previously identified DBMS (via DBMS-specific payload)
-                if injection.dbms is not None and not intersect(payloadDbms, injection.dbms, True):
+                if injection.dbms and not intersect(payloadDbms, injection.dbms, True):
-                    debugMsg = "skipping test '%s' because the identified " % title
+                    debugMsg = "skipping test '%s' because " % title
-                    debugMsg += "back-end DBMS is %s" % injection.dbms
+                    debugMsg += "its declared DBMS is different than identified"
                    logger.debug(debugMsg)
                    continue
@@ -606,7 +625,9 @@ def checkSqlInjection(place, parameter, value):
                            configUnion(test.request.char, test.request.columns)
-                            if not Backend.getIdentifiedDbms():
+                            if len(kb.dbmsFilter or []) == 1:
                                Backend.forceDbms(kb.dbmsFilter[0])
                            elif not Backend.getIdentifiedDbms():
                                if kb.heuristicDbms is None:
                                    warnMsg = "using unescaped version of the test "
                                    warnMsg += "because of zero knowledge of the "
@@ -737,10 +758,17 @@ def checkSqlInjection(place, parameter, value):
            warnMsg = "user aborted during detection phase"
            logger.warn(warnMsg)
            if conf.multipleTargets:
                msg = "how do you want to proceed? [ne(X)t target/(s)kip current test/(e)nd detection phase/(n)ext parameter/(c)hange verbosity/(q)uit]"
                choice = readInput(msg, default='T', checkBatch=False).upper()
            else:
                msg = "how do you want to proceed? [(S)kip current test/(e)nd detection phase/(n)ext parameter/(c)hange verbosity/(q)uit]"
                choice = readInput(msg, default='S', checkBatch=False).upper()
-            if choice == 'C':
+            if choice == 'X':
                if conf.multipleTargets:
                    raise SqlmapSkipTargetException
            elif choice == 'C':
                choice = None
                while not ((choice or "").isdigit() and 0 <= int(choice) <= 6):
                    if choice:
@@ -1278,6 +1306,9 @@ def checkWaf():
            logger.critical(warnMsg)
        return _
    if not kb.originalPage:
        return None
    infoMsg = "checking if the target is protected by "
    infoMsg += "some kind of WAF/IPS/IDS"
    logger.info(infoMsg)
@@ -1352,6 +1383,9 @@ def identifyWaf():
    retVal = []
    for function, product in kb.wafFunctions:
        if retVal and "unknown" in product.lower():
            continue
        try:
            logger.debug("checking for WAF/IPS/IDS product '%s'" % product)
            found = function(_)
@@ -1369,6 +1403,18 @@ def identifyWaf():
            retVal.append(product)
    if retVal:
        if kb.wafSpecificResponse and len(retVal) == 1 and "unknown" in retVal[0].lower():
            handle, filename = tempfile.mkstemp(prefix=MKSTEMP_PREFIX.SPECIFIC_RESPONSE)
            os.close(handle)
            with openFile(filename, "w+b") as f:
                f.write(kb.wafSpecificResponse)
            message = "WAF/IPS/IDS specific response can be found in '%s'. " % filename
            message += "If you know the details on used protection please "
            message += "report it along with specific response "
            message += "to '%s'" % DEV_EMAIL_ADDRESS
            logger.warn(message)
        message = "are you sure that you want to "
        message += "continue with further target testing? [y/N] "
        choice = readInput(message, default='N', boolean=True)
@@ -1470,6 +1516,7 @@ def checkConnection(suppressOutput=False):
            warnMsg += "which could interfere with the results of the tests"
            logger.warn(warnMsg)
        elif wasLastResponseHTTPError():
            if getLastRequestHTTPError() != conf.ignoreCode:
                warnMsg = "the web server responded with an HTTP error code (%d) " % getLastRequestHTTPError()
                warnMsg += "which could interfere with the results of the tests"
                logger.warn(warnMsg)
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 import os
@@ -54,6 +54,7 @@ from lib.core.exception import SqlmapBaseException
 from lib.core.exception import SqlmapNoneDataException
 from lib.core.exception import SqlmapNotVulnerableException
 from lib.core.exception import SqlmapSilentQuitException
 from lib.core.exception import SqlmapSkipTargetException
 from lib.core.exception import SqlmapValueException
 from lib.core.exception import SqlmapUserQuitException
 from lib.core.settings import ASP_NET_CONTROL_REGEX
@@ -666,6 +667,9 @@ def start():
            else:
                raise
        except SqlmapSkipTargetException:
            pass
        except SqlmapUserQuitException:
            raise
--- a/lib/controller/handler.py
+++ b/lib/controller/handler.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 from lib.core.common import Backend
@@ -70,12 +70,22 @@ def setHandler():
                  (DBMS.INFORMIX, INFORMIX_ALIASES, InformixMap, InformixConn),
            ]
-    _ = max(_ if (Backend.getIdentifiedDbms() or kb.heuristicExtendedDbms or "").lower() in _[1] else None for _ in items)
+    _ = max(_ if (conf.get("dbms") or Backend.getIdentifiedDbms() or kb.heuristicExtendedDbms or "").lower() in _[1] else None for _ in items)
    if _:
        items.remove(_)
        items.insert(0, _)
    for dbms, aliases, Handler, Connector in items:
        if conf.forceDbms:
            if conf.forceDbms.lower() not in aliases:
                continue
            else:
                kb.dbms = conf.dbms = conf.forceDbms = dbms
        if kb.dbmsFilter:
            if dbms not in kb.dbmsFilter:
                continue
        handler = Handler()
        conf.dbmsConnector = Connector()
@@ -96,7 +106,7 @@ def setHandler():
            else:
                conf.dbmsConnector.connect()
-        if handler.checkDbms():
+        if conf.forceDbms == dbms or handler.checkDbms():
            if kb.resolutionDbms:
                conf.dbmsHandler = max(_ for _ in items if _[0] == kb.resolutionDbms)[2]()
            else:
--- a/lib/core/init.py
+++ b/lib/core/init.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 pass
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 import re
@@ -36,10 +36,10 @@ from lib.core.enums import POST_HINT
 from lib.core.exception import SqlmapNoneDataException
 from lib.core.settings import BOUNDARY_BACKSLASH_MARKER
 from lib.core.settings import BOUNDED_INJECTION_MARKER
 from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR
 from lib.core.settings import DEFAULT_COOKIE_DELIMITER
 from lib.core.settings import DEFAULT_GET_POST_DELIMITER
 from lib.core.settings import GENERIC_SQL_COMMENT
 from lib.core.settings import INFERENCE_MARKER
 from lib.core.settings import NULL
 from lib.core.settings import PAYLOAD_DELIMITER
 from lib.core.settings import REPLACEMENT_MARKER
@@ -101,7 +101,7 @@ class Agent(object):
        if place == PLACE.URI or BOUNDED_INJECTION_MARKER in origValue:
            paramString = origValue
            if place == PLACE.URI:
-                origValue = origValue.split(CUSTOM_INJECTION_MARK_CHAR)[0]
+                origValue = origValue.split(kb.customInjectionMark)[0]
            else:
                origValue = filter(None, (re.search(_, origValue.split(BOUNDED_INJECTION_MARKER)[0]) for _ in (r"\w+\Z", r"[^\"'><]+\Z", r"[^ ]+\Z")))[0].group(0)
            origValue = origValue[origValue.rfind('/') + 1:]
@@ -110,19 +110,19 @@ class Agent(object):
                    origValue = origValue[origValue.rfind(char) + 1:]
        elif place == PLACE.CUSTOM_POST:
            paramString = origValue
-            origValue = origValue.split(CUSTOM_INJECTION_MARK_CHAR)[0]
+            origValue = origValue.split(kb.customInjectionMark)[0]
            if kb.postHint in (POST_HINT.SOAP, POST_HINT.XML):
                origValue = origValue.split('>')[-1]
            elif kb.postHint in (POST_HINT.JSON, POST_HINT.JSON_LIKE):
-                origValue = extractRegexResult(r"(?s)\"\s*:\s*(?P<result>\d+\Z)", origValue) or extractRegexResult(r'(?s)\s*(?P<result>[^"\[,]+\Z)', origValue)
+                origValue = extractRegexResult(r"(?s)\"\s*:\s*(?P<result>\d+\Z)", origValue) or extractRegexResult(r'(?s)[\s:]*(?P<result>[^"\[,]+\Z)', origValue)
            else:
                _ = extractRegexResult(r"(?s)(?P<result>[^\s<>{}();'\"&]+\Z)", origValue) or ""
                origValue = _.split('=', 1)[1] if '=' in _ else ""
        elif place == PLACE.CUSTOM_HEADER:
            paramString = origValue
-            origValue = origValue.split(CUSTOM_INJECTION_MARK_CHAR)[0]
+            origValue = origValue.split(kb.customInjectionMark)[0]
            origValue = origValue[origValue.find(',') + 1:]
-            match = re.search(r"([^;]+)=(?P<value>[^;]+);?\Z", origValue)
+            match = re.search(r"([^;]+)=(?P<value>[^;]*);?\Z", origValue)
            if match:
                origValue = match.group("value")
            elif ',' in paramString:
@@ -131,12 +131,14 @@ class Agent(object):
                if header.upper() == HTTP_HEADER.AUTHORIZATION.upper():
                    origValue = origValue.split(' ')[-1].split(':')[-1]
        origValue = origValue or ""
        if value is None:
            if where == PAYLOAD.WHERE.ORIGINAL:
                value = origValue
            elif where == PAYLOAD.WHERE.NEGATIVE:
                if conf.invalidLogical:
-                    match = re.search(r'\A[^ ]+', newValue)
+                    match = re.search(r"\A[^ ]+", newValue)
                    newValue = newValue[len(match.group() if match else ""):]
                    _ = randomInt(2)
                    value = "%s%s AND %s=%s" % (origValue, match.group() if match else "", _, _ + 1)
@@ -159,17 +161,16 @@ class Agent(object):
        newValue = self.cleanupPayload(newValue, origValue)
        if place in (PLACE.URI, PLACE.CUSTOM_POST, PLACE.CUSTOM_HEADER):
-            _ = "%s%s" % (origValue, CUSTOM_INJECTION_MARK_CHAR)
+            _ = "%s%s" % (origValue, kb.customInjectionMark)
            if kb.postHint == POST_HINT.JSON and not isNumber(newValue) and not '"%s"' % _ in paramString:
                newValue = '"%s"' % newValue
            elif kb.postHint == POST_HINT.JSON_LIKE and not isNumber(newValue) and not "'%s'" % _ in paramString:
                newValue = "'%s'" % newValue
-            newValue = newValue.replace(CUSTOM_INJECTION_MARK_CHAR, REPLACEMENT_MARKER)
+            newValue = newValue.replace(kb.customInjectionMark, REPLACEMENT_MARKER)
            retVal = paramString.replace(_, self.addPayloadDelimiters(newValue))
-            retVal = retVal.replace(CUSTOM_INJECTION_MARK_CHAR, "").replace(REPLACEMENT_MARKER, CUSTOM_INJECTION_MARK_CHAR)
+            retVal = retVal.replace(kb.customInjectionMark, "").replace(REPLACEMENT_MARKER, kb.customInjectionMark)
        elif BOUNDED_INJECTION_MARKER in paramDict[parameter]:
-            _ = "%s%s" % (origValue, BOUNDED_INJECTION_MARKER)
+            retVal = paramString.replace("%s%s" % (origValue, BOUNDED_INJECTION_MARKER), self.addPayloadDelimiters(newValue))
            retVal = "%s=%s" % (re.sub(r" (\#\d\*|\(.+\))\Z", "", parameter), paramString.replace(_, self.addPayloadDelimiters(newValue)))
        elif place in (PLACE.USER_AGENT, PLACE.REFERER, PLACE.HOST):
            retVal = paramString.replace(origValue, self.addPayloadDelimiters(newValue))
        else:
@@ -319,7 +320,7 @@ class Agent(object):
            origValue = getUnicode(origValue)
            payload = getUnicode(payload).replace("[ORIGVALUE]", origValue if origValue.isdigit() else unescaper.escape("'%s'" % origValue))
-        if "[INFERENCE]" in payload:
+        if INFERENCE_MARKER in payload:
            if Backend.getIdentifiedDbms() is not None:
                inference = queries[Backend.getIdentifiedDbms()].inference
@@ -331,7 +332,7 @@ class Agent(object):
                else:
                    inferenceQuery = inference.query
-                payload = payload.replace("[INFERENCE]", inferenceQuery)
+                payload = payload.replace(INFERENCE_MARKER, inferenceQuery)
            elif not kb.testMode:
                errMsg = "invalid usage of inference payload without "
                errMsg += "knowledge of underlying DBMS"
@@ -347,6 +348,12 @@ class Agent(object):
        if payload:
            payload = payload.replace(SLEEP_TIME_MARKER, str(conf.timeSec))
            for _ in set(re.findall(r"\[RANDNUM(?:\d+)?\]", payload, re.I)):
                payload = payload.replace(_, str(randomInt()))
            for _ in set(re.findall(r"\[RANDSTR(?:\d+)?\]", payload, re.I)):
                payload = payload.replace(_, randomStr())
        return payload
    def getComment(self, request):
@@ -749,13 +756,13 @@ class Agent(object):
            if fromTable and query.endswith(fromTable):
                query = query[:-len(fromTable)]
-        topNumRegex = re.search("\ATOP\s+([\d]+)\s+", query, re.I)
+        topNumRegex = re.search(r"\ATOP\s+([\d]+)\s+", query, re.I)
        if topNumRegex:
            topNum = topNumRegex.group(1)
            query = query[len("TOP %s " % topNum):]
            unionQuery += "TOP %s " % topNum
-        intoRegExp = re.search("(\s+INTO (DUMP|OUT)FILE\s+\'(.+?)\')", query, re.I)
+        intoRegExp = re.search(r"(\s+INTO (DUMP|OUT)FILE\s+'(.+?)')", query, re.I)
        if intoRegExp:
            intoRegExp = intoRegExp.group(1)
@@ -803,7 +810,7 @@ class Agent(object):
        stopLimit = None
        limitCond = True
-        topLimit = re.search("TOP\s+([\d]+)\s+", expression, re.I)
+        topLimit = re.search(r"TOP\s+([\d]+)\s+", expression, re.I)
        limitRegExp = re.search(queries[Backend.getIdentifiedDbms()].limitregexp.query, expression, re.I)
@@ -951,7 +958,7 @@ class Agent(object):
                orderBy = limitedQuery[limitedQuery.index(" ORDER BY "):]
                limitedQuery = limitedQuery[:limitedQuery.index(" ORDER BY ")]
-            notDistincts = re.findall("DISTINCT[\(\s+](.+?)\)*\s+", limitedQuery, re.I)
+            notDistincts = re.findall(r"DISTINCT[\(\s+](.+?)\)*\s+", limitedQuery, re.I)
            for notDistinct in notDistincts:
                limitedQuery = limitedQuery.replace("DISTINCT(%s)" % notDistinct, notDistinct)
@@ -968,7 +975,7 @@ class Agent(object):
                    limitedQuery = limitedQuery.replace(" (SELECT TOP %s" % startTopNums, " (SELECT TOP %d" % num)
                    forgeNotIn = False
                else:
-                    topNum = re.search("TOP\s+([\d]+)\s+", limitedQuery, re.I).group(1)
+                    topNum = re.search(r"TOP\s+([\d]+)\s+", limitedQuery, re.I).group(1)
                    limitedQuery = limitedQuery.replace("TOP %s " % topNum, "")
            if forgeNotIn:
@@ -984,7 +991,7 @@ class Agent(object):
                    limitedQuery += "NOT IN (%s" % (limitStr % num)
                    limitedQuery += "%s %s ORDER BY %s) ORDER BY %s" % (self.nullAndCastField(uniqueField or field), fromFrom, uniqueField or "1", uniqueField or "1")
                else:
-                    match = re.search(" ORDER BY (\w+)\Z", query)
+                    match = re.search(r" ORDER BY (\w+)\Z", query)
                    field = match.group(1) if match else field
                    if " WHERE " in limitedQuery:
@@ -1064,7 +1071,7 @@ class Agent(object):
        """
        _ = re.escape(PAYLOAD_DELIMITER)
-        return extractRegexResult("(?s)%s(?P<result>.*?)%s" % (_, _), value)
+        return extractRegexResult(r"(?s)%s(?P<result>.*?)%s" % (_, _), value)
    def replacePayload(self, value, payload):
        """
@@ -1072,7 +1079,7 @@ class Agent(object):
        """
        _ = re.escape(PAYLOAD_DELIMITER)
-        return re.sub("(?s)(%s.*?%s)" % (_, _), ("%s%s%s" % (PAYLOAD_DELIMITER, getUnicode(payload), PAYLOAD_DELIMITER)).replace("\\", r"\\"), value) if value else value
+        return re.sub(r"(?s)(%s.*?%s)" % (_, _), ("%s%s%s" % (PAYLOAD_DELIMITER, getUnicode(payload), PAYLOAD_DELIMITER)).replace("\\", r"\\"), value) if value else value
    def runAsDBMSUser(self, query):
        if conf.dbmsCred and "Ad Hoc Distributed Queries" not in query:
--- a/lib/core/bigarray.py
+++ b/lib/core/bigarray.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 try:
@@ -27,10 +27,12 @@ def _size_of(object_):
    """
    retval = sys.getsizeof(object_, DEFAULT_SIZE_OF)
    if isinstance(object_, dict):
        retval += sum(_size_of(_) for _ in itertools.chain.from_iterable(object_.items()))
    elif hasattr(object_, "__iter__"):
        retval += sum(_size_of(_) for _ in object_)
    return retval
 class Cache(object):
@@ -58,11 +60,13 @@ class BigArray(list):
    def append(self, value):
        self.chunks[-1].append(value)
        if self.chunk_length == sys.maxint:
            self._size_counter += _size_of(value)
            if self._size_counter >= BIGARRAY_CHUNK_SIZE:
                self.chunk_length = len(self.chunks[-1])
                self._size_counter = None
        if len(self.chunks[-1]) >= self.chunk_length:
            filename = self._dump(self.chunks[-1])
            self.chunks[-1] = filename
@@ -82,12 +86,14 @@ class BigArray(list):
                errMsg = "exception occurred while retrieving data "
                errMsg += "from a temporary file ('%s')" % ex.message
                raise SqlmapSystemException, errMsg
        return self.chunks[-1].pop()
    def index(self, value):
        for index in xrange(len(self)):
            if self[index] == value:
                return index
        return ValueError, "%s is not in list" % value
    def _dump(self, chunk):
@@ -110,6 +116,7 @@ class BigArray(list):
