sqlmap/lib/core/enums.py

#!/usr/bin/env python

"""
Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission
"""

class PRIORITY:
    LOWEST = -100
    LOWER = -50
    LOW = -10
    NORMAL = 0
    HIGH = 10
    HIGHER = 50
    HIGHEST = 100

class SORT_ORDER:
    FIRST = 0
    SECOND = 1
    THIRD = 2
    FOURTH = 3
    FIFTH = 4
    LAST = 100

class DBMS:
    ACCESS = "Microsoft Access"
    DB2 = "IBM DB2"
    FIREBIRD = "Firebird"
    MAXDB = "SAP MaxDB"
    MSSQL = "Microsoft SQL Server"
    MYSQL = "MySQL"
    ORACLE = "Oracle"
    PGSQL = "PostgreSQL"
    SQLITE = "SQLite"
    SYBASE = "Sybase"

class DBMS_DIRECTORY_NAME:
    ACCESS = "access"
    DB2 = "db2"
    FIREBIRD = "firebird"
    MAXDB = "maxdb"
    MSSQL = "mssqlserver"
    MYSQL = "mysql"
    ORACLE = "oracle"
    PGSQL = "postgresql"
    SQLITE = "sqlite"
    SYBASE = "sybase"

class CUSTOM_LOGGING:
    PAYLOAD = 9
    TRAFFIC_OUT = 8
    TRAFFIC_IN = 7

class OS:
    LINUX = "Linux"
    WINDOWS = "Windows"

class PLACE:
    GET = "GET"
    POST = "POST"
    URI = "URI"
    COOKIE = "Cookie"
    USER_AGENT = "User-Agent"
    REFERER = "Referer"
    HOST = "Host"
    CUSTOM_POST = "(custom) POST"
    CUSTOM_HEADER = "(custom) HEADER"

class POST_HINT:
    SOAP = "SOAP"
    JSON = "JSON"
    MULTIPART = "MULTIPART"
    XML = "XML (generic)"

class HTTPMETHOD:
    GET = "GET"
    POST = "POST"
    HEAD = "HEAD"
    PUT = "PUT"
    DELETE = "DETELE"
    TRACE = "TRACE"
    OPTIONS = "OPTIONS"
    CONNECT = "CONNECT"
    PATCH = "PATCH"

class NULLCONNECTION:
    HEAD = "HEAD"
    RANGE = "Range"
    SKIP_READ = "skip-read"

class REFLECTIVE_COUNTER:
    MISS = "MISS"
    HIT = "HIT"

class CHARSET_TYPE:
    BINARY = 1
    DIGITS = 2
    HEXADECIMAL = 3
    ALPHA = 4
    ALPHANUM = 5

class HEURISTIC_TEST:
    CASTED = 1
    NEGATIVE = 2
    POSITIVE = 3

class HASH:
    MYSQL = r'(?i)\A\*[0-9a-f]{40}\Z'
    MYSQL_OLD = r'(?i)\A(?![0-9]+\Z)[0-9a-f]{16}\Z'
    POSTGRES = r'(?i)\Amd5[0-9a-f]{32}\Z'
    MSSQL = r'(?i)\A0x0100[0-9a-f]{8}[0-9a-f]{40}\Z'
    MSSQL_OLD = r'(?i)\A0x0100[0-9a-f]{8}[0-9a-f]{80}\Z'
    ORACLE = r'(?i)\As:[0-9a-f]{60}\Z'
    ORACLE_OLD = r'(?i)\A[01-9a-f]{16}\Z'
    MD5_GENERIC = r'(?i)\A[0-9a-f]{32}\Z'
    SHA1_GENERIC = r'(?i)\A[0-9a-f]{40}\Z'
    SHA224_GENERIC = r'(?i)\A[0-9a-f]{28}\Z'
    SHA384_GENERIC = r'(?i)\A[0-9a-f]{48}\Z'
    SHA512_GENERIC = r'(?i)\A[0-9a-f]{64}\Z'
    CRYPT_GENERIC = r'(?i)\A(?!\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\Z)(?![0-9]+\Z)[./0-9A-Za-z]{13}\Z'
    WORDPRESS = r'(?i)\A\$P\$[./0-9A-Za-z]{31}\Z'

