2008-10-15 19:38:22 +04:00
#!/usr/bin/env python
"""
2008-10-15 19:56:32 +04:00
$ Id $
2008-10-15 19:38:22 +04:00
2012-01-11 18:59:46 +04:00
Copyright ( c ) 2006 - 2012 sqlmap developers ( http : / / www . sqlmap . org / )
2010-10-15 03:18:29 +04:00
See the file ' doc/COPYING ' for copying permission
2008-10-15 19:38:22 +04:00
"""
import logging
2010-05-21 16:09:31 +04:00
import os
2009-06-11 19:01:48 +04:00
import subprocess
2008-10-15 19:38:22 +04:00
import sys
2011-12-26 16:24:39 +04:00
from lib . core . enums import CUSTOM_LOGGING
2011-01-15 18:14:22 +03:00
from lib . core . enums import DBMS
2012-02-16 13:32:47 +04:00
from lib . core . enums import DBMS_DIRECTORY_NAME
2010-10-19 12:55:14 +04:00
from lib . core . revision import getRevisionNumber
2008-10-15 19:38:22 +04:00
# sqlmap version and site
2011-04-30 17:20:05 +04:00
VERSION = " 1.0-dev "
REVISION = getRevisionNumber ( )
2011-11-18 19:32:33 +04:00
VERSION_STRING = " sqlmap/ %s %s " % ( VERSION , " (r %s ) " % REVISION if REVISION else " " )
2011-04-30 17:20:05 +04:00
DESCRIPTION = " automatic SQL injection and database takeover tool "
2011-07-07 03:52:44 +04:00
SITE = " http://www.sqlmap.org "
2011-04-30 17:20:05 +04:00
ML = " sqlmap-users@lists.sourceforge.net "
2008-10-15 19:38:22 +04:00
2010-12-18 12:51:34 +03:00
# minimum distance of ratio from kb.matchRatio to result in True
2011-04-30 17:20:05 +04:00
DIFF_TOLERANCE = 0.05
CONSTANT_RATIO = 0.9
2010-11-10 01:32:05 +03:00
2011-01-03 11:32:06 +03:00
# lower and upper values for match ratio in case of stable page
LOWER_RATIO_BOUND = 0.02
UPPER_RATIO_BOUND = 0.98
2008-10-15 19:38:22 +04:00
# sqlmap logger
2011-12-26 16:24:39 +04:00
logging . addLevelName ( CUSTOM_LOGGING . PAYLOAD , " PAYLOAD " )
logging . addLevelName ( CUSTOM_LOGGING . TRAFFIC_OUT , " TRAFFIC OUT " )
logging . addLevelName ( CUSTOM_LOGGING . TRAFFIC_IN , " TRAFFIC IN " )
2009-04-22 15:48:07 +04:00
2011-04-30 17:20:05 +04:00
LOGGER = logging . getLogger ( " sqlmapLog " )
LOGGER_HANDLER = logging . StreamHandler ( sys . stdout )
2011-06-21 01:18:12 +04:00
FORMATTER = logging . Formatter ( " \r [ %(asctime)s ] [ %(levelname)s ] %(message)s " , " % H: % M: % S " )
2008-10-15 19:38:22 +04:00
LOGGER_HANDLER . setFormatter ( FORMATTER )
LOGGER . addHandler ( LOGGER_HANDLER )
LOGGER . setLevel ( logging . WARN )
2010-10-21 13:51:07 +04:00
# dump markers
DUMP_NEWLINE_MARKER = " __NEWLINE__ "
2011-04-30 17:20:05 +04:00
DUMP_CR_MARKER = " __CARRIAGE_RETURN__ "
DUMP_TAB_MARKER = " __TAB__ "
2011-12-22 14:59:28 +04:00
DUMP_DEL_MARKER = " __DEL__ "
2010-10-21 13:51:07 +04:00
2012-02-14 18:08:10 +04:00
# markers for special cases when parameter values contain html encoded characters
PARAMETER_AMP_MARKER = " __AMP__ "
PARAMETER_SEMICOLON_MARKER = " __SEMICOLON__ "
2012-02-17 18:22:48 +04:00
PARTIAL_VALUE_MARKER = " __PARTIAL__ "
2011-02-04 15:43:18 +03:00
URI_QUESTION_MARKER = " __QUESTION_MARK__ "
2011-04-30 17:20:05 +04:00
PAYLOAD_DELIMITER = " \x00 "
2010-12-10 14:32:46 +03:00
CHAR_INFERENCE_MARK = " %c "
2011-04-14 13:43:36 +04:00
PRINTABLE_CHAR_REGEX = r ' [^ \ x00- \ x1f \ x7e- \ xff] '
2010-12-11 13:52:04 +03:00
2012-02-20 14:02:19 +04:00
