mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-22 09:36:35 +03:00
Minor refactoring
This commit is contained in:
parent
e0149e1c5f
commit
0398cbdc76
|
@ -3228,7 +3228,7 @@ def maskSensitiveData(msg):
|
|||
|
||||
retVal = getUnicode(msg)
|
||||
|
||||
for item in filter(None, map(lambda x: conf.get(x), ("hostname", "data", "googleDork", "authCred", "proxyCred", "tbl", "db", "col", "user", "cookie", "proxy", "rFile", "wFile", "dFile"))):
|
||||
for item in filter(None, map(lambda x: conf.get(x), ("hostname", "data", "dnsDomain", "googleDork", "authCred", "proxyCred", "tbl", "db", "col", "user", "cookie", "proxy", "rFile", "wFile", "dFile"))):
|
||||
regex = SENSITIVE_DATA_REGEX % re.sub("(\W)", r"\\\1", getUnicode(item))
|
||||
while extractRegexResult(regex, retVal):
|
||||
value = extractRegexResult(regex, retVal)
|
||||
|
|
|
@ -2277,7 +2277,7 @@ def _setTrafficOutputFP():
|
|||
conf.trafficFP = openFile(conf.trafficFile, "w+")
|
||||
|
||||
def _setDNSServer():
|
||||
if not conf.dnsName:
|
||||
if not conf.dnsDomain:
|
||||
return
|
||||
|
||||
infoMsg = "setting up DNS server instance"
|
||||
|
|
|
@ -106,7 +106,7 @@ optDict = {
|
|||
"uCols": "string",
|
||||
"uChar": "string",
|
||||
"uFrom": "string",
|
||||
"dnsName": "string",
|
||||
"dnsDomain": "string",
|
||||
"secondOrder": "string",
|
||||
},
|
||||
|
||||
|
|
|
@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
|
|||
from lib.core.enums import OS
|
||||
|
||||
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
||||
VERSION = "1.0.10.52"
|
||||
VERSION = "1.0.10.53"
|
||||
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
||||
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
||||
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
||||
|
@ -398,7 +398,7 @@ HASH_MOD_ITEM_DISPLAY = 11
|
|||
MAX_INT = sys.maxint
|
||||
|
||||
# Options that need to be restored in multiple targets run mode
|
||||
RESTORE_MERGED_OPTIONS = ("col", "db", "dnsName", "privEsc", "tbl", "regexp", "string", "textOnly", "threads", "timeSec", "tmpPath", "uChar", "user")
|
||||
RESTORE_MERGED_OPTIONS = ("col", "db", "dnsDomain", "privEsc", "tbl", "regexp", "string", "textOnly", "threads", "timeSec", "tmpPath", "uChar", "user")
|
||||
|
||||
# Parameters to be ignored in detection phase (upper case)
|
||||
IGNORE_PARAMETERS = ("__VIEWSTATE", "__VIEWSTATEENCRYPTED", "__VIEWSTATEGENERATOR", "__EVENTARGUMENT", "__EVENTTARGET", "__EVENTVALIDATION", "ASPSESSIONID", "ASP.NET_SESSIONID", "JSESSIONID", "CFID", "CFTOKEN")
|
||||
|
|
|
@ -364,7 +364,7 @@ def cmdLineParser(argv=None):
|
|||
techniques.add_option("--union-from", dest="uFrom",
|
||||
help="Table to use in FROM part of UNION query SQL injection")
|
||||
|
||||
techniques.add_option("--dns-domain", dest="dnsName",
|
||||
techniques.add_option("--dns-domain", dest="dnsDomain",
|
||||
help="Domain name used for DNS exfiltration attack")
|
||||
|
||||
techniques.add_option("--second-order", dest="secondOrder",
|
||||
|
|
|
@ -57,7 +57,7 @@ from lib.techniques.union.use import unionUse
|
|||
def _goDns(payload, expression):
|
||||
value = None
|
||||
|
||||
if conf.dnsName and kb.dnsTest is not False and not kb.testMode and Backend.getDbms() is not None:
|
||||
if conf.dnsDomain and kb.dnsTest is not False and not kb.testMode and Backend.getDbms() is not None:
|
||||
if kb.dnsTest is None:
|
||||
dnsTest(payload)
|
||||
|
||||
