Minor bug fix

The thread-finalization loop used a reversed comparison, causing the
wait loop to be skipped immediately:

this change reverse the comparison so it will wait while there are
active threads and elapsed time is less than the configured
THREAD_FINALIZATION_TIMEOUT:

data/txt/sha256sums.txt

@@ -166,18 +166,18 @@ eed1db5da17eca4c65a8f999166e2246eef84397687ae820bbe4984ef65a09df  extra/vulnserv
 4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811  lib/controller/__init__.py
 216c9399853b7454d36dcb552baf9f1169ec7942897ddc46504684325cb6ce00  lib/core/agent.py
 fbba89420acafcdb9ba1a95428cf2161b13cfa2d1a7ad7d5e70c14b0e04861f0  lib/core/bigarray.py
-e3b8f8cf9607d12f3de5e6bcd5031f21f50d4b331844b8e921493dfde2efe0f7  lib/core/common.py
+5b21bafe2eb07466d9751f4d80b21f256d5ffb1bb5a9639f91c09a43ec3fec87  lib/core/common.py
 d53a8aecab8af8b8da4dc1c74d868f70a38770d34b1fa50cae4532cae7ce1c87  lib/core/compat.py
-ebe518089733722879f5a13e73020ebe55d46fb7410cacf292ca4ea1d9d1c56a  lib/core/convert.py
+f83118ffc45f9d53ea9b429bc520067cfba561cd44f9ad9473f66eb7acfd5758  lib/core/convert.py
 ae500647c4074681749735a4f3b17b7eca44868dd3f39f9cab0a575888ba04a1  lib/core/data.py
 ffae7cfe9f9afb92e887b9a8dbc1630d0063e865f35984ae417b04a4513e5024  lib/core/datatype.py
-8a5a6f5313726d6880aeb1ffca35bc2ff6ecd3709b3e987551189a72fed25bf0  lib/core/decorators.py
+1d70d75a1c1a2a0ad295f727ee9f1d90cea851dfc2f8c9a85ef79c7975007ead  lib/core/decorators.py
 d573a37bb00c8b65f75b275aa92549683180fb209b75fd0ff3870e3848939900  lib/core/defaults.py
 ce6e1c1766acd95168f7708ddcacaa4a586c21ffc9e92024c4715611c802b60c  lib/core/dicts.py
 c9d1f64648062d7962caf02c4e2e7d84e8feb2a14451146f627112aae889afcd  lib/core/dump.py
-c1f211843ccc93a50639ae6f4a50eb434f334e095d9fea440cebe589004374f3  lib/core/enums.py
+2ca709fb52b4a1bc83cfe2acdad7e7d4dca1fee6a775e9290f0f1f517955d0b9  lib/core/enums.py
 00a9b29caa81fe4a5ef145202f9c92e6081f90b2a85cd76c878d520d900ad856  lib/core/exception.py
-629c0d06d4f4d093badfc8d1de49432d058f66f3223b08dded012eaf05719de2  lib/core/gui.py
+1c48804c10b94da696d3470efbd25d2fff0f0bbf2af0101aaac8f8c097fce02b  lib/core/gui.py
 4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811  lib/core/__init__.py
 3d308440fb01d04b5d363bfbe0f337756b098532e5bb7a1c91d5213157ec2c35  lib/core/log.py
 2a06dc9b5c17a1efdcdb903545729809399f1ee96f7352cc19b9aaa227394ff3  lib/core/optiondict.py
@@ -188,7 +188,7 @@ c4bfb493a03caf84dd362aec7c248097841de804b7413d0e1ecb8a90c8550bc0  lib/core/readl
 d1bd70c1a55858495c727fbec91e30af267459c8f64d50fabf9e4ee2c007e920  lib/core/replication.py
 1d0f80b0193ac5204527bfab4bde1a7aee0f693fd008e86b4b29f606d1ef94f3  lib/core/revision.py
 d2eb8e4b05ac93551272b3d4abfaf5b9f2d3ac92499a7704c16ed0b4f200db38  lib/core/session.py
-671255b7fd3714ef4315b8ff6f73e09496170d21796dd5e73062654be4ed615e  lib/core/settings.py