# regular expression used for extracting results from google search
GOOGLE_REGEX = r ' url \ ?q=(http[^>]+)&sa=U& '
2011-02-15 03:28:27 +03:00
# dumping characters used in GROUP_CONCAT MySQL technique
2011-04-30 17:20:05 +04:00
CONCAT_ROW_DELIMITER = ' , '
CONCAT_VALUE_DELIMITER = ' | '
2011-02-15 03:28:27 +03:00
2010-12-21 18:13:13 +03:00
# coefficient used for a time-based query delay checking (must be >= 7)
2011-08-12 21:19:19 +04:00
TIME_STDEV_COEFF = 7
2011-01-16 20:52:42 +03:00
2011-04-19 14:37:20 +04:00
# standard deviation after which a warning message should be displayed about connection lags
WARN_TIME_STDEV = 0.5
2011-03-31 13:35:09 +04:00
# minimum length of usable union injected response (quick defense against substr fields)
UNION_MIN_RESPONSE_CHARS = 10
2011-02-02 14:22:35 +03:00
# coefficient used for a union-based number of columns checking (must be >= 7)
UNION_STDEV_COEFF = 7
2011-01-16 20:52:42 +03:00
# length of queue for candidates for time delay adjustment
TIME_DELAY_CANDIDATES = 3
2011-07-06 09:44:47 +04:00
# standard value for HTTP Accept header
HTTP_ACCEPT_HEADER_VALUE = " text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 "
2011-02-22 16:00:58 +03:00
# HTTP timeout in silent mode
HTTP_SILENT_TIMEOUT = 3
2010-12-21 18:26:23 +03:00
# maximum number of techniques used in inject.py/getValue() per one value
MAX_TECHNIQUES_PER_VALUE = 2
2010-12-21 18:24:14 +03:00
2010-12-12 01:13:19 +03:00
# suffix used for naming meta databases in DBMS(es) without explicit database name
2011-01-16 20:52:42 +03:00
METADB_SUFFIX = " _masterdb "
2010-12-12 01:13:19 +03:00
2010-12-11 13:52:04 +03:00
# minimum time response set needed for time-comparison based on standard deviation
2011-02-07 15:34:23 +03:00
MIN_TIME_RESPONSES = 10
2010-12-08 15:49:26 +03:00
2011-02-02 16:03:24 +03:00
# minimum comparison ratio set needed for searching valid union column number based on standard deviation
MIN_UNION_RESPONSES = 5
2010-12-11 13:52:04 +03:00
# after these number of blanks at the end inference should stop (just in case)
2012-01-30 14:19:03 +04:00
INFERENCE_BLANK_BREAK = 10
2010-12-11 13:52:04 +03:00
2011-01-17 13:15:19 +03:00
# use this replacement character for cases when inference is not able to retrieve the proper character value
INFERENCE_UNKNOWN_CHAR = ' ? '
2011-01-31 18:00:41 +03:00
# character used for operation "greater" in inference
INFERENCE_GREATER_CHAR = " > "
# character used for operation "equals" in inference
INFERENCE_EQUALS_CHAR = " = "
2011-01-31 19:07:23 +03:00
# character used for operation "not-equals" in inference
INFERENCE_NOT_EQUALS_CHAR = " != "
2010-12-21 18:13:13 +03:00
# string used for representation of unknown dbms version
UNKNOWN_DBMS_VERSION = " Unknown "
2010-12-24 14:06:57 +03:00
# dynamicity mark length used in dynamicity removal engine
DYNAMICITY_MARK_LENGTH = 32
2011-12-22 19:42:21 +04:00
# length of FIFO buffer for removing possible duplicates in union/inband data retrieval
UNION_UNIQUE_FIFO_LENGTH = 10
2010-12-27 13:56:28 +03:00
# dummy user prefix used in dictionary attack
2011-01-17 13:23:37 +03:00
DUMMY_USER_PREFIX = " __dummy__ "
# Reference: http://en.wikipedia.org/wiki/ISO/IEC_8859-1
DEFAULT_PAGE_ENCODING = " iso-8859-1 "
