2013-02-14 15:32:17 +04:00
#!/usr/bin/env python
2008-10-15 19:38:22 +04:00
"""
2017-01-02 16:19:18 +03:00
Copyright ( c ) 2006 - 2017 sqlmap developers ( http : / / sqlmap . org / )
2017-10-11 15:50:46 +03:00
See the file ' LICENSE ' for copying permission
2008-10-15 19:38:22 +04:00
"""
2010-05-21 16:09:31 +04:00
import os
2016-09-29 16:59:28 +03:00
import random
2012-07-01 03:19:54 +04:00
import re
2009-06-11 19:01:48 +04:00
import subprocess
2012-07-01 03:19:54 +04:00
import string
2008-10-15 19:38:22 +04:00
import sys
2015-12-09 21:53:48 +03:00
import types
2008-10-15 19:38:22 +04:00
2015-12-09 21:53:48 +03:00
from lib . core . datatype import AttribDict
2011-01-15 18:14:22 +03:00
from lib . core . enums import DBMS
2012-02-16 13:32:47 +04:00
from lib . core . enums import DBMS_DIRECTORY_NAME
2013-05-09 16:26:29 +04:00
from lib . core . enums import OS
2010-10-19 12:55:14 +04:00
2016-03-17 18:38:39 +03:00
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
2017-10-10 17:14:39 +03:00
VERSION = " 1.1.10.9 "
2016-08-02 12:50:42 +03:00
TYPE = " dev " if VERSION . count ( ' . ' ) > 2 and VERSION . split ( ' . ' ) [ - 1 ] != ' 0 ' else " stable "
TYPE_COLORS = { " dev " : 33 , " stable " : 90 , " pip " : 34 }
2016-09-02 15:25:56 +03:00
VERSION_STRING = " sqlmap/ %s # %s " % ( ' . ' . join ( VERSION . split ( ' . ' ) [ : - 1 ] ) if VERSION . count ( ' . ' ) > 2 and VERSION . split ( ' . ' ) [ - 1 ] == ' 0 ' else VERSION , TYPE )
2011-04-30 17:20:05 +04:00
DESCRIPTION = " automatic SQL injection and database takeover tool "
2012-07-03 16:14:39 +04:00
SITE = " http://sqlmap.org "
2017-10-31 12:10:22 +03:00
DEV_EMAIL_ADDRESS = " dev@sqlmap.org "
2012-07-05 19:26:50 +04:00
ISSUES_PAGE = " https://github.com/sqlmapproject/sqlmap/issues/new "
2012-07-08 21:24:25 +04:00
GIT_REPOSITORY = " git://github.com/sqlmapproject/sqlmap.git "
2014-10-01 16:23:45 +04:00
GIT_PAGE = " https://github.com/sqlmapproject/sqlmap "
2008-10-15 19:38:22 +04:00
2014-08-20 00:19:22 +04:00
# colorful banner
2016-09-29 16:59:28 +03:00
BANNER = """ \033 [01;33m \
___
__H__
___ ___ [ . ] _____ ___ ___ \033 [ 01 ; 37 m { \033 [ 01 ; % dm % s \033 [ 01 ; 37 m } \033 [ 01 ; 33 m
| _ - | . [ . ] | . ' | . |
| ___ | _ [ . ] _ | _ | _ | __ , | _ |
| _ | V | _ | \033 [ 0 m \033 [ 4 ; 37 m % s \033 [ 0 m \n
2016-08-02 12:50:42 +03:00
""" % (TYPE_COLORS.get(TYPE, 31), VERSION_STRING.split( ' / ' )[-1], SITE)
2014-08-20 00:19:22 +04:00
2012-10-02 16:23:58 +04:00
# Minimum distance of ratio from kb.matchRatio to result in True
2011-04-30 17:20:05 +04:00
DIFF_TOLERANCE = 0.05
CONSTANT_RATIO = 0.9
2010-11-10 01:32:05 +03:00
2016-10-11 01:35:39 +03:00
# Ratio used in heuristic check for WAF/IPS/IDS protected targets
2015-01-06 16:01:47 +03:00
IDS_WAF_CHECK_RATIO = 0.5
2016-10-11 01:35:39 +03:00
# Timeout used in heuristic check for WAF/IPS/IDS protected targets
2015-09-21 14:23:56 +03:00
IDS_WAF_CHECK_TIMEOUT = 10
2012-10-02 16:23:58 +04:00
# Lower and upper values for match ratio in case of stable page
2011-01-03 11:32:06 +03:00
LOWER_RATIO_BOUND = 0.02
UPPER_RATIO_BOUND = 0.98
2012-10-02 16:23:58 +04:00
# Markers for special cases when parameter values contain html encoded characters
2012-02-14 18:08:10 +04:00
PARAMETER_AMP_MARKER = " __AMP__ "
PARAMETER_SEMICOLON_MARKER = " __SEMICOLON__ "
2015-06-16 23:20:21 +03:00
BOUNDARY_BACKSLASH_MARKER = " __BACKSLASH__ "
2013-01-25 19:38:41 +04:00
PARTIAL_VALUE_MARKER = " __PARTIAL_VALUE__ "
PARTIAL_HEX_VALUE_MARKER = " __PARTIAL_HEX_VALUE__ "
2011-02-04 15:43:18 +03:00
URI_QUESTION_MARKER = " __QUESTION_MARK__ "
2012-11-14 18:54:24 +04:00
ASTERISK_MARKER = " __ASTERISK_MARK__ "
2013-02-13 15:24:42 +04:00
REPLACEMENT_MARKER = " __REPLACEMENT_MARK__ "
2016-04-29 15:19:32 +03:00
BOUNDED_INJECTION_MARKER = " __BOUNDED_INJECTION_MARK__ "
2017-10-10 17:08:13 +03:00
SAFE_VARIABLE_MARKER = " __SAFE__ "
2011-02-04 15:43:18 +03:00
2016-01-09 19:32:19 +03:00
RANDOM_INTEGER_MARKER = " [RANDINT] "
RANDOM_STRING_MARKER = " [RANDSTR] "
2016-09-27 11:32:22 +03:00
SLEEP_TIME_MARKER = " [SLEEPTIME] "
2017-09-21 15:35:24 +03:00
INFERENCE_MARKER = " [INFERENCE] "
2016-01-09 19:32:19 +03:00
2013-10-18 01:42:51 +04:00
PAYLOAD_DELIMITER = " __PAYLOAD_DELIMITER__ "
2010-12-10 14:32:46 +03:00
CHAR_INFERENCE_MARK = " %c "
2013-02-04 18:49:29 +04:00
PRINTABLE_CHAR_REGEX = r " [^ \ x00- \ x1f \ x7f- \ xff] "
2010-12-11 13:52:04 +03:00
2016-05-31 12:08:23 +03:00
# Regular expression used for extraction of table names (useful for (e.g.) MsAccess)
2016-09-09 10:45:48 +03:00
SELECT_FROM_TABLE_REGEX = r " \ bSELECT .+? FROM (?P<result>([ \ w.]|`[^`<>]+`)+) "
2016-05-31 12:08:23 +03:00
2014-08-21 01:42:40 +04:00
# Regular expression used for recognition of textual content-type
TEXT_CONTENT_TYPE_REGEX = r " (?i)(text|form|message|xml|javascript|ecmascript|json) "
2012-10-02 16:23:58 +04:00
# Regular expression used for recognition of generic permission messages
2012-10-02 15:36:15 +04:00
PERMISSION_DENIED_REGEX = r " (command|permission|access) \ s*(was|is)? \ s*denied "
2012-10-02 16:23:58 +04:00
# Regular expression used for recognition of generic maximum connection messages
2012-10-02 15:36:15 +04:00
MAX_CONNECTIONS_REGEX = r " max.+connections "
2016-10-02 12:13:40 +03:00
# Maximum consecutive connection errors before asking the user if he wants to continue
MAX_CONSECUTIVE_CONNECTION_ERRORS = 15
2016-07-15 01:33:33 +03:00
# Timeout before the pre-connection candidate is being disposed (because of high probability that the web server will reset it)
PRECONNECT_CANDIDATE_TIMEOUT = 10
2016-09-27 15:03:59 +03:00
# Maximum sleep time in "Murphy" (testing) mode
MAX_MURPHY_SLEEP_TIME = 3
2013-11-25 23:57:07 +04:00
# Regular expression used for extracting results from Google search
2015-11-08 18:37:46 +03:00
GOOGLE_REGEX = r " webcache \ .googleusercontent \ .com/search \ ?q=cache:[^:]+:([^+]+) \ +&cd=|url \ ? \ w+=((?![^>]+webcache \ .googleusercontent \ .com)http[^>]+)&(sa=U|rct=j) "
2012-04-11 01:48:34 +04:00
2013-11-25 23:57:07 +04:00
# Regular expression used for extracting results from DuckDuckGo search
DUCKDUCKGO_REGEX = r ' " u " : " ([^ " ]+) '
2017-10-09 15:25:08 +03:00
# Regular expression used for extracting results from Bing search
BING_REGEX = r ' <h2><a href= " ([^ " ]+) " h= '