# Reference: http://www.zytrax.com/tech/web/mobile_ids.html
class MOBILES:
    BLACKBERRY = ("BlackBerry 9900", "Mozilla/5.0 (BlackBerry; U; BlackBerry 9900; en) AppleWebKit/534.11+ (KHTML, like Gecko) Version/7.1.0.346 Mobile Safari/534.11+")
    GALAXY = ("Samsung Galaxy S", "Mozilla/5.0 (Linux; U; Android 2.2; en-US; SGH-T959D Build/FROYO) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1")
    HP = ("HP iPAQ 6365", "Mozilla/4.0 (compatible; MSIE 4.01; Windows CE; PPC; 240x320; HP iPAQ h6300)")
    HTC = ("HTC Sensation", "Mozilla/5.0 (Linux; U; Android 4.0.3; de-ch; HTC Sensation Build/IML74K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30")
    IPHONE = ("Apple iPhone 4s", "Mozilla/5.0 (iPhone; CPU iPhone OS 5_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B179 Safari/7534.48.3")
    NEXUS = ("Google Nexus 7", "Mozilla/5.0 (Linux; Android 4.1.1; Nexus 7 Build/JRO03D) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.166 Safari/535.19")
    NOKIA = ("Nokia N97", "Mozilla/5.0 (SymbianOS/9.4; Series60/5.0 NokiaN97-1/10.0.012; Profile/MIDP-2.1 Configuration/CLDC-1.1; en-us) AppleWebKit/525 (KHTML, like Gecko) WicKed/7.1.12344")

class PROXY_TYPE:
    HTTP = "HTTP"
    SOCKS4 = "SOCKS4"
    SOCKS5 = "SOCKS5"

class DUMP_FORMAT:
    CSV = "CSV"
    HTML = "HTML"
    SQLITE = "SQLITE"

class HTTP_HEADER:
    ACCEPT = "Accept"
    ACCEPT_CHARSET = "Accept-Charset"
    ACCEPT_ENCODING = "Accept-Encoding"
    ACCEPT_LANGUAGE = "Accept-Language"
    AUTHORIZATION = "Authorization"
    CACHE_CONTROL = "Cache-Control"
    CONNECTION = "Connection"
    CONTENT_ENCODING = "Content-Encoding"
    CONTENT_LENGTH = "Content-Length"
    CONTENT_RANGE = "Content-Range"
    CONTENT_TYPE = "Content-Type"
    COOKIE = "Cookie"
    SET_COOKIE = "Set-Cookie"
    HOST = "Host"
    PRAGMA = "Pragma"
    PROXY_AUTHORIZATION = "Proxy-Authorization"
    PROXY_CONNECTION = "Proxy-Connection"
    RANGE = "Range"
    REFERER = "Referer"
    SERVER = "Server"
    USER_AGENT = "User-Agent"
    TRANSFER_ENCODING = "Transfer-Encoding"
    VIA = "Via"

class EXPECTED:
    BOOL = "bool"
    INT = "int"

class HASHDB_KEYS:
    DBMS = "DBMS"
    CONF_TMP_PATH = "CONF_TMP_PATH"
    KB_ABS_FILE_PATHS = "KB_ABS_FILE_PATHS"
    KB_BRUTE_COLUMNS = "KB_BRUTE_COLUMNS"
    KB_BRUTE_TABLES = "KB_BRUTE_TABLES"
    KB_CHARS = "KB_CHARS"
    KB_DYNAMIC_MARKINGS = "KB_DYNAMIC_MARKINGS"
    KB_INJECTIONS = "KB_INJECTIONS"
    KB_XP_CMDSHELL_AVAILABLE = "KB_XP_CMDSHELL_AVAILABLE"
    OS = "OS"

class REDIRECTION:
    YES = "Y"
    NO = "N"

class PAYLOAD:
    SQLINJECTION = {
                        1: "boolean-based blind",
                        2: "error-based",
                        3: "UNION query",
                        4: "stacked queries",
                        5: "AND/OR time-based blind",
                        6: "inline query",
                   }

    PARAMETER = {
                    1: "Unescaped numeric",
                    2: "Single quoted string",
                    3: "LIKE single quoted string",
                    4: "Double quoted string",
                    5: "LIKE double quoted string",
                }

    RISK = {
                0: "No risk",
                1: "Low risk",
                2: "Medium risk",
                3: "High risk",
           }

    CLAUSE = {
                0: "Always",
                1: "WHERE",
                2: "GROUP BY",
                3: "ORDER BY",
                4: "LIMIT",
                5: "OFFSET",
                6: "TOP",
                7: "Table name",
                8: "Column name",
             }

    class METHOD:
        COMPARISON = "comparison"
        GREP = "grep"
        TIME = "time"
        UNION = "union"

    class TECHNIQUE:
        BOOLEAN = 1
        ERROR = 2
        UNION = 3
        STACKED = 4
        TIME = 5
        QUERY = 6

