sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-07-29 17:39:56 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge 429352a0ab into 76905e8728

Browse Source
This commit is contained in:
kun 2018-03-06 13:35:50 +00:00 committed by GitHub
commit 0179945391
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
20 changed files with 68 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1,4 +1,5 @@
*.py[cod]
*.sw[op]
output/
.sqlmap_history
traffic.txt

5
extra/cloak/cloak.py
View File

@ -7,6 +7,7 @@ Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
from __future__ import print_function
import os
import sys
import zlib
@ -38,7 +39,7 @@ def decloak(inputFile=None, data=None):
try:
data = zlib.decompress(hideAscii(data))
except:
print 'ERROR: the provided input file \'%s\' does not contain valid cloaked content' % inputFile
print('ERROR: the provided input file \'%s\' does not contain valid cloaked content' % inputFile)
sys.exit(1)
finally:
f.close()
@ -63,7 +64,7 @@ def main():
parser.error(e)
if not os.path.isfile(args.inputFile):
print 'ERROR: the provided input file \'%s\' is non existent' % args.inputFile
print('ERROR: the provided input file \'%s\' is non existent' % args.inputFile)
sys.exit(1)
if not args.decrypt:

7
extra/dbgtool/dbgtool.py
View File

@ -7,6 +7,7 @@ Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
from __future__ import print_function
import os
import sys
import struct
@ -19,7 +20,7 @@ def convert(inputFile):
fileSize = fileStat.st_size
if fileSize > 65280:
print "ERROR: the provided input file '%s' is too big for debug.exe" % inputFile
print("ERROR: the provided input file '%s' is too big for debug.exe" % inputFile)
sys.exit(1)
script = "n %s\nr cx\n" % os.path.basename(inputFile.replace(".", "_"))
@ -59,7 +60,7 @@ def convert(inputFile):
def main(inputFile, outputFile):
if not os.path.isfile(inputFile):
print "ERROR: the provided input file '%s' is not a regular file" % inputFile
print("ERROR: the provided input file '%s' is not a regular file" % inputFile)
sys.exit(1)
script = convert(inputFile)
@ -70,7 +71,7 @@ def main(inputFile, outputFile):
sys.stdout.write(script)
sys.stdout.close()
else:
print script
print(script)
if __name__ == "__main__":
usage = "%s -i <input file> [-o <output file>]" % sys.argv[0]

9
extra/mssqlsig/update.py
View File

@ -5,6 +5,7 @@ Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
from __future__ import print_function
import codecs
import os
import re
@ -22,11 +23,11 @@ MSSQL_VERSIONS_URL = "http://www.sqlsecurity.com/FAQs/SQLServerVersionDatabase/t
def updateMSSQLXML():
if not os.path.exists(MSSQL_XML):
errMsg = "[ERROR] file '%s' does not exist. Please run the script from its parent directory" % MSSQL_XML
print errMsg
print(errMsg)
return
infoMsg = "[INFO] retrieving data from '%s'" % MSSQL_VERSIONS_URL
print infoMsg
print(infoMsg)
try:
req = urllib2.Request(MSSQL_VERSIONS_URL)
@ -39,7 +40,7 @@ def updateMSSQLXML():
warnMsg = "[WARNING] sqlmap was unable to connect to %s," % __mssqlHostname
warnMsg += " check your Internet connection and retry"
print warnMsg
print(warnMsg)
return
@ -131,7 +132,7 @@ def updateMSSQLXML():
mssqlXml.close()
infoMsg = "[INFO] done. retrieved data parsed and saved into '%s'" % MSSQL_XML
print infoMsg
print(infoMsg)
if __name__ == "__main__":
updateMSSQLXML()

3
extra/safe2bin/safe2bin.py
View File

@ -7,6 +7,7 @@ Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
from __future__ import print_function
import binascii
import re
import string
@ -112,7 +113,7 @@ def main():
parser.error(e)
if not os.path.isfile(args.inputFile):
print 'ERROR: the provided input file \'%s\' is not a regular file' % args.inputFile
print('ERROR: the provided input file \'%s\' is not a regular file' % args.inputFile)
sys.exit(1)
f = open(args.inputFile, 'r')

3
extra/shutils/duplicates.py
View File

@ -5,6 +5,7 @@
# Removes duplicate entries in wordlist like files
from __future__ import print_function
import sys
if len(sys.argv) > 0:
@ -17,7 +18,7 @@ if len(sys.argv) > 0:
str.encode(item)
if item in items:
if item:
print item
print(item)
else:
items.append(item)
except:

