Implements #1215

2024-11-22 09:36:35 +03:00 · 2015-04-06 22:07:22 +02:00 · 2015-04-06 22:07:22 +02:00 · 1e7f2d6da2
commit 1e7f2d6da2
parent 26bec7219d
5 changed files with 23 additions and 1 deletions
--- a/lib/core/option.py
+++ b/lib/core/option.py
@ -2234,6 +2234,13 @@ def _basicOptionValidation():
            errMsg = "invalid regular expression '%s' ('%s')" % (conf.regexp, ex)
            raise SqlmapSyntaxException(errMsg)

+    if conf.crawlExclude:
+        try:
+            re.compile(conf.crawlExclude)
+        except re.error, ex:
+            errMsg = "invalid regular expression '%s' ('%s')" % (conf.crawlExclude, ex)
+            raise SqlmapSyntaxException(errMsg)
+
    if conf.dumpTable and conf.dumpAll:
        errMsg = "switch '--dump' is incompatible with switch '--dump-all'"
        raise SqlmapSyntaxException(errMsg)
@ -2250,6 +2257,10 @@ def _basicOptionValidation():
        errMsg = "switch '--forms' requires usage of option '-u' ('--url'), '-g', '-m' or '-x'"
        raise SqlmapSyntaxException(errMsg)

+    if conf.crawlExclude and not conf.crawlDepth:
+        errMsg = "option '--crawl-exclude' requires usage of switch '--crawl'"
+        raise SqlmapSyntaxException(errMsg)
+
    if conf.csrfUrl and not conf.csrfToken:
        errMsg = "option '--csrf-url' requires usage of option '--csrf-token'"
        raise SqlmapSyntaxException(errMsg)
--- a/lib/core/optiondict.py
+++ b/lib/core/optiondict.py
@ -188,6 +188,7 @@ optDict = {
                               "batch":             "boolean",
                               "charset":           "string",
                               "crawlDepth":        "integer",
+                               "crawlExclude":      "string",
                               "csvDel":            "string",
                               "dumpFormat":        "string",
                               "eta":               "boolean",
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@ -608,6 +608,9 @@ def cmdLineParser():
        general.add_option("--crawl", dest="crawlDepth", type="int",
                            help="Crawl the website starting from the target URL")

+        general.add_option("--crawl-exclude", dest="crawlExclude",
+                           help="Regexp to exclude pages from crawling (e.g. \"logout\")")
+
        general.add_option("--csv-del", dest="csvDel",
                                  help="Delimiting character used in CSV output "
                                  "(default \"%s\")" % defaults.csvDel)
--- a/lib/utils/crawler.py
+++ b/lib/utils/crawler.py
@ -48,6 +48,10 @@ def crawl(target):
                        current = threadData.shared.unprocessed.pop()
                        if current in visited:
                            continue
+                        elif conf.crawlExclude and re.search(conf.crawlExclude, current):
+                            dbgMsg = "skipping '%s'" % current
+                            logger.debug(dbgMsg)
+                            continue
                        else:
                            visited.add(current)
                    else:
--- a/sqlmap.conf
+++ b/sqlmap.conf
@ -647,6 +647,9 @@ charset =
 # Default: 0
 crawlDepth = 0

+# Regexp to exclude pages from crawling (e.g. "logout").
+crawlExclude =
+
 # Delimiting character used in CSV output.
 # Default: ,
 csvDel = ,