Minor update for the automatic reporting

.github/workflows/tests.yml

@@ -10,7 +10,7 @@ jobs:
     strategy:
       matrix:
         os: [ubuntu-latest, macos-latest, windows-latest]
-        python-version: [ 'pypy-2.7', '3.12' ]
+        python-version: [ 'pypy-2.7', '3.13' ]
         exclude:
           - os: macos-latest
             python-version: 'pypy-2.7'

data/txt/sha256sums.txt

@@ -71,7 +71,7 @@ c6be099a5dee34f3a7570715428add2e7419f4e73a7ce9913d3fb76eea78d88e  data/udf/postg
 9f4ca1ff145cfbe3c3a903a21bf35f6b06ab8b484dad6b7c09e95262bf6bfa05  data/xml/banner/postgresql.xml
 86da6e90d9ccf261568eda26a6455da226c19a42cc7cd211e379cab528ec621e  data/xml/banner/server.xml
 146887f28e3e19861516bca551e050ce81a1b8d6bb69fd342cc1f19a25849328  data/xml/banner/servlet-engine.xml
-7973d2024e7803951445a569b591e151edcc322c00213f478dcd9aff23afd226  data/xml/banner/set-cookie.xml
+e87c062bdf05b27db6c1d7e0d41c25f269cbe66b1f9b8e2d9b3db0d567016c76  data/xml/banner/set-cookie.xml
 a7eb4d1bcbdfd155383dcd35396e2d9dd40c2e89ce9d5a02e63a95a94f0ab4ea  data/xml/banner/sharepoint.xml
 e2febc92f9686eacf17a0054f175917b783cc6638ca570435a5203b03245fc18  data/xml/banner/x-aspnet-version.xml
 75672f8faa8053af0df566a48700f2178075f67c593d916313fcff3474da6f82  data/xml/banner/x-powered-by.xml
@@ -85,7 +85,7 @@ b0f434f64105bd61ab0f6867b3f681b97fa02b4fb809ac538db382d031f0e609  data/xml/paylo
 40a4878669f318568097719d07dc906a19b8520bc742be3583321fc1e8176089  data/xml/payloads/union_query.xml
 95b7464b1a7b75e2b462d73c6cca455c13b301f50182a8b2cd6701cdcb80b43e  data/xml/queries.xml
 abb6261b1c531ad2ee3ada8184c76bcdc38732558d11a8e519f36fcc95325f7e  doc/AUTHORS
-68550be6eeb800bb54b1b47877412ecc88cf627fb8c88aaee029687152eb3fc1  doc/CHANGELOG.md
+2a0322f121cbda30336ab58382e9860fea8ab28ff4726f6f8abf143ce1657abe  doc/CHANGELOG.md
 2df1f15110f74ce4e52f0e7e4a605e6c7e08fbda243e444f9b60e26dfc5cf09d  doc/THANKS.md
 f939c6341e3ab16b0bb9d597e4b13856c7d922be27fd8dba3aa976b347771f16  doc/THIRD-PARTY.md
 792bcf9bf7ac0696353adaf111ee643f79f1948d9b5761de9c25eb0a81a998c9  doc/translations/README-bg-BG.md
@@ -112,7 +112,7 @@ c94d5c9ae4e4b996eaf0d06a6c5323a12f22653bb53c5eaf5400ee0bccf4a1eb  doc/translatio
 0bccce9d2e48e7acc1ef126539a50d3d83c439f94cc6387c1331a9960604a2cd  doc/translations/README-uk-UA.md
 285c997e8ae7381d765143b5de6721cad598d564fd5f01a921108f285d9603a2  doc/translations/README-vi-VN.md
 b553a179c731127a115d68dfb2342602ad8558a42aa123050ba51a08509483f6  doc/translations/README-zh-CN.md
-783ddbaa638d2d2987be7aa2e9e9e40aef8c0b7a132db60949e43bc733d01978  extra/beep/beep.py
+a438fbd0e9d8fb3d836d095b3bb94522d57db968bb76a9b5cb3ffe1834305a27  extra/beep/beep.py
 509276140d23bfc079a6863e0291c4d0077dea6942658a992cbca7904a43fae9  extra/beep/beep.wav
 1d6e741e19e467650dce2ca84aa824d6df68ff74aedbe4afa8dbdb0193d94918  extra/beep/__init__.py
 3b54434b0d00c8fd12328ef8e567821bd73a796944cb150539aa362803ab46e5  extra/cloak/cloak.py
@@ -166,7 +166,7 @@ de2b0220db1c79d8720b636d267b11e117151f5f99740567096e9b4cbb7cc9d5  lib/controller
 1d6e741e19e467650dce2ca84aa824d6df68ff74aedbe4afa8dbdb0193d94918  lib/controller/__init__.py
 41c7fb7e486c4383a114c851f0c32c81c53c2b4f1d2a0fd99f70885072646387  lib/core/agent.py
 f848dcfdacb5143f803f4e9474cf3eef939039c26c522ca09777c425661300f0  lib/core/bigarray.py
-129bcc6342e2398c9d66204524ceb005121b83a23311e0724891d4cd0abd17a5  lib/core/common.py
+afecad4b14e8008f6f97a6ec653fc930dfd8dc65f9d24a51274f8b5c3f63a4e2  lib/core/common.py
 88fbbe7c41511b17d7ef449d675a84eaa80cac6ebf457a18577eadd62f6f1330  lib/core/compat.py
 5ce8f2292f99d17d69bfc40ded206bfdfd06e2e3660ff9d1b3c56163793f8d1c  lib/core/convert.py
 f561310b3cea570cc13d9f0aff16cce8b097d51275f8b947e7fff4876ac65c32  lib/core/data.py
@@ -180,15 +180,15 @@ ec8d94fb704c0a40c88f5f283624cda025e2ea0e8b68722fe156c2b5676f53ac  lib/core/dicts
 93c256111dc753967169988e1289a0ea10ec77bfb8e2cbd1f6725e939bfbc235  lib/core/gui.py
 1d6e741e19e467650dce2ca84aa824d6df68ff74aedbe4afa8dbdb0193d94918  lib/core/__init__.py
 53499dc202a036289e3b2b9699d19568e794d077e16fd3a5c91771983de45451  lib/core/log.py
-eb1890d111e6187cac4cf81c3a525e95e7061607847d4f05ec23f9dba8febdcd  lib/core/optiondict.py
-ceea031ce1a49a20af689d750d33d057e38a7c631f008872b04f380e2de39bb9  lib/core/option.py
+bcb54f1813b3757fe717d7b4f3429fbcd08ff416af1100b716708955702e66d6  lib/core/optiondict.py
+2f007b088aad979f75c4d864603dfc685da5be219ae116f2bb0d6445d2db4f83  lib/core/option.py
 81275fdbd463d89a2bfd8c00417a17a872aad74f34c18e44be79c0503e67dfa5  lib/core/patch.py
 e79df3790f16f67988e46f94b0a516d7ee725967f7698c8e17f210e4052203a7  lib/core/profiling.py
 c6a182f6b7d3b0ad6f0888ea2a4de4148f0770549038d7de8bc3267b4c6635f7  lib/core/readlineng.py
 63ae69713c6ea9abfa10e71dfab8f2dcf42432177a38d2c1e98785bf1468674c  lib/core/replication.py