19
extra/shutils/pylint.py
View File

@ -3,6 +3,7 @@
# Runs pylint on all python scripts found in a directory tree
# Reference: http://rowinggolfer.blogspot.com/2009/08/pylint-recursively.html
from __future__ import print_function
import os
import re
import sys
@ -17,26 +18,26 @@ def check(module):
if module[-3:] == ".py":
print "CHECKING ", module
print("CHECKING ", module)
pout = os.popen("pylint --rcfile=/dev/null %s" % module, 'r')
for line in pout:
if re.match(r"\AE:", line):
print line.strip()
print(line.strip())
if __RATING__ and "Your code has been rated at" in line:
print line
print(line)
score = re.findall(r"\d.\d\d", line)[0]
total += float(score)
count += 1
if __name__ == "__main__":
try:
print sys.argv
print(sys.argv)
BASE_DIRECTORY = sys.argv[1]
except IndexError:
print "no directory specified, defaulting to current working directory"
print("no directory specified, defaulting to current working directory")
BASE_DIRECTORY = os.getcwd()
print "looking for *.py scripts in subdirectories of ", BASE_DIRECTORY
print("looking for *.py scripts in subdirectories of ", BASE_DIRECTORY)
for root, dirs, files in os.walk(BASE_DIRECTORY):
if any(_ in root for _ in ("extra", "thirdparty")):
continue
@ -45,6 +46,6 @@ if __name__ == "__main__":
check(filepath)
if __RATING__:
print "==" * 50
print "%d modules found" % count
print "AVERAGE SCORE = %.02f" % (total / count)
print("==" * 50)
print("%d modules found" % count)
print("AVERAGE SCORE = %.02f" % (total / count))

3
extra/shutils/regressiontest.py
View File

@ -3,6 +3,7 @@
# Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/)
# See the file 'LICENSE' for copying permission
from __future__ import print_function
import codecs
import inspect
import os
@ -57,7 +58,7 @@ def send_email(msg):
s.quit()
# Catch all for SMTP exceptions
except smtplib.SMTPException, e:
print "Failure to send email: %s" % str(e)
print("Failure to send email: %s" % str(e))
def failure_email(msg):
msg = prepare_email(msg)

7
extra/sqlharvest/sqlharvest.py
View File

@ -5,6 +5,7 @@ Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
from __future__ import print_function
import cookielib
import re
import socket
@ -76,7 +77,7 @@ def main():
raise
except Exception, msg:
print msg
print(msg)
if abort:
break
@ -86,7 +87,7 @@ def main():
sys.stdout.write("---------------\n")
for sqlfile in files:
print sqlfile
print(sqlfile)
try:
req = urllib2.Request(sqlfile)
@ -119,7 +120,7 @@ def main():
raise
except Exception, msg:
print msg
print(msg)
else:
i += 1

7
lib/core/threads.py
View File

@ -5,6 +5,7 @@ Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
from __future__ import print_function
import difflib
import random
import threading
@ -167,7 +168,7 @@ def runThreads(numThreads, threadFunction, cleanupFunction=None, forwardExceptio
time.sleep(0.1)
except (KeyboardInterrupt, SqlmapUserQuitException), ex:
print
print()
kb.threadContinue = False
kb.threadException = True
@ -184,7 +185,7 @@ def runThreads(numThreads, threadFunction, cleanupFunction=None, forwardExceptio
raise
except (SqlmapConnectionException, SqlmapValueException), ex:
print
print()
kb.threadException = True
logger.error("thread %s: %s" % (threading.currentThread().getName(), ex.message))
@ -194,7 +195,7 @@ def runThreads(numThreads, threadFunction, cleanupFunction=None, forwardExceptio
except:
from lib.core.common import unhandledExceptionMessage
print
print()
kb.threadException = True
errMsg = unhandledExceptionMessage()
logger.error("thread %s: %s" % (threading.currentThread().getName(), errMsg))

5
lib/parse/cmdline.py
View File

@ -5,6 +5,7 @@ Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
from __future__ import print_function
import os
import re
import shlex
@ -886,7 +887,7 @@ def cmdLineParser(argv=None):
command = raw_input("sqlmap-shell> ").strip()
command = getUnicode(command, encoding=sys.stdin.encoding)
except (KeyboardInterrupt, EOFError):
print
print()
raise SqlmapShellQuitException
if not command:
@ -930,7 +931,7 @@ def cmdLineParser(argv=None):
argv[i] = argv[i][:-1]
conf.skipThreadCheck = True
elif argv[i] == "--version":
print VERSION_STRING.split('/')[-1]
print(VERSION_STRING.split('/')[-1])
raise SystemExit
elif argv[i] in ("-h", "--help"):
advancedHelp = False

5
lib/request/dns.py
View File

@ -5,6 +5,7 @@ Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
from __future__ import print_function
import os
import re
import socket
@ -145,13 +146,13 @@ if __name__ == "__main__":
if _ is None:
break
else:
print "[i] %s" % _
print("[i] %s" % _)
time.sleep(1)
except socket.error, ex:
if 'Permission' in str(ex):
print "[x] Please run with sudo/Administrator privileges"
print("[x] Please run with sudo/Administrator privileges")
else:
raise
except KeyboardInterrupt:

3
lib/request/inject.py
View File

@ -5,6 +5,7 @@ Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
from __future__ import print_function
import re
import time
@ -276,7 +277,7 @@ def _goInferenceProxy(expression, fromUser=False, batch=False, unpack=True, char
raise SqlmapDataException(errMsg)
except KeyboardInterrupt:
print
print()
warnMsg = "user aborted during dumping phase"
logger.warn(warnMsg)

5
lib/takeover/abstraction.py
View File

@ -5,6 +5,7 @@ Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
from __future__ import print_function
import sys
from extra.safe2bin.safe2bin import safechardecode
@ -130,11 +131,11 @@ class Abstraction(Web, UDF, XP_cmdshell):
command = raw_input("os-shell> ")
command = getUnicode(command, encoding=sys.stdin.encoding)
except KeyboardInterrupt:
print
print()
errMsg = "user aborted"
logger.error(errMsg)
except EOFError:
print
print()
errMsg = "exit"
logger.error(errMsg)
break

3
lib/takeover/metasploit.py
View File

@ -5,6 +5,7 @@ Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
from __future__ import print_function
import os
import re
import select
@ -492,7 +493,7 @@ class Metasploit:
send_all(proc, "getuid\n")
if conf.privEsc:
print
print()
infoMsg = "trying to escalate privileges using Meterpreter "
infoMsg += "'getsystem' command which tries different "

3
lib/techniques/error/use.py
View File

@ -5,6 +5,7 @@ Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
from __future__ import print_function
import re
import time
@ -239,7 +240,7 @@ def _errorFields(expression, expressionFields, expressionFieldsList, num=None, e
if not suppressOutput:
if kb.fileReadMode and output and output.strip():
print
print()
elif output is not None and not (threadData.resumed and kb.suppressResumeInfo) and not (emptyFields and field in emptyFields):
status = "[%s] [INFO] %s: %s" % (time.strftime("%X"), "resumed" if threadData.resumed else "retrieved", output if kb.safeCharEncode else safecharencode(output))

3
lib/utils/api.py
View File

@ -6,6 +6,7 @@ Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
from __future__ import print_function
import contextlib
import httplib
import logging
@ -769,7 +770,7 @@ def client(host=RESTAPI_DEFAULT_ADDRESS, port=RESTAPI_DEFAULT_PORT, username=Non
command = raw_input("api%s> " % (" (%s)" % taskid if taskid else "")).strip()
command = re.sub(r"\A(\w+)", lambda match: match.group(1).lower(), command)
except (EOFError, KeyboardInterrupt):
print
print()
break
if command in ("data", "log", "status", "stop", "kill"):

5
lib/utils/hash.py
View File

@ -5,6 +5,7 @@ Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
from __future__ import print_function
try:
from crypt import crypt
except ImportError:
@ -1061,7 +1062,7 @@ def dictionaryAttack(attack_dict):
_bruteProcessVariantA(attack_info, hash_regex, suffix, retVal, 0, 1, kb.wordlists, custom_wordlist, conf.api)
except KeyboardInterrupt:
print
print()
processException = True
warnMsg = "user aborted during dictionary-based attack phase (Ctrl+C was pressed)"
logger.warn(warnMsg)
@ -1155,7 +1156,7 @@ def dictionaryAttack(attack_dict):
found = found_.value
except KeyboardInterrupt:
print
print()
processException = True
warnMsg = "user aborted during dictionary-based attack phase (Ctrl+C was pressed)"
logger.warn(warnMsg)

5
plugins/generic/custom.py
View File

@ -5,6 +5,7 @@ Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
from __future__ import print_function
import re
import sys
@ -89,11 +90,11 @@ class Custom:
query = raw_input("sql-shell> ")
query = getUnicode(query, encoding=sys.stdin.encoding)
except KeyboardInterrupt:
print
print()
errMsg = "user aborted"
logger.error(errMsg)
except EOFError:
print
print()
errMsg = "exit"
logger.error(errMsg)
break

11
sqlmap.py
View File

@ -5,6 +5,7 @@ Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
from __future__ import print_function
import sys
sys.dont_write_bytecode = True
@ -185,7 +186,7 @@ def main():
raise SystemExit
except KeyboardInterrupt:
print
print()
errMsg = "user aborted"
try:
@ -194,7 +195,7 @@ def main():
pass
except EOFError:
print
print()
errMsg = "exit"
try:
@ -206,7 +207,7 @@ def main():
pass
except:
print
print()
errMsg = unhandledExceptionMessage()
excMsg = traceback.format_exc()
valid = checkIntegrity()
@ -217,13 +218,13 @@ def main():
errMsg += "You should retrieve the latest development version from official GitHub "
errMsg += "repository at '%s'" % GIT_PAGE
logger.critical(errMsg)
print
print()
dataToStdout(excMsg)
raise SystemExit
elif any(_ in excMsg for _ in ("tamper/", "waf/")):
logger.critical(errMsg)
print
print()
dataToStdout(excMsg)
raise SystemExit