2019-05-08 13:47:52 +03:00
#!/usr/bin/env python
2008-10-15 19:38:22 +04:00
"""
2020-12-31 13:46:27 +03:00
Copyright ( c ) 2006 - 2021 sqlmap developers ( http : / / sqlmap . org / )
2017-10-11 15:50:46 +03:00
See the file ' LICENSE ' for copying permission
2008-10-15 19:38:22 +04:00
"""
2019-03-27 02:58:12 +03:00
import codecs
2010-05-21 16:09:31 +04:00
import os
2016-09-29 16:59:28 +03:00
import random
2012-07-01 03:19:54 +04:00
import re
import string
2008-10-15 19:38:22 +04:00
import sys
2021-04-28 19:06:15 +03:00
import time
2008-10-15 19:38:22 +04:00
2011-01-15 18:14:22 +03:00
from lib . core . enums import DBMS
2012-02-16 13:32:47 +04:00
from lib . core . enums import DBMS_DIRECTORY_NAME
2013-05-09 16:26:29 +04:00
from lib . core . enums import OS
2021-06-08 22:48:43 +03:00
from thirdparty import six
2019-05-15 11:57:22 +03:00
from thirdparty . six import unichr as _unichr
2010-10-19 12:55:14 +04:00
2016-03-17 18:38:39 +03:00
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
2021-07-19 14:58:54 +03:00
VERSION = " 1.5.7.6 "
2016-08-02 12:50:42 +03:00
TYPE = " dev " if VERSION . count ( ' . ' ) > 2 and VERSION . split ( ' . ' ) [ - 1 ] != ' 0 ' else " stable "
TYPE_COLORS = { " dev " : 33 , " stable " : 90 , " pip " : 34 }
2016-09-02 15:25:56 +03:00
VERSION_STRING = " sqlmap/ %s # %s " % ( ' . ' . join ( VERSION . split ( ' . ' ) [ : - 1 ] ) if VERSION . count ( ' . ' ) > 2 and VERSION . split ( ' . ' ) [ - 1 ] == ' 0 ' else VERSION , TYPE )
2011-04-30 17:20:05 +04:00
DESCRIPTION = " automatic SQL injection and database takeover tool "
2012-07-03 16:14:39 +04:00
SITE = " http://sqlmap.org "
2018-11-29 02:09:05 +03:00
DEFAULT_USER_AGENT = " %s ( %s ) " % ( VERSION_STRING , SITE )
2017-10-31 12:10:22 +03:00
DEV_EMAIL_ADDRESS = " dev@sqlmap.org "
2012-07-05 19:26:50 +04:00
ISSUES_PAGE = " https://github.com/sqlmapproject/sqlmap/issues/new "
2018-03-13 12:37:13 +03:00
GIT_REPOSITORY = " https://github.com/sqlmapproject/sqlmap.git "
2014-10-01 16:23:45 +04:00
GIT_PAGE = " https://github.com/sqlmapproject/sqlmap "
2019-11-21 13:36:13 +03:00
WIKI_PAGE = " https://github.com/sqlmapproject/sqlmap/wiki/ "
2018-03-14 15:36:10 +03:00
ZIPBALL_PAGE = " https://github.com/sqlmapproject/sqlmap/zipball/master "
2008-10-15 19:38:22 +04:00
2014-08-20 00:19:22 +04:00
# colorful banner
2016-09-29 16:59:28 +03:00
BANNER = """ \033 [01;33m \
___
__H__
___ ___ [ . ] _____ ___ ___ \033 [ 01 ; 37 m { \033 [ 01 ; % dm % s \033 [ 01 ; 37 m } \033 [ 01 ; 33 m
| _ - | . [ . ] | . ' | . |
| ___ | _ [ . ] _ | _ | _ | __ , | _ |
2019-01-09 17:12:16 +03:00
| _ | V . . . | _ | \033 [ 0 m \033 [ 4 ; 37 m % s \033 [ 0 m \n
2016-08-02 12:50:42 +03:00
""" % (TYPE_COLORS.get(TYPE, 31), VERSION_STRING.split( ' / ' )[-1], SITE)
2014-08-20 00:19:22 +04:00
2012-10-02 16:23:58 +04:00
# Minimum distance of ratio from kb.matchRatio to result in True
2011-04-30 17:20:05 +04:00
DIFF_TOLERANCE = 0.05
CONSTANT_RATIO = 0.9
2010-11-10 01:32:05 +03:00
2018-09-14 11:01:31 +03:00
# Ratio used in heuristic check for WAF/IPS protected targets
2019-06-04 15:44:06 +03:00
IPS_WAF_CHECK_RATIO = 0.5
2015-01-06 16:01:47 +03:00
2018-09-14 11:01:31 +03:00
# Timeout used in heuristic check for WAF/IPS protected targets
2019-06-04 15:44:06 +03:00
IPS_WAF_CHECK_TIMEOUT = 10
2015-09-21 14:23:56 +03:00
2020-10-29 15:51:11 +03:00
# Timeout used in checking for existence of live-cookies file
LIVE_COOKIES_TIMEOUT = 120
2012-10-02 16:23:58 +04:00
# Lower and upper values for match ratio in case of stable page
2011-01-03 11:32:06 +03:00
LOWER_RATIO_BOUND = 0.02
UPPER_RATIO_BOUND = 0.98
2012-10-02 16:23:58 +04:00
# Markers for special cases when parameter values contain html encoded characters
2012-02-14 18:08:10 +04:00
PARAMETER_AMP_MARKER = " __AMP__ "
PARAMETER_SEMICOLON_MARKER = " __SEMICOLON__ "
2015-06-16 23:20:21 +03:00
BOUNDARY_BACKSLASH_MARKER = " __BACKSLASH__ "
2020-01-17 19:14:41 +03:00
PARAMETER_PERCENTAGE_MARKER = " __PERCENTAGE__ "
2013-01-25 19:38:41 +04:00
PARTIAL_VALUE_MARKER = " __PARTIAL_VALUE__ "
PARTIAL_HEX_VALUE_MARKER = " __PARTIAL_HEX_VALUE__ "
2011-02-04 15:43:18 +03:00
URI_QUESTION_MARKER = " __QUESTION_MARK__ "
2012-11-14 18:54:24 +04:00
ASTERISK_MARKER = " __ASTERISK_MARK__ "
2013-02-13 15:24:42 +04:00
REPLACEMENT_MARKER = " __REPLACEMENT_MARK__ "
2020-09-04 14:16:50 +03:00
BOUNDED_BASE64_MARKER = " __BOUNDED_BASE64_MARK__ "
2016-04-29 15:19:32 +03:00
BOUNDED_INJECTION_MARKER = " __BOUNDED_INJECTION_MARK__ "
2017-10-10 17:08:13 +03:00
SAFE_VARIABLE_MARKER = " __SAFE__ "
2019-04-17 18:19:22 +03:00
SAFE_HEX_MARKER = " __SAFE_HEX__ "
2020-06-24 12:41:51 +03:00
DOLLAR_MARKER = " __DOLLAR__ "
2011-02-04 15:43:18 +03:00
2016-01-09 19:32:19 +03:00
RANDOM_INTEGER_MARKER = " [RANDINT] "
RANDOM_STRING_MARKER = " [RANDSTR] "
2016-09-27 11:32:22 +03:00
SLEEP_TIME_MARKER = " [SLEEPTIME] "
2017-09-21 15:35:24 +03:00
INFERENCE_MARKER = " [INFERENCE] "
2018-10-16 13:23:07 +03:00
SINGLE_QUOTE_MARKER = " [SINGLE_QUOTE] "
2020-01-23 01:41:06 +03:00
GENERIC_SQL_COMMENT_MARKER = " [GENERIC_SQL_COMMENT] "
2016-01-09 19:32:19 +03:00
2013-10-18 01:42:51 +04:00
PAYLOAD_DELIMITER = " __PAYLOAD_DELIMITER__ "
2010-12-10 14:32:46 +03:00
CHAR_INFERENCE_MARK = " %c "
2013-02-04 18:49:29 +04:00
PRINTABLE_CHAR_REGEX = r " [^ \ x00- \ x1f \ x7f- \ xff] "
2010-12-11 13:52:04 +03:00
2016-05-31 12:08:23 +03:00
# Regular expression used for extraction of table names (useful for (e.g.) MsAccess)
2017-11-09 15:56:01 +03:00
SELECT_FROM_TABLE_REGEX = r " \ bSELECT \ b.+? \ bFROM \ s+(?P<result>([ \ w.]|`[^`<>]+`)+) "
2016-05-31 12:08:23 +03:00
2014-08-21 01:42:40 +04:00
# Regular expression used for recognition of textual content-type
TEXT_CONTENT_TYPE_REGEX = r " (?i)(text|form|message|xml|javascript|ecmascript|json) "
2012-10-02 16:23:58 +04:00
# Regular expression used for recognition of generic permission messages
2018-03-16 16:20:43 +03:00
PERMISSION_DENIED_REGEX = r " (?P<result>(command|permission|access) \ s*(was|is)? \ s*denied) "
2012-10-02 15:36:15 +04:00
2017-12-13 17:31:35 +03:00
# Regular expression used in recognition of generic protection mechanisms
GENERIC_PROTECTION_REGEX = r " (?i) \ b(rejected|blocked|protection|incident|denied|detected|dangerous|firewall) \ b "
2020-03-02 14:43:12 +03:00
# Regular expression used to detect errors in fuzz(y) UNION test
FUZZ_UNION_ERROR_REGEX = r " (?i)data \ s?type|comparable|compatible|conversion|converting|failed|error "
# Upper threshold for starting the fuzz(y) UNION test
FUZZ_UNION_MAX_COLUMNS = 10
2012-10-02 16:23:58 +04:00
# Regular expression used for recognition of generic maximum connection messages
2021-05-19 19:20:39 +03:00
MAX_CONNECTIONS_REGEX = r " \ bmax. { 1,100} \ bconnection "
2012-10-02 15:36:15 +04:00
2016-10-02 12:13:40 +03:00
# Maximum consecutive connection errors before asking the user if he wants to continue
MAX_CONSECUTIVE_CONNECTION_ERRORS = 15
2016-07-15 01:33:33 +03:00
# Timeout before the pre-connection candidate is being disposed (because of high probability that the web server will reset it)
PRECONNECT_CANDIDATE_TIMEOUT = 10
2018-09-05 00:01:17 +03:00
# Servers known to cause issue with pre-connection mechanism (because of lack of multi-threaded support)
2019-03-29 13:04:58 +03:00
PRECONNECT_INCOMPATIBLE_SERVERS = ( " SimpleHTTP " , " BaseHTTP " )
2018-09-05 00:01:17 +03:00
2019-05-28 15:12:35 +03:00
# Identify WAF/IPS inside limited number of responses (Note: for optimization purposes)
IDENTYWAF_PARSE_LIMIT = 10
2016-09-27 15:03:59 +03:00
# Maximum sleep time in "Murphy" (testing) mode
MAX_MURPHY_SLEEP_TIME = 3
2013-11-25 23:57:07 +04:00
# Regular expression used for extracting results from Google search
2015-11-08 18:37:46 +03:00
GOOGLE_REGEX = r " webcache \ .googleusercontent \ .com/search \ ?q=cache:[^:]+:([^+]+) \ +&cd=|url \ ? \ w+=((?![^>]+webcache \ .googleusercontent \ .com)http[^>]+)&(sa=U|rct=j) "
2012-04-11 01:48:34 +04:00
2021-04-28 19:06:15 +03:00
# Google Search consent cookie
GOOGLE_CONSENT_COOKIE = " CONSENT=YES+shp.gws- %s -0-RC1. %s +FX+740 " % ( time . strftime ( " % Y % m %d " ) , " " . join ( random . sample ( string . ascii_lowercase , 2 ) ) )
2013-11-25 23:57:07 +04:00