2015-08-31 11:24:05 +03:00
# Dummy user agent for search (if default one returns different results)
2016-10-21 14:05:45 +03:00
DUMMY_SEARCH_USER_AGENT = " Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0 "
2015-08-31 11:24:05 +03:00
2012-10-02 16:23:58 +04:00
# Regular expression used for extracting content from "textual" tags
2012-04-11 01:48:34 +04:00
TEXT_TAG_REGEX = r " (?si)<(abbr|acronym|b|blockquote|br|center|cite|code|dt|em|font|h \ d|i|li|p|pre|q|strong|sub|sup|td|th|title|tt|u)(?! \ w).*?>(?P<result>[^<]+) "
2012-02-20 14:02:19 +04:00
2013-05-09 16:26:29 +04:00
# Regular expression used for recognition of IP addresses
2017-02-28 16:00:42 +03:00
IP_ADDRESS_REGEX = r " \ b(([0-9]|[1-9][0-9]|1[0-9] {2} |2[0-4][0-9]|25[0-5]) \ .) {3} ([0-9]|[1-9][0-9]|1[0-9] {2} |2[0-4][0-9]|25[0-5]) \ b "
2013-05-09 16:26:29 +04:00
2014-12-03 12:06:21 +03:00
# Regular expression used for recognition of generic "your ip has been blocked" messages
BLOCKED_IP_REGEX = r " (?i)( \ A| \ b)ip \ b.* \ b(banned|blocked|block list|firewall) "
2012-10-02 16:23:58 +04:00
# Dumping characters used in GROUP_CONCAT MySQL technique
2011-04-30 17:20:05 +04:00
CONCAT_ROW_DELIMITER = ' , '
CONCAT_VALUE_DELIMITER = ' | '
2011-02-15 03:28:27 +03:00
2012-10-02 16:23:58 +04:00
# Coefficient used for a time-based query delay checking (must be >= 7)
2011-08-12 21:19:19 +04:00
TIME_STDEV_COEFF = 7
2011-01-16 20:52:42 +03:00
2013-01-30 00:06:02 +04:00
# Minimum response time that can be even considered as delayed (not a complete requirement)
MIN_VALID_DELAYED_RESPONSE = 0.5
2012-10-02 16:23:58 +04:00
# Standard deviation after which a warning message should be displayed about connection lags
2011-04-19 14:37:20 +04:00
WARN_TIME_STDEV = 0.5
2012-10-02 16:23:58 +04:00
# Minimum length of usable union injected response (quick defense against substr fields)
2011-03-31 13:35:09 +04:00
UNION_MIN_RESPONSE_CHARS = 10
2012-10-02 16:23:58 +04:00
# Coefficient used for a union-based number of columns checking (must be >= 7)
2011-02-02 14:22:35 +03:00
UNION_STDEV_COEFF = 7
2012-10-02 16:23:58 +04:00
# Length of queue for candidates for time delay adjustment
2011-01-16 20:52:42 +03:00
TIME_DELAY_CANDIDATES = 3
2012-10-02 16:23:58 +04:00
# Default value for HTTP Accept header
2016-09-29 11:44:00 +03:00
HTTP_ACCEPT_HEADER_VALUE = " */* "
2011-07-06 09:44:47 +04:00
2012-10-02 16:23:58 +04:00
# Default value for HTTP Accept-Encoding header
2012-07-23 16:14:22 +04:00
HTTP_ACCEPT_ENCODING_HEADER_VALUE = " gzip,deflate "
2013-03-19 22:24:14 +04:00
# Default timeout for running commands over backdoor
BACKDOOR_RUN_CMD_TIMEOUT = 5
2011-02-22 16:00:58 +03:00
2016-05-17 14:54:42 +03:00
# Number of seconds to wait for thread finalization at program end
THREAD_FINALIZATION_TIMEOUT = 1
2012-10-02 16:23:58 +04:00
# Maximum number of techniques used in inject.py/getValue() per one value
2010-12-21 18:26:23 +03:00
MAX_TECHNIQUES_PER_VALUE = 2
2010-12-21 18:24:14 +03:00
2013-12-27 12:40:33 +04:00
# In case of missing piece of partial union dump, buffered array must be flushed after certain size
MAX_BUFFERED_PARTIAL_UNION_LENGTH = 1024
2012-10-02 16:23:58 +04:00
# Suffix used for naming meta databases in DBMS(es) without explicit database name
2011-01-16 20:52:42 +03:00
METADB_SUFFIX = " _masterdb "
2010-12-12 01:13:19 +03:00
2016-03-17 18:23:28 +03:00
# Number of times to retry the pushValue during the exceptions (e.g. KeyboardInterrupt)
PUSH_VALUE_EXCEPTION_RETRY_COUNT = 3
2012-10-02 16:23:58 +04:00
# Minimum time response set needed for time-comparison based on standard deviation
2014-03-03 23:49:58 +04:00
MIN_TIME_RESPONSES = 30
2010-12-08 15:49:26 +03:00
2012-10-02 16:23:58 +04:00
# Minimum comparison ratio set needed for searching valid union column number based on standard deviation
2011-02-02 16:03:24 +03:00
MIN_UNION_RESPONSES = 5
2012-10-02 16:23:58 +04:00
# After these number of blanks at the end inference should stop (just in case)
2012-01-30 14:19:03 +04:00
INFERENCE_BLANK_BREAK = 10
2010-12-11 13:52:04 +03:00
2012-10-02 16:23:58 +04:00
# Use this replacement character for cases when inference is not able to retrieve the proper character value
2011-01-17 13:15:19 +03:00
INFERENCE_UNKNOWN_CHAR = ' ? '
2012-10-02 16:23:58 +04:00
# Character used for operation "greater" in inference
2011-01-31 18:00:41 +03:00
INFERENCE_GREATER_CHAR = " > "
2017-09-21 15:35:24 +03:00
# Character used for operation "greater or equal" in inference
INFERENCE_GREATER_EQUALS_CHAR = " >= "
2012-10-02 16:23:58 +04:00
# Character used for operation "equals" in inference
2011-01-31 18:00:41 +03:00
INFERENCE_EQUALS_CHAR = " = "
2012-10-02 16:23:58 +04:00
# Character used for operation "not-equals" in inference
2011-01-31 19:07:23 +03:00
INFERENCE_NOT_EQUALS_CHAR = " != "
2015-02-21 15:57:49 +03:00
# String used for representation of unknown DBMS
2013-01-25 15:34:57 +04:00
UNKNOWN_DBMS = " Unknown "
2015-02-21 15:57:49 +03:00
# String used for representation of unknown DBMS version
2010-12-21 18:13:13 +03:00
UNKNOWN_DBMS_VERSION = " Unknown "
2012-10-02 16:23:58 +04:00
# Dynamicity mark length used in dynamicity removal engine
2010-12-24 14:06:57 +03:00
DYNAMICITY_MARK_LENGTH = 32
2012-10-02 16:23:58 +04:00
# Dummy user prefix used in dictionary attack
2011-01-17 13:23:37 +03:00
DUMMY_USER_PREFIX = " __dummy__ "
# Reference: http://en.wikipedia.org/wiki/ISO/IEC_8859-1
DEFAULT_PAGE_ENCODING = " iso-8859-1 "
2010-12-27 13:56:28 +03:00
2013-02-28 23:20:08 +04:00
# URL used in dummy runs
DUMMY_URL = " http://foo/bar?id=1 "
2009-04-22 15:48:07 +04:00
# System variables
2011-04-30 17:20:05 +04:00
IS_WIN = subprocess . mswindows
2012-10-02 16:23:58 +04:00
# The name of the operating system dependent module imported. The following names have currently been registered: 'posix', 'nt', 'mac', 'os2', 'ce', 'java', 'riscos'
2011-04-30 17:20:05 +04:00
PLATFORM = os . name
PYVERSION = sys . version . split ( ) [ 0 ]
2009-04-22 15:48:07 +04:00
2013-08-20 20:36:31 +04:00
# DBMS system databases
2013-01-09 18:38:41 +04:00
MSSQL_SYSTEM_DBS = ( " Northwind " , " master " , " model " , " msdb " , " pubs " , " tempdb " )
2016-10-05 18:33:24 +03:00
MYSQL_SYSTEM_DBS = ( " information_schema " , " mysql " , " performance_schema " )