    class WHERE:
        ORIGINAL = 1
        NEGATIVE = 2
        REPLACE = 3

class WIZARD:
    BASIC = ("getBanner", "getCurrentUser", "getCurrentDb", "isDba")
    INTERMEDIATE = ("getBanner", "getCurrentUser", "getCurrentDb", "isDba", "getUsers", "getDbs", "getTables", "getSchema", "excludeSysDbs")
    ALL = ("getBanner", "getCurrentUser", "getCurrentDb", "isDba", "getHostname", "getUsers", "getPasswordHashes", "getPrivileges", "getRoles", "dumpAll")

class ADJUST_TIME_DELAY:
    DISABLE = -1
    NO = 0
    YES = 1

class WEB_API:
    PHP = "php"
    ASP = "asp"
    ASPX = "aspx"
    JSP = "jsp"

class CONTENT_TYPE:
    TECHNIQUES = 0
    DBMS_FINGERPRINT = 1
    BANNER = 2
    CURRENT_USER = 3
    CURRENT_DB = 4
    HOSTNAME = 5
    IS_DBA = 6
    USERS = 7
    PASSWORDS = 8
    PRIVILEGES = 9
    ROLES = 10
    DBS = 11
    TABLES = 12
    COLUMNS = 13
    SCHEMA = 14
    COUNT = 15
    DUMP_TABLE = 16
    SEARCH = 17
    SQL_QUERY = 18
    COMMON_TABLES = 19
    COMMON_COLUMNS = 20
    FILE_READ = 21
    FILE_WRITE = 22
    OS_CMD = 23
    REG_READ = 24

PART_RUN_CONTENT_TYPES = {
    "checkDbms": CONTENT_TYPE.TECHNIQUES,
    "getFingerprint": CONTENT_TYPE.DBMS_FINGERPRINT,
    "getBanner": CONTENT_TYPE.BANNER,
    "getCurrentUser": CONTENT_TYPE.CURRENT_USER,
    "getCurrentDb": CONTENT_TYPE.CURRENT_DB,
    "getHostname": CONTENT_TYPE.HOSTNAME,
    "isDba": CONTENT_TYPE.IS_DBA,
    "getUsers": CONTENT_TYPE.USERS,
    "getPasswordHashes": CONTENT_TYPE.PASSWORDS,
    "getPrivileges": CONTENT_TYPE.PRIVILEGES,
    "getRoles": CONTENT_TYPE.ROLES,
    "getDbs": CONTENT_TYPE.DBS,
    "getTables": CONTENT_TYPE.TABLES,
    "getColumns": CONTENT_TYPE.COLUMNS,
    "getSchema": CONTENT_TYPE.SCHEMA,
    "getCount": CONTENT_TYPE.COUNT,
    "dumpTable": CONTENT_TYPE.DUMP_TABLE,
    "search": CONTENT_TYPE.SEARCH,
    "sqlQuery": CONTENT_TYPE.SQL_QUERY,
    "tableExists": CONTENT_TYPE.COMMON_TABLES,
    "columnExists": CONTENT_TYPE.COMMON_COLUMNS,
    "readFile": CONTENT_TYPE.FILE_READ,
    "writeFile": CONTENT_TYPE.FILE_WRITE,
    "osCmd": CONTENT_TYPE.OS_CMD,
    "regRead": CONTENT_TYPE.REG_READ
}

class CONTENT_STATUS:
    IN_PROGRESS = 0
    COMPLETE = 1

class AUTH_TYPE:
    BASIC = "basic"
    DIGEST = "digest"
    NTLM = "ntlm"
    CERT = "cert"
reverted a previous commit as not all distributions create a link file /usr/bin/python2 to the Python interpreter 2013-02-14 15:32:17 +04:00			`#!/usr/bin/env python`
further refactoring (all enumerations are now put into enums.py) 2010-11-08 12:20:02 +03:00
			`"""`
updated copyright 2013-01-18 18:07:51 +04:00			`Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)`
further refactoring (all enumerations are now put into enums.py) 2010-11-08 12:20:02 +03:00			`See the file 'doc/COPYING' for copying permission`
			`"""`

			`class PRIORITY:`
Minor code restyling 2011-04-30 17:20:05 +04:00			`LOWEST = -100`
			`LOWER = -50`
			`LOW = -10`
			`NORMAL = 0`
			`HIGH = 10`
			`HIGHER = 50`
further refactoring (all enumerations are now put into enums.py) 2010-11-08 12:20:02 +03:00			`HIGHEST = 100`