+eba30dd85c52223447d25514ff2a467f409398052dd81d280c406ffd77852b26  lib/core/settings.py
 1c5eab9494eb969bc9ce118a2ea6954690c6851cbe54c18373c723b99734bf09  lib/core/shell.py
 4eea6dcf023e41e3c64b210cb5c2efc7ca893b727f5e49d9c924f076bb224053  lib/core/subprocessng.py
 cdd352e1331c6b535e780f6edea79465cb55af53aa2114dcea0e8bf382e56d1a  lib/core/target.py
@@ -220,7 +220,7 @@ fcab35db1da4ac11d8c5b8291f9c87b8d7bb073c460c438374bc5a71ce5c65a6  lib/request/in
 03490bed87a54bf6c42a33ac1a66f7f8504c2398534a211e7e9306f408cd506a  lib/request/methodrequest.py
 eba8b1638c0c19d497dcbab86c9508b2ce870551b16a40db752a13c697d7d267  lib/request/pkihandler.py
 6336a6aba124905dab3e5ff67f76cf9b735c2a2879cc3bc8951cb06bea125895  lib/request/rangehandler.py
-14b402c3a927b7fb251622c9f4faf507993e033bd3b1cc281fe2873b9a382a51  lib/request/redirecthandler.py
+083b961fcd6957c62b00c69d0435eac4612152b8d66e2358cf860a633fb2b0a8  lib/request/redirecthandler.py
 3157d66bb021b71b2e71e355b209578d15f83000f0655bcf0cd7c7eed5d4669b  lib/request/templates.py
 5f5680c5b1db48ed2a13f47ba9de8b816d9d4f7f4c7abd07a48eb7ecbe9cf3ca  lib/takeover/abstraction.py
 250782249ee5afbcf3f398c596edbc3a9a1b35b3e11ac182678f6e22c1449852  lib/takeover/icmpsh.py
@@ -230,7 +230,7 @@ eba8b1638c0c19d497dcbab86c9508b2ce870551b16a40db752a13c697d7d267  lib/request/pk
 479cf4a9c0733ba62bfa764e465a59277d21661647304fa10f6f80bf6ecc518b  lib/takeover/udf.py
 08270a96d51339f628683bce58ee53c209d3c88a64be39444be5e2f9d98c0944  lib/takeover/web.py
 d40d5d1596d975b4ff258a70ad084accfcf445421b08dcf010d36986895e56cb  lib/takeover/xp_cmdshell.py
-9b3ccafc39f24000a148484a005226b8ba5ac142f141a8bd52160dfc56941538  lib/techniques/blind/inference.py
+3a355d277fa558c90fa040b3a02b99690671bf99a7a4ffb20a9a45878b09ab5e  lib/techniques/blind/inference.py
 4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811  lib/techniques/blind/__init__.py
 4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811  lib/techniques/dns/__init__.py
 d20798551d141b3eb0b1c789ee595f776386469ac3f9aeee612fd7a5607b98cd  lib/techniques/dns/test.py
@@ -477,7 +477,7 @@ f5cad477023c8145c4db7aa530976fc75b098cf59a49905f28d02f6771fd9697  README.md
 535ab6ac8b8441a3758cee86df3e68abec8b43eee54e32777967252057915acc  sqlmapapi.py
 168309215af7dd5b0b71070e1770e72f1cbb29a3d8025143fb8aa0b88cd56b62  sqlmapapi.yaml
 a40607ce164eb2d21865288d24b863edb1c734b56db857e130ac1aef961c80b9  sqlmap.conf
-822b706e791eba9b994b08e7600a3adfc3843d360437edfa0bfd588a1f58a13c  sqlmap.py
+ee57424aa71fbf2d2d1189304f91e95aac812912b7826ea67cfbc07b11aaa6b6  sqlmap.py
 82caac95182ac5cae02eb7d8a2dc07e71389aeae6b838d3d3f402c9597eb086a  tamper/0eunion.py
 bc8f5e638578919e4e75a5b01a84b47456bac0fd540e600975a52408a3433460  tamper/apostrophemask.py
 c9c3d71f11de0140906d7b4f24fadb9926dc8eaf5adab864f8106275f05526ce  tamper/apostrophenullencode.py