        if (self.cache and self.cache.index != index and self.cache.dirty):
            filename = self._dump(self.cache.data)
            self.chunks[self.cache.index] = filename
        if not (self.cache and self.cache.index == index):
            try:
                with open(self.chunks[index], "rb") as fp:
@@ -128,18 +135,23 @@ class BigArray(list):
    def __getslice__(self, i, j):
        retval = BigArray()
        i = max(0, len(self) + i if i < 0 else i)
        j = min(len(self), len(self) + j if j < 0 else j)
        for _ in xrange(i, j):
            retval.append(self[_])
        return retval
    def __getitem__(self, y):
        if y < 0:
            y += len(self)
        index = y / self.chunk_length
        offset = y % self.chunk_length
        chunk = self.chunks[index]
        if isinstance(chunk, list):
            return chunk[offset]
        else:
@@ -150,6 +162,7 @@ class BigArray(list):
        index = y / self.chunk_length
        offset = y % self.chunk_length
        chunk = self.chunks[index]
        if isinstance(chunk, list):
            chunk[offset] = value
        else:
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 import codecs
@@ -97,11 +97,12 @@ from lib.core.settings import BOUNDED_INJECTION_MARKER
 from lib.core.settings import BRUTE_DOC_ROOT_PREFIXES
 from lib.core.settings import BRUTE_DOC_ROOT_SUFFIXES
 from lib.core.settings import BRUTE_DOC_ROOT_TARGET_MARK
 from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR
 from lib.core.settings import DBMS_DIRECTORY_DICT
 from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR
 from lib.core.settings import DEFAULT_COOKIE_DELIMITER
 from lib.core.settings import DEFAULT_GET_POST_DELIMITER
 from lib.core.settings import DEFAULT_MSSQL_SCHEMA
 from lib.core.settings import DEV_EMAIL_ADDRESS
 from lib.core.settings import DUMMY_USER_INJECTION
 from lib.core.settings import DYNAMICITY_MARK_LENGTH
 from lib.core.settings import ERROR_PARSING_REGEXES
@@ -143,6 +144,7 @@ from lib.core.settings import REFLECTED_REPLACEMENT_REGEX
 from lib.core.settings import REFLECTED_REPLACEMENT_TIMEOUT
 from lib.core.settings import REFLECTED_VALUE_MARKER
 from lib.core.settings import REFLECTIVE_MISS_THRESHOLD
 from lib.core.settings import SAFE_VARIABLE_MARKER
 from lib.core.settings import SENSITIVE_DATA_REGEX
 from lib.core.settings import SENSITIVE_OPTIONS
 from lib.core.settings import SUPPORTED_DBMS
@@ -435,7 +437,7 @@ class Backend:
    # Get methods
    @staticmethod
    def getForcedDbms():
-        return aliasToDbmsEnum(kb.get("forcedDbms"))
+        return aliasToDbmsEnum(conf.get("forceDbms")) or aliasToDbmsEnum(kb.get("forcedDbms"))
    @staticmethod
    def getDbms():
@@ -635,7 +637,7 @@ def paramToDict(place, parameters=None):
                                                    current[key] = "%s%s" % (str(value).lower(), BOUNDED_INJECTION_MARKER)
                                                else:
                                                    current[key] = "%s%s" % (value, BOUNDED_INJECTION_MARKER)
-                                                candidates["%s (%s)" % (parameter, key)] = re.sub("(%s\s*=\s*)%s" % (re.escape(parameter), re.escape(testableParameters[parameter])), r"\g<1>%s" % json.dumps(deserialized), parameters)
+                                                candidates["%s (%s)" % (parameter, key)] = re.sub(r"\b(%s\s*=\s*)%s" % (re.escape(parameter), re.escape(testableParameters[parameter])), r"\g<1>%s" % json.dumps(deserialized), parameters)
                                                current[key] = original
                                deserialized = json.loads(testableParameters[parameter])
@@ -654,12 +656,12 @@ def paramToDict(place, parameters=None):
                            except Exception:
                                pass
-                            _ = re.sub(regex, "\g<1>%s\g<%d>" % (CUSTOM_INJECTION_MARK_CHAR, len(match.groups())), testableParameters[parameter])
+                            _ = re.sub(regex, r"\g<1>%s\g<%d>" % (kb.customInjectionMark, len(match.groups())), testableParameters[parameter])
                            message = "it appears that provided value for %s parameter '%s' " % (place, parameter)
                            message += "has boundaries. Do you want to inject inside? ('%s') [y/N] " % getUnicode(_)
                            if readInput(message, default='N', boolean=True):
-                                testableParameters[parameter] = re.sub(regex, "\g<1>%s\g<2>" % BOUNDED_INJECTION_MARKER, testableParameters[parameter])
+                                testableParameters[parameter] = re.sub(r"\b(%s\s*=\s*)%s" % (re.escape(parameter), re.escape(testableParameters[parameter])), (r"\g<1>%s" % re.sub(regex, r"\g<1>%s\g<2>" % BOUNDED_INJECTION_MARKER, testableParameters[parameter])).replace("\\", r"\\"), parameters)
                            break
    if conf.testParameter:
@@ -1118,6 +1120,13 @@ def sanitizeStr(value):
    return getUnicode(value).replace("\n", " ").replace("\r", "")
 def getHeader(headers, key):
    """
    Returns header value ignoring the letter case
    >>> getHeader({"Foo": "bar"}, "foo")
    'bar'
    """
    retVal = None
    for _ in (headers or {}):
        if _.upper() == key.upper():
@@ -1132,6 +1141,9 @@ def checkFile(filename, raiseOnError=True):
    valid = True
    if filename:
        filename = filename.strip('"\'')
    try:
        if filename is None or not os.path.isfile(filename):
            valid = False
@@ -1190,16 +1202,20 @@ def parsePasswordHash(password):
 def cleanQuery(query):
    """
    Switch all SQL statement (alike) keywords to upper case
    >>> cleanQuery("select id from users")
    'SELECT id FROM users'
    """
    retVal = query
    for sqlStatements in SQL_STATEMENTS.values():
        for sqlStatement in sqlStatements:
-            queryMatch = re.search("(?i)\b(%s)\b" % sqlStatement.replace("(", "").replace(")", "").strip(), query)
+            candidate = sqlStatement.replace("(", "").replace(")", "").strip()
            queryMatch = re.search(r"(?i)\b(%s)\b" % candidate, query)
            if queryMatch and "sys_exec" not in query:
-                retVal = retVal.replace(queryMatch.group(1), sqlStatement.upper())
+                retVal = retVal.replace(queryMatch.group(1), candidate.upper())
    return retVal
@@ -1272,6 +1288,8 @@ def parseTargetDirect():
    if not conf.direct:
        return
    conf.direct = conf.direct.encode(UNICODE_ENCODING)  # some DBMS connectors (e.g. pymssql) don't like Unicode with non-US letters
    details = None
    remote = False
@@ -1288,8 +1306,8 @@ def parseTargetDirect():
                if conf.dbmsCred:
                    conf.dbmsUser, conf.dbmsPass = conf.dbmsCred.split(':')
                else:
-                    conf.dbmsUser = unicode()
+                    conf.dbmsUser = ""
-                    conf.dbmsPass = unicode()
+                    conf.dbmsPass = ""
            if not conf.dbmsPass:
                conf.dbmsPass = None
@@ -1352,7 +1370,7 @@ def parseTargetDirect():
                    import pyodbc
                elif dbmsName == DBMS.FIREBIRD:
                    import kinterbasdb
-            except ImportError:
+            except:
                if _sqlalchemy and data[3] in _sqlalchemy.dialects.__all__:
                    pass
                else:
@@ -1373,19 +1391,18 @@ def parseTargetUrl():
    originalUrl = conf.url
-    if re.search("\[.+\]", conf.url) and not socket.has_ipv6:
+    if re.search(r"\[.+\]", conf.url) and not socket.has_ipv6:
        errMsg = "IPv6 addressing is not supported "
        errMsg += "on this platform"
        raise SqlmapGenericException(errMsg)
-    if not re.search("^http[s]*://", conf.url, re.I) and \
+    if not re.search(r"^http[s]*://", conf.url, re.I) and not re.search(r"^ws[s]*://", conf.url, re.I):
            not re.search("^ws[s]*://", conf.url, re.I):
        if ":443/" in conf.url:
            conf.url = "https://" + conf.url
        else:
            conf.url = "http://" + conf.url
-    if CUSTOM_INJECTION_MARK_CHAR in conf.url:
+    if kb.customInjectionMark in conf.url:
        conf.url = conf.url.replace('?', URI_QUESTION_MARKER)
    try:
@@ -1396,14 +1413,14 @@ def parseTargetUrl():
        errMsg += "in the hostname part"
        raise SqlmapGenericException(errMsg)
-    hostnamePort = urlSplit.netloc.split(":") if not re.search("\[.+\]", urlSplit.netloc) else filter(None, (re.search("\[.+\]", urlSplit.netloc).group(0), re.search("\](:(?P<port>\d+))?", urlSplit.netloc).group("port")))
+    hostnamePort = urlSplit.netloc.split(":") if not re.search(r"\[.+\]", urlSplit.netloc) else filter(None, (re.search("\[.+\]", urlSplit.netloc).group(0), re.search(r"\](:(?P<port>\d+))?", urlSplit.netloc).group("port")))
-    conf.scheme = urlSplit.scheme.strip().lower() if not conf.forceSSL else "https"
+    conf.scheme = (urlSplit.scheme.strip().lower() or "http") if not conf.forceSSL else "https"
    conf.path = urlSplit.path.strip()
    conf.hostname = hostnamePort[0].strip()
    conf.ipv6 = conf.hostname != conf.hostname.strip("[]")
-    conf.hostname = conf.hostname.strip("[]").replace(CUSTOM_INJECTION_MARK_CHAR, "")
+    conf.hostname = conf.hostname.strip("[]").replace(kb.customInjectionMark, "")
    try:
        _ = conf.hostname.encode("idna")
@@ -1412,7 +1429,7 @@ def parseTargetUrl():
    except UnicodeError:
        _ = None
-    if any((_ is None, re.search(r'\s', conf.hostname), '..' in conf.hostname, conf.hostname.startswith('.'), '\n' in originalUrl)):
+    if any((_ is None, re.search(r"\s", conf.hostname), '..' in conf.hostname, conf.hostname.startswith('.'), '\n' in originalUrl)):
        errMsg = "invalid target URL ('%s')" % originalUrl
        raise SqlmapSyntaxException(errMsg)
@@ -1427,7 +1444,7 @@ def parseTargetUrl():
    else:
        conf.port = 80
-    if conf.port < 0 or conf.port > 65535:
+    if conf.port < 1 or conf.port > 65535:
        errMsg = "invalid target URL's port (%d)" % conf.port
        raise SqlmapSyntaxException(errMsg)
@@ -1444,7 +1461,7 @@ def parseTargetUrl():
        debugMsg = "setting the HTTP Referer header to the target URL"
        logger.debug(debugMsg)
        conf.httpHeaders = [_ for _ in conf.httpHeaders if _[0] != HTTP_HEADER.REFERER]
-        conf.httpHeaders.append((HTTP_HEADER.REFERER, conf.url.replace(CUSTOM_INJECTION_MARK_CHAR, "")))
+        conf.httpHeaders.append((HTTP_HEADER.REFERER, conf.url.replace(kb.customInjectionMark, "")))
    if not conf.host and (intersect(HOST_ALIASES, conf.testParameter, True) or conf.level >= 5):
        debugMsg = "setting the HTTP Host header to the target URL"
@@ -1462,15 +1479,16 @@ def expandAsteriskForColumns(expression):
    the SQL query string (expression)
    """
-    asterisk = re.search("^SELECT(\s+TOP\s+[\d]+)?\s+\*\s+FROM\s+`?([^`\s()]+)", expression, re.I)
+    asterisk = re.search(r"(?i)\ASELECT(\s+TOP\s+[\d]+)?\s+\*\s+FROM\s+`?([^`\s()]+)", expression)
    if asterisk:
        infoMsg = "you did not provide the fields in your query. "
        infoMsg += "sqlmap will retrieve the column names itself"
        logger.info(infoMsg)
-        _ = asterisk.group(2).replace("..", ".").replace(".dbo.", ".")
+        _ = asterisk.group(2).replace("..", '.').replace(".dbo.", '.')
-        db, conf.tbl = _.split(".", 1) if '.' in _ else (None, _)
+        db, conf.tbl = _.split('.', 1) if '.' in _ else (None, _)
        if db is None:
            if expression != conf.query:
                conf.db = db
@@ -1478,6 +1496,7 @@ def expandAsteriskForColumns(expression):
                expression = re.sub(r"([^\w])%s" % re.escape(conf.tbl), "\g<1>%s.%s" % (conf.db, conf.tbl), expression)
        else:
            conf.db = db
        conf.db = safeSQLIdentificatorNaming(conf.db)
        conf.tbl = safeSQLIdentificatorNaming(conf.tbl, True)
@@ -1487,7 +1506,7 @@ def expandAsteriskForColumns(expression):
            columns = columnsDict[conf.db][conf.tbl].keys()
            columns.sort()
            columnsStr = ", ".join(column for column in columns)
-            expression = expression.replace("*", columnsStr, 1)
+            expression = expression.replace('*', columnsStr, 1)
            infoMsg = "the query with expanded column name(s) is: "
            infoMsg += "%s" % expression
@@ -1506,8 +1525,14 @@ def getLimitRange(count, plusOne=False):
    retVal = None
    count = int(count)
    limitStart, limitStop = 1, count
    reverse = False
    if kb.dumpTable:
        if conf.limitStart and conf.limitStop and conf.limitStart > conf.limitStop:
            limitStop = conf.limitStart
            limitStart = conf.limitStop
            reverse = True
        else:
            if isinstance(conf.limitStop, int) and conf.limitStop > 0 and conf.limitStop < limitStop:
                limitStop = conf.limitStop
@@ -1516,6 +1541,9 @@ def getLimitRange(count, plusOne=False):
    retVal = xrange(limitStart, limitStop + 1) if plusOne else xrange(limitStart - 1, limitStop)
    if reverse:
        retVal = xrange(retVal[-1], retVal[0] - 1, -1)
    return retVal
 def parseUnionPage(page):
@@ -1526,7 +1554,7 @@ def parseUnionPage(page):
    if page is None:
        return None
-    if re.search("(?si)\A%s.*%s\Z" % (kb.chars.start, kb.chars.stop), page):
+    if re.search(r"(?si)\A%s.*%s\Z" % (kb.chars.start, kb.chars.stop), page):
        if len(page) > LARGE_OUTPUT_THRESHOLD:
            warnMsg = "large output detected. This might take a while"
            logger.warn(warnMsg)
@@ -1534,7 +1562,7 @@ def parseUnionPage(page):
        data = BigArray()
        keys = set()
-        for match in re.finditer("%s(.*?)%s" % (kb.chars.start, kb.chars.stop), page, re.DOTALL | re.IGNORECASE):
+        for match in re.finditer(r"%s(.*?)%s" % (kb.chars.start, kb.chars.stop), page, re.DOTALL | re.IGNORECASE):
            entry = match.group(1)
            if kb.chars.start in entry:
@@ -1617,12 +1645,19 @@ def getRemoteIP():
    return retVal
 def getFileType(filePath):
    """
    Returns "magic" file type for given file path
    >>> getFileType(__file__)
    'text'
    """
    try:
-        _ = magic.from_file(filePath)
+        desc = magic.from_file(filePath) or ""
    except:
        return "unknown"
-    return "text" if "ASCII" in _ or "text" in _ else "binary"
+    return "text" if any(_ in desc.lower() for _ in ("ascii", "text")) else "binary"
 def getCharset(charsetType=None):
    """
@@ -1638,14 +1673,14 @@ def getCharset(charsetType=None):
    if charsetType is None:
        asciiTbl.extend(xrange(0, 128))
-    # 0 or 1
+    # Binary
    elif charsetType == CHARSET_TYPE.BINARY:
        asciiTbl.extend([0, 1])
        asciiTbl.extend(xrange(47, 50))
    # Digits
    elif charsetType == CHARSET_TYPE.DIGITS:
-        asciiTbl.extend([0, 1])
+        asciiTbl.extend([0, 9])
        asciiTbl.extend(xrange(47, 58))
    # Hexadecimal
@@ -1692,14 +1727,14 @@ def normalizePath(filepath):
    Returns normalized string representation of a given filepath
    >>> normalizePath('//var///log/apache.log')
-    '//var/log/apache.log'
+    '/var/log/apache.log'
    """
    retVal = filepath
    if retVal:
        retVal = retVal.strip("\r\n")
-        retVal = ntpath.normpath(retVal) if isWindowsDriveLetterPath(retVal) else posixpath.normpath(retVal)
+        retVal = ntpath.normpath(retVal) if isWindowsDriveLetterPath(retVal) else re.sub(r"\A/{2,}", "/", posixpath.normpath(retVal))
    return retVal
@@ -1737,7 +1772,7 @@ def safeStringFormat(format_, params):
    if isinstance(params, basestring):
        retVal = retVal.replace("%s", params, 1)
    elif not isListLike(params):
-        retVal = retVal.replace("%s", str(params), 1)
+        retVal = retVal.replace("%s", getUnicode(params), 1)
    else:
        start, end = 0, len(retVal)
        match = re.search(r"%s(.+)%s" % (PAYLOAD_DELIMITER, PAYLOAD_DELIMITER), retVal)
@@ -1763,7 +1798,7 @@ def safeStringFormat(format_, params):
                if match:
                    if count >= len(params):
                        warnMsg = "wrong number of parameters during string formatting. "
-                        warnMsg += "Please report by e-mail content \"%r | %r | %r\" to 'dev@sqlmap.org'" % (format_, params, retVal)
+                        warnMsg += "Please report by e-mail content \"%r | %r | %r\" to '%s'" % (format_, params, retVal, DEV_EMAIL_ADDRESS)
                        raise SqlmapValueException(warnMsg)
                    else:
                        retVal = re.sub(r"(\A|[^A-Za-z0-9])(%s)([^A-Za-z0-9]|\Z)", r"\g<1>%s\g<3>" % params[count], retVal, 1)
@@ -1853,7 +1888,7 @@ def isWindowsDriveLetterPath(filepath):
    False
    """
-    return re.search("\A[\w]\:", filepath) is not None
+    return re.search(r"\A[\w]\:", filepath) is not None
 def posixToNtSlashes(filepath):
    """
@@ -1969,7 +2004,7 @@ def getSQLSnippet(dbms, sfile, **variables):
    retVal = re.sub(r";\s+", "; ", retVal).strip("\r\n")
    for _ in variables.keys():
-        retVal = re.sub(r"%%%s%%" % _, variables[_], retVal)
+        retVal = re.sub(r"%%%s%%" % _, variables[_].replace('\\', r'\\'), retVal)
    for _ in re.findall(r"%RANDSTR\d+%", retVal, re.I):
        retVal = retVal.replace(_, randomStr())
@@ -2096,6 +2131,9 @@ def getFileItems(filename, commentPrefix='#', unicode_=True, lowercase=False, un
    retVal = list() if not unique else OrderedDict()
    if filename:
        filename = filename.strip('"\'')
    checkFile(filename)
    try:
@@ -2298,7 +2336,7 @@ def longestCommonPrefix(*sequences):
    return sequences[0]
 def commonFinderOnly(initial, sequence):
-    return longestCommonPrefix(*filter(lambda x: x.startswith(initial), sequence))
+    return longestCommonPrefix(*filter(lambda _: _.startswith(initial), sequence))
 def pushValue(value):
    """
@@ -2396,7 +2434,7 @@ def adjustTimeDelay(lastQueryDuration, lowerStdLimit):