2016-10-05 18:58:35 +03:00
PGSQL_SYSTEM_DBS = ( " information_schema " , " pg_catalog " , " pg_toast " , " pgagent " )
ORACLE_SYSTEM_DBS = ( " ANONYMOUS " , " APEX_PUBLIC_USER " , " CTXSYS " , " DBSNMP " , " DIP " , " EXFSYS " , " FLOWS_ % " , " FLOWS_FILES " , " LBACSYS " , " MDDATA " , " MDSYS " , " MGMT_VIEW " , " OLAPSYS " , " ORACLE_OCM " , " ORDDATA " , " ORDPLUGINS " , " ORDSYS " , " OUTLN " , " OWBSYS " , " SI_INFORMTN_SCHEMA " , " SPATIAL_CSW_ADMIN_USR " , " SPATIAL_WFS_ADMIN_USR " , " SYS " , " SYSMAN " , " SYSTEM " , " WKPROXY " , " WKSYS " , " WK_TEST " , " WMSYS " , " XDB " , " XS$NULL " ) # Reference: https://blog.vishalgupta.com/2011/06/19/predefined-oracle-system-schemas/
2013-01-09 18:38:41 +04:00
SQLITE_SYSTEM_DBS = ( " sqlite_master " , " sqlite_temp_master " )
2016-10-05 18:58:35 +03:00
ACCESS_SYSTEM_DBS = ( " MSysAccessObjects " , " MSysACEs " , " MSysObjects " , " MSysQueries " , " MSysRelationships " , " MSysAccessStorage " , " MSysAccessXML " , " MSysModules " , " MSysModules2 " )
FIREBIRD_SYSTEM_DBS = ( " RDB$BACKUP_HISTORY " , " RDB$CHARACTER_SETS " , " RDB$CHECK_CONSTRAINTS " , " RDB$COLLATIONS " , " RDB$DATABASE " , " RDB$DEPENDENCIES " , " RDB$EXCEPTIONS " , " RDB$FIELDS " , " RDB$FIELD_DIMENSIONS " , " RDB$FILES " , " RDB$FILTERS " , " RDB$FORMATS " , " RDB$FUNCTIONS " , " RDB$FUNCTION_ARGUMENTS " , " RDB$GENERATORS " , " RDB$INDEX_SEGMENTS " , " RDB$INDICES " , " RDB$LOG_FILES " , " RDB$PAGES " , " RDB$PROCEDURES " , " RDB$PROCEDURE_PARAMETERS " , " RDB$REF_CONSTRAINTS " , " RDB$RELATIONS " , " RDB$RELATION_CONSTRAINTS " , " RDB$RELATION_FIELDS " , " RDB$ROLES " , " RDB$SECURITY_CLASSES " , " RDB$TRANSACTIONS " , " RDB$TRIGGERS " , " RDB$TRIGGER_MESSAGES " , " RDB$TYPES " , " RDB$USER_PRIVILEGES " , " RDB$VIEW_RELATIONS " )
2013-01-09 18:38:41 +04:00
MAXDB_SYSTEM_DBS = ( " SYSINFO " , " DOMAIN " )
SYBASE_SYSTEM_DBS = ( " master " , " model " , " sybsystemdb " , " sybsystemprocs " )
2016-10-05 18:58:35 +03:00
DB2_SYSTEM_DBS = ( " NULLID " , " SQLJ " , " SYSCAT " , " SYSFUN " , " SYSIBM " , " SYSIBMADM " , " SYSIBMINTERNAL " , " SYSIBMTS " , " SYSPROC " , " SYSPUBLIC " , " SYSSTAT " , " SYSTOOLS " )
2013-07-01 13:57:47 +04:00
HSQLDB_SYSTEM_DBS = ( " INFORMATION_SCHEMA " , " SYSTEM_LOB " )
2016-09-23 13:31:28 +03:00
INFORMIX_SYSTEM_DBS = ( " sysmaster " , " sysutils " , " sysuser " , " sysadmin " )
2013-01-09 18:38:41 +04:00
MSSQL_ALIASES = ( " microsoft sql server " , " mssqlserver " , " mssql " , " ms " )
2016-10-04 12:55:16 +03:00
MYSQL_ALIASES = ( " mysql " , " my " , " mariadb " , " maria " )
2013-01-09 18:38:41 +04:00
PGSQL_ALIASES = ( " postgresql " , " postgres " , " pgsql " , " psql " , " pg " )
ORACLE_ALIASES = ( " oracle " , " orcl " , " ora " , " or " )
SQLITE_ALIASES = ( " sqlite " , " sqlite3 " )
ACCESS_ALIASES = ( " msaccess " , " access " , " jet " , " microsoft access " )
FIREBIRD_ALIASES = ( " firebird " , " mozilla firebird " , " interbase " , " ibase " , " fb " )
MAXDB_ALIASES = ( " maxdb " , " sap maxdb " , " sap db " )
SYBASE_ALIASES = ( " sybase " , " sybase sql server " )
DB2_ALIASES = ( " db2 " , " ibm db2 " , " ibmdb2 " )
2013-07-01 13:57:47 +04:00
HSQLDB_ALIASES = ( " hsql " , " hsqldb " , " hs " , " hypersql " )
2016-09-23 13:31:28 +03:00
INFORMIX_ALIASES = ( " informix " , " ibm informix " , " ibminformix " )
2011-04-30 17:20:05 +04:00
2012-02-16 13:32:47 +04:00
DBMS_DIRECTORY_DICT = dict ( ( getattr ( DBMS , _ ) , getattr ( DBMS_DIRECTORY_NAME , _ ) ) for _ in dir ( DBMS ) if not _ . startswith ( " _ " ) )
2016-09-23 13:31:28 +03:00
SUPPORTED_DBMS = MSSQL_ALIASES + MYSQL_ALIASES + PGSQL_ALIASES + ORACLE_ALIASES + SQLITE_ALIASES + ACCESS_ALIASES + FIREBIRD_ALIASES + MAXDB_ALIASES + SYBASE_ALIASES + DB2_ALIASES + HSQLDB_ALIASES + INFORMIX_ALIASES
2013-01-09 18:38:41 +04:00
SUPPORTED_OS = ( " linux " , " windows " )
2009-02-09 13:28:03 +03:00
2014-08-30 23:37:38 +04:00
DBMS_ALIASES = ( ( DBMS . MSSQL , MSSQL_ALIASES ) , ( DBMS . MYSQL , MYSQL_ALIASES ) , ( DBMS . PGSQL , PGSQL_ALIASES ) , ( DBMS . ORACLE , ORACLE_ALIASES ) , ( DBMS . SQLITE , SQLITE_ALIASES ) , ( DBMS . ACCESS , ACCESS_ALIASES ) , ( DBMS . FIREBIRD , FIREBIRD_ALIASES ) , ( DBMS . MAXDB , MAXDB_ALIASES ) , ( DBMS . SYBASE , SYBASE_ALIASES ) , ( DBMS . DB2 , DB2_ALIASES ) , ( DBMS . HSQLDB , HSQLDB_ALIASES ) )
2014-08-30 23:34:23 +04:00
2013-01-09 18:38:41 +04:00
USER_AGENT_ALIASES = ( " ua " , " useragent " , " user-agent " )
REFERER_ALIASES = ( " ref " , " referer " , " referrer " )
HOST_ALIASES = ( " host " , )
2011-02-14 00:58:48 +03:00
2015-10-09 17:52:13 +03:00
HSQLDB_DEFAULT_SCHEMA = " PUBLIC "
2015-01-22 10:52:15 +03:00
# Names that can't be used to name files on Windows OS
WINDOWS_RESERVED_NAMES = ( " CON " , " PRN " , " AUX " , " NUL " , " COM1 " , " COM2 " , " COM3 " , " COM4 " , " COM5 " , " COM6 " , " COM7 " , " COM8 " , " COM9 " , " LPT1 " , " LPT2 " , " LPT3 " , " LPT4 " , " LPT5 " , " LPT6 " , " LPT7 " , " LPT8 " , " LPT9 " )
2012-10-02 16:23:58 +04:00
# Items displayed in basic help (-h) output
2012-07-03 14:09:18 +04:00
BASIC_HELP_ITEMS = (
2016-10-21 14:05:45 +03:00
" url " ,
" googleDork " ,
" data " ,
" cookie " ,
" randomAgent " ,
" proxy " ,
" testParameter " ,
" dbms " ,
" level " ,
" risk " ,
" tech " ,
" getAll " ,
" getBanner " ,
" getCurrentUser " ,
" getCurrentDb " ,
" getPasswordHashes " ,
" getTables " ,
" getColumns " ,
" getSchema " ,
" dumpTable " ,
" dumpAll " ,
" db " ,
" tbl " ,
" col " ,
" osShell " ,
" osPwn " ,
" batch " ,
" checkTor " ,
" flushSession " ,
" tor " ,
" sqlmapShell " ,
" wizard " ,
)
2012-07-03 14:09:18 +04:00
2012-10-02 16:23:58 +04:00
# String representation for NULL value
2012-02-07 14:46:55 +04:00
NULL = " NULL "
2012-10-02 16:23:58 +04:00
# String representation for blank ('') value
2012-03-14 17:52:23 +04:00
BLANK = " <blank> "
2012-10-02 16:23:58 +04:00
# String representation for current database
2012-02-16 18:42:28 +04:00
CURRENT_DB = " CD "
2016-05-25 16:29:25 +03:00
# Regular expressions used for finding file paths in error messages
2017-06-29 15:26:25 +03:00
FILE_PATH_REGEXES = ( r " <b>(?P<result>[^<>]+?)</b> on line \ d+ " , r " (?P<result>[^<> ' \" ]+?)[ ' \" ]? on line \ d+ " , r " (?:[>( \ [ \ s])(?P<result>[A-Za-z]:[ \\ /][ \ w. \\ /-]*) " , r " (?:[>( \ [ \ s])(?P<result>/ \ w[/ \ w.-]+) " , r " href=[ ' \" ]file://(?P<result>/[^ ' \" ]+) " )