lib/core/common.py

@@ -2204,19 +2204,19 @@ def safeStringFormat(format_, params):
             while True:
                 match = re.search(r"(\A|[^A-Za-z0-9])(%s)([^A-Za-z0-9]|\Z)", retVal)
                 if match:
-                    if count >= len(params):
-                        warnMsg = "wrong number of parameters during string formatting. "
-                        warnMsg += "Please report by e-mail content \"%r | %r | %r\" to '%s'" % (format_, params, retVal, DEV_EMAIL_ADDRESS)
-                        raise SqlmapValueException(warnMsg)
-                    else:
-                        try:
-                            retVal = re.sub(r"(\A|[^A-Za-z0-9])(%s)([^A-Za-z0-9]|\Z)", r"\g<1>%s\g<3>" % params[count], retVal, 1)
-                        except re.error:
-                            retVal = retVal.replace(match.group(0), match.group(0) % params[count], 1)
-                        count += 1
+                    try:
+                        retVal = re.sub(r"(\A|[^A-Za-z0-9])(%s)([^A-Za-z0-9]|\Z)", r"\g<1>%s\g<3>" % params[count % len(params)], retVal, 1)
+                    except re.error:
+                        retVal = retVal.replace(match.group(0), match.group(0) % params[count % len(params)], 1)
+                    count += 1
                 else:
                     break
 
+            if count > len(params) and count % len(params):
+                warnMsg = "wrong number of parameters during string formatting. "
+                warnMsg += "Please report by e-mail content \"%r | %r | %r\" to '%s'" % (format_, params, retVal, DEV_EMAIL_ADDRESS)
+                raise SqlmapValueException(warnMsg)
+
     retVal = getText(retVal).replace(PARAMETER_PERCENTAGE_MARKER, '%')
 
     return retVal

lib/core/convert.py

@@ -316,7 +316,7 @@ def getBytes(value, encoding=None, errors="strict", unsafe=True):
             retVal = value.encode(encoding, errors)
 
             if unsafe:
-                retVal = re.sub(r"%s([0-9a-f]{2})" % SAFE_HEX_MARKER, lambda _: decodeHex(_.group(1)), retVal)
+                retVal = re.sub((r"%s([0-9a-f]{2})" % SAFE_HEX_MARKER).encode(), lambda _: decodeHex(_.group(1)), retVal)
         else:
             try:
                 retVal = value.encode(encoding, errors)

lib/core/decorators.py

@@ -43,11 +43,11 @@ def cachedmethod(f):
     def _f(*args, **kwargs):
         parts = (
             f.__module__ + "." + f.__name__,
-            "|".join(repr(a) for a in args),
-            "|".join("%s=%r" % (k, kwargs[k]) for k in sorted(kwargs))
+            "^".join(repr(a) for a in args),
+            "^".join("%s=%r" % (k, kwargs[k]) for k in sorted(kwargs))
         )
         try:
-            key = int(hashlib.md5("|".join(parts).encode(UNICODE_ENCODING)).hexdigest(), 16) & 0x7fffffffffffffff
+            key = int(hashlib.md5("`".join(parts).encode(UNICODE_ENCODING)).hexdigest(), 16) & 0x7fffffffffffffff
         except ValueError:  # https://github.com/sqlmapproject/sqlmap/issues/4281 (NOTE: non-standard Python behavior where hexdigest returns binary value)
             result = f(*args, **kwargs)
         else:

lib/core/enums.py

@@ -205,19 +205,19 @@ class HASH(object):
     SHA256_BASE64 = r'\A[a-zA-Z0-9+/]{43}=\Z'
     SHA512_BASE64 = r'\A[a-zA-Z0-9+/]{86}==\Z'
 