 5bad5bc7115051cef7b84efa73fbafbf5e1db46eef32a445056b56cda750b66f  lib/core/revision.py
 0dcb52c9c76a4b0acf2e9038f7d8f08c14543cef3cf7032831c6c0a99376ad24  lib/core/session.py
-6f87796de3de274f114c398603b5e5f71e4404d7a0b3d30b0cb4dd5a01c3272f  lib/core/settings.py
+13cb63f7e3c76e3251cd572b766b358389b5d997893aa649bf279169051270e8  lib/core/settings.py
 a1e4f2860bffc73bbf2e5db293fa49dcb600ea35f950cda43dc953b3160ab3db  lib/core/shell.py
 841716e87b90a3b598515910841f7cf8d33bb87c24a27fba1a80e36a831cbcd7  lib/core/subprocessng.py
 9731092f195e346716929323ea3c93247b23b9b92b0f32d3fd0acc3adf9876cc  lib/core/target.py
@@ -199,7 +199,7 @@ b1071f449a66b4ceacd4b84b33a73d9e0a3197d271d72daaa406ba473a8bb625  lib/core/testi
 12cbead4e9e563b970fafb891127927445bd53bada1fac323b9cd27da551ba30  lib/core/wordlist.py
 1d6e741e19e467650dce2ca84aa824d6df68ff74aedbe4afa8dbdb0193d94918  lib/__init__.py
 a027f4c44811cb74aa367525f353706de3d3fc719e6c6162f7a61dc838acf0c2  lib/parse/banner.py
-9c7f95948cb6ee20b2b5bff7b36c23179c44303d3c8ad555247f65f12f30e0a9  lib/parse/cmdline.py
+2838467a296a05c6c94ddef1f42f1e7cddee3a9e755143bcb70129233056abad  lib/parse/cmdline.py
 3907765df08c31f8d59350a287e826bd315a7714dc0e87496f67c8a0879c86ac  lib/parse/configfile.py
 ced03337edd5a16b56a379c9ac47775895e1053003c25f6ba5bec721b6e3aa64  lib/parse/handler.py
 3704a02dcf00b0988b101e30b2e0d48acdd20227e46d8b552e46c55d7e9bf28c  lib/parse/headers.py
@@ -210,11 +210,11 @@ cbabdde72df4bd8d6961d589f1721dd938d8f653aa6af8900a31af6e2586405d  lib/parse/site
 87109063dd336fe2705fdfef23bc9b340dcc58e410f15c372fab51ea6a1bf4b1  lib/request/basicauthhandler.py
 89417568d7f19e48d39a8a9a4227d3d2b71d1c9f61139a41b1835fb5266fcab8  lib/request/basic.py
 6139b926a3462d14ddd50acdb8575ae442b8fab089db222721535092b9af3ea1  lib/request/chunkedhandler.py
-ad661a075c6df0624747722d77ca3b1f69f36e54708e33673a33cfdef1ed5075  lib/request/comparison.py
-65c57ca9de892b6b7b55e1b13392f94e831710f7d21755a7d85eb6db4f61eb41  lib/request/connect.py
+6058fc4fce4b5ce660096d341eab3ae170e5406b31e2e9f51dcf60e7a2b67e68  lib/request/comparison.py
+7345c12a0a1d4c583766b46ba38263cbc4603a85aa4216deddd62958d4e5d596  lib/request/connect.py
 0649a39c5cc2fc0f4c062b100ced17e3e6934a7e578247dfc65b650edc29825e  lib/request/direct.py
 5283754cf387ce4e645ee50834ee387cde29a768aaada1a6a07c338da216c94d  lib/request/dns.py
-2dd88e1f75c0ee54c335d5d0d9199216194aa299bd8ce99dca333c2e4f9ea38b  lib/request/httpshandler.py
+844fae318d6b3141bfc817aac7a29868497b5e7b4b3fdd7c751ad1d4a485324f  lib/request/httpshandler.py
 1d6e741e19e467650dce2ca84aa824d6df68ff74aedbe4afa8dbdb0193d94918  lib/request/__init__.py
 64442b90c1e02b23db3ed764a0588f9052b96c4690b234af1682b3b7e52d51a8  lib/request/inject.py
 6ac4235e40dda2d51b21c2199374eb30d53a5b40869f80055df0ac34fbe59351  lib/request/methodrequest.py
@@ -244,7 +244,7 @@ b781403433a2ad9a18fa9b1cc291165f04f734942268b4eba004a53afe8abe49  lib/techniques
 c09927bccdbdb9714865c9a72d2a739da745375702a935349ddb9edc1d50de70  lib/utils/api.py
 1d72a586358c5f6f0b44b48135229742d2e598d40cefbeeabcb40a1c2e0b70b2  lib/utils/brute.py
 dd0b67fc2bdf65a4c22a029b056698672a6409eff9a9e55da6250907e8995728  lib/utils/crawler.py
-41a037169ca0b595781d70d6af40e2b47c9a2732fd08378029502bbe6f522960  lib/utils/deps.py
+eac125d270256eff54e39736a423dde866bac3b2bb4c76d3cbc32fc53b3bbb99  lib/utils/deps.py
 0b83cc8657d5bea117c02facde2b1426c8fe35d9372d996c644d67575d8b755f  lib/utils/getch.py
 c2a2fa68d2c575ab35f472d50b8d52dd6fc5e1b4d6c86a06ac06365650fec321  lib/utils/har.py
 e6376fb0c3d001b6be0ef0f23e99a47734cfe3a3d271521dbe6d624d32f19953  lib/utils/hashdb.py
@@ -399,7 +399,7 @@ f01e26e641fbfb3c3e7620c9cd87739a9a607fc66c56337ca02cc85479fb5f63  plugins/dbms/m
 36e706114f64097e185372aa97420f5267f7e1ccfc03968beda899cd6e32f226  plugins/dbms/mysql/connector.py
 96126e474f7c4e5581cabccff3e924c4789c8e2dbc74463ab7503ace08a88a3a  plugins/dbms/mysql/enumeration.py
 4c6af0e2202a080aa94be399a3d60cab97551ac42aa2bcc95581782f3cabc0c3  plugins/dbms/mysql/filesystem.py
-b2c69cfa82d1ea7a5278780d20de6d0c4f1dc0158a809355ed2ffb9afbc74b36  plugins/dbms/mysql/fingerprint.py
+997be63891dab617a4abc5312f187c777964c912137a344d80c25a1bafe96e9e  plugins/dbms/mysql/fingerprint.py
 34dfa460e65be6f775b1d81906c97515a435f3dbadda57f5a928f7b87cefd97d  plugins/dbms/mysql/__init__.py
 eb59dd2ce04fa676375166549b532e0a5b6cb4c1666b7b2b780446d615aefb07  plugins/dbms/mysql/syntax.py
 05e1586c3a32ee8596adb48bec4588888883727b05a367a48adb6b86abea1188  plugins/dbms/mysql/takeover.py
@@ -413,7 +413,7 @@ d5c9bba081766f14d14e2898d1a041f97961bebac3cf3e891f8942b31c28b47e  plugins/dbms/o
 c9a8ac9fa836cf6914272b24f434509b49294f2cb177d886622e38baa22f2f15  plugins/dbms/postgresql/connector.py
 b086d8ff29282c688772f6672c1132c667a1051a000fc4fcd4ab1068203b0acb  plugins/dbms/postgresql/enumeration.py