    if candidate:
        kb.delayCandidates = [candidate] + kb.delayCandidates[:-1]
-        if all((x == candidate for x in kb.delayCandidates)) and candidate < conf.timeSec:
+        if all((_ == candidate for _ in kb.delayCandidates)) and candidate < conf.timeSec:
            conf.timeSec = candidate
            infoMsg = "adjusting time delay to "
@@ -2508,8 +2546,8 @@ def urldecode(value, encoding=None, unsafe="%%&=;+%s" % CUSTOM_INJECTION_MARK_CH
                    return char if char in charset else match.group(0)
                result = value
                if plusspace:
-                    result = result.replace("+", " ")  # plus sign has a special meaning in URL encoded data (hence the usage of urllib.unquote_plus in convall case)
+                    result = result.replace('+', ' ')  # plus sign has a special meaning in URL encoded data (hence the usage of urllib.unquote_plus in convall case)
-                result = re.sub("%([0-9a-fA-F]{2})", _, result)
+                result = re.sub(r"%([0-9a-fA-F]{2})", _, result)
    if isinstance(result, str):
        result = unicode(result, encoding or UNICODE_ENCODING, "replace")
@@ -2544,7 +2582,7 @@ def urlencode(value, safe="%&=-_", convall=False, limit=False, spaceplus=False):
        # encoded (when not representing URL encoded char)
        # except in cases when tampering scripts are used
        if all('%' in _ for _ in (safe, value)) and not kb.tamperFunctions:
-            value = re.sub("%(?![0-9a-fA-F]{2})", "%25", value)
+            value = re.sub(r"%(?![0-9a-fA-F]{2})", "%25", value)
        while True:
            result = urllib.quote(utf8encode(value), safe)
@@ -2595,14 +2633,15 @@ def runningAsAdmin():
    return isAdmin
-def logHTTPTraffic(requestLogMsg, responseLogMsg):
+def logHTTPTraffic(requestLogMsg, responseLogMsg, startTime=None, endTime=None):
    """
    Logs HTTP traffic to the output file
    """
-    if not conf.trafficFile:
+    if conf.harFile:
-        return
+        conf.httpCollector.collectRequest(requestLogMsg, responseLogMsg, startTime, endTime)
    if conf.trafficFile:
        with kb.locks.log:
            dataToTrafficFile("%s%s" % (requestLogMsg, os.linesep))
            dataToTrafficFile("%s%s" % (responseLogMsg, os.linesep))
@@ -2908,8 +2947,8 @@ def isStackingAvailable():
        retVal = True
    else:
        for technique in getPublicTypeMembers(PAYLOAD.TECHNIQUE, True):
-            _ = getTechniqueData(technique)
+            data = getTechniqueData(technique)
-            if _ and "stacked" in _["title"].lower():
+            if data and "stacked" in data["title"].lower():
                retVal = True
                break
@@ -2971,7 +3010,7 @@ def saveConfig(conf, filename):
                    if option in defaults:
                        value = str(defaults[option])
                    else:
-                        value = "0"
+                        value = '0'
                elif datatype == OPTION_TYPE.STRING:
                    value = ""
@@ -3095,7 +3134,7 @@ def getSortedInjectionTests():
        if test.stype == PAYLOAD.TECHNIQUE.UNION:
            retVal = SORT_ORDER.LAST
-        elif 'details' in test and 'dbms' in test.details:
+        elif "details" in test and "dbms" in test.details:
            if intersect(test.details.dbms, Backend.getIdentifiedDbms()):
                retVal = SORT_ORDER.SECOND
            else:
@@ -3174,14 +3213,14 @@ def decodeIntToUnicode(value):
                raw = hexdecode(_)
                if Backend.isDbms(DBMS.MYSQL):
-                    # https://github.com/sqlmapproject/sqlmap/issues/1531
+                    # Note: https://github.com/sqlmapproject/sqlmap/issues/1531
-                    retVal = getUnicode(raw, conf.charset or UNICODE_ENCODING)
+                    retVal = getUnicode(raw, conf.encoding or UNICODE_ENCODING)
                elif Backend.isDbms(DBMS.MSSQL):
                    retVal = getUnicode(raw, "UTF-16-BE")
                elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE):
                    retVal = unichr(value)
                else:
-                    retVal = getUnicode(raw, conf.charset)
+                    retVal = getUnicode(raw, conf.encoding)
            else:
                retVal = getUnicode(chr(value))
        except:
@@ -3241,7 +3280,7 @@ def unhandledExceptionMessage():
    errMsg += "sqlmap version: %s\n" % VERSION_STRING[VERSION_STRING.find('/') + 1:]
    errMsg += "Python version: %s\n" % PYVERSION
    errMsg += "Operating system: %s\n" % PLATFORM
-    errMsg += "Command line: %s\n" % re.sub(r".+?\bsqlmap.py\b", "sqlmap.py", getUnicode(" ".join(sys.argv), encoding=sys.stdin.encoding))
+    errMsg += "Command line: %s\n" % re.sub(r".+?\bsqlmap\.py\b", "sqlmap.py", getUnicode(" ".join(sys.argv), encoding=sys.stdin.encoding))
    errMsg += "Technique: %s\n" % (enumValueToNameLookup(PAYLOAD.TECHNIQUE, kb.technique) if kb.get("technique") else ("DIRECT" if conf.get("direct") else None))
    errMsg += "Back-end DBMS:"
@@ -3261,11 +3300,10 @@ def createGithubIssue(errMsg, excMsg):
    Automatically create a Github issue with unhandled exception information
    """
    issues = []
    try:
        issues = getFileItems(paths.GITHUB_HISTORY, unique=True)
    except:
-        pass
+        issues = []
    finally:
        issues = set(issues)
@@ -3340,8 +3378,8 @@ def maskSensitiveData(msg):
    retVal = getUnicode(msg)
-    for item in filter(None, map(lambda x: conf.get(x), SENSITIVE_OPTIONS)):
+    for item in filter(None, (conf.get(_) for _ in SENSITIVE_OPTIONS)):
-        regex = SENSITIVE_DATA_REGEX % re.sub("(\W)", r"\\\1", getUnicode(item))
+        regex = SENSITIVE_DATA_REGEX % re.sub(r"(\W)", r"\\\1", getUnicode(item))
        while extractRegexResult(regex, retVal):
            value = extractRegexResult(regex, retVal)
            retVal = retVal.replace(value, '*' * len(value))
@@ -3352,7 +3390,7 @@ def maskSensitiveData(msg):
            retVal = retVal.replace(match.group(3), '*' * len(match.group(3)))
    if getpass.getuser():
-        retVal = re.sub(r"(?i)\b%s\b" % re.escape(getpass.getuser()), "*" * len(getpass.getuser()), retVal)
+        retVal = re.sub(r"(?i)\b%s\b" % re.escape(getpass.getuser()), '*' * len(getpass.getuser()), retVal)
    return retVal
@@ -3427,7 +3465,7 @@ def removeReflectiveValues(content, payload, suppressWarning=False):
                    value = value.replace(2 * REFLECTED_REPLACEMENT_REGEX, REFLECTED_REPLACEMENT_REGEX)
                return value
-            payload = getUnicode(urldecode(payload.replace(PAYLOAD_DELIMITER, ''), convall=True))
+            payload = getUnicode(urldecode(payload.replace(PAYLOAD_DELIMITER, ""), convall=True))
            regex = _(filterStringValue(payload, r"[A-Za-z0-9]", REFLECTED_REPLACEMENT_REGEX.encode("string-escape")))
            if regex != payload:
@@ -3483,7 +3521,7 @@ def removeReflectiveValues(content, payload, suppressWarning=False):
                        warnMsg = "reflective value(s) found and filtering out"
                        singleTimeWarnMessage(warnMsg)
-                    if re.search(r"FRAME[^>]+src=[^>]*%s" % REFLECTED_VALUE_MARKER, retVal, re.I):
+                    if re.search(r"(?i)FRAME[^>]+src=[^>]*%s" % REFLECTED_VALUE_MARKER, retVal):
                        warnMsg = "frames detected containing attacked parameter values. Please be sure to "
                        warnMsg += "test those separately in case that attack on this page fails"
                        singleTimeWarnMessage(warnMsg)
@@ -3512,7 +3550,7 @@ def normalizeUnicode(value):
    'sucuraj'
    """
-    return unicodedata.normalize('NFKD', value).encode('ascii', 'ignore') if isinstance(value, unicode) else value
+    return unicodedata.normalize("NFKD", value).encode("ascii", "ignore") if isinstance(value, unicode) else value
 def safeSQLIdentificatorNaming(name, isTable=False):
    """
@@ -3532,11 +3570,11 @@ def safeSQLIdentificatorNaming(name, isTable=False):
        if retVal.upper() in kb.keywords or (retVal or " ")[0].isdigit() or not re.match(r"\A[A-Za-z0-9_@%s\$]+\Z" % ("." if _ else ""), retVal):  # MsSQL is the only DBMS where we automatically prepend schema to table name (dot is normal)
            if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.ACCESS):
                retVal = "`%s`" % retVal.strip("`")
-            elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.DB2):
+            elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.DB2, DBMS.SQLITE, DBMS.INFORMIX, DBMS.HSQLDB):
                retVal = "\"%s\"" % retVal.strip("\"")
            elif Backend.getIdentifiedDbms() in (DBMS.ORACLE,):
                retVal = "\"%s\"" % retVal.strip("\"").upper()
-            elif Backend.getIdentifiedDbms() in (DBMS.MSSQL,) and ((retVal or " ")[0].isdigit() or not re.match(r"\A\w+\Z", retVal, re.U)):
+            elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) and ((retVal or " ")[0].isdigit() or not re.match(r"\A\w+\Z", retVal, re.U)):
                retVal = "[%s]" % retVal.strip("[]")
        if _ and DEFAULT_MSSQL_SCHEMA not in retVal and '.' not in re.sub(r"\[[^]]+\]", "", retVal):
@@ -3554,11 +3592,11 @@ def unsafeSQLIdentificatorNaming(name):
    if isinstance(name, basestring):
        if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.ACCESS):
            retVal = name.replace("`", "")
-        elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.DB2):
+        elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.DB2, DBMS.SQLITE, DBMS.INFORMIX, DBMS.HSQLDB):
            retVal = name.replace("\"", "")
        elif Backend.getIdentifiedDbms() in (DBMS.ORACLE,):
            retVal = name.replace("\"", "").upper()
-        elif Backend.getIdentifiedDbms() in (DBMS.MSSQL,):
+        elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
            retVal = name.replace("[", "").replace("]", "")
        if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
@@ -3634,7 +3672,7 @@ def expandMnemonics(mnemonics, parser, args):
    for mnemonic in (mnemonics or "").split(','):
        found = None
-        name = mnemonic.split('=')[0].replace("-", "").strip()
+        name = mnemonic.split('=')[0].replace('-', "").strip()
        value = mnemonic.split('=')[1] if len(mnemonic.split('=')) > 1 else None
        pointer = head
@@ -3742,7 +3780,7 @@ def randomizeParameterValue(value):
    value = re.sub(r"%[0-9a-fA-F]{2}", "", value)
-    for match in re.finditer('[A-Z]+', value):
+    for match in re.finditer(r"[A-Z]+", value):
        while True:
            original = match.group()
            candidate = randomStr(len(match.group())).upper()
@@ -3751,7 +3789,7 @@ def randomizeParameterValue(value):
        retVal = retVal.replace(original, candidate)
-    for match in re.finditer('[a-z]+', value):
+    for match in re.finditer(r"[a-z]+", value):
        while True:
            original = match.group()
            candidate = randomStr(len(match.group())).lower()
@@ -3760,7 +3798,7 @@ def randomizeParameterValue(value):
        retVal = retVal.replace(original, candidate)
-    for match in re.finditer('[0-9]+', value):
+    for match in re.finditer(r"[0-9]+", value):
        while True:
            original = match.group()
            candidate = str(randomInt(len(match.group())))
@@ -3999,7 +4037,7 @@ def getHostHeader(url):
    if url:
        retVal = urlparse.urlparse(url).netloc
-        if re.search("http(s)?://\[.+\]", url, re.I):
+        if re.search(r"http(s)?://\[.+\]", url, re.I):
            retVal = extractRegexResult("http(s)?://\[(?P<result>.+)\]", url)
        elif any(retVal.endswith(':%d' % _) for _ in (80, 443)):
            retVal = retVal.split(':')[0]
@@ -4207,8 +4245,10 @@ def hashDBRetrieve(key, unserialize=False, checkConf=False):
    _ = "%s%s%s" % (conf.url or "%s%s" % (conf.hostname, conf.port), key, HASHDB_MILESTONE_VALUE)
    retVal = conf.hashDB.retrieve(_, unserialize) if kb.resumeValues and not (checkConf and any((conf.flushSession, conf.freshQueries))) else None
    if not kb.inferenceMode and not kb.fileReadMode and isinstance(retVal, basestring) and any(_ in retVal for _ in (PARTIAL_VALUE_MARKER, PARTIAL_HEX_VALUE_MARKER)):
        retVal = None
    return retVal
 def resetCookieJar(cookieJar):
@@ -4384,6 +4424,9 @@ def getSafeExString(ex, encoding=None):
    """
    Safe way how to get the proper exception represtation as a string
    (Note: errors to be avoided: 1) "%s" % Exception(u'\u0161') and 2) "%s" % str(Exception(u'\u0161'))
    >>> getSafeExString(Exception('foobar'))
    u'foobar'
    """
    retVal = ex
@@ -4394,3 +4437,9 @@ def getSafeExString(ex, encoding=None):
        retVal = ex.msg
    return getUnicode(retVal or "", encoding=encoding).strip()
 def safeVariableNaming(value):
    return re.sub(r"[^\w]", lambda match: "%s%02x" % (SAFE_VARIABLE_MARKER, ord(match.group(0))), value)
 def unsafeVariableNaming(value):
    return re.sub(r"%s([0-9a-f]{2})" % SAFE_VARIABLE_MARKER, lambda match: match.group(1).decode("hex"), value)
--- a/lib/core/convert.py
+++ b/lib/core/convert.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 try:
@@ -110,7 +110,7 @@ def hexdecode(value):
    value = value.lower()
    return (value[2:] if value.startswith("0x") else value).decode("hex")
-def hexencode(value):
+def hexencode(value, encoding=None):
    """
    Encodes string value from plain to hex format
@@ -118,7 +118,7 @@ def hexencode(value):
    '666f6f626172'
    """
-    return utf8encode(value).encode("hex")
+    return unicodeencode(value, encoding).encode("hex")
 def unicodeencode(value, encoding=None):
    """
@@ -166,7 +166,7 @@ def htmlunescape(value):
    retVal = value
    if value and isinstance(value, basestring):
-        codes = (('&lt;', '<'), ('&gt;', '>'), ('&quot;', '"'), ('&nbsp;', ' '), ('&amp;', '&'))
+        codes = (("&lt;", '<'), ("&gt;", '>'), ("&quot;", '"'), ("&nbsp;", ' '), ("&amp;", '&'), ("&apos;", "'"))
        retVal = reduce(lambda x, y: x.replace(y[0], y[1]), codes, retVal)
        try:
            retVal = re.sub(r"&#x([^ ;]+);", lambda match: unichr(int(match.group(1), 16)), retVal)
--- a/lib/core/data.py
+++ b/lib/core/data.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 from lib.core.datatype import AttribDict
--- a/lib/core/datatype.py
+++ b/lib/core/datatype.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 import copy
--- a/lib/core/decorators.py
+++ b/lib/core/decorators.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 def cachedmethod(f, cache={}):
--- a/lib/core/defaults.py
+++ b/lib/core/defaults.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 from lib.core.datatype import AttribDict
--- a/lib/core/dicts.py
+++ b/lib/core/dicts.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 from lib.core.enums import DBMS
@@ -272,6 +272,7 @@ DEPRECATED_OPTIONS = {
    "--no-unescape": "use '--no-escape' instead",
    "--binary": "use '--binary-fields' instead",
    "--auth-private": "use '--auth-file' instead",
    "--ignore-401": "use '--ignore-code' instead",
    "--check-payload": None,
    "--check-waf": None,
    "--pickled-options": "use '--api -c ...' instead",
--- a/lib/core/dump.py
+++ b/lib/core/dump.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 import cgi
--- a/lib/core/enums.py
+++ b/lib/core/enums.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 class PRIORITY:
@@ -118,14 +118,30 @@ class HASH:
    MSSQL_OLD = r'(?i)\A0x0100[0-9a-f]{8}[0-9a-f]{80}\Z'
    MSSQL_NEW = r'(?i)\A0x0200[0-9a-f]{8}[0-9a-f]{128}\Z'
    ORACLE = r'(?i)\As:[0-9a-f]{60}\Z'
-    ORACLE_OLD = r'(?i)\A[01-9a-f]{16}\Z'
+    ORACLE_OLD = r'(?i)\A[0-9a-f]{16}\Z'
    MD5_GENERIC = r'(?i)\A[0-9a-f]{32}\Z'
    SHA1_GENERIC = r'(?i)\A[0-9a-f]{40}\Z'
-    SHA224_GENERIC = r'(?i)\A[0-9a-f]{28}\Z'
+    SHA224_GENERIC = r'(?i)\A[0-9a-f]{56}\Z'
-    SHA384_GENERIC = r'(?i)\A[0-9a-f]{48}\Z'
+    SHA256_GENERIC = r'(?i)\A[0-9a-f]{64}\Z'
-    SHA512_GENERIC = r'(?i)\A[0-9a-f]{64}\Z'
+    SHA384_GENERIC = r'(?i)\A[0-9a-f]{96}\Z'
-    CRYPT_GENERIC = r'(?i)\A(?!\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\Z)(?![0-9]+\Z)[./0-9A-Za-z]{13}\Z'
+    SHA512_GENERIC = r'(?i)\A[0-9a-f]{128}\Z'
-    WORDPRESS = r'(?i)\A\$P\$[./0-9A-Za-z]{31}\Z'
+    CRYPT_GENERIC = r'\A(?!\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\Z)(?![0-9]+\Z)[./0-9A-Za-z]{13}\Z'
    JOOMLA = r'\A[0-9a-f]{32}:\w{32}\Z'
    WORDPRESS = r'\A\$P\$[./0-9a-zA-Z]{31}\Z'
    APACHE_MD5_CRYPT = r'\A\$apr1\$.{1,8}\$[./a-zA-Z0-9]+\Z'
    UNIX_MD5_CRYPT = r'\A\$1\$.{1,8}\$[./a-zA-Z0-9]+\Z'
    APACHE_SHA1 = r'\A\{SHA\}[a-zA-Z0-9+/]+={0,2}\Z'
    VBULLETIN = r'\A[0-9a-fA-F]{32}:.{30}\Z'
    VBULLETIN_OLD = r'\A[0-9a-fA-F]{32}:.{3}\Z'
    SSHA = r'\A\{SSHA\}[a-zA-Z0-9+/]+={0,2}\Z'
    SSHA256 = r'\A\{SSHA256\}[a-zA-Z0-9+/]+={0,2}\Z'
    SSHA512 = r'\A\{SSHA512\}[a-zA-Z0-9+/]+={0,2}\Z'
    DJANGO_MD5 = r'\Amd5\$[^$]+\$[0-9a-f]{32}\Z'
    DJANGO_SHA1 = r'\Asha1\$[^$]+\$[0-9a-f]{40}\Z'
    MD5_BASE64 = r'\A[a-zA-Z0-9+/]{22}==\Z'
    SHA1_BASE64 = r'\A[a-zA-Z0-9+/]{27}=\Z'
    SHA256_BASE64 = r'\A[a-zA-Z0-9+/]{43}=\Z'
    SHA512_BASE64 = r'\A[a-zA-Z0-9+/]{86}==\Z'
 # Reference: http://www.zytrax.com/tech/web/mobile_ids.html
 class MOBILES:
@@ -184,6 +200,7 @@ class HTTP_HEADER:
    USER_AGENT = "User-Agent"
    VIA = "Via"
    X_POWERED_BY = "X-Powered-By"
    X_DATA_ORIGIN = "X-Data-Origin"
 class EXPECTED:
    BOOL = "bool"
@@ -369,6 +386,7 @@ class MKSTEMP_PREFIX:
    RESULTS = "sqlmapresults-"
    COOKIE_JAR = "sqlmapcookiejar-"
    BIG_ARRAY = "sqlmapbigarray-"
    SPECIFIC_RESPONSE = "sqlmapresponse-"
 class TIMEOUT_STATE:
    NORMAL = 0
--- a/lib/core/exception.py
+++ b/lib/core/exception.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 class SqlmapBaseException(Exception):
@@ -50,6 +50,9 @@ class SqlmapUserQuitException(SqlmapBaseException):