2010-12-27 13:56:28 +03:00
2009-04-22 15:48:07 +04:00
# System variables
2011-04-30 17:20:05 +04:00
IS_WIN = subprocess . mswindows
2010-05-21 16:09:31 +04:00
# The name of the operating system dependent module imported. The following
# names have currently been registered: 'posix', 'nt', 'mac', 'os2', 'ce',
# 'java', 'riscos'
2011-04-30 17:20:05 +04:00
PLATFORM = os . name
PYVERSION = sys . version . split ( ) [ 0 ]
2009-04-22 15:48:07 +04:00
2010-03-18 20:20:54 +03:00
# Database management system specific variables
2011-06-16 17:56:17 +04:00
MSSQL_SYSTEM_DBS = ( " Northwind " , " master " , " model " , " msdb " , " pubs " , " tempdb " )
2011-04-30 17:20:05 +04:00
MYSQL_SYSTEM_DBS = ( " information_schema " , " mysql " ) # Before MySQL 5.0 only "mysql"
PGSQL_SYSTEM_DBS = ( " information_schema " , " pg_catalog " , " pg_toast " )
2011-05-25 14:55:47 +04:00
ORACLE_SYSTEM_DBS = ( " SYSTEM " , " SYSAUX " , " SYS " ) # These are TABLESPACE_NAME
2011-04-30 17:20:05 +04:00
SQLITE_SYSTEM_DBS = ( " sqlite_master " , " sqlite_temp_master " )
ACCESS_SYSTEM_DBS = ( " MSysAccessObjects " , " MSysACEs " , " MSysObjects " , " MSysQueries " , " MSysRelationships " , " MSysAccessStorage " , \
2010-03-18 20:20:54 +03:00
" MSysAccessXML " , " MSysModules " , " MSysModules2 " )
FIREBIRD_SYSTEM_DBS = ( " RDB$BACKUP_HISTORY " , " RDB$CHARACTER_SETS " , " RDB$CHECK_CONSTRAINTS " , " RDB$COLLATIONS " , " RDB$DATABASE " , \
" RDB$DEPENDENCIES " , " RDB$EXCEPTIONS " , " RDB$FIELDS " , " RDB$FIELD_DIMENSIONS " , " RDB$FILES " , " RDB$FILTERS " , \
" RDB$FORMATS " , " RDB$FUNCTIONS " , " RDB$FUNCTION_ARGUMENTS " , " RDB$GENERATORS " , " RDB$INDEX_SEGMENTS " , " RDB$INDICES " , \
" RDB$LOG_FILES " , " RDB$PAGES " , " RDB$PROCEDURES " , " RDB$PROCEDURE_PARAMETERS " , " RDB$REF_CONSTRAINTS " , " RDB$RELATIONS " , \
" RDB$RELATION_CONSTRAINTS " , " RDB$RELATION_FIELDS " , " RDB$ROLES " , " RDB$SECURITY_CLASSES " , " RDB$TRANSACTIONS " , " RDB$TRIGGERS " , \
" RDB$TRIGGER_MESSAGES " , " RDB$TYPES " , " RDB$USER_PRIVILEGES " , " RDB$VIEW_RELATIONS " )
2011-04-30 17:20:05 +04:00
MAXDB_SYSTEM_DBS = ( " SYSINFO " , " DOMAIN " )
SYBASE_SYSTEM_DBS = ( " master " , " model " , " sybsystemdb " , " sybsystemprocs " )
2011-06-25 13:44:24 +04:00
DB2_SYSTEM_DBS = ( " NULLID " , " SQLJ " , " SYSCAT " , " SYSFUN " , " SYSIBM " , " SYSIBMADM " , " SYSIBMINTERNAL " , " SYSIBMTS " , \
" SYSPROC " , " SYSPUBLIC " , " SYSSTAT " , " SYSTOOLS " )
2011-04-30 17:20:05 +04:00
2011-11-21 00:14:47 +04:00
MSSQL_ALIASES = ( " microsoft sql server " , " mssqlserver " , " mssql " , " ms " )
MYSQL_ALIASES = ( " mysql " , " my " )
PGSQL_ALIASES = ( " postgresql " , " postgres " , " pgsql " , " psql " , " pg " )
ORACLE_ALIASES = ( " oracle " , " orcl " , " ora " , " or " )
SQLITE_ALIASES = ( " sqlite " , " sqlite3 " )
ACCESS_ALIASES = ( " msaccess " , " access " , " jet " , " microsoft access " )
FIREBIRD_ALIASES = ( " firebird " , " mozilla firebird " , " interbase " , " ibase " , " fb " )
MAXDB_ALIASES = ( " maxdb " , " sap maxdb " , " sap db " )
SYBASE_ALIASES = ( " sybase " , " sybase sql server " )
DB2_ALIASES = ( " db2 " , " ibm db2 " , " ibmdb2 " )
