2019-05-08 13:47:52 +03:00
|
|
|
#!/usr/bin/env python
|
2008-10-15 19:38:22 +04:00
|
|
|
|
|
|
|
"""
|
2022-01-03 13:30:34 +03:00
|
|
|
Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
|
2017-10-11 15:50:46 +03:00
|
|
|
See the file 'LICENSE' for copying permission
|
2008-10-15 19:38:22 +04:00
|
|
|
"""
|
|
|
|
|
2019-01-22 03:28:24 +03:00
|
|
|
from __future__ import print_function
|
|
|
|
|
2018-09-27 10:15:53 +03:00
|
|
|
try:
|
|
|
|
import sys
|
2016-03-12 21:28:28 +03:00
|
|
|
|
2018-09-27 10:15:53 +03:00
|
|
|
sys.dont_write_bytecode = True
|
2016-03-12 21:28:28 +03:00
|
|
|
|
2018-09-27 10:15:53 +03:00
|
|
|
try:
|
|
|
|
__import__("lib.utils.versioncheck") # this has to be the first non-standard import
|
|
|
|
except ImportError:
|
2019-03-04 18:36:19 +03:00
|
|
|
sys.exit("[!] wrong installation detected (missing modules). Visit 'https://github.com/sqlmapproject/sqlmap/#installation' for further details")
|
2016-03-12 21:28:28 +03:00
|
|
|
|
2018-09-27 10:15:53 +03:00
|
|
|
import bdb
|
|
|
|
import glob
|
|
|
|
import inspect
|
|
|
|
import json
|
|
|
|
import logging
|
|
|
|
import os
|
|
|
|
import re
|
|
|
|
import shutil
|
|
|
|
import sys
|
2019-05-09 11:52:33 +03:00
|
|
|
import tempfile
|
2018-09-27 10:15:53 +03:00
|
|
|
import threading
|
|
|
|
import time
|
|
|
|
import traceback
|
|
|
|
import warnings
|
2010-03-28 00:50:19 +03:00
|
|
|
|
2022-06-22 12:58:09 +03:00
|
|
|
if "--deprecations" not in sys.argv:
|
|
|
|
warnings.filterwarnings(action="ignore", category=DeprecationWarning)
|
|
|
|
else:
|
|
|
|
warnings.resetwarnings()
|
|
|
|
|
2020-12-07 23:30:18 +03:00
|
|
|
warnings.filterwarnings(action="ignore", message="Python 2 is no longer supported")
|
2018-09-27 10:15:53 +03:00
|
|
|
warnings.filterwarnings(action="ignore", message=".*was already imported", category=UserWarning)
|
2019-11-06 13:26:32 +03:00
|
|
|
warnings.filterwarnings(action="ignore", message=".*using a very old release", category=UserWarning)
|
2019-11-19 14:56:56 +03:00
|
|
|
warnings.filterwarnings(action="ignore", message=".*default buffer size will be used", category=RuntimeWarning)
|
2019-11-19 15:02:53 +03:00
|
|
|
warnings.filterwarnings(action="ignore", category=UserWarning, module="psycopg2")
|
2008-10-15 19:38:22 +04:00
|
|
|
|
2018-09-27 10:15:53 +03:00
|
|
|
from lib.core.data import logger
|
2016-05-10 10:19:59 +03:00
|
|
|
|
|
|
|
from lib.core.common import banner
|
2016-07-17 01:04:30 +03:00
|
|
|
from lib.core.common import checkIntegrity
|
2019-03-15 17:36:13 +03:00
|
|
|
from lib.core.common import checkPipedInput
|
2016-05-10 10:19:59 +03:00
|
|
|
from lib.core.common import createGithubIssue
|
|
|
|
from lib.core.common import dataToStdout
|
2022-01-19 17:00:16 +03:00
|
|
|
from lib.core.common import extractRegexResult
|
2019-03-29 04:28:16 +03:00
|
|
|
from lib.core.common import filterNone
|
2019-04-15 16:15:12 +03:00
|
|
|
from lib.core.common import getDaysFromLastUpdate
|
2019-11-05 01:53:35 +03:00
|
|
|
from lib.core.common import getFileItems
|
2016-05-10 10:19:59 +03:00
|
|
|
from lib.core.common import getSafeExString
|
|
|
|
from lib.core.common import maskSensitiveData
|
2017-07-03 17:55:24 +03:00
|
|
|
from lib.core.common import openFile
|
2016-05-10 10:19:59 +03:00
|
|
|
from lib.core.common import setPaths
|
|
|
|
from lib.core.common import weAreFrozen
|
2019-05-06 01:54:21 +03:00
|
|
|
from lib.core.convert import getUnicode
|
2016-05-31 14:21:08 +03:00
|
|
|
from lib.core.common import MKSTEMP_PREFIX
|
2019-01-30 02:45:38 +03:00
|
|
|
from lib.core.common import setColor
|
2019-06-04 15:48:51 +03:00
|
|
|
from lib.core.common import unhandledExceptionMessage
|
2022-04-05 01:12:09 +03:00
|
|
|
from lib.core.compat import LooseVersion
|
|
|
|
from lib.core.compat import xrange
|
2021-10-17 00:12:18 +03:00
|