some more refactoring 2011-12-21 23:40:42 +04:00			`class SORT_ORDER:`
Minor code restyling 2011-04-30 17:20:05 +04:00			`FIRST = 0`
			`SECOND = 1`
			`THIRD = 2`
			`FOURTH = 3`
			`FIFTH = 4`
			`LAST = 100`
update 2011-01-13 14:24:03 +03:00
further refactoring (all enumerations are now put into enums.py) 2010-11-08 12:20:02 +03:00			`class DBMS:`
Minor code restyling 2011-04-30 17:20:05 +04:00			`ACCESS = "Microsoft Access"`
Removing trailing whitespaces (PEP8) 2013-01-04 02:57:07 +04:00			`DB2 = "IBM DB2"`
Minor fix 2011-02-04 18:57:53 +03:00			`FIREBIRD = "Firebird"`
Minor code restyling 2011-04-30 17:20:05 +04:00			`MAXDB = "SAP MaxDB"`
			`MSSQL = "Microsoft SQL Server"`
			`MYSQL = "MySQL"`
			`ORACLE = "Oracle"`
			`PGSQL = "PostgreSQL"`
			`SQLITE = "SQLite"`
			`SYBASE = "Sybase"`
minor update and refactoring 2012-02-15 18:05:50 +04:00
			`class DBMS_DIRECTORY_NAME:`
			`ACCESS = "access"`
			`DB2 = "db2"`
			`FIREBIRD = "firebird"`
			`MAXDB = "maxdb"`
			`MSSQL = "mssqlserver"`
			`MYSQL = "mysql"`
			`ORACLE = "oracle"`
			`PGSQL = "postgresql"`
			`SQLITE = "sqlite"`
			`SYBASE = "sybase"`
further refactoring (all enumerations are now put into enums.py) 2010-11-08 12:20:02 +03:00
minor refactoring 2011-12-26 16:24:39 +04:00			`class CUSTOM_LOGGING:`
			`PAYLOAD = 9`
			`TRAFFIC_OUT = 8`
			`TRAFFIC_IN = 7`

Minor code refactoring relating set/get back-end DBMS operating system and minor bug fix to properly enforce OS value with --os switch 2011-04-23 20:25:09 +04:00			`class OS:`
Minor code restyling 2011-04-30 17:20:05 +04:00			`LINUX = "Linux"`
Minor code refactoring relating set/get back-end DBMS operating system and minor bug fix to properly enforce OS value with --os switch 2011-04-23 20:25:09 +04:00			`WINDOWS = "Windows"`

further refactoring (all enumerations are now put into enums.py) 2010-11-08 12:20:02 +03:00			`class PLACE:`
Minor code restyling 2011-04-30 17:20:05 +04:00			`GET = "GET"`
			`POST = "POST"`
			`URI = "URI"`
			`COOKIE = "Cookie"`
Minor preparation for an Issue #48 2012-07-26 14:26:57 +04:00			`USER_AGENT = "User-Agent"`
implementation of referer feature 2011-02-12 02:07:03 +03:00			`REFERER = "Referer"`
adding support for scanning Host header values (-p host) 2011-12-20 16:52:41 +04:00			`HOST = "Host"`
adding support for (custom) POST injection (marking injection point with '*' in conf.data) 2012-04-17 18:23:00 +04:00			`CUSTOM_POST = "(custom) POST"`
Implementation for an Issue #48 2013-01-13 19:22:43 +04:00			`CUSTOM_HEADER = "(custom) HEADER"`
further enum refactoring 2010-11-08 12:44:32 +03:00
Work for Issue #197 and Issue #49 2012-10-04 13:25:44 +04:00			`class POST_HINT:`
			`SOAP = "SOAP"`
			`JSON = "JSON"`
Implementation for an Issue #79 2012-10-16 14:32:58 +04:00			`MULTIPART = "MULTIPART"`
Adding support for generic XML POST data 2012-10-04 20:44:12 +04:00			`XML = "XML (generic)"`
Work for Issue #197 and Issue #49 2012-10-04 13:25:44 +04:00
further enum refactoring 2010-11-08 12:44:32 +03:00			`class HTTPMETHOD:`
Minor code restyling 2011-04-30 17:20:05 +04:00			`GET = "GET"`
			`POST = "POST"`
			`HEAD = "HEAD"`
Update for an Issue #431 2013-04-10 18:43:57 +04:00			`PUT = "PUT"`
			`DELETE = "DETELE"`
			`TRACE = "TRACE"`
			`OPTIONS = "OPTIONS"`
			`CONNECT = "CONNECT"`
			`PATCH = "PATCH"`
minor update 2010-11-08 12:49:57 +03:00
			`class NULLCONNECTION:`
Minor code restyling 2011-04-30 17:20:05 +04:00			`HEAD = "HEAD"`
			`RANGE = "Range"`
Implementation for an Issue #450 2013-05-17 17:04:25 +04:00			`SKIP_READ = "skip-read"`
first working version of dictionary attack 2010-11-23 16:24:02 +03:00
warp 5 mr spock :) 2011-05-30 13:46:32 +04:00			`class REFLECTIVE_COUNTER:`
			`MISS = "MISS"`
			`HIT = "HIT"`

code refactoring regarding charsetType inside inference/bisection 2012-02-29 18:36:23 +04:00			`class CHARSET_TYPE:`
Minor style update 2012-09-07 12:09:00 +04:00			`BINARY = 1`
			`DIGITS = 2`
			`HEXADECIMAL = 3`
			`ALPHA = 4`
code refactoring regarding charsetType inside inference/bisection 2012-02-29 18:36:23 +04:00			`ALPHANUM = 5`