2011-04-30 17:20:05 +04:00
2012-02-16 13:32:47 +04:00
DBMS_DIRECTORY_DICT = dict ( ( getattr ( DBMS , _ ) , getattr ( DBMS_DIRECTORY_NAME , _ ) ) for _ in dir ( DBMS ) if not _ . startswith ( " _ " ) )
2011-06-25 13:44:24 +04:00
SUPPORTED_DBMS = MSSQL_ALIASES + MYSQL_ALIASES + PGSQL_ALIASES + ORACLE_ALIASES + SQLITE_ALIASES + ACCESS_ALIASES + FIREBIRD_ALIASES + MAXDB_ALIASES + SYBASE_ALIASES + DB2_ALIASES
2011-04-30 17:20:05 +04:00
SUPPORTED_OS = ( " linux " , " windows " )
2009-02-09 13:28:03 +03:00
2011-11-21 00:14:47 +04:00
DBMS_DICT = { DBMS . MSSQL : ( MSSQL_ALIASES , " python-pymssql " , " http://pymssql.sourceforge.net/ " ) ,
DBMS . MYSQL : ( MYSQL_ALIASES , " python pymysql " , " http://code.google.com/p/pymysql/ " ) ,
DBMS . PGSQL : ( PGSQL_ALIASES , " python-psycopg2 " , " http://initd.org/psycopg/ " ) ,
DBMS . ORACLE : ( ORACLE_ALIASES , " python cx_Oracle " , " http://cx-oracle.sourceforge.net/ " ) ,
DBMS . SQLITE : ( SQLITE_ALIASES , " python-pysqlite2 " , " http://pysqlite.googlecode.com/ " ) ,
DBMS . ACCESS : ( ACCESS_ALIASES , " python-pyodbc " , " http://pyodbc.googlecode.com/ " ) ,
DBMS . FIREBIRD : ( FIREBIRD_ALIASES , " python-kinterbasdb " , " http://kinterbasdb.sourceforge.net/ " ) ,
DBMS . MAXDB : ( MAXDB_ALIASES , None , None ) ,
DBMS . SYBASE : ( SYBASE_ALIASES , " python-pymssql " , " http://pymssql.sourceforge.net/ " ) ,
DBMS . DB2 : ( DB2_ALIASES , " python ibm-db " , " http://code.google.com/p/ibm-db/ " )
2011-04-23 20:25:09 +04:00
}
2011-04-30 17:20:05 +04:00
USER_AGENT_ALIASES = ( " ua " , " useragent " , " user-agent " )
2011-12-20 16:52:41 +04:00
REFERER_ALIASES = ( " ref " , " referer " , " referrer " )
HOST_ALIASES = ( " host " , )
2011-02-14 00:58:48 +03:00
2012-02-07 16:05:23 +04:00
FROM_DUMMY_TABLE = {
2011-01-19 02:02:11 +03:00
DBMS . ORACLE : " FROM DUAL " ,
2011-07-07 17:20:40 +04:00
DBMS . ACCESS : " FROM MSysAccessObjects " ,
2011-01-19 02:02:11 +03:00
DBMS . FIREBIRD : " FROM RDB$DATABASE " ,
2011-06-25 13:44:24 +04:00
DBMS . MAXDB : " FROM VERSIONS " ,
DBMS . DB2 : " FROM SYSIBM.SYSDUMMY1 "
2011-01-19 02:02:11 +03:00
}
2011-01-15 18:14:22 +03:00
2011-04-30 17:20:05 +04:00
SQL_STATEMENTS = {
2009-04-22 15:48:07 +04:00
" SQL SELECT statement " : (
2008-12-20 16:21:47 +03:00
" select " ,
2009-02-09 13:28:03 +03:00
" show " ,
2009-02-03 02:44:19 +03:00
" top " ,
2010-01-05 19:15:31 +03:00
" distinct " ,
2008-12-20 16:21:47 +03:00
" from " ,
2008-12-23 01:48:44 +03:00
" from dual " ,
2008-12-20 16:21:47 +03:00
" where " ,
" group by " ,
" order by " ,
" having " ,
" limit " ,
" offset " ,
" union all " ,
2009-01-20 00:27:51 +03:00
" rownum as " ,
2011-12-06 14:57:23 +04:00
" (case " , ) ,
2008-12-19 23:09:46 +03:00
2009-04-22 15:48:07 +04:00
" SQL data definition " : (
2008-12-20 16:21:47 +03:00
" create " ,
2009-04-22 15:48:07 +04:00
" declare " ,
2008-12-20 16:21:47 +03:00
" drop " ,
" truncate " ,
2011-12-06 14:57:23 +04:00
" alter " , ) ,
2008-12-19 23:09:46 +03:00
2009-04-22 15:48:07 +04:00
" SQL data manipulation " : (
2012-01-13 16:54:45 +04:00
" bulk " ,
2008-12-20 16:21:47 +03:00
" insert " ,
" update " ,
" delete " ,
2011-12-06 14:57:23 +04:00
" merge " ,
" load " , ) ,
2008-12-19 23:09:46 +03:00