|
|
from lib.core.data import cmdLineOptions
|
|
|
|
from lib.core.data import conf
|
|
|
|
from lib.core.data import kb
|
|
|
|
from lib.core.datatype import OrderedSet
|
2016-05-10 10:19:59 +03:00
|
|
|
from lib.core.exception import SqlmapBaseException
|
|
|
|
from lib.core.exception import SqlmapShellQuitException
|
|
|
|
from lib.core.exception import SqlmapSilentQuitException
|
|
|
|
from lib.core.exception import SqlmapUserQuitException
|
|
|
|
from lib.core.option import init
|
2019-06-04 15:48:51 +03:00
|
|
|
from lib.core.option import initOptions
|
2018-06-13 00:02:38 +03:00
|
|
|
from lib.core.patch import dirtyPatches
|
2019-05-06 01:54:21 +03:00
|
|
|
from lib.core.patch import resolveCrossReferences
|
2016-06-18 02:21:57 +03:00
|
|
|
from lib.core.settings import GIT_PAGE
|
2016-05-10 10:19:59 +03:00
|
|
|
from lib.core.settings import IS_WIN
|
2019-04-15 16:15:12 +03:00
|
|
|
from lib.core.settings import LAST_UPDATE_NAGGING_DAYS
|
2016-05-10 10:19:59 +03:00
|
|
|
from lib.core.settings import LEGAL_DISCLAIMER
|
2016-05-17 14:54:42 +03:00
|
|
|
from lib.core.settings import THREAD_FINALIZATION_TIMEOUT
|
2016-06-19 18:44:47 +03:00
|
|
|
from lib.core.settings import UNICODE_ENCODING
|
2016-05-10 10:19:59 +03:00
|
|
|
from lib.core.settings import VERSION
|
|
|
|
from lib.parse.cmdline import cmdLineParser
|
2019-11-05 01:53:35 +03:00
|
|
|
from lib.utils.crawler import crawl
|
2016-05-10 10:19:59 +03:00
|
|
|
except KeyboardInterrupt:
|
|
|
|
errMsg = "user aborted"
|
|
|
|
|
2018-09-27 10:15:53 +03:00
|
|
|
if "logger" in globals():
|
2018-10-03 12:27:51 +03:00
|
|
|
logger.critical(errMsg)
|
2018-09-27 10:15:53 +03:00
|
|
|
raise SystemExit
|
|
|
|
else:
|
|
|
|
import time
|
2019-03-04 18:36:19 +03:00
|
|
|
sys.exit("\r[%s] [CRITICAL] %s" % (time.strftime("%X"), errMsg))
|
2013-02-06 13:28:17 +04:00
|
|
|
|
|
|
|
def modulePath():
|
|
|
|
"""
|
|
|
|
This will get us the program's directory, even if we are frozen
|
|
|
|
using py2exe
|
|
|
|
"""
|
|
|
|
|
2013-05-29 12:20:43 +04:00
|
|
|
try:
|
|
|
|
_ = sys.executable if weAreFrozen() else __file__
|
|
|
|
except NameError:
|
|
|
|
_ = inspect.getsourcefile(modulePath)
|
|
|
|
|
2016-06-19 18:44:47 +03:00
|
|
|
return getUnicode(os.path.dirname(os.path.realpath(_)), encoding=sys.getfilesystemencoding() or UNICODE_ENCODING)
|
2013-02-06 13:28:17 +04:00
|
|
|
|
2016-05-06 11:23:57 +03:00
|
|
|
def checkEnvironment():
|
|
|
|
try:
|
2016-08-02 01:17:59 +03:00
|
|
|
os.path.isdir(modulePath())
|
2016-05-06 11:23:57 +03:00
|
|
|
except UnicodeEncodeError:
|
|
|
|
errMsg = "your system does not properly handle non-ASCII paths. "
|
|
|
|
errMsg += "Please move the sqlmap's directory to the other location"
|
|
|
|
logger.critical(errMsg)
|
|
|
|
raise SystemExit
|
|
|
|
|
2021-10-07 01:29:31 +03:00
|
|
|
if LooseVersion(VERSION) < LooseVersion("1.0"):
|
2016-05-06 11:23:57 +03:00
|
|
|
errMsg = "your runtime environment (e.g. PYTHONPATH) is "
|
|
|
|
errMsg += "broken. Please make sure that you are not running "
|
|
|
|
errMsg += "newer versions of sqlmap with runtime scripts for older "
|
|
|
|
errMsg += "versions"
|
|
|
|
logger.critical(errMsg)
|
|
|
|
raise SystemExit
|
|
|
|
|
2016-09-04 04:09:28 +03:00
|
|
|
# Patch for pip (import) environment
|
2016-09-04 02:33:52 +03:00
|
|
|
if "sqlmap.sqlmap" in sys.modules:
|
2016-09-04 04:09:28 +03:00
|
|
|
for _ in ("cmdLineOptions", "conf", "kb"):
|
|
|
|
globals()[_] = getattr(sys.modules["lib.core.data"], _)
|
|
|
|
|
|
|
|
for _ in ("SqlmapBaseException", "SqlmapShellQuitException", "SqlmapSilentQuitException", "SqlmapUserQuitException"):
|
|
|
|
globals()[_] = getattr(sys.modules["lib.core.exception"], _)
|
|
|
|
|
2013-02-06 13:28:17 +04:00
|
|
|
def main():
|
|
|
|
"""
|
|
|
|
Main function of sqlmap when running from command line.
