Implementation for an Issue #3108

lib/core/common.py

@@ -868,11 +868,11 @@ def boldifyMessage(message):
     retVal = message
 
     if any(_ in message for _ in BOLD_PATTERNS):
-        retVal = setColor(message, True)
+        retVal = setColor(message, bold=True)
 
     return retVal
 
-def setColor(message, bold=False):
+def setColor(message, color=None, bold=False):
     retVal = message
     level = extractRegexResult(r"\[(?P<result>%s)\]" % '|'.join(_[0] for _ in getPublicTypeMembers(LOGGING_LEVELS)), message) or kb.get("stickyLevel")
 
@@ -880,8 +880,8 @@ def setColor(message, bold=False):
         level = unicodeencode(level)
 
     if message and getattr(LOGGER_HANDLER, "is_tty", False):  # colorizing handler
-        if bold:
+        if bold or color:
-            retVal = colored(message, color=None, on_color=None, attrs=("bold",))
+            retVal = colored(message, color=color, on_color=None, attrs=("bold",) if bold else None)
         elif level:
             level = getattr(logging, level, None) if isinstance(level, basestring) else level
             retVal = LOGGER_HANDLER.colorize(message, level)
@@ -925,7 +925,7 @@ def dataToStdout(data, forceOutput=False, bold=False, content_type=None, status=
                 if conf.get("api"):
                     sys.stdout.write(message, status, content_type)
                 else:
-                    sys.stdout.write(setColor(message, bold))
+                    sys.stdout.write(setColor(message, bold=bold))
 
                 sys.stdout.flush()
             except IOError:

lib/core/option.py

@@ -54,6 +54,7 @@ from lib.core.common import resetCookieJar
 from lib.core.common import runningAsAdmin
 from lib.core.common import safeExpandUser
 from lib.core.common import saveConfig
+from lib.core.common import setColor
 from lib.core.common import setOptimize
 from lib.core.common import setPaths
 from lib.core.common import singleTimeWarnMessage
@@ -699,6 +700,22 @@ def _setDBMS():
 
             break
 
+def _listTamperingFunctions():
+    """
+    Lists available tamper functions
+    """
+
+    if conf.listTampers:
+        infoMsg = "listing available tamper scripts\n"
+        logger.info(infoMsg)
+
+        for script in sorted(glob.glob(os.path.join(paths.SQLMAP_TAMPER_PATH, "*.py"))):
+            content = openFile(script, "rb").read()
+            match = re.search(r'(?s)__priority__.+"""(.+)"""', content)
+            if match:
+                comment = match.group(1).strip()
+                dataToStdout("* %s - %s\n" % (setColor(os.path.basename(script), "yellow"), re.sub(r" *\n *", " ", comment.split("\n\n")[0].strip())))
+
 def _setTamperingFunctions():
     """
     Loads tampering functions from given script(s)
@@ -2459,6 +2476,7 @@ def init():
     _setDNSServer()
     _adjustLoggingFormatter()
     _setMultipleTargets()
+    _listTamperingFunctions()
     _setTamperingFunctions()
     _setWafFunctions()
     _setTrafficOutputFP()

lib/core/optiondict.py

@@ -227,6 +227,7 @@ optDict = {
         "disableColoring": "boolean",
         "googlePage": "integer",
         "identifyWaf": "boolean",
+        "listTampers": "boolean",
         "mobile": "boolean",
         "offline": "boolean",
         "purge": "boolean",

lib/core/settings.py

@@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
 from lib.core.enums import OS
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.2.7.27"
+VERSION = "1.2.7.28"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

lib/parse/cmdline.py

@@ -637,6 +637,9 @@ def cmdLineParser(argv=None):
         miscellaneous.add_option("--identify-waf", dest="identifyWaf", action="store_true",
                                  help="Make a thorough testing for a WAF/IPS/IDS protection")
 
+        miscellaneous.add_option("--list-tampers", dest="listTampers", action="store_true",
+                                 help="Display list of available tamper scripts")
+
         miscellaneous.add_option("--mobile", dest="mobile", action="store_true",
                                  help="Imitate smartphone through HTTP User-Agent header")
 
@@ -874,9 +877,9 @@ def cmdLineParser(argv=None):
         if args.dummy:
             args.url = args.url or DUMMY_URL
 