2016-05-25 16:29:25 +03:00
2011-03-29 16:08:07 +04:00
# Regular expressions used for parsing error messages (--parse-errors)
2012-02-22 14:40:11 +04:00
ERROR_PARSING_REGEXES = (
2016-10-21 14:05:45 +03:00
r " <b>[^<]*(fatal|error|warning|exception)[^<]*</b>:? \ s*(?P<result>.+?)<br \ s*/? \ s*> " ,
r " (?m)^(fatal|error|warning|exception):? \ s*(?P<result>[^ \ n]+?)$ " ,
r " (?P<result>[^ \ n>]*SQL Syntax[^ \ n<]+) " ,
r " <li>Error Type:<br>(?P<result>.+?)</li> " ,
2017-02-04 01:04:38 +03:00
r " CDbCommand (?P<result>[^<> \ n]*SQL[^<> \ n]+) " ,
2016-10-21 14:05:45 +03:00
r " error ' [0-9a-f] {8} ' ((<[^>]+>)| \ s)+(?P<result>[^<>]+) " ,
r " \ [[^ \ n \ ]]+(ODBC|JDBC)[^ \ n \ ]]+ \ ]( \ [[^ \ ]]+ \ ])?(?P<result>[^ \ n]+(in query expression| \ (SQL| at /[^ ]+pdo)[^ \ n<]+) "
)
2011-01-04 18:49:20 +03:00
2011-03-29 16:08:07 +04:00
# Regular expression used for parsing charset info from meta html headers
2014-08-20 16:02:04 +04:00
META_CHARSET_REGEX = r ' (?si)<head>.*<meta[^>]+charset= " ?(?P<result>[^ " > ]+).*</head> '
2011-01-15 18:56:11 +03:00
2011-03-29 18:16:28 +04:00
# Regular expression used for parsing refresh info from meta html headers
2015-05-01 01:48:08 +03:00
META_REFRESH_REGEX = r ' (?si)<head>(?!.*?<noscript.*?</head).*?<meta http-equiv= " ?refresh " ?[^>]+content= " ?[^ " >]+url=[ " \' ]?(?P<result>[^ \' " >]+).*</head> '
2011-03-29 18:16:28 +04:00
2011-03-29 16:08:07 +04:00
# Regular expression used for parsing empty fields in tested form data
2012-10-19 13:02:14 +04:00
EMPTY_FORM_FIELDS_REGEX = r ' (&| \ A)(?P<result>[^=]+=(&| \ Z)) '
2011-03-29 02:48:00 +04:00
2011-01-17 12:28:25 +03:00
# Reference: http://www.cs.ru.nl/bachelorscripties/2010/Martin_Devillers___0437999___Analyzing_password_strength.pdf
2011-11-21 00:14:47 +04:00
COMMON_PASSWORD_SUFFIXES = ( " 1 " , " 123 " , " 2 " , " 12 " , " 3 " , " 13 " , " 7 " , " 11 " , " 5 " , " 22 " , " 23 " , " 01 " , " 4 " , " 07 " , " 21 " , " 14 " , " 10 " , " 06 " , " 08 " , " 8 " , " 15 " , " 69 " , " 16 " , " 6 " , " 18 " )
2011-01-17 12:28:25 +03:00
2011-01-15 18:56:11 +03:00
# Reference: http://www.the-interweb.com/serendipity/index.php?/archives/94-A-brief-analysis-of-40,000-leaked-MySpace-passwords.html
2013-01-10 16:18:44 +04:00
COMMON_PASSWORD_SUFFIXES + = ( " ! " , " . " , " * " , " !! " , " ? " , " ; " , " .. " , " !!! " , " , " , " @ " )
2011-01-20 19:07:08 +03:00
# Splitter used between requests in WebScarab log files
WEBSCARAB_SPLITTER = " ### Conversation "
# Splitter used between requests in BURP log files
2012-04-11 02:20:53 +04:00
BURP_REQUEST_REGEX = r " = { 10,} \ s+[^=]+= { 10,} \ s(.+?) \ s= { 10,} "
2011-01-27 19:55:58 +03:00
2013-11-08 12:23:38 +04:00
# Regex used for parsing XML Burp saved history items
2014-04-03 11:46:37 +04:00
BURP_XML_HISTORY_REGEX = r ' <port>( \ d+)</port>.+?<request base64= " true " ><! \ [CDATA \ [([^]]+) '
2013-11-08 12:23:38 +04:00
2011-01-30 14:36:03 +03:00
# Encoding used for Unicode data
UNICODE_ENCODING = " utf8 "
2011-01-31 15:41:39 +03:00
# Reference: http://www.w3.org/Protocols/HTTP/Object_Headers.html#uri
URI_HTTP_HEADER = " URI "
2011-01-31 23:36:01 +03:00
# Uri format which could be injectable (e.g. www.site.com/id82)
2012-01-06 04:06:38 +04:00
URI_INJECTABLE_REGEX = r " //[^/]*/([^ \ .*?]+) \ Z "
2011-02-02 13:10:28 +03:00
2011-02-02 17:25:16 +03:00
# Regex used for masking sensitive data
2011-03-02 13:09:17 +03:00
SENSITIVE_DATA_REGEX = " ( \ s|=)(?P<result>[^ \ s=]* %s [^ \ s]*) \ s "
2011-02-02 17:25:16 +03:00
2016-11-09 13:29:08 +03:00
# Options to explicitly mask in anonymous (unhandled exception) reports (along with anything carrying the <hostname> inside)
SENSITIVE_OPTIONS = ( " hostname " , " data " , " dnsDomain " , " googleDork " , " authCred " , " proxyCred " , " tbl " , " db " , " col " , " user " , " cookie " , " proxy " , " rFile " , " wFile " , " dFile " , " testParameter " , " authCred " )
2011-02-02 13:10:28 +03:00
# Maximum number of threads (avoiding connection issues and/or DoS)
MAX_NUMBER_OF_THREADS = 10
2011-02-03 19:59:49 +03:00
# Minimum range between minimum and maximum of statistical set
MIN_STATISTICAL_RANGE = 0.01
2011-02-04 02:25:56 +03:00
# Minimum value for comparison ratio
MIN_RATIO = 0.0
# Maximum value for comparison ratio
MAX_RATIO = 1.0
2011-02-04 15:25:14 +03:00
2017-02-06 15:28:33 +03:00
# Minimum length of sentence for automatic choosing of --string (in case of high matching ratio)
CANDIDATE_SENTENCE_MIN_LENGTH = 10
2012-04-17 12:41:19 +04:00
# Character used for marking injectable position inside provided data
CUSTOM_INJECTION_MARK_CHAR = ' * '
2011-02-04 20:40:55 +03:00
2012-11-28 14:41:39 +04:00
# Other way to declare injection position
2017-07-20 03:41:47 +03:00
INJECT_HERE_REGEX = ' (?i) % INJECT[_ ]?HERE % '
2012-11-28 14:41:39 +04:00
2015-08-26 16:26:16 +03:00
# Minimum chunk length used for retrieving data over error based payloads
MIN_ERROR_CHUNK_LENGTH = 8
2011-02-07 01:32:44 +03:00
2015-08-26 16:26:16 +03:00
# Maximum chunk length used for retrieving data over error based payloads
MAX_ERROR_CHUNK_LENGTH = 1024
2011-05-03 17:25:20 +04:00
2013-01-18 18:40:37 +04:00
# Do not escape the injected statement if it contains any of the following SQL keywords
2011-07-04 23:58:41 +04:00
EXCLUDE_UNESCAPE = ( " WAITFOR DELAY " , " INTO DUMPFILE " , " INTO OUTFILE " , " CREATE " , " BULK " , " EXEC " , " RECONFIGURE " , " DECLARE " , " ' %s ' " % CHAR_INFERENCE_MARK )
2011-02-24 19:52:46 +03:00
# Mark used for replacement of reflected values
2012-03-29 16:44:20 +04:00
REFLECTED_VALUE_MARKER = " __REFLECTED_VALUE__ "
2012-04-12 01:26:00 +04:00
# Regular expression used for replacing border non-alphanum characters
REFLECTED_BORDER_REGEX = r " [^A-Za-z]+ "
2012-03-28 23:27:12 +04:00
# Regular expression used for replacing non-alphanum characters
2014-08-22 15:06:53 +04:00
REFLECTED_REPLACEMENT_REGEX = r " .+ "
2011-03-09 12:36:56 +03:00
2017-04-11 14:34:40 +03:00
# Maximum time (in seconds) spent per reflective value(s) replacement
REFLECTED_REPLACEMENT_TIMEOUT = 3
2011-07-13 03:21:15 +04:00
# Maximum number of alpha-numerical parts in reflected regex (for speed purposes)
REFLECTED_MAX_REGEX_PARTS = 10