|
|
|
|
"""
|
|
|
|
|
|
|
|
try:
|
2018-06-13 00:02:38 +03:00
|
|
|
dirtyPatches()
|
2019-05-06 01:54:21 +03:00
|
|
|
resolveCrossReferences()
|
2016-05-06 11:23:57 +03:00
|
|
|
checkEnvironment()
|
2016-08-02 01:17:59 +03:00
|
|
|
setPaths(modulePath())
|
2016-04-19 14:45:49 +03:00
|
|
|
banner()
|
2013-02-06 13:28:17 +04:00
|
|
|
|
|
|
|
# Store original command line options for possible later restoration
|
2019-11-21 17:58:04 +03:00
|
|
|
args = cmdLineParser()
|
|
|
|
cmdLineOptions.update(args.__dict__ if hasattr(args, "__dict__") else args)
|
2013-02-06 13:28:17 +04:00
|
|
|
initOptions(cmdLineOptions)
|
|
|
|
|
2019-03-15 17:36:13 +03:00
|
|
|
if checkPipedInput():
|
|
|
|
conf.batch = True
|
|
|
|
|
2017-04-10 20:21:22 +03:00
|
|
|
if conf.get("api"):
|
2016-09-28 15:48:33 +03:00
|
|
|
# heavy imports
|
|
|
|
from lib.utils.api import StdDbOut
|
|
|
|
from lib.utils.api import setRestAPILog
|
|
|
|
|
2013-02-06 13:28:17 +04:00
|
|
|
# Overwrite system standard output and standard error to write
|
|
|
|
# to an IPC database
|
|
|
|
sys.stdout = StdDbOut(conf.taskid, messagetype="stdout")
|
|
|
|
sys.stderr = StdDbOut(conf.taskid, messagetype="stderr")
|
2022-04-05 01:12:09 +03:00
|
|
|
|
2013-02-06 13:28:17 +04:00
|
|
|
setRestAPILog()
|
|
|
|
|
2014-09-16 18:28:38 +04:00
|
|
|
conf.showTime = True
|
2013-02-06 13:28:17 +04:00
|
|
|
dataToStdout("[!] legal disclaimer: %s\n\n" % LEGAL_DISCLAIMER, forceOutput=True)
|
2018-11-02 00:59:20 +03:00
|
|
|
dataToStdout("[*] starting @ %s\n\n" % time.strftime("%X /%Y-%m-%d/"), forceOutput=True)
|
2013-02-06 13:28:17 +04:00
|
|
|
|
|
|
|
init()
|
|
|
|
|
2017-12-04 17:40:59 +03:00
|
|
|
if not conf.updateAll:
|
|
|
|
# Postponed imports (faster start)
|
2018-06-20 14:51:03 +03:00
|
|
|
if conf.smokeTest:
|
2017-12-04 17:40:59 +03:00
|
|
|
from lib.core.testing import smokeTest
|
2019-04-19 15:36:23 +03:00
|
|
|
os._exitcode = 1 - (smokeTest() or 0)
|
2019-04-19 14:28:11 +03:00
|
|
|
elif conf.vulnTest:
|
|
|
|
from lib.core.testing import vulnTest
|
2019-04-19 15:36:23 +03:00
|
|
|
os._exitcode = 1 - (vulnTest() or 0)
|
2017-12-04 17:40:59 +03:00
|
|
|
else:
|
|
|
|
from lib.controller.controller import start
|
2021-01-07 15:52:38 +03:00
|
|
|
if conf.profile:
|
2018-06-20 14:51:03 +03:00
|
|
|
from lib.core.profiling import profile
|
|
|
|
globals()["start"] = start
|
|
|
|
profile()
|
|
|
|
else:
|
|
|
|
try:
|
2019-11-05 01:53:35 +03:00
|
|
|
if conf.crawlDepth and conf.bulkFile:
|
|
|
|
targets = getFileItems(conf.bulkFile)
|
|
|
|
|
|
|
|
for i in xrange(len(targets)):
|
2021-03-07 22:35:51 +03:00
|
|
|
target = None
|
|
|
|
|
2019-11-05 01:53:35 +03:00
|
|
|
try:
|
2021-10-17 00:12:18 +03:00
|
|
|
kb.targets = OrderedSet()
|
2019-11-05 01:53:35 +03:00
|
|
|
target = targets[i]
|
|
|
|
|
|
|
|
if not re.search(r"(?i)\Ahttp[s]*://", target):
|
|
|
|
target = "http://%s" % target
|
|
|
|
|
|
|
|
infoMsg = "starting crawler for target URL '%s' (%d/%d)" % (target, i + 1, len(targets))
|
|
|
|
logger.info(infoMsg)
|
|
|
|
|
|
|
|
crawl(target)
|
|
|
|
except Exception as ex:
|
2021-03-07 22:35:51 +03:00
|
|
|
if target and not isinstance(ex, SqlmapUserQuitException):
|
2019-11-05 01:53:35 +03:00
|
|
|
errMsg = "problem occurred while crawling '%s' ('%s')" % (target, getSafeExString(ex))
|
|
|
|
logger.error(errMsg)
|
2019-11-09 03:01:19 +03:00
|
|
|
else:
|
|
|
|
raise
|
2019-11-05 01:53:35 +03:00
|
|
|
else:
|
|
|
|
if kb.targets:
|
|
|
|
start()
|
|
|
|
else:
|
|
|
|
start()
|
2019-03-27 02:58:12 +03:00
|
|
|
except Exception as ex:
|
2019-04-19 15:36:23 +03:00
|
|
|
os._exitcode = 1
|
|
|
|
|
2018-06-20 14:51:03 +03:00
|
|
|
if "can't start new thread" in getSafeExString(ex):
|
|
|
|
errMsg = "unable to start new threads. Please check OS (u)limits"
|
|
|
|
logger.critical(errMsg)
|
|
|
|
raise SystemExit
|
|
|
|
else:
|
|
|
|
raise
|
2013-02-06 13:28:17 +04:00
|
