Struggling with Github Actions

Small fix for documentation.

.github/FUNDING.yml

@@ -0,0 +1 @@
+custom: 'https://www.paypal.com/donate?hosted_button_id=A34GMDLKA2V7G'

.github/workflows/tests.yml

@@ -0,0 +1,25 @@
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+
+jobs:
+  build:
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [ubuntu-latest, macos-latest, windows-latest]
+        python-version: [ '2.x', '3.x', 'pypy-2.7', 'pypy-3.6', 'pypy-3.7' ]
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up Python
+        uses: actions/setup-python@v2
+        with:
+          python-version: ${{ matrix.python-version }}
+      - name: Basic import test
+        run: python -c "import sqlmap; import sqlmapapi"
+      - name: Smoke test
+        run: python sqlmap.py --smoke
+      - name: Vuln test
+        run: python sqlmap.py --vuln

.travis.yml

@@ -1,19 +0,0 @@
-language: python
-jobs:
-    include:
-        - python: 2.6
-          dist: trusty
-        - python: 2.7
-          dist: trusty
-        - python: 3.3
-          dist: trusty
-        - python: 3.6
-          dist: trusty
-        - python: nightly
-          dist: bionic
-git:
-    depth: 1
-script:
-    - python -c "import sqlmap; import sqlmapapi"
-    - python sqlmap.py --smoke
-    - python sqlmap.py --vuln

README.md

@@ -1,11 +1,9 @@
 # sqlmap ![](https://i.imgur.com/fe85aVR.png)
 
-[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![GitHub closed issues](https://img.shields.io/github/issues-closed-raw/sqlmapproject/sqlmap.svg?colorB=ff69b4)](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
+[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
 
 sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester, and a broad range of switches including database fingerprinting, over data fetching from the database, accessing the underlying file system, and executing commands on the operating system via out-of-band connections.
 
-**sqlmap is sponsored by [SpyderSec](https://spydersec.com/).**
-
 Screenshots
 ----
 
@@ -41,7 +39,7 @@ To get an overview of sqlmap capabilities, a list of supported features, and a d
 Links
 ----
 
-* Homepage: http://sqlmap.org
+* Homepage: https://sqlmap.org
 * Download: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
 * Commits RSS feed: https://github.com/sqlmapproject/sqlmap/commits/master.atom
 * Issue tracker: https://github.com/sqlmapproject/sqlmap/issues
@@ -68,6 +66,7 @@ Translations
 * [Polish](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-pl-PL.md)
 * [Portuguese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-pt-BR.md)
 * [Russian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ru-RUS.md)
+* [Serbian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-rs-RS.md)
 * [Spanish](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-es-MX.md)
 * [Turkish](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-tr-TR.md)
 * [Ukrainian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-uk-UA.md)

data/txt/common-columns.txt

@@ -1,4 +1,4 @@
-# Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
+# Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/)
 # See the file 'LICENSE' for copying permission
 
 id
@@ -485,6 +485,8 @@ llave
 chaveta
 tono
 cuna
+correo
+contrasenia
 
 # german
 

data/txt/common-files.txt

@@ -1,6 +1,12 @@
-# Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
+# Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/)
 # See the file 'LICENSE' for copying permission
 
+# CTFs
+
+/flag
+/flag.txt
+/readflag
+
 # Reference: https://gist.github.com/sckalath/78ad449346171d29241a
 
 /apache/logs/access.log
@@ -1718,6 +1724,7 @@
 /etc/php4/apache2/php.ini
 /etc/php5/apache/php.ini
 /etc/php5/apache2/php.ini
+/etc/php/7.4/apache2/php.ini
 /etc/php/php.ini
 /usr/local/apache/conf/modsec.conf
 /var/cpanel/cpanel.config
@@ -1793,9 +1800,10 @@
 
 # Misc
 
-/etc/lib/nfs/etab
 /app/app.js
 /app/configure.js
 /app/config/config.json
-/flag.txt
+/etc/grafana/grafana.ini
-/readflag
+/opt/kibana/config/kibana.yml
+/etc/kibana/kibana.yml
+/etc/elasticsearch/elasticsearch.yml

data/txt/common-outputs.txt

@@ -1,4 +1,4 @@
-# Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
+# Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/)
 # See the file 'LICENSE' for copying permission
 
 [Banners]
@@ -12,7 +12,9 @@
 5.1.
 5.5.
 5.6.
+5.7.
 6.0.
+8.0.
 
 # PostgreSQL
 PostgreSQL 7.0
@@ -30,6 +32,13 @@ PostgreSQL 9.0
 PostgreSQL 9.1
 PostgreSQL 9.2
 PostgreSQL 9.3
+PostgreSQL 9.4
+PostgreSQL 9.5
+PostgreSQL 9.6
+PostgreSQL 10.
+PostgreSQL 11.
+PostgreSQL 12.
+PostgreSQL 13.
 