2011-04-13 15:25:42 +04:00
# Chars which can be used as a failsafe values in case of too long URL encoding value
2012-03-29 16:44:20 +04:00
URLENCODE_FAILSAFE_CHARS = " ()|, "
2011-03-09 12:36:56 +03:00
2013-04-09 13:48:42 +04:00
# Maximum length of URL encoded value after which failsafe procedure takes away
2011-04-11 02:57:17 +04:00
URLENCODE_CHAR_LIMIT = 2000
2011-03-27 11:58:15 +04:00
2011-04-13 15:25:42 +04:00
# Default schema for Microsoft SQL Server DBMS
2012-03-29 16:44:20 +04:00
DEFAULT_MSSQL_SCHEMA = " dbo "
2011-03-29 16:08:07 +04:00
2011-04-13 15:25:42 +04:00
# Display hash attack info every mod number of items
2011-11-02 10:53:43 +04:00
HASH_MOD_ITEM_DISPLAY = 11
2011-04-11 15:59:02 +04:00
2011-04-13 15:25:42 +04:00
# Maximum integer value
2011-04-11 15:59:02 +04:00
MAX_INT = sys . maxint
2011-04-13 23:01:02 +04:00
2013-04-10 21:33:31 +04:00
# Options that need to be restored in multiple targets run mode
2016-10-22 22:52:18 +03:00
RESTORE_MERGED_OPTIONS = ( " col " , " db " , " dnsDomain " , " privEsc " , " tbl " , " regexp " , " string " , " textOnly " , " threads " , " timeSec " , " tmpPath " , " uChar " , " user " )
2013-04-10 21:33:31 +04:00
2011-04-14 16:58:03 +04:00
# Parameters to be ignored in detection phase (upper case)
2016-10-19 14:07:25 +03:00
IGNORE_PARAMETERS = ( " __VIEWSTATE " , " __VIEWSTATEENCRYPTED " , " __VIEWSTATEGENERATOR " , " __EVENTARGUMENT " , " __EVENTTARGET " , " __EVENTVALIDATION " , " ASPSESSIONID " , " ASP.NET_SESSIONID " , " JSESSIONID " , " CFID " , " CFTOKEN " )
2011-04-22 23:58:10 +04:00
2012-10-19 13:02:14 +04:00
# Regular expression used for recognition of ASP.NET control parameters
ASP_NET_CONTROL_REGEX = r " (?i) \ Actl \ d+ \ $ "
2013-12-04 12:56:37 +04:00
# Prefix for Google analytics cookie names
GOOGLE_ANALYTICS_COOKIE_PREFIX = " __UTM "
2014-04-25 11:17:10 +04:00
# Prefix for configuration overriding environment variables
SQLMAP_ENVIRONMENT_PREFIX = " SQLMAP_ "
2011-04-22 23:58:10 +04:00
# Turn off resume console info to avoid potential slowdowns
TURN_OFF_RESUME_INFO_LIMIT = 20
2011-05-16 02:21:38 +04:00
# Strftime format for results file used in multiple target mode
2012-03-29 16:44:20 +04:00
RESULTS_FILE_FORMAT = " results- % m %d % Y_ % I % M % p.csv "
2011-05-18 03:03:31 +04:00
# Official web page with the list of Python supported codecs
2012-03-29 16:44:20 +04:00
CODECS_LIST_PAGE = " http://docs.python.org/library/codecs.html#standard-encodings "
2011-05-19 20:45:05 +04:00
# Simple regular expression used to distinguish scalar from multiple-row commands (not sole condition)
SQL_SCALAR_REGEX = r " \ A(SELECT(?! \ s+DISTINCT \ (?))? \ s* \ w* \ ( "
2011-05-24 15:06:58 +04:00
2015-08-13 18:21:36 +03:00
# Option/switch values to ignore during configuration save
2015-08-14 23:49:32 +03:00
IGNORE_SAVE_OPTIONS = ( " saveConfig " , )
2015-08-13 18:21:36 +03:00
2011-05-24 15:06:58 +04:00
# IP address of the localhost
LOCALHOST = " 127.0.0.1 "
2016-10-10 15:19:44 +03:00
# Default SOCKS ports used by Tor
DEFAULT_TOR_SOCKS_PORTS = ( 9050 , 9150 )
2011-05-27 00:48:18 +04:00
2016-10-10 15:19:44 +03:00
# Default HTTP ports used by Tor
2011-12-14 14:19:45 +04:00
DEFAULT_TOR_HTTP_PORTS = ( 8123 , 8118 )
2011-05-27 00:48:18 +04:00
# Percentage below which comparison engine could have problems
LOW_TEXT_PERCENT = 20
2011-05-28 21:34:43 +04:00
# These MySQL keywords can't go (alone) into versioned comment form (/*!...*/)
# Reference: http://dev.mysql.com/doc/refman/5.1/en/function-resolution.html
IGNORE_SPACE_AFFECTED_KEYWORDS = ( " CAST " , " COUNT " , " EXTRACT " , " GROUP_CONCAT " , " MAX " , " MID " , " MIN " , " SESSION_USER " , " SUBSTR " , " SUBSTRING " , " SUM " , " SYSTEM_USER " , " TRIM " )
2011-05-28 22:54:14 +04:00
2017-07-05 13:35:48 +03:00
# Keywords expected to be in UPPERCASE in getValue()
GET_VALUE_UPPERCASE_KEYWORDS = ( " SELECT " , " FROM " , " WHERE " , " DISTINCT " , " COUNT " )
2012-07-17 01:50:29 +04:00
LEGAL_DISCLAIMER = " Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user ' s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program "
2011-05-30 13:46:32 +04:00
# After this number of misses reflective removal mechanism is turned off (for speed up reasons)
REFLECTIVE_MISS_THRESHOLD = 20
2011-06-11 03:18:43 +04:00
# Regular expression used for extracting HTML title
HTML_TITLE_REGEX = " <title>(?P<result>[^<]+)</title> "
2011-06-18 02:04:25 +04:00
2011-11-20 23:10:46 +04:00
# Table used for Base64 conversion in WordPress hash cracking routine
2012-03-29 16:44:20 +04:00
ITOA64 = " ./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz "
2011-11-20 23:10:46 +04:00
2015-12-09 21:53:48 +03:00
PICKLE_REDUCE_WHITELIST = ( types . BooleanType , types . DictType , types . FloatType , types . IntType , types . ListType , types . LongType , types . NoneType , types . StringType , types . TupleType , types . UnicodeType , types . XRangeType , type ( AttribDict ( ) ) , type ( set ( ) ) )
2011-06-18 02:04:25 +04:00
# Chars used to quickly distinguish if the user provided tainted parameter values
2011-08-16 13:21:01 +04:00
DUMMY_SQL_INJECTION_CHARS = " ;() ' "
2011-06-21 02:41:38 +04:00
2012-01-07 21:16:14 +04:00
# Simple check against dummy users
2014-12-20 02:23:31 +03:00
DUMMY_USER_INJECTION = r " (?i)[^ \ w](AND|OR) \ s+[^ \ s]+[=><]| \ bUNION \ b.+ \ bSELECT \ b| \ bSELECT \ b.+ \ bFROM \ b| \ b(CONCAT|information_schema|SLEEP|DELAY) \ b "
2012-01-07 21:16:14 +04:00
2011-06-21 02:41:38 +04:00
# Extensions skipped by crawler
2016-09-29 22:26:47 +03:00