|
|
|
|
|
|
except SqlmapUserQuitException:
|
2018-12-21 12:38:27 +03:00
|
|
|
if not conf.batch:
|
|
|
|
errMsg = "user quit"
|
|
|
|
logger.error(errMsg)
|
2013-02-06 13:28:17 +04:00
|
|
|
|
|
|
|
except (SqlmapSilentQuitException, bdb.BdbQuit):
|
|
|
|
pass
|
|
|
|
|
2014-09-16 16:12:43 +04:00
|
|
|
except SqlmapShellQuitException:
|
|
|
|
cmdLineOptions.sqlmapShell = False
|
|
|
|
|
|
|
|
except SqlmapBaseException as ex:
|
2015-09-10 16:51:33 +03:00
|
|
|
errMsg = getSafeExString(ex)
|
2018-12-17 17:00:57 +03:00
|
|
|
logger.critical(errMsg)
|
|
|
|
|
2020-05-13 13:39:37 +03:00
|
|
|
os._exitcode = 1
|
|
|
|
|
2015-10-12 11:05:49 +03:00
|
|
|
raise SystemExit
|
2013-02-06 13:28:17 +04:00
|
|
|
|
|
|
|
except KeyboardInterrupt:
|
2019-01-22 03:28:24 +03:00
|
|
|
print()
|
2015-12-28 13:39:46 +03:00
|
|
|
|
2013-02-06 13:28:17 +04:00
|
|
|
except EOFError:
|
2019-01-22 03:28:24 +03:00
|
|
|
print()
|
2015-12-28 13:39:46 +03:00
|
|
|
|
2018-12-17 17:00:57 +03:00
|
|
|
errMsg = "exit"
|
|
|
|
logger.error(errMsg)
|
2013-02-06 13:28:17 +04:00
|
|
|
|
2020-05-13 13:39:37 +03:00
|
|
|
except SystemExit as ex:
|
|
|
|
os._exitcode = ex.code or 0
|
2013-02-06 13:28:17 +04:00
|
|
|
|
|
|
|
except:
|
2019-01-22 03:28:24 +03:00
|
|
|
print()
|
2013-02-06 13:28:17 +04:00
|
|
|
errMsg = unhandledExceptionMessage()
|
2014-10-27 02:37:46 +03:00
|
|
|
excMsg = traceback.format_exc()
|
2017-04-11 11:01:37 +03:00
|
|
|
valid = checkIntegrity()
|
2014-10-28 16:08:06 +03:00
|
|
|
|
2020-05-13 13:39:37 +03:00
|
|
|
os._exitcode = 255
|
|
|
|
|
2019-12-06 00:20:00 +03:00
|
|
|
if any(_ in excMsg for _ in ("MemoryError", "Cannot allocate memory")):
|
2018-12-17 17:00:57 +03:00
|
|
|
errMsg = "memory exhaustion detected"
|
|
|
|
logger.critical(errMsg)
|
|
|
|
raise SystemExit
|
|
|
|
|
2019-01-22 12:12:17 +03:00
|
|
|
elif any(_ in excMsg for _ in ("No space left", "Disk quota exceeded", "Disk full while accessing")):
|
2018-12-17 17:00:57 +03:00
|
|
|
errMsg = "no space left on output device"
|
|
|
|
logger.critical(errMsg)
|
|
|
|
raise SystemExit
|
|
|
|
|
2019-01-22 12:12:17 +03:00
|
|
|
elif any(_ in excMsg for _ in ("The paging file is too small",)):
|
|
|
|
errMsg = "no space left for paging file"
|
|
|
|
logger.critical(errMsg)
|
|
|
|
raise SystemExit
|
|
|
|
|
2019-09-24 11:24:43 +03:00
|
|
|
elif all(_ in excMsg for _ in ("Access is denied", "subprocess", "metasploit")):
|
|
|
|
errMsg = "permission error occurred while running Metasploit"
|
|
|
|
logger.critical(errMsg)
|
|
|
|
raise SystemExit
|
|
|
|
|
2019-12-27 16:38:22 +03:00
|
|
|
elif all(_ in excMsg for _ in ("Permission denied", "metasploit")):
|
|
|
|
errMsg = "permission error occurred while using Metasploit"
|
|
|
|
logger.critical(errMsg)
|
|
|
|
raise SystemExit
|
|
|
|
|
2018-12-17 17:00:57 +03:00
|
|
|
elif "Read-only file system" in excMsg:
|
|
|
|
errMsg = "output device is mounted as read-only"
|
|
|
|
logger.critical(errMsg)
|
|
|
|
raise SystemExit
|
|
|
|
|
2020-07-15 15:53:35 +03:00
|
|
|
elif "Insufficient system resources" in excMsg:
|
|
|
|
errMsg = "resource exhaustion detected"
|
|
|
|
logger.critical(errMsg)
|
|
|
|
raise SystemExit
|
|
|
|
|
2018-12-17 17:00:57 +03:00
|
|
|
elif "OperationalError: disk I/O error" in excMsg:
|
|
|
|
errMsg = "I/O error on output device"
|
|
|
|
logger.critical(errMsg)
|
|
|
|
raise SystemExit
|
2015-12-28 13:39:46 +03:00
|
|
|
|
2018-12-17 17:00:57 +03:00
|
|
|
elif "Violation of BIDI" in excMsg:
|
|
|
|
errMsg = "invalid URL (violation of Bidi IDNA rule - RFC 5893)"
|
|
|
|
logger.critical(errMsg)
|
|
|
|
raise SystemExit
|
|
|
|
|
2019-05-13 13:21:17 +03:00
|
|
|
elif "Invalid IPv6 URL" in excMsg:
|
|
|
|
errMsg = "invalid URL ('%s')" % excMsg.strip().split('\n')[-1]
|
|
|
|
logger.critical(errMsg)
|
|
|
|
raise SystemExit
|
|
|
|
|
2018-12-17 17:00:57 +03:00
|
|
|
elif "_mkstemp_inner" in excMsg:
|
|
|