# Regular expression used for extracting results from DuckDuckGo search
2019-01-17 17:06:00 +03:00
DUCKDUCKGO_REGEX = r ' <a class= " result__url " href= " (htt[^ " ]+) '
2013-11-25 23:57:07 +04:00
2017-10-09 15:25:08 +03:00
# Regular expression used for extracting results from Bing search
BING_REGEX = r ' <h2><a href= " ([^ " ]+) " h= '
2015-08-31 11:24:05 +03:00
# Dummy user agent for search (if default one returns different results)
2016-10-21 14:05:45 +03:00
DUMMY_SEARCH_USER_AGENT = " Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0 "
2015-08-31 11:24:05 +03:00
2012-10-02 16:23:58 +04:00
# Regular expression used for extracting content from "textual" tags
2012-04-11 01:48:34 +04:00
TEXT_TAG_REGEX = r " (?si)<(abbr|acronym|b|blockquote|br|center|cite|code|dt|em|font|h \ d|i|li|p|pre|q|strong|sub|sup|td|th|title|tt|u)(?! \ w).*?>(?P<result>[^<]+) "
2012-02-20 14:02:19 +04:00
2013-05-09 16:26:29 +04:00
# Regular expression used for recognition of IP addresses
2017-02-28 16:00:42 +03:00
IP_ADDRESS_REGEX = r " \ b(([0-9]|[1-9][0-9]|1[0-9] {2} |2[0-4][0-9]|25[0-5]) \ .) {3} ([0-9]|[1-9][0-9]|1[0-9] {2} |2[0-4][0-9]|25[0-5]) \ b "
2013-05-09 16:26:29 +04:00
2014-12-03 12:06:21 +03:00
# Regular expression used for recognition of generic "your ip has been blocked" messages
BLOCKED_IP_REGEX = r " (?i)( \ A| \ b)ip \ b.* \ b(banned|blocked|block list|firewall) "
2012-10-02 16:23:58 +04:00
# Dumping characters used in GROUP_CONCAT MySQL technique
2011-04-30 17:20:05 +04:00
CONCAT_ROW_DELIMITER = ' , '
CONCAT_VALUE_DELIMITER = ' | '
2011-02-15 03:28:27 +03:00
2012-10-02 16:23:58 +04:00
# Coefficient used for a time-based query delay checking (must be >= 7)
2011-08-12 21:19:19 +04:00
TIME_STDEV_COEFF = 7
2011-01-16 20:52:42 +03:00
2013-01-30 00:06:02 +04:00
# Minimum response time that can be even considered as delayed (not a complete requirement)
MIN_VALID_DELAYED_RESPONSE = 0.5
2012-10-02 16:23:58 +04:00
# Standard deviation after which a warning message should be displayed about connection lags
2011-04-19 14:37:20 +04:00
WARN_TIME_STDEV = 0.5
2012-10-02 16:23:58 +04:00
# Minimum length of usable union injected response (quick defense against substr fields)
2011-03-31 13:35:09 +04:00
UNION_MIN_RESPONSE_CHARS = 10
2012-10-02 16:23:58 +04:00
# Coefficient used for a union-based number of columns checking (must be >= 7)
2011-02-02 14:22:35 +03:00
UNION_STDEV_COEFF = 7
2012-10-02 16:23:58 +04:00
# Length of queue for candidates for time delay adjustment
2011-01-16 20:52:42 +03:00
TIME_DELAY_CANDIDATES = 3
2012-10-02 16:23:58 +04:00
# Default value for HTTP Accept header
2016-09-29 11:44:00 +03:00
HTTP_ACCEPT_HEADER_VALUE = " */* "
2011-07-06 09:44:47 +04:00
2012-10-02 16:23:58 +04:00
# Default value for HTTP Accept-Encoding header
2012-07-23 16:14:22 +04:00
HTTP_ACCEPT_ENCODING_HEADER_VALUE = " gzip,deflate "
2013-03-19 22:24:14 +04:00
# Default timeout for running commands over backdoor
BACKDOOR_RUN_CMD_TIMEOUT = 5
2011-02-22 16:00:58 +03:00
2016-05-17 14:54:42 +03:00
# Number of seconds to wait for thread finalization at program end
THREAD_FINALIZATION_TIMEOUT = 1
2012-10-02 16:23:58 +04:00
# Maximum number of techniques used in inject.py/getValue() per one value
2010-12-21 18:26:23 +03:00
MAX_TECHNIQUES_PER_VALUE = 2
2010-12-21 18:24:14 +03:00
2013-12-27 12:40:33 +04:00
# In case of missing piece of partial union dump, buffered array must be flushed after certain size
MAX_BUFFERED_PARTIAL_UNION_LENGTH = 1024
2019-01-30 01:44:58 +03:00
# Maximum size of cache used in @cachedmethod decorator
MAX_CACHE_ITEMS = 256
2012-10-02 16:23:58 +04:00
# Suffix used for naming meta databases in DBMS(es) without explicit database name
2011-01-16 20:52:42 +03:00
METADB_SUFFIX = " _masterdb "
2010-12-12 01:13:19 +03:00
2016-03-17 18:23:28 +03:00
# Number of times to retry the pushValue during the exceptions (e.g. KeyboardInterrupt)
PUSH_VALUE_EXCEPTION_RETRY_COUNT = 3
2012-10-02 16:23:58 +04:00
# Minimum time response set needed for time-comparison based on standard deviation
2014-03-03 23:49:58 +04:00
MIN_TIME_RESPONSES = 30
2010-12-08 15:49:26 +03:00
2018-11-22 10:07:27 +03:00
# Maximum time response set used during time-comparison based on standard deviation
MAX_TIME_RESPONSES = 200
2012-10-02 16:23:58 +04:00
# Minimum comparison ratio set needed for searching valid union column number based on standard deviation
2011-02-02 16:03:24 +03:00
MIN_UNION_RESPONSES = 5
2012-10-02 16:23:58 +04:00
# After these number of blanks at the end inference should stop (just in case)
2019-02-07 18:45:16 +03:00
INFERENCE_BLANK_BREAK = 5
2010-12-11 13:52:04 +03:00
2012-10-02 16:23:58 +04:00
# Use this replacement character for cases when inference is not able to retrieve the proper character value
2011-01-17 13:15:19 +03:00
INFERENCE_UNKNOWN_CHAR = ' ? '
2012-10-02 16:23:58 +04:00
# Character used for operation "greater" in inference
2011-01-31 18:00:41 +03:00
INFERENCE_GREATER_CHAR = " > "
2017-09-21 15:35:24 +03:00
# Character used for operation "greater or equal" in inference
INFERENCE_GREATER_EQUALS_CHAR = " >= "
2012-10-02 16:23:58 +04:00
# Character used for operation "equals" in inference
2011-01-31 18:00:41 +03:00
INFERENCE_EQUALS_CHAR = " = "
2012-10-02 16:23:58 +04:00
# Character used for operation "not-equals" in inference
2011-01-31 19:07:23 +03:00
INFERENCE_NOT_EQUALS_CHAR = " != "
2015-02-21 15:57:49 +03:00
# String used for representation of unknown DBMS
2013-01-25 15:34:57 +04:00
UNKNOWN_DBMS = " Unknown "
2015-02-21 15:57:49 +03:00
# String used for representation of unknown DBMS version
2010-12-21 18:13:13 +03:00
UNKNOWN_DBMS_VERSION = " Unknown "
2017-11-19 04:16:52 +03:00
# Dynamicity boundary length used in dynamicity removal engine
DYNAMICITY_BOUNDARY_LENGTH = 20
2010-12-24 14:06:57 +03:00
2012-10-02 16:23:58 +04:00
# Dummy user prefix used in dictionary attack
2011-01-17 13:23:37 +03:00
DUMMY_USER_PREFIX = " __dummy__ "
# Reference: http://en.wikipedia.org/wiki/ISO/IEC_8859-1
DEFAULT_PAGE_ENCODING = " iso-8859-1 "
2010-12-27 13:56:28 +03:00
2017-12-06 15:42:15 +03:00
try :
2019-03-27 02:58:12 +03:00
codecs . lookup ( DEFAULT_PAGE_ENCODING )
2017-12-06 15:42:15 +03:00
except LookupError :
DEFAULT_PAGE_ENCODING = " utf8 "
2019-03-15 17:36:13 +03:00
# Marker for program piped input
STDIN_PIPE_DASH = ' - '
2013-02-28 23:20:08 +04:00
# URL used in dummy runs
DUMMY_URL = " http://foo/bar?id=1 "
2019-11-28 15:53:47 +03:00
# Timeout used during initial websocket (pull) testing
WEBSOCKET_INITIAL_TIMEOUT = 3
2012-10-02 16:23:58 +04:00
# The name of the operating system dependent module imported. The following names have currently been registered: 'posix', 'nt', 'mac', 'os2', 'ce', 'java', 'riscos'
2011-04-30 17:20:05 +04:00
PLATFORM = os . name
PYVERSION = sys . version . split ( ) [ 0 ]
2019-03-27 02:58:12 +03:00
IS_WIN = PLATFORM == " nt "
2009-04-22 15:48:07 +04:00
2019-05-21 15:37:55 +03:00
# Check if running in terminal
2020-05-04 11:45:39 +03:00
IS_TTY = hasattr ( sys . stdout , " fileno " ) and os . isatty ( sys . stdout . fileno ( ) )
2019-05-21 15:37:55 +03:00
2013-08-20 20:36:31 +04:00
# DBMS system databases
2019-08-23 10:49:16 +03:00
MSSQL_SYSTEM_DBS = ( " Northwind " , " master " , " model " , " msdb " , " pubs " , " tempdb " , " Resource " , " ReportServer " , " ReportServerTempDB " )
2019-01-23 22:58:53 +03:00
MYSQL_SYSTEM_DBS = ( " information_schema " , " mysql " , " performance_schema " , " sys " )
2016-10-05 18:58:35 +03:00
PGSQL_SYSTEM_DBS = ( " information_schema " , " pg_catalog " , " pg_toast " , " pgagent " )
Update Orcale System Databases in settings.py (#3996)
Adding the following system schemas to the list of Oracle System Schemas:
ADAMS, JONES, CLARK, BLAKE, DEMO, AURORA$ORB$UNAUTHENTICATED, AWR_STAGE, CSMIG, DSSYS, PERFSTAT, TRACESVR, TSMSYS
http://www.orafaq.com/wiki/List_of_default_database_users
2019-11-03 02:18:11 +03:00