-# Reference: http://www.zytrax.com/tech/web/mobile_ids.html
+# Reference: https://whatmyuseragent.com/brand/
 class MOBILES(object):
     BLACKBERRY = ("BlackBerry Z10", "Mozilla/5.0 (BB10; Kbd) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.3.2205 Mobile Safari/537.35+")
-    GALAXY = ("Samsung Galaxy S8", "Mozilla/5.0 (Linux; Android 8.0.0; SM-G955U Build/R16NW; en-us) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.136 Mobile Safari/537.36 Puffin/9.0.0.50263AP")
+    GALAXY = ("Samsung Galaxy A54",  "Mozilla/5.0 (Linux; Android 15; SM-A546B) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.7339.155 Mobile Safari/537.36 AirWatchBrowser/25.08.0.2131")
     HP = ("HP iPAQ 6365", "Mozilla/4.0 (compatible; MSIE 4.01; Windows CE; PPC; 240x320; HP iPAQ h6300)")
-    HTC = ("HTC 10", "Mozilla/5.0 (Linux; Android 8.0.0; HTC 10 Build/OPR1.170623.027) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Mobile Safari/537.36")
-    HUAWEI = ("Huawei P8", "Mozilla/5.0 (Linux; Android 4.4.4; HUAWEI H891L Build/HuaweiH891L) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36")
-    IPHONE = ("Apple iPhone 8", "Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1")
-    LUMIA = ("Microsoft Lumia 950", "Mozilla/5.0 (Windows Phone 10.0; Android 6.0.1; Microsoft; Lumia 950) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Mobile Safari/537.36 Edge/15.15063")
+    HTC = ("HTC One X2", "Mozilla/5.0 (Linux; Android 14; X2-HT) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.7204.46 Mobile Safari/537.36")
+    HUAWEI = ("Huawei Honor 90 Pro", "Mozilla/5.0 (Linux; Android 15; REP-AN00 Build/HONORREP-AN00; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/133.0.6943.137 Mobile Safari/537.36")
+    IPHONE = ("Apple iPhone 15 Pro Max", "Mozilla/7.0 (iPhone; CPU iPhone OS 18_7; iPhone 15 Pro Max) AppleWebKit/533.2 (KHTML, like Gecko) CriOS/126.0.6478.35 Mobile/15E148 Safari/804.17")
+    LUMIA = ("Microsoft Lumia 950 XL", "Mozilla/5.0 (Windows Mobile 10; Android 10.0;Microsoft;Lumia 950XL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Mobile Safari/537.36 Edge/40.15254.603")
     NEXUS = ("Google Nexus 7", "Mozilla/5.0 (Linux; Android 4.1.1; Nexus 7 Build/JRO03D) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.166 Safari/535.19")
     NOKIA = ("Nokia N97", "Mozilla/5.0 (SymbianOS/9.4; Series60/5.0 NokiaN97-1/10.0.012; Profile/MIDP-2.1 Configuration/CLDC-1.1; en-us) AppleWebKit/525 (KHTML, like Gecko) WicKed/7.1.12344")
-    PIXEL = ("Google Pixel", "Mozilla/5.0 (Linux; Android 10; Pixel) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.117 Mobile Safari/537.36")
-    XIAOMI = ("Xiaomi Mi 8 Pro", "Mozilla/5.0 (Linux; Android 9; MI 8 Pro Build/PKQ1.180729.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/87.0.4280.66 Mobile Safari/537.36")
+    PIXEL = ("Google Pixel 9", "Mozilla/5.0 (Linux; Android 14; Pixel 9) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/24.0 Chrome/139.0.0.0 Mobile Safari/537.36")
+    XIAOMI = ("Xiaomi Redmi 15C", "Mozilla/5.0 (Linux; Android 15; REDMI 15C Build/AP3A.240905.015.A2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.6312.118 Mobile Safari/537.36 XiaoMi/MiuiBrowser/14.43.0-gn")
 
 class PROXY_TYPE(object):
     HTTP = "HTTP"

lib/core/gui.py

@@ -61,18 +61,6 @@ def runGui(parser):
             else:
                 self.set(self.old_value)
 
-    # Reference: https://code.activestate.com/recipes/580726-tkinter-notebook-that-fits-to-the-height-of-every-/
-    class AutoresizableNotebook(_tkinter_ttk.Notebook):
-        def __init__(self, master=None, **kw):
-            _tkinter_ttk.Notebook.__init__(self, master, **kw)
-            self.bind("<<NotebookTabChanged>>", self._on_tab_changed)
-
-        def _on_tab_changed(self, event):
-            event.widget.update_idletasks()
-
-            tab = event.widget.nametowidget(event.widget.select())
-            event.widget.configure(height=tab.winfo_reqheight())
-
     try:
         window = _tkinter.Tk()
     except Exception as ex:
@@ -81,11 +69,41 @@ def runGui(parser):
 
     window.title(VERSION_STRING)
 