CRAWL_EXCLUDE_EXTENSIONS = ( " 3ds " , " 3g2 " , " 3gp " , " 7z " , " DS_Store " , " a " , " aac " , " adp " , " ai " , " aif " , " aiff " , " apk " , " ar " , " asf " , " au " , " avi " , " bak " , " bin " , " bk " , " bmp " , " btif " , " bz2 " , " cab " , " caf " , " cgm " , " cmx " , " cpio " , " cr2 " , " dat " , " deb " , " djvu " , " dll " , " dmg " , " dmp " , " dng " , " doc " , " docx " , " dot " , " dotx " , " dra " , " dsk " , " dts " , " dtshd " , " dvb " , " dwg " , " dxf " , " ear " , " ecelp4800 " , " ecelp7470 " , " ecelp9600 " , " egg " , " eol " , " eot " , " epub " , " exe " , " f4v " , " fbs " , " fh " , " fla " , " flac " , " fli " , " flv " , " fpx " , " fst " , " fvt " , " g3 " , " gif " , " gz " , " h261 " , " h263 " , " h264 " , " ico " , " ief " , " image " , " img " , " ipa " , " iso " , " jar " , " jpeg " , " jpg " , " jpgv " , " jpm " , " jxr " , " ktx " , " lvp " , " lz " , " lzma " , " lzo " , " m3u " , " m4a " , " m4v " , " mar " , " mdi " , " mid " , " mj2 " , " mka " , " mkv " , " mmr " , " mng " , " mov " , " movie " , " mp3 " , " mp4 " , " mp4a " , " mpeg " , " mpg " , " mpga " , " mxu " , " nef " , " npx " , " o " , " oga " , " ogg " , " ogv " , " otf " , " pbm " , " pcx " , " pdf " , " pea " , " pgm " , " pic " , " png " , " pnm " , " ppm " , " pps " , " ppt " , " pptx " , " ps " , " psd " , " pya " , " pyc " , " pyo " , " pyv " , " qt " , " rar " , " ras " , " raw " , " rgb " , " rip " , " rlc " , " rz " , " s3m " , " s7z " , " scm " , " scpt " , " sgi " , " shar " , " sil " , " smv " , " so " , " sub " , " swf " , " tar " , " tbz2 " , " tga " , " tgz " , " tif " , " tiff " , " tlz " , " ts " , " ttf " , " uvh " , " uvi " , " uvm " , " uvp " , " uvs " , " uvu " , " viv " , " vob " , " war " , " wav " , " wax " , " wbmp " , " wdp " , " weba " , " webm " , " webp " , " whl " , " wm " , " wma " , " wmv " , " wmx " , " woff " , " woff2 " , " wvx " , " xbm " , " xif " , " xls " , " xlsx " , " xlt " , " xm " , " xpi " , " xpm " , " xwd " , " xz " , " z " , " zip " , " zipx " )
2011-07-04 23:58:41 +04:00
2017-07-20 03:41:47 +03:00
# Patterns often seen in HTTP headers containing custom injection marking character '*'
2014-02-07 17:40:43 +04:00
PROBLEMATIC_CUSTOM_INJECTION_PATTERNS = r " (;q=[^; ' ]+)|( \ */ \ *) "
2013-02-14 19:18:16 +04:00
2011-07-04 23:58:41 +04:00
# Template used for common table existence check
BRUTE_TABLE_EXISTS_TEMPLATE = " EXISTS(SELECT %d FROM %s ) "
# Template used for common column existence check
BRUTE_COLUMN_EXISTS_TEMPLATE = " EXISTS(SELECT %s FROM %s ) "
2011-07-06 09:44:47 +04:00
2016-06-01 21:37:05 +03:00
# Payload used for checking of existence of IDS/IPS/WAF (dummier the better)
2016-06-01 21:42:09 +03:00
IDS_WAF_CHECK_PAYLOAD = " AND 1=1 UNION ALL SELECT 1,NULL, ' <script>alert( \" XSS \" )</script> ' ,table_name FROM information_schema.tables WHERE 2>1--/**/; EXEC xp_cmdshell( ' cat ../../../etc/passwd ' )# "
2013-02-21 17:33:12 +04:00
2015-08-31 15:27:47 +03:00
# Data inside shellcodeexec to be filled with random string
SHELLCODEEXEC_RANDOM_STRING_MARKER = " XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX "
2017-05-08 00:12:42 +03:00
# Generic address for checking the Internet connection while using switch --check-internet
CHECK_INTERNET_ADDRESS = " http://ipinfo.io/ "
# Value to look for in response to CHECK_INTERNET_ADDRESS
CHECK_INTERNET_VALUE = " IP Address Details "
2016-10-11 01:35:39 +03:00
# Vectors used for provoking specific WAF/IPS/IDS behavior(s)
2013-02-21 17:33:12 +04:00
WAF_ATTACK_VECTORS = (
2016-10-21 14:05:45 +03:00
" " , # NIL
" search=<script>alert(1)</script> " ,
" file=../../../../etc/passwd " ,
" q=<invalid>foobar " ,
" id=1 %s " % IDS_WAF_CHECK_PAYLOAD
)
2011-07-15 17:24:13 +04:00
# Used for status representation in dictionary attack phase
ROTATING_CHARS = ( ' \\ ' , ' | ' , ' | ' , ' / ' , ' - ' )
2011-07-23 23:04:59 +04:00
2015-01-07 11:21:02 +03:00
# Approximate chunk length (in bytes) used by BigArray objects (only last chunk and cached one are held in memory)
BIGARRAY_CHUNK_SIZE = 1024 * 1024
2011-07-24 13:19:33 +04:00
2015-11-17 10:52:24 +03:00
# Maximum number of socket pre-connects
SOCKET_PRE_CONNECT_QUEUE_SIZE = 3
2011-07-24 13:19:33 +04:00
# Only console display last n table rows
2011-10-26 18:31:00 +04:00
TRIM_STDOUT_DUMP_SIZE = 256
2011-08-03 13:08:16 +04:00
2016-03-10 16:48:05 +03:00
# Reference: http://stackoverflow.com/a/3168436
# Reference: https://support.microsoft.com/en-us/kb/899149
DUMP_FILE_BUFFER_SIZE = 1024
2011-11-22 16:18:24 +04:00
# Parse response headers only first couple of times
PARSE_HEADERS_LIMIT = 3
2011-08-03 13:08:16 +04:00
# Step used in ORDER BY technique used for finding the right number of columns in UNION query injections
ORDER_BY_STEP = 10
2011-08-16 10:50:20 +04:00
2016-09-27 12:21:12 +03:00
# Maximum number of times for revalidation of a character in inference (as required)
MAX_REVALIDATION_STEPS = 5
2011-08-29 17:08:25 +04:00
# Characters that can be used to split parameter values in provided command line (e.g. in --tamper)
2016-09-29 22:26:47 +03:00
PARAMETER_SPLITTING_REGEX = r " [,|;] "
2011-10-10 01:21:41 +04:00
# Regular expression describing possible union char value (e.g. used in --union-char)
2016-09-29 22:26:47 +03:00
UNION_CHAR_REGEX = r " \ A \ w+ \ Z "
2011-10-25 13:53:44 +04:00
# Attribute used for storing original parameter value in special cases (e.g. POST)
2016-09-29 22:26:47 +03:00
UNENCODED_ORIGINAL_VALUE = " original "
2011-11-20 23:10:46 +04:00
# Common column names containing usernames (used for hash cracking in some cases)
2016-12-20 01:47:39 +03:00
COMMON_USER_COLUMNS = ( " login " , " user " , " username " , " user_name " , " user_login " , " benutzername " , " benutzer " , " utilisateur " , " usager " , " consommateur " , " utente " , " utilizzatore " , " usufrutuario " , " korisnik " , " usuario " , " consumidor " , " client " , " cuser " )
2011-11-22 01:31:08 +04:00
# Default delimiter in GET/POST values
DEFAULT_GET_POST_DELIMITER = ' & '
# Default delimiter in cookie values
2011-11-22 14:54:29 +04:00
DEFAULT_COOKIE_DELIMITER = ' ; '
2013-04-15 13:49:11 +04:00
# Unix timestamp used for forcing cookie expiration when provided with --load-cookies
FORCE_COOKIE_EXPIRATION_TIME = " 9999999999 "
2014-10-27 02:37:46 +03:00
# Github OAuth token used for creating an automatic Issue for unhandled exceptions
2016-09-08 15:08:14 +03:00
GITHUB_REPORT_OAUTH_TOKEN = " NTMyNWNkMmZkMzRlMDZmY2JkMmY0MGI4NWI0MzVlM2Q5YmFjYWNhYQ== "
2014-10-27 02:37:46 +03:00
2011-11-22 14:54:29 +04:00
# Skip unforced HashDB flush requests below the threshold number of cached items
2011-11-22 15:04:43 +04:00
HASHDB_FLUSH_THRESHOLD = 32
2011-12-23 00:14:56 +04:00
2012-09-25 13:21:39 +04:00
# Number of retries for unsuccessful HashDB flush attempts
HASHDB_FLUSH_RETRIES = 3
2014-03-24 13:46:23 +04:00
2016-10-15 01:51:35 +03:00
# Number of retries for unsuccessful HashDB retrieve attempts
HASHDB_RETRIEVE_RETRIES = 3