ORACLE_SYSTEM_DBS = ( " ADAMS " , " ANONYMOUS " , " APEX_030200 " , " APEX_PUBLIC_USER " , " APPQOSSYS " , " AURORA$ORB$UNAUTHENTICATED " , " AWR_STAGE " , " BI " , " BLAKE " , " CLARK " , " CSMIG " , " CTXSYS " , " DBSNMP " , " DEMO " , " DIP " , " DMSYS " , " DSSYS " , " EXFSYS " , " FLOWS_ % " , " FLOWS_FILES " , " HR " , " IX " , " JONES " , " LBACSYS " , " MDDATA " , " MDSYS " , " MGMT_VIEW " , " OC " , " OE " , " OLAPSYS " , " ORACLE_OCM " , " ORDDATA " , " ORDPLUGINS " , " ORDSYS " , " OUTLN " , " OWBSYS " , " PAPER " , " PERFSTAT " , " PM " , " SCOTT " , " SH " , " SI_INFORMTN_SCHEMA " , " SPATIAL_CSW_ADMIN_USR " , " SPATIAL_WFS_ADMIN_USR " , " SYS " , " SYSMAN " , " SYSTEM " , " TRACESVR " , " TSMSYS " , " WK_TEST " , " WKPROXY " , " WKSYS " , " WMSYS " , " XDB " , " XS$NULL " )
2013-01-09 18:38:41 +04:00
SQLITE_SYSTEM_DBS = ( " sqlite_master " , " sqlite_temp_master " )
2016-10-05 18:58:35 +03:00
ACCESS_SYSTEM_DBS = ( " MSysAccessObjects " , " MSysACEs " , " MSysObjects " , " MSysQueries " , " MSysRelationships " , " MSysAccessStorage " , " MSysAccessXML " , " MSysModules " , " MSysModules2 " )
FIREBIRD_SYSTEM_DBS = ( " RDB$BACKUP_HISTORY " , " RDB$CHARACTER_SETS " , " RDB$CHECK_CONSTRAINTS " , " RDB$COLLATIONS " , " RDB$DATABASE " , " RDB$DEPENDENCIES " , " RDB$EXCEPTIONS " , " RDB$FIELDS " , " RDB$FIELD_DIMENSIONS " , " RDB$FILES " , " RDB$FILTERS " , " RDB$FORMATS " , " RDB$FUNCTIONS " , " RDB$FUNCTION_ARGUMENTS " , " RDB$GENERATORS " , " RDB$INDEX_SEGMENTS " , " RDB$INDICES " , " RDB$LOG_FILES " , " RDB$PAGES " , " RDB$PROCEDURES " , " RDB$PROCEDURE_PARAMETERS " , " RDB$REF_CONSTRAINTS " , " RDB$RELATIONS " , " RDB$RELATION_CONSTRAINTS " , " RDB$RELATION_FIELDS " , " RDB$ROLES " , " RDB$SECURITY_CLASSES " , " RDB$TRANSACTIONS " , " RDB$TRIGGERS " , " RDB$TRIGGER_MESSAGES " , " RDB$TYPES " , " RDB$USER_PRIVILEGES " , " RDB$VIEW_RELATIONS " )
2013-01-09 18:38:41 +04:00
MAXDB_SYSTEM_DBS = ( " SYSINFO " , " DOMAIN " )
SYBASE_SYSTEM_DBS = ( " master " , " model " , " sybsystemdb " , " sybsystemprocs " )
2016-10-05 18:58:35 +03:00
DB2_SYSTEM_DBS = ( " NULLID " , " SQLJ " , " SYSCAT " , " SYSFUN " , " SYSIBM " , " SYSIBMADM " , " SYSIBMINTERNAL " , " SYSIBMTS " , " SYSPROC " , " SYSPUBLIC " , " SYSSTAT " , " SYSTOOLS " )
2013-07-01 13:57:47 +04:00
HSQLDB_SYSTEM_DBS = ( " INFORMATION_SCHEMA " , " SYSTEM_LOB " )
2020-02-03 15:47:31 +03:00
H2_SYSTEM_DBS = ( " INFORMATION_SCHEMA " , ) + ( " IGNITE " , " ignite-sys-cache " )
2016-09-23 13:31:28 +03:00
INFORMIX_SYSTEM_DBS = ( " sysmaster " , " sysutils " , " sysuser " , " sysadmin " )
2020-01-17 19:14:41 +03:00
MONETDB_SYSTEM_DBS = ( " tmp " , " json " , " profiler " )
2020-01-20 17:33:45 +03:00
DERBY_SYSTEM_DBS = ( " NULLID " , " SQLJ " , " SYS " , " SYSCAT " , " SYSCS_DIAG " , " SYSCS_UTIL " , " SYSFUN " , " SYSIBM " , " SYSPROC " , " SYSSTAT " )
2020-01-21 17:40:59 +03:00
VERTICA_SYSTEM_DBS = ( " v_catalog " , " v_internal " , " v_monitor " , )
2020-01-23 01:41:06 +03:00
MCKOI_SYSTEM_DBS = ( " " , )
2020-01-23 18:59:02 +03:00
PRESTO_SYSTEM_DBS = ( " information_schema " , )
2020-01-27 19:32:31 +03:00
ALTIBASE_SYSTEM_DBS = ( " SYSTEM_ " , )
2020-01-31 13:33:31 +03:00
MIMERSQL_SYSTEM_DBS = ( " information_schema " , " SYSTEM " , )
2020-02-02 16:51:24 +03:00
CRATEDB_SYSTEM_DBS = ( " information_schema " , " pg_catalog " , " sys " )
2020-02-03 15:47:31 +03:00
CUBRID_SYSTEM_DBS = ( " DBA " , )
2020-02-25 14:36:07 +03:00
CACHE_SYSTEM_DBS = ( " % Dictionary " , " INFORMATION_SCHEMA " , " % SYS " )
2020-02-26 19:33:47 +03:00
EXTREMEDB_SYSTEM_DBS = ( " " , )
2020-03-02 14:43:12 +03:00
FRONTBASE_SYSTEM_DBS = ( " DEFINITION_SCHEMA " , " INFORMATION_SCHEMA " )
2021-01-11 19:36:23 +03:00
RAIMA_SYSTEM_DBS = ( " " , )
2021-02-15 16:07:04 +03:00
VIRTUOSO_SYSTEM_DBS = ( " " , )
2013-01-09 18:38:41 +04:00
2020-01-28 02:00:06 +03:00
# Note: (<regular>) + (<forks>)
2013-01-09 18:38:41 +04:00
MSSQL_ALIASES = ( " microsoft sql server " , " mssqlserver " , " mssql " , " ms " )
2021-02-23 14:00:59 +03:00
MYSQL_ALIASES = ( " mysql " , " my " ) + ( " mariadb " , " maria " , " memsql " , " tidb " , " percona " , " drizzle " )
2021-03-22 13:03:57 +03:00
PGSQL_ALIASES = ( " postgresql " , " postgres " , " pgsql " , " psql " , " pg " ) + ( " cockroach " , " cockroachdb " , " amazon redshift " , " redshift " , " greenplum " , " yellowbrick " , " enterprisedb " , " yugabyte " , " yugabytedb " )
2013-01-09 18:38:41 +04:00
ORACLE_ALIASES = ( " oracle " , " orcl " , " ora " , " or " )
SQLITE_ALIASES = ( " sqlite " , " sqlite3 " )
2021-01-11 19:36:23 +03:00
ACCESS_ALIASES = ( " microsoft access " , " msaccess " , " access " , " jet " )
2013-01-09 18:38:41 +04:00
FIREBIRD_ALIASES = ( " firebird " , " mozilla firebird " , " interbase " , " ibase " , " fb " )
2020-01-17 19:14:41 +03:00
MAXDB_ALIASES = ( " max " , " maxdb " , " sap maxdb " , " sap db " )
2013-01-09 18:38:41 +04:00
SYBASE_ALIASES = ( " sybase " , " sybase sql server " )
DB2_ALIASES = ( " db2 " , " ibm db2 " , " ibmdb2 " )
2013-07-01 13:57:47 +04:00
HSQLDB_ALIASES = ( " hsql " , " hsqldb " , " hs " , " hypersql " )
2021-03-22 13:03:57 +03:00
H2_ALIASES = ( " h2 " , ) + ( " ignite " , " apache ignite " )
2016-09-23 13:31:28 +03:00
INFORMIX_ALIASES = ( " informix " , " ibm informix " , " ibminformix " )
2020-01-17 19:14:41 +03:00
MONETDB_ALIASES = ( " monet " , " monetdb " , )
2020-01-20 17:33:45 +03:00
DERBY_ALIASES = ( " derby " , " apache derby " , )
2020-01-21 17:40:59 +03:00
VERTICA_ALIASES = ( " vertica " , )
2020-01-23 01:41:06 +03:00
MCKOI_ALIASES = ( " mckoi " , )
2020-01-23 18:59:02 +03:00
PRESTO_ALIASES = ( " presto " , )
2020-01-27 19:32:31 +03:00
ALTIBASE_ALIASES = ( " altibase " , )
2020-01-31 13:33:31 +03:00
MIMERSQL_ALIASES = ( " mimersql " , " mimer " )
2020-02-02 16:51:24 +03:00
CRATEDB_ALIASES = ( " cratedb " , " crate " )
2020-02-03 03:58:12 +03:00
CUBRID_ALIASES = ( " cubrid " , )
2021-02-23 14:00:59 +03:00
CACHE_ALIASES = ( " intersystems cache " , " cachedb " , " cache " , " iris " )
2020-02-26 19:33:47 +03:00
EXTREMEDB_ALIASES = ( " extremedb " , " extreme " )
2020-03-02 14:43:12 +03:00
FRONTBASE_ALIASES = ( " frontbase " , )
2021-01-11 19:36:23 +03:00
RAIMA_ALIASES = ( " raima database manager " , " raima " , " raimadb " , " raimadm " , " rdm " , " rds " , " velocis " )
2021-02-15 16:07:04 +03:00
VIRTUOSO_ALIASES = ( " virtuoso " , " openlink virtuoso " )
2011-04-30 17:20:05 +04:00
2012-02-16 13:32:47 +04:00
DBMS_DIRECTORY_DICT = dict ( ( getattr ( DBMS , _ ) , getattr ( DBMS_DIRECTORY_NAME , _ ) ) for _ in dir ( DBMS ) if not _ . startswith ( " _ " ) )
2021-02-15 16:07:04 +03:00
SUPPORTED_DBMS = set ( MSSQL_ALIASES + MYSQL_ALIASES + PGSQL_ALIASES + ORACLE_ALIASES + SQLITE_ALIASES + ACCESS_ALIASES + FIREBIRD_ALIASES + MAXDB_ALIASES + SYBASE_ALIASES + DB2_ALIASES + HSQLDB_ALIASES + H2_ALIASES + INFORMIX_ALIASES + MONETDB_ALIASES + DERBY_ALIASES + VERTICA_ALIASES + MCKOI_ALIASES + PRESTO_ALIASES + ALTIBASE_ALIASES + MIMERSQL_ALIASES + CRATEDB_ALIASES + CUBRID_ALIASES + CACHE_ALIASES + EXTREMEDB_ALIASES + RAIMA_ALIASES + VIRTUOSO_ALIASES )
2013-01-09 18:38:41 +04:00
SUPPORTED_OS = ( " linux " , " windows " )
2009-02-09 13:28:03 +03:00
2021-02-15 16:07:04 +03:00
DBMS_ALIASES = ( ( DBMS . MSSQL , MSSQL_ALIASES ) , ( DBMS . MYSQL , MYSQL_ALIASES ) , ( DBMS . PGSQL , PGSQL_ALIASES ) , ( DBMS . ORACLE , ORACLE_ALIASES ) , ( DBMS . SQLITE , SQLITE_ALIASES ) , ( DBMS . ACCESS , ACCESS_ALIASES ) , ( DBMS . FIREBIRD , FIREBIRD_ALIASES ) , ( DBMS . MAXDB , MAXDB_ALIASES ) , ( DBMS . SYBASE , SYBASE_ALIASES ) , ( DBMS . DB2 , DB2_ALIASES ) , ( DBMS . HSQLDB , HSQLDB_ALIASES ) , ( DBMS . H2 , H2_ALIASES ) , ( DBMS . INFORMIX , INFORMIX_ALIASES ) , ( DBMS . MONETDB , MONETDB_ALIASES ) , ( DBMS . DERBY , DERBY_ALIASES ) , ( DBMS . VERTICA , VERTICA_ALIASES ) , ( DBMS . MCKOI , MCKOI_ALIASES ) , ( DBMS . PRESTO , PRESTO_ALIASES ) , ( DBMS . ALTIBASE , ALTIBASE_ALIASES ) , ( DBMS . MIMERSQL , MIMERSQL_ALIASES ) , ( DBMS . CRATEDB , CRATEDB_ALIASES ) , ( DBMS . CUBRID , CUBRID_ALIASES ) , ( DBMS . CACHE , CACHE_ALIASES ) , ( DBMS . EXTREMEDB , EXTREMEDB_ALIASES ) , ( DBMS . FRONTBASE , FRONTBASE_ALIASES ) , ( DBMS . RAIMA , RAIMA_ALIASES ) , ( DBMS . VIRTUOSO , VIRTUOSO_ALIASES ) )
2014-08-30 23:34:23 +04:00
2013-01-09 18:38:41 +04:00
USER_AGENT_ALIASES = ( " ua " , " useragent " , " user-agent " )
REFERER_ALIASES = ( " ref " , " referer " , " referrer " )
HOST_ALIASES = ( " host " , )
2011-02-14 00:58:48 +03:00
2020-01-27 19:32:31 +03:00