 # Oracle
 Oracle Database 9i Standard Edition Release
@@ -49,12 +58,18 @@ Oracle Database 11g Express Edition Release
 Oracle Database 11g Express Edition Release 11.
 Oracle Database 11g Enterprise Edition Release
 Oracle Database 11g Enterprise Edition Release 11.
+Oracle Database 12c
 
 # Microsoft SQL Server
 Microsoft SQL Server 7.0
 Microsoft SQL Server 2000
 Microsoft SQL Server 2005
 Microsoft SQL Server 2008
+Microsoft SQL Server 2012
+Microsoft SQL Server 2014
+Microsoft SQL Server 2016
+Microsoft SQL Server 2017
+Microsoft SQL Server 2019
 
 
 [Users]

data/txt/common-tables.txt

@@ -1,4 +1,4 @@
-# Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
+# Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/)
 # See the file 'LICENSE' for copying permission
 
 users
@@ -3223,6 +3223,10 @@ nuke_gallery_pictures_newpicture
 Books
 grupo
 facturas
+aclaraciones
+preguntas
+personas
+estadisticas
 
 # site:cn
 

data/txt/keywords.txt

@@ -1,4 +1,4 @@
-# Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
+# Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/)
 # See the file 'LICENSE' for copying permission
 
 # SQL-92 keywords (reference: http://developer.mimer.com/validator/sql-reserved-words.tml)

data/txt/user-agents.txt

@@ -1,4 +1,4 @@
-# Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
+# Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/)
 # See the file 'LICENSE' for copying permission
 
 # Opera

data/xml/errors.xml

@@ -223,4 +223,12 @@
         <error regexp="-10048: Syntax error"/>
         <error regexp="rdmStmtPrepare\(.+?\) returned"/>
     </dbms>
+
+    <dbms value="Virtuoso">
+        <error regexp="SQ074: Line \d+:"/>
+        <error regexp="SR185: Undefined procedure"/>
+        <error regexp="SQ200: No table "/>
+        <error regexp="Virtuoso S0002 Error"/>
+        <error regexp="\[(Virtuoso Driver|Virtuoso iODBC Driver)\]\[Virtuoso Server\]"/>
+    </dbms>
 </root>

data/xml/queries.xml

@@ -127,8 +127,8 @@
             <blind query="SELECT DISTINCT(schemaname) FROM pg_tables ORDER BY schemaname OFFSET %d LIMIT 1" count="SELECT COUNT(DISTINCT(schemaname)) FROM pg_tables"/>
         </dbs>
         <tables>
-            <inband query="SELECT schemaname,tablename FROM pg_tables" condition="schemaname"/>
+            <inband query="SELECT schemaname,tablename FROM pg_tables" condition="schemaname" query2="SELECT table_schema,table_name FROM information_schema.tables" condition2="table_schema"/>
-            <blind query="SELECT tablename FROM pg_tables WHERE schemaname='%s' ORDER BY tablename OFFSET %d LIMIT 1" count="SELECT COUNT(tablename) FROM pg_tables WHERE schemaname='%s'"/>
+            <blind query="SELECT tablename FROM pg_tables WHERE schemaname='%s' ORDER BY tablename OFFSET %d LIMIT 1" count="SELECT COUNT(tablename) FROM pg_tables WHERE schemaname='%s'" query2="SELECT table_name FROM information_schema.tables WHERE table_schema='%s' OFFSET %d LIMIT 1" count2="SELECT COUNT(table_name) FROM information_schema.tables WHERE table_schema='%s'"/>
         </tables>
         <columns>
             <inband query="SELECT attname,typname FROM pg_attribute b JOIN pg_class a ON a.oid=b.attrelid JOIN pg_type c ON c.oid=b.atttypid JOIN pg_namespace d ON a.relnamespace=d.oid WHERE b.attnum>0 AND a.relname='%s' AND nspname='%s' ORDER BY attname" condition="attname"/>
@@ -1209,7 +1209,7 @@
         </users>
         <passwords>
             <inband query="SELECT USER_NAME,PASSWORD FROM SYSTEM_.SYS_USERS_" condition="USER_NAME"/>
-            <blind query="SELECT PASSWORD FROM SYSTEM_.SYS_USERS_ WHERE USER_NAME='%s'" count="SELECT COUNT(PASSWORD) FROM SYSTEM_.SYS_USERS_ WHERE USER_NAME='%s'"/>
+            <blind query="SELECT PASSWORD FROM SYSTEM_.SYS_USERS_ WHERE USER_NAME='%s' LIMIT %d,1" count="SELECT COUNT(PASSWORD) FROM SYSTEM_.SYS_USERS_ WHERE USER_NAME='%s'"/>
         </passwords>
         <privileges>
             <inband query="SELECT USER_NAME,PRIV_NAME FROM SYSTEM_.SYS_GRANT_OBJECT_ JOIN SYSTEM_.SYS_PRIVILEGES_ ON SYSTEM_.SYS_GRANT_OBJECT_.PRIV_ID=SYSTEM_.SYS_PRIVILEGES_.PRIV_ID JOIN SYSTEM_.SYS_USERS_ ON SYSTEM_.SYS_USERS_.USER_ID=SYSTEM_.SYS_GRANT_OBJECT_.GRANTEE_ID" condition="USER_NAME"/>
@@ -1665,4 +1665,55 @@
         <search_table/>
         <search_column/>
    </dbms>
+
+    <dbms value="Virtuoso">
+        <cast query="CAST(%s AS NCHAR)"/>
+        <length query="LENGTH(%s)"/>
+        <isnull query="__MAX_NOTNULL(%s,' ')"/>
+        <delimiter query="||"/>
+        <limit query="TOP (%d,%d)"/>
+        <limitregexp query="\s+TOP\s*\(([\d]+)\s*\,\s*([\d]+)\)" query2="\s+TOP\s+([\d]+)"/>
+        <limitgroupstart query="1"/>
+        <limitgroupstop query="2"/>
+        <limitstring query=" TOP "/>
+        <order query="ORDER BY %s ASC"/>
+        <count query="COUNT(%s)"/>
+        <comment query="-- -" query2="/*"/>
+        <concatenate query="%s||%s"/>
+        <case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/>
+        <inference query="ASCII(SUBSTRING((%s),%d,1))>%d"/>
+        <banner query="sys_stat('st_dbms_name')||' - '||sys_stat('st_dbms_ver')"/>
+        <current_user query="USERNAME()"/>
+        <current_db query="UPPER(USERNAME())"/>
+        <hostname query="sys_stat('st_host_name')"/>
+        <table_comment/>
+        <column_comment/>
+        <is_dba query="USERNAME()='dba'"/>
+        <dbs>
+            <inband query="SELECT schema_name FROM INFORMATION_SCHEMA.SCHEMATA"/>
+            <blind query="SELECT DISTINCT TOP (%d,1) schema_name FROM INFORMATION_SCHEMA.SCHEMATA ORDER BY 1" count="SELECT COUNT(DISTINCT(schema_name)) FROM INFORMATION_SCHEMA.SCHEMATA"/>
+        </dbs>
+        <tables>
+            <inband query="SELECT table_schema,table_name FROM INFORMATION_SCHEMA.TABLES" condition="table_schema"/>
+            <blind query="SELECT TOP (%d,1) table_name FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s' ORDER BY 1" count="SELECT COUNT(table_name) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s'"/>
+        </tables>
+        <columns>
+            <inband query="SELECT column_name,data_type FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND table_schema='%s'" condition="column_name"/>
+            <blind query="SELECT column_name FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND table_schema='%s'" query2="SELECT data_type FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND column_name='%s' AND table_schema='%s'" count="SELECT COUNT(column_name) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND table_schema='%s'" condition="column_name"/>
+        </columns>
+        <dump_table>
+            <inband query="SELECT %s FROM %s.%s ORDER BY %s"/>
+            <blind query="SELECT TOP (%d,1) %s FROM %s.%s ORDER BY %s" count="SELECT COUNT(*) FROM %s.%s"/>
+        </dump_table>
+        <users>
+            <inband query="SELECT u_name FROM SYS_USERS WHERE U_IS_ROLE=0 ORDER BY 1"/>
+            <blind query="SELECT TOP (%d,1) u_name FROM SYS_USERS WHERE U_IS_ROLE=0 ORDER BY 1" count="SELECT COUNT(DISTINCT(u_name)) FROM SYS_USERS"/>
+        </users>
+        <privileges/>
+        <roles/>
+        <statements/>
+        <search_db/>
+        <search_table/>
+        <search_column/>
+   </dbms>
 </root>