2014-03-24 13:46:23 +04:00
# Number of retries for unsuccessful HashDB end transaction attempts
HASHDB_END_TRANSACTION_RETRIES = 3
2012-09-25 13:21:39 +04:00
2012-03-13 13:35:37 +04:00
# Unique milestone value used for forced deprecation of old HashDB values (e.g. when changing hash/pickle mechanism)
2016-10-29 01:13:04 +03:00
HASHDB_MILESTONE_VALUE = " dPHoJRQYvs " # python -c 'import random, string; print "".join(random.sample(string.ascii_letters, 10))'
2012-03-13 02:55:57 +04:00
2011-12-23 00:14:56 +04:00
# Warn user of possible delay due to large page dump in full UNION query injections
2013-01-10 16:18:44 +04:00
LARGE_OUTPUT_THRESHOLD = 1024 * * 2
2011-12-23 00:42:57 +04:00
# On huge tables there is a considerable slowdown if every row retrieval requires ORDER BY (most noticable in table dumping using ERROR injections)
SLOW_ORDER_COUNT_THRESHOLD = 10000
2011-12-23 00:54:20 +04:00
# Give up on hash recognition if nothing was found in first given number of rows
HASH_RECOGNITION_QUIT_THRESHOLD = 10000
2011-12-28 19:59:30 +04:00
2012-03-15 15:10:58 +04:00
# Maximum number of redirections to any single URL - this is needed because of the state that cookies introduce
MAX_SINGLE_URL_REDIRECTIONS = 4
# Maximum total number of redirections (regardless of URL) - before assuming we're in a loop
MAX_TOTAL_REDIRECTIONS = 10
2012-04-02 18:05:30 +04:00
# Reference: http://www.tcpipguide.com/free/t_DNSLabelsNamesandSyntaxRules.htm
MAX_DNS_LABEL = 63
2012-04-06 12:42:36 +04:00
2012-07-01 03:19:54 +04:00
# Alphabet used for prefix and suffix strings of name resolution requests in DNS technique (excluding hexadecimal chars for not mixing with inner content)
2013-06-01 16:06:58 +04:00
DNS_BOUNDARIES_ALPHABET = re . sub ( " [a-fA-F] " , " " , string . ascii_letters )
2012-07-01 03:19:54 +04:00
2012-10-28 03:42:08 +04:00
# Alphabet used for heuristic checks
2014-12-30 12:16:50 +03:00
HEURISTIC_CHECK_ALPHABET = ( ' " ' , ' \' ' , ' ) ' , ' ( ' , ' , ' , ' . ' )
2012-10-28 03:42:08 +04:00
2016-09-29 16:59:28 +03:00
# Minor artistic touch
BANNER = re . sub ( r " \ [. \ ] " , lambda _ : " [ \033 [01;41m %s \033 [01;49m] " % random . sample ( HEURISTIC_CHECK_ALPHABET , 1 ) [ 0 ] , BANNER )
2016-01-15 00:21:47 +03:00
# String used for dummy non-SQLi (e.g. XSS) heuristic checks of a tested parameter value
2016-01-14 11:59:13 +03:00
DUMMY_NON_SQLI_CHECK_APPENDIX = " < ' \" > "
2014-10-01 15:31:48 +04:00
2016-05-30 17:06:39 +03:00
# Regular expression used for recognition of file inclusion errors
2017-01-16 16:01:44 +03:00
FI_ERROR_REGEX = " (?i)[^ \n ] { 0,100}(no such file|failed (to )?open)[^ \n ] { 0,100} "
2016-05-30 17:06:39 +03:00
2016-01-15 00:21:47 +03:00
# Length of prefix and suffix used in non-SQLI heuristic checks
NON_SQLI_CHECK_PREFIX_SUFFIX_LENGTH = 6
2012-10-28 02:36:09 +04:00
# Connection chunk size (processing large responses in chunks to avoid MemoryError crashes - e.g. large table dump in full UNION injections)
2012-04-06 12:42:36 +04:00
MAX_CONNECTION_CHUNK_SIZE = 10 * 1024 * 1024
2012-08-07 02:50:58 +04:00
# Maximum response total page size (trimmed if larger)
2016-09-02 16:52:07 +03:00
MAX_CONNECTION_TOTAL_SIZE = 50 * 1024 * 1024
2012-08-07 02:50:58 +04:00
2016-06-30 15:57:56 +03:00
# For preventing MemoryError exceptions (caused when using large sequences in difflib.SequenceMatcher)
MAX_DIFFLIB_SEQUENCE_LENGTH = 10 * 1024 * 1024
2013-07-09 12:24:48 +04:00
# Maximum (multi-threaded) length of entry in bisection algorithm
MAX_BISECTION_LENGTH = 50 * 1024 * 1024
2012-04-06 12:42:36 +04:00
# Mark used for trimming unnecessary content in large chunks
LARGE_CHUNK_TRIM_MARKER = " __TRIMMED_CONTENT__ "
2012-05-09 13:08:23 +04:00
# Generic SQL comment formation
2016-04-08 12:28:17 +03:00
GENERIC_SQL_COMMENT = " -- [RANDSTR] "
2012-05-26 11:00:26 +04:00
# Threshold value for turning back on time auto-adjustment mechanism
VALID_TIME_CHARS_RUN_THRESHOLD = 100
2012-07-12 16:31:28 +04:00
# Check for empty columns only if table is sufficiently large
CHECK_ZERO_COLUMNS_THRESHOLD = 10
2012-07-12 18:30:35 +04:00
# Boldify all logger messages containing these "patterns"
2017-07-26 01:24:13 +03:00
BOLD_PATTERNS = ( " ' injectable " , " provided empty " , " leftover chars " , " might be injectable " , " ' is vulnerable " , " is not injectable " , " does not seem to be " , " test failed " , " test passed " , " live test final result " , " test shows that " , " the back-end DBMS is " , " created Github " , " blocked by the target server " , " protection is involved " , " CAPTCHA " , " specific response " )
2012-07-13 13:23:21 +04:00
# Generic www root directory names
2013-04-29 12:50:04 +04:00
GENERIC_DOC_ROOT_DIRECTORY_NAMES = ( " htdocs " , " httpdocs " , " public " , " wwwroot " , " www " )
2012-07-24 17:43:29 +04:00
# Maximum length of a help part containing switch/option name(s)
MAX_HELP_OPTION_LENGTH = 18
2012-08-22 17:51:47 +04:00
2013-03-04 21:05:40 +04:00
# Maximum number of connection retries (to prevent problems with recursion)
MAX_CONNECT_RETRIES = 100
2012-08-22 17:51:47 +04:00
# Strings for detecting formatting errors
2016-07-07 11:37:00 +03:00
FORMAT_EXCEPTION_STRINGS = ( " Type mismatch " , " Error converting " , " Conversion failed " , " String or binary data would be truncated " , " Failed to convert " , " unable to interpret text value " , " Input string was not in a correct format " , " System.FormatException " , " java.lang.NumberFormatException " , " ValueError: invalid literal " , " DataTypeMismatchException " , " CF_SQL_INTEGER " , " for CFSQLTYPE " , " cfqueryparam cfsqltype " , " InvalidParamTypeException " , " Invalid parameter type " , " is not of type numeric " , " <cfif Not IsNumeric( " , " invalid input syntax for integer " , " invalid input syntax for type " , " invalid number " , " character to number conversion error " , " unable to interpret text value " , " String was not recognized as a valid " , " Convert.ToInt " , " cannot be converted to a " , " InvalidDataException " )
2012-09-06 16:13:54 +04:00
2012-10-19 13:02:14 +04:00
# Regular expression used for extracting ASP.NET view state values
2012-10-29 13:48:49 +04:00
VIEWSTATE_REGEX = r ' (?i)(?P<name>__VIEWSTATE[^ " ]*)[^>]+value= " (?P<result>[^ " ]+) '
2012-10-19 13:02:14 +04:00