# DBMSes with upper case identifiers
UPPER_CASE_DBMSES = set ( ( DBMS . ORACLE , DBMS . DB2 , DBMS . FIREBIRD , DBMS . HSQLDB , DBMS . MAXDB , DBMS . H2 , DBMS . DERBY , DBMS . ALTIBASE ) )
2020-01-21 17:40:59 +03:00
# Default schemas to use (when unable to enumerate)
2018-10-16 14:26:55 +03:00
H2_DEFAULT_SCHEMA = HSQLDB_DEFAULT_SCHEMA = " PUBLIC "
2020-01-21 17:40:59 +03:00
VERTICA_DEFAULT_SCHEMA = " public "
2020-01-23 01:41:06 +03:00
MCKOI_DEFAULT_SCHEMA = " APP "
2020-02-25 14:36:07 +03:00
CACHE_DEFAULT_SCHEMA = " SQLUser "
# DBMSes where OFFSET mechanism starts from 1
PLUS_ONE_DBMSES = set ( ( DBMS . ORACLE , DBMS . DB2 , DBMS . ALTIBASE , DBMS . MSSQL , DBMS . CACHE ) )
2015-10-09 17:52:13 +03:00
2015-01-22 10:52:15 +03:00
# Names that can't be used to name files on Windows OS
WINDOWS_RESERVED_NAMES = ( " CON " , " PRN " , " AUX " , " NUL " , " COM1 " , " COM2 " , " COM3 " , " COM4 " , " COM5 " , " COM6 " , " COM7 " , " COM8 " , " COM9 " , " LPT1 " , " LPT2 " , " LPT3 " , " LPT4 " , " LPT5 " , " LPT6 " , " LPT7 " , " LPT8 " , " LPT9 " )
2012-10-02 16:23:58 +04:00
# Items displayed in basic help (-h) output
2012-07-03 14:09:18 +04:00
BASIC_HELP_ITEMS = (
2016-10-21 14:05:45 +03:00
" url " ,
" googleDork " ,
" data " ,
" cookie " ,
" randomAgent " ,
" proxy " ,
" testParameter " ,
" dbms " ,
" level " ,
" risk " ,
2019-06-07 01:21:43 +03:00
" technique " ,
2016-10-21 14:05:45 +03:00
" getAll " ,
" getBanner " ,
" getCurrentUser " ,
" getCurrentDb " ,
" getPasswordHashes " ,
" getTables " ,
" getColumns " ,
" getSchema " ,
" dumpTable " ,
" dumpAll " ,
" db " ,
" tbl " ,
" col " ,
" osShell " ,
" osPwn " ,
" batch " ,
" checkTor " ,
" flushSession " ,
" tor " ,
" sqlmapShell " ,
" wizard " ,
)
2012-07-03 14:09:18 +04:00
2018-02-08 19:08:44 +03:00
# Tags used for value replacements inside shell scripts
SHELL_WRITABLE_DIR_TAG = " % WRITABLE_DIR % "
SHELL_RUNCMD_EXE_TAG = " % RUNCMD_EXE % "
2012-10-02 16:23:58 +04:00
# String representation for NULL value
2012-02-07 14:46:55 +04:00
NULL = " NULL "
2012-10-02 16:23:58 +04:00
# String representation for blank ('') value
2012-03-14 17:52:23 +04:00
BLANK = " <blank> "
2012-10-02 16:23:58 +04:00
# String representation for current database
2012-02-16 18:42:28 +04:00
CURRENT_DB = " CD "
2019-08-30 15:43:56 +03:00
# String representation for current user
CURRENT_USER = " CU "
2017-12-04 15:41:02 +03:00
# Name of SQLite file used for storing session data
SESSION_SQLITE_FILE = " session.sqlite "
2016-05-25 16:29:25 +03:00
# Regular expressions used for finding file paths in error messages
2019-02-21 04:50:11 +03:00
FILE_PATH_REGEXES = ( r " <b>(?P<result>[^<>]+?)</b> on line \ d+ " , r " \ bin (?P<result>[^<> ' \" ]+?)[ ' \" ]? on line \ d+ " , r " (?:[>( \ [ \ s])(?P<result>[A-Za-z]:[ \\ /][ \ w. \\ /-]*) " , r " (?:[>( \ [ \ s])(?P<result>/ \ w[/ \ w.~-]+) " , r " \ bhref=[ ' \" ]file://(?P<result>/[^ ' \" ]+) " , r " \ bin <b>(?P<result>[^<]+): line \ d+ " )
2016-05-25 16:29:25 +03:00
2011-03-29 16:08:07 +04:00
# Regular expressions used for parsing error messages (--parse-errors)
2012-02-22 14:40:11 +04:00
ERROR_PARSING_REGEXES = (
2018-09-06 14:59:07 +03:00
r " \ [Microsoft \ ] \ [ODBC SQL Server Driver \ ] \ [SQL Server \ ](?P<result>[^<]+) " ,
2021-01-07 13:56:49 +03:00
r " <b>[^<] { 0,100}(fatal|error|warning|exception)[^<]*</b>:? \ s*(?P<result>[^<]+) " ,
r " (?m)^ \ s { 0,100}(fatal|error|warning|exception):? \ s*(?P<result>[^ \ n]+?)$ " ,
2019-04-30 02:33:37 +03:00
r " (sql|dbc)[^> ' \" ] { 0,32}(fatal|error|warning|exception)(</b>)?: \ s*(?P<result>[^<>]+) " ,
2021-01-07 13:56:49 +03:00
r " (?P<result>[^ \ n>] { 0,100}SQL Syntax[^ \ n<]+) " ,
2019-03-21 18:35:48 +03:00
r " (?s)<li>Error Type:<br>(?P<result>.+?)</li> " ,
2017-02-04 01:04:38 +03:00
r " CDbCommand (?P<result>[^<> \ n]*SQL[^<> \ n]+) " ,
2016-10-21 14:05:45 +03:00
r " error ' [0-9a-f] {8} ' ((<[^>]+>)| \ s)+(?P<result>[^<>]+) " ,
2021-01-07 13:56:49 +03:00
r " \ [[^ \ n \ ]] { 1,100}(ODBC|JDBC)[^ \ n \ ]]+ \ ]( \ [[^ \ ]]+ \ ])?(?P<result>[^ \ n]+(in query expression| \ (SQL| at /[^ ]+pdo)[^ \ n<]+) " ,
2019-03-21 18:35:48 +03:00
r " (?P<result>query error: SELECT[^<>]+) "
2016-10-21 14:05:45 +03:00
)
2011-01-04 18:49:20 +03:00
2011-03-29 16:08:07 +04:00
# Regular expression used for parsing charset info from meta html headers
2014-08-20 16:02:04 +04:00
META_CHARSET_REGEX = r ' (?si)<head>.*<meta[^>]+charset= " ?(?P<result>[^ " > ]+).*</head> '
2011-01-15 18:56:11 +03:00
2011-03-29 18:16:28 +04:00
# Regular expression used for parsing refresh info from meta html headers
2019-11-16 00:42:20 +03:00
META_REFRESH_REGEX = r ' (?i)<meta http-equiv= " ?refresh " ?[^>]+content= " ?[^ " >]+; \ s*(url=)?[ " \' ]?(?P<result>[^ \' " >]+) '
2011-03-29 18:16:28 +04:00
2019-11-07 18:23:52 +03:00
# Regular expression used for parsing Javascript redirect request
JAVASCRIPT_HREF_REGEX = r ' <script> \ s*( \ w+ \ .)?location \ .href \ s*=[ " \' ](?P<result>[^ " \' ]+) '
2011-03-29 16:08:07 +04:00
# Regular expression used for parsing empty fields in tested form data
2012-10-19 13:02:14 +04:00
EMPTY_FORM_FIELDS_REGEX = r ' (&| \ A)(?P<result>[^=]+=(&| \ Z)) '
2011-03-29 02:48:00 +04:00
2011-01-17 12:28:25 +03:00
# Reference: http://www.cs.ru.nl/bachelorscripties/2010/Martin_Devillers___0437999___Analyzing_password_strength.pdf
2011-11-21 00:14:47 +04:00
COMMON_PASSWORD_SUFFIXES = ( " 1 " , " 123 " , " 2 " , " 12 " , " 3 " , " 13 " , " 7 " , " 11 " , " 5 " , " 22 " , " 23 " , " 01 " , " 4 " , " 07 " , " 21 " , " 14 " , " 10 " , " 06 " , " 08 " , " 8 " , " 15 " , " 69 " , " 16 " , " 6 " , " 18 " )
2011-01-17 12:28:25 +03:00
2011-01-15 18:56:11 +03:00
# Reference: http://www.the-interweb.com/serendipity/index.php?/archives/94-A-brief-analysis-of-40,000-leaked-MySpace-passwords.html
2013-01-10 16:18:44 +04:00
COMMON_PASSWORD_SUFFIXES + = ( " ! " , " . " , " * " , " !! " , " ? " , " ; " , " .. " , " !!! " , " , " , " @ " )
2011-01-20 19:07:08 +03:00
# Splitter used between requests in WebScarab log files
WEBSCARAB_SPLITTER = " ### Conversation "
# Splitter used between requests in BURP log files
2019-01-06 04:29:09 +03:00
BURP_REQUEST_REGEX = r " = { 10,} \ s+([A-Z] { 3,} .+?) \ s+= { 10,} "
2011-01-27 19:55:58 +03:00
2013-11-08 12:23:38 +04:00
# Regex used for parsing XML Burp saved history items
2019-11-28 01:26:39 +03:00
BURP_XML_HISTORY_REGEX = r ' <port>( \ d+)</port>.*?<request base64= " true " ><! \ [CDATA \ [([^]]+) '
2013-11-08 12:23:38 +04:00
2011-01-30 14:36:03 +03:00
# Encoding used for Unicode data
UNICODE_ENCODING = " utf8 "
2011-01-31 15:41:39 +03:00
# Reference: http://www.w3.org/Protocols/HTTP/Object_Headers.html#uri
URI_HTTP_HEADER = " URI "
2011-01-31 23:36:01 +03:00
# Uri format which could be injectable (e.g. www.site.com/id82)
2012-01-06 04:06:38 +04:00
URI_INJECTABLE_REGEX = r " //[^/]*/([^ \ .*?]+) \ Z "
2011-02-02 13:10:28 +03:00
2011-02-02 17:25:16 +03:00
# Regex used for masking sensitive data
2019-03-07 16:55:25 +03:00
SENSITIVE_DATA_REGEX = r " ( \ s|=)(?P<result>[^ \ s=]* \ b %s \ b[^ \ s]*) \ s "
2011-02-02 17:25:16 +03:00
2016-11-09 13:29:08 +03:00
# Options to explicitly mask in anonymous (unhandled exception) reports (along with anything carrying the <hostname> inside)
2019-05-09 11:30:17 +03:00
SENSITIVE_OPTIONS = ( " hostname " , " answers " , " data " , " dnsDomain " , " googleDork " , " authCred " , " proxyCred " , " tbl " , " db " , " col " , " user " , " cookie " , " proxy " , " fileRead " , " fileWrite " , " fileDest " , " testParameter " , " authCred " , " sqlQuery " , " requestFile " )
2016-11-09 13:29:08 +03:00
2011-02-02 13:10:28 +03:00
# Maximum number of threads (avoiding connection issues and/or DoS)
MAX_NUMBER_OF_THREADS = 10
2011-02-03 19:59:49 +03:00
# Minimum range between minimum and maximum of statistical set
MIN_STATISTICAL_RANGE = 0.01
2011-02-04 02:25:56 +03:00
# Minimum value for comparison ratio
MIN_RATIO = 0.0
# Maximum value for comparison ratio
MAX_RATIO = 1.0
2011-02-04 15:25:14 +03:00
2017-02-06 15:28:33 +03:00
# Minimum length of sentence for automatic choosing of --string (in case of high matching ratio)
CANDIDATE_SENTENCE_MIN_LENGTH = 10
2012-04-17 12:41:19 +04:00