Update for an #161 (preventing further skipping of non-heuristic parameters in ignore casted case) 2012-08-22 13:56:30 +04:00			`class HEURISTIC_TEST:`
Minor style update 2012-09-07 12:09:00 +04:00			`CASTED = 1`
			`NEGATIVE = 2`
Update for an #161 (preventing further skipping of non-heuristic parameters in ignore casted case) 2012-08-22 13:56:30 +04:00			`POSITIVE = 3`

first working version of dictionary attack 2010-11-23 16:24:02 +03:00			`class HASH:`
Minor code restyling 2011-04-30 17:20:05 +04:00			`MYSQL = r'(?i)\A\*[0-9a-f]{40}\Z'`
minor refactoring 2011-12-27 16:31:29 +04:00			`MYSQL_OLD = r'(?i)\A(?![0-9]+\Z)[0-9a-f]{16}\Z'`
Minor code restyling 2011-04-30 17:20:05 +04:00			`POSTGRES = r'(?i)\Amd5[0-9a-f]{32}\Z'`
			`MSSQL = r'(?i)\A0x0100[0-9a-f]{8}[0-9a-f]{40}\Z'`
			`MSSQL_OLD = r'(?i)\A0x0100[0-9a-f]{8}[0-9a-f]{80}\Z'`
			`ORACLE = r'(?i)\As:[0-9a-f]{60}\Z'`
			`ORACLE_OLD = r'(?i)\A[01-9a-f]{16}\Z'`
			`MD5_GENERIC = r'(?i)\A[0-9a-f]{32}\Z'`
			`SHA1_GENERIC = r'(?i)\A[0-9a-f]{40}\Z'`
Adding support for SHA2 hash functions 2013-03-05 14:04:46 +04:00			`SHA224_GENERIC = r'(?i)\A[0-9a-f]{28}\Z'`
			`SHA384_GENERIC = r'(?i)\A[0-9a-f]{48}\Z'`
			`SHA512_GENERIC = r'(?i)\A[0-9a-f]{64}\Z'`
minor refactoring 2011-12-27 16:31:29 +04:00			`CRYPT_GENERIC = r'(?i)\A(?!\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\Z)(?![0-9]+\Z)[./0-9A-Za-z]{13}\Z'`
implementing WordPress phpass hash cracking routine 2011-11-20 23:10:46 +04:00			`WORDPRESS = r'(?i)\A\$P\$[./0-9A-Za-z]{31}\Z'`
Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own. All (hopefully) functionalities should still be working. Added two switches, --level and --risk to specify which injection tests and boundaries to use. The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work! 2010-11-28 21:10:54 +03:00
removing Kindle from list as it's not really a smartphone 2011-04-29 23:32:30 +04:00			`# Reference: http://www.zytrax.com/tech/web/mobile_ids.html`
implemented --mobile switch 2011-04-29 23:27:23 +04:00			`class MOBILES:`
Minor update 2012-10-30 13:30:22 +04:00			`BLACKBERRY = ("BlackBerry 9900", "Mozilla/5.0 (BlackBerry; U; BlackBerry 9900; en) AppleWebKit/534.11+ (KHTML, like Gecko) Version/7.1.0.346 Mobile Safari/534.11+")`
			`GALAXY = ("Samsung Galaxy S", "Mozilla/5.0 (Linux; U; Android 2.2; en-US; SGH-T959D Build/FROYO) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1")`
			`HP = ("HP iPAQ 6365", "Mozilla/4.0 (compatible; MSIE 4.01; Windows CE; PPC; 240x320; HP iPAQ h6300)")`
			`HTC = ("HTC Sensation", "Mozilla/5.0 (Linux; U; Android 4.0.3; de-ch; HTC Sensation Build/IML74K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30")`
			`IPHONE = ("Apple iPhone 4s", "Mozilla/5.0 (iPhone; CPU iPhone OS 5_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B179 Safari/7534.48.3")`
			`NEXUS = ("Google Nexus 7", "Mozilla/5.0 (Linux; Android 4.1.1; Nexus 7 Build/JRO03D) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.166 Safari/535.19")`
			`NOKIA = ("Nokia N97", "Mozilla/5.0 (SymbianOS/9.4; Series60/5.0 NokiaN97-1/10.0.012; Profile/MIDP-2.1 Configuration/CLDC-1.1; en-us) AppleWebKit/525 (KHTML, like Gecko) WicKed/7.1.12344")`
implemented --mobile switch 2011-04-29 23:27:23 +04:00
Minor style update 2012-11-28 13:59:15 +04:00			`class PROXY_TYPE:`
adding switch --tor-type 2011-12-16 03:19:55 +04:00			`HTTP = "HTTP"`
			`SOCKS4 = "SOCKS4"`
			`SOCKS5 = "SOCKS5"`