 bb23135008e1616e0eb35719b5f49d4093cc688ad610766fca7b1d627c811dd8  plugins/dbms/postgresql/filesystem.py
-ba0eae8047e65dcd23d005e0336653967be9ec4a6df35f4997b006b05a57ea8b  plugins/dbms/postgresql/fingerprint.py
+7c563983fc644f8af4a5906149d033a79b0a5bc319c3b7809032270a32122038  plugins/dbms/postgresql/fingerprint.py
 9912b2031d0dfa35e2f6e71ea24cec35f0129e696334b7335cd36eac39abe23a  plugins/dbms/postgresql/__init__.py
 1a5d2c3b9bd8b7c14e0b1e810e964f698335f779f1a8407b71366dc5e0ee963c  plugins/dbms/postgresql/syntax.py
 b9886913baaac83f6b47b060a4785fe75f61db8c8266b4de8ccfaf180938900a  plugins/dbms/postgresql/takeover.py
@@ -476,17 +476,17 @@ b3d9d0644197ecb864e899c04ee9c7cd63891ecf2a0d3c333aad563eef735294  plugins/generi
 5a473c60853f54f1a4b14d79b8237f659278fe8a6b42e935ed573bf22b6d5b2c  README.md
 8c4fd81d84598535643cf0ef1b2d350cd92977cb55287e23993b76eaa2215c30  sqlmapapi.py
 168309215af7dd5b0b71070e1770e72f1cbb29a3d8025143fb8aa0b88cd56b62  sqlmapapi.yaml
-6da15963699aa8916118f92c8838013bc02c84e4d7b9f33d971324c2ff348728  sqlmap.conf
+4037f1c78180550c1896543581c0c2423e970086bae46f175397f2b4c54b7323  sqlmap.conf
 3795c6d03bc341a0e3aef3d7990ea8c272d91a4c307e1498e850594375af39f7  sqlmap.py
-d6788235cd599e05cb65e9c3279a03b1cf769d4aa15c78d226a1d2cf6aa14e86  tamper/0eunion.py
-35ad42cc9fbe66f025d9f6d0b1284a9f00213510e3c39e60a2d8f3e8b6a77e7b  tamper/apostrophemask.py
-71bc240d0153fccb9caa828f05eca4e9d51c2e5510dee9fb8533b70226d29207  tamper/apostrophenullencode.py
-847b5dc53e195f30abaa6e60b9bc9f39e15df7e6c2a99b31a435b69a345c0937  tamper/appendnullbyte.py
-510b050400bf8cf3ed30d29635083dd69692ec0ca20fe9cb9958feb4f89e34fe  tamper/base64encode.py
-c41f1f5fa2fa73b130f9194e89a04b512fe21784cf1a94e3a61680995999b1dd  tamper/between.py
-576aa77cacbe18695038eeab851be217347ed28d1c0505a098e93fcb3db3575b  tamper/binary.py
-805239f02e8f1bbc3374cb02aec3aa6ae37b72716344f201094c9f39ff35e655  tamper/bluecoat.py
-5e52fb35fbd46cd5293c03491913b655eb47ddb7e99c2830e454945eee693a22  tamper/chardoubleencode.py
+9d408612a6780f7f50a7f7887f923ff3f40be5bfa09a951c6dc273ded05b56c0  tamper/0eunion.py
+c1c2eaa7df016cc7786ccee0ae4f4f363b1dce139c61fb3e658937cb0d18fc54  tamper/apostrophemask.py
+19023093ab22aec3bce9523f28e8111e8f6125973e6d9c82adb60da056bdf617  tamper/apostrophenullencode.py
+ffb81905dfbfa346f949aed54755944403bfbc0cc015cd196e412d7c516c5111  tamper/appendnullbyte.py
+50c270f6073a2dab08a5d64a91db1d1b372a206abd85ad54a630e1067ad614cf  tamper/base64encode.py
+874aea492eed81c646488cd184a2c07b0fba2be247208227c91de9b223b016ee  tamper/between.py
+386ede29943456818e22ec9d1555693c9d676c9330bc527dbb9b3f52c9b3cbb1  tamper/binary.py
+63a3fc494ff07b9f0e37025ff932b386aaeafd24a65da7f530f562ed78083c51  tamper/bluecoat.py
+4635c3b863e624169347d37834021402d95b4240bd138bec2ffc9d4f28d23422  tamper/chardoubleencode.py
 fa25e5a74c6cf0787b4f72321294095a3b7690f53423f058187ad08b458ef1fe  tamper/charencode.py
 1c87fc49792df6091b7eb880108142b42a0a3810cc0cd2316a858ccdbf1c5ce4  tamper/charunicodeencode.py
 00d51073f9e40d8dfa5fcb04eafda359bd0ecb91e358b3910f3ec43c1a381111  tamper/charunicodeescape.py
@@ -523,7 +523,7 @@ a1e7d8907e7b4b25b1a418e8d5221e909096f719dcb611d15b5e91c83454ccdc  tamper/overlon
 704551003e62d4fc1949855931d6cebd57cc5cdbf2221dbd43e51cbdad6f130d  tamper/plus2concat.py
 b9d1e3ee657236b13ad5ecaf2adfa089e24a0e67738253eedb533a68f277a6e3  tamper/plus2fnconcat.py
 fb4b7539284db076147a530df1dd072d5d35e32a71fd7bc8e312319d5f3aaa52  tamper/randomcase.py
-b27066b7ea4f69243d5a353327090a0630bbf7f512edf5e277cde2c10139b3dd  tamper/randomcomments.py
+f40d9267b4e9b689412cd45eb7b61540420f977370c5f9deba272bdae09d2404  tamper/randomcomments.py
 35a8539ac8030d3fc176ea8231fe8983285fc576f7e0b50ccdf911a565f1f758  tamper/schemasplit.py
 a34524af6fe2f2bba642b3234fbf1aa8785761e7d82906005b5476b7cc724857  tamper/scientific.py
 65d22c54abfa61b73140020d48a86ec8eeb4c9e4e5e088d1462e4bce4a64f18b  tamper/sleep2getlock.py
@@ -620,7 +620,7 @@ ef70b88cc969a3e259868f163ad822832f846196e3f7d7eccb84958c80b7f696  thirdparty/odi
 8df6e8c60eac4c83b1bf8c4e0e0276a4caa3c5f0ca57bc6a2116f31f19d3c33f  thirdparty/prettyprint/prettyprint.py
 3739db672154ad4dfa05c9ac298b0440f3f1500c6a3697c2b8ac759479426b84  thirdparty/pydes/__init__.py
 d1d54fc08f80148a4e2ac5eee84c8475617e8c18bfbde0dfe6894c0f868e4659  thirdparty/pydes/pyDes.py
-1c61d71502a80f642ff34726aa287ac40c1edd8f9239ce2e094f6fded00d00d4  thirdparty/six/__init__.py
+c51c91f703d3d4b3696c923cb5fec213e05e75d9215393befac7f2fa6a3904df  thirdparty/six/__init__.py
 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  thirdparty/socks/__init__.py
 7027e214e014eb78b7adcc1ceda5aca713a79fc4f6a0c52c9da5b3e707e6ffe9  thirdparty/socks/LICENSE
 543217f63a4f0a7e7b4f9063058d2173099d54d010a6a4432e15a97f76456520  thirdparty/socks/socks.py