# Regular expression used for extracting ASP.NET event validation values
2012-10-29 13:48:49 +04:00
EVENTVALIDATION_REGEX = r ' (?i)(?P<name>__EVENTVALIDATION[^ " ]*)[^>]+value= " (?P<result>[^ " ]+) '
2012-09-06 17:51:38 +04:00
# Number of rows to generate inside the full union test for limited output (mustn't be too large to prevent payload length problems)
LIMITED_ROWS_TEST_NUMBER = 15
2012-10-02 16:23:58 +04:00
2016-01-27 12:03:30 +03:00
# Default adapter to use for bottle server
RESTAPI_DEFAULT_ADAPTER = " wsgiref "
2015-12-13 01:48:30 +03:00
# Default REST-JSON API server listen address
RESTAPI_DEFAULT_ADDRESS = " 127.0.0.1 "
# Default REST-JSON API server listen port
RESTAPI_DEFAULT_PORT = 8775
2012-12-28 01:43:39 +04:00
# Format used for representing invalid unicode characters
2015-11-16 17:02:30 +03:00
INVALID_UNICODE_CHAR_FORMAT = r " \ x %02x "
2012-12-28 01:43:39 +04:00
2014-04-30 23:25:45 +04:00
# Regular expression for XML POST data
XML_RECOGNITION_REGEX = r " (?s) \ A \ s*<[^>]+>(.+>)? \ s* \ Z "
2012-10-04 13:43:37 +04:00
2014-02-26 11:41:23 +04:00
# Regular expression used for detecting JSON POST data
2017-09-05 13:48:51 +03:00
JSON_RECOGNITION_REGEX = r ' (?s) \ A( \ s* \ [)* \ s* \ { .* " [^ " ]+ " \ s*: \ s*( " [^ " ]* " | \ d+|true|false|null).* \ } \ s*( \ ] \ s*)* \ Z '
2012-10-04 13:25:44 +04:00
2014-02-26 11:56:17 +04:00
# Regular expression used for detecting JSON-like POST data
JSON_LIKE_RECOGNITION_REGEX = r " (?s) \ A( \ s* \ [)* \ s* \ { .* ' [^ ' ]+ ' \ s*: \ s*( ' [^ ' ]+ ' | \ d+).* \ } \ s*( \ ] \ s*)* \ Z "
2012-10-16 14:32:58 +04:00
# Regular expression used for detecting multipart POST data
MULTIPART_RECOGNITION_REGEX = r " (?i)Content-Disposition:[^;]+; \ s*name= "
2014-10-09 17:21:26 +04:00
# Regular expression used for detecting Array-like POST data
ARRAY_LIKE_RECOGNITION_REGEX = r " ( \ A| %s )( \ w+) \ [ \ ]=.+ %s \ 2 \ [ \ ]= " % ( DEFAULT_GET_POST_DELIMITER , DEFAULT_GET_POST_DELIMITER )
2012-10-04 13:25:44 +04:00
# Default POST data content-type
2013-03-27 16:39:27 +04:00
DEFAULT_CONTENT_TYPE = " application/x-www-form-urlencoded; charset=utf-8 "
# Raw text POST data content-type
PLAIN_TEXT_CONTENT_TYPE = " text/plain; charset=utf-8 "
2012-10-25 15:21:32 +04:00
2013-01-16 05:31:03 +04:00
# Length used while checking for existence of Suhosin-patch (like) protection mechanism
SUHOSIN_MAX_VALUE_LENGTH = 512
2012-10-29 17:08:48 +04:00
2013-01-17 14:37:45 +04:00
# Minimum size of an (binary) entry before it can be considered for dumping to disk
MIN_BINARY_DISK_DUMP_SIZE = 100
2016-07-17 01:21:16 +03:00
# Filenames of payloads xml files (in order of loading)
PAYLOAD_XML_FILES = ( " boolean_blind.xml " , " error_based.xml " , " inline_query.xml " , " stacked_queries.xml " , " time_blind.xml " , " union_query.xml " )
2012-10-29 17:08:48 +04:00
# Regular expression used for extracting form tags
FORM_SEARCH_REGEX = r " (?si)<form(?!.+<form).+?</form> "
2012-11-28 15:46:43 +04:00
2014-09-16 16:12:43 +04:00
# Maximum number of lines to save in history file
MAX_HISTORY_LENGTH = 1000
2013-01-18 14:00:21 +04:00
# Minimum field entry length needed for encoded content (hex, base64,...) check
MIN_ENCODED_LEN_CHECK = 5
2013-02-08 19:28:58 +04:00
# Timeout in seconds in which Metasploit remote session has to be initialized
2017-03-30 11:24:57 +03:00
METASPLOIT_SESSION_TIMEOUT = 120
2013-02-08 19:20:48 +04:00
2015-07-24 15:56:45 +03:00
# Reference: http://www.postgresql.org/docs/9.0/static/catalog-pg-largeobject.html
LOBLKSIZE = 2048
2015-01-09 17:33:53 +03:00
# Suffix used to mark variables having keyword names
EVALCODE_KEYWORD_SUFFIX = " _KEYWORD "
2013-02-12 15:42:12 +04:00
# Reference: http://www.cookiecentral.com/faq/#3.5
NETSCAPE_FORMAT_HEADER_COOKIES = " # Netscape HTTP Cookie File. "
2014-11-17 13:50:05 +03:00
# Infixes used for automatic recognition of parameters carrying anti-CSRF tokens
2014-10-23 16:03:44 +04:00
CSRF_TOKEN_PARAMETER_INFIXES = ( " csrf " , " xsrf " )
2014-10-23 16:00:53 +04:00
2013-05-09 16:26:29 +04:00
# Prefixes used in brute force search for web server document root
BRUTE_DOC_ROOT_PREFIXES = {
2014-08-21 03:12:44 +04:00
OS . LINUX : ( " /var/www " , " /usr/local/apache " , " /usr/local/apache2 " , " /usr/local/www/apache22 " , " /usr/local/www/apache24 " , " /usr/local/httpd " , " /var/www/nginx-default " , " /srv/www " , " /var/www/ % TARGET % " , " /var/www/vhosts/ % TARGET % " , " /var/www/virtual/ % TARGET % " , " /var/www/clients/vhosts/ % TARGET % " , " /var/www/clients/virtual/ % TARGET % " ) ,
2014-08-16 18:01:18 +04:00
OS . WINDOWS : ( " /xampp " , " /Program Files/xampp " , " /wamp " , " /Program Files/wampp " , " /apache " , " /Program Files/Apache Group/Apache " , " /Program Files/Apache Group/Apache2 " , " /Program Files/Apache Group/Apache2.2 " , " /Program Files/Apache Group/Apache2.4 " , " /Inetpub/wwwroot " , " /Inetpub/wwwroot/ % TARGET % " , " /Inetpub/vhosts/ % TARGET % " )
2013-05-09 16:26:29 +04:00
}
# Suffixes used in brute force search for web server document root
2016-05-24 13:53:21 +03:00
BRUTE_DOC_ROOT_SUFFIXES = ( " " , " html " , " htdocs " , " httpdocs " , " php " , " public " , " src " , " site " , " build " , " web " , " www " , " data " , " sites/all " , " www/build " )
2013-05-09 16:26:29 +04:00
# String used for marking target name inside used brute force web server document root
BRUTE_DOC_ROOT_TARGET_MARK = " % TARGET % "
2013-06-11 00:14:45 +04:00
# Character used as a boundary in kb.chars (preferably less frequent letter)
KB_CHARS_BOUNDARY_CHAR = ' q '
2014-11-05 12:56:30 +03:00
# Letters of lower frequency used in kb.chars
KB_CHARS_LOW_FREQUENCY_ALPHABET = " zqxjkvbp "
2012-11-28 15:46:43 +04:00
# CSS style used in HTML dump format
HTML_DUMP_CSS_STYLE = """ <style>
table {
2012-11-29 18:36:38 +04:00
margin : 10 ;
background - color : #FFFFFF;
font - family : verdana ;
font - size : 12 px ;
align : center ;
}
thead {
font - weight : bold ;
background - color : #4F81BD;
color : #FFFFFF;
}
tr : nth - child ( even ) {
background - color : #D3DFEE
2012-11-28 15:46:43 +04:00
}
td {
2012-11-29 18:36:38 +04:00
font - size : 10 px ;
2012-11-28 15:46:43 +04:00
}
2013-10-19 22:54:52 +04:00
th {
font - size : 10 px ;
}
2012-11-28 15:46:43 +04:00
< / style > """