doc/CHANGELOG.md

@@ -171,7 +171,7 @@
 * Major code cleanup.
 * Added simple file encryption/compression utility, extra/cloak/cloak.py, used by sqlmap to decrypt on the fly Churrasco, UPX executable and web shells consequently reducing drastically the number of anti-virus software that mistakenly mark sqlmap as a malware.
 * Updated user's manual.
-* Created several demo videos, hosted on YouTube (http://www.youtube.com/user/inquisb) and linked from http://sqlmap.org/demo.html.
+* Created several demo videos, hosted on YouTube (http://www.youtube.com/user/inquisb) and linked from https://sqlmap.org/demo.html.
 
 # Version 0.8 release candidate (2009-09-21)
 
@@ -343,7 +343,7 @@
 * Added Microsoft SQL Server extensive DBMS fingerprint checks based upon accurate '@@version' parsing matching on an XML file to get also the exact patching level of the DBMS;
 * Added support for query ETA (Estimated Time of Arrival) real time calculation (`--eta`);
 * Added support to extract database management system users password hash on MySQL and PostgreSQL (`--passwords`);
-* Added docstrings to all functions, classes and methods, consequently released the sqlmap development documentation <http://sqlmap.org/dev/>;
+* Added docstrings to all functions, classes and methods, consequently released the sqlmap development documentation <https://sqlmap.org/dev/>;
 * Implemented Google dorking feature (`-g`) to take advantage of Google results affected by SQL injection to perform other command line argument on their DBMS;
 * Improved logging functionality: passed from banal 'print' to Python native logging library;
 * Added support for more than one parameter in `-p` command line option;

doc/THANKS.md

@@ -734,6 +734,9 @@ rmillet, <rmillet42(at)gmail.com>
 Rub3nCT, <rub3nct(at)gmail.com>
 * for reporting a minor bug
 
+sapra, <amanistaken(at)gmail.com>
+* for helping out with Python multiprocessing library on MacOS
+
 shiftzwei, <shiftzwei(at)gmail.com>
 * for reporting a couple of bugs
 

doc/translations/README-bg-BG.md

@@ -39,7 +39,7 @@ sqlmap работи самостоятелно с [Python](http://www.python.org
 Връзки
 ----
 
-* Начална страница: http://sqlmap.org
+* Начална страница: https://sqlmap.org
 * Изтегляне: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
 * RSS емисия: https://github.com/sqlmapproject/sqlmap/commits/master.atom
 * Проследяване на проблеми и въпроси: https://github.com/sqlmapproject/sqlmap/issues

doc/translations/README-de-GER.md

@@ -38,7 +38,7 @@ Ein Probelauf ist [hier](https://asciinema.org/a/46601) zu finden. Um einen Übe
 Links
 ---
 
-* Webseite: http://sqlmap.org
+* Webseite: https://sqlmap.org
 * Download: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
 * Commits RSS feed: https://github.com/sqlmapproject/sqlmap/commits/master.atom
 * Problemverfolgung: https://github.com/sqlmapproject/sqlmap/issues

doc/translations/README-es-MX.md

@@ -38,7 +38,7 @@ Para obtener una visión general de las capacidades de sqlmap, así como un list
 Enlaces
 ---
 