|
@ -293,7 +293,7 @@ def _goBooleanProxy(expression):
|
|||
|
||||
initTechnique(kb.technique)
|
||||
|
||||
if conf.dnsName:
|
||||
if conf.dnsDomain:
|
||||
query = agent.prefixQuery(kb.injection.data[kb.technique].vector)
|
||||
query = agent.suffixQuery(query)
|
||||
payload = agent.payload(newValue=query)
|
||||
|
@ -413,7 +413,7 @@ def getValue(expression, blind=True, union=True, error=True, time=True, fromUser
|
|||
count += 1
|
||||
found = (value is not None) or (value is None and expectingNone) or count >= MAX_TECHNIQUES_PER_VALUE
|
||||
|
||||
if found and conf.dnsName:
|
||||
if found and conf.dnsDomain:
|
||||
_ = "".join(filter(None, (key if isTechniqueAvailable(value) else None for key, value in {"E": PAYLOAD.TECHNIQUE.ERROR, "Q": PAYLOAD.TECHNIQUE.QUERY, "U": PAYLOAD.TECHNIQUE.UNION}.items())))
|
||||
warnMsg = "option '--dns-domain' will be ignored "
|
||||
warnMsg += "as faster techniques are usable "
|
||||
|
|
|
@ -24,7 +24,7 @@ def dnsTest(payload):
|
|||
if not kb.dnsTest:
|
||||
errMsg = "data retrieval through DNS channel failed"
|
||||
if not conf.forceDns:
|
||||
conf.dnsName = None
|
||||
conf.dnsDomain = None
|
||||
errMsg += ". Turning off DNS exfiltration support"
|
||||
logger.error(errMsg)
|
||||
else:
|
||||
|
|
|
@ -46,7 +46,7 @@ def dnsUse(payload, expression):
|
|||
count = 0
|
||||
offset = 1
|
||||
|
||||
if conf.dnsName and Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.ORACLE, DBMS.MYSQL, DBMS.PGSQL):
|
||||
if conf.dnsDomain and Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.ORACLE, DBMS.MYSQL, DBMS.PGSQL):
|
||||
output = hashDBRetrieve(expression, checkConf=True)
|
||||
|
||||
if output and PARTIAL_VALUE_MARKER in output or kb.dnsTest is None:
|
||||
|
@ -69,7 +69,7 @@ def dnsUse(payload, expression):
|
|||
nulledCastedField = agent.hexConvertField(nulledCastedField)
|
||||
expressionReplaced = expression.replace(fieldToCastStr, nulledCastedField, 1)
|
||||
|
||||
expressionRequest = getSQLSnippet(Backend.getIdentifiedDbms(), "dns_request", PREFIX=prefix, QUERY=expressionReplaced, SUFFIX=suffix, DOMAIN=conf.dnsName)
|
||||
expressionRequest = getSQLSnippet(Backend.getIdentifiedDbms(), "dns_request", PREFIX=prefix, QUERY=expressionReplaced, SUFFIX=suffix, DOMAIN=conf.dnsDomain)
|
||||
expressionUnescaped = unescaper.escape(expressionRequest)
|
||||
|
||||
if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.PGSQL):
|
||||
|
@ -111,7 +111,7 @@ def dnsUse(payload, expression):
|
|||
debugMsg = "performed %d queries in %.2f seconds" % (count, calculateDeltaSeconds(start))
|
||||
logger.debug(debugMsg)
|
||||
|
||||
elif conf.dnsName:
|
||||
elif conf.dnsDomain:
|
||||
warnMsg = "DNS data exfiltration method through SQL injection "
|
||||
warnMsg += "is currently not available for DBMS %s" % Backend.getIdentifiedDbms()
|
||||
singleTimeWarnMessage(warnMsg)
|
||||
|
|
|
@ -377,7 +377,7 @@ uFrom =
|
|||
|
||||
# Domain name used for DNS exfiltration attack
|
||||
# Valid: string
|
||||
dnsName =
|
||||
dnsDomain =
|
||||
|
||||
# Resulting page URL searched for second-order response
|
||||
# Valid: string
|
||||
|
|
|
@ -26,7 +26,7 @@ ec007a1424da78cfdae90da6ae49ed9b lib/controller/handler.py
|
|||
cc9c82cfffd8ee9b25ba3af6284f057e lib/controller/__init__.py
|
||||
04f16204c899438dc7599a9a8426bfee lib/core/agent.py
|
||||
eb0bd28b0bd9fbf67dcc3119116df377 lib/core/bigarray.py
|
||||