data/xml/banner/set-cookie.xml

@@ -62,4 +62,32 @@
     <regexp value="\bwp_">
         <info technology="WordPress"/>
     </regexp>
+
+    <regexp value="_session_id">
+        <info technology="Ruby on Rails"/>
+    </regexp>
+
+    <regexp value="sessionid">
+        <info technology="Django"/>
+    </regexp>
+
+    <regexp value="connect\.sid">
+        <info technology="Node.js (Express)"/>
+    </regexp>
+
+    <regexp value="laravel_session">
+        <info technology="Laravel (PHP)"/>
+    </regexp>
+
+    <regexp value="SESS[a-f0-9]{32}">
+        <info technology="Drupal"/>
+    </regexp>
+
+    <regexp value="joomla_[a-z0-9]+">
+        <info technology="Joomla"/>
+    </regexp>
+
+    <regexp value="sails\.sid">
+        <info technology="Sails.js"/>
+    </regexp>
 </root>

doc/CHANGELOG.md

@@ -1,4 +1,14 @@
-# Version 1.7 (2022-01-02)
+# Version 1.9 (2025-01-02)
+
+* [View changes](https://github.com/sqlmapproject/sqlmap/compare/1.8...1.9)
+* [View issues](https://github.com/sqlmapproject/sqlmap/milestone/10?closed=1)
+
+# Version 1.8 (2024-01-03)
+
+* [View changes](https://github.com/sqlmapproject/sqlmap/compare/1.7...1.8)
+* [View issues](https://github.com/sqlmapproject/sqlmap/milestone/9?closed=1)
+
+# Version 1.7 (2023-01-02)
 