 class SqlmapShellQuitException(SqlmapBaseException):
    pass
 class SqlmapSkipTargetException(SqlmapBaseException):
    pass
 class SqlmapSyntaxException(SqlmapBaseException):
    pass
--- a/lib/core/log.py
+++ b/lib/core/log.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 import logging
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 import binascii
@@ -110,7 +110,7 @@ from lib.core.settings import DEFAULT_PAGE_ENCODING
 from lib.core.settings import DEFAULT_TOR_HTTP_PORTS
 from lib.core.settings import DEFAULT_TOR_SOCKS_PORTS
 from lib.core.settings import DUMMY_URL
-from lib.core.settings import INJECT_HERE_MARK
+from lib.core.settings import INJECT_HERE_REGEX
 from lib.core.settings import IS_WIN
 from lib.core.settings import KB_CHARS_BOUNDARY_CHAR
 from lib.core.settings import KB_CHARS_LOW_FREQUENCY_ALPHABET
@@ -149,6 +149,7 @@ from lib.request.pkihandler import HTTPSPKIAuthHandler
 from lib.request.rangehandler import HTTPRangeHandler
 from lib.request.redirecthandler import SmartRedirectHandler
 from lib.request.templates import getPageTemplate
 from lib.utils.har import HTTPCollectorFactory
 from lib.utils.crawler import crawl
 from lib.utils.deps import checkDependencies
 from lib.utils.search import search
@@ -279,7 +280,7 @@ def _feedTargetsDict(reqFile, addedTargetUrls):
                    method = match.group(1)
                    url = match.group(2)
-                    if any(_ in line for _ in ('?', '=', CUSTOM_INJECTION_MARK_CHAR)):
+                    if any(_ in line for _ in ('?', '=', kb.customInjectionMark)):
                        params = True
                    getPostReq = True
@@ -319,7 +320,7 @@ def _feedTargetsDict(reqFile, addedTargetUrls):
                    elif key not in (HTTP_HEADER.PROXY_CONNECTION, HTTP_HEADER.CONNECTION):
                        headers.append((getUnicode(key), getUnicode(value)))
-                    if CUSTOM_INJECTION_MARK_CHAR in re.sub(PROBLEMATIC_CUSTOM_INJECTION_PATTERNS, "", value or ""):
+                    if kb.customInjectionMark in re.sub(PROBLEMATIC_CUSTOM_INJECTION_PATTERNS, "", value or ""):
                        params = True
            data = data.rstrip("\r\n") if data else data
@@ -433,7 +434,7 @@ def _setMultipleTargets():
        files.sort()
        for reqFile in files:
-            if not re.search("([\d]+)\-request", reqFile):
+            if not re.search(r"([\d]+)\-request", reqFile):
                continue
            _feedTargetsDict(os.path.join(conf.logFile, reqFile), addedTargetUrls)
@@ -592,7 +593,7 @@ def _setBulkMultipleTargets():
    found = False
    for line in getFileItems(conf.bulkFile):
-        if re.match(r"[^ ]+\?(.+)", line, re.I) or CUSTOM_INJECTION_MARK_CHAR in line:
+        if re.match(r"[^ ]+\?(.+)", line, re.I) or kb.customInjectionMark in line:
            found = True
            kb.targets.add((line.strip(), conf.method, conf.data, conf.cookie, None))
@@ -665,7 +666,7 @@ def _setDBMSAuthentication():
    debugMsg = "setting the DBMS authentication credentials"
    logger.debug(debugMsg)
-    match = re.search("^(.+?):(.*?)$", conf.dbmsCred)
+    match = re.search(r"^(.+?):(.*?)$", conf.dbmsCred)
    if not match:
        errMsg = "DBMS authentication credentials value must be in format "
@@ -860,7 +861,7 @@ def _setDBMS():
    logger.debug(debugMsg)
    conf.dbms = conf.dbms.lower()
-    regex = re.search("%s ([\d\.]+)" % ("(%s)" % "|".join([alias for alias in SUPPORTED_DBMS])), conf.dbms, re.I)
+    regex = re.search(r"%s ([\d\.]+)" % ("(%s)" % "|".join([alias for alias in SUPPORTED_DBMS])), conf.dbms, re.I)
    if regex:
        conf.dbms = regex.group(1)
@@ -1147,7 +1148,7 @@ def _setHTTPHandlers():
            raise SqlmapSyntaxException(errMsg)
        if conf.proxyCred:
-            _ = re.search("^(.*?):(.*?)$", conf.proxyCred)
+            _ = re.search(r"\A(.*?):(.*?)\Z", conf.proxyCred)
            if not _:
                errMsg = "proxy authentication credentials "
                errMsg += "value must be in format username:password"
@@ -1255,7 +1256,7 @@ def _setSafeVisit():
            errMsg = "invalid format of a safe request file"
            raise SqlmapSyntaxException, errMsg
    else:
-        if not re.search("^http[s]*://", conf.safeUrl):
+        if not re.search(r"\Ahttp[s]*://", conf.safeUrl):
            if ":443/" in conf.safeUrl:
                conf.safeUrl = "https://" + conf.safeUrl
            else:
@@ -1408,8 +1409,8 @@ def _setHTTPExtraHeaders():
                raise SqlmapSyntaxException(errMsg)
    elif not conf.requestFile and len(conf.httpHeaders or []) < 2:
-        if conf.charset:
+        if conf.encoding:
-            conf.httpHeaders.append((HTTP_HEADER.ACCEPT_CHARSET, "%s;q=0.7,*;q=0.1" % conf.charset))
+            conf.httpHeaders.append((HTTP_HEADER.ACCEPT_CHARSET, "%s;q=0.7,*;q=0.1" % conf.encoding))
        # Invalidating any caching mechanism in between
        # Reference: http://stackoverflow.com/a/1383359
@@ -1684,17 +1685,28 @@ def _cleanupOptions():
    if conf.optimize:
        setOptimize()
-    if conf.data:
+    match = re.search(INJECT_HERE_REGEX, conf.data or "")
-        conf.data = re.sub("(?i)%s" % INJECT_HERE_MARK.replace(" ", r"[^A-Za-z]*"), CUSTOM_INJECTION_MARK_CHAR, conf.data)
+    if match:
        kb.customInjectionMark = match.group(0)
-    if conf.url:
+    match = re.search(INJECT_HERE_REGEX, conf.url or "")
-        conf.url = re.sub("(?i)%s" % INJECT_HERE_MARK.replace(" ", r"[^A-Za-z]*"), CUSTOM_INJECTION_MARK_CHAR, conf.url)
+    if match:
        kb.customInjectionMark = match.group(0)
    if conf.os:
        conf.os = conf.os.capitalize()
    if conf.forceDbms:
        conf.dbms = conf.forceDbms
    if conf.dbms:
-        conf.dbms = conf.dbms.capitalize()
+        kb.dbmsFilter = []
        for _ in conf.dbms.split(','):
            for dbms, aliases in DBMS_ALIASES:
                if _.strip().lower() in aliases:
                    kb.dbmsFilter.append(dbms)
                    conf.dbms = dbms if conf.dbms and ',' not in conf.dbms else None
                    break
    if conf.testFilter:
        conf.testFilter = conf.testFilter.strip('*+')
@@ -1754,7 +1766,7 @@ def _cleanupOptions():
                conf.string = conf.string.replace(_.encode("string_escape"), _)
    if conf.getAll:
-        map(lambda x: conf.__setitem__(x, True), WIZARD.ALL)
+        map(lambda _: conf.__setitem__(_, True), WIZARD.ALL)
    if conf.noCast:
        for _ in DUMP_REPLACEMENTS.keys():
@@ -1829,6 +1841,7 @@ def _setConfAttributes():
    conf.dumpPath = None
    conf.hashDB = None
    conf.hashDBFile = None
    conf.httpCollector = None
    conf.httpHeaders = []
    conf.hostname = None
    conf.ipv6 = False
@@ -1844,6 +1857,7 @@ def _setConfAttributes():
    conf.scheme = None
    conf.tests = []
    conf.trafficFP = None
    conf.HARCollectorFactory = None
    conf.wFileType = None
 def _setKnowledgeBaseAttributes(flushAll=True):
@@ -1891,11 +1905,13 @@ def _setKnowledgeBaseAttributes(flushAll=True):
    kb.connErrorCounter = 0
    kb.cookieEncodeChoice = None
    kb.counters = {}
    kb.customInjectionMark = CUSTOM_INJECTION_MARK_CHAR
    kb.data = AttribDict()
    kb.dataOutputFlag = False
    # Active back-end DBMS fingerprint
    kb.dbms = None
    kb.dbmsFilter = []
    kb.dbmsVersion = [UNKNOWN_DBMS_VERSION]
    kb.delayCandidates = TIME_DELAY_CANDIDATES * [0]
@@ -2013,6 +2029,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
    kb.tableExistsChoice = None
    kb.uChar = NULL
    kb.unionDuplicates = False
    kb.wafSpecificResponse = None
    kb.xpCmdshellAvailable = False
    if flushAll:
@@ -2228,6 +2245,12 @@ def _setTrafficOutputFP():
        conf.trafficFP = openFile(conf.trafficFile, "w+")
 def _setupHTTPCollector():
    if not conf.harFile:
        return
    conf.httpCollector = HTTPCollectorFactory(conf.harFile).create()
 def _setDNSServer():
    if not conf.dnsDomain:
        return
@@ -2357,8 +2380,8 @@ def _basicOptionValidation():
    if isinstance(conf.limitStart, int) and conf.limitStart > 0 and \
       isinstance(conf.limitStop, int) and conf.limitStop < conf.limitStart:
-        errMsg = "value for option '--start' (limitStart) must be smaller or equal than value for --stop (limitStop) option"
+        warnMsg = "usage of option '--start' (limitStart) which is bigger than value for --stop (limitStop) option is considered unstable"
-        raise SqlmapSyntaxException(errMsg)
+        logger.warn(warnMsg)
    if isinstance(conf.firstChar, int) and conf.firstChar > 0 and \
       isinstance(conf.lastChar, int) and conf.lastChar < conf.firstChar:
@@ -2405,6 +2428,10 @@ def _basicOptionValidation():
        errMsg = "option '--not-string' is incompatible with switch '--null-connection'"
        raise SqlmapSyntaxException(errMsg)
    if conf.notString and conf.nullConnection:
        errMsg = "option '--tor' is incompatible with switch '--os-pwn'"
        raise SqlmapSyntaxException(errMsg)
    if conf.noCast and conf.hexConvert:
        errMsg = "switch '--no-cast' is incompatible with switch '--hex'"
        raise SqlmapSyntaxException(errMsg)
@@ -2550,15 +2577,15 @@ def _basicOptionValidation():
        errMsg += "format <username>:<password> (e.g. \"root:pass\")"
        raise SqlmapSyntaxException(errMsg)
-    if conf.charset:
+    if conf.encoding:
-        _ = checkCharEncoding(conf.charset, False)
+        _ = checkCharEncoding(conf.encoding, False)
        if _ is None:
-            errMsg = "unknown charset '%s'. Please visit " % conf.charset
+            errMsg = "unknown charset '%s'. Please visit " % conf.encoding
            errMsg += "'%s' to get the full list of " % CODECS_LIST_PAGE
            errMsg += "supported charsets"
            raise SqlmapSyntaxException(errMsg)
        else:
-            conf.charset = _
+            conf.encoding = _
    if conf.loadCookies:
        if not os.path.exists(conf.loadCookies):
@@ -2604,6 +2631,7 @@ def init():
    _setTamperingFunctions()
    _setWafFunctions()
    _setTrafficOutputFP()
    _setupHTTPCollector()
    _resolveCrossReferences()
    _checkWebSocket()
--- a/lib/core/optiondict.py
+++ b/lib/core/optiondict.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 optDict = {
@@ -38,7 +38,7 @@ optDict = {
                               "authType":          "string",
                               "authCred":          "string",
                               "authFile":          "string",
-                               "ignore401":         "boolean",
+                               "ignoreCode":        "integer",
                               "ignoreProxy":       "boolean",
                               "ignoreRedirects":   "boolean",
                               "ignoreTimeouts":    "boolean",
@@ -201,10 +201,12 @@ optDict = {
                               "crawlExclude":      "string",
                               "csvDel":            "string",
                               "dumpFormat":        "string",
                               "encoding":          "string",
                               "eta":               "boolean",
                               "flushSession":      "boolean",
                               "forms":             "boolean",
                               "freshQueries":      "boolean",
                               "harFile":           "string",
                               "hexConvert":        "boolean",
                               "outputDir":         "string",
                               "parseErrors":       "boolean",
--- a/lib/core/profiling.py
+++ b/lib/core/profiling.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 import codecs
--- a/lib/core/readlineng.py
+++ b/lib/core/readlineng.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 from lib.core.data import logger
--- a/lib/core/replication.py
+++ b/lib/core/replication.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 import sqlite3
--- a/lib/core/revision.py
+++ b/lib/core/revision.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 import os
--- a/lib/core/session.py
+++ b/lib/core/session.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 import re
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 import os
@@ -19,12 +19,13 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
 from lib.core.enums import OS
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.1.7.0"
+VERSION = "1.1.11.0"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
 DESCRIPTION = "automatic SQL injection and database takeover tool"
 SITE = "http://sqlmap.org"
 DEV_EMAIL_ADDRESS = "dev@sqlmap.org"
 ISSUES_PAGE = "https://github.com/sqlmapproject/sqlmap/issues/new"
 GIT_REPOSITORY = "git://github.com/sqlmapproject/sqlmap.git"
 GIT_PAGE = "https://github.com/sqlmapproject/sqlmap"
@@ -63,10 +64,12 @@ URI_QUESTION_MARKER = "__QUESTION_MARK__"
 ASTERISK_MARKER = "__ASTERISK_MARK__"
 REPLACEMENT_MARKER = "__REPLACEMENT_MARK__"
 BOUNDED_INJECTION_MARKER = "__BOUNDED_INJECTION_MARK__"
 SAFE_VARIABLE_MARKER = "__SAFE__"
 RANDOM_INTEGER_MARKER = "[RANDINT]"
 RANDOM_STRING_MARKER = "[RANDSTR]"
 SLEEP_TIME_MARKER = "[SLEEPTIME]"
 INFERENCE_MARKER = "[INFERENCE]"
 PAYLOAD_DELIMITER = "__PAYLOAD_DELIMITER__"
 CHAR_INFERENCE_MARK = "%c"
@@ -99,8 +102,8 @@ GOOGLE_REGEX = r"webcache\.googleusercontent\.com/search\?q=cache:[^:]+:([^+]+)\
 # Regular expression used for extracting results from DuckDuckGo search
 DUCKDUCKGO_REGEX = r'"u":"([^"]+)'
-# Regular expression used for extracting results from Disconnect Search
+# Regular expression used for extracting results from Bing search
-DISCONNECT_SEARCH_REGEX = r'<p class="url wrapword">([^<]+)</p>'
+BING_REGEX = r'<h2><a href="([^"]+)" h='
 # Dummy user agent for search (if default one returns different results)
 DUMMY_SEARCH_USER_AGENT = "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0"
@@ -175,6 +178,9 @@ INFERENCE_UNKNOWN_CHAR = '?'
 # Character used for operation "greater" in inference
 INFERENCE_GREATER_CHAR = ">"
 # Character used for operation "greater or equal" in inference
 INFERENCE_GREATER_EQUALS_CHAR = ">="
 # Character used for operation "equals" in inference
 INFERENCE_EQUALS_CHAR = "="
@@ -366,7 +372,7 @@ CANDIDATE_SENTENCE_MIN_LENGTH = 10
 CUSTOM_INJECTION_MARK_CHAR = '*'
 # Other way to declare injection position
-INJECT_HERE_MARK = '%INJECT HERE%'
+INJECT_HERE_REGEX = '(?i)%INJECT[_ ]?HERE%'
 # Minimum chunk length used for retrieving data over error based payloads
 MIN_ERROR_CHUNK_LENGTH = 8
@@ -453,6 +459,9 @@ LOW_TEXT_PERCENT = 20
 # Reference: http://dev.mysql.com/doc/refman/5.1/en/function-resolution.html
 IGNORE_SPACE_AFFECTED_KEYWORDS = ("CAST", "COUNT", "EXTRACT", "GROUP_CONCAT", "MAX", "MID", "MIN", "SESSION_USER", "SUBSTR", "SUBSTRING", "SUM", "SYSTEM_USER", "TRIM")
 # Keywords expected to be in UPPERCASE in getValue()
 GET_VALUE_UPPERCASE_KEYWORDS = ("SELECT", "FROM", "WHERE", "DISTINCT", "COUNT")
 LEGAL_DISCLAIMER = "Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program"
 # After this number of misses reflective removal mechanism is turned off (for speed up reasons)
@@ -475,7 +484,7 @@ DUMMY_USER_INJECTION = r"(?i)[^\w](AND|OR)\s+[^\s]+[=><]|\bUNION\b.+\bSELECT\b|\
 # Extensions skipped by crawler
 CRAWL_EXCLUDE_EXTENSIONS = ("3ds", "3g2", "3gp", "7z", "DS_Store", "a", "aac", "adp", "ai", "aif", "aiff", "apk", "ar", "asf", "au", "avi", "bak", "bin", "bk", "bmp", "btif", "bz2", "cab", "caf", "cgm", "cmx", "cpio", "cr2", "dat", "deb", "djvu", "dll", "dmg", "dmp", "dng", "doc", "docx", "dot", "dotx", "dra", "dsk", "dts", "dtshd", "dvb", "dwg", "dxf", "ear", "ecelp4800", "ecelp7470", "ecelp9600", "egg", "eol", "eot", "epub", "exe", "f4v", "fbs", "fh", "fla", "flac", "fli", "flv", "fpx", "fst", "fvt", "g3", "gif", "gz", "h261", "h263", "h264", "ico", "ief", "image", "img", "ipa", "iso", "jar", "jpeg", "jpg", "jpgv", "jpm", "jxr", "ktx", "lvp", "lz", "lzma", "lzo", "m3u", "m4a", "m4v", "mar", "mdi", "mid", "mj2", "mka", "mkv", "mmr", "mng", "mov", "movie", "mp3", "mp4", "mp4a", "mpeg", "mpg", "mpga", "mxu", "nef", "npx", "o", "oga", "ogg", "ogv", "otf", "pbm", "pcx", "pdf", "pea", "pgm", "pic", "png", "pnm", "ppm", "pps", "ppt", "pptx", "ps", "psd", "pya", "pyc", "pyo", "pyv", "qt", "rar", "ras", "raw", "rgb", "rip", "rlc", "rz", "s3m", "s7z", "scm", "scpt", "sgi", "shar", "sil", "smv", "so", "sub", "swf", "tar", "tbz2", "tga", "tgz", "tif", "tiff", "tlz", "ts", "ttf", "uvh", "uvi", "uvm", "uvp", "uvs", "uvu", "viv", "vob", "war", "wav", "wax", "wbmp", "wdp", "weba", "webm", "webp", "whl", "wm", "wma", "wmv", "wmx", "woff", "woff2", "wvx", "xbm", "xif", "xls", "xlsx", "xlt", "xm", "xpi", "xpm", "xwd", "xz", "z", "zip", "zipx")
-# Patterns often seen in HTTP headers containing custom injection marking character
+# Patterns often seen in HTTP headers containing custom injection marking character '*'
 PROBLEMATIC_CUSTOM_INJECTION_PATTERNS = r"(;q=[^;']+)|(\*/\*)"
 # Template used for common table existence check
@@ -491,7 +500,7 @@ IDS_WAF_CHECK_PAYLOAD = "AND 1=1 UNION ALL SELECT 1,NULL,'<script>alert(\"XSS\")
 SHELLCODEEXEC_RANDOM_STRING_MARKER = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
 # Generic address for checking the Internet connection while using switch --check-internet
-CHECK_INTERNET_ADDRESS = "http://ipinfo.io/"
+CHECK_INTERNET_ADDRESS = "https://ipinfo.io/"
 # Value to look for in response to CHECK_INTERNET_ADDRESS
 CHECK_INTERNET_VALUE = "IP Address Details"
@@ -588,7 +597,7 @@ MAX_TOTAL_REDIRECTIONS = 10
 MAX_DNS_LABEL = 63
 # Alphabet used for prefix and suffix strings of name resolution requests in DNS technique (excluding hexadecimal chars for not mixing with inner content)
-DNS_BOUNDARIES_ALPHABET = re.sub("[a-fA-F]", "", string.ascii_letters)
+DNS_BOUNDARIES_ALPHABET = re.sub(r"[a-fA-F]", "", string.ascii_letters)
 # Alphabet used for heuristic checks
 HEURISTIC_CHECK_ALPHABET = ('"', '\'', ')', '(', ',', '.')