2009-04-22 15:48:07 +04:00
" SQL data control " : (
2012-02-02 16:55:39 +04:00
" grant " ,
" revoke " , ) ,
2008-12-19 23:09:46 +03:00
2009-04-22 15:48:07 +04:00
" SQL data execution " : (
2012-01-13 16:54:45 +04:00
" exec " ,
2011-12-06 14:57:23 +04:00
" execute " , ) ,
2009-01-10 17:39:27 +03:00
2009-04-22 15:48:07 +04:00
" SQL transaction " : (
2008-12-20 16:21:47 +03:00
" start transaction " ,
" begin work " ,
" begin transaction " ,
" commit " ,
2011-12-06 14:57:23 +04:00
" rollback " , ) ,
2009-04-22 15:48:07 +04:00
}
2010-12-25 13:16:20 +03:00
2012-02-07 14:46:55 +04:00
# string representation for NULL value
NULL = " NULL "
2012-03-14 17:52:23 +04:00
# string representation for blank ('') value
BLANK = " <blank> "
2012-02-16 18:42:28 +04:00
# string representation for current database
CURRENT_DB = " CD "
2011-03-29 16:08:07 +04:00
# Regular expressions used for parsing error messages (--parse-errors)
2012-02-22 14:40:11 +04:00
ERROR_PARSING_REGEXES = (
r " <b>[^<]*(fatal|error|warning|exception)[^<]*</b>:? \ s*(?P<result>.+?)<br \ s*/? \ s*> " ,
r " <li>Error Type:<br>(?P<result>.+?)</li> " ,
2011-01-07 20:10:58 +03:00
r " error ' [0-9a-f] {8} ' ((<[^>]+>)| \ s)+(?P<result>[^<>]+) "
2010-12-25 13:16:20 +03:00
)
2011-01-04 18:49:20 +03:00
2011-03-29 16:08:07 +04:00
# Regular expression used for parsing charset info from meta html headers
2011-04-30 17:20:05 +04:00
META_CHARSET_REGEX = r ' <meta http-equiv= " ?content-type " ?[^>]+charset=(?P<result>[^ " >]+) '
2011-01-15 18:56:11 +03:00
2011-03-29 18:16:28 +04:00
# Regular expression used for parsing refresh info from meta html headers
2011-04-30 17:20:05 +04:00
META_REFRESH_REGEX = r ' <meta http-equiv= " ?refresh " ?[^>]+content= " ?[^ " >]+url=(?P<result>[^ " >]+) '
2011-03-29 18:16:28 +04:00
2011-03-29 16:08:07 +04:00
# Regular expression used for parsing empty fields in tested form data
2011-03-29 02:48:00 +04:00
EMPTY_FORM_FIELDS_REGEX = r ' (?P<result>[^=]+=(&| \ Z)) '
2011-04-18 02:37:00 +04:00
# Regular expression for soap message recognition
SOAP_REGEX = r " \ A(< \ ?xml[^>]+>)? \ s*<soap.+</soap "
2011-01-17 12:28:25 +03:00
# Reference: http://www.cs.ru.nl/bachelorscripties/2010/Martin_Devillers___0437999___Analyzing_password_strength.pdf
2011-11-21 00:14:47 +04:00
COMMON_PASSWORD_SUFFIXES = ( " 1 " , " 123 " , " 2 " , " 12 " , " 3 " , " 13 " , " 7 " , " 11 " , " 5 " , " 22 " , " 23 " , " 01 " , " 4 " , " 07 " , " 21 " , " 14 " , " 10 " , " 06 " , " 08 " , " 8 " , " 15 " , " 69 " , " 16 " , " 6 " , " 18 " )
2011-01-17 12:28:25 +03:00
2011-01-15 18:56:11 +03:00
# Reference: http://www.the-interweb.com/serendipity/index.php?/archives/94-A-brief-analysis-of-40,000-leaked-MySpace-passwords.html
2011-11-21 00:14:47 +04:00
COMMON_PASSWORD_SUFFIXES + = ( " ! " , " . " , " * " , " !! " , " ? " , " ; " , " .. " , " !!! " , " , " , " @ " )
2011-01-20 19:07:08 +03:00
# Splitter used between requests in WebScarab log files
WEBSCARAB_SPLITTER = " ### Conversation "
# Splitter used between requests in BURP log files
2011-10-27 21:31:34 +04:00
BURP_REQUEST_REGEX = r " = { 10,} \ s+[^=]+= { 10,} \ s+.+?= { 10,} "
2011-01-27 19:55:58 +03:00
2011-01-30 14:36:03 +03:00