# Character used for marking injectable position inside provided data
CUSTOM_INJECTION_MARK_CHAR = ' * '
2011-02-04 20:40:55 +03:00
2019-10-15 17:08:58 +03:00
# Wildcard value that can be used in option --ignore-code
IGNORE_CODE_WILDCARD = ' * '
2012-11-28 14:41:39 +04:00
# Other way to declare injection position
2018-06-10 00:38:00 +03:00
INJECT_HERE_REGEX = r " (?i) % INJECT[_ ]?HERE % "
2012-11-28 14:41:39 +04:00
2015-08-26 16:26:16 +03:00
# Minimum chunk length used for retrieving data over error based payloads
MIN_ERROR_CHUNK_LENGTH = 8
2011-02-07 01:32:44 +03:00
2015-08-26 16:26:16 +03:00
# Maximum chunk length used for retrieving data over error based payloads
MAX_ERROR_CHUNK_LENGTH = 1024
2011-05-03 17:25:20 +04:00
2013-01-18 18:40:37 +04:00
# Do not escape the injected statement if it contains any of the following SQL keywords
2019-06-26 16:53:18 +03:00
EXCLUDE_UNESCAPE = ( " WAITFOR DELAY ' " , " INTO DUMPFILE " , " INTO OUTFILE " , " CREATE " , " BULK " , " EXEC " , " RECONFIGURE " , " DECLARE " , " ' %s ' " % CHAR_INFERENCE_MARK )
2011-02-24 19:52:46 +03:00
# Mark used for replacement of reflected values
2012-03-29 16:44:20 +04:00
REFLECTED_VALUE_MARKER = " __REFLECTED_VALUE__ "
2012-04-12 01:26:00 +04:00
# Regular expression used for replacing border non-alphanum characters
REFLECTED_BORDER_REGEX = r " [^A-Za-z]+ "
2012-03-28 23:27:12 +04:00
# Regular expression used for replacing non-alphanum characters
2021-01-04 15:45:38 +03:00
REFLECTED_REPLACEMENT_REGEX = r " [^ \ n] { 1,168} "
2011-03-09 12:36:56 +03:00
2017-04-11 14:34:40 +03:00
# Maximum time (in seconds) spent per reflective value(s) replacement
REFLECTED_REPLACEMENT_TIMEOUT = 3
2011-07-13 03:21:15 +04:00
# Maximum number of alpha-numerical parts in reflected regex (for speed purposes)
REFLECTED_MAX_REGEX_PARTS = 10
2011-04-13 15:25:42 +04:00
# Chars which can be used as a failsafe values in case of too long URL encoding value
2012-03-29 16:44:20 +04:00
URLENCODE_FAILSAFE_CHARS = " ()|, "
2011-03-09 12:36:56 +03:00
2021-03-04 01:28:27 +03:00
# Factor used for yuge page multiplication
YUGE_FACTOR = 1000
2013-04-09 13:48:42 +04:00
# Maximum length of URL encoded value after which failsafe procedure takes away
2011-04-11 02:57:17 +04:00
URLENCODE_CHAR_LIMIT = 2000
2011-03-27 11:58:15 +04:00
2011-04-13 15:25:42 +04:00
# Default schema for Microsoft SQL Server DBMS
2012-03-29 16:44:20 +04:00
DEFAULT_MSSQL_SCHEMA = " dbo "
2011-03-29 16:08:07 +04:00
2011-04-13 15:25:42 +04:00
# Display hash attack info every mod number of items
2011-11-02 10:53:43 +04:00
HASH_MOD_ITEM_DISPLAY = 11
2011-04-11 15:59:02 +04:00
2018-09-05 00:14:25 +03:00
# Display marker for (cracked) empty password
HASH_EMPTY_PASSWORD_MARKER = " <empty> "
2011-04-13 15:25:42 +04:00
# Maximum integer value
2019-03-27 02:58:12 +03:00
MAX_INT = sys . maxsize
2011-04-13 23:01:02 +04:00
2018-02-06 12:48:47 +03:00
# Replacement for unsafe characters in dump table filenames
UNSAFE_DUMP_FILEPATH_REPLACEMENT = ' _ '
2013-04-10 21:33:31 +04:00
# Options that need to be restored in multiple targets run mode
2016-10-22 22:52:18 +03:00
RESTORE_MERGED_OPTIONS = ( " col " , " db " , " dnsDomain " , " privEsc " , " tbl " , " regexp " , " string " , " textOnly " , " threads " , " timeSec " , " tmpPath " , " uChar " , " user " )
2013-04-10 21:33:31 +04:00
2011-04-14 16:58:03 +04:00
# Parameters to be ignored in detection phase (upper case)
2016-10-19 14:07:25 +03:00
IGNORE_PARAMETERS = ( " __VIEWSTATE " , " __VIEWSTATEENCRYPTED " , " __VIEWSTATEGENERATOR " , " __EVENTARGUMENT " , " __EVENTTARGET " , " __EVENTVALIDATION " , " ASPSESSIONID " , " ASP.NET_SESSIONID " , " JSESSIONID " , " CFID " , " CFTOKEN " )
2011-04-22 23:58:10 +04:00
2012-10-19 13:02:14 +04:00
# Regular expression used for recognition of ASP.NET control parameters
ASP_NET_CONTROL_REGEX = r " (?i) \ Actl \ d+ \ $ "
2013-12-04 12:56:37 +04:00
# Prefix for Google analytics cookie names
GOOGLE_ANALYTICS_COOKIE_PREFIX = " __UTM "
2014-04-25 11:17:10 +04:00
# Prefix for configuration overriding environment variables
SQLMAP_ENVIRONMENT_PREFIX = " SQLMAP_ "
2020-01-07 23:08:18 +03:00
# General OS environment variables that can be used for setting proxy address
PROXY_ENVIRONMENT_VARIABLES = ( " all_proxy " , " ALL_PROXY " , " http_proxy " , " HTTP_PROXY " , " https_proxy " , " HTTPS_PROXY " )
2011-04-22 23:58:10 +04:00
# Turn off resume console info to avoid potential slowdowns
TURN_OFF_RESUME_INFO_LIMIT = 20
2011-05-16 02:21:38 +04:00
# Strftime format for results file used in multiple target mode
2012-03-29 16:44:20 +04:00
RESULTS_FILE_FORMAT = " results- % m %d % Y_ % I % M % p.csv "
2011-05-18 03:03:31 +04:00
# Official web page with the list of Python supported codecs
2012-03-29 16:44:20 +04:00
CODECS_LIST_PAGE = " http://docs.python.org/library/codecs.html#standard-encodings "
2011-05-19 20:45:05 +04:00
# Simple regular expression used to distinguish scalar from multiple-row commands (not sole condition)
SQL_SCALAR_REGEX = r " \ A(SELECT(?! \ s+DISTINCT \ (?))? \ s* \ w* \ ( "
2011-05-24 15:06:58 +04:00
2015-08-13 18:21:36 +03:00
# Option/switch values to ignore during configuration save
2015-08-14 23:49:32 +03:00
IGNORE_SAVE_OPTIONS = ( " saveConfig " , )
2015-08-13 18:21:36 +03:00
2011-05-24 15:06:58 +04:00
# IP address of the localhost
LOCALHOST = " 127.0.0.1 "
2016-10-10 15:19:44 +03:00
# Default SOCKS ports used by Tor
DEFAULT_TOR_SOCKS_PORTS = ( 9050 , 9150 )
2011-05-27 00:48:18 +04:00
2016-10-10 15:19:44 +03:00
# Default HTTP ports used by Tor
2011-12-14 14:19:45 +04:00
DEFAULT_TOR_HTTP_PORTS = ( 8123 , 8118 )
2011-05-27 00:48:18 +04:00
# Percentage below which comparison engine could have problems
LOW_TEXT_PERCENT = 20
2011-05-28 21:34:43 +04:00
2019-06-09 02:11:29 +03:00
# Auxiliary value used in isDBMSVersionAtLeast() version comparison correction cases
VERSION_COMPARISON_CORRECTION = 0.0001
2011-05-28 21:34:43 +04:00
# These MySQL keywords can't go (alone) into versioned comment form (/*!...*/)
# Reference: http://dev.mysql.com/doc/refman/5.1/en/function-resolution.html
IGNORE_SPACE_AFFECTED_KEYWORDS = ( " CAST " , " COUNT " , " EXTRACT " , " GROUP_CONCAT " , " MAX " , " MID " , " MIN " , " SESSION_USER " , " SUBSTR " , " SUBSTRING " , " SUM " , " SYSTEM_USER " , " TRIM " )
2011-05-28 22:54:14 +04:00
2017-07-05 13:35:48 +03:00
# Keywords expected to be in UPPERCASE in getValue()
GET_VALUE_UPPERCASE_KEYWORDS = ( " SELECT " , " FROM " , " WHERE " , " DISTINCT " , " COUNT " )
2012-07-17 01:50:29 +04:00
LEGAL_DISCLAIMER = " Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user ' s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program "
2011-05-30 13:46:32 +04:00
# After this number of misses reflective removal mechanism is turned off (for speed up reasons)
REFLECTIVE_MISS_THRESHOLD = 20
2011-06-11 03:18:43 +04:00
# Regular expression used for extracting HTML title
2018-06-10 00:38:00 +03:00
HTML_TITLE_REGEX = r " <title>(?P<result>[^<]+)</title> "
2011-06-18 02:04:25 +04:00
2011-11-20 23:10:46 +04:00
# Table used for Base64 conversion in WordPress hash cracking routine
2012-03-29 16:44:20 +04:00
ITOA64 = " ./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz "
2011-11-20 23:10:46 +04:00
2020-02-03 18:54:00 +03:00
# Options/switches to be ignored in command-line parsing (e.g. those passed from Firefox)
IGNORED_OPTIONS = ( " --compressed " , )
2011-06-18 02:04:25 +04:00
# Chars used to quickly distinguish if the user provided tainted parameter values
2011-08-16 13:21:01 +04:00
DUMMY_SQL_INJECTION_CHARS = " ;() ' "
2011-06-21 02:41:38 +04:00
2012-01-07 21:16:14 +04:00
# Simple check against dummy users
2017-11-24 12:54:03 +03:00
DUMMY_USER_INJECTION = r " (?i)[^ \ w](AND|OR) \ s+[^ \ s]+[=><]| \ bUNION \ b.+ \ bSELECT \ b| \ bSELECT \ b.+ \ bFROM \ b| \ b(CONCAT|information_schema|SLEEP|DELAY|FLOOR \ (RAND) \ b "
2012-01-07 21:16:14 +04:00
2011-06-21 02:41:38 +04:00
# Extensions skipped by crawler
2016-09-29 22:26:47 +03:00