-    # Reference: https://www.holadevs.com/pregunta/64750/change-selected-tab-color-in-ttknotebook
+    # Set theme and colors
+    bg_color = "#f5f5f5"
+    fg_color = "#333333"
+    accent_color = "#2c7fb8"
+    window.configure(background=bg_color)
+
+    # Configure styles
     style = _tkinter_ttk.Style()
-    settings = {"TNotebook.Tab": {"configure": {"padding": [5, 1], "background": "#fdd57e"}, "map": {"background": [("selected", "#C70039"), ("active", "#fc9292")], "foreground": [("selected", "#ffffff"), ("active", "#000000")]}}}
-    style.theme_create("custom", parent="alt", settings=settings)
-    style.theme_use("custom")
+
+    # Try to use a more modern theme if available
+    available_themes = style.theme_names()
+    if 'clam' in available_themes:
+        style.theme_use('clam')
+    elif 'alt' in available_themes:
+        style.theme_use('alt')
+
+    # Configure notebook style
+    style.configure("TNotebook", background=bg_color)
+    style.configure("TNotebook.Tab",
+                   padding=[10, 4],
+                   background="#e1e1e1",
+                   font=('Helvetica', 9))
+    style.map("TNotebook.Tab",
+             background=[("selected", accent_color), ("active", "#7fcdbb")],
+             foreground=[("selected", "white"), ("active", "white")])
+
+    # Configure button style
+    style.configure("TButton",
+                   padding=4,
+                   relief="flat",
+                   background=accent_color,
+                   foreground="white",
+                   font=('Helvetica', 9))
+    style.map("TButton",
+             background=[('active', '#41b6c4')])
 
     # Reference: https://stackoverflow.com/a/10018670
     def center(window):
@@ -138,16 +156,16 @@ def runGui(parser):
         config = {}
 
         for key in window._widgets:
-            dest, type = key
+            dest, widget_type = key
             widget = window._widgets[key]
 
             if hasattr(widget, "get") and not widget.get():
                 value = None
-            elif type == "string":
+            elif widget_type == "string":
                 value = widget.get()
-            elif type == "float":
+            elif widget_type == "float":
                 value = float(widget.get())
-            elif type == "int":
+            elif widget_type == "int":
                 value = int(widget.get())
             else:
                 value = bool(widget.var.get())
@@ -155,7 +173,9 @@ def runGui(parser):
             config[dest] = value
 
         for option in parser.option_list:
-            config[option.dest] = defaults.get(option.dest, None)
+            # Only set default if not already set by the user
+            if option.dest not in config or config[option.dest] is None:
+                config[option.dest] = defaults.get(option.dest, None)
 
         handle, configFile = tempfile.mkstemp(prefix=MKSTEMP_PREFIX.CONFIG, text=True)
         os.close(handle)
@@ -183,12 +203,20 @@ def runGui(parser):
 
         top = _tkinter.Toplevel()
         top.title("Console")
+        top.configure(background=bg_color)
+
+        # Create a frame for the console
+        console_frame = _tkinter.Frame(top, bg=bg_color)
+        console_frame.pack(fill=_tkinter.BOTH, expand=True, padx=10, pady=10)
 
         # Reference: https://stackoverflow.com/a/13833338
-        text = _tkinter_scrolledtext.ScrolledText(top, undo=True)
+        text = _tkinter_scrolledtext.ScrolledText(console_frame, undo=True, wrap=_tkinter.WORD,
+                                                bg="#2c3e50", fg="#ecf0f1",
+                                                insertbackground="white",
+                                                font=('Consolas', 10))
         text.bind("<Key>", onKeyPress)
         text.bind("<Return>", onReturnPress)
-        text.pack()
+        text.pack(fill=_tkinter.BOTH, expand=True)
         text.focus()
 
         center(top)
@@ -196,7 +224,6 @@ def runGui(parser):
         while True:
             line = ""
             try:
-                # line = queue.get_nowait()
                 line = queue.get(timeout=.1)
                 text.insert(_tkinter.END, line)
             except _queue.Empty:
@@ -206,9 +233,10 @@ def runGui(parser):
                 if not alive:
                     break
 
-    menubar = _tkinter.Menu(window)
+    # Create a menu bar
+    menubar = _tkinter.Menu(window, bg=bg_color, fg=fg_color)
 
-    filemenu = _tkinter.Menu(menubar, tearoff=0)
+    filemenu = _tkinter.Menu(menubar, tearoff=0, bg=bg_color, fg=fg_color)
     filemenu.add_command(label="Open", state=_tkinter.DISABLED)
     filemenu.add_command(label="Save", state=_tkinter.DISABLED)
     filemenu.add_separator()
@@ -217,7 +245,7 @@ def runGui(parser):
 
     menubar.add_command(label="Run", command=run)
 