-        if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, args.requestFile, args.updateAll, args.smokeTest, args.liveTest, args.wizard, args.dependencies, args.purge, args.sitemapUrl)):
+        if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, args.requestFile, args.updateAll, args.smokeTest, args.liveTest, args.wizard, args.dependencies, args.purge, args.sitemapUrl, args.listTampers)):
-            errMsg = "missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, -x, --wizard, --update, --purge or --dependencies), "
+            errMsg = "missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, -x, --list-tampers, --wizard, --update, --purge or --dependencies). "
-            errMsg += "use -h for basic or -hh for advanced help\n"
+            errMsg += "Use -h for basic and -hh for advanced help\n"
             parser.error(errMsg)
 
         return args

sqlmap.conf

@@ -778,6 +778,10 @@ googlePage = 1
 # Valid: True or False
 identifyWaf = False
 
+# Display list of available tamper scripts
+# Valid: True or False
+listTampers = False
+
 # Imitate smartphone through HTTP User-Agent header.
 # Valid: True or False
 mobile = False

tamper/apostrophemask.py

@@ -14,7 +14,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces apostrophe character (') with its UTF-8 full width counterpart
+    Replaces apostrophe character (') with its UTF-8 full width counterpart (e.g. ' -> %EF%BC%87)
 
     References:
         * http://www.utf8-chartable.de/unicode-utf8-table.pl?start=65280&number=128

tamper/apostrophenullencode.py

@@ -14,7 +14,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces apostrophe character (') with its illegal double unicode counterpart
+    Replaces apostrophe character (') with its illegal double unicode counterpart (e.g. ' -> %00%27)
 
     >>> tamper("1 AND '1'='1")
     '1 AND %00%271%00%27=%00%271'

tamper/appendnullbyte.py

@@ -18,7 +18,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Appends encoded NULL byte character (%00) at the end of payload
+    Appends (Access) NULL byte character (%00) at the end of payload
 
     Requirement:
         * Microsoft Access

tamper/base64encode.py

@@ -17,7 +17,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Base64 all characters in a given payload
+    Base64-encodes all characters in a given payload
 
     >>> tamper("1' AND SLEEP(5)#")
     'MScgQU5EIFNMRUVQKDUpIw=='

tamper/bluecoat.py

@@ -17,8 +17,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces space character after SQL statement with a valid random blank character.
+    Replaces space character after SQL statement with a valid random blank character. Afterwards replace character '=' with operator LIKE
-    Afterwards replace character '=' with operator LIKE
 
     Requirement:
         * Blue Coat SGOS with WAF activated as documented in

tamper/chardoubleencode.py

@@ -16,7 +16,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Double URL-encodes all characters in a given payload (not processing already encoded)
+    Double URL-encodes all characters in a given payload (not processing already encoded) (e.g. SELECT -> %2553%2545%254C%2545%2543%2554)
 
     Notes:
         * Useful to bypass some weak web application firewalls that do not double URL-decode the request before processing it through their ruleset

tamper/charencode.py

@@ -16,7 +16,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    URL-encodes all characters in a given payload (not processing already encoded)
+    URL-encodes all characters in a given payload (not processing already encoded) (e.g. SELECT -> %53%45%4C%45%43%54)
 
     Tested against:
         * Microsoft SQL Server 2005

tamper/charunicodeencode.py

@@ -18,7 +18,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Unicode-URL-encodes all characters in a given payload (not processing already encoded)
+    Unicode-URL-encodes all characters in a given payload (not processing already encoded) (e.g. SELECT -> %u0053%u0045%u004C%u0045%u0043%u0054)
 
     Requirement:
         * ASP

tamper/charunicodeescape.py

@@ -13,7 +13,7 @@ __priority__ = PRIORITY.NORMAL
 
 def tamper(payload, **kwargs):
     """
-    Unicode-escapes non-encoded characters in a given payload (not processing already encoded)
+    Unicode-escapes non-encoded characters in a given payload (not processing already encoded) (e.g. SELECT -> \u0053\u0045\u004C\u0045\u0043\u0054)
 
     Notes:
         * Useful to bypass weak filtering and/or WAFs in