2013-02-14 15:32:17 +04:00
#!/usr/bin/env python
2010-11-08 12:20:02 +03:00
"""
2014-01-13 21:24:49 +04:00
Copyright ( c ) 2006 - 2014 sqlmap developers ( http : / / sqlmap . org / )
2010-11-08 12:20:02 +03:00
See the file ' doc/COPYING ' for copying permission
"""
class PRIORITY :
2011-04-30 17:20:05 +04:00
LOWEST = - 100
LOWER = - 50
LOW = - 10
NORMAL = 0
HIGH = 10
HIGHER = 50
2010-11-08 12:20:02 +03:00
HIGHEST = 100
2011-12-21 23:40:42 +04:00
class SORT_ORDER :
2011-04-30 17:20:05 +04:00
FIRST = 0
SECOND = 1
THIRD = 2
FOURTH = 3
FIFTH = 4
LAST = 100
2011-01-13 14:24:03 +03:00
2010-11-08 12:20:02 +03:00
class DBMS :
2011-04-30 17:20:05 +04:00
ACCESS = " Microsoft Access "
2013-01-04 02:57:07 +04:00
DB2 = " IBM DB2 "
2011-02-04 18:57:53 +03:00
FIREBIRD = " Firebird "
2011-04-30 17:20:05 +04:00
MAXDB = " SAP MaxDB "
MSSQL = " Microsoft SQL Server "
MYSQL = " MySQL "
ORACLE = " Oracle "
PGSQL = " PostgreSQL "
SQLITE = " SQLite "
SYBASE = " Sybase "
2013-07-01 15:01:53 +04:00
HSQLDB = " HSQLDB "
2012-02-15 18:05:50 +04:00
class DBMS_DIRECTORY_NAME :
ACCESS = " access "
DB2 = " db2 "
FIREBIRD = " firebird "
MAXDB = " maxdb "
MSSQL = " mssqlserver "
MYSQL = " mysql "
ORACLE = " oracle "
PGSQL = " postgresql "
SQLITE = " sqlite "
SYBASE = " sybase "
2013-07-01 13:57:47 +04:00
HSQLDB = " hsqldb "
2010-11-08 12:20:02 +03:00
2011-12-26 16:24:39 +04:00
class CUSTOM_LOGGING :
PAYLOAD = 9
TRAFFIC_OUT = 8
TRAFFIC_IN = 7
2011-04-23 20:25:09 +04:00
class OS :
2011-04-30 17:20:05 +04:00
LINUX = " Linux "
2011-04-23 20:25:09 +04:00
WINDOWS = " Windows "
2010-11-08 12:20:02 +03:00
class PLACE :
2011-04-30 17:20:05 +04:00
GET = " GET "
POST = " POST "
URI = " URI "
COOKIE = " Cookie "
2012-07-26 14:26:57 +04:00
USER_AGENT = " User-Agent "
2011-02-12 02:07:03 +03:00
REFERER = " Referer "
2011-12-20 16:52:41 +04:00
HOST = " Host "
2012-04-17 18:23:00 +04:00
CUSTOM_POST = " (custom) POST "
2013-01-13 19:22:43 +04:00
CUSTOM_HEADER = " (custom) HEADER "
2010-11-08 12:44:32 +03:00
2012-10-04 13:25:44 +04:00
class POST_HINT :
SOAP = " SOAP "
JSON = " JSON "
2014-02-26 11:56:17 +04:00
JSON_LIKE = " JSON-like "
2012-10-16 14:32:58 +04:00
MULTIPART = " MULTIPART "
2012-10-04 20:44:12 +04:00
XML = " XML (generic) "
2012-10-04 13:25:44 +04:00
2010-11-08 12:44:32 +03:00
class HTTPMETHOD :
2011-04-30 17:20:05 +04:00
GET = " GET "
POST = " POST "
HEAD = " HEAD "
2013-04-10 18:43:57 +04:00
PUT = " PUT "
DELETE = " DETELE "
TRACE = " TRACE "
OPTIONS = " OPTIONS "
CONNECT = " CONNECT "
PATCH = " PATCH "
2010-11-08 12:49:57 +03:00
class NULLCONNECTION :
2011-04-30 17:20:05 +04:00
HEAD = " HEAD "
RANGE = " Range "
2013-05-17 17:04:25 +04:00
SKIP_READ = " skip-read "
2010-11-23 16:24:02 +03:00
2011-05-30 13:46:32 +04:00
class REFLECTIVE_COUNTER :
MISS = " MISS "
HIT = " HIT "
2012-02-29 18:36:23 +04:00
class CHARSET_TYPE :
2012-09-07 12:09:00 +04:00
BINARY = 1
DIGITS = 2
HEXADECIMAL = 3
ALPHA = 4
2012-02-29 18:36:23 +04:00