-    helpmenu = _tkinter.Menu(menubar, tearoff=0)
+    helpmenu = _tkinter.Menu(menubar, tearoff=0, bg=bg_color, fg=fg_color)
     helpmenu.add_command(label="Official site", command=lambda: webbrowser.open(SITE))
     helpmenu.add_command(label="Github pages", command=lambda: webbrowser.open(GIT_PAGE))
     helpmenu.add_command(label="Wiki pages", command=lambda: webbrowser.open(WIKI_PAGE))
@@ -226,59 +254,173 @@ def runGui(parser):
     helpmenu.add_command(label="About", command=lambda: _tkinter_messagebox.showinfo("About", "Copyright (c) 2006-2025\n\n    (%s)" % DEV_EMAIL_ADDRESS))
     menubar.add_cascade(label="Help", menu=helpmenu)
 
-    window.config(menu=menubar)
+    window.config(menu=menubar, bg=bg_color)
     window._widgets = {}
 
-    notebook = AutoresizableNotebook(window)
+    # Create header frame
+    header_frame = _tkinter.Frame(window, bg=bg_color, height=60)
+    header_frame.pack(fill=_tkinter.X, pady=(0, 5))
+    header_frame.pack_propagate(0)
 
-    first = None
-    frames = {}
+    # Add header label
+    title_label = _tkinter.Label(header_frame, text="Configuration",
+                                font=('Helvetica', 14),
+                                fg=accent_color, bg=bg_color)
+    title_label.pack(side=_tkinter.LEFT, padx=15)
 
+    # Add run button in header
+    run_button = _tkinter_ttk.Button(header_frame, text="Run", command=run, width=12)
+    run_button.pack(side=_tkinter.RIGHT, padx=15)
+
+    # Create notebook
+    notebook = _tkinter_ttk.Notebook(window)
+    notebook.pack(expand=1, fill="both", padx=5, pady=(0, 5))
+
+    # Store tab information for background loading
+    tab_frames = {}
+    tab_canvases = {}
+    tab_scrollable_frames = {}
+    tab_groups = {}
+
+    # Create empty tabs with scrollable areas first (fast)
     for group in parser.option_groups:
-        frame = frames[group.title] = _tkinter.Frame(notebook, width=200, height=200)
-        notebook.add(frames[group.title], text=group.title)
+        # Create a frame with scrollbar for the tab
+        tab_frame = _tkinter.Frame(notebook, bg=bg_color)
+        tab_frames[group.title] = tab_frame
 
-        _tkinter.Label(frame).grid(column=0, row=0, sticky=_tkinter.W)
+        # Create a canvas with scrollbar
+        canvas = _tkinter.Canvas(tab_frame, bg=bg_color, highlightthickness=0)
+        scrollbar = _tkinter_ttk.Scrollbar(tab_frame, orient="vertical", command=canvas.yview)
+        scrollable_frame = _tkinter.Frame(canvas, bg=bg_color)
+
+        # Store references
+        tab_canvases[group.title] = canvas
+        tab_scrollable_frames[group.title] = scrollable_frame
+        tab_groups[group.title] = group
+
+        # Configure the canvas scrolling
+        scrollable_frame.bind(
+            "<Configure>",
+            lambda e, canvas=canvas: canvas.configure(scrollregion=canvas.bbox("all"))
+        )
+
+        canvas.create_window((0, 0), window=scrollable_frame, anchor="nw")
+        canvas.configure(yscrollcommand=scrollbar.set)
+
+        # Pack the canvas and scrollbar
+        canvas.pack(side="left", fill="both", expand=True)
+        scrollbar.pack(side="right", fill="y")
+
+        # Add the tab to the notebook
+        notebook.add(tab_frame, text=group.title)
+
+        # Add a loading indicator
+        loading_label = _tkinter.Label(scrollable_frame, text="Loading options...",
+                                     font=('Helvetica', 12),
+                                     fg=accent_color, bg=bg_color)
+        loading_label.pack(expand=True)
+
+    # Function to populate a tab in the background
+    def populate_tab(tab_name):
+        group = tab_groups[tab_name]
+        scrollable_frame = tab_scrollable_frames[tab_name]
+        canvas = tab_canvases[tab_name]
+
+        # Remove loading indicator
+        for child in scrollable_frame.winfo_children():
+            child.destroy()
+
+        # Add content to the scrollable frame
+        row = 0
 