01c42757ab2928edcf62789e94397d1c lib/core/common.py
|
||||
7e424aadf807efa352733fb95a6ab431 lib/core/common.py
|
||||
5680d0c446a3bed5c0f2a0402d031557 lib/core/convert.py
|
||||
e77cca1cb063016f71f6e6bdebf4ec73 lib/core/data.py
|
||||
1d042f0bc0557d3fd564ea5a46deb77e lib/core/datatype.py
|
||||
|
@ -38,14 +38,14 @@ b218e03ef7426fb0414881b05add1092 lib/core/enums.py
|
|||
e4aec2b11c1ad6039d0c3dbbfbc5eb1a lib/core/exception.py
|
||||
cc9c82cfffd8ee9b25ba3af6284f057e lib/core/__init__.py
|
||||
91c514013daa796e2cdd940389354eac lib/core/log.py
|
||||
468ca9a68a5a40a1cb8395602083ba32 lib/core/optiondict.py
|
||||
470577bfa701af901b29fbc837c5d537 lib/core/option.py
|
||||
d027df65e7cbb99758daf77aaa6ab61c lib/core/optiondict.py
|
||||
814b261b06f12d54a9e6c5b62a2402f8 lib/core/option.py
|
||||
7af487340c138f7b5dbd443161cbb428 lib/core/profiling.py
|
||||
e60456db5380840a586654344003d4e6 lib/core/readlineng.py
|
||||
5ef56abb8671c2ca6ceecb208258e360 lib/core/replication.py
|
||||
99a2b496b9d5b546b335653ca801153f lib/core/revision.py
|
||||
7c15dd2777af4dac2c89cab6df17462e lib/core/session.py
|
||||
e39defdec6e34d32ab82541c88d64880 lib/core/settings.py
|
||||
c211b7b7ed1f4d628961e9e9457899da lib/core/settings.py
|
||||
7af83e4f18cab6dff5e67840eb65be80 lib/core/shell.py
|
||||
23657cd7d924e3c6d225719865855827 lib/core/subprocessng.py
|
||||
c3ace7874a536d801f308cf1fd03df99 lib/core/target.py
|
||||
|
@ -56,7 +56,7 @@ d43f059747ffd48952922c94152e2a07 lib/core/testing.py
|
|||
8485a3cd94c0a5af2718bad60c5f1ae5 lib/core/wordlist.py
|
||||
cc9c82cfffd8ee9b25ba3af6284f057e lib/__init__.py
|
||||
c1288bc4ce5651dbdd82d4a9435fdc03 lib/parse/banner.py
|
||||
cbca40e76a5a6e93c9fb523f69a99d88 lib/parse/cmdline.py
|
||||
344781507a052d4d37157c5017f670ba lib/parse/cmdline.py
|
||||
8ec4d4f02634834701f8258726f2e511 lib/parse/configfile.py
|
||||
fe4e2152292587928edb94c9a4d311ff lib/parse/handler.py
|
||||
8e6bfb13e5a34b2610f3ff23467a34cf lib/parse/headers.py
|
||||
|
@ -72,7 +72,7 @@ d4d52c1073c75a6eecd2ebb98b670b96 lib/request/direct.py
|
|||
1a46f7bb26b23ec0c0d9d9c95828241b lib/request/dns.py
|
||||
70ceefe39980611494d4f99afb96f652 lib/request/httpshandler.py
|
||||
cc9c82cfffd8ee9b25ba3af6284f057e lib/request/__init__.py
|
||||
aa155f8b27d56485d3ff15efa5e1b07a lib/request/inject.py
|
||||
62aff2a7bdd43f6e4d33385f57ec3e4c lib/request/inject.py
|
||||
3fc323d525beddd14cd4d4dca4934fa8 lib/request/methodrequest.py
|
||||
585a6705cfac79f795b835affb80c901 lib/request/pkihandler.py
|
||||
b2ffd261947994f4a4af555d468b4970 lib/request/rangehandler.py
|
||||
|
@ -91,8 +91,8 @@ cc9c82cfffd8ee9b25ba3af6284f057e lib/techniques/blind/__init__.py
|
|||
cc9c82cfffd8ee9b25ba3af6284f057e lib/techniques/brute/__init__.py
|
||||
d36effffe64e63ef9b3be490f850e2cc lib/techniques/brute/use.py
|
||||
cc9c82cfffd8ee9b25ba3af6284f057e lib/techniques/dns/__init__.py
|
||||
b658a1df33fd967c0b6d82911383abda lib/techniques/dns/test.py
|
||||
4033bdb9e6973ee814fb68d3cf9e710c lib/techniques/dns/use.py
|
||||
99484ca6f1c12dac031e6a0ebef33ef1 lib/techniques/dns/test.py
|
||||
77b414d35fd13c8ba6aa171d5d420dc9 lib/techniques/dns/use.py
|
||||
cc9c82cfffd8ee9b25ba3af6284f057e lib/techniques/error/__init__.py
|
||||
4a1fb475f4a193e2cac48c8c038f5677 lib/techniques/error/use.py
|
||||
cc9c82cfffd8ee9b25ba3af6284f057e lib/techniques/__init__.py
|
||||
|
|
Loading…
Reference in New Issue
Block a user