Preparation for an Issue #254 2012-11-28 13:58:18 +04:00			`class DUMP_FORMAT:`
			`CSV = "CSV"`
			`HTML = "HTML"`
			`SQLITE = "SQLITE"`

Update for consistency (all other enums are using _ in between words) 2013-03-20 14:10:24 +04:00			`class HTTP_HEADER:`
few bug fixes (NTLM credential parsing was wrong), some switch reordering (few Misc to General), implemented --check-waf switch (irony is that this will also be called highly experimental/unstable while other things will be called "major/turbo/super bug fix/implementation") 2011-07-06 09:44:47 +04:00			`ACCEPT = "Accept"`
minor refactoring 2011-11-29 23:17:07 +04:00			`ACCEPT_CHARSET = "Accept-Charset"`
Minor code restyling 2011-04-30 17:20:05 +04:00			`ACCEPT_ENCODING = "Accept-Encoding"`
minor refactoring 2011-11-29 23:17:07 +04:00			`ACCEPT_LANGUAGE = "Accept-Language"`
Minor code restyling 2011-04-30 17:20:05 +04:00			`AUTHORIZATION = "Authorization"`
minor refactoring 2011-11-29 23:17:07 +04:00			`CACHE_CONTROL = "Cache-Control"`
Minor code restyling 2011-04-30 17:20:05 +04:00			`CONNECTION = "Connection"`
			`CONTENT_ENCODING = "Content-Encoding"`
			`CONTENT_LENGTH = "Content-Length"`
			`CONTENT_RANGE = "Content-Range"`
			`CONTENT_TYPE = "Content-Type"`
			`COOKIE = "Cookie"`
implemented mechanism for merging cookies by request 2012-01-11 18:28:08 +04:00			`SET_COOKIE = "Set-Cookie"`
bug fix ('Host' header was being set to the conf.hostname for all getPages causing problems in some cases when retrieved page was not coming from that same Host) 2011-05-13 05:01:53 +04:00			`HOST = "Host"`
minor refactoring 2011-11-29 23:17:07 +04:00			`PRAGMA = "Pragma"`
			`PROXY_AUTHORIZATION = "Proxy-Authorization"`
			`PROXY_CONNECTION = "Proxy-Connection"`
Minor code restyling 2011-04-30 17:20:05 +04:00			`RANGE = "Range"`
			`REFERER = "Referer"`
Finalizing implementation for an Issue #290 2013-02-21 17:33:12 +04:00			`SERVER = "Server"`
Minor code restyling 2011-04-30 17:20:05 +04:00			`USER_AGENT = "User-Agent"`
Adding WAF script for SecureIIS 2013-02-22 00:34:26 +04:00			`TRANSFER_ENCODING = "Transfer-Encoding"`
Update for WAF scripts 2013-02-26 18:30:11 +04:00			`VIA = "Via"`
minor refactoring 2011-03-11 23:16:34 +03:00
minor refactoring 2010-12-10 15:30:36 +03:00			`class EXPECTED:`
Minor code restyling 2011-04-30 17:20:05 +04:00			`BOOL = "bool"`
			`INT = "int"`
minor refactoring 2010-12-10 15:30:36 +03:00
some refactoring 2011-12-28 17:50:03 +04:00			`class HASHDB_KEYS:`
lots of refactoring regarding removal of already obsolete session file mechanism 2012-06-21 14:09:10 +04:00			`DBMS = "DBMS"`
			`CONF_TMP_PATH = "CONF_TMP_PATH"`
some refactoring 2011-12-28 17:50:03 +04:00			`KB_ABS_FILE_PATHS = "KB_ABS_FILE_PATHS"`
			`KB_BRUTE_COLUMNS = "KB_BRUTE_COLUMNS"`
lots of refactoring regarding removal of already obsolete session file mechanism 2012-06-21 14:09:10 +04:00			`KB_BRUTE_TABLES = "KB_BRUTE_TABLES"`
			`KB_CHARS = "KB_CHARS"`
minor update 2012-02-28 18:04:13 +04:00			`KB_DYNAMIC_MARKINGS = "KB_DYNAMIC_MARKINGS"`
lots of refactoring regarding removal of already obsolete session file mechanism 2012-06-21 14:09:10 +04:00			`KB_INJECTIONS = "KB_INJECTIONS"`
			`KB_XP_CMDSHELL_AVAILABLE = "KB_XP_CMDSHELL_AVAILABLE"`
			`OS = "OS"`
some refactoring 2011-12-28 17:50:03 +04:00
update of redirection mechanism (now 3-state - redirected, original and "ignored" (containing redirection message itself)) 2011-12-05 02:42:19 +04:00			`class REDIRECTION:`
modifying redirection code for only two choices 2012-03-18 21:27:08 +04:00			`YES = "Y"`
			`NO = "N"`
update of redirection mechanism (now 3-state - redirected, original and "ignored" (containing redirection message itself)) 2011-12-05 02:42:19 +04:00
Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own. All (hopefully) functionalities should still be working. Added two switches, --level and --risk to specify which injection tests and boundaries to use. The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work! 2010-11-28 21:10:54 +03:00			`class PAYLOAD:`
			`SQLINJECTION = {`
Minor update 2013-01-04 02:38:29 +04:00			`1: "boolean-based blind",`
			`2: "error-based",`
			`3: "UNION query",`
			`4: "stacked queries",`
			`5: "AND/OR time-based blind",`
Minor style update (PEP8) 2013-01-10 18:02:28 +04:00			`6: "inline query",`
Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own. All (hopefully) functionalities should still be working. Added two switches, --level and --risk to specify which injection tests and boundaries to use. The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work! 2010-11-28 21:10:54 +03:00			`}`