-* Página principal: http://sqlmap.org 
+* Página principal: https://sqlmap.org 
 * Descargar: [. tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) o [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
 * Fuente de Cambios "Commit RSS feed": https://github.com/sqlmapproject/sqlmap/commits/master.atom
 * Seguimiento de problemas "Issue tracker": https://github.com/sqlmapproject/sqlmap/issues

doc/translations/README-fa-IR.md

@@ -73,7 +73,7 @@
 ----
 
 
-* خانه: http://sqlmap.org
+* خانه: https://sqlmap.org
 * دانلود: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
 * کایمت و نظرات: https://github.com/sqlmapproject/sqlmap/commits/master.atom
 * پیگری مشکلات: https://github.com/sqlmapproject/sqlmap/issues

doc/translations/README-fr-FR.md

@@ -38,7 +38,7 @@ Pour obtenir un aperçu des ressources de __sqlmap__, une liste des fonctionnali
 Liens
 ----
 
-* Page d'acceuil: http://sqlmap.org
+* Page d'acceuil: https://sqlmap.org
 * Téléchargement: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) ou [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
 * Commits RSS feed: https://github.com/sqlmapproject/sqlmap/commits/master.atom
 * Suivi des issues: https://github.com/sqlmapproject/sqlmap/issues

doc/translations/README-gr-GR.md

@@ -39,7 +39,7 @@
 Σύνδεσμοι
 ----
 
-* Αρχική σελίδα: http://sqlmap.org
+* Αρχική σελίδα: https://sqlmap.org
 * Λήψεις: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) ή [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
 * Commits RSS feed: https://github.com/sqlmapproject/sqlmap/commits/master.atom
 * Προβλήματα: https://github.com/sqlmapproject/sqlmap/issues

doc/translations/README-hr-HR.md

@@ -39,7 +39,7 @@ Kako biste dobili pregled mogućnosti sqlmap-a, liste podržanih značajki te op
 Poveznice
 ----
 
-* Početna stranica: http://sqlmap.org
+* Početna stranica: https://sqlmap.org
 * Preuzimanje: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) ili [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
 * RSS feed promjena u kodu: https://github.com/sqlmapproject/sqlmap/commits/master.atom
 * Prijava problema: https://github.com/sqlmapproject/sqlmap/issues

doc/translations/README-id-ID.md

@@ -2,7 +2,7 @@
 
 [![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![PyPI version](https://badge.fury.io/py/sqlmap.svg)](https://badge.fury.io/py/sqlmap) [![GitHub closed issues](https://img.shields.io/github/issues-closed-raw/sqlmapproject/sqlmap.svg?colorB=ff69b4)](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
 
-sqlmap merupakan alat _(tool)_ bantu _open source_ dalam melakukan tes penetrasi yang mengotomasi proses deteksi dan eksploitasi kelemahan _SQL injection_ dan pengambil-alihan server basis data. sqlmap dilengkapi dengan pendeteksi canggih, fitur-fitur hanal bagi _penetration tester_, beragam cara untuk mendeteksi basis data, hingga mengakses _file system_ dan mengeksekusi perintah dalam sistem operasi melalui koneksi _out-of-band_. 
+sqlmap merupakan alat _(tool)_ bantu _open source_ dalam melakukan tes penetrasi yang mengotomasi proses deteksi dan eksploitasi kelemahan _SQL injection_ dan pengambil-alihan server basis data. sqlmap dilengkapi dengan pendeteksi canggih, fitur-fitur handal bagi _penetration tester_, beragam cara untuk mendeteksi basis data, hingga mengakses _file system_ dan mengeksekusi perintah dalam sistem operasi melalui koneksi _out-of-band_. 
 
 Tangkapan Layar
 ----
@@ -14,8 +14,7 @@ Anda dapat mengunjungi [koleksi tangkapan layar](https://github.com/sqlmapprojec
 Instalasi
 ----
 
-Anda dapat mengunduh tarball versi terbaru [di sini]
+Anda dapat mengunduh tarball versi terbaru [di sini](https://github.com/sqlmapproject/sqlmap/tarball/master) atau zipball [di sini](https://github.com/sqlmapproject/sqlmap/zipball/master).
-(https://github.com/sqlmapproject/sqlmap/tarball/master) atau zipball [di sini](https://github.com/sqlmapproject/sqlmap/zipball/master).
 
 Sebagai alternatif, Anda dapat mengunduh sqlmap dengan men-_clone_ repositori [Git](https://github.com/sqlmapproject/sqlmap):
 
@@ -40,7 +39,7 @@ Untuk mendapatkan gambaran singkat kemampuan sqlmap, daftar fitur yang didukung,
 Tautan
 ----
 
-* Situs: http://sqlmap.org
+* Situs: https://sqlmap.org
 * Unduh: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) atau [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
 * RSS feed dari commits: https://github.com/sqlmapproject/sqlmap/commits/master.atom
 * Pelacak Masalah: https://github.com/sqlmapproject/sqlmap/issues

doc/translations/README-it-IT.md

@@ -39,7 +39,7 @@ Per una panoramica delle capacità di sqlmap, una lista delle sue funzionalità
 Link
 ----
 
-* Sito: http://sqlmap.org
+* Sito: https://sqlmap.org
 * Download: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
 * RSS feed dei commit: https://github.com/sqlmapproject/sqlmap/commits/master.atom
 * Issue tracker: https://github.com/sqlmapproject/sqlmap/issues

doc/translations/README-ja-JP.md

@@ -40,7 +40,7 @@ sqlmapの概要、機能の一覧、全てのオプションやスイッチの
 リンク
 ----
 
-* ホームページ: http://sqlmap.org
+* ホームページ: https://sqlmap.org
 * ダウンロード: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
 * コミットのRSSフィード: https://github.com/sqlmapproject/sqlmap/commits/master.atom
 * 課題管理: https://github.com/sqlmapproject/sqlmap/issues

doc/translations/README-ko-KR.md

@@ -39,7 +39,7 @@ sqlmap의 능력, 지원되는 기능과 모든 옵션과 스위치들의 목록
 링크
 ----
 
-* 홈페이지: http://sqlmap.org
+* 홈페이지: https://sqlmap.org
 * 다운로드: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
 * RSS 피드 커밋: https://github.com/sqlmapproject/sqlmap/commits/master.atom
 * Issue tracker: https://github.com/sqlmapproject/sqlmap/issues

doc/translations/README-pl-PL.md

@@ -39,7 +39,7 @@ Aby uzyskać listę wszystkich dostępnych fukcji, parametrów i opisów ich dzi
 Odnośniki
 ----
 