CRAWL_EXCLUDE_EXTENSIONS = ( " 3ds " , " 3g2 " , " 3gp " , " 7z " , " DS_Store " , " a " , " aac " , " adp " , " ai " , " aif " , " aiff " , " apk " , " ar " , " asf " , " au " , " avi " , " bak " , " bin " , " bk " , " bmp " , " btif " , " bz2 " , " cab " , " caf " , " cgm " , " cmx " , " cpio " , " cr2 " , " dat " , " deb " , " djvu " , " dll " , " dmg " , " dmp " , " dng " , " doc " , " docx " , " dot " , " dotx " , " dra " , " dsk " , " dts " , " dtshd " , " dvb " , " dwg " , " dxf " , " ear " , " ecelp4800 " , " ecelp7470 " , " ecelp9600 " , " egg " , " eol " , " eot " , " epub " , " exe " , " f4v " , " fbs " , " fh " , " fla " , " flac " , " fli " , " flv " , " fpx " , " fst " , " fvt " , " g3 " , " gif " , " gz " , " h261 " , " h263 " , " h264 " , " ico " , " ief " , " image " , " img " , " ipa " , " iso " , " jar " , " jpeg " , " jpg " , " jpgv " , " jpm " , " jxr " , " ktx " , " lvp " , " lz " , " lzma " , " lzo " , " m3u " , " m4a " , " m4v " , " mar " , " mdi " , " mid " , " mj2 " , " mka " , " mkv " , " mmr " , " mng " , " mov " , " movie " , " mp3 " , " mp4 " , " mp4a " , " mpeg " , " mpg " , " mpga " , " mxu " , " nef " , " npx " , " o " , " oga " , " ogg " , " ogv " , " otf " , " pbm " , " pcx " , " pdf " , " pea " , " pgm " , " pic " , " png " , " pnm " , " ppm " , " pps " , " ppt " , " pptx " , " ps " , " psd " , " pya " , " pyc " , " pyo " , " pyv " , " qt " , " rar " , " ras " , " raw " , " rgb " , " rip " , " rlc " , " rz " , " s3m " , " s7z " , " scm " , " scpt " , " sgi " , " shar " , " sil " , " smv " , " so " , " sub " , " swf " , " tar " , " tbz2 " , " tga " , " tgz " , " tif " , " tiff " , " tlz " , " ts " , " ttf " , " uvh " , " uvi " , " uvm " , " uvp " , " uvs " , " uvu " , " viv " , " vob " , " war " , " wav " , " wax " , " wbmp " , " wdp " , " weba " , " webm " , " webp " , " whl " , " wm " , " wma " , " wmv " , " wmx " , " woff " , " woff2 " , " wvx " , " xbm " , " xif " , " xls " , " xlsx " , " xlt " , " xm " , " xpi " , " xpm " , " xwd " , " xz " , " z " , " zip " , " zipx " )
2011-07-04 23:58:41 +04:00
2017-07-20 03:41:47 +03:00
# Patterns often seen in HTTP headers containing custom injection marking character '*'
2014-02-07 17:40:43 +04:00
PROBLEMATIC_CUSTOM_INJECTION_PATTERNS = r " (;q=[^; ' ]+)|( \ */ \ *) "
2013-02-14 19:18:16 +04:00
2011-07-04 23:58:41 +04:00
# Template used for common table existence check
BRUTE_TABLE_EXISTS_TEMPLATE = " EXISTS(SELECT %d FROM %s ) "
# Template used for common column existence check
BRUTE_COLUMN_EXISTS_TEMPLATE = " EXISTS(SELECT %s FROM %s ) "
2011-07-06 09:44:47 +04:00
2015-08-31 15:27:47 +03:00
# Data inside shellcodeexec to be filled with random string
2019-08-16 10:56:03 +03:00
SHELLCODEEXEC_RANDOM_STRING_MARKER = b " XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX "
2015-08-31 15:27:47 +03:00
2019-04-15 16:15:12 +03:00
# Period after last-update to start nagging about the old revision
2020-06-17 21:05:12 +03:00
LAST_UPDATE_NAGGING_DAYS = 180
2019-04-15 16:15:12 +03:00
2019-06-06 13:46:38 +03:00
# Minimum non-writing chars (e.g. ['"-:/]) ratio in case of parsed error messages
MIN_ERROR_PARSING_NON_WRITING_RATIO = 0.05
2020-01-09 13:36:19 +03:00
# Generic address for checking the Internet connection while using switch --check-internet (Note: https version does not work for Python < 2.7.9)
CHECK_INTERNET_ADDRESS = " http://ipinfo.io/json "
2017-05-08 00:12:42 +03:00
# Value to look for in response to CHECK_INTERNET_ADDRESS
2020-01-09 13:25:09 +03:00
CHECK_INTERNET_VALUE = ' " ip " : '
2017-05-08 00:12:42 +03:00
2019-01-18 16:31:37 +03:00
# Payload used for checking of existence of WAF/IPS (dummier the better)
2019-01-26 14:36:03 +03:00
IPS_WAF_CHECK_PAYLOAD = " AND 1=1 UNION ALL SELECT 1,NULL, ' <script>alert( \" XSS \" )</script> ' ,table_name FROM information_schema.tables WHERE 2>1--/**/; EXEC xp_cmdshell( ' cat ../../../etc/passwd ' )# "
2019-01-18 16:31:37 +03:00
2018-09-14 11:01:31 +03:00
# Vectors used for provoking specific WAF/IPS behavior(s)
2013-02-21 17:33:12 +04:00
WAF_ATTACK_VECTORS = (
2016-10-21 14:05:45 +03:00
" " , # NIL
" search=<script>alert(1)</script> " ,
" file=../../../../etc/passwd " ,
" q=<invalid>foobar " ,
2019-01-26 14:36:03 +03:00
" id=1 %s " % IPS_WAF_CHECK_PAYLOAD
2016-10-21 14:05:45 +03:00
)
2011-07-15 17:24:13 +04:00
# Used for status representation in dictionary attack phase
ROTATING_CHARS = ( ' \\ ' , ' | ' , ' | ' , ' / ' , ' - ' )
2011-07-23 23:04:59 +04:00
2015-01-07 11:21:02 +03:00
# Approximate chunk length (in bytes) used by BigArray objects (only last chunk and cached one are held in memory)
BIGARRAY_CHUNK_SIZE = 1024 * 1024
2011-07-24 13:19:33 +04:00
2018-01-31 12:36:13 +03:00
# Compress level used for storing BigArray chunks to disk (0-9)
2017-11-17 13:45:02 +03:00
BIGARRAY_COMPRESS_LEVEL = 9
2015-11-17 10:52:24 +03:00
# Maximum number of socket pre-connects
SOCKET_PRE_CONNECT_QUEUE_SIZE = 3
2011-07-24 13:19:33 +04:00
# Only console display last n table rows
2011-10-26 18:31:00 +04:00
TRIM_STDOUT_DUMP_SIZE = 256
2011-08-03 13:08:16 +04:00
2016-03-10 16:48:05 +03:00
# Reference: http://stackoverflow.com/a/3168436
2020-12-10 16:22:44 +03:00
# Reference: https://web.archive.org/web/20150407141500/https://support.microsoft.com/en-us/kb/899149
2016-03-10 16:48:05 +03:00
DUMP_FILE_BUFFER_SIZE = 1024
2011-11-22 16:18:24 +04:00
# Parse response headers only first couple of times
PARSE_HEADERS_LIMIT = 3
2011-08-03 13:08:16 +04:00
# Step used in ORDER BY technique used for finding the right number of columns in UNION query injections
ORDER_BY_STEP = 10
2011-08-16 10:50:20 +04:00
2019-11-27 14:09:51 +03:00
# Maximum value used in ORDER BY technique used for finding the right number of columns in UNION query injections
ORDER_BY_MAX = 1000
2016-09-27 12:21:12 +03:00
# Maximum number of times for revalidation of a character in inference (as required)
MAX_REVALIDATION_STEPS = 5
2011-08-29 17:08:25 +04:00
# Characters that can be used to split parameter values in provided command line (e.g. in --tamper)
2016-09-29 22:26:47 +03:00
PARAMETER_SPLITTING_REGEX = r " [,|;] "
2011-10-10 01:21:41 +04:00
# Regular expression describing possible union char value (e.g. used in --union-char)
2016-09-29 22:26:47 +03:00
UNION_CHAR_REGEX = r " \ A \ w+ \ Z "
2011-10-25 13:53:44 +04:00
# Attribute used for storing original parameter value in special cases (e.g. POST)
2016-09-29 22:26:47 +03:00
UNENCODED_ORIGINAL_VALUE = " original "
2011-11-20 23:10:46 +04:00
# Common column names containing usernames (used for hash cracking in some cases)
2018-12-17 19:03:51 +03:00
COMMON_USER_COLUMNS = ( " login " , " user " , " username " , " user_name " , " user_login " , " benutzername " , " benutzer " , " utilisateur " , " usager " , " consommateur " , " utente " , " utilizzatore " , " utilizator " , " utilizador " , " usufrutuario " , " korisnik " , " uporabnik " , " usuario " , " consumidor " , " client " , " cuser " )
2011-11-22 01:31:08 +04:00
# Default delimiter in GET/POST values
DEFAULT_GET_POST_DELIMITER = ' & '
# Default delimiter in cookie values
2011-11-22 14:54:29 +04:00
DEFAULT_COOKIE_DELIMITER = ' ; '
2013-04-15 13:49:11 +04:00
# Unix timestamp used for forcing cookie expiration when provided with --load-cookies
FORCE_COOKIE_EXPIRATION_TIME = " 9999999999 "
2014-10-27 02:37:46 +03:00
# Github OAuth token used for creating an automatic Issue for unhandled exceptions
2020-12-10 15:56:25 +03:00
GITHUB_REPORT_OAUTH_TOKEN = " NTYzYjhmZWJjYzc0Njg2ODJhNzhmNDg1YzM0YzlkYjk3N2JiMzE3Nw "
2014-10-27 02:37:46 +03:00
2011-11-22 14:54:29 +04:00
# Skip unforced HashDB flush requests below the threshold number of cached items
2011-11-22 15:04:43 +04:00
HASHDB_FLUSH_THRESHOLD = 32
2011-12-23 00:14:56 +04:00
2012-09-25 13:21:39 +04:00
# Number of retries for unsuccessful HashDB flush attempts
HASHDB_FLUSH_RETRIES = 3
2014-03-24 13:46:23 +04:00
2016-10-15 01:51:35 +03:00
# Number of retries for unsuccessful HashDB retrieve attempts
HASHDB_RETRIEVE_RETRIES = 3
2014-03-24 13:46:23 +04:00
# Number of retries for unsuccessful HashDB end transaction attempts
HASHDB_END_TRANSACTION_RETRIES = 3
2012-09-25 13:21:39 +04:00
2012-03-13 13:35:37 +04:00
# Unique milestone value used for forced deprecation of old HashDB values (e.g. when changing hash/pickle mechanism)
2019-05-02 12:26:31 +03:00
HASHDB_MILESTONE_VALUE = " OdqjeUpBLc " # python -c 'import random, string; print "".join(random.sample(string.ascii_letters, 10))'
