sqlmap/lib/core/settings.py

142 lines
6.0 KiB
Python
Raw Normal View History

2008-10-15 19:38:22 +04:00
#!/usr/bin/env python
"""
2008-10-15 19:56:32 +04:00
$Id$
2008-10-15 19:38:22 +04:00
Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
2010-10-15 03:18:29 +04:00
See the file 'doc/COPYING' for copying permission
2008-10-15 19:38:22 +04:00
"""
import logging
2010-05-21 16:09:31 +04:00
import os
import subprocess
2008-10-15 19:38:22 +04:00
import sys
from lib.core.revision import getRevisionNumber
2008-10-15 19:38:22 +04:00
# sqlmap version and site
2010-03-15 14:04:57 +03:00
VERSION = "0.9-dev"
REVISION = getRevisionNumber()
2010-03-03 19:19:17 +03:00
VERSION_STRING = "sqlmap/%s" % VERSION
DESCRIPTION = "automatic SQL injection and database takeover tool"
2008-10-15 19:38:22 +04:00
SITE = "http://sqlmap.sourceforge.net"
2010-11-10 01:32:05 +03:00
# minimum distance of ratio from conf.matchRatio to result in True
2010-11-10 01:49:31 +03:00
DIFF_TOLERANCE = 0.05
2010-11-10 02:35:37 +03:00
CONSTANT_RATIO = 0.9
2010-11-10 01:32:05 +03:00
2008-10-15 19:38:22 +04:00
# sqlmap logger
logging.addLevelName(9, "PAYLOAD")
logging.addLevelName(8, "TRAFFIC OUT")
logging.addLevelName(7, "TRAFFIC IN")
2008-10-15 19:38:22 +04:00
LOGGER = logging.getLogger("sqlmapLog")
LOGGER_HANDLER = logging.StreamHandler(sys.stdout)
FORMATTER = logging.Formatter("[%(asctime)s] [%(levelname)s] %(message)s", "%H:%M:%S")
LOGGER_HANDLER.setFormatter(FORMATTER)
LOGGER.addHandler(LOGGER_HANDLER)
LOGGER.setLevel(logging.WARN)
2010-10-21 13:51:07 +04:00
# dump markers
DUMP_NEWLINE_MARKER = "__NEWLINE__"
DUMP_CR_MARKER = "__CARRIAGE_RETURN__"
2010-10-21 13:51:07 +04:00
DUMP_DEL_MARKER = "__DEL__"
DUMP_TAB_MARKER = "__TAB__"
DUMP_START_MARKER = "__START__"
DUMP_STOP_MARKER = "__STOP__"
PAYLOAD_DELIMITER = "\x00"
# settings used for delayed time payloads
TIME_MIN_DELTA = 1 # minimum difference of loading time in seconds
TIME_N_RESPONSE = 3 # minimum multiplicant of response time
# System variables
IS_WIN = subprocess.mswindows
2010-05-21 16:09:31 +04:00
# The name of the operating system dependent module imported. The following
# names have currently been registered: 'posix', 'nt', 'mac', 'os2', 'ce',
# 'java', 'riscos'
PLATFORM = os.name
PYVERSION = sys.version.split()[0]
2008-10-15 19:38:22 +04:00
# Url to update Microsoft SQL Server XML versions file from
MSSQL_VERSIONS_URL = "http://www.sqlsecurity.com/FAQs/SQLServerVersionDatabase/tabid/63/Default.aspx"
# Database management system specific variables
MSSQL_SYSTEM_DBS = ( "Northwind", "model", "msdb", "pubs", "tempdb" )
MYSQL_SYSTEM_DBS = ( "information_schema", "mysql" ) # Before MySQL 5.0 only "mysql"
PGSQL_SYSTEM_DBS = ( "information_schema", "pg_catalog", "pg_toast" )