@@ -630,7 +639,7 @@ VALID_TIME_CHARS_RUN_THRESHOLD = 100
 CHECK_ZERO_COLUMNS_THRESHOLD = 10
 # Boldify all logger messages containing these "patterns"
-BOLD_PATTERNS = ("' injectable", "provided empty", "leftover chars", "might be injectable", "' is vulnerable", "is not injectable", "does not seem to be", "test failed", "test passed", "live test final result", "test shows that", "the back-end DBMS is", "created Github", "blocked by the target server", "protection is involved", "CAPTCHA")
+BOLD_PATTERNS = ("' injectable", "provided empty", "leftover chars", "might be injectable", "' is vulnerable", "is not injectable", "does not seem to be", "test failed", "test passed", "live test final result", "test shows that", "the back-end DBMS is", "created Github", "blocked by the target server", "protection is involved", "CAPTCHA", "specific response")
 # Generic www root directory names
 GENERIC_DOC_ROOT_DIRECTORY_NAMES = ("htdocs", "httpdocs", "public", "wwwroot", "www")
@@ -669,7 +678,7 @@ INVALID_UNICODE_CHAR_FORMAT = r"\x%02x"
 XML_RECOGNITION_REGEX = r"(?s)\A\s*<[^>]+>(.+>)?\s*\Z"
 # Regular expression used for detecting JSON POST data
-JSON_RECOGNITION_REGEX = r'(?s)\A(\s*\[)*\s*\{.*"[^"]+"\s*:\s*("[^"]+"|\d+).*\}\s*(\]\s*)*\Z'
+JSON_RECOGNITION_REGEX = r'(?s)\A(\s*\[)*\s*\{.*"[^"]+"\s*:\s*("[^"]*"|\d+|true|false|null).*\}\s*(\]\s*)*\Z'
 # Regular expression used for detecting JSON-like POST data
 JSON_LIKE_RECOGNITION_REGEX = r"(?s)\A(\s*\[)*\s*\{.*'[^']+'\s*:\s*('[^']+'|\d+).*\}\s*(\]\s*)*\Z"
--- a/lib/core/shell.py
+++ b/lib/core/shell.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 import atexit
--- a/lib/core/subprocessng.py
+++ b/lib/core/subprocessng.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 import errno
--- a/lib/core/target.py
+++ b/lib/core/target.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 import codecs
@@ -20,6 +20,7 @@ from lib.core.common import getSafeExString
 from lib.core.common import getUnicode
 from lib.core.common import hashDBRetrieve
 from lib.core.common import intersect
 from lib.core.common import isNumPosStrValue
 from lib.core.common import normalizeUnicode
 from lib.core.common import openFile
 from lib.core.common import paramToDict
@@ -51,7 +52,6 @@ from lib.core.option import _setKnowledgeBaseAttributes
 from lib.core.option import _setAuthCred
 from lib.core.settings import ASTERISK_MARKER
 from lib.core.settings import CSRF_TOKEN_PARAMETER_INFIXES
 from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR
 from lib.core.settings import DEFAULT_GET_POST_DELIMITER
 from lib.core.settings import HOST_ALIASES
 from lib.core.settings import ARRAY_LIKE_RECOGNITION_REGEX
@@ -113,14 +113,14 @@ def _setRequestParams():
                        retVal = retVal.replace(_.group(0), match.group(int(_.group(1)) if _.group(1).isdigit() else _.group(1)))
                    else:
                        break
-                if CUSTOM_INJECTION_MARK_CHAR in retVal:
+                if kb.customInjectionMark in retVal:
-                    hintNames.append((retVal.split(CUSTOM_INJECTION_MARK_CHAR)[0], match.group("name")))
+                    hintNames.append((retVal.split(kb.customInjectionMark)[0], match.group("name")))
            return retVal
-        if kb.processUserMarks is None and CUSTOM_INJECTION_MARK_CHAR in conf.data:
+        if kb.processUserMarks is None and kb.customInjectionMark in conf.data:
-            message = "custom injection marking character ('%s') found in option " % CUSTOM_INJECTION_MARK_CHAR
+            message = "custom injection marker ('%s') found in option " % kb.customInjectionMark
            message += "'--data'. Do you want to process it? [Y/n/q] "
-            choice = readInput(message, default='Y')
+            choice = readInput(message, default='Y').upper()
            if choice == 'Q':
                raise SqlmapUserQuitException
@@ -133,21 +133,22 @@ def _setRequestParams():
        if re.search(JSON_RECOGNITION_REGEX, conf.data):
            message = "JSON data found in %s data. " % conf.method
            message += "Do you want to process it? [Y/n/q] "
-            choice = readInput(message, default='Y')
+            choice = readInput(message, default='Y').upper()
            if choice == 'Q':
                raise SqlmapUserQuitException
            elif choice == 'Y':
-                if not (kb.processUserMarks and CUSTOM_INJECTION_MARK_CHAR in conf.data):
+                if not (kb.processUserMarks and kb.customInjectionMark in conf.data):
                    conf.data = getattr(conf.data, UNENCODED_ORIGINAL_VALUE, conf.data)
-                    conf.data = conf.data.replace(CUSTOM_INJECTION_MARK_CHAR, ASTERISK_MARKER)
+                    conf.data = conf.data.replace(kb.customInjectionMark, ASTERISK_MARKER)
-                    conf.data = re.sub(r'("(?P<name>[^"]+)"\s*:\s*"[^"]+)"', functools.partial(process, repl=r'\g<1>%s"' % CUSTOM_INJECTION_MARK_CHAR), conf.data)
+                    conf.data = re.sub(r'("(?P<name>[^"]+)"\s*:\s*"[^"]*)"', functools.partial(process, repl=r'\g<1>%s"' % kb.customInjectionMark), conf.data)
-                    conf.data = re.sub(r'("(?P<name>[^"]+)"\s*:\s*)(-?\d[\d\.]*\b)', functools.partial(process, repl=r'\g<0>%s' % CUSTOM_INJECTION_MARK_CHAR), conf.data)
+                    conf.data = re.sub(r'("(?P<name>[^"]+)"\s*:\s*)(-?\d[\d\.]*)\b', functools.partial(process, repl=r'\g<1>\g<3>%s' % kb.customInjectionMark), conf.data)
                    conf.data = re.sub(r'("(?P<name>[^"]+)"\s*:\s*)((true|false|null))\b', functools.partial(process, repl=r'\g<1>\g<3>%s' % kb.customInjectionMark), conf.data)
                    match = re.search(r'(?P<name>[^"]+)"\s*:\s*\[([^\]]+)\]', conf.data)
                    if match and not (conf.testParameter and match.group("name") not in conf.testParameter):
                        _ = match.group(2)
-                        _ = re.sub(r'("[^"]+)"', '\g<1>%s"' % CUSTOM_INJECTION_MARK_CHAR, _)
+                        _ = re.sub(r'("[^"]+)"', '\g<1>%s"' % kb.customInjectionMark, _)
-                        _ = re.sub(r'(\A|,|\s+)(-?\d[\d\.]*\b)', '\g<0>%s' % CUSTOM_INJECTION_MARK_CHAR, _)
+                        _ = re.sub(r'(\A|,|\s+)(-?\d[\d\.]*\b)', '\g<0>%s' % kb.customInjectionMark, _)
                        conf.data = conf.data.replace(match.group(0), match.group(0).replace(match.group(2), _))
                kb.postHint = POST_HINT.JSON
@@ -160,11 +161,11 @@ def _setRequestParams():
            if choice == 'Q':
                raise SqlmapUserQuitException
            elif choice == 'Y':
-                if not (kb.processUserMarks and CUSTOM_INJECTION_MARK_CHAR in conf.data):
+                if not (kb.processUserMarks and kb.customInjectionMark in conf.data):
                    conf.data = getattr(conf.data, UNENCODED_ORIGINAL_VALUE, conf.data)
-                    conf.data = conf.data.replace(CUSTOM_INJECTION_MARK_CHAR, ASTERISK_MARKER)
+                    conf.data = conf.data.replace(kb.customInjectionMark, ASTERISK_MARKER)
-                    conf.data = re.sub(r"('(?P<name>[^']+)'\s*:\s*'[^']+)'", functools.partial(process, repl=r"\g<1>%s'" % CUSTOM_INJECTION_MARK_CHAR), conf.data)
+                    conf.data = re.sub(r"('(?P<name>[^']+)'\s*:\s*'[^']+)'", functools.partial(process, repl=r"\g<1>%s'" % kb.customInjectionMark), conf.data)
-                    conf.data = re.sub(r"('(?P<name>[^']+)'\s*:\s*)(-?\d[\d\.]*\b)", functools.partial(process, repl=r"\g<0>%s" % CUSTOM_INJECTION_MARK_CHAR), conf.data)
+                    conf.data = re.sub(r"('(?P<name>[^']+)'\s*:\s*)(-?\d[\d\.]*\b)", functools.partial(process, repl=r"\g<0>%s" % kb.customInjectionMark), conf.data)
                kb.postHint = POST_HINT.JSON_LIKE
@@ -176,9 +177,9 @@ def _setRequestParams():
            if choice == 'Q':
                raise SqlmapUserQuitException
            elif choice == 'Y':
-                if not (kb.processUserMarks and CUSTOM_INJECTION_MARK_CHAR in conf.data):
+                if not (kb.processUserMarks and kb.customInjectionMark in conf.data):
-                    conf.data = conf.data.replace(CUSTOM_INJECTION_MARK_CHAR, ASTERISK_MARKER)
+                    conf.data = conf.data.replace(kb.customInjectionMark, ASTERISK_MARKER)
-                    conf.data = re.sub(r"(=[^%s]+)" % DEFAULT_GET_POST_DELIMITER, r"\g<1>%s" % CUSTOM_INJECTION_MARK_CHAR, conf.data)
+                    conf.data = re.sub(r"(=[^%s]+)" % DEFAULT_GET_POST_DELIMITER, r"\g<1>%s" % kb.customInjectionMark, conf.data)
                kb.postHint = POST_HINT.ARRAY_LIKE
@@ -190,10 +191,10 @@ def _setRequestParams():
            if choice == 'Q':
                raise SqlmapUserQuitException
            elif choice == 'Y':
-                if not (kb.processUserMarks and CUSTOM_INJECTION_MARK_CHAR in conf.data):
+                if not (kb.processUserMarks and kb.customInjectionMark in conf.data):
                    conf.data = getattr(conf.data, UNENCODED_ORIGINAL_VALUE, conf.data)
-                    conf.data = conf.data.replace(CUSTOM_INJECTION_MARK_CHAR, ASTERISK_MARKER)
+                    conf.data = conf.data.replace(kb.customInjectionMark, ASTERISK_MARKER)
-                    conf.data = re.sub(r"(<(?P<name>[^>]+)( [^<]*)?>)([^<]+)(</\2)", functools.partial(process, repl=r"\g<1>\g<4>%s\g<5>" % CUSTOM_INJECTION_MARK_CHAR), conf.data)
+                    conf.data = re.sub(r"(<(?P<name>[^>]+)( [^<]*)?>)([^<]+)(</\2)", functools.partial(process, repl=r"\g<1>\g<4>%s\g<5>" % kb.customInjectionMark), conf.data)
                kb.postHint = POST_HINT.SOAP if "soap" in conf.data.lower() else POST_HINT.XML
@@ -205,15 +206,15 @@ def _setRequestParams():
            if choice == 'Q':
                raise SqlmapUserQuitException
            elif choice == 'Y':
-                if not (kb.processUserMarks and CUSTOM_INJECTION_MARK_CHAR in conf.data):
+                if not (kb.processUserMarks and kb.customInjectionMark in conf.data):
                    conf.data = getattr(conf.data, UNENCODED_ORIGINAL_VALUE, conf.data)
-                    conf.data = conf.data.replace(CUSTOM_INJECTION_MARK_CHAR, ASTERISK_MARKER)
+                    conf.data = conf.data.replace(kb.customInjectionMark, ASTERISK_MARKER)
-                    conf.data = re.sub(r"(?si)((Content-Disposition[^\n]+?name\s*=\s*[\"'](?P<name>[^\n]+?)[\"']).+?)(((\r)?\n)+--)", functools.partial(process, repl=r"\g<1>%s\g<4>" % CUSTOM_INJECTION_MARK_CHAR), conf.data)
+                    conf.data = re.sub(r"(?si)((Content-Disposition[^\n]+?name\s*=\s*[\"']?(?P<name>[^\"'\r\n]+)[\"']?).+?)(((\r)?\n)+--)", functools.partial(process, repl=r"\g<1>%s\g<4>" % kb.customInjectionMark), conf.data)
                kb.postHint = POST_HINT.MULTIPART
        if not kb.postHint:
-            if CUSTOM_INJECTION_MARK_CHAR in conf.data:  # later processed
+            if kb.customInjectionMark in conf.data:  # later processed
                pass
            else:
                place = PLACE.POST
@@ -225,12 +226,12 @@ def _setRequestParams():
                    conf.paramDict[place] = paramDict
                    testableParameters = True
        else:
-            if CUSTOM_INJECTION_MARK_CHAR not in conf.data:  # in case that no usable parameter values has been found
+            if kb.customInjectionMark not in conf.data:  # in case that no usable parameter values has been found
                conf.parameters[PLACE.POST] = conf.data
-    kb.processUserMarks = True if (kb.postHint and CUSTOM_INJECTION_MARK_CHAR in conf.data) else kb.processUserMarks
+    kb.processUserMarks = True if (kb.postHint and kb.customInjectionMark in conf.data) else kb.processUserMarks
-    if re.search(URI_INJECTABLE_REGEX, conf.url, re.I) and not any(place in conf.parameters for place in (PLACE.GET, PLACE.POST)) and not kb.postHint and not CUSTOM_INJECTION_MARK_CHAR in (conf.data or "") and conf.url.startswith("http"):
+    if re.search(URI_INJECTABLE_REGEX, conf.url, re.I) and not any(place in conf.parameters for place in (PLACE.GET, PLACE.POST)) and not kb.postHint and not kb.customInjectionMark in (conf.data or "") and conf.url.startswith("http"):
        warnMsg = "you've provided target URL without any GET "
        warnMsg += "parameters (e.g. 'http://www.site.com/article.php?id=1') "
        warnMsg += "and without providing any POST parameters "
@@ -244,15 +245,15 @@ def _setRequestParams():
        if choice == 'Q':
            raise SqlmapUserQuitException
        elif choice == 'Y':
-            conf.url = "%s%s" % (conf.url, CUSTOM_INJECTION_MARK_CHAR)
+            conf.url = "%s%s" % (conf.url, kb.customInjectionMark)
            kb.processUserMarks = True
    for place, value in ((PLACE.URI, conf.url), (PLACE.CUSTOM_POST, conf.data), (PLACE.CUSTOM_HEADER, str(conf.httpHeaders))):
        _ = re.sub(PROBLEMATIC_CUSTOM_INJECTION_PATTERNS, "", value or "") if place == PLACE.CUSTOM_HEADER else value or ""
-        if CUSTOM_INJECTION_MARK_CHAR in _:
+        if kb.customInjectionMark in _:
            if kb.processUserMarks is None:
                lut = {PLACE.URI: '-u', PLACE.CUSTOM_POST: '--data', PLACE.CUSTOM_HEADER: '--headers/--user-agent/--referer/--cookie'}
-                message = "custom injection marking character ('%s') found in option " % CUSTOM_INJECTION_MARK_CHAR
+                message = "custom injection marker ('%s') found in option " % kb.customInjectionMark
                message += "'%s'. Do you want to process it? [Y/n/q] " % lut[place]
                choice = readInput(message, default='Y').upper()
@@ -264,7 +265,7 @@ def _setRequestParams():
                    if kb.processUserMarks:
                        kb.testOnlyCustom = True
-                        if "=%s" % CUSTOM_INJECTION_MARK_CHAR in _:
+                        if "=%s" % kb.customInjectionMark in _:
                            warnMsg = "it seems that you've provided empty parameter value(s) "
                            warnMsg += "for testing. Please, always use only valid parameter values "
                            warnMsg += "so sqlmap could be able to run properly"
@@ -296,13 +297,13 @@ def _setRequestParams():
                if place == PLACE.CUSTOM_HEADER:
                    for index in xrange(len(conf.httpHeaders)):
                        header, value = conf.httpHeaders[index]
-                        if CUSTOM_INJECTION_MARK_CHAR in re.sub(PROBLEMATIC_CUSTOM_INJECTION_PATTERNS, "", value):
+                        if kb.customInjectionMark in re.sub(PROBLEMATIC_CUSTOM_INJECTION_PATTERNS, "", value):
-                            parts = value.split(CUSTOM_INJECTION_MARK_CHAR)
+                            parts = value.split(kb.customInjectionMark)
                            for i in xrange(len(parts) - 1):
-                                conf.paramDict[place]["%s #%d%s" % (header, i + 1, CUSTOM_INJECTION_MARK_CHAR)] = "%s,%s" % (header, "".join("%s%s" % (parts[j], CUSTOM_INJECTION_MARK_CHAR if i == j else "") for j in xrange(len(parts))))
+                                conf.paramDict[place]["%s #%d%s" % (header, i + 1, kb.customInjectionMark)] = "%s,%s" % (header, "".join("%s%s" % (parts[j], kb.customInjectionMark if i == j else "") for j in xrange(len(parts))))
-                            conf.httpHeaders[index] = (header, value.replace(CUSTOM_INJECTION_MARK_CHAR, ""))
+                            conf.httpHeaders[index] = (header, value.replace(kb.customInjectionMark, ""))
                else:
-                    parts = value.split(CUSTOM_INJECTION_MARK_CHAR)
+                    parts = value.split(kb.customInjectionMark)
                    for i in xrange(len(parts) - 1):
                        name = None
@@ -312,8 +313,8 @@ def _setRequestParams():
                                    name = "%s %s" % (kb.postHint, _)
                                    break
                        if name is None:
-                            name = "%s#%s%s" % (("%s " % kb.postHint) if kb.postHint else "", i + 1, CUSTOM_INJECTION_MARK_CHAR)
+                            name = "%s#%s%s" % (("%s " % kb.postHint) if kb.postHint else "", i + 1, kb.customInjectionMark)
-                        conf.paramDict[place][name] = "".join("%s%s" % (parts[j], CUSTOM_INJECTION_MARK_CHAR if i == j else "") for j in xrange(len(parts)))
+                        conf.paramDict[place][name] = "".join("%s%s" % (parts[j], kb.customInjectionMark if i == j else "") for j in xrange(len(parts)))
                    if place == PLACE.URI and PLACE.GET in conf.paramDict:
                        del conf.paramDict[PLACE.GET]
@@ -325,7 +326,7 @@ def _setRequestParams():
    if kb.processUserMarks:
        for item in ("url", "data", "agent", "referer", "cookie"):
            if conf.get(item):
-                conf[item] = conf[item].replace(CUSTOM_INJECTION_MARK_CHAR, "")
+                conf[item] = conf[item].replace(kb.customInjectionMark, "")
    # Perform checks on Cookie parameters
    if conf.cookie:
@@ -374,8 +375,8 @@ def _setRequestParams():
                if condition:
                    conf.parameters[PLACE.CUSTOM_HEADER] = str(conf.httpHeaders)
-                    conf.paramDict[PLACE.CUSTOM_HEADER] = {httpHeader: "%s,%s%s" % (httpHeader, headerValue, CUSTOM_INJECTION_MARK_CHAR)}
+                    conf.paramDict[PLACE.CUSTOM_HEADER] = {httpHeader: "%s,%s%s" % (httpHeader, headerValue, kb.customInjectionMark)}
-                    conf.httpHeaders = [(header, value.replace(CUSTOM_INJECTION_MARK_CHAR, "")) for header, value in conf.httpHeaders]
+                    conf.httpHeaders = [(header, value.replace(kb.customInjectionMark, "")) for header, value in conf.httpHeaders]
                    testableParameters = True
    if not conf.parameters:
@@ -401,7 +402,7 @@ def _setRequestParams():
                    message += "Do you want sqlmap to automatically update it in further requests? [y/N] "
                    if readInput(message, default='N', boolean=True):
-                        conf.csrfToken = parameter
+                        conf.csrfToken = getUnicode(parameter)
                    break
 def _setHashDB():
@@ -436,7 +437,7 @@ def _resumeHashDBValues():
    kb.xpCmdshellAvailable = hashDBRetrieve(HASHDB_KEYS.KB_XP_CMDSHELL_AVAILABLE) or kb.xpCmdshellAvailable
    kb.errorChunkLength = hashDBRetrieve(HASHDB_KEYS.KB_ERROR_CHUNK_LENGTH)
-    if kb.errorChunkLength and kb.errorChunkLength.isdigit():
+    if isNumPosStrValue(kb.errorChunkLength):
        kb.errorChunkLength = int(kb.errorChunkLength)
    else:
        kb.errorChunkLength = None
@@ -647,10 +648,10 @@ def _createTargetDirs():