# Encoding used for Unicode data
UNICODE_ENCODING = " utf8 "
2011-01-31 15:41:39 +03:00
# Reference: http://www.w3.org/Protocols/HTTP/Object_Headers.html#uri
URI_HTTP_HEADER = " URI "
2011-01-31 23:36:01 +03:00
# Uri format which could be injectable (e.g. www.site.com/id82)
2012-01-06 04:06:38 +04:00
URI_INJECTABLE_REGEX = r " //[^/]*/([^ \ .*?]+) \ Z "
2011-02-02 13:10:28 +03:00
2011-02-02 17:25:16 +03:00
# Regex used for masking sensitive data
2011-03-02 13:09:17 +03:00
SENSITIVE_DATA_REGEX = " ( \ s|=)(?P<result>[^ \ s=]* %s [^ \ s]*) \ s "
2011-02-02 17:25:16 +03:00
2011-02-02 13:10:28 +03:00
# Maximum number of threads (avoiding connection issues and/or DoS)
MAX_NUMBER_OF_THREADS = 10
2011-02-03 19:59:49 +03:00
# Minimum range between minimum and maximum of statistical set
MIN_STATISTICAL_RANGE = 0.01
2011-02-04 02:25:56 +03:00
# Minimum value for comparison ratio
MIN_RATIO = 0.0
# Maximum value for comparison ratio
MAX_RATIO = 1.0
2011-02-04 15:25:14 +03:00
# Character used for marking injectable position inside URI
URI_INJECTION_MARK_CHAR = ' * '
2011-02-04 20:40:55 +03:00
# Maximum length used for retrieving data over MySQL error based payload due to "known" problems with longer result strings
2011-02-08 19:23:33 +03:00
MYSQL_ERROR_CHUNK_LENGTH = 50
2011-02-07 01:32:44 +03:00
2011-05-03 17:25:20 +04:00
# Maximum length used for retrieving data over MSSQL error based payload due to trimming problems with longer result strings
MSSQL_ERROR_CHUNK_LENGTH = 100
2011-02-07 03:33:54 +03:00
# Do not unescape the injected statement if it contains any of the following SQL words
2011-07-04 23:58:41 +04:00
EXCLUDE_UNESCAPE = ( " WAITFOR DELAY " , " INTO DUMPFILE " , " INTO OUTFILE " , " CREATE " , " BULK " , " EXEC " , " RECONFIGURE " , " DECLARE " , " ' %s ' " % CHAR_INFERENCE_MARK )
2011-02-24 19:52:46 +03:00
# Mark used for replacement of reflected values
REFLECTED_VALUE_MARKER = ' __REFLECTED_VALUE__ '
2011-02-27 20:43:41 +03:00
# Regular expression used for marking non-alphanum characters
2011-06-03 18:41:36 +04:00
REFLECTED_NON_ALPHA_NUM_REGEX = r ' [^ \ r \ n]+? '
2011-03-09 12:36:56 +03:00
2011-07-13 03:21:15 +04:00
# Maximum number of alpha-numerical parts in reflected regex (for speed purposes)
REFLECTED_MAX_REGEX_PARTS = 10
2011-04-13 15:25:42 +04:00
# Chars which can be used as a failsafe values in case of too long URL encoding value
2011-03-09 12:36:56 +03:00
URLENCODE_FAILSAFE_CHARS = ' ()|, '
2011-04-13 15:25:42 +04:00
# Maximum length of urlencoded value after which failsafe procedure takes away
2011-04-11 02:57:17 +04:00
URLENCODE_CHAR_LIMIT = 2000
2011-03-27 11:58:15 +04:00
2011-04-13 15:25:42 +04:00
# Default schema for Microsoft SQL Server DBMS
2011-03-29 16:08:07 +04:00
DEFAULT_MSSQL_SCHEMA = ' dbo '
2011-04-13 15:25:42 +04:00
# Display hash attack info every mod number of items
2011-11-02 10:53:43 +04:00
HASH_MOD_ITEM_DISPLAY = 11
2011-04-11 15:59:02 +04:00
2011-04-13 15:25:42 +04:00
# Maximum integer value
2011-04-11 15:59:02 +04:00
MAX_INT = sys . maxint
2011-04-13 23:01:02 +04:00
2011-04-14 16:58:03 +04:00