-        row = 1
         if group.get_description():
-            _tkinter.Label(frame, text="%s:" % group.get_description()).grid(column=0, row=1, columnspan=3, sticky=_tkinter.W)
-            _tkinter.Label(frame).grid(column=0, row=2, sticky=_tkinter.W)
-            row += 2
+            desc_label = _tkinter.Label(scrollable_frame, text=group.get_description(),
+                                      wraplength=600, justify="left",
+                                      font=('Helvetica', 9),
+                                      fg="#555555", bg=bg_color)
+            desc_label.grid(row=row, column=0, columnspan=3, sticky="w", padx=10, pady=(10, 5))
+            row += 1
 
         for option in group.option_list:
-            _tkinter.Label(frame, text="%s " % parser.formatter._format_option_strings(option)).grid(column=0, row=row, sticky=_tkinter.W)
+            # Option label
+            option_label = _tkinter.Label(scrollable_frame,
+                                        text=parser.formatter._format_option_strings(option) + ":",
+                                        font=('Helvetica', 9),
+                                        fg=fg_color, bg=bg_color,
+                                        anchor="w")
+            option_label.grid(row=row, column=0, sticky="w", padx=10, pady=2)
 
+            # Input widget
             if option.type == "string":
-                widget = _tkinter.Entry(frame)
+                widget = _tkinter.Entry(scrollable_frame, font=('Helvetica', 9),
+                                      relief="sunken", bd=1, width=20)
+                widget.grid(row=row, column=1, sticky="w", padx=5, pady=2)
             elif option.type == "float":
-                widget = ConstrainedEntry(frame, regex=r"\A\d*\.?\d*\Z")
+                widget = ConstrainedEntry(scrollable_frame, regex=r"\A\d*\.?\d*\Z",
+                                        font=('Helvetica', 9),
+                                        relief="sunken", bd=1, width=10)
+                widget.grid(row=row, column=1, sticky="w", padx=5, pady=2)
             elif option.type == "int":
-                widget = ConstrainedEntry(frame, regex=r"\A\d*\Z")
+                widget = ConstrainedEntry(scrollable_frame, regex=r"\A\d*\Z",
+                                        font=('Helvetica', 9),
+                                        relief="sunken", bd=1, width=10)
+                widget.grid(row=row, column=1, sticky="w", padx=5, pady=2)
             else:
                 var = _tkinter.IntVar()
-                widget = _tkinter.Checkbutton(frame, variable=var)
+                widget = _tkinter.Checkbutton(scrollable_frame, variable=var,
+                                            bg=bg_color, activebackground=bg_color)
                 widget.var = var
+                widget.grid(row=row, column=1, sticky="w", padx=5, pady=2)
 
-            first = first or widget
-            widget.grid(column=1, row=row, sticky=_tkinter.W)
+            # Help text (truncated to improve performance)
+            help_text = option.help
+            if len(help_text) > 100:
+                help_text = help_text[:100] + "..."
 
+            help_label = _tkinter.Label(scrollable_frame, text=help_text,
+                                      font=('Helvetica', 8),
+                                      fg="#666666", bg=bg_color,
+                                      wraplength=400, justify="left")
+            help_label.grid(row=row, column=2, sticky="w", padx=5, pady=2)
+
+            # Store widget reference
             window._widgets[(option.dest, option.type)] = widget
 
+            # Set default value
             default = defaults.get(option.dest)
             if default:
                 if hasattr(widget, "insert"):
                     widget.insert(0, default)
-
-            _tkinter.Label(frame, text=" %s" % option.help).grid(column=2, row=row, sticky=_tkinter.W)
+                elif hasattr(widget, "var"):
+                    widget.var.set(1 if default else 0)
 
             row += 1
 
-        _tkinter.Label(frame).grid(column=0, row=row, sticky=_tkinter.W)
+        # Add some padding at the bottom
+        _tkinter.Label(scrollable_frame, bg=bg_color, height=1).grid(row=row, column=0)
 
-    notebook.pack(expand=1, fill="both")
-    notebook.enable_traversal()
+        # Update the scroll region after adding all widgets
+        canvas.update_idletasks()
+        canvas.configure(scrollregion=canvas.bbox("all"))
 
-    first.focus()
+        # Update the UI to show the tab is fully loaded
+        window.update_idletasks()
 