|
errMsg = "there has been a problem while accessing temporary files"
|
|
|
|
logger.critical(errMsg)
|
|
|
|
raise SystemExit
|
2015-12-28 13:39:46 +03:00
|
|
|
|
2020-09-04 11:48:35 +03:00
|
|
|
elif any(_ in excMsg for _ in ("tempfile.mkdtemp", "tempfile.mkstemp", "tempfile.py")):
|
2019-05-09 11:52:33 +03:00
|
|
|
errMsg = "unable to write to the temporary directory '%s'. " % tempfile.gettempdir()
|
|
|
|
errMsg += "Please make sure that your disk is not full and "
|
|
|
|
errMsg += "that you have sufficient write permissions to "
|
|
|
|
errMsg += "create temporary files and/or directories"
|
|
|
|
logger.critical(errMsg)
|
|
|
|
raise SystemExit
|
|
|
|
|
2020-12-18 14:13:07 +03:00
|
|
|
elif "Permission denied: '" in excMsg:
|
|
|
|
match = re.search(r"Permission denied: '([^']*)", excMsg)
|
|
|
|
errMsg = "permission error occurred while accessing file '%s'" % match.group(1)
|
|
|
|
logger.critical(errMsg)
|
|
|
|
raise SystemExit
|
|
|
|
|
2018-12-17 17:00:57 +03:00
|
|
|
elif all(_ in excMsg for _ in ("twophase", "sqlalchemy")):
|
|
|
|
errMsg = "please update the 'sqlalchemy' package (>= 1.1.11) "
|
2020-12-10 16:22:44 +03:00
|
|
|
errMsg += "(Reference: 'https://qiita.com/tkprof/items/7d7b2d00df9c5f16fffe')"
|
2018-12-17 17:00:57 +03:00
|
|
|
logger.critical(errMsg)
|
|
|
|
raise SystemExit
|
|
|
|
|
2022-04-21 16:03:22 +03:00
|
|
|
elif "invalid maximum character passed to PyUnicode_New" in excMsg and re.search(r"\A3\.[34]", sys.version) is not None:
|
|
|
|
errMsg = "please upgrade the Python version (>= 3.5) "
|
|
|
|
errMsg += "(Reference: 'https://bugs.python.org/issue18183')"
|
|
|
|
logger.critical(errMsg)
|
|
|
|
raise SystemExit
|
|
|
|
|
2018-12-17 17:00:57 +03:00
|
|
|
elif all(_ in excMsg for _ in ("scramble_caching_sha2", "TypeError")):
|
|
|
|
errMsg = "please downgrade the 'PyMySQL' package (=< 0.8.1) "
|
2020-12-10 16:22:44 +03:00
|
|
|
errMsg += "(Reference: 'https://github.com/PyMySQL/PyMySQL/issues/700')"
|
2018-12-17 17:00:57 +03:00
|
|
|
logger.critical(errMsg)
|
|
|
|
raise SystemExit
|
|
|
|
|
|
|
|
elif "must be pinned buffer, not bytearray" in excMsg:
|
|
|
|
errMsg = "error occurred at Python interpreter which "
|
2019-05-08 14:38:07 +03:00
|
|
|
errMsg += "is fixed in 2.7. Please update accordingly "
|
2020-12-10 16:22:44 +03:00
|
|
|
errMsg += "(Reference: 'https://bugs.python.org/issue8104')"
|
2018-12-17 17:00:57 +03:00
|
|
|
logger.critical(errMsg)
|
|
|
|
raise SystemExit
|
2021-11-27 22:24:28 +03:00
|
|
|
|
2022-01-19 17:00:16 +03:00
|
|
|
elif all(_ in excMsg for _ in ("OSError: [Errno 22] Invalid argument: '", "importlib")):
|
|
|
|
errMsg = "unable to read file '%s'" % extractRegexResult(r"OSError: \[Errno 22\] Invalid argument: '(?P<result>[^']+)", excMsg)
|
|
|
|
logger.critical(errMsg)
|
|
|
|
raise SystemExit
|
|
|
|
|
2021-11-27 22:24:28 +03:00
|
|
|
elif "hash_randomization" in excMsg:
|
|
|
|
errMsg = "error occurred at Python interpreter which "
|
|
|
|
errMsg += "is fixed in 2.7.3. Please update accordingly "
|
|
|
|
errMsg += "(Reference: 'https://docs.python.org/2/library/sys.html')"
|
|
|
|
logger.critical(errMsg)
|
|
|
|
raise SystemExit
|
2018-12-17 17:00:57 +03:00
|
|
|
|
2022-05-13 18:50:14 +03:00
|
|
|
elif "AttributeError: unable to access item" in excMsg and re.search(r"3\.11\.\d+a", sys.version):
|
|
|
|
errMsg = "there is a known issue when sqlmap is run with ALPHA versions of Python 3.11. "
|
|
|
|
errMsg += "Please downgrade to some stable Python version"
|
|
|
|
logger.critical(errMsg)
|
|
|
|
raise SystemExit
|
|
|
|
|
2020-03-13 00:36:12 +03:00
|
|
|
elif all(_ in excMsg for _ in ("Resource temporarily unavailable", "os.fork()", "dictionaryAttack")):
|
|
|
|
errMsg = "there has been a problem while running the multiprocessing hash cracking. "
|
|
|
|
errMsg += "Please rerun with option '--threads=1'"
|
|
|
|
logger.critical(errMsg)
|
|
|