-* Strona projektu: http://sqlmap.org
+* Strona projektu: https://sqlmap.org
 * Pobieranie: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
 * RSS feed: https://github.com/sqlmapproject/sqlmap/commits/master.atom
 * Raportowanie błędów: https://github.com/sqlmapproject/sqlmap/issues

doc/translations/README-pt-BR.md

@@ -39,7 +39,7 @@ Para ter uma visão geral dos recursos do sqlmap, lista de recursos suportados e
 Links
 ----
 
-* Homepage: http://sqlmap.org
+* Homepage: https://sqlmap.org
 * Download: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) ou [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
 * Commits RSS feed: https://github.com/sqlmapproject/sqlmap/commits/master.atom
 * Issue tracker: https://github.com/sqlmapproject/sqlmap/issues

doc/translations/README-rs-RS.md

@@ -0,0 +1,50 @@
+# sqlmap
+
+[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![PyPI version](https://badge.fury.io/py/sqlmap.svg)](https://badge.fury.io/py/sqlmap) [![GitHub closed issues](https://img.shields.io/github/issues-closed-raw/sqlmapproject/sqlmap.svg?colorB=ff69b4)](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
+
+sqlmap je alat otvorenog koda namenjen za penetraciono testiranje koji automatizuje proces detekcije i eksploatacije sigurnosnih propusta SQL injekcije i preuzimanje baza podataka. Dolazi s moćnim mehanizmom za detekciju, mnoštvom korisnih opcija za napredno penetracijsko testiranje te široki spektar opcija od onih za prepoznavanja baze podataka, preko uzimanja podataka iz baze, do pristupa zahvaćenom fajl sistemu i izvršavanja komandi na operativnom sistemu korištenjem tzv. "out-of-band" veza.
+
+Slike
+----
+
+![Slika](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)
+
+Možete posetiti [kolekciju slika](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) gde su demonstrirane neke od e se demonstriraju neke od funkcija na wiki stranicama.
+
+Instalacija
+----
+
+Možete preuzeti najnoviji tarball klikom [ovde](https://github.com/sqlmapproject/sqlmap/tarball/master) ili najnoviji zipball klikom [ovde](https://github.com/sqlmapproject/sqlmap/zipball/master).
+
+Opciono, možete preuzeti sqlmap kloniranjem [Git](https://github.com/sqlmapproject/sqlmap) repozitorija:
+
+    git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
+
+sqlmap radi bez posebnih zahteva korištenjem [Python](http://www.python.org/download/) verzije **2.6**, **2.7** i/ili **3.x** na bilo kojoj platformi.
+
+Korišćenje
+----
+
+Kako biste dobili listu osnovnih opcija i prekidača koristite:
+
+    python sqlmap.py -h
+
+Kako biste dobili listu svih opcija i prekidača koristite:
+
+    python sqlmap.py -hh
+
+Možete pronaći primer izvršavanja [ovde](https://asciinema.org/a/46601).
+Kako biste dobili pregled mogućnosti sqlmap-a, liste podržanih funkcija, te opis svih opcija i prekidača, zajedno s primerima, preporučen je uvid u [korisnički priručnik](https://github.com/sqlmapproject/sqlmap/wiki/Usage).
+
+Linkovi
+----
+
+* Početna stranica: https://sqlmap.org
+* Preuzimanje: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) ili [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
+* RSS feed promena u kodu: https://github.com/sqlmapproject/sqlmap/commits/master.atom
+* Prijava problema: https://github.com/sqlmapproject/sqlmap/issues
+* Korisnički priručnik: https://github.com/sqlmapproject/sqlmap/wiki
+* Najčešće postavljena pitanja (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
+* Twitter: [@sqlmap](https://twitter.com/sqlmap)
+* Demo: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos)
+* Slike: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots

doc/translations/README-ru-RUS.md

@@ -39,7 +39,7 @@ sqlmap работает из коробки с [Python](http://www.python.org/do
 Ссылки
 ----
 
-* Основной сайт: http://sqlmap.org
+* Основной сайт: https://sqlmap.org
 * Скачивание: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) или [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
 * Канал новостей RSS: https://github.com/sqlmapproject/sqlmap/commits/master.atom
 * Отслеживание проблем: https://github.com/sqlmapproject/sqlmap/issues

doc/translations/README-tr-TR.md

@@ -39,10 +39,10 @@ Bütün seçenekleri gösterir
 
 Program ile ilgili örnekleri [burada](https://asciinema.org/a/46601) bulabilirsiniz. Daha fazlası için sqlmap'in bütün açıklamaları ile birlikte bütün özelliklerinin, örnekleri ile bulunduğu  [manuel sayfamıza](https://github.com/sqlmapproject/sqlmap/wiki/Usage) bakmanızı tavsiye ediyoruz
 