 * [View changes](https://github.com/sqlmapproject/sqlmap/compare/1.6...1.7)
 * [View issues](https://github.com/sqlmapproject/sqlmap/milestone/8?closed=1)

extra/beep/beep.py

@@ -18,7 +18,7 @@ def beep():
         if sys.platform.startswith("win"):
             _win_wav_play(BEEP_WAV_FILENAME)
         elif sys.platform.startswith("darwin"):
-            _mac_beep()
+            _mac_wav_play(BEEP_WAV_FILENAME)
         elif sys.platform.startswith("cygwin"):
             _cygwin_beep(BEEP_WAV_FILENAME)
         elif any(sys.platform.startswith(_) for _ in ("linux", "freebsd")):
@@ -40,9 +40,8 @@ def _speaker_beep():
 def _cygwin_beep(filename):
     os.system("play-sound-file '%s' 2>/dev/null" % filename)
 
-def _mac_beep():
-    import Carbon.Snd
-    Carbon.Snd.SysBeep(1)
+def _mac_wav_play(filename):
+    os.system("afplay '%s' 2>/dev/null" % BEEP_WAV_FILENAME)
 
 def _win_wav_play(filename):
     import winsound
@@ -50,7 +49,7 @@ def _win_wav_play(filename):
     winsound.PlaySound(filename, winsound.SND_FILENAME)
 
 def _linux_wav_play(filename):
-    for _ in ("aplay", "paplay", "play"):
+    for _ in ("paplay", "aplay", "mpv", "mplayer", "play"):
         if not os.system("%s '%s' 2>/dev/null" % (_, filename)):
             return
 

lib/core/common.py

@@ -35,6 +35,7 @@ import threading
 import time
 import types
 import unicodedata
+import zlib
 
 from difflib import SequenceMatcher
 from math import sqrt
@@ -4005,7 +4006,8 @@ def createGithubIssue(errMsg, excMsg):
             pass
 
         data = {"title": "Unhandled exception (#%s)" % key, "body": "```%s\n```\n```\n%s```" % (errMsg, excMsg)}
-        req = _urllib.request.Request(url="https://api.github.com/repos/sqlmapproject/sqlmap/issues", data=getBytes(json.dumps(data)), headers={HTTP_HEADER.AUTHORIZATION: "token %s" % decodeBase64(GITHUB_REPORT_OAUTH_TOKEN, binary=False), HTTP_HEADER.USER_AGENT: fetchRandomAgent()})
+        token = getText(zlib.decompress(decodeBase64(GITHUB_REPORT_OAUTH_TOKEN[::-1], binary=True))[0::2][::-1])
+        req = _urllib.request.Request(url="https://api.github.com/repos/sqlmapproject/sqlmap/issues", data=getBytes(json.dumps(data)), headers={HTTP_HEADER.AUTHORIZATION: "token %s" % token, HTTP_HEADER.USER_AGENT: fetchRandomAgent()})
 
         try:
             content = getText(_urllib.request.urlopen(req).read())
@@ -5605,7 +5607,8 @@ def checkSums():
             if match:
                 expected, filename = match.groups()
                 filepath = os.path.join(paths.SQLMAP_ROOT_PATH, filename).replace('/', os.path.sep)
-                checkFile(filepath)
+                if not checkFile(filepath, False):
+                    continue
                 with open(filepath, "rb") as f:
                     content = f.read()
                 if not hashlib.sha256(content).hexdigest() == expected:

lib/core/option.py

@@ -1175,7 +1175,7 @@ def _setHTTPHandlers():
                     proxyString = ""
 
                 proxyString += "%s:%d" % (hostname, port)
-                proxyHandler.proxies = {"http": proxyString, "https": proxyString}
+                proxyHandler.proxies = kb.proxies = {"http": proxyString, "https": proxyString}
 
             proxyHandler.__init__(proxyHandler.proxies)
 
@@ -2151,6 +2151,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
     kb.previousMethod = None
     kb.processNonCustom = None
     kb.processUserMarks = None
+    kb.proxies = None
     kb.proxyAuthHeader = None
     kb.queryCounter = 0
     kb.randomPool = {}

lib/core/optiondict.py

@@ -30,6 +30,7 @@ optDict = {
         "liveCookies": "string",
         "loadCookies": "string",
         "dropSetCookie": "boolean",
+        "http2": "boolean",
         "agent": "string",
         "mobile": "boolean",
         "randomAgent": "boolean",

lib/core/settings.py

@@ -19,7 +19,7 @@ from lib.core.enums import OS
 from thirdparty import six
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.9.2.0"
+VERSION = "1.9.3.0"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
@@ -701,7 +701,7 @@ DEFAULT_COOKIE_DELIMITER = ';'
 FORCE_COOKIE_EXPIRATION_TIME = "9999999999"
 
 # Github OAuth token used for creating an automatic Issue for unhandled exceptions
-GITHUB_REPORT_OAUTH_TOKEN = "Z2hwX0pNd0I2U25kN2Q5QmxlWkhxZmkxVXZTSHZiTlRDWjE5NUNpNA"
+GITHUB_REPORT_OAUTH_TOKEN = "wxqc7vTeW8ohIcX+1wK55Mnql2Ex9cP+2s1dqTr/mjlZJVfLnq24fMAi08v5vRvOmuhVZQdOT/lhIRovWvIJrdECD1ud8VMPWpxY+NmjHoEx+VLK1/vCAUBwJe"
 
 # Skip unforced HashDB flush requests below the threshold number of cached items
 HASHDB_FLUSH_THRESHOLD = 32

lib/parse/cmdline.py

@@ -177,6 +177,9 @@ def cmdLineParser(argv=None):
         request.add_argument("--drop-set-cookie", dest="dropSetCookie", action="store_true",
             help="Ignore Set-Cookie header from response")
 