ORACLE_SYSTEM_DBS = ( "SYSTEM", "SYSAUX" ) # These are TABLESPACE_NAME
SQLITE_SYSTEM_DBS = ( "sqlite_master", "sqlite_temp_master" )
ACCESS_SYSTEM_DBS = ( "MSysAccessObjects", "MSysACEs", "MSysObjects", "MSysQueries", "MSysRelationships", "MSysAccessStorage",\
"MSysAccessXML", "MSysModules", "MSysModules2" )
FIREBIRD_SYSTEM_DBS = ( "RDB$BACKUP_HISTORY", "RDB$CHARACTER_SETS", "RDB$CHECK_CONSTRAINTS", "RDB$COLLATIONS", "RDB$DATABASE",\
"RDB$DEPENDENCIES", "RDB$EXCEPTIONS", "RDB$FIELDS", "RDB$FIELD_DIMENSIONS", " RDB$FILES", "RDB$FILTERS",\
"RDB$FORMATS", "RDB$FUNCTIONS", "RDB$FUNCTION_ARGUMENTS", "RDB$GENERATORS", "RDB$INDEX_SEGMENTS", "RDB$INDICES",\
"RDB$LOG_FILES", "RDB$PAGES", "RDB$PROCEDURES", "RDB$PROCEDURE_PARAMETERS", "RDB$REF_CONSTRAINTS", "RDB$RELATIONS",\
"RDB$RELATION_CONSTRAINTS", "RDB$RELATION_FIELDS", "RDB$ROLES", "RDB$SECURITY_CLASSES", "RDB$TRANSACTIONS", "RDB$TRIGGERS",\
"RDB$TRIGGER_MESSAGES", "RDB$TYPES", "RDB$USER_PRIVILEGES", "RDB$VIEW_RELATIONS" )
MAXDB_SYSTEM_DBS = ( "SYSINFO", "DOMAIN" )
2010-10-12 23:05:12 +04:00
SYBASE_SYSTEM_DBS = ( "master", "model", "sybsystemdb", "sybsystemprocs" )
2008-10-15 19:38:22 +04:00
MSSQL_ALIASES = [ "microsoft sql server", "mssqlserver", "mssql", "ms" ]
MYSQL_ALIASES = [ "mysql", "my" ]
PGSQL_ALIASES = [ "postgresql", "postgres", "pgsql", "psql", "pg" ]
ORACLE_ALIASES = [ "oracle", "orcl", "ora", "or" ]
SQLITE_ALIASES = [ "sqlite", "sqlite3" ]
ACCESS_ALIASES = [ "access", "jet", "microsoft access", "msaccess" ]
FIREBIRD_ALIASES = [ "firebird", "mozilla firebird", "interbase", "ibase", "fb" ]
MAXDB_ALIASES = [ "maxdb", "sap maxdb", "sap db" ]
2010-10-12 23:05:12 +04:00
SYBASE_ALIASES = [ "sybase", "sybase sql server" ]
2010-10-12 23:05:12 +04:00
SUPPORTED_DBMS = MSSQL_ALIASES + MYSQL_ALIASES + PGSQL_ALIASES + ORACLE_ALIASES + SQLITE_ALIASES + ACCESS_ALIASES + FIREBIRD_ALIASES + MAXDB_ALIASES + SYBASE_ALIASES
SUPPORTED_OS = ( "linux", "windows" )
SQL_STATEMENTS = {
"SQL SELECT statement": (
2008-12-20 16:21:47 +03:00
"select ",
"show ",
" top ",
" distinct ",
2008-12-20 16:21:47 +03:00
" from ",
" from dual",
2008-12-20 16:21:47 +03:00
" where ",
" group by ",
" order by ",
" having ",
" limit ",
" offset ",
" union all ",
" rownum as ",
"(case ", ),
"SQL data definition": (
2008-12-20 16:21:47 +03:00
"create ",
"declare ",
2008-12-20 16:21:47 +03:00
"drop ",
"truncate ",
"alter ", ),
"SQL data manipulation": (
2008-12-20 16:21:47 +03:00
"insert ",
"update ",
"delete ",
"merge ", ),
"SQL data control": (
2008-12-20 16:21:47 +03:00
"grant ", ),
"SQL data execution": (
" exec ",
2009-01-10 17:39:27 +03:00
"execute ", ),
"SQL transaction": (
2008-12-20 16:21:47 +03:00
"start transaction ",
"begin work ",
"begin transaction ",
"commit ",
"rollback ", ),
}