			`PARAMETER = {`
Minor update 2013-01-04 02:38:29 +04:00			`1: "Unescaped numeric",`
			`2: "Single quoted string",`
			`3: "LIKE single quoted string",`
			`4: "Double quoted string",`
Minor style update (PEP8) 2013-01-10 18:02:28 +04:00			`5: "LIKE double quoted string",`
Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own. All (hopefully) functionalities should still be working. Added two switches, --level and --risk to specify which injection tests and boundaries to use. The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work! 2010-11-28 21:10:54 +03:00			`}`

			`RISK = {`
Minor update 2013-01-04 02:38:29 +04:00			`0: "No risk",`
			`1: "Low risk",`
			`2: "Medium risk",`
Minor style update (PEP8) 2013-01-10 18:02:28 +04:00			`3: "High risk",`
Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own. All (hopefully) functionalities should still be working. Added two switches, --level and --risk to specify which injection tests and boundaries to use. The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work! 2010-11-28 21:10:54 +03:00			`}`

			`CLAUSE = {`
Minor update 2013-01-04 02:38:29 +04:00			`0: "Always",`
			`1: "WHERE",`
			`2: "GROUP BY",`
			`3: "ORDER BY",`
			`4: "LIMIT",`
			`5: "OFFSET",`
			`6: "TOP",`
			`7: "Table name",`
Minor style update (PEP8) 2013-01-10 18:02:28 +04:00			`8: "Column name",`
Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own. All (hopefully) functionalities should still be working. Added two switches, --level and --risk to specify which injection tests and boundaries to use. The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work! 2010-11-28 21:10:54 +03:00			`}`
minor refactoring 2010-12-06 18:50:19 +03:00
			`class METHOD:`
Minor code restyling 2011-04-30 17:20:05 +04:00			`COMPARISON = "comparison"`
			`GREP = "grep"`
			`TIME = "time"`
			`UNION = "union"`
code beautification 2010-12-08 16:04:48 +03:00
			`class TECHNIQUE:`
			`BOOLEAN = 1`
			`ERROR = 2`
			`UNION = 3`
			`STACKED = 4`
			`TIME = 5`
Update for an Issue #278 2012-12-05 13:45:17 +04:00			`QUERY = 6`
adding WHERE enum for payloads 2011-02-02 16:34:09 +03:00
			`class WHERE:`
			`ORIGINAL = 1`
			`NEGATIVE = 2`
			`REPLACE = 3`
Implementation for an Issue #128 2012-10-05 12:24:09 +04:00
			`class WIZARD:`
			`BASIC = ("getBanner", "getCurrentUser", "getCurrentDb", "isDba")`
More appropriate naming (also, preventing ambiguities with --smart) 2013-05-22 23:21:43 +04:00			`INTERMEDIATE = ("getBanner", "getCurrentUser", "getCurrentDb", "isDba", "getUsers", "getDbs", "getTables", "getSchema", "excludeSysDbs")`
Implementation for an Issue #128 2012-10-05 12:24:09 +04:00			`ALL = ("getBanner", "getCurrentUser", "getCurrentDb", "isDba", "getHostname", "getUsers", "getPasswordHashes", "getPrivileges", "getRoles", "dumpAll")`
