sqlmap/plugins/generic/enumeration.py

#!/usr/bin/env python

"""
Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission
"""

from lib.core.common import Backend
from lib.core.common import unArrayizeValue
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.data import queries
from lib.core.enums import DBMS
from lib.core.session import setOs
from lib.parse.banner import bannerParser
from lib.request import inject
from plugins.generic.custom import Custom
from plugins.generic.databases import Databases
from plugins.generic.entries import Entries
from plugins.generic.search import Search
from plugins.generic.users import Users

class Enumeration(Custom, Databases, Entries, Search, Users):
    """
    This class defines generic enumeration functionalities for plugins.
    """

    def __init__(self):
        kb.data.has_information_schema = False
        kb.data.banner = None
        kb.data.hostname = ""
        kb.data.processChar = None
        kb.data.characterSet = None

        Custom.__init__(self)
        Databases.__init__(self)
        Entries.__init__(self)
        Search.__init__(self)
        Users.__init__(self)

    def getBanner(self):
        if not conf.getBanner:
            return

        if kb.data.banner is None:
            infoMsg = "fetching banner"
            logger.info(infoMsg)

            if Backend.isDbms(DBMS.DB2):
                rootQuery = queries[DBMS.DB2].banner
                for query in (rootQuery.query, rootQuery.query2):
                    kb.data.banner = unArrayizeValue(inject.getValue(query, safeCharEncode=False))
                    if kb.data.banner:
                        break
            else:
                query = queries[Backend.getIdentifiedDbms()].banner.query
                kb.data.banner = unArrayizeValue(inject.getValue(query, safeCharEncode=False))

            bannerParser(kb.data.banner)

            if conf.os and conf.os == "windows":
                kb.bannerFp["type"] = set(["Windows"])

            elif conf.os and conf.os == "linux":
                kb.bannerFp["type"] = set(["Linux"])

            elif conf.os:
                kb.bannerFp["type"] = set(["%s%s" % (conf.os[0].upper(), conf.os[1:])])

            if conf.os:
                setOs()

        return kb.data.banner

    def getHostname(self):
        infoMsg = "fetching server hostname"
        logger.info(infoMsg)

        query = queries[Backend.getIdentifiedDbms()].hostname.query

        if not kb.data.hostname:
            kb.data.hostname = unArrayizeValue(inject.getValue(query, safeCharEncode=False))

        return kb.data.hostname
reverted a previous commit as not all distributions create a link file /usr/bin/python2 to the Python interpreter 2013-02-14 15:32:17 +04:00			`#!/usr/bin/env python`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
			`"""`
Update of copyright string 2016-01-06 02:06:12 +03:00			`Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)`
sorry, cosmetics 2010-10-15 03:18:29 +04:00			`See the file 'doc/COPYING' for copying permission`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`"""`

refactoring (class names should always be Capital cased) 2011-01-28 19:36:09 +03:00			`from lib.core.common import Backend`
fix for a bug reported by nightman (AttributeError: 'list' object has no attribute 'split') 2011-03-07 12:50:43 +03:00			`from lib.core.common import unArrayizeValue`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`from lib.core.data import conf`
			`from lib.core.data import kb`
			`from lib.core.data import logger`
			`from lib.core.data import queries`
further refactoring (all enumerations are now put into enums.py) 2010-11-08 12:20:02 +03:00			`from lib.core.enums import DBMS`
Updated to sqlmap 0.7 release candidate 1 2009-04-22 15:48:07 +04:00			`from lib.core.session import setOs`
Major enhancement to the engine to parse XML files and matches on DBMS banner and HTTP response headers. Initial web application technology fingerprint (for the moment based only on X-Powered-By HTTP response header and not shown yet to the user). Minor layout adjustments. 2008-11-17 20:41:02 +03:00			`from lib.parse.banner import bannerParser`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`from lib.request import inject`
plugin refactoring - issue #22 2012-07-20 22:17:35 +04:00			`from plugins.generic.custom import Custom`
			`from plugins.generic.databases import Databases`
			`from plugins.generic.entries import Entries`
			`from plugins.generic.search import Search`
			`from plugins.generic.users import Users`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
plugin refactoring - issue #22 2012-07-20 22:17:35 +04:00			`class Enumeration(Custom, Databases, Entries, Search, Users):`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`"""`
			`This class defines generic enumeration functionalities for plugins.`
			`"""`