-Links
+Bağlantılar
 ----
 
-* Anasayfa: http://sqlmap.org
+* Anasayfa: https://sqlmap.org
 * İndirme bağlantıları: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
 * Commitlerin RSS beslemeleri: https://github.com/sqlmapproject/sqlmap/commits/master.atom
 * Hata takip etme sistemi: https://github.com/sqlmapproject/sqlmap/issues

doc/translations/README-uk-UA.md

@@ -39,7 +39,7 @@ sqlmap «працює з коробки» з [Python](http://www.python.org/down
 Посилання
 ----
 
-* Основний сайт: http://sqlmap.org
+* Основний сайт: https://sqlmap.org
 * Завантаження: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) або [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
 * Канал новин RSS: https://github.com/sqlmapproject/sqlmap/commits/master.atom
 * Відстеження проблем: https://github.com/sqlmapproject/sqlmap/issues

doc/translations/README-vi-VN.md

@@ -3,15 +3,14 @@
 [![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![PyPI version](https://badge.fury.io/py/sqlmap.svg)](https://badge.fury.io/py/sqlmap) [![GitHub closed issues](https://img.shields.io/github/issues-closed-raw/sqlmapproject/sqlmap.svg?colorB=ff69b4)](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
 
 sqlmap là một công cụ kiểm tra thâm nhập mã nguồn mở, nhằm tự động hóa quá trình phát hiện, khai thác lỗ hổng tiêm SQL và tiếp quản các máy chủ cơ sở dữ liệu. Nó đi kèm với 
-một hệ thống phát hiện mạnh mẽ, nhiều tính năng thích hợp cho người kiểm tra thâm nhập và một loạt các tùy chọn bao gồm lấy dấu cơ sở dữ liệu, truy xuất dữ liệu từ cơ sở dữ 
+một hệ thống phát hiện mạnh mẽ, nhiều tính năng thích hợp cho người kiểm tra thâm nhập (pentester) và một loạt các tùy chọn bao gồm phát hiện cơ sở dữ liệu, truy xuất dữ liệu từ cơ sở dữ liệu, truy cập tệp của hệ thống và thực hiện các lệnh trên hệ điều hành từ xa.
-liệu, truy cập tệp của hệ thống và thực hiện các lệnh trên hệ điều hành thông qua kết nối ngoài.
 
 Ảnh chụp màn hình
 ----
 
 ![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)
 
-Bạn có thể truy cập vào [bộ sưu tập ảnh chụp màn hình](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots), chúng trình bày một số tính năng trên wiki.
+Bạn có thể truy cập vào [bộ sưu tập ảnh chụp màn hình](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots), chúng trình bày một số tính năng có thể tìm thấy trong wiki.
 
 Cài đặt
 ----
@@ -19,11 +18,11 @@ Cài đặt
 
 Bạn có thể tải xuống tập tin nén tar mới nhất bằng cách nhấp vào [đây](https://github.com/sqlmapproject/sqlmap/tarball/master) hoặc tập tin nén zip mới nhất bằng cách nhấp vào [đây](https://github.com/sqlmapproject/sqlmap/zipball/master).
 
-Tốt hơn là bạn có thể tải xuống sqlmap bằng cách clone với [Git](https://github.com/sqlmapproject/sqlmap):
+Tốt hơn là bạn nên tải xuống sqlmap bằng cách clone với [Git](https://github.com/sqlmapproject/sqlmap):
 
     git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
 
-sqlmap hoạt động hiệu quả với [Python](http://www.python.org/download/) phiên bản **2.6**, **2.7** và **3.x** trên bất kì nền tảng nào.
+sqlmap hoạt động hiệu quả với [Python](http://www.python.org/download/) phiên bản **2.6**, **2.7** và **3.x** trên bất kì hệ điều hành nào.
 
 Sử dụng
 ----
@@ -36,15 +35,15 @@ Sử dụng
 
     python sqlmap.py -hh
 
-Bạn có thể tìm thấy video chạy mẫu [tại đây](https://asciinema.org/a/46601).
+Bạn có thể xem video chạy thử [tại đây](https://asciinema.org/a/46601).
 Để có cái nhìn tổng quan về các khả năng của sqlmap, danh sách các tính năng được hỗ trợ và mô tả về tất cả các tùy chọn, cùng với các ví dụ, bạn nên tham khảo [hướng dẫn sử dụng](https://github.com/sqlmapproject/sqlmap/wiki/Usage) (Tiếng Anh).
 
 Liên kết
 ----
 
-* Trang chủ: http://sqlmap.org
+* Trang chủ: https://sqlmap.org
 * Tải xuống: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) hoặc [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
-* Lịch sử thay nguồn đổi cấp dữ liệu RSS: https://github.com/sqlmapproject/sqlmap/commits/master.atom
+* Nguồn cấp dữ liệu RSS về commits: https://github.com/sqlmapproject/sqlmap/commits/master.atom
 * Theo dõi vấn đề: https://github.com/sqlmapproject/sqlmap/issues
 * Hướng dẫn sử dụng: https://github.com/sqlmapproject/sqlmap/wiki
 * Các câu hỏi thường gặp (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ

doc/translations/README-zh-CN.md

@@ -2,7 +2,7 @@
 
 [![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![PyPI version](https://badge.fury.io/py/sqlmap.svg)](https://badge.fury.io/py/sqlmap) [![GitHub closed issues](https://img.shields.io/github/issues-closed-raw/sqlmapproject/sqlmap.svg?colorB=ff69b4)](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
 