|
raise SystemExit
|
|
|
|
|
2018-12-17 17:00:57 +03:00
|
|
|
elif "can't start new thread" in excMsg:
|
|
|
|
errMsg = "there has been a problem while creating new thread instance. "
|
|
|
|
errMsg += "Please make sure that you are not running too many processes"
|
|
|
|
if not IS_WIN:
|
|
|
|
errMsg += " (or increase the 'ulimit -u' value)"
|
|
|
|
logger.critical(errMsg)
|
|
|
|
raise SystemExit
|
|
|
|
|
2019-07-17 14:03:48 +03:00
|
|
|
elif "can't allocate read lock" in excMsg:
|
|
|
|
errMsg = "there has been a problem in regular socket operation "
|
|
|
|
errMsg += "('%s')" % excMsg.strip().split('\n')[-1]
|
|
|
|
logger.critical(errMsg)
|
|
|
|
raise SystemExit
|
|
|
|
|
2018-12-17 17:00:57 +03:00
|
|
|
elif all(_ in excMsg for _ in ("pymysql", "configparser")):
|
2022-03-08 01:10:39 +03:00
|
|
|
errMsg = "wrong initialization of 'pymsql' detected (using Python3 dependencies)"
|
2018-12-17 17:00:57 +03:00
|
|
|
logger.critical(errMsg)
|
|
|
|
raise SystemExit
|
2019-12-05 15:56:46 +03:00
|
|
|
|
2020-02-06 16:20:33 +03:00
|
|
|
elif all(_ in excMsg for _ in ("ntlm", "socket.error, err", "SyntaxError")):
|
2022-03-08 01:10:39 +03:00
|
|
|
errMsg = "wrong initialization of 'python-ntlm' detected (using Python2 syntax)"
|
2020-02-06 16:20:33 +03:00
|
|
|
logger.critical(errMsg)
|
|
|
|
raise SystemExit
|
|
|
|
|
2020-01-20 17:33:45 +03:00
|
|
|
elif all(_ in excMsg for _ in ("drda", "to_bytes")):
|
2022-03-08 01:10:39 +03:00
|
|
|
errMsg = "wrong initialization of 'drda' detected (using Python3 syntax)"
|
2020-01-20 17:33:45 +03:00
|
|
|
logger.critical(errMsg)
|
|
|
|
raise SystemExit
|
|
|
|
|
2021-04-02 13:56:31 +03:00
|
|
|
elif "'WebSocket' object has no attribute 'status'" in excMsg:
|
|
|
|
errMsg = "wrong websocket library detected"
|
|
|
|
errMsg += " (Reference: 'https://github.com/sqlmapproject/sqlmap/issues/4572#issuecomment-775041086')"
|
|
|
|
logger.critical(errMsg)
|
|
|
|
raise SystemExit
|
|
|
|
|
2019-12-05 15:56:46 +03:00
|
|
|
elif all(_ in excMsg for _ in ("window = tkinter.Tk()",)):
|
|
|
|
errMsg = "there has been a problem in initialization of GUI interface "
|
|
|
|
errMsg += "('%s')" % excMsg.strip().split('\n')[-1]
|
|
|
|
logger.critical(errMsg)
|
2020-02-06 16:26:42 +03:00
|
|
|
raise SystemExit
|
|
|
|
|
|
|
|
elif any(_ in excMsg for _ in ("unable to access item 'liveTest'",)):
|
|
|
|
errMsg = "detected usage of files from different versions of sqlmap"
|
|
|
|
logger.critical(errMsg)
|
2019-12-05 15:56:46 +03:00
|
|
|
raise SystemExit
|
2018-12-17 17:00:57 +03:00
|
|
|
|
2019-12-06 00:20:00 +03:00
|
|
|
elif kb.get("dumpKeyboardInterrupt"):
|
|
|
|
raise SystemExit
|
|
|
|
|
|
|
|
elif any(_ in excMsg for _ in ("Broken pipe",)):
|
|
|
|
raise SystemExit
|
|
|
|
|
|
|
|
elif valid is False:
|
|
|
|
errMsg = "code integrity check failed (turning off automatic issue creation). "
|
|
|
|
errMsg += "You should retrieve the latest development version from official GitHub "
|
|
|
|
errMsg += "repository at '%s'" % GIT_PAGE
|
2018-12-17 17:00:57 +03:00
|
|
|
logger.critical(errMsg)
|
2019-12-06 00:20:00 +03:00
|
|
|
print()
|
|
|
|
dataToStdout(excMsg)
|
2018-12-17 17:00:57 +03:00
|
|
|
raise SystemExit
|
|
|
|
|
2022-03-11 20:31:05 +03:00
|
|
|
elif any(_ in "%s\n%s" % (errMsg, excMsg) for _ in ("tamper/", "waf/", "--engagement-dojo")):
|
2019-12-06 00:20:00 +03:00
|
|
|
logger.critical(errMsg)
|
|
|
|
print()
|
|
|
|
dataToStdout(excMsg)
|
2018-12-17 17:00:57 +03:00
|
|
|
raise SystemExit
|
|
|
|
|
2022-02-11 11:01:10 +03:00
|
|
|
elif any(_ in excMsg for _ in ("ImportError", "ModuleNotFoundError", "<frozen", "Can't find file for module", "SAXReaderNotAvailable", "source code string cannot contain null bytes", "No module named", "tp_name field", "module 'sqlite3' has no attribute 'OperationalError'")):
|
2019-12-06 00:20:00 +03:00
|
|
|
errMsg = "invalid runtime environment ('%s')" % excMsg.split("Error: ")[-1].strip()