# Parameters to be ignored in detection phase (upper case)
IGNORE_PARAMETERS = ( " __VIEWSTATE " , " __EVENTARGUMENT " , " __EVENTTARGET " , " __EVENTVALIDATION " , " ASPSESSIONID " , " ASP.NET_SESSIONID " , " JSESSIONID " , " CFID " , " CFTOKEN " )
2011-04-22 23:58:10 +04:00
# Turn off resume console info to avoid potential slowdowns
TURN_OFF_RESUME_INFO_LIMIT = 20
2011-05-16 02:21:38 +04:00
# Strftime format for results file used in multiple target mode
2011-05-22 11:02:36 +04:00
RESULTS_FILE_FORMAT = ' results- % m %d % Y_ % I % M % p.csv '
2011-05-18 03:03:31 +04:00
# Official web page with the list of Python supported codecs
CODECS_LIST_PAGE = ' http://docs.python.org/library/codecs.html#standard-encodings '
2011-05-19 20:45:05 +04:00
# Simple regular expression used to distinguish scalar from multiple-row commands (not sole condition)
SQL_SCALAR_REGEX = r " \ A(SELECT(?! \ s+DISTINCT \ (?))? \ s* \ w* \ ( "
2011-05-24 15:06:58 +04:00
# IP address of the localhost
LOCALHOST = " 127.0.0.1 "
2011-11-24 01:39:53 +04:00
# Default port used by Tor
DEFAULT_TOR_SOCKS_PORT = 9050
2011-05-27 00:48:18 +04:00
2011-12-14 14:19:45 +04:00
# Default ports used in Tor proxy bundles
DEFAULT_TOR_HTTP_PORTS = ( 8123 , 8118 )
2011-05-27 00:48:18 +04:00
# Percentage below which comparison engine could have problems
LOW_TEXT_PERCENT = 20
2011-05-28 21:34:43 +04:00
# These MySQL keywords can't go (alone) into versioned comment form (/*!...*/)
# Reference: http://dev.mysql.com/doc/refman/5.1/en/function-resolution.html
IGNORE_SPACE_AFFECTED_KEYWORDS = ( " CAST " , " COUNT " , " EXTRACT " , " GROUP_CONCAT " , " MAX " , " MID " , " MIN " , " SESSION_USER " , " SUBSTR " , " SUBSTRING " , " SUM " , " SYSTEM_USER " , " TRIM " )
2011-05-28 22:54:14 +04:00
2011-06-12 01:17:30 +04:00
LEGAL_DISCLAIMER = " usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user ' s responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program "
2011-05-30 13:46:32 +04:00
# After this number of misses reflective removal mechanism is turned off (for speed up reasons)
REFLECTIVE_MISS_THRESHOLD = 20
2011-06-11 03:18:43 +04:00
# Regular expression used for extracting HTML title
HTML_TITLE_REGEX = " <title>(?P<result>[^<]+)</title> "
2011-06-18 02:04:25 +04:00
2011-11-20 23:10:46 +04:00
# Table used for Base64 conversion in WordPress hash cracking routine
ITOA64 = ' ./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz '
2011-06-18 02:04:25 +04:00
# Chars used to quickly distinguish if the user provided tainted parameter values
2011-08-16 13:21:01 +04:00
DUMMY_SQL_INJECTION_CHARS = " ;() ' "
2011-06-21 02:41:38 +04:00
2012-01-07 21:16:14 +04:00
# Simple check against dummy users
DUMMY_USER_INJECTION = " (?i)[^ \ w](AND|OR) \ s+[^ \ s]+[=><] "
2011-06-21 02:41:38 +04:00
# Extensions skipped by crawler
CRAWL_EXCLUDE_EXTENSIONS = ( " gif " , " jpg " , " jar " , " tif " , " bmp " , " war " , " ear " , " mpg " , " wmv " , " mpeg " , " scm " , " iso " , " dmp " , " dll " , " cab " , " so " , " avi " , " bin " , " exe " , " iso " , " tar " , " png " , " pdf " , " ps " , " mp3 " , " zip " , " rar " , " gz " )
2011-07-04 23:58:41 +04:00
# Template used for common table existence check
BRUTE_TABLE_EXISTS_TEMPLATE = " EXISTS(SELECT %d FROM %s ) "
