Introducing --offline switch (to perform session only lookups)

This commit is contained in:
Miroslav Stampar 2015-07-10 16:10:24 +02:00
parent 9bdbdc136f
commit 10f8c6a0b6
6 changed files with 17 additions and 6 deletions

View File

@ -552,7 +552,7 @@ def checkSqlInjection(place, parameter, value):
kb.previousMethod = method kb.previousMethod = method
if conf.dummy: if conf.dummy or conf.offline:
injectable = False injectable = False
# If the injection test was successful feed the injection # If the injection test was successful feed the injection
@ -1142,7 +1142,7 @@ def checkWaf():
Reference: http://seclists.org/nmap-dev/2011/q2/att-1005/http-waf-detect.nse Reference: http://seclists.org/nmap-dev/2011/q2/att-1005/http-waf-detect.nse
""" """
if any((conf.string, conf.notString, conf.regexp)): if any((conf.string, conf.notString, conf.regexp, conf.dummy, conf.offline)):
return None return None
dbmMsg = "heuristically checking if the target is protected by " dbmMsg = "heuristically checking if the target is protected by "
@ -1290,7 +1290,7 @@ def checkNullConnection():
return kb.nullConnection is not None return kb.nullConnection is not None
def checkConnection(suppressOutput=False): def checkConnection(suppressOutput=False):
if not any((conf.proxy, conf.tor, conf.dummy)): if not any((conf.proxy, conf.tor, conf.dummy, conf.offline)):
try: try:
debugMsg = "resolving hostname '%s'" % conf.hostname debugMsg = "resolving hostname '%s'" % conf.hostname
logger.debug(debugMsg) logger.debug(debugMsg)
@ -1303,7 +1303,7 @@ def checkConnection(suppressOutput=False):
errMsg += "resolving a host name '%s' ('%s')" % (conf.hostname, getUnicode(ex)) errMsg += "resolving a host name '%s' ('%s')" % (conf.hostname, getUnicode(ex))
raise SqlmapConnectionException(errMsg) raise SqlmapConnectionException(errMsg)
if not suppressOutput and not conf.dummy: if not suppressOutput and not conf.dummy and not conf.offline:
infoMsg = "testing connection to the target URL" infoMsg = "testing connection to the target URL"
logger.info(infoMsg) logger.info(infoMsg)

View File

@ -217,6 +217,7 @@ optDict = {
"disableColoring": "boolean", "disableColoring": "boolean",
"googlePage": "integer", "googlePage": "integer",
"mobile": "boolean", "mobile": "boolean",
"offline": "boolean",
"pageRank": "boolean", "pageRank": "boolean",
"purgeOutput": "boolean", "purgeOutput": "boolean",
"smart": "boolean", "smart": "boolean",

View File

@ -715,6 +715,10 @@ def cmdLineParser():
action="store_true", action="store_true",
help="Imitate smartphone through HTTP User-Agent header") help="Imitate smartphone through HTTP User-Agent header")
miscellaneous.add_option("--offline", dest="offline",
action="store_true",
help="Work in offline mode (only use session data)")
miscellaneous.add_option("--page-rank", dest="pageRank", miscellaneous.add_option("--page-rank", dest="pageRank",
action="store_true", action="store_true",
help="Display page rank (PR) for Google dork results") help="Display page rank (PR) for Google dork results")

View File

@ -212,7 +212,9 @@ class Connect(object):
elif conf.cpuThrottle: elif conf.cpuThrottle:
cpuThrottle(conf.cpuThrottle) cpuThrottle(conf.cpuThrottle)
if conf.dummy: if conf.offline:
return None, None, None
elif conf.dummy:
return getUnicode(randomStr(int(randomInt()), alphabet=[chr(_) for _ in xrange(256)]), {}, int(randomInt())), None, None return getUnicode(randomStr(int(randomInt()), alphabet=[chr(_) for _ in xrange(256)]), {}, int(randomInt())), None, None
threadData = getCurrentThreadData() threadData = getCurrentThreadData()

View File

@ -450,7 +450,7 @@ def getValue(expression, blind=True, union=True, error=True, time=True, fromUser
kb.safeCharEncode = False kb.safeCharEncode = False
if not kb.testMode and value is None and Backend.getDbms() and conf.dbmsHandler and not conf.noCast and not conf.hexConvert: if not any((kb.testMode, conf.dummy, conf.offline)) and value is None and Backend.getDbms() and conf.dbmsHandler and not conf.noCast and not conf.hexConvert:
warnMsg = "in case of continuous data retrieval problems you are advised to try " warnMsg = "in case of continuous data retrieval problems you are advised to try "
warnMsg += "a switch '--no-cast' " warnMsg += "a switch '--no-cast' "
warnMsg += "or switch '--hex'" if Backend.getIdentifiedDbms() not in (DBMS.ACCESS, DBMS.FIREBIRD) else "" warnMsg += "or switch '--hex'" if Backend.getIdentifiedDbms() not in (DBMS.ACCESS, DBMS.FIREBIRD) else ""

View File

@ -754,6 +754,10 @@ identifyWaf = False
# Valid: True or False # Valid: True or False
mobile = False mobile = False
# Work in offline mode (only use session data)
# Valid: True or False
offline = False
# Display page rank (PR) for Google dork results. # Display page rank (PR) for Google dork results.
# Valid: True or False # Valid: True or False
pageRank = False pageRank = False