ALPHANUM = 5
2012-08-22 13:56:30 +04:00
class HEURISTIC_TEST :
2012-09-07 12:09:00 +04:00
CASTED = 1
NEGATIVE = 2
2012-08-22 13:56:30 +04:00
POSITIVE = 3
2010-11-23 16:24:02 +03:00
class HASH :
2011-04-30 17:20:05 +04:00
MYSQL = r ' (?i) \ A \ *[0-9a-f] {40} \ Z '
2011-12-27 16:31:29 +04:00
MYSQL_OLD = r ' (?i) \ A(?![0-9]+ \ Z)[0-9a-f] {16} \ Z '
2011-04-30 17:20:05 +04:00
POSTGRES = r ' (?i) \ Amd5[0-9a-f] {32} \ Z '
MSSQL = r ' (?i) \ A0x0100[0-9a-f] {8} [0-9a-f] {40} \ Z '
MSSQL_OLD = r ' (?i) \ A0x0100[0-9a-f] {8} [0-9a-f] {80} \ Z '
2013-06-13 23:50:35 +04:00
MSSQL_NEW = r ' (?i) \ A0x0200[0-9a-f] {8} [0-9a-f] {128} \ Z '
2011-04-30 17:20:05 +04:00
ORACLE = r ' (?i) \ As:[0-9a-f] {60} \ Z '
ORACLE_OLD = r ' (?i) \ A[01-9a-f] {16} \ Z '
MD5_GENERIC = r ' (?i) \ A[0-9a-f] {32} \ Z '
SHA1_GENERIC = r ' (?i) \ A[0-9a-f] {40} \ Z '
2013-03-05 14:04:46 +04:00
SHA224_GENERIC = r ' (?i) \ A[0-9a-f] {28} \ Z '
SHA384_GENERIC = r ' (?i) \ A[0-9a-f] {48} \ Z '
SHA512_GENERIC = r ' (?i) \ A[0-9a-f] {64} \ Z '
2011-12-27 16:31:29 +04:00
CRYPT_GENERIC = r ' (?i) \ A(?! \ d { 1,3} \ . \ d { 1,3} \ . \ d { 1,3} \ . \ d { 1,3} \ Z)(?![0-9]+ \ Z)[./0-9A-Za-z] {13} \ Z '
2011-11-20 23:10:46 +04:00
WORDPRESS = r ' (?i) \ A \ $P \ $[./0-9A-Za-z] {31} \ Z '
2010-11-28 21:10:54 +03:00
2011-04-29 23:32:30 +04:00
# Reference: http://www.zytrax.com/tech/web/mobile_ids.html
2011-04-29 23:27:23 +04:00
class MOBILES :
2012-10-30 13:30:22 +04:00
BLACKBERRY = ( " BlackBerry 9900 " , " Mozilla/5.0 (BlackBerry; U; BlackBerry 9900; en) AppleWebKit/534.11+ (KHTML, like Gecko) Version/7.1.0.346 Mobile Safari/534.11+ " )
GALAXY = ( " Samsung Galaxy S " , " Mozilla/5.0 (Linux; U; Android 2.2; en-US; SGH-T959D Build/FROYO) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1 " )
HP = ( " HP iPAQ 6365 " , " Mozilla/4.0 (compatible; MSIE 4.01; Windows CE; PPC; 240x320; HP iPAQ h6300) " )
HTC = ( " HTC Sensation " , " Mozilla/5.0 (Linux; U; Android 4.0.3; de-ch; HTC Sensation Build/IML74K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30 " )
IPHONE = ( " Apple iPhone 4s " , " Mozilla/5.0 (iPhone; CPU iPhone OS 5_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B179 Safari/7534.48.3 " )
NEXUS = ( " Google Nexus 7 " , " Mozilla/5.0 (Linux; Android 4.1.1; Nexus 7 Build/JRO03D) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.166 Safari/535.19 " )
NOKIA = ( " Nokia N97 " , " Mozilla/5.0 (SymbianOS/9.4; Series60/5.0 NokiaN97-1/10.0.012; Profile/MIDP-2.1 Configuration/CLDC-1.1; en-us) AppleWebKit/525 (KHTML, like Gecko) WicKed/7.1.12344 " )
2011-04-29 23:27:23 +04:00
2012-11-28 13:59:15 +04:00
class PROXY_TYPE :
2011-12-16 03:19:55 +04:00
HTTP = " HTTP "
2013-12-17 12:30:51 +04:00
HTTPS = " HTTPS "
2011-12-16 03:19:55 +04:00
SOCKS4 = " SOCKS4 "
SOCKS5 = " SOCKS5 "
2012-11-28 13:58:18 +04:00
class DUMP_FORMAT :
CSV = " CSV "
HTML = " HTML "
SQLITE = " SQLITE "
2013-03-20 14:10:24 +04:00