-sqlmap 是一个开源的渗透测试工具，可以用来自动化的检测，利用SQL注入漏洞，获取数据库服务器的权限。它具有功能强大的检测引擎,针对各种不同类型数据库的渗透测试的功能选项，包括获取数据库中存储的数据，访问操作系统文件甚至可以通过外带数据连接的方式执行操作系统命令。
+sqlmap 是一个开源的渗透测试工具，可以用来自动化的检测，利用SQL注入漏洞，获取数据库服务器的权限。它具有功能强大的检测引擎,针对各种不同类型数据库的渗透测试的功能选项，包括获取数据库中存储的数据，访问操作系统文件甚至可以通过带外数据连接的方式执行操作系统命令。
 
 演示截图
 ----
@@ -38,7 +38,7 @@ sqlmap 可以运行在 [Python](http://www.python.org/download/)  **2.6**, **2.7
 链接
 ----
 
-* 项目主页: http://sqlmap.org
+* 项目主页: https://sqlmap.org
 * 源代码下载: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
 * RSS 订阅: https://github.com/sqlmapproject/sqlmap/commits/master.atom
 * Issue tracker: https://github.com/sqlmapproject/sqlmap/issues

extra/__init__.py

@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
 

extra/beep/__init__.py

@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
 

extra/beep/beep.py

@@ -3,7 +3,7 @@
 """
 beep.py - Make a beep sound
 
-Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
 

extra/cloak/__init__.py

@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
 

extra/cloak/cloak.py

@@ -3,7 +3,7 @@
 """
 cloak.py - Simple file encryption/compression utility
 
-Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
 
@@ -21,7 +21,7 @@ if sys.version_info >= (3, 0):
     xrange = range
     ord = lambda _: _
 
-KEY = b"cwRAopWDYixMeqs3"
+KEY = b"ENWsCymUeJcXqSbD"
 
 def xor(message, key):
     return b"".join(struct.pack('B', ord(message[i]) ^ ord(key[i % len(key)])) for i in range(len(message)))

extra/dbgtool/__init__.py

@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
 

extra/dbgtool/dbgtool.py

@@ -3,7 +3,7 @@
 """
 dbgtool.py - Portable executable to ASCII debug script converter
 
-Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
 

extra/shutils/blanks.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
+# Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/)
 # See the file 'LICENSE' for copying permission
 
 # Removes trailing spaces from blank lines inside project files

extra/shutils/drei.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
+# Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/)
 # See the file 'LICENSE' for copying permission
 
 # Stress test against Python3

extra/shutils/duplicates.py

@@ -1,6 +1,6 @@
 #!/usr/bin/env python
 
-# Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
+# Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/)
 # See the file 'LICENSE' for copying permission
 
 # Removes duplicate entries in wordlist like files

extra/shutils/junk.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
+# Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/)
 # See the file 'LICENSE' for copying permission
 
 find . -type d -name "__pycache__" -exec rm -rf {} \; &>/dev/null

extra/shutils/modernize.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
+# Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/)
 # See the file 'LICENSE' for copying permission
 
 # sudo pip install modernize

extra/shutils/pycodestyle.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
+# Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/)
 # See the file 'LICENSE' for copying permission
 
 # Runs pycodestyle on all python files (prerequisite: pip install pycodestyle)

extra/shutils/pydiatra.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
+# Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/)
 # See the file 'LICENSE' for copying permission
 
 # Runs py3diatra on all python files (prerequisite: pip install pydiatra)

extra/shutils/pyflakes.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
+# Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/)
 # See the file 'LICENSE' for copying permission
 
 # Runs pyflakes on all python files (prerequisite: apt-get install pyflakes)

extra/shutils/pylint.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
+# Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/)
 # See the file 'LICENSE' for copying permission
 
 find . -wholename "./thirdparty" -prune -o -type f -iname "*.py" -exec pylint --rcfile=./.pylintrc '{}' \;

extra/shutils/pypi.sh

@@ -16,7 +16,7 @@ cat > $TMP_DIR/setup.py << EOF
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
 
@@ -30,7 +30,7 @@ setup(
     long_description_content_type='text/x-rst',
     author='Bernardo Damele Assumpcao Guimaraes, Miroslav Stampar',
     author_email='bernardo@sqlmap.org, miroslav@sqlmap.org',
-    url='http://sqlmap.org',
+    url='https://sqlmap.org',
     project_urls={
         'Documentation': 'https://github.com/sqlmapproject/sqlmap/wiki',
         'Source': 'https://github.com/sqlmapproject/sqlmap/',
@@ -67,7 +67,7 @@ cat > sqlmap/__init__.py << EOF
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
 
@@ -149,7 +149,7 @@ manual <https://github.com/sqlmapproject/sqlmap/wiki/Usage>`__.
 Links
 -----
 
--  Homepage: http://sqlmap.org
+-  Homepage: https://sqlmap.org
 -  Download:
    `.tar.gz <https://github.com/sqlmapproject/sqlmap/tarball/master>`__
    or `.zip <https://github.com/sqlmapproject/sqlmap/zipball/master>`__

extra/vulnserver/__init__.py

@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
 

extra/vulnserver/vulnserver.py

@@ -3,7 +3,7 @@
 """
 vulnserver.py - Trivial SQLi vulnerable HTTP server (Note: for testing purposes)
 
-Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
 
@@ -49,7 +49,7 @@ SCHEMA = """
     INSERT INTO users (id, name, surname) VALUES (1, 'luther', 'blisset');
     INSERT INTO users (id, name, surname) VALUES (2, 'fluffy', 'bunny');
     INSERT INTO users (id, name, surname) VALUES (3, 'wu', '179ad45c6ce2cb97cf1029e212046e81');
-    INSERT INTO users (id, name, surname) VALUES (4, 'sqlmap/1.0-dev (http://sqlmap.org)', 'user agent header');
+    INSERT INTO users (id, name, surname) VALUES (4, 'sqlmap/1.0-dev (https://sqlmap.org)', 'user agent header');
     INSERT INTO users (id, name, surname) VALUES (5, NULL, 'nameisnull');
 """
 