+        request.add_argument("--http2", dest="http2", action="store_true",
+            help="Use HTTP version 2 (experimental)")
+
         request.add_argument("--mobile", dest="mobile", action="store_true",
             help="Imitate smartphone through HTTP User-Agent header")
 
@@ -1007,6 +1010,10 @@ def cmdLineParser(argv=None):
                 argv[i] = ""
             elif argv[i] in DEPRECATED_OPTIONS:
                 argv[i] = ""
+            elif argv[i] in ("-s", "--silent"):
+                if i + 1 < len(argv) and argv[i + 1].startswith('-') or i + 1 == len(argv):
+                    argv[i] = ""
+                    conf.verbose = 0
             elif argv[i].startswith("--data-raw"):
                 argv[i] = argv[i].replace("--data-raw", "--data", 1)
             elif argv[i].startswith("--auth-creds"):
@@ -1015,7 +1022,6 @@ def cmdLineParser(argv=None):
                 argv[i] = argv[i].replace("--drop-cookie", "--drop-set-cookie", 1)
             elif re.search(r"\A--tamper[^=\s]", argv[i]):
                 argv[i] = ""
-                continue
             elif re.search(r"\A(--(tamper|ignore-code|skip))(?!-)", argv[i]):
                 key = re.search(r"\-?\-(\w+)\b", argv[i]).group(1)
                 index = auxIndexes.get(key, None)

lib/request/comparison.py

@@ -120,7 +120,7 @@ def _comparison(page, headers, code, getRatioValue, pageLength):
         if isinstance(seqMatcher.a, six.binary_type) and isinstance(page, six.text_type):
             page = getBytes(page, kb.pageEncoding or DEFAULT_PAGE_ENCODING, "ignore")
         elif isinstance(seqMatcher.a, six.text_type) and isinstance(page, six.binary_type):
-            seqMatcher.a = getBytes(seqMatcher.a, kb.pageEncoding or DEFAULT_PAGE_ENCODING, "ignore")
+            seqMatcher.set_seq1(getBytes(seqMatcher.a, kb.pageEncoding or DEFAULT_PAGE_ENCODING, "ignore"))
 
         if any(_ is None for _ in (page, seqMatcher.a)):
             return None
@@ -146,12 +146,19 @@ def _comparison(page, headers, code, getRatioValue, pageLength):
             if seq1 is None or seq2 is None:
                 return None
 
-            seq1 = seq1.replace(REFLECTED_VALUE_MARKER, "")
-            seq2 = seq2.replace(REFLECTED_VALUE_MARKER, "")
+            if isinstance(seq1, six.binary_type):
+                seq1 = seq1.replace(REFLECTED_VALUE_MARKER.encode(), b"")
+            elif isinstance(seq1, six.text_type):
+                seq1 = seq1.replace(REFLECTED_VALUE_MARKER, "")
+
+            if isinstance(seq2, six.binary_type):
+                seq2 = seq2.replace(REFLECTED_VALUE_MARKER.encode(), b"")
+            elif isinstance(seq2, six.text_type):
+                seq2 = seq2.replace(REFLECTED_VALUE_MARKER, "")
 
             if kb.heavilyDynamic:
-                seq1 = seq1.split("\n")
-                seq2 = seq2.split("\n")
+                seq1 = seq1.split("\n" if isinstance(seq1, six.text_type) else b"\n")
+                seq2 = seq2.split("\n" if isinstance(seq2, six.text_type) else b"\n")
 
                 key = None
             else:

lib/request/connect.py

@@ -90,6 +90,7 @@ from lib.core.enums import WEB_PLATFORM
 from lib.core.exception import SqlmapCompressionException
 from lib.core.exception import SqlmapConnectionException
 from lib.core.exception import SqlmapGenericException
+from lib.core.exception import SqlmapMissingDependence
 from lib.core.exception import SqlmapSkipTargetException
 from lib.core.exception import SqlmapSyntaxException
 from lib.core.exception import SqlmapTokenException
@@ -603,11 +604,6 @@ class Connect(object):
                 if not chunked:
                     requestMsg += "\r\n"
 
-                if not multipart:
-                    threadData.lastRequestMsg = requestMsg
-
-                    logger.log(CUSTOM_LOGGING.TRAFFIC_OUT, requestMsg)
-
                 if conf.cj:
                     for cookie in conf.cj:
                         if cookie.value is None:
@@ -616,7 +612,51 @@ class Connect(object):
                             for char in (r"\r", r"\n"):
                                 cookie.value = re.sub(r"(%s)([^ \t])" % char, r"\g<1>\t\g<2>", cookie.value)
 
-                conn = _urllib.request.urlopen(req)
+                if conf.http2:
+                    try:
+                        import httpx
+                    except ImportError:
+                        raise SqlmapMissingDependence("httpx[http2] not available (e.g. 'pip%s install httpx[http2]')" % ('3' if six.PY3 else ""))
+
+                    try:
+                        proxy_mounts = dict(("%s://" % key, httpx.HTTPTransport(proxy="%s%s" % ("http://" if not "://" in kb.proxies[key] else "", kb.proxies[key]))) for key in kb.proxies) if kb.proxies else None
+                        with httpx.Client(verify=False, http2=True, timeout=timeout, follow_redirects=True, cookies=conf.cj, mounts=proxy_mounts) as client:
+                            conn = client.request(method or (HTTPMETHOD.POST if post is not None else HTTPMETHOD.GET), url, headers=headers, data=post)
+                    except (httpx.HTTPError, httpx.InvalidURL, httpx.CookieConflict, httpx.StreamError) as ex:
+                        raise _http_client.HTTPException(getSafeExString(ex))
+                    else:
+                        conn.code = conn.status_code
+                        conn.msg = conn.reason_phrase
+                        conn.info = lambda c=conn: c.headers
+
+                        conn._read_buffer = conn.read()
+                        conn._read_offset = 0
+
+                        requestMsg = re.sub(" HTTP/[0-9.]+\r\n", " %s\r\n" % conn.http_version, requestMsg, count=1)
+
+                        if not multipart:
+                            threadData.lastRequestMsg = requestMsg
+
+                            logger.log(CUSTOM_LOGGING.TRAFFIC_OUT, requestMsg)
+
+                        def _read(count=None):
+                            offset = conn._read_offset
+                            if count is None:
+                                result = conn._read_buffer[offset:]
+                                conn._read_offset = len(conn._read_buffer)
+                            else:
+                                result = conn._read_buffer[offset: offset + count]
+                                conn._read_offset += len(result)
+                            return result
+
+                        conn.read = _read
+                else:
+                    if not multipart:
+                        threadData.lastRequestMsg = requestMsg
+
+                        logger.log(CUSTOM_LOGGING.TRAFFIC_OUT, requestMsg)
+
+                    conn = _urllib.request.urlopen(req)
 