|
|
|
|
logger.critical(errMsg)
|
|
|
|
raise SystemExit
|
|
|
|
|
2020-07-16 15:22:32 +03:00
|
|
|
elif all(_ in excMsg for _ in ("SyntaxError: Non-ASCII character", ".py on line", "but no encoding declared")):
|
2019-12-06 00:20:00 +03:00
|
|
|
errMsg = "invalid runtime environment ('%s')" % excMsg.split("Error: ")[-1].strip()
|
|
|
|
logger.critical(errMsg)
|
|
|
|
raise SystemExit
|
|
|
|
|
2022-05-13 18:45:17 +03:00
|
|
|
elif all(_ in excMsg for _ in ("PermissionError: [WinError 5]", "multiprocessing")):
|
|
|
|
errMsg = "there is a permission problem in running multiprocessing on this system. "
|
|
|
|
errMsg += "Please rerun with '--disable-multi'"
|
|
|
|
logger.critical(errMsg)
|
|
|
|
raise SystemExit
|
|
|
|
|
2019-12-06 00:20:00 +03:00
|
|
|
elif all(_ in excMsg for _ in ("No such file", "_'")):
|
|
|
|
errMsg = "corrupted installation detected ('%s'). " % excMsg.strip().split('\n')[-1]
|
|
|
|
errMsg += "You should retrieve the latest development version from official GitHub "
|
|
|
|
errMsg += "repository at '%s'" % GIT_PAGE
|
|
|
|
logger.critical(errMsg)
|
|
|
|
raise SystemExit
|
|
|
|
|
2021-03-31 11:42:40 +03:00
|
|
|
elif all(_ in excMsg for _ in ("No such file", "sqlmap.conf", "Test")):
|
|
|
|
errMsg = "you are trying to run (hidden) development tests inside the production environment"
|
|
|
|
logger.critical(errMsg)
|
|
|
|
raise SystemExit
|
|
|
|
|
2020-09-09 14:58:26 +03:00
|
|
|
elif all(_ in excMsg for _ in ("HTTPNtlmAuthHandler", "'str' object has no attribute 'decode'")):
|
|
|
|
errMsg = "package 'python-ntlm' has a known compatibility issue with the "
|
2020-12-10 16:22:44 +03:00
|
|
|
errMsg += "Python 3 (Reference: 'https://github.com/mullender/python-ntlm/pull/61')"
|
2020-09-09 14:58:26 +03:00
|
|
|
logger.critical(errMsg)
|
|
|
|
raise SystemExit
|
|
|
|
|
2019-12-06 00:20:00 +03:00
|
|
|
elif "'DictObject' object has no attribute '" in excMsg and all(_ in errMsg for _ in ("(fingerprinted)", "(identified)")):
|
|
|
|
errMsg = "there has been a problem in enumeration. "
|
|
|
|
errMsg += "Because of a considerable chance of false-positive case "
|
|
|
|
errMsg += "you are advised to rerun with switch '--flush-session'"
|
|
|
|
logger.critical(errMsg)
|
|
|
|
raise SystemExit
|
|
|
|
|
2021-12-24 18:11:05 +03:00
|
|
|
elif "AttributeError: 'module' object has no attribute 'F_GETFD'" in excMsg:
|
|
|
|
errMsg = "invalid runtime (\"%s\") " % excMsg.split("Error: ")[-1].strip()
|
|
|
|
errMsg += "(Reference: 'https://stackoverflow.com/a/38841364' & 'https://bugs.python.org/issue24944#msg249231')"
|
|
|
|
logger.critical(errMsg)
|
|
|
|
raise SystemExit
|
|
|
|
|
2019-12-06 00:20:00 +03:00
|
|
|
elif "bad marshal data (unknown type code)" in excMsg:
|
|
|
|
match = re.search(r"\s*(.+)\s+ValueError", excMsg)
|
|
|
|
errMsg = "one of your .pyc files are corrupted%s" % (" ('%s')" % match.group(1) if match else "")
|
|
|
|
errMsg += ". Please delete .pyc files on your system to fix the problem"
|
|
|
|
logger.critical(errMsg)
|
2018-12-17 17:00:57 +03:00
|
|
|
raise SystemExit
|
|
|
|
|
|
|
|
for match in re.finditer(r'File "(.+?)", line', excMsg):
|
|
|
|
file_ = match.group(1)
|
2019-05-21 15:39:30 +03:00
|
|
|
try:
|
|
|
|
file_ = os.path.relpath(file_, os.path.dirname(__file__))
|
|
|
|
except ValueError:
|
|
|
|
pass
|
2018-12-17 17:00:57 +03:00
|
|
|
file_ = file_.replace("\\", '/')
|
|
|
|
if "../" in file_:
|
|
|
|
file_ = re.sub(r"(\.\./)+", '/', file_)
|
2016-02-16 11:15:57 +03:00
|
|
|
else:
|
2018-12-17 17:00:57 +03:00
|
|
|
file_ = file_.lstrip('/')
|
|
|
|
file_ = re.sub(r"/{2,}", '/', file_)
|
|
|
|
excMsg = excMsg.replace(match.group(1), file_)
|
|
|
|
|
|
|
|
errMsg = maskSensitiveData(errMsg)
|
|
|
|
excMsg = maskSensitiveData(excMsg)
|
2016-02-16 11:15:57 +03:00
|
|
|
|
2018-12-17 17:00:57 +03:00
|
|
|
if conf.get("api") or not valid:
|
|
|
|
logger.critical("%s\n%s" % (errMsg, excMsg))
|
|
|
|
else:
|
|
|
|
logger.critical(errMsg)
|
2019-01-30 02:45:38 +03:00
|
|
|
dataToStdout("%s\n" % setColor(excMsg.strip(), level=logging.CRITICAL))
|
2018-12-17 17:00:57 +03:00
|
|
|
createGithubIssue(errMsg, excMsg)
|
2013-02-06 13:28:17 +04:00
|
|
|
|
|
|
|
finally:
|
|
|
|
kb.threadContinue = False
|
|
|
|
|
2020-07-07 12:31:07 +03:00
|
|
|
if getDaysFromLastUpdate() > LAST_UPDATE_NAGGING_DAYS:
|
|
|
|
warnMsg = "your sqlmap version is outdated"
|
2019-04-15 16:15:12 +03:00
|
|
|
logger.warn(warnMsg)
|
|
|
|
|
2016-01-11 02:03:22 +03:00
|
|
|
if conf.get("showTime"):
|
2018-11-02 00:59:20 +03:00
|
|
|
dataToStdout("\n[*] ending @ %s\n\n" % time.strftime("%X /%Y-%m-%d/"), forceOutput=True)
|
2016-01-11 02:03:22 +03:00
|
|
|
|
2016-06-19 18:17:01 +03:00
|
|
|
kb.threadException = True
|
|
|
|
|
2016-01-11 01:27:32 +03:00
|
|
|
if kb.get("tempDir"):
|
2016-07-13 15:09:33 +03:00
|
|
|
for prefix in (MKSTEMP_PREFIX.IPC, MKSTEMP_PREFIX.TESTING, MKSTEMP_PREFIX.COOKIE_JAR, MKSTEMP_PREFIX.BIG_ARRAY):
|
|
|
|
for filepath in glob.glob(os.path.join(kb.tempDir, "%s*" % prefix)):
|
|
|
|
try:
|
|
|
|
os.remove(filepath)
|
|
|
|
except OSError:
|
|
|
|
pass
|
2019-05-02 12:26:31 +03:00
|
|
|
|
2019-05-06 16:39:11 +03:00
|
|
|
if not filterNone(filepath for filepath in glob.glob(os.path.join(kb.tempDir, '*')) if not any(filepath.endswith(_) for _ in (".lock", ".exe", ".so", '_'))): # ignore junk files
|
2019-05-02 12:26:31 +03:00
|
|
|
try:
|
|
|
|
shutil.rmtree(kb.tempDir, ignore_errors=True)
|
|
|
|
except OSError:
|
|
|
|
pass
|
2016-01-11 01:27:32 +03:00
|
|
|
|
2013-02-06 13:28:17 +04:00
|
|
|
if conf.get("hashDB"):
|
2018-12-17 17:00:57 +03:00
|
|
|
conf.hashDB.flush(True)
|
2021-09-29 22:38:59 +03:00
|
|
|
conf.hashDB.close() # NOTE: because of PyPy
|
2013-02-06 13:28:17 +04:00
|
|
|
|
2017-07-05 14:35:02 +03:00
|
|
|
if conf.get("harFile"):
|
2019-05-09 16:39:10 +03:00
|
|
|
try:
|
|
|
|
with openFile(conf.harFile, "w+b") as f:
|
|
|
|
json.dump(conf.httpCollector.obtain(), fp=f, indent=4, separators=(',', ': '))
|
|
|
|
except SqlmapBaseException as ex:
|
|
|
|
errMsg = getSafeExString(ex)
|
|
|
|
logger.critical(errMsg)
|
2017-07-03 17:55:24 +03:00
|
|
|
|
2017-04-10 20:21:22 +03:00
|
|
|
if conf.get("api"):
|
2018-12-17 17:00:57 +03:00
|
|
|
conf.databaseCursor.disconnect()
|
2013-02-06 13:28:17 +04:00
|
|
|
|
2014-10-10 12:07:17 +04:00
|
|
|
if conf.get("dumper"):
|
|
|
|
conf.dumper.flush()
|
|
|
|
|
2016-05-17 14:54:42 +03:00
|
|
|
# short delay for thread finalization
|
2018-12-17 17:00:57 +03:00
|
|
|
_ = time.time()
|
2021-10-07 01:45:55 +03:00
|
|
|
while threading.active_count() > 1 and (time.time() - _) > THREAD_FINALIZATION_TIMEOUT:
|
2018-12-17 17:00:57 +03:00
|
|
|
time.sleep(0.01)
|
|
|
|
|
|
|
|
if cmdLineOptions.get("sqlmapShell"):
|
|
|
|
cmdLineOptions.clear()
|
|
|
|
conf.clear()
|
|
|
|
kb.clear()
|
|
|
|
conf.disableBanner = True
|
|
|
|
main()
|
2013-02-06 13:28:17 +04:00
|
|
|
|
|
|
|
if __name__ == "__main__":
|
2018-12-17 17:00:57 +03:00
|
|
|
try:
|
|
|
|
main()
|
|
|
|
except KeyboardInterrupt:
|
|
|
|
pass
|
2019-05-03 14:38:09 +03:00
|
|
|
except SystemExit:
|
|
|
|
raise
|
2019-04-30 14:20:31 +03:00
|
|
|
except:
|
2019-05-03 14:38:51 +03:00
|
|
|
traceback.print_exc()
|
2018-12-17 17:00:57 +03:00
|
|
|
finally:
|
|
|
|
# Reference: http://stackoverflow.com/questions/1635080/terminate-a-multi-thread-python-program
|
2021-10-07 01:45:55 +03:00
|
|
|
if threading.active_count() > 1:
|
2019-04-19 15:36:23 +03:00
|
|
|
os._exit(getattr(os, "_exitcode", 0))
|
|
|
|
else:
|
|
|
|
sys.exit(getattr(os, "_exitcode", 0))
|
2018-01-31 13:24:28 +03:00
|
|
|
else:
|
2022-04-05 01:12:09 +03:00
|
|
|
# cancelling postponed imports (because of CI/CD checks)
|
2020-05-15 13:58:03 +03:00
|
|
|
__import__("lib.controller.controller")
|