class HTTP_HEADER :
2011-07-06 09:44:47 +04:00
ACCEPT = " Accept "
2011-11-29 23:17:07 +04:00
ACCEPT_CHARSET = " Accept-Charset "
2011-04-30 17:20:05 +04:00
ACCEPT_ENCODING = " Accept-Encoding "
2011-11-29 23:17:07 +04:00
ACCEPT_LANGUAGE = " Accept-Language "
2011-04-30 17:20:05 +04:00
AUTHORIZATION = " Authorization "
2011-11-29 23:17:07 +04:00
CACHE_CONTROL = " Cache-Control "
2011-04-30 17:20:05 +04:00
CONNECTION = " Connection "
CONTENT_ENCODING = " Content-Encoding "
CONTENT_LENGTH = " Content-Length "
CONTENT_RANGE = " Content-Range "
CONTENT_TYPE = " Content-Type "
COOKIE = " Cookie "
2012-01-11 18:28:08 +04:00
SET_COOKIE = " Set-Cookie "
2011-05-13 05:01:53 +04:00
HOST = " Host "
2011-11-29 23:17:07 +04:00
PRAGMA = " Pragma "
PROXY_AUTHORIZATION = " Proxy-Authorization "
PROXY_CONNECTION = " Proxy-Connection "
2011-04-30 17:20:05 +04:00
RANGE = " Range "
REFERER = " Referer "
2013-02-21 17:33:12 +04:00
SERVER = " Server "
2011-04-30 17:20:05 +04:00
USER_AGENT = " User-Agent "
2013-02-22 00:34:26 +04:00
TRANSFER_ENCODING = " Transfer-Encoding "
2013-02-26 18:30:11 +04:00
VIA = " Via "
2011-03-11 23:16:34 +03:00
2010-12-10 15:30:36 +03:00
class EXPECTED :
2011-04-30 17:20:05 +04:00
BOOL = " bool "
INT = " int "
2010-12-10 15:30:36 +03:00
2011-12-28 17:50:03 +04:00
class HASHDB_KEYS :
2012-06-21 14:09:10 +04:00
DBMS = " DBMS "
CONF_TMP_PATH = " CONF_TMP_PATH "
2011-12-28 17:50:03 +04:00
KB_ABS_FILE_PATHS = " KB_ABS_FILE_PATHS "
KB_BRUTE_COLUMNS = " KB_BRUTE_COLUMNS "
2012-06-21 14:09:10 +04:00
KB_BRUTE_TABLES = " KB_BRUTE_TABLES "
KB_CHARS = " KB_CHARS "
2012-02-28 18:04:13 +04:00
KB_DYNAMIC_MARKINGS = " KB_DYNAMIC_MARKINGS "
2012-06-21 14:09:10 +04:00
KB_INJECTIONS = " KB_INJECTIONS "
KB_XP_CMDSHELL_AVAILABLE = " KB_XP_CMDSHELL_AVAILABLE "
OS = " OS "
2011-12-28 17:50:03 +04:00
2011-12-05 02:42:19 +04:00
class REDIRECTION :
2012-03-18 21:27:08 +04:00
YES = " Y "
NO = " N "
2011-12-05 02:42:19 +04:00
2010-11-28 21:10:54 +03:00
class PAYLOAD :
SQLINJECTION = {
2013-01-04 02:38:29 +04:00
1 : " boolean-based blind " ,
2 : " error-based " ,
3 : " UNION query " ,
4 : " stacked queries " ,
5 : " AND/OR time-based blind " ,
2013-01-10 18:02:28 +04:00
6 : " inline query " ,
2010-11-28 21:10:54 +03:00
}
PARAMETER = {
2013-01-04 02:38:29 +04:00
1 : " Unescaped numeric " ,
2 : " Single quoted string " ,
3 : " LIKE single quoted string " ,
4 : " Double quoted string " ,
2013-01-10 18:02:28 +04:00
5 : " LIKE double quoted string " ,
2010-11-28 21:10:54 +03:00
}
RISK = {
2013-01-04 02:38:29 +04:00
0 : " No risk " ,
1 : " Low risk " ,
2 : " Medium risk " ,
2013-01-10 18:02:28 +04:00
3 : " High risk " ,
2010-11-28 21:10:54 +03:00
}
CLAUSE = {
2013-01-04 02:38:29 +04:00
0 : " Always " ,
1 : " WHERE " ,
2 : " GROUP BY " ,
3 : " ORDER BY " ,
4 : " LIMIT " ,
5 : " OFFSET " ,
6 : " TOP " ,
7 : " Table name " ,
2013-01-10 18:02:28 +04:00
8 : " Column name " ,
2010-11-28 21:10:54 +03:00
}