                 if not kb.authHeader and getRequestHeader(req, HTTP_HEADER.AUTHORIZATION) and (conf.authType or "").lower() == AUTH_TYPE.BASIC.lower():
                     kb.authHeader = getUnicode(getRequestHeader(req, HTTP_HEADER.AUTHORIZATION))
@@ -699,7 +739,7 @@ class Connect(object):
             # Explicit closing of connection object
             if conn and not conf.keepAlive:
                 try:
-                    if hasattr(conn.fp, '_sock'):
+                    if hasattr(conn, "fp") and hasattr(conn.fp, '_sock'):
                         conn.fp._sock.close()
                     conn.close()
                 except Exception as ex:
@@ -1198,7 +1238,7 @@ class Connect(object):
                     warnMsg += ". sqlmap is going to retry the request"
                     logger.warning(warnMsg)
 
-                page, headers, code = Connect.getPage(url=conf.csrfUrl or conf.url, data=conf.csrfData or (conf.data if conf.csrfUrl == conf.url else None), method=conf.csrfMethod or (conf.method if conf.csrfUrl == conf.url else None), cookie=conf.parameters.get(PLACE.COOKIE), direct=True, silent=True, ua=conf.parameters.get(PLACE.USER_AGENT), referer=conf.parameters.get(PLACE.REFERER), host=conf.parameters.get(PLACE.HOST))
+                page, headers, code = Connect.getPage(url=conf.csrfUrl or conf.url, post=conf.csrfData or (conf.data if conf.csrfUrl == conf.url else None), method=conf.csrfMethod or (conf.method if conf.csrfUrl == conf.url else None), cookie=conf.parameters.get(PLACE.COOKIE), direct=True, silent=True, ua=conf.parameters.get(PLACE.USER_AGENT), referer=conf.parameters.get(PLACE.REFERER), host=conf.parameters.get(PLACE.HOST))
                 page = urldecode(page)  # for anti-CSRF tokens with special characters in their name (e.g. 'foo:bar=...')
 
                 match = re.search(r"(?i)<input[^>]+\bname=[\"']?(?P<name>%s)\b[^>]*\bvalue=[\"']?(?P<value>[^>'\"]*)" % conf.csrfToken, page or "", re.I)

lib/request/httpshandler.py

@@ -79,7 +79,8 @@ class HTTPSConnection(_http_client.HTTPSConnection):
                         try:
                             # Reference(s): https://askubuntu.com/a/1263098
                             #               https://askubuntu.com/a/1250807
-                            _contexts[protocol].set_ciphers("DEFAULT@SECLEVEL=1")
+                            #               https://git.zknt.org/mirror/bazarr/commit/7f05f932ffb84ba8b9e5630b2adc34dbd77e2b4a?style=split&whitespace=show-all&show-outdated=
+                            _contexts[protocol].set_ciphers("ALL@SECLEVEL=0")
                         except (ssl.SSLError, AttributeError):
                             pass
                     result = _contexts[protocol].wrap_socket(sock, do_handshake_on_connect=True, server_hostname=self.host if re.search(r"\A[\d.]+\Z", self.host or "") is None else None)

lib/utils/deps.py

@@ -94,6 +94,16 @@ def checkDependencies():
         logger.warning(warnMsg)
         missing_libraries.add('python-ntlm')
 
+    try:
+        __import__("httpx")
+        debugMsg = "'httpx[http2]' third-party library is found"
+        logger.debug(debugMsg)
+    except ImportError:
+        warnMsg = "sqlmap requires 'httpx[http2]' third-party library "
+        warnMsg += "if you plan to use HTTP version 2"
+        logger.warning(warnMsg)
+        missing_libraries.add('httpx[http2]')
+
     try:
         __import__("websocket._abnf")
         debugMsg = "'websocket-client' library is found"

plugins/dbms/mysql/fingerprint.py

@@ -45,10 +45,13 @@ class Fingerprint(GenericFingerprint):
         # Reference: https://dev.mysql.com/doc/relnotes/mysql/<major>.<minor>/en/
 
         versions = (
+            (90100, 90102),  # MySQL 9.1
+            (90000, 90002),  # MySQL 9.0
+            (80400, 80404),  # MySQL 8.4
             (80300, 80302),  # MySQL 8.3
             (80200, 80202),  # MySQL 8.2
             (80100, 80102),  # MySQL 8.1
-            (80000, 80037),  # MySQL 8.0
+            (80000, 80041),  # MySQL 8.0
             (60000, 60014),  # MySQL 6.0
             (50700, 50745),  # MySQL 5.7
             (50600, 50652),  # MySQL 5.6

plugins/dbms/postgresql/fingerprint.py

@@ -133,7 +133,9 @@ class Fingerprint(GenericFingerprint):
             infoMsg = "actively fingerprinting %s" % DBMS.PGSQL
             logger.info(infoMsg)
 