+    # Function to populate tabs in the background
+    def populate_tabs_background():
+        for tab_name in tab_groups.keys():
+            # Schedule each tab to be populated with a small delay between them
+            window.after(100, lambda name=tab_name: populate_tab(name))
+
+    # Start populating tabs in the background after a short delay
+    window.after(500, populate_tabs_background)
+
+    # Set minimum window size
+    window.update()
+    window.minsize(800, 500)
+
+    # Center the window on screen
+    center(window)
+
+    # Start the GUI
     window.mainloop()

lib/core/settings.py

@@ -19,7 +19,7 @@ from lib.core.enums import OS
 from thirdparty import six
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.9.9.2"
+VERSION = "1.9.11.0"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
@@ -61,7 +61,7 @@ LOWER_RATIO_BOUND = 0.02
 UPPER_RATIO_BOUND = 0.98
 
 # For filling in case of dumb push updates
-DUMMY_JUNK = "ahy9Ouge"
+DUMMY_JUNK = "Aich8ooT"
 
 # Markers for special cases when parameter values contain html encoded characters
 PARAMETER_AMP_MARKER = "__PARAMETER_AMP__"

lib/request/redirecthandler.py

@@ -194,7 +194,7 @@ class SmartRedirectHandler(_urllib.request.HTTPRedirectHandler):
         result.redurl = getUnicode(redurl) if six.PY3 else redurl
         return result
 
-    http_error_301 = http_error_303 = http_error_307 = http_error_302
+    http_error_301 = http_error_303 = http_error_307 = http_error_308 = http_error_302
 
     def _infinite_loop_check(self, req):
         if hasattr(req, 'redirect_dict') and (req.redirect_dict.get(req.get_full_url(), 0) >= MAX_SINGLE_URL_REDIRECTIONS or len(req.redirect_dict) >= MAX_TOTAL_REDIRECTIONS):

lib/techniques/blind/inference.py

@@ -221,7 +221,8 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
                 markingValue = "'%s'" % CHAR_INFERENCE_MARK
                 unescapedCharValue = unescaper.escape("'%s'" % decodeIntToUnicode(posValue))
                 forgedPayload = agent.extractPayload(payload) or ""
-                forgedPayload = safeStringFormat(forgedPayload.replace(INFERENCE_GREATER_CHAR, INFERENCE_EQUALS_CHAR), (expressionUnescaped, idx, posValue)).replace(markingValue, unescapedCharValue)
+                forgedPayload = forgedPayload.replace(markingValue, unescapedCharValue)
+                forgedPayload = safeStringFormat(forgedPayload.replace(INFERENCE_GREATER_CHAR, INFERENCE_EQUALS_CHAR), (expressionUnescaped, idx, posValue))
                 result = Request.queryPage(agent.replacePayload(payload, forgedPayload), timeBasedCompare=timeBasedCompare, raise404=False)
                 incrementCounter(getTechnique())
 
@@ -246,7 +247,8 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
                 # e.g.: ... > '%c' -> ... > ORD(..)
                 markingValue = "'%s'" % CHAR_INFERENCE_MARK
                 unescapedCharValue = unescaper.escape("'%s'" % decodeIntToUnicode(value))
-                forgedPayload = safeStringFormat(validationPayload, (expressionUnescaped, idx)).replace(markingValue, unescapedCharValue)
+                forgedPayload = validationPayload.replace(markingValue, unescapedCharValue)
+                forgedPayload = safeStringFormat(forgedPayload, (expressionUnescaped, idx))
 
             result = not Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare, raise404=False)
 
@@ -352,7 +354,8 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
                         # e.g.: ... > '%c' -> ... > ORD(..)
                         markingValue = "'%s'" % CHAR_INFERENCE_MARK
                         unescapedCharValue = unescaper.escape("'%s'" % decodeIntToUnicode(posValue))
-                        forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx)).replace(markingValue, unescapedCharValue)
+                        forgedPayload = payload.replace(markingValue, unescapedCharValue)
+                        forgedPayload = safeStringFormat(forgedPayload, (expressionUnescaped, idx))
                         falsePayload = safeStringFormat(payload, (expressionUnescaped, idx)).replace(markingValue, NULL)
 
                     if timeBasedCompare:

sqlmap.py

@@ -601,7 +601,7 @@ def main():
 
         # short delay for thread finalization
         _ = time.time()
-        while threading.active_count() > 1 and (time.time() - _) > THREAD_FINALIZATION_TIMEOUT:
+        while threading.active_count() > 1 and (time.time() - _) < THREAD_FINALIZATION_TIMEOUT:
             time.sleep(0.01)
 
         if cmdLineOptions.get("sqlmapShell"):