Implementation for an Issue #200 2012-10-09 17:19:47 +04:00
			`class ADJUST_TIME_DELAY:`
			`DISABLE = -1`
			`NO = 0`
			`YES = 1`
Minor refactoring 2012-10-29 13:48:49 +04:00
			`class WEB_API:`
			`PHP = "php"`
			`ASP = "asp"`
			`ASPX = "aspx"`
			`JSP = "jsp"`
major enhancement, code refactoring for issue #297 2013-01-29 05:39:27 +04:00
variable renamed 2013-01-30 19:30:34 +04:00			`class CONTENT_TYPE:`
major enhancement, code refactoring for issue #297 2013-01-29 05:39:27 +04:00			`TECHNIQUES = 0`
more data content types for API (issue #297) 2013-01-29 19:36:19 +04:00			`DBMS_FINGERPRINT = 1`
			`BANNER = 2`
			`CURRENT_USER = 3`
			`CURRENT_DB = 4`
			`HOSTNAME = 5`
			`IS_DBA = 6`
			`USERS = 7`
			`PASSWORDS = 8`
			`PRIVILEGES = 9`
			`ROLES = 10`
			`DBS = 11`
			`TABLES = 12`
			`COLUMNS = 13`
			`SCHEMA = 14`
			`COUNT = 15`
			`DUMP_TABLE = 16`
			`SEARCH = 17`
			`SQL_QUERY = 18`
			`COMMON_TABLES = 19`
			`COMMON_COLUMNS = 20`
			`FILE_READ = 21`
			`FILE_WRITE = 22`
			`OS_CMD = 23`
			`REG_READ = 24`
major enhancement, code refactoring for issue #297 2013-01-29 05:39:27 +04:00
first case where partial output is retrievable via RESTful API - issue #297 2013-02-05 18:43:03 +04:00			`PART_RUN_CONTENT_TYPES = {`
			`"checkDbms": CONTENT_TYPE.TECHNIQUES,`
			`"getFingerprint": CONTENT_TYPE.DBMS_FINGERPRINT,`
			`"getBanner": CONTENT_TYPE.BANNER,`
			`"getCurrentUser": CONTENT_TYPE.CURRENT_USER,`
			`"getCurrentDb": CONTENT_TYPE.CURRENT_DB,`
			`"getHostname": CONTENT_TYPE.HOSTNAME,`
			`"isDba": CONTENT_TYPE.IS_DBA,`
			`"getUsers": CONTENT_TYPE.USERS,`
			`"getPasswordHashes": CONTENT_TYPE.PASSWORDS,`
			`"getPrivileges": CONTENT_TYPE.PRIVILEGES,`
			`"getRoles": CONTENT_TYPE.ROLES,`
			`"getDbs": CONTENT_TYPE.DBS,`
			`"getTables": CONTENT_TYPE.TABLES,`
			`"getColumns": CONTENT_TYPE.COLUMNS,`
			`"getSchema": CONTENT_TYPE.SCHEMA,`
			`"getCount": CONTENT_TYPE.COUNT,`
			`"dumpTable": CONTENT_TYPE.DUMP_TABLE,`
			`"search": CONTENT_TYPE.SEARCH,`
			`"sqlQuery": CONTENT_TYPE.SQL_QUERY,`
			`"tableExists": CONTENT_TYPE.COMMON_TABLES,`
			`"columnExists": CONTENT_TYPE.COMMON_COLUMNS,`
			`"readFile": CONTENT_TYPE.FILE_READ,`
			`"writeFile": CONTENT_TYPE.FILE_WRITE,`
			`"osCmd": CONTENT_TYPE.OS_CMD,`
			`"regRead": CONTENT_TYPE.REG_READ`
			`}`

improvement to restful API to store to IPC database partial entries, not yet functional (issue #297) 2013-02-03 15:31:05 +04:00			`class CONTENT_STATUS:`
major enhancement, code refactoring for issue #297 2013-01-29 05:39:27 +04:00			`IN_PROGRESS = 0`
			`COMPLETE = 1`
Minor fix (digest live test case) and some refactoring 2013-03-13 00:16:44 +04:00
			`class AUTH_TYPE:`
			`BASIC = "basic"`
			`DIGEST = "digest"`
			`NTLM = "ntlm"`
Consistency fix 2013-05-20 01:00:40 +04:00			`CERT = "cert"`