@@ -60,6 +60,7 @@ _conn = None
 _cursor = None
 _lock = None
 _server = None
+_alive = False
 
 def init(quiet=False):
     global _conn
@@ -110,6 +111,7 @@ class ReqHandler(BaseHTTPRequestHandler):
             elif self.data.startswith('<') and self.data.endswith('>'):
                 params.update(dict((_[0], _[1].replace("&apos;", "'").replace("&quot;", '"').replace("&lt;", '<').replace("&gt;", '>').replace("&amp;", '&')) for _ in re.findall(r'name="([^"]+)" value="([^"]*)"', self.data)))
             else:
+                self.data = self.data.replace(';', '&')     # Note: seems that Python3 started ignoring parameter splitting with ';'
                 params.update(parse_qs(self.data))
 
         for name in self.headers:
@@ -129,7 +131,6 @@ class ReqHandler(BaseHTTPRequestHandler):
         self.url, self.params = path, params
 
         if self.url == '/':
-
             if not any(_ in self.params for _ in ("id", "query")):
                 self.send_response(OK)
                 self.send_header("Content-type", "text/html; charset=%s" % UNICODE_ENCODING)
@@ -140,10 +141,12 @@ class ReqHandler(BaseHTTPRequestHandler):
                 code, output = OK, ""
 
                 try:
-
                     if self.params.get("echo", ""):
                         output += "%s<br>" % self.params["echo"]
 
+                    if self.params.get("reflect", ""):
+                        output += "%s<br>" % self.params.get("id")
+
                     with _lock:
                         if "query" in self.params:
                             _cursor.execute(self.params["query"])
@@ -156,6 +159,10 @@ class ReqHandler(BaseHTTPRequestHandler):
 
                     output += "<b>SQL results:</b><br>\n"
 
+                    if self.params.get("code", ""):
+                        if not results:
+                            code = INTERNAL_SERVER_ERROR
+                    else:
                         if results:
                             output += "<table border=\"1\">\n"
 
@@ -194,7 +201,7 @@ class ReqHandler(BaseHTTPRequestHandler):
         self.do_REQUEST()
 
     def do_PUT(self):
-        self.do_REQUEST()
+        self.do_POST()
 
     def do_HEAD(self):
         self.do_REQUEST()
@@ -230,14 +237,18 @@ class ReqHandler(BaseHTTPRequestHandler):
         return
 
 def run(address=LISTEN_ADDRESS, port=LISTEN_PORT):
+    global _alive
     global _server
     try:
+        _alive = True
         _server = ThreadingServer((address, port), ReqHandler)
         print("[i] running HTTP server at 'http://%s:%d'" % (address, port))
         _server.serve_forever()
     except KeyboardInterrupt:
         _server.socket.close()
         raise
+    finally:
+        _alive = False
 
 if __name__ == "__main__":
     try:

lib/__init__.py

@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
 

lib/controller/__init__.py

@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
 

lib/controller/action.py

@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
 

lib/controller/checks.py

@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 """
-Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
+Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """
 
@@ -404,8 +404,8 @@ def checkSqlInjection(place, parameter, value):
                     continue
 
                 # Parse boundary's <prefix>, <suffix> and <ptype>
-                prefix = boundary.prefix if boundary.prefix else ""
+                prefix = boundary.prefix or ""
-                suffix = boundary.suffix if boundary.suffix else ""
+                suffix = boundary.suffix or ""
                 ptype = boundary.ptype
 
                 # Options --prefix/--suffix have a higher priority (if set by user)
@@ -435,7 +435,7 @@ def checkSqlInjection(place, parameter, value):
                         origValue = origValue.split(kb.customInjectionMark)[0]
                         origValue = re.search(r"(\w*)\Z", origValue).group(1)
 
-                    # Threat the parameter original value according to the
+                    # Treat the parameter original value according to the
                     # test's <where> tag
                     if where == PAYLOAD.WHERE.ORIGINAL or conf.prefix:
                         if kb.tamperFunctions:
@@ -529,7 +529,7 @@ def checkSqlInjection(place, parameter, value):
                             truePage, trueHeaders, trueCode = threadData.lastComparisonPage or "", threadData.lastComparisonHeaders, threadData.lastComparisonCode
                             trueRawResponse = "%s%s" % (trueHeaders, truePage)
 
-                            if trueResult and not(truePage == falsePage and not kb.nullConnection):
+                            if trueResult and not(truePage == falsePage and not any((kb.nullConnection, conf.code))):
                                 # Perform the test's False request
                                 falseResult = Request.queryPage(genCmpPayload(), place, raise404=False)
 
@@ -642,7 +642,7 @@ def checkSqlInjection(place, parameter, value):
                                 output = output or extractRegexResult(check, threadData.lastRedirectMsg[1] if threadData.lastRedirectMsg and threadData.lastRedirectMsg[0] == threadData.lastRequestUID else None, re.DOTALL | re.IGNORECASE)
 
                                 if output:
-                                    result = output == "1"
+                                    result = output == '1'
 
                                     if result:
                                         infoMsg = "%sparameter '%s' is '%s' injectable " % ("%s " % paramType if paramType != parameter else "", parameter, title)
@@ -991,7 +991,7 @@ def checkSuhosinPatch(injection):
     Checks for existence of Suhosin-patch (and alike) protection mechanism(s)
     """
 
-    if injection.place == PLACE.GET:
+    if injection.place in (PLACE.GET, PLACE.URI):
         debugMsg = "checking for parameter length "
         debugMsg += "constraining mechanisms"
         logger.debug(debugMsg)