Minor bug fix - restored of so called kb.misc.testedDbms (now kb.misc.fpDbms) to force the DBMS (only) during the fingerprint phase 2011-01-14 14:55:20 +03:00			`def __init__(self):`
Updated to sqlmap 0.7 release candidate 1 2009-04-22 15:48:07 +04:00			`kb.data.has_information_schema = False`
Minor code restyling 2011-04-30 17:20:05 +04:00			`kb.data.banner = None`
added --hostname switch to retrieve DBMS server hostname - closes issue #69 2012-07-12 03:01:57 +04:00			`kb.data.hostname = ""`
Minor code restyling 2011-04-30 17:20:05 +04:00			`kb.data.processChar = None`
Another update related to the #1539 2015-11-16 17:33:05 +03:00			`kb.data.characterSet = None`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
plugin refactoring - issue #22 2012-07-20 22:17:35 +04:00			`Custom.__init__(self)`
			`Databases.__init__(self)`
			`Entries.__init__(self)`
			`Search.__init__(self)`
			`Users.__init__(self)`

After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`def getBanner(self):`
Updated to sqlmap 0.7 release candidate 1 2009-04-22 15:48:07 +04:00			`if not conf.getBanner:`
			`return`

minor fix 2010-12-27 19:55:27 +03:00			`if kb.data.banner is None:`
			`infoMsg = "fetching banner"`
			`logger.info(infoMsg)`
Newline adjustment 2010-03-04 17:23:52 +03:00
bug fix 2012-02-08 17:55:50 +04:00			`if Backend.isDbms(DBMS.DB2):`
			`rootQuery = queries[DBMS.DB2].banner`
			`for query in (rootQuery.query, rootQuery.query2):`
			`kb.data.banner = unArrayizeValue(inject.getValue(query, safeCharEncode=False))`
			`if kb.data.banner:`
			`break`
Added DB2 support - patch provided by Sebastian Bittig 2011-06-25 13:44:24 +04:00			`else:`
			`query = queries[Backend.getIdentifiedDbms()].banner.query`
			`kb.data.banner = unArrayizeValue(inject.getValue(query, safeCharEncode=False))`

Updated to sqlmap 0.7 release candidate 1 2009-04-22 15:48:07 +04:00			`bannerParser(kb.data.banner)`

minor fix 2010-12-27 19:55:27 +03:00			`if conf.os and conf.os == "windows":`
minor code restyling 2012-02-22 19:53:36 +04:00			`kb.bannerFp["type"] = set(["Windows"])`
Updated to sqlmap 0.7 release candidate 1 2009-04-22 15:48:07 +04:00
minor fix 2010-12-27 19:55:27 +03:00			`elif conf.os and conf.os == "linux":`
minor code restyling 2012-02-22 19:53:36 +04:00			`kb.bannerFp["type"] = set(["Linux"])`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
minor fix 2010-12-27 19:55:27 +03:00			`elif conf.os:`
minor code restyling 2012-02-22 19:53:36 +04:00			`kb.bannerFp["type"] = set(["%s%s" % (conf.os[0].upper(), conf.os[1:])])`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
minor fix 2011-01-02 11:01:01 +03:00			`if conf.os:`
			`setOs()`
Updated to sqlmap 0.7 release candidate 1 2009-04-22 15:48:07 +04:00
			`return kb.data.banner`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
added --hostname switch to retrieve DBMS server hostname - closes issue #69 2012-07-12 03:01:57 +04:00			`def getHostname(self):`
			`infoMsg = "fetching server hostname"`
			`logger.info(infoMsg)`

			`query = queries[Backend.getIdentifiedDbms()].hostname.query`

			`if not kb.data.hostname:`
			`kb.data.hostname = unArrayizeValue(inject.getValue(query, safeCharEncode=False))`

			`return kb.data.hostname`