# Pickle protocl used for storage of serialized data inside HashDB (https://docs.python.org/3/library/pickle.html#data-stream-format)
PICKLE_PROTOCOL = 2
2012-03-13 02:55:57 +04:00
2011-12-23 00:14:56 +04:00
# Warn user of possible delay due to large page dump in full UNION query injections
2013-01-10 16:18:44 +04:00
LARGE_OUTPUT_THRESHOLD = 1024 * * 2
2011-12-23 00:42:57 +04:00
# On huge tables there is a considerable slowdown if every row retrieval requires ORDER BY (most noticable in table dumping using ERROR injections)
SLOW_ORDER_COUNT_THRESHOLD = 10000
2011-12-23 00:54:20 +04:00
# Give up on hash recognition if nothing was found in first given number of rows
2020-01-28 12:01:21 +03:00
HASH_RECOGNITION_QUIT_THRESHOLD = 1000
2011-12-28 19:59:30 +04:00
2019-05-31 12:57:32 +03:00
# Regular expression used for automatic hex conversion and hash cracking of (RAW) binary column values
HASH_BINARY_COLUMNS_REGEX = r " (?i)pass|psw|hash "
2012-03-15 15:10:58 +04:00
# Maximum number of redirections to any single URL - this is needed because of the state that cookies introduce
MAX_SINGLE_URL_REDIRECTIONS = 4
# Maximum total number of redirections (regardless of URL) - before assuming we're in a loop
MAX_TOTAL_REDIRECTIONS = 10
2012-04-02 18:05:30 +04:00
2019-06-04 16:46:56 +03:00
# Maximum (deliberate) delay used in page stability check
MAX_STABILITY_DELAY = 0.5
2012-04-02 18:05:30 +04:00
# Reference: http://www.tcpipguide.com/free/t_DNSLabelsNamesandSyntaxRules.htm
MAX_DNS_LABEL = 63
2012-04-06 12:42:36 +04:00
2012-07-01 03:19:54 +04:00
# Alphabet used for prefix and suffix strings of name resolution requests in DNS technique (excluding hexadecimal chars for not mixing with inner content)
2017-10-31 13:38:09 +03:00
DNS_BOUNDARIES_ALPHABET = re . sub ( r " [a-fA-F] " , " " , string . ascii_letters )
2012-07-01 03:19:54 +04:00
2012-10-28 03:42:08 +04:00
# Alphabet used for heuristic checks
2014-12-30 12:16:50 +03:00
HEURISTIC_CHECK_ALPHABET = ( ' " ' , ' \' ' , ' ) ' , ' ( ' , ' , ' , ' . ' )
2012-10-28 03:42:08 +04:00
2016-09-29 16:59:28 +03:00
# Minor artistic touch
BANNER = re . sub ( r " \ [. \ ] " , lambda _ : " [ \033 [01;41m %s \033 [01;49m] " % random . sample ( HEURISTIC_CHECK_ALPHABET , 1 ) [ 0 ] , BANNER )
2016-01-15 00:21:47 +03:00
# String used for dummy non-SQLi (e.g. XSS) heuristic checks of a tested parameter value
2016-01-14 11:59:13 +03:00
DUMMY_NON_SQLI_CHECK_APPENDIX = " < ' \" > "
2014-10-01 15:31:48 +04:00
2016-05-30 17:06:39 +03:00
# Regular expression used for recognition of file inclusion errors
2018-06-10 00:38:00 +03:00
FI_ERROR_REGEX = r " (?i)[^ \ n] { 0,100}(no such file|failed (to )?open)[^ \ n] { 0,100} "
2016-05-30 17:06:39 +03:00
2016-01-15 00:21:47 +03:00
# Length of prefix and suffix used in non-SQLI heuristic checks
NON_SQLI_CHECK_PREFIX_SUFFIX_LENGTH = 6
2019-06-13 11:58:21 +03:00
# Connection read size (processing large responses in parts to avoid MemoryError crashes - e.g. large table dump in full UNION injections)
MAX_CONNECTION_READ_SIZE = 10 * 1024 * 1024
2012-04-06 12:42:36 +04:00
2012-08-07 02:50:58 +04:00
# Maximum response total page size (trimmed if larger)
2018-03-19 02:39:48 +03:00
MAX_CONNECTION_TOTAL_SIZE = 100 * 1024 * 1024
2012-08-07 02:50:58 +04:00
2016-06-30 15:57:56 +03:00
# For preventing MemoryError exceptions (caused when using large sequences in difflib.SequenceMatcher)
MAX_DIFFLIB_SEQUENCE_LENGTH = 10 * 1024 * 1024
2021-01-07 16:20:03 +03:00
# Page size threshold used in heuristic checks (e.g. getHeuristicCharEncoding(), identYwaf, htmlParser, etc.)
HEURISTIC_PAGE_SIZE_THRESHOLD = 64 * 1024
2021-01-07 13:44:00 +03:00
2013-07-09 12:24:48 +04:00
# Maximum (multi-threaded) length of entry in bisection algorithm
MAX_BISECTION_LENGTH = 50 * 1024 * 1024
2019-06-13 11:58:21 +03:00
# Mark used for trimming unnecessary content in large connection reads
2019-06-13 11:59:56 +03:00
LARGE_READ_TRIM_MARKER = " __TRIMMED_CONTENT__ "
2012-05-09 13:08:23 +04:00
# Generic SQL comment formation
2016-04-08 12:28:17 +03:00
GENERIC_SQL_COMMENT = " -- [RANDSTR] "
2012-05-26 11:00:26 +04:00
# Threshold value for turning back on time auto-adjustment mechanism
VALID_TIME_CHARS_RUN_THRESHOLD = 100
2012-07-12 16:31:28 +04:00
# Check for empty columns only if table is sufficiently large
CHECK_ZERO_COLUMNS_THRESHOLD = 10
2012-07-12 18:30:35 +04:00
# Boldify all logger messages containing these "patterns"
2020-02-02 16:51:24 +03:00
BOLD_PATTERNS = ( " ' injectable " , " provided empty " , " leftover chars " , " might be injectable " , " ' is vulnerable " , " is not injectable " , " does not seem to be " , " test failed " , " test passed " , " live test final result " , " test shows that " , " the back-end DBMS is " , " created Github " , " blocked by the target server " , " protection is involved " , " CAPTCHA " , " specific response " , " NULL connection is supported " , " PASSED " , " FAILED " , " for more than " , " connection to " )
2012-07-13 13:23:21 +04:00
2019-02-28 04:23:14 +03:00
# TLDs used in randomization of email-alike parameter values
2020-12-10 15:56:25 +03:00
RANDOMIZATION_TLDS = ( " com " , " net " , " ru " , " org " , " de " , " uk " , " br " , " jp " , " cn " , " fr " , " it " , " pl " , " tv " , " edu " , " in " , " ir " , " es " , " me " , " info " , " gr " , " gov " , " ca " , " co " , " se " , " cz " , " to " , " vn " , " nl " , " cc " , " az " , " hu " , " ua " , " be " , " no " , " biz " , " io " , " ch " , " ro " , " sk " , " eu " , " us " , " tw " , " pt " , " fi " , " at " , " lt " , " kz " , " cl " , " hr " , " pk " , " lv " , " la " , " pe " , " au " )
2019-02-28 04:23:14 +03:00
2012-07-13 13:23:21 +04:00
# Generic www root directory names
2013-04-29 12:50:04 +04:00
GENERIC_DOC_ROOT_DIRECTORY_NAMES = ( " htdocs " , " httpdocs " , " public " , " wwwroot " , " www " )
2012-07-24 17:43:29 +04:00
# Maximum length of a help part containing switch/option name(s)
MAX_HELP_OPTION_LENGTH = 18
2012-08-22 17:51:47 +04:00
2013-03-04 21:05:40 +04:00
# Maximum number of connection retries (to prevent problems with recursion)
MAX_CONNECT_RETRIES = 100
2012-08-22 17:51:47 +04:00
# Strings for detecting formatting errors
2019-10-31 10:31:20 +03:00
FORMAT_EXCEPTION_STRINGS = ( " Type mismatch " , " Error converting " , " Please enter a " , " Conversion failed " , " String or binary data would be truncated " , " Failed to convert " , " unable to interpret text value " , " Input string was not in a correct format " , " System.FormatException " , " java.lang.NumberFormatException " , " ValueError: invalid literal " , " TypeMismatchException " , " CF_SQL_INTEGER " , " CF_SQL_NUMERIC " , " for CFSQLTYPE " , " cfqueryparam cfsqltype " , " InvalidParamTypeException " , " Invalid parameter type " , " Attribute validation error for tag " , " is not of type numeric " , " <cfif Not IsNumeric( " , " invalid input syntax for integer " , " invalid input syntax for type " , " invalid number " , " character to number conversion error " , " unable to interpret text value " , " String was not recognized as a valid " , " Convert.ToInt " , " cannot be converted to a " , " InvalidDataException " , " Arguments are of the wrong type " )
2012-09-06 16:13:54 +04:00
2012-10-19 13:02:14 +04:00
# Regular expression used for extracting ASP.NET view state values
2012-10-29 13:48:49 +04:00
VIEWSTATE_REGEX = r ' (?i)(?P<name>__VIEWSTATE[^ " ]*)[^>]+value= " (?P<result>[^ " ]+) '
2012-10-19 13:02:14 +04:00
# Regular expression used for extracting ASP.NET event validation values
2012-10-29 13:48:49 +04:00
EVENTVALIDATION_REGEX = r ' (?i)(?P<name>__EVENTVALIDATION[^ " ]*)[^>]+value= " (?P<result>[^ " ]+) '
2012-09-06 17:51:38 +04:00
# Number of rows to generate inside the full union test for limited output (mustn't be too large to prevent payload length problems)
LIMITED_ROWS_TEST_NUMBER = 15
2012-10-02 16:23:58 +04:00
2016-01-27 12:03:30 +03:00
# Default adapter to use for bottle server
RESTAPI_DEFAULT_ADAPTER = " wsgiref "
2015-12-13 01:48:30 +03:00
# Default REST-JSON API server listen address
RESTAPI_DEFAULT_ADDRESS = " 127.0.0.1 "
# Default REST-JSON API server listen port
RESTAPI_DEFAULT_PORT = 8775
2021-01-12 17:57:12 +03:00