2010-12-06 18:50:19 +03:00
class METHOD :
2011-04-30 17:20:05 +04:00
COMPARISON = " comparison "
GREP = " grep "
TIME = " time "
UNION = " union "
2010-12-08 16:04:48 +03:00
class TECHNIQUE :
BOOLEAN = 1
ERROR = 2
UNION = 3
STACKED = 4
TIME = 5
2012-12-05 13:45:17 +04:00
QUERY = 6
2011-02-02 16:34:09 +03:00
class WHERE :
ORIGINAL = 1
NEGATIVE = 2
REPLACE = 3
2012-10-05 12:24:09 +04:00
class WIZARD :
BASIC = ( " getBanner " , " getCurrentUser " , " getCurrentDb " , " isDba " )
2013-05-22 23:21:43 +04:00
INTERMEDIATE = ( " getBanner " , " getCurrentUser " , " getCurrentDb " , " isDba " , " getUsers " , " getDbs " , " getTables " , " getSchema " , " excludeSysDbs " )
2012-10-05 12:24:09 +04:00
ALL = ( " getBanner " , " getCurrentUser " , " getCurrentDb " , " isDba " , " getHostname " , " getUsers " , " getPasswordHashes " , " getPrivileges " , " getRoles " , " dumpAll " )
2012-10-09 17:19:47 +04:00
class ADJUST_TIME_DELAY :
DISABLE = - 1
NO = 0
YES = 1
2012-10-29 13:48:49 +04:00
class WEB_API :
PHP = " php "
ASP = " asp "
ASPX = " aspx "
JSP = " jsp "
2013-01-29 05:39:27 +04:00
2013-01-30 19:30:34 +04:00
class CONTENT_TYPE :
2013-01-29 05:39:27 +04:00
TECHNIQUES = 0
2013-01-29 19:36:19 +04:00
DBMS_FINGERPRINT = 1
BANNER = 2
CURRENT_USER = 3
CURRENT_DB = 4
HOSTNAME = 5
IS_DBA = 6
USERS = 7
PASSWORDS = 8
PRIVILEGES = 9
ROLES = 10
DBS = 11
TABLES = 12
COLUMNS = 13
SCHEMA = 14
COUNT = 15
DUMP_TABLE = 16
SEARCH = 17
SQL_QUERY = 18
COMMON_TABLES = 19
COMMON_COLUMNS = 20
FILE_READ = 21
FILE_WRITE = 22
OS_CMD = 23
REG_READ = 24
2013-01-29 05:39:27 +04:00
2013-02-05 18:43:03 +04:00
PART_RUN_CONTENT_TYPES = {
" checkDbms " : CONTENT_TYPE . TECHNIQUES ,
" getFingerprint " : CONTENT_TYPE . DBMS_FINGERPRINT ,
" getBanner " : CONTENT_TYPE . BANNER ,
" getCurrentUser " : CONTENT_TYPE . CURRENT_USER ,
" getCurrentDb " : CONTENT_TYPE . CURRENT_DB ,
" getHostname " : CONTENT_TYPE . HOSTNAME ,
" isDba " : CONTENT_TYPE . IS_DBA ,
" getUsers " : CONTENT_TYPE . USERS ,
" getPasswordHashes " : CONTENT_TYPE . PASSWORDS ,
" getPrivileges " : CONTENT_TYPE . PRIVILEGES ,
" getRoles " : CONTENT_TYPE . ROLES ,
" getDbs " : CONTENT_TYPE . DBS ,
" getTables " : CONTENT_TYPE . TABLES ,
" getColumns " : CONTENT_TYPE . COLUMNS ,
" getSchema " : CONTENT_TYPE . SCHEMA ,
" getCount " : CONTENT_TYPE . COUNT ,
" dumpTable " : CONTENT_TYPE . DUMP_TABLE ,
" search " : CONTENT_TYPE . SEARCH ,
" sqlQuery " : CONTENT_TYPE . SQL_QUERY ,
" tableExists " : CONTENT_TYPE . COMMON_TABLES ,
" columnExists " : CONTENT_TYPE . COMMON_COLUMNS ,
" readFile " : CONTENT_TYPE . FILE_READ ,
" writeFile " : CONTENT_TYPE . FILE_WRITE ,
" osCmd " : CONTENT_TYPE . OS_CMD ,
" regRead " : CONTENT_TYPE . REG_READ
}
2013-02-03 15:31:05 +04:00
class CONTENT_STATUS :
2013-01-29 05:39:27 +04:00
IN_PROGRESS = 0
COMPLETE = 1
2013-03-13 00:16:44 +04:00
class AUTH_TYPE :
BASIC = " basic "
DIGEST = " digest "
NTLM = " ntlm "
2013-09-12 01:17:18 +04:00
PKI = " pki "