    conf.outputPath = os.path.join(getUnicode(paths.SQLMAP_OUTPUT_PATH), normalizeUnicode(getUnicode(conf.hostname)))
    if not os.path.isdir(conf.outputPath):
    try:
        if not os.path.isdir(conf.outputPath):
            os.makedirs(conf.outputPath, 0755)
-        except (OSError, IOError), ex:
+    except (OSError, IOError, TypeError), ex:
        try:
            tempDir = tempfile.mkdtemp(prefix="sqlmapoutput")
        except Exception, _:
--- a/lib/core/testing.py
+++ b/lib/core/testing.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 import codecs
--- a/lib/core/threads.py
+++ b/lib/core/threads.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 import difflib
--- a/lib/core/unescaper.py
+++ b/lib/core/unescaper.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 from lib.core.common import Backend
--- a/lib/core/update.py
+++ b/lib/core/update.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 import locale
--- a/lib/core/wordlist.py
+++ b/lib/core/wordlist.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 import os
--- a/lib/parse/init.py
+++ b/lib/parse/init.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 pass
--- a/lib/parse/banner.py
+++ b/lib/parse/banner.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 import re
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 import os
@@ -31,7 +31,6 @@ from lib.core.settings import BASIC_HELP_ITEMS
 from lib.core.settings import DUMMY_URL
 from lib.core.settings import IS_WIN
 from lib.core.settings import MAX_HELP_OPTION_LENGTH
 from lib.core.settings import UNICODE_ENCODING
 from lib.core.settings import VERSION_STRING
 from lib.core.shell import autoCompletion
 from lib.core.shell import clearHistory
@@ -150,8 +149,8 @@ def cmdLineParser(argv=None):
        request.add_option("--auth-file", dest="authFile",
                           help="HTTP authentication PEM cert/private key file")
-        request.add_option("--ignore-401", dest="ignore401", action="store_true",
+        request.add_option("--ignore-code", dest="ignoreCode", type="int",
-                          help="Ignore HTTP Error 401 (Unauthorized)")
+                          help="Ignore HTTP error code (e.g. 401)")
        request.add_option("--ignore-proxy", dest="ignoreProxy", action="store_true",
                           help="Ignore system default proxy settings")
@@ -322,7 +321,7 @@ def cmdLineParser(argv=None):
        detection.add_option("--risk", dest="risk", type="int",
                             help="Risk of tests to perform (1-3, "
-                                  "default %d)" % defaults.level)
+                                  "default %d)" % defaults.risk)
        detection.add_option("--string", dest="string",
                             help="String to match when "
@@ -618,9 +617,6 @@ def cmdLineParser(argv=None):
        general = OptionGroup(parser, "General", "These options can be used "
                             "to set some general working parameters")
        #general.add_option("-x", dest="xmlFile",
        #                    help="Dump the data into an XML file")
        general.add_option("-s", dest="sessionFile",
                            help="Load session from a stored (.sqlite) file")
@@ -635,9 +631,6 @@ def cmdLineParser(argv=None):
        general.add_option("--binary-fields", dest="binaryFields",
                          help="Result fields having binary values (e.g. \"digest\")")
        general.add_option("--charset", dest="charset",
                            help="Force character encoding used for data retrieval")
        general.add_option("--check-internet", dest="checkInternet",
                            action="store_true",
                            help="Check Internet connection before assessing the target")
@@ -652,13 +645,18 @@ def cmdLineParser(argv=None):
                                  help="Delimiting character used in CSV output "
                                  "(default \"%s\")" % defaults.csvDel)
        general.add_option("--charset", dest="charset",
                           help="Blind SQL injection charset (e.g. \"0123456789abcdef\")")
        general.add_option("--dump-format", dest="dumpFormat",
                                  help="Format of dumped data (CSV (default), HTML or SQLITE)")
        general.add_option("--encoding", dest="encoding",
                            help="Character encoding used for data retrieval (e.g. GBK)")
        general.add_option("--eta", dest="eta",
                            action="store_true",
-                            help="Display for each output the "
+                            help="Display for each output the estimated time of arrival")
                                 "estimated time of arrival")
        general.add_option("--flush-session", dest="flushSession",
                            action="store_true",
@@ -672,6 +670,9 @@ def cmdLineParser(argv=None):
                            action="store_true",
                            help="Ignore query results stored in session file")
        general.add_option("--har", dest="harFile",
                           help="Log all HTTP traffic into a HAR file")
        general.add_option("--hex", dest="hexConvert",
                            action="store_true",
                            help="Use DBMS hex function(s) for data retrieval")
@@ -784,6 +785,9 @@ def cmdLineParser(argv=None):
        parser.add_option("--profile", dest="profile", action="store_true",
                          help=SUPPRESS_HELP)
        parser.add_option("--force-dbms", dest="forceDbms",
                          help=SUPPRESS_HELP)
        parser.add_option("--force-dns", dest="forceDns", action="store_true",
                          help=SUPPRESS_HELP)
--- a/lib/parse/configfile.py
+++ b/lib/parse/configfile.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 from lib.core.common import checkFile
--- a/lib/parse/handler.py
+++ b/lib/parse/handler.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 import re
@@ -44,7 +44,7 @@ class FingerprintHandler(ContentHandler):
    def startElement(self, name, attrs):
        if name == "regexp":
            self._regexp = sanitizeStr(attrs.get("value"))
-            _ = re.match("\A[A-Za-z0-9]+", self._regexp)  # minor trick avoiding compiling of large amount of regexes
+            _ = re.match(r"\A[A-Za-z0-9]+", self._regexp)  # minor trick avoiding compiling of large amount of regexes
            if _ and _.group(0).lower() in self._banner.lower() or not _:
                self._match = re.search(self._regexp, self._banner, re.I | re.M)
--- a/lib/parse/headers.py
+++ b/lib/parse/headers.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 import itertools
@@ -23,11 +23,10 @@ def headersParser(headers):
    if not kb.headerPaths:
        kb.headerPaths = {
            "cookie":                          os.path.join(paths.SQLMAP_XML_BANNER_PATH, "cookie.xml"),
            "microsoftsharepointteamservices": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "sharepoint.xml"),
            "server":                          os.path.join(paths.SQLMAP_XML_BANNER_PATH, "server.xml"),
-            "servlet-engine":                  os.path.join(paths.SQLMAP_XML_BANNER_PATH, "servlet.xml"),
+            "servlet-engine":                  os.path.join(paths.SQLMAP_XML_BANNER_PATH, "servlet-engine.xml"),
-            "set-cookie":                      os.path.join(paths.SQLMAP_XML_BANNER_PATH, "cookie.xml"),
+            "set-cookie":                      os.path.join(paths.SQLMAP_XML_BANNER_PATH, "set-cookie.xml"),
            "x-aspnet-version":                os.path.join(paths.SQLMAP_XML_BANNER_PATH, "x-aspnet-version.xml"),
            "x-powered-by":                    os.path.join(paths.SQLMAP_XML_BANNER_PATH, "x-powered-by.xml"),
        }
--- a/lib/parse/html.py
+++ b/lib/parse/html.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 import re
@@ -43,7 +43,7 @@ class HTMLHandler(ContentHandler):
        elif name == "error":
            regexp = attrs.get("regexp")
            if regexp not in kb.cache.regex:
-                keywords = re.findall("\w+", re.sub(r"\\.", " ", regexp))
+                keywords = re.findall(r"\w+", re.sub(r"\\.", " ", regexp))
                keywords = sorted(keywords, key=len)
                kb.cache.regex[regexp] = keywords[-1].lower()
--- a/lib/parse/payloads.py
+++ b/lib/parse/payloads.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 import os
--- a/lib/parse/sitemap.py
+++ b/lib/parse/sitemap.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 import httplib
--- a/lib/request/init.py
+++ b/lib/request/init.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 pass
--- a/lib/request/basic.py
+++ b/lib/request/basic.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 import codecs
@@ -33,6 +33,7 @@ from lib.core.enums import PLACE
 from lib.core.exception import SqlmapCompressionException
 from lib.core.settings import BLOCKED_IP_REGEX
 from lib.core.settings import DEFAULT_COOKIE_DELIMITER
 from lib.core.settings import DEV_EMAIL_ADDRESS
 from lib.core.settings import EVENTVALIDATION_REGEX
 from lib.core.settings import MAX_CONNECTION_TOTAL_SIZE
 from lib.core.settings import META_CHARSET_REGEX
@@ -46,7 +47,7 @@ from lib.utils.htmlentities import htmlEntities
 from thirdparty.chardet import detect
 from thirdparty.odict.odict import OrderedDict
-def forgeHeaders(items=None):
+def forgeHeaders(items=None, base=None):
    """
    Prepare HTTP Cookie, HTTP User-Agent and HTTP Referer headers to use when performing
    the HTTP requests
@@ -58,7 +59,7 @@ def forgeHeaders(items=None):
        if items[_] is None:
            del items[_]
-    headers = OrderedDict(conf.httpHeaders)
+    headers = OrderedDict(base or conf.httpHeaders)
    headers.update(items.items())
    class _str(str):
@@ -92,7 +93,7 @@ def forgeHeaders(items=None):
    if conf.cj:
        if HTTP_HEADER.COOKIE in headers:
            for cookie in conf.cj:
-                if cookie.domain_specified and not conf.hostname.endswith(cookie.domain):
+                if cookie.domain_specified and not (conf.hostname or "").endswith(cookie.domain):
                    continue
                if ("%s=" % getUnicode(cookie.name)) in getUnicode(headers[HTTP_HEADER.COOKIE]):
@@ -214,7 +215,7 @@ def checkCharEncoding(encoding, warn=True):
    except (LookupError, ValueError):
        if warn:
            warnMsg = "unknown web page charset '%s'. " % encoding
-            warnMsg += "Please report by e-mail to 'dev@sqlmap.org'"
+            warnMsg += "Please report by e-mail to '%s'" % DEV_EMAIL_ADDRESS
            singleTimeLogMessage(warnMsg, logging.WARN, encoding)
        encoding = None
@@ -279,7 +280,7 @@ def decodePage(page, contentEncoding, contentType):
                kb.pageCompress = False
                raise SqlmapCompressionException
-    if not conf.charset:
+    if not conf.encoding:
        httpCharset, metaCharset = None, None
        # Reference: http://stackoverflow.com/questions/1020892/python-urllib2-read-to-unicode
@@ -296,7 +297,7 @@ def decodePage(page, contentEncoding, contentType):
        else:
            kb.pageEncoding = None
    else:
-        kb.pageEncoding = conf.charset
+        kb.pageEncoding = conf.encoding
    # can't do for all responses because we need to support binary files too
    if contentType and not isinstance(page, unicode) and "text/" in contentType.lower():
@@ -373,7 +374,7 @@ def processResponse(page, responseHeaders, status=None):
                            continue
                        conf.paramDict[PLACE.POST][name] = value
-                conf.parameters[PLACE.POST] = re.sub("(?i)(%s=)[^&]+" % re.escape(name), r"\g<1>%s" % re.escape(value), conf.parameters[PLACE.POST])
+                conf.parameters[PLACE.POST] = re.sub(r"(?i)(%s=)[^&]+" % re.escape(name), r"\g<1>%s" % re.escape(value), conf.parameters[PLACE.POST])
    if not kb.browserVerification and re.search(r"(?i)browser.?verification", page or ""):
        kb.browserVerification = True
--- a/lib/request/basicauthhandler.py
+++ b/lib/request/basicauthhandler.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 import urllib2
--- a/lib/request/comparison.py
+++ b/lib/request/comparison.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 import re
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 import binascii
@@ -51,11 +51,13 @@ from lib.core.common import randomInt
 from lib.core.common import randomStr
 from lib.core.common import readInput
 from lib.core.common import removeReflectiveValues
 from lib.core.common import safeVariableNaming
 from lib.core.common import singleTimeLogMessage
 from lib.core.common import singleTimeWarnMessage
 from lib.core.common import stdev
 from lib.core.common import wasLastResponseDelayed
 from lib.core.common import unicodeencode
 from lib.core.common import unsafeVariableNaming
 from lib.core.common import urldecode
 from lib.core.common import urlencode
 from lib.core.data import conf
@@ -81,7 +83,6 @@ from lib.core.exception import SqlmapTokenException
 from lib.core.exception import SqlmapValueException
 from lib.core.settings import ASTERISK_MARKER
 from lib.core.settings import BOUNDARY_BACKSLASH_MARKER
 from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR
 from lib.core.settings import DEFAULT_CONTENT_TYPE
 from lib.core.settings import DEFAULT_COOKIE_DELIMITER
 from lib.core.settings import DEFAULT_GET_POST_DELIMITER
@@ -223,6 +224,8 @@ class Connect(object):
        the target URL page content
        """
        start = time.time()
        if isinstance(conf.delay, (int, float)) and conf.delay > 0:
            time.sleep(conf.delay)
@@ -288,7 +291,7 @@ class Connect(object):
        status = None
        _ = urlparse.urlsplit(url)
-        requestMsg = u"HTTP request [#%d]:\n%s " % (threadData.lastRequestUID, method or (HTTPMETHOD.POST if post is not None else HTTPMETHOD.GET))
+        requestMsg = u"HTTP request [#%d]:\r\n%s " % (threadData.lastRequestUID, method or (HTTPMETHOD.POST if post is not None else HTTPMETHOD.GET))
        requestMsg += getUnicode(("%s%s" % (_.path or "/", ("?%s" % _.query) if _.query else "")) if not any((refreshing, crawling, checking)) else url)
        responseMsg = u"HTTP response "
        requestHeaders = u""
@@ -316,8 +319,8 @@ class Connect(object):
            elif target:
                if conf.forceSSL and urlparse.urlparse(url).scheme != "https":
-                    url = re.sub("(?i)\Ahttp:", "https:", url)
+                    url = re.sub(r"(?i)\Ahttp:", "https:", url)
-                    url = re.sub("(?i):80/", ":443/", url)
+                    url = re.sub(r"(?i):80/", ":443/", url)
                if PLACE.GET in conf.parameters and not get:
                    get = conf.parameters[PLACE.GET]
@@ -383,11 +386,7 @@ class Connect(object):
                headers = forgeHeaders({HTTP_HEADER.COOKIE: cookie})
            if auxHeaders:
-                for key, value in auxHeaders.items():
+                headers = forgeHeaders(auxHeaders, headers)
                    for _ in headers.keys():
                        if _.upper() == key.upper():
                            del headers[_]
                    headers[key] = value
            for key, value in headers.items():
                del headers[key]
@@ -413,13 +412,13 @@ class Connect(object):
                responseHeaders = _(ws.getheaders())
                responseHeaders.headers = ["%s: %s\r\n" % (_[0].capitalize(), _[1]) for _ in responseHeaders.items()]
-                requestHeaders += "\n".join(["%s: %s" % (getUnicode(key.capitalize() if isinstance(key, basestring) else key), getUnicode(value)) for (key, value) in responseHeaders.items()])
+                requestHeaders += "\r\n".join(["%s: %s" % (getUnicode(key.capitalize() if isinstance(key, basestring) else key), getUnicode(value)) for (key, value) in responseHeaders.items()])
-                requestMsg += "\n%s" % requestHeaders
+                requestMsg += "\r\n%s" % requestHeaders
                if post is not None:
-                    requestMsg += "\n\n%s" % getUnicode(post)
+                    requestMsg += "\r\n\r\n%s" % getUnicode(post)
-                requestMsg += "\n"
+                requestMsg += "\r\n"
                threadData.lastRequestMsg = requestMsg
@@ -432,26 +431,26 @@ class Connect(object):
                else:
                    req = urllib2.Request(url, post, headers)
-                requestHeaders += "\n".join(["%s: %s" % (getUnicode(key.capitalize() if isinstance(key, basestring) else key), getUnicode(value)) for (key, value) in req.header_items()])
+                requestHeaders += "\r\n".join(["%s: %s" % (getUnicode(key.capitalize() if isinstance(key, basestring) else key), getUnicode(value)) for (key, value) in req.header_items()])
                if not getRequestHeader(req, HTTP_HEADER.COOKIE) and conf.cj:
                    conf.cj._policy._now = conf.cj._now = int(time.time())
                    cookies = conf.cj._cookies_for_request(req)
-                    requestHeaders += "\n%s" % ("Cookie: %s" % ";".join("%s=%s" % (getUnicode(cookie.name), getUnicode(cookie.value)) for cookie in cookies))
+                    requestHeaders += "\r\n%s" % ("Cookie: %s" % ";".join("%s=%s" % (getUnicode(cookie.name), getUnicode(cookie.value)) for cookie in cookies))
                if post is not None:
                    if not getRequestHeader(req, HTTP_HEADER.CONTENT_LENGTH):
-                        requestHeaders += "\n%s: %d" % (string.capwords(HTTP_HEADER.CONTENT_LENGTH), len(post))
+                        requestHeaders += "\r\n%s: %d" % (string.capwords(HTTP_HEADER.CONTENT_LENGTH), len(post))
                if not getRequestHeader(req, HTTP_HEADER.CONNECTION):
-                    requestHeaders += "\n%s: %s" % (HTTP_HEADER.CONNECTION, "close" if not conf.keepAlive else "keep-alive")
+                    requestHeaders += "\r\n%s: %s" % (HTTP_HEADER.CONNECTION, "close" if not conf.keepAlive else "keep-alive")
-                requestMsg += "\n%s" % requestHeaders
+                requestMsg += "\r\n%s" % requestHeaders
                if post is not None:
-                    requestMsg += "\n\n%s" % getUnicode(post)
+                    requestMsg += "\r\n\r\n%s" % getUnicode(post)
-                requestMsg += "\n"
+                requestMsg += "\r\n"
                if not multipart:
                    threadData.lastRequestMsg = requestMsg
@@ -545,6 +544,15 @@ class Connect(object):
                    warnMsg = "problem occurred during connection closing ('%s')" % getSafeExString(ex)
                    logger.warn(warnMsg)