# Unsupported options by REST-JSON API server
2021-01-12 18:28:50 +03:00
RESTAPI_UNSUPPORTED_OPTIONS = ( " sqlShell " , " wizard " )
2021-01-12 17:57:12 +03:00
2019-04-17 18:19:22 +03:00
# Use "Supplementary Private Use Area-A"
INVALID_UNICODE_PRIVATE_AREA = False
2012-12-28 01:43:39 +04:00
# Format used for representing invalid unicode characters
2015-11-16 17:02:30 +03:00
INVALID_UNICODE_CHAR_FORMAT = r " \ x %02x "
2012-12-28 01:43:39 +04:00
2014-04-30 23:25:45 +04:00
# Regular expression for XML POST data
XML_RECOGNITION_REGEX = r " (?s) \ A \ s*<[^>]+>(.+>)? \ s* \ Z "
2012-10-04 13:43:37 +04:00
2014-02-26 11:41:23 +04:00
# Regular expression used for detecting JSON POST data
2020-02-01 00:37:39 +03:00
JSON_RECOGNITION_REGEX = r ' (?s) \ A( \ s* \ [)* \ s* \ { .* " [^ " ]+ " \ s*: \ s*( " [^ " ]* " | \ d+|true|false|null| \ [).* \ } \ s*( \ ] \ s*)* \ Z '
2012-10-04 13:25:44 +04:00
2014-02-26 11:56:17 +04:00
# Regular expression used for detecting JSON-like POST data
2020-07-28 13:55:57 +03:00
JSON_LIKE_RECOGNITION_REGEX = r " (?s) \ A( \ s* \ [)* \ s* \ { .*( ' [^ ' ]+ ' | \" [^ \" ]+ \" | \ w+) \ s*: \ s*( ' [^ ' ]+ ' | \" [^ \" ]+ \" | \ d+).* \ } \ s*( \ ] \ s*)* \ Z "
2014-02-26 11:56:17 +04:00
2012-10-16 14:32:58 +04:00
# Regular expression used for detecting multipart POST data
MULTIPART_RECOGNITION_REGEX = r " (?i)Content-Disposition:[^;]+; \ s*name= "
2014-10-09 17:21:26 +04:00
# Regular expression used for detecting Array-like POST data
ARRAY_LIKE_RECOGNITION_REGEX = r " ( \ A| %s )( \ w+) \ [ \ ]=.+ %s \ 2 \ [ \ ]= " % ( DEFAULT_GET_POST_DELIMITER , DEFAULT_GET_POST_DELIMITER )
2012-10-04 13:25:44 +04:00
# Default POST data content-type
2013-03-27 16:39:27 +04:00
DEFAULT_CONTENT_TYPE = " application/x-www-form-urlencoded; charset=utf-8 "
# Raw text POST data content-type
PLAIN_TEXT_CONTENT_TYPE = " text/plain; charset=utf-8 "
2012-10-25 15:21:32 +04:00
2013-01-16 05:31:03 +04:00
# Length used while checking for existence of Suhosin-patch (like) protection mechanism
SUHOSIN_MAX_VALUE_LENGTH = 512
2012-10-29 17:08:48 +04:00
2013-01-17 14:37:45 +04:00
# Minimum size of an (binary) entry before it can be considered for dumping to disk
MIN_BINARY_DISK_DUMP_SIZE = 100
2016-07-17 01:21:16 +03:00
# Filenames of payloads xml files (in order of loading)
PAYLOAD_XML_FILES = ( " boolean_blind.xml " , " error_based.xml " , " inline_query.xml " , " stacked_queries.xml " , " time_blind.xml " , " union_query.xml " )
2012-10-29 17:08:48 +04:00
# Regular expression used for extracting form tags
FORM_SEARCH_REGEX = r " (?si)<form(?!.+<form).+?</form> "
2012-11-28 15:46:43 +04:00
2014-09-16 16:12:43 +04:00
# Maximum number of lines to save in history file
MAX_HISTORY_LENGTH = 1000
2013-01-18 14:00:21 +04:00
# Minimum field entry length needed for encoded content (hex, base64,...) check
MIN_ENCODED_LEN_CHECK = 5
2013-02-08 19:28:58 +04:00
# Timeout in seconds in which Metasploit remote session has to be initialized
2017-03-30 11:24:57 +03:00
METASPLOIT_SESSION_TIMEOUT = 120
2013-02-08 19:20:48 +04:00
2015-07-24 15:56:45 +03:00
# Reference: http://www.postgresql.org/docs/9.0/static/catalog-pg-largeobject.html
LOBLKSIZE = 2048
2019-03-05 14:24:41 +03:00
# Prefix used to mark special variables (e.g. keywords, having special chars, etc.)
EVALCODE_ENCODED_PREFIX = " EVAL_ "
2015-01-09 17:33:53 +03:00
2019-05-24 13:01:39 +03:00
# Reference: https://en.wikipedia.org/wiki/Zip_(file_format)
ZIP_HEADER = b " \x50 \x4b \x03 \x04 "
2013-02-12 15:42:12 +04:00
# Reference: http://www.cookiecentral.com/faq/#3.5
NETSCAPE_FORMAT_HEADER_COOKIES = " # Netscape HTTP Cookie File. "
2014-11-17 13:50:05 +03:00
# Infixes used for automatic recognition of parameters carrying anti-CSRF tokens
2018-09-18 23:05:52 +03:00
CSRF_TOKEN_PARAMETER_INFIXES = ( " csrf " , " xsrf " , " token " )
2014-10-23 16:00:53 +04:00
2013-05-09 16:26:29 +04:00
# Prefixes used in brute force search for web server document root
BRUTE_DOC_ROOT_PREFIXES = {
2014-08-21 03:12:44 +04:00
OS . LINUX : ( " /var/www " , " /usr/local/apache " , " /usr/local/apache2 " , " /usr/local/www/apache22 " , " /usr/local/www/apache24 " , " /usr/local/httpd " , " /var/www/nginx-default " , " /srv/www " , " /var/www/ % TARGET % " , " /var/www/vhosts/ % TARGET % " , " /var/www/virtual/ % TARGET % " , " /var/www/clients/vhosts/ % TARGET % " , " /var/www/clients/virtual/ % TARGET % " ) ,
2020-12-10 16:22:44 +03:00
OS . WINDOWS : ( " /xampp " , " /Program Files/xampp " , " /wamp " , " /Program Files/wampp " , " /Apache/Apache " , " /apache " , " /Program Files/Apache Group/Apache " , " /Program Files/Apache Group/Apache2 " , " /Program Files/Apache Group/Apache2.2 " , " /Program Files/Apache Group/Apache2.4 " , " /Inetpub/wwwroot " , " /Inetpub/wwwroot/ % TARGET % " , " /Inetpub/vhosts/ % TARGET % " )
2013-05-09 16:26:29 +04:00
}
# Suffixes used in brute force search for web server document root
2016-05-24 13:53:21 +03:00
BRUTE_DOC_ROOT_SUFFIXES = ( " " , " html " , " htdocs " , " httpdocs " , " php " , " public " , " src " , " site " , " build " , " web " , " www " , " data " , " sites/all " , " www/build " )
2013-05-09 16:26:29 +04:00
# String used for marking target name inside used brute force web server document root
BRUTE_DOC_ROOT_TARGET_MARK = " % TARGET % "
2013-06-11 00:14:45 +04:00
# Character used as a boundary in kb.chars (preferably less frequent letter)
KB_CHARS_BOUNDARY_CHAR = ' q '
2014-11-05 12:56:30 +03:00
# Letters of lower frequency used in kb.chars
KB_CHARS_LOW_FREQUENCY_ALPHABET = " zqxjkvbp "
2021-06-08 22:48:43 +03:00
# Printable bytes
PRINTABLE_BYTES = set ( bytes ( string . printable , " ascii " ) if six . PY3 else string . printable )
2019-03-19 16:48:12 +03:00
# SQL keywords used for splitting in HTTP chunked transfer encoded requests (switch --chunk)
2019-03-19 16:07:39 +03:00
HTTP_CHUNKED_SPLIT_KEYWORDS = ( " SELECT " , " UPDATE " , " INSERT " , " FROM " , " LOAD_FILE " , " UNION " , " information_schema " , " sysdatabases " , " msysaccessobjects " , " msysqueries " , " sysmodules " )
2019-03-19 15:26:29 +03:00
2012-11-28 15:46:43 +04:00
# CSS style used in HTML dump format
HTML_DUMP_CSS_STYLE = """ <style>
table {
2012-11-29 18:36:38 +04:00
margin : 10 ;
background - color : #FFFFFF;
font - family : verdana ;
font - size : 12 px ;
align : center ;
}
thead {
font - weight : bold ;
background - color : #4F81BD;
color : #FFFFFF;
}
tr : nth - child ( even ) {
background - color : #D3DFEE
2012-11-28 15:46:43 +04:00
}
td {
2018-09-05 00:24:40 +03:00
font - size : 12 px ;
2012-11-28 15:46:43 +04:00
}
2013-10-19 22:54:52 +04:00
th {
2018-09-05 00:24:40 +03:00
font - size : 12 px ;
2013-10-19 22:54:52 +04:00
}
2012-11-28 15:46:43 +04:00
< / style > """
2019-02-15 19:08:55 +03:00
# Leaving (dirty) possibility to change values from here (e.g. `export SQLMAP__MAX_NUMBER_OF_THREADS=20`)
for key , value in os . environ . items ( ) :
2020-04-21 02:26:28 +03:00
if key . upper ( ) . startswith ( " %s _ " % SQLMAP_ENVIRONMENT_PREFIX ) :
_ = key [ len ( SQLMAP_ENVIRONMENT_PREFIX ) + 1 : ] . upper ( )
2019-02-15 19:08:55 +03:00
if _ in globals ( ) :
2020-04-21 02:21:50 +03:00
original = globals ( ) [ _ ]
if isinstance ( original , int ) :
try :
globals ( ) [ _ ] = int ( value )
except ValueError :
pass
elif isinstance ( original , bool ) :
globals ( ) [ _ ] = value . lower ( ) in ( ' 1 ' , ' true ' )
elif isinstance ( original , ( list , tuple ) ) :
globals ( ) [ _ ] = [ __ . strip ( ) for __ in _ . split ( ' , ' ) ]
else :
globals ( ) [ _ ] = value
2019-04-17 18:19:22 +03:00
# Installing "reversible" unicode (decoding) error handler
2019-04-17 18:35:44 +03:00
def _reversible ( ex ) :
2020-02-17 13:43:12 +03:00
if INVALID_UNICODE_PRIVATE_AREA :
return ( u " " . join ( _unichr ( int ( ' 000f00 %2x ' % ( _ if isinstance ( _ , int ) else ord ( _ ) ) , 16 ) ) for _ in ex . object [ ex . start : ex . end ] ) , ex . end )
else :
return ( u " " . join ( INVALID_UNICODE_CHAR_FORMAT % ( _ if isinstance ( _ , int ) else ord ( _ ) ) for _ in ex . object [ ex . start : ex . end ] ) , ex . end )
2019-04-17 18:19:22 +03:00
2019-04-17 18:35:44 +03:00
codecs . register_error ( " reversible " , _reversible )