-            if inject.checkBooleanExpression("RANDOM_NORMAL(0.0, 1.0) IS NOT NULL"):
+            if inject.checkBooleanExpression("JSON_QUERY(NULL::jsonb, '$') IS NULL"):
+                Backend.setVersion(">= 17.0")
+            elif inject.checkBooleanExpression("RANDOM_NORMAL(0.0, 1.0) IS NOT NULL"):
                 Backend.setVersion(">= 16.0")
             elif inject.checkBooleanExpression("REGEXP_COUNT(NULL,NULL) IS NULL"):
                 Backend.setVersion(">= 15.0")

sqlmap.conf

@@ -61,6 +61,10 @@ loadCookies =
 # Valid: True or False
 dropSetCookie = False
 
+# Use HTTP version 2 (experimental).
+# Valid: True or False
+http2 = False
+
 # HTTP User-Agent header value. Useful to fake the HTTP User-Agent header value
 # at each HTTP request.
 # sqlmap will also test for SQL injection on the HTTP User-Agent value.

tamper/0eunion.py

@@ -16,7 +16,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces instances of <int> UNION with <int>e0UNION
+    Replaces an integer followed by UNION with an integer followed by e0UNION
 
     Requirement:
         * MySQL

tamper/apostrophemask.py

@@ -14,7 +14,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces apostrophe character (') with its UTF-8 full width counterpart (e.g. ' -> %EF%BC%87)
+    Replaces single quotes (') with their UTF-8 full-width equivalents (e.g. ' -> %EF%BC%87)
 
     References:
         * http://www.utf8-chartable.de/unicode-utf8-table.pl?start=65280&number=128

tamper/apostrophenullencode.py

@@ -14,7 +14,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces apostrophe character (') with its illegal double unicode counterpart (e.g. ' -> %00%27)
+    Replaces single quotes (') with an illegal double Unicode encoding (e.g. ' -> %00%27)
 
     >>> tamper("1 AND '1'='1")
     '1 AND %00%271%00%27=%00%271'

tamper/appendnullbyte.py

@@ -18,7 +18,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Appends (Access) NULL byte character (%00) at the end of payload
+    Appends an (Access) NULL byte character (%00) at the end of payload
 
     Requirement:
         * Microsoft Access

tamper/base64encode.py

@@ -15,7 +15,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Base64-encodes all characters in a given payload
+    Encodes the entire payload using Base64
 
     >>> tamper("1' AND SLEEP(5)#")
     'MScgQU5EIFNMRUVQKDUpIw=='

tamper/between.py

@@ -16,7 +16,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces greater than operator ('>') with 'NOT BETWEEN 0 AND #' and equals operator ('=') with 'BETWEEN # AND #'
+    Replaces the greater-than operator (>) with NOT BETWEEN 0 AND # and the equal sign (=) with BETWEEN # AND #
 
     Tested against:
         * Microsoft SQL Server 2005

tamper/binary.py

@@ -16,7 +16,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Injects keyword binary where possible
+    Injects the keyword binary where applicable
 
     Requirement:
         * MySQL

tamper/bluecoat.py

@@ -17,7 +17,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces space character after SQL statement with a valid random blank character. Afterwards replace character '=' with operator LIKE
+    Replaces the space following an SQL statement with a random valid blank character, then converts = to LIKE
 
     Requirement:
         * Blue Coat SGOS with WAF activated as documented in

tamper/chardoubleencode.py

@@ -16,7 +16,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Double URL-encodes all characters in a given payload (not processing already encoded) (e.g. SELECT -> %2553%2545%254C%2545%2543%2554)
+    Double URL-encodes each character in the payload (ignores already encoded ones) (e.g. SELECT -> %2553%2545%254C%2545%2543%2554)
 
     Notes:
         * Useful to bypass some weak web application firewalls that do not double URL-decode the request before processing it through their ruleset

tamper/randomcomments.py

@@ -16,7 +16,7 @@ __priority__ = PRIORITY.LOW
 
 def tamper(payload, **kwargs):
     """
-    Add random inline comments inside SQL keywords (e.g. SELECT -> S/**/E/**/LECT)
+    Inserts random inline comments within SQL keywords (e.g. SELECT -> S/**/E/**/LECT)
 
     >>> import random
     >>> random.seed(0)

thirdparty/six/__init__.py

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2020 Benjamin Peterson
+# Copyright (c) 2010-2024 Benjamin Peterson
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal
@@ -29,7 +29,7 @@ import sys
 import types
 
 __author__ = "Benjamin Peterson <benjamin@python.org>"
-__version__ = "1.16.0"
+__version__ = "1.17.0"
 
 
 # Useful for very coarse version differentiation.
@@ -435,12 +435,17 @@ _urllib_request_moved_attributes = [
     MovedAttribute("HTTPErrorProcessor", "urllib2", "urllib.request"),
     MovedAttribute("urlretrieve", "urllib", "urllib.request"),
     MovedAttribute("urlcleanup", "urllib", "urllib.request"),
-    MovedAttribute("URLopener", "urllib", "urllib.request"),
-    MovedAttribute("FancyURLopener", "urllib", "urllib.request"),
     MovedAttribute("proxy_bypass", "urllib", "urllib.request"),
     MovedAttribute("parse_http_list", "urllib2", "urllib.request"),
     MovedAttribute("parse_keqv_list", "urllib2", "urllib.request"),
 ]
+if sys.version_info[:2] < (3, 14):
+    _urllib_request_moved_attributes.extend(
+        [
+            MovedAttribute("URLopener", "urllib", "urllib.request"),
+            MovedAttribute("FancyURLopener", "urllib", "urllib.request"),
+        ]
+    )
 for attr in _urllib_request_moved_attributes:
     setattr(Module_six_moves_urllib_request, attr.name, attr)
 del attr