        except SqlmapConnectionException, ex:
            if conf.proxyList and not kb.threadException:
                warnMsg = "unable to connect to the target URL ('%s')" % ex
                logger.critical(warnMsg)
                threadData.retriesCount = conf.retries
                return Connect._retryProxy(**kwargs)
            else:
                raise
        except urllib2.HTTPError, ex:
            page = None
            responseHeaders = None
@@ -576,24 +584,25 @@ class Connect(object):
            threadData.lastHTTPError = (threadData.lastRequestUID, code, status)
            kb.httpErrorCodes[code] = kb.httpErrorCodes.get(code, 0) + 1
-            responseMsg += "[#%d] (%d %s):\n" % (threadData.lastRequestUID, code, status)
+            responseMsg += "[#%d] (%d %s):\r\n" % (threadData.lastRequestUID, code, status)
            if responseHeaders:
-                logHeaders = "\n".join(["%s: %s" % (getUnicode(key.capitalize() if isinstance(key, basestring) else key), getUnicode(value)) for (key, value) in responseHeaders.items()])
+                logHeaders = "\r\n".join(["%s: %s" % (getUnicode(key.capitalize() if isinstance(key, basestring) else key), getUnicode(value)) for (key, value) in responseHeaders.items()])
-            logHTTPTraffic(requestMsg, "%s%s\n\n%s" % (responseMsg, logHeaders, (page or "")[:MAX_CONNECTION_CHUNK_SIZE]))
+            logHTTPTraffic(requestMsg, "%s%s\r\n\r\n%s" % (responseMsg, logHeaders, (page or "")[:MAX_CONNECTION_CHUNK_SIZE]), start, time.time())
            skipLogTraffic = True
            if conf.verbose <= 5:
                responseMsg += getUnicode(logHeaders)
            elif conf.verbose > 5:
-                responseMsg += "%s\n\n%s" % (logHeaders, (page or "")[:MAX_CONNECTION_CHUNK_SIZE])
+                responseMsg += "%s\r\n\r\n%s" % (logHeaders, (page or "")[:MAX_CONNECTION_CHUNK_SIZE])
            if not multipart:
                logger.log(CUSTOM_LOGGING.TRAFFIC_IN, responseMsg)
-            if ex.code == httplib.UNAUTHORIZED and not conf.ignore401:
+            if ex.code != conf.ignoreCode:
                if ex.code == httplib.UNAUTHORIZED:
                    errMsg = "not authorized, try to provide right HTTP "
                    errMsg += "authentication type and valid credentials (%d)" % code
                    raise SqlmapConnectionException(errMsg)
@@ -672,7 +681,7 @@ class Connect(object):
                warnMsg = "there was an incomplete read error while retrieving data "
                warnMsg += "from the target URL"
            elif "Handshake status" in tbMsg:
-                status = re.search("Handshake status ([\d]{3})", tbMsg)
+                status = re.search(r"Handshake status ([\d]{3})", tbMsg)
                errMsg = "websocket handshake status %s" % status.group(1) if status else "unknown"
                raise SqlmapConnectionException(errMsg)
            else:
@@ -729,27 +738,27 @@ class Connect(object):
        if conn and getattr(conn, "redurl", None):
            _ = urlparse.urlsplit(conn.redurl)
            _ = ("%s%s" % (_.path or "/", ("?%s" % _.query) if _.query else ""))
-            requestMsg = re.sub("(\n[A-Z]+ ).+?( HTTP/\d)", "\g<1>%s\g<2>" % getUnicode(_).replace("\\", "\\\\"), requestMsg, 1)
+            requestMsg = re.sub(r"(\n[A-Z]+ ).+?( HTTP/\d)", "\g<1>%s\g<2>" % getUnicode(_).replace("\\", "\\\\"), requestMsg, 1)
            if kb.resendPostOnRedirect is False:
-                requestMsg = re.sub("(\[#\d+\]:\n)POST ", "\g<1>GET ", requestMsg)
+                requestMsg = re.sub(r"(\[#\d+\]:\n)POST ", "\g<1>GET ", requestMsg)
-                requestMsg = re.sub("(?i)Content-length: \d+\n", "", requestMsg)
+                requestMsg = re.sub(r"(?i)Content-length: \d+\n", "", requestMsg)
-                requestMsg = re.sub("(?s)\n\n.+", "\n", requestMsg)
+                requestMsg = re.sub(r"(?s)\n\n.+", "\n", requestMsg)
-            responseMsg += "[#%d] (%d %s):\n" % (threadData.lastRequestUID, conn.code, status)
+            responseMsg += "[#%d] (%d %s):\r\n" % (threadData.lastRequestUID, conn.code, status)
        else:
-            responseMsg += "[#%d] (%d %s):\n" % (threadData.lastRequestUID, code, status)
+            responseMsg += "[#%d] (%d %s):\r\n" % (threadData.lastRequestUID, code, status)
        if responseHeaders:
-            logHeaders = "\n".join(["%s: %s" % (getUnicode(key.capitalize() if isinstance(key, basestring) else key), getUnicode(value)) for (key, value) in responseHeaders.items()])
+            logHeaders = "\r\n".join(["%s: %s" % (getUnicode(key.capitalize() if isinstance(key, basestring) else key), getUnicode(value)) for (key, value) in responseHeaders.items()])
        if not skipLogTraffic:
-            logHTTPTraffic(requestMsg, "%s%s\n\n%s" % (responseMsg, logHeaders, (page or "")[:MAX_CONNECTION_CHUNK_SIZE]))
+            logHTTPTraffic(requestMsg, "%s%s\r\n\r\n%s" % (responseMsg, logHeaders, (page or "")[:MAX_CONNECTION_CHUNK_SIZE]), start, time.time())
        if conf.verbose <= 5:
            responseMsg += getUnicode(logHeaders)
        elif conf.verbose > 5:
-            responseMsg += "%s\n\n%s" % (logHeaders, (page or "")[:MAX_CONNECTION_CHUNK_SIZE])
+            responseMsg += "%s\r\n\r\n%s" % (logHeaders, (page or "")[:MAX_CONNECTION_CHUNK_SIZE])
        if not multipart:
            logger.log(CUSTOM_LOGGING.TRAFFIC_IN, responseMsg)
@@ -760,8 +769,8 @@ class Connect(object):
    def queryPage(value=None, place=None, content=False, getRatioValue=False, silent=False, method=None, timeBasedCompare=False, noteResponseTime=True, auxHeaders=None, response=False, raise404=None, removeReflection=True):
        """
        This method calls a function to get the target URL page content
-        and returns its page MD5 hash or a boolean value in case of
+        and returns its page ratio (0 <= ratio <= 1) or a boolean value
-        string match check ('--string' command line parameter)
+        representing False/True match in case of !getRatioValue
        """
        if conf.direct:
@@ -846,8 +855,7 @@ class Connect(object):
                    if place == PLACE.COOKIE or place == PLACE.CUSTOM_HEADER and value.split(',')[0] == HTTP_HEADER.COOKIE:
                        if kb.cookieEncodeChoice is None:
                            msg = "do you want to URL encode cookie values (implementation specific)? %s" % ("[Y/n]" if not conf.url.endswith(".aspx") else "[y/N]")  # Reference: https://support.microsoft.com/en-us/kb/313282
-                            choice = readInput(msg, default='Y' if not conf.url.endswith(".aspx") else 'N')
+                            kb.cookieEncodeChoice = readInput(msg, default='Y' if not conf.url.endswith(".aspx") else 'N', boolean=True)
                            kb.cookieEncodeChoice = choice.upper().strip() == 'Y'
                        if not kb.cookieEncodeChoice:
                            skip = True
@@ -862,7 +870,7 @@ class Connect(object):
                    singleTimeWarnMessage(warnMsg)
                if place in (PLACE.GET, PLACE.POST):
                    _ = re.escape(PAYLOAD_DELIMITER)
-                    match = re.search("(?P<name>\w+)=%s(?P<value>.+?)%s" % (_, _), value)
+                    match = re.search(r"(?P<name>\w+)=%s(?P<value>.+?)%s" % (_, _), value)
                    if match:
                        payload = match.group("value")
@@ -899,7 +907,7 @@ class Connect(object):
            post = value
        if PLACE.CUSTOM_POST in conf.parameters:
-            post = conf.parameters[PLACE.CUSTOM_POST].replace(CUSTOM_INJECTION_MARK_CHAR, "") if place != PLACE.CUSTOM_POST or not value else value
+            post = conf.parameters[PLACE.CUSTOM_POST].replace(kb.customInjectionMark, "") if place != PLACE.CUSTOM_POST or not value else value
            post = post.replace(ASTERISK_MARKER, '*') if post else post
        if PLACE.COOKIE in conf.parameters:
@@ -928,18 +936,20 @@ class Connect(object):
        if conf.csrfToken:
            def _adjustParameter(paramString, parameter, newValue):
                retVal = paramString
-                match = re.search("%s=[^&]*" % re.escape(parameter), paramString)
+                match = re.search(r"%s=[^&]*" % re.escape(parameter), paramString)
                if match:
                    retVal = re.sub(re.escape(match.group(0)), "%s=%s" % (parameter, newValue), paramString)
                else:
-                    match = re.search("(%s[\"']:[\"'])([^\"']+)" % re.escape(parameter), paramString)
+                    match = re.search(r"(%s[\"']:[\"'])([^\"']+)" % re.escape(parameter), paramString)
                    if match:
                        retVal = re.sub(re.escape(match.group(0)), "%s%s" % (match.group(1), newValue), paramString)
                return retVal
            page, headers, code = Connect.getPage(url=conf.csrfUrl or conf.url, data=conf.data if conf.csrfUrl == conf.url else None, method=conf.method if conf.csrfUrl == conf.url else None, cookie=conf.parameters.get(PLACE.COOKIE), direct=True, silent=True, ua=conf.parameters.get(PLACE.USER_AGENT), referer=conf.parameters.get(PLACE.REFERER), host=conf.parameters.get(PLACE.HOST))
-            match = re.search(r"<input[^>]+name=[\"']?%s[\"']?\s[^>]*value=(\"([^\"]+)|'([^']+)|([^ >]+))" % re.escape(conf.csrfToken), page or "")
+            token = extractRegexResult(r"(?i)<input[^>]+\bname=[\"']?%s[\"']?[^>]*\bvalue=(?P<result>(\"([^\"]+)|'([^']+)|([^ >]+)))" % re.escape(conf.csrfToken), page or "")
-            token = (match.group(2) or match.group(3) or match.group(4)) if match else None
+
            if not token:
                token = extractRegexResult(r"(?i)<input[^>]+\bvalue=(?P<result>(\"([^\"]+)|'([^']+)|([^ >]+)))[^>]+\bname=[\"']?%s[\"']?" % re.escape(conf.csrfToken), page or "")
                if not token:
                    match = re.search(r"%s[\"']:[\"']([^\"']+)" % re.escape(conf.csrfToken), page or "")
@@ -971,6 +981,8 @@ class Connect(object):
                    raise SqlmapTokenException, errMsg
            if token:
                token = token.strip("'\"")
                for place in (PLACE.GET, PLACE.POST):
                    if place in conf.parameters:
                        if place == PLACE.GET and get:
@@ -1018,8 +1030,11 @@ class Connect(object):
                for part in item.split(delimiter):
                    if '=' in part:
                        name, value = part.split('=', 1)
-                        name = re.sub(r"[^\w]", "", name.strip())
+                        name = name.strip()
-                        if name in keywords:
+                        if safeVariableNaming(name) != name:
                            conf.evalCode = re.sub(r"\b%s\b" % re.escape(name), safeVariableNaming(name), conf.evalCode)
                            name = safeVariableNaming(name)
                        elif name in keywords:
                            name = "%s%s" % (name, EVALCODE_KEYWORD_SUFFIX)
                        value = urldecode(value, convall=True, plusspace=(item==post and kb.postSpaceToPlus))
                        variables[name] = value
@@ -1028,8 +1043,11 @@ class Connect(object):
                for part in cookie.split(conf.cookieDel or DEFAULT_COOKIE_DELIMITER):
                    if '=' in part:
                        name, value = part.split('=', 1)
-                        name = re.sub(r"[^\w]", "", name.strip())
+                        name = name.strip()
-                        if name in keywords:
+                        if safeVariableNaming(name) != name:
                            conf.evalCode = re.sub(r"\b%s\b" % re.escape(name), safeVariableNaming(name), conf.evalCode)
                            name = safeVariableNaming(name)
                        elif name in keywords:
                            name = "%s%s" % (name, EVALCODE_KEYWORD_SUFFIX)
                        value = urldecode(value, convall=True)
                        variables[name] = value
@@ -1040,6 +1058,14 @@ class Connect(object):
                except SyntaxError, ex:
                    if ex.text:
                        original = replacement = ex.text.strip()
                        if '=' in original:
                            name, value = original.split('=', 1)
                            name = name.strip()
                            if safeVariableNaming(name) != name:
                                replacement = re.sub(r"\b%s\b" % re.escape(name), safeVariableNaming(name), replacement)
                            elif name in keywords:
                                replacement = re.sub(r"\b%s\b" % re.escape(name), "%s%s" % (name, EVALCODE_KEYWORD_SUFFIX), replacement)
                        else:
                            for _ in re.findall(r"[A-Za-z_]+", original)[::-1]:
                                if _ in keywords:
                                    replacement = replacement.replace(_, "%s%s" % (_, EVALCODE_KEYWORD_SUFFIX))
@@ -1063,6 +1089,11 @@ class Connect(object):
                    del variables[variable]
                    variables[variable.replace(EVALCODE_KEYWORD_SUFFIX, "")] = value
                if unsafeVariableNaming(variable) != variable:
                    value = variables[variable]
                    del variables[variable]
                    variables[unsafeVariableNaming(variable)] = value
            uri = variables["uri"]
            for name, value in variables.items():
@@ -1075,33 +1106,33 @@ class Connect(object):
                            if kb.postHint in (POST_HINT.XML, POST_HINT.SOAP):
                                if re.search(r"<%s\b" % re.escape(name), post):
                                    found = True
-                                    post = re.sub(r"(?s)(<%s\b[^>]*>)(.*?)(</%s)" % (re.escape(name), re.escape(name)), "\g<1>%s\g<3>" % value, post)
+                                    post = re.sub(r"(?s)(<%s\b[^>]*>)(.*?)(</%s)" % (re.escape(name), re.escape(name)), "\g<1>%s\g<3>" % value.replace('\\', r'\\'), post)
                                elif re.search(r"\b%s>" % re.escape(name), post):
                                    found = True
-                                    post = re.sub(r"(?s)(\b%s>)(.*?)(</[^<]*\b%s>)" % (re.escape(name), re.escape(name)), "\g<1>%s\g<3>" % value, post)
+                                    post = re.sub(r"(?s)(\b%s>)(.*?)(</[^<]*\b%s>)" % (re.escape(name), re.escape(name)), "\g<1>%s\g<3>" % value.replace('\\', r'\\'), post)
                            regex = r"\b(%s)\b([^\w]+)(\w+)" % re.escape(name)
                            if not found and re.search(regex, (post or "")):
                                found = True
-                                post = re.sub(regex, "\g<1>\g<2>%s" % value, post)
+                                post = re.sub(regex, "\g<1>\g<2>%s" % value.replace('\\', r'\\'), post)
                        regex = r"((\A|%s)%s=).+?(%s|\Z)" % (re.escape(delimiter), re.escape(name), re.escape(delimiter))
                        if not found and re.search(regex, (post or "")):
                            found = True
-                            post = re.sub(regex, "\g<1>%s\g<3>" % value, post)
+                            post = re.sub(regex, "\g<1>%s\g<3>" % value.replace('\\', r'\\'), post)
                        if re.search(regex, (get or "")):
                            found = True
-                            get = re.sub(regex, "\g<1>%s\g<3>" % value, get)
+                            get = re.sub(regex, "\g<1>%s\g<3>" % value.replace('\\', r'\\'), get)
                        if re.search(regex, (query or "")):
                            found = True
-                            uri = re.sub(regex.replace(r"\A", r"\?"), "\g<1>%s\g<3>" % value, uri)
+                            uri = re.sub(regex.replace(r"\A", r"\?"), "\g<1>%s\g<3>" % value.replace('\\', r'\\'), uri)
                        regex = r"((\A|%s)%s=).+?(%s|\Z)" % (re.escape(conf.cookieDel or DEFAULT_COOKIE_DELIMITER), name, re.escape(conf.cookieDel or DEFAULT_COOKIE_DELIMITER))
                        if re.search(regex, (cookie or "")):
                            found = True
-                            cookie = re.sub(regex, "\g<1>%s\g<3>" % value, cookie)
+                            cookie = re.sub(regex, "\g<1>%s\g<3>" % value.replace('\\', r'\\'), cookie)
                        if not found:
                            if post is not None:
--- a/lib/request/direct.py
+++ b/lib/request/direct.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 import time
--- a/lib/request/dns.py
+++ b/lib/request/dns.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 import os
@@ -94,7 +94,7 @@ class DNSServer(object):
        with self._lock:
            for _ in self._requests:
-                if prefix is None and suffix is None or re.search("%s\..+\.%s" % (prefix, suffix), _, re.I):
+                if prefix is None and suffix is None or re.search(r"%s\..+\.%s" % (prefix, suffix), _, re.I):
                    retVal = _
                    self._requests.remove(_)
                    break
--- a/lib/request/httpshandler.py
+++ b/lib/request/httpshandler.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 import distutils.version
--- a/lib/request/inject.py
+++ b/lib/request/inject.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 import re
@@ -42,6 +42,8 @@ from lib.core.exception import SqlmapConnectionException
 from lib.core.exception import SqlmapDataException
 from lib.core.exception import SqlmapNotVulnerableException
 from lib.core.exception import SqlmapUserQuitException
 from lib.core.settings import GET_VALUE_UPPERCASE_KEYWORDS
 from lib.core.settings import INFERENCE_MARKER
 from lib.core.settings import MAX_TECHNIQUES_PER_VALUE
 from lib.core.settings import SQL_SCALAR_REGEX
 from lib.core.threads import getCurrentThreadData
@@ -79,9 +81,9 @@ def _goInference(payload, expression, charsetType=None, firstChar=None, lastChar
    timeBasedCompare = (kb.technique in (PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED))
    if not (timeBasedCompare and kb.dnsTest):
-        if (conf.eta or conf.threads > 1) and Backend.getIdentifiedDbms() and not re.search("(COUNT|LTRIM)\(", expression, re.I) and not (timeBasedCompare and not conf.forceThreads):
+        if (conf.eta or conf.threads > 1) and Backend.getIdentifiedDbms() and not re.search(r"(COUNT|LTRIM)\(", expression, re.I) and not (timeBasedCompare and not conf.forceThreads):
-            if field and re.search("\ASELECT\s+DISTINCT\((.+?)\)\s+FROM", expression, re.I):
+            if field and re.search(r"\ASELECT\s+DISTINCT\((.+?)\)\s+FROM", expression, re.I):