# Template used for common column existence check
BRUTE_COLUMN_EXISTS_TEMPLATE = " EXISTS(SELECT %s FROM %s ) "
2011-07-06 09:44:47 +04:00
# Payload used for checking of existence of IDS/WAF (dummier the better)
IDS_WAF_CHECK_PAYLOAD = " AND 1=1 UNION ALL SELECT 1,2,3,table_name FROM information_schema.tables "
2011-07-15 17:24:13 +04:00
# Used for status representation in dictionary attack phase
ROTATING_CHARS = ( ' \\ ' , ' | ' , ' | ' , ' / ' , ' - ' )
2011-07-23 23:04:59 +04:00
2011-07-24 13:19:33 +04:00
# Chunk length (in items) used by BigArray objects (only last chunk and cached one are held in memory)
2011-07-26 00:17:44 +04:00
BIGARRAY_CHUNK_LENGTH = 4096
2011-07-24 13:19:33 +04:00
# Only console display last n table rows
2011-10-26 18:31:00 +04:00
TRIM_STDOUT_DUMP_SIZE = 256
2011-08-03 13:08:16 +04:00
2011-11-22 16:18:24 +04:00
# Parse response headers only first couple of times
PARSE_HEADERS_LIMIT = 3
2011-08-03 13:08:16 +04:00
# Step used in ORDER BY technique used for finding the right number of columns in UNION query injections
ORDER_BY_STEP = 10
2011-08-16 10:50:20 +04:00
# Maximum number of times for revalidation of a character in time-based injections
MAX_TIME_REVALIDATION_STEPS = 5
2011-08-29 17:08:25 +04:00
# Characters that can be used to split parameter values in provided command line (e.g. in --tamper)
PARAMETER_SPLITTING_REGEX = r ' [,|;] '
2011-10-10 01:21:41 +04:00
# Regular expression describing possible union char value (e.g. used in --union-char)
UNION_CHAR_REGEX = r ' \ A \ w+ \ Z '
2011-10-25 13:53:44 +04:00
# Attribute used for storing original parameter value in special cases (e.g. POST)
2011-11-20 23:10:46 +04:00
UNENCODED_ORIGINAL_VALUE = ' original '
# Common column names containing usernames (used for hash cracking in some cases)
2011-11-22 01:31:08 +04:00
COMMON_USER_COLUMNS = ( ' user ' , ' username ' , ' user_name ' , ' benutzername ' , ' benutzer ' , ' utilisateur ' , ' usager ' , ' consommateur ' , ' utente ' , ' utilizzatore ' , ' usufrutuario ' , ' korisnik ' , ' usuario ' , ' consumidor ' )
# Default delimiter in GET/POST values
DEFAULT_GET_POST_DELIMITER = ' & '
# Default delimiter in cookie values
2011-11-22 14:54:29 +04:00
DEFAULT_COOKIE_DELIMITER = ' ; '
# Skip unforced HashDB flush requests below the threshold number of cached items
2011-11-22 15:04:43 +04:00
HASHDB_FLUSH_THRESHOLD = 32
2011-12-23 00:14:56 +04:00
2012-03-13 13:35:37 +04:00
# Unique milestone value used for forced deprecation of old HashDB values (e.g. when changing hash/pickle mechanism)
HASHDB_MILESTONE_VALUE = " EfjamfhMVw " # r4856
2012-03-13 02:55:57 +04:00
2011-12-23 00:14:56 +04:00
# Warn user of possible delay due to large page dump in full UNION query injections
LARGE_OUTPUT_THRESHOLD = 1024 * * 2
2011-12-23 00:42:57 +04:00
# On huge tables there is a considerable slowdown if every row retrieval requires ORDER BY (most noticable in table dumping using ERROR injections)
SLOW_ORDER_COUNT_THRESHOLD = 10000
2011-12-23 00:54:20 +04:00
# Give up on hash recognition if nothing was found in first given number of rows
HASH_RECOGNITION_QUIT_THRESHOLD = 10000
2011-12-28 19:59:30 +04:00
# Size of a buffer used for log file output
BUFFERED_LOG_SIZE = 10000