                expression = "SELECT %s FROM (%s)" % (field, expression)
                if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
@@ -156,7 +158,7 @@ def _goInferenceProxy(expression, fromUser=False, batch=False, unpack=True, char
    _, _, _, _, _, expressionFieldsList, expressionFields, _ = agent.getFields(expression)
-    rdbRegExp = re.search("RDB\$GET_CONTEXT\([^)]+\)", expression, re.I)
+    rdbRegExp = re.search(r"RDB\$GET_CONTEXT\([^)]+\)", expression, re.I)
    if rdbRegExp and Backend.isDbms(DBMS.FIREBIRD):
        expressionFieldsList = [expressionFields]
@@ -303,7 +305,7 @@ def _goBooleanProxy(expression):
            return output
    vector = kb.injection.data[kb.technique].vector
-    vector = vector.replace("[INFERENCE]", expression)
+    vector = vector.replace(INFERENCE_MARKER, expression)
    query = agent.prefixQuery(vector)
    query = agent.suffixQuery(query)
    payload = agent.payload(newValue=query)
@@ -345,6 +347,9 @@ def getValue(expression, blind=True, union=True, error=True, time=True, fromUser
    kb.safeCharEncode = safeCharEncode
    kb.resumeValues = resumeValue
    for keyword in GET_VALUE_UPPERCASE_KEYWORDS:
        expression = re.sub(r"(?i)(\A|\(|\)|\s)%s(\Z|\(|\)|\s)" % keyword, r"\g<1>%s\g<2>" % keyword, expression)
    if suppressOutput is not None:
        pushValue(getCurrentThreadData().disableStdOut)
        getCurrentThreadData().disableStdOut = suppressOutput
@@ -356,7 +361,7 @@ def getValue(expression, blind=True, union=True, error=True, time=True, fromUser
        if expected == EXPECTED.BOOL:
            forgeCaseExpression = booleanExpression = expression
-            if expression.upper().startswith("SELECT "):
+            if expression.startswith("SELECT "):
                booleanExpression = "(%s)=%s" % (booleanExpression, "'1'" if "'1'" in booleanExpression else "1")
            else:
                forgeCaseExpression = agent.forgeCaseStatement(expression)
@@ -414,7 +419,7 @@ def getValue(expression, blind=True, union=True, error=True, time=True, fromUser
                    found = (value is not None) or (value is None and expectingNone) or count >= MAX_TECHNIQUES_PER_VALUE
                if found and conf.dnsDomain:
-                    _ = "".join(filter(None, (key if isTechniqueAvailable(value) else None for key, value in {"E": PAYLOAD.TECHNIQUE.ERROR, "Q": PAYLOAD.TECHNIQUE.QUERY, "U": PAYLOAD.TECHNIQUE.UNION}.items())))
+                    _ = "".join(filter(None, (key if isTechniqueAvailable(value) else None for key, value in {'E': PAYLOAD.TECHNIQUE.ERROR, 'Q': PAYLOAD.TECHNIQUE.QUERY, 'U': PAYLOAD.TECHNIQUE.UNION}.items())))
                    warnMsg = "option '--dns-domain' will be ignored "
                    warnMsg += "as faster techniques are usable "
                    warnMsg += "(%s) " % _
--- a/lib/request/methodrequest.py
+++ b/lib/request/methodrequest.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 import urllib2
--- a/lib/request/pkihandler.py
+++ b/lib/request/pkihandler.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 import httplib
--- a/lib/request/rangehandler.py
+++ b/lib/request/rangehandler.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 import urllib
--- a/lib/request/redirecthandler.py
+++ b/lib/request/redirecthandler.py
@@ -2,10 +2,11 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 import re
 import time
 import types
 import urllib2
 import urlparse
@@ -69,6 +70,7 @@ class SmartRedirectHandler(urllib2.HTTPRedirectHandler):
        return urllib2.Request(newurl, data=req.data, headers=req.headers, origin_req_host=req.get_origin_req_host())
    def http_error_302(self, req, fp, code, msg, headers):
        start = time.time()
        content = None
        redurl = self._get_header_redirect(headers) if not conf.ignoreRedirects else None
@@ -92,18 +94,18 @@ class SmartRedirectHandler(urllib2.HTTPRedirectHandler):
        threadData.lastRedirectMsg = (threadData.lastRequestUID, content)
        redirectMsg = "HTTP redirect "
-        redirectMsg += "[#%d] (%d %s):\n" % (threadData.lastRequestUID, code, getUnicode(msg))
+        redirectMsg += "[#%d] (%d %s):\r\n" % (threadData.lastRequestUID, code, getUnicode(msg))
        if headers:
-            logHeaders = "\n".join("%s: %s" % (getUnicode(key.capitalize() if isinstance(key, basestring) else key), getUnicode(value)) for (key, value) in headers.items())
+            logHeaders = "\r\n".join("%s: %s" % (getUnicode(key.capitalize() if isinstance(key, basestring) else key), getUnicode(value)) for (key, value) in headers.items())
        else:
            logHeaders = ""
        redirectMsg += logHeaders
        if content:
-            redirectMsg += "\n\n%s" % getUnicode(content[:MAX_CONNECTION_CHUNK_SIZE])
+            redirectMsg += "\r\n\r\n%s" % getUnicode(content[:MAX_CONNECTION_CHUNK_SIZE])
-        logHTTPTraffic(threadData.lastRequestMsg, redirectMsg)
+        logHTTPTraffic(threadData.lastRequestMsg, redirectMsg, start, time.time())
        logger.log(CUSTOM_LOGGING.TRAFFIC_IN, redirectMsg)
        if redurl:
@@ -127,7 +129,7 @@ class SmartRedirectHandler(urllib2.HTTPRedirectHandler):
                if HTTP_HEADER.COOKIE not in req.headers:
                    req.headers[HTTP_HEADER.COOKIE] = _
                else:
-                    req.headers[HTTP_HEADER.COOKIE] = re.sub("%s{2,}" % delimiter, delimiter, ("%s%s%s" % (re.sub(r"\b%s=[^%s]*%s?" % (_.split('=')[0], delimiter, delimiter), "", req.headers[HTTP_HEADER.COOKIE]), delimiter, _)).strip(delimiter))
+                    req.headers[HTTP_HEADER.COOKIE] = re.sub(r"%s{2,}" % delimiter, delimiter, ("%s%s%s" % (re.sub(r"\b%s=[^%s]*%s?" % (re.escape(_.split('=')[0]), delimiter, delimiter), "", req.headers[HTTP_HEADER.COOKIE]), delimiter, _)).strip(delimiter))
            try:
                result = urllib2.HTTPRedirectHandler.http_error_302(self, req, fp, code, msg, headers)
            except urllib2.HTTPError, e:
--- a/lib/request/templates.py
+++ b/lib/request/templates.py
@@ -2,7 +2,7 @@
 """
 Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
+See the file 'LICENSE' for copying permission
 """
 from lib.core.data import kb
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Miroslav Stampar	c671acb62e	Minor patch of normalizePath()	2017-11-02 13:09:31 +01:00
Miroslav Stampar	cdd0e6f0ac	Minor patch	2017-11-02 13:02:38 +01:00
Miroslav Stampar	ce8d0befd0	Fixes #2755	2017-11-02 11:49:36 +01:00
Miroslav Stampar	14676bdffb	Switching proxies when Google detects unusual traffic	2017-11-01 10:35:01 +01:00
Miroslav Stampar	01d24cbb42	Minor adjustment of logging messages	2017-10-31 11:48:17 +01:00
Miroslav Stampar	9c3c9a9315	Minor bug fix	2017-10-31 11:39:12 +01:00
Miroslav Stampar	66d37112d1	If it works, don't touch. I touched	2017-10-31 11:38:09 +01:00
Miroslav Stampar	6bf84151e4	Silent bug fix (.encode() is not safe for base64 encoding because of whitespaces)	2017-10-31 11:07:28 +01:00
Miroslav Stampar	22907d5085	Some more trivial refactoring	2017-10-31 11:05:25 +01:00
Miroslav Stampar	b1a898662d	Some more trivial refactoring	2017-10-31 10:27:58 +01:00
Miroslav Stampar	496075ef20	Trivial refactoring	2017-10-31 10:10:22 +01:00
Miroslav Stampar	ac2359f8df	Patch of potential silent bug (digits charset)	2017-10-31 10:03:23 +01:00
Miroslav Stampar	ff5bdbefe8	Minor refactoring	2017-10-31 09:55:14 +01:00
Miroslav Stampar	190cf4b14d	Minor patch (missing scheme case)	2017-10-31 09:51:07 +01:00
Miroslav Stampar	9df514cf41	Whitespace removal from varnish WAF script	2017-10-30 13:16:30 +01:00
Miroslav Stampar	f7cde3099b	Adding WAF script for DOSarrest	2017-10-30 12:53:34 +01:00
Miroslav Stampar	668d86df9f	Adding WAF script for Wordfence	2017-10-30 12:48:05 +01:00
Miroslav Stampar	915d4bf900	Minor update of paloalto.py (Issue #2749 )	2017-10-29 23:39:32 +01:00
Miroslav Stampar	8d7796f41c	Trivial refactoring	2017-10-28 23:27:19 +02:00
Miroslav Stampar	5497a6e58d	Adding support for Base64 format of md5, sha1, sha256 and sha512 hashes (Issue #1881 )	2017-10-28 22:40:55 +02:00
Miroslav Stampar	9ae713bcec	Adding support for DJANGO_MD5 and DJANGO_SHA1 (Issue #1881 )	2017-10-20 13:56:47 +02:00
Miroslav Stampar	7c874350d2	Adding support for SSHA, SSHA256 and SSHA512 (Issue #1881 )	2017-10-20 13:32:40 +02:00
Miroslav Stampar	311444a4ac	Update related to the #2677	2017-10-20 10:00:26 +02:00
Miroslav Stampar	4e611133c6	Fixes #2747	2017-10-17 16:34:09 +02:00
Miroslav Stampar	5f25a77eab	Adding support for vBulletin password hashes (Issue #1881 )	2017-10-17 11:21:03 +02:00
Miroslav Stampar	ae3c013054	Minor update	2017-10-17 10:38:33 +02:00
Miroslav Stampar	7b0f1fd7fc	Couple of patches and implementation for SHA256 (Issue #1881 )	2017-10-16 15:15:44 +02:00
Miroslav Stampar	1f60dfc835	Minor patch for WAF mechanism	2017-10-16 11:42:11 +02:00
Miroslav Stampar	94579aa80d	Minor patch (salt should be 32 bytes in length)	2017-10-13 15:53:45 +02:00
Miroslav Stampar	0f4d202db4	Implemented support for Joomla passwd (Issue #1881 )	2017-10-13 15:37:16 +02:00
Miroslav Stampar	a1dd7363d4	Implemented support for Apache SHA1 (Issue #1881 )	2017-10-13 15:19:50 +02:00
Miroslav Stampar	12b331170b	Minor bug fix	2017-10-12 15:08:09 +02:00
Miroslav Stampar	3ca4b7c0a9	Update for #1881 (unix_md5_passwd and apache_md5_passwd)	2017-10-12 15:05:32 +02:00
Miroslav Stampar	f9de8a8b5d	Minor update	2017-10-11 15:36:59 +02:00
Miroslav Stampar	9ba5feba03	Simplification of LICENSE as per Github's 'Licensing a repository' guidelines	2017-10-11 15:11:17 +02:00
Miroslav Stampar	8c6b761044	Replacing doc/COPYING to LICENSE	2017-10-11 14:50:46 +02:00
Miroslav Stampar	a2d465aa4a	Moving doc/COPYING to LICENSE (as per open-source community standards)	2017-10-11 14:43:03 +02:00
Miroslav Stampar	d80f108365	Adding CODE_OF_CONDUCT.md	2017-10-11 14:32:00 +02:00
Miroslav Stampar	91d918096f	Moving CONTRIBUTING.md to .github folder	2017-10-11 14:29:22 +02:00
Miroslav Stampar	936b1c1874	Adding .github directory	2017-10-11 14:26:35 +02:00
Miroslav Stampar	c768fe4617	Changing file permissions to remove execute bit	2017-10-11 14:16:48 +02:00
Miroslav Stampar	b7db28a89b	Minor refactoring (unused imports)	2017-10-10 16:14:39 +02:00
Miroslav Stampar	94a337b2e3	Implementation for an Issue #1306	2017-10-10 16:08:13 +02:00
Miroslav Stampar	df135a5b0c	Sponsorship update (link)	2017-10-10 14:27:10 +02:00
Miroslav Stampar	d8caf7818d	Sponsorship update (bold text)	2017-10-10 14:20:56 +02:00
Miroslav Stampar	a450271e6d	Update README.md	2017-10-10 13:57:41 +02:00
Miroslav Stampar	339dc7ce37	Sponsorship update	2017-10-10 13:46:45 +02:00
Miroslav Stampar	5df7abb0ee	Fixes #2737	2017-10-10 11:04:17 +02:00
Miroslav Stampar	1f5f2aff0b	Adding support for Bing (as a fallback)	2017-10-09 14:25:08 +02:00
Miroslav Stampar	8c88a095fb	disconnect.me turned into a DuckDuckGo proxy	2017-10-09 14:07:27 +02:00
Miroslav Stampar	09ddb3bd8b	Minor update for #2731 (--smoke-test failed)	2017-10-04 14:02:47 +02:00
Miroslav Stampar	d2af0c7a1f	Merge pull request #2731 from eur0pa/patch-1 Added Unicode-escape tamper script	2017-10-04 13:57:35 +02:00
europa	3fbe2f645a	Added Unicode-escape tamper script	2017-10-04 12:22:31 +02:00
Miroslav Stampar	f1c102a020	Minor touch for internal re-hashing purposes	2017-10-02 16:32:37 +02:00
Miroslav Stampar	834ea2d0d8	Merge pull request #2728 from syedafzal/add_new_waf Added identification for waf NAXSI	2017-10-02 16:29:47 +02:00
Syed Afzal	ae972de8fc	Added identification for waf NAXSI	2017-10-01 22:15:02 +05:30
Miroslav Stampar	62519eed04	Minor patch (breaking lines on longer outputs - 100%)	2017-09-26 13:18:37 +02:00
Miroslav Stampar	222fd856fa	Implementation for #2709	2017-09-25 11:32:40 +02:00
Miroslav Stampar	db94d24db1	Initial support for #2709 (more work to be done)	2017-09-21 14:35:24 +02:00
Miroslav Stampar	116c1c8b5c	Minor refactoring	2017-09-20 15:49:18 +02:00
Miroslav Stampar	afc2a42383	Revisiting regexes for DBMS errors	2017-09-20 15:28:33 +02:00
Miroslav Stampar	44664dd7d6	Minor update (based on user request)	2017-09-19 14:36:34 +02:00
Miroslav Stampar	35ba94b3a9	Fixes #2696	2017-09-17 23:56:48 +02:00
Miroslav Stampar	24c261d630	Minor patch	2017-09-17 23:12:57 +02:00
Miroslav Stampar	6a8ea0557c	Minor update	2017-09-15 14:23:55 +02:00
Miroslav Stampar	721bf4d243	Minor update related to the #2695	2017-09-14 13:28:24 +02:00
Miroslav Stampar	e02ce4eb1f	Merge pull request #2695 from Zwirzu/master Created polish translaton	2017-09-14 13:24:35 +02:00
Zwirzu	2f8e8a5f62	Created polish translaton I just translated Readme.md to polish.	2017-09-14 00:03:24 +02:00
Miroslav Stampar	7de63a7efb	Fixes #2694	2017-09-12 10:32:22 +02:00
Miroslav Stampar	12f802c70f	Minor text update	2017-09-11 10:41:50 +02:00
Miroslav Stampar	96ffb4b911	Fixes #2693	2017-09-11 10:38:19 +02:00
Miroslav Stampar	93cb879e5d	Fixes #2692	2017-09-11 10:17:02 +02:00
Miroslav Stampar	f67f26cebd	Minor update	2017-09-11 10:00:35 +02:00
Miroslav Stampar	942ac7733a	Fixes #2691	2017-09-09 22:27:40 +02:00
Miroslav Stampar	2496db9d96	Update for #2690	2017-09-08 11:59:26 +02:00
Miroslav Stampar	a3249019d9	Patch for an Issue #2690	2017-09-08 11:43:10 +02:00
Miroslav Stampar	96f80879ff	Fixes #2688	2017-09-06 23:41:56 +02:00
Miroslav Stampar	96b9950f96	Fixes #2684	2017-09-05 13:13:08 +02:00
Miroslav Stampar	30ea219228	Fixes #2604	2017-09-05 12:48:51 +02:00
Miroslav Stampar	7c41bc57e7	Fixes #2683	2017-09-05 10:51:58 +02:00
Miroslav Stampar	e609bd04ad	Fixes #2678	2017-09-04 23:00:16 +02:00
Miroslav Stampar	511f2a6d12	Update for #2680	2017-09-04 17:16:00 +02:00
Miroslav Stampar	415ce05a2f	Fixes #2677	2017-09-04 17:05:48 +02:00
Miroslav Stampar	06deda3223	Fixes #2672	2017-09-01 14:29:52 +02:00
Miroslav Stampar	d4170f11f0	Patch for #2654	2017-08-28 17:29:46 +02:00
Miroslav Stampar	cb2258fea4	Fixes #2603	2017-08-28 13:02:08 +02:00
Miroslav Stampar	c871cedae4	Adding hidden option '--force-dbms' to skip fingerprinting	2017-08-28 12:30:42 +02:00
Miroslav Stampar	3e4130c5e6	Update for #2665	2017-08-28 11:08:36 +02:00
Miroslav Stampar	a6c04a59cb	Minor update	2017-08-23 14:10:11 +02:00
Miroslav Stampar	53eb44304f	Proper patch for #2666	2017-08-23 14:08:40 +02:00
Miroslav Stampar	400339a884	Fixes #2665	2017-08-23 13:52:51 +02:00
Miroslav Stampar	8b0c50f25d	Update related to the #2663	2017-08-23 13:17:37 +02:00
Miroslav Stampar	e42b63f51c	Typo fix	2017-08-20 10:02:26 +02:00
Miroslav Stampar	b8f88a079a	Fixes #2659	2017-08-20 10:00:04 +02:00
Miroslav Stampar	a761e1d165	Fixes #2656	2017-08-16 03:08:58 +02:00
Miroslav Stampar	5b6926ae05	Fixes #2654	2017-08-11 11:48:05 +02:00
Miroslav Stampar	e862da6d4e	Update for an Issue #2653	2017-08-11 10:47:32 +02:00
Miroslav Stampar	1ac0704c09	Fixes #2651	2017-08-09 16:52:36 +02:00
Miroslav Stampar	b6b51bea9d	Fixes #2649	2017-08-07 11:27:22 +02:00
Miroslav Stampar	672abe8416	Minor just in case update	2017-08-04 13:59:15 +02:00
Miroslav Stampar	fac6712a35	Implements #2647 (Basic authorization for sqlmapapi)	2017-08-04 13:37:49 +02:00
Miroslav Stampar	68ee1f361b	Fixes #2640	2017-07-31 14:20:59 +02:00
Miroslav Stampar	62ae149464	Minor patch	2017-07-29 03:35:05 +02:00
Miroslav Stampar	f071c8500c	Fixes #2634	2017-07-29 03:18:49 +02:00
Miroslav Stampar	5745d650f8	Fixes #2635	2017-07-29 02:42:20 +02:00
Miroslav Stampar	de8ea53d46	Fixes #2628	2017-07-28 00:37:33 +02:00
Miroslav Stampar	23081f83db	Fixes #2626	2017-07-28 00:16:06 +02:00
Miroslav Stampar	4d56a806e8	Minor patch	2017-07-28 00:00:09 +02:00
Miroslav Stampar	1745bac0ab	Fixes #2625	2017-07-26 00:54:29 +02:00
Miroslav Stampar	0f9c81965b	Implementation on request	2017-07-26 00:24:13 +02:00
Miroslav Stampar	d12b65d38c	Fixes #2624	2017-07-25 23:32:30 +02:00
Miroslav Stampar	38c70d9799	Minor update	2017-07-21 11:09:00 +02:00
Miroslav Stampar	a9a744fec6	Merge pull request #2620 from delvelabs/mark-steps-in-har Fix HAR validation for HAR viewer	2017-07-21 11:07:16 +02:00
Louis-Philippe Huberdeau	3c5ee552f0	Make sure non-optional properties are present	2017-07-20 08:50:03 -04:00
Miroslav Stampar	8ca45695ab	Minor update	2017-07-20 03:09:09 +02:00
Miroslav Stampar	bf40526785	Merge pull request #2618 from delvelabs/mark-steps-in-har Mark steps in HAR file	2017-07-20 02:52:57 +02:00
Miroslav Stampar	9b41efcbe1	Minor patch	2017-07-20 02:50:34 +02:00
Miroslav Stampar	36f3fd72e6	Update for an Issue #2616	2017-07-20 02:41:47 +02:00
Louis-Philippe Huberdeau	facc54f60b	Receiving some messages with a differerent header line	2017-07-19 15:40:07 -04:00
Louis-Philippe Huberdeau	4c7da11331	Make sure the comment is not set to None	2017-07-19 14:46:36 -04:00
Louis-Philippe Huberdeau	e21f67715c	List is not a valid input type for timings, expecting object	2017-07-19 14:12:30 -04:00
Louis-Philippe Huberdeau	e38267a61e	Include tracking properties in the HAR to identify which test the requests were associated to	2017-07-18 15:46:52 -04:00
Miroslav Stampar	7d147f613f	Fixes #2611	2017-07-17 22:24:51 +02:00
Miroslav Stampar	591a60bbde	Fixes #2606	2017-07-11 14:48:22 +02:00
Miroslav Stampar	3f40bf1101	Fixes #2387	2017-07-06 11:44:18 +02:00
Miroslav Stampar	d248317b89	Update for people that just download 'sqlmap.py' <- they exist	2017-07-05 16:42:54 +02:00
Miroslav Stampar	75fd878242	Minor patch	2017-07-05 15:41:53 +02:00
Miroslav Stampar	30378c8ae3	Minor patch	2017-07-05 15:27:29 +02:00
Miroslav Stampar	c9b3b47d6f	Minor update	2017-07-05 14:07:21 +02:00
Miroslav Stampar	d038d027f9	Minor updates	2017-07-05 13:51:48 +02:00
Miroslav Stampar	c6577b80d9	Minor update	2017-07-05 13:35:02 +02:00
Miroslav Stampar	4a4fa07bdd	Minor update	2017-07-05 12:35:48 +02:00
Miroslav Stampar	a4ebd5418f	Patch for an Issue reported privately via email	2017-07-05 12:15:14 +02:00
Miroslav Stampar	ba369b73d3	Fixes #2601	2017-07-05 11:31:42 +02:00
Miroslav Stampar	614f290217	Update for #2597	2017-07-04 12:14:17 +02:00
Miroslav Stampar	1678b606a2	Update for #2597	2017-07-03 16:55:24 +02:00
Miroslav Stampar	aef5d6667f	Merge pull request #2597 from delvelabs/generate-har Generate HAR	2017-07-03 15:27:00 +02:00
Miroslav Stampar	b622c25f9d	Fixes #2598	2017-07-03 14:17:11 +02:00
Miroslav Stampar	e07ff7168b	Fixes #2599	2017-07-02 00:03:34 +02:00
Louis-Philippe Huberdeau	b6969df52a	Add missing httpVersion in request render, avoid encoding to base64 unless binary data is included	2017-06-29 10:14:20 -04:00
Louis-Philippe Huberdeau	dd19527e9c	Remove debug _raw entry from output	2017-06-29 09:00:02 -04:00
Louis-Philippe Huberdeau	fae965f8b6	Parse and build the response block	2017-06-23 13:28:22 -04:00
Louis-Philippe Huberdeau	0d756a8823	Parse request data and convert to HAR, include in injection data	2017-06-23 11:50:21 -04:00
Louis-Philippe Huberdeau	8df4cc3983	Adding initial hook to receive the request/response pairs	2017-06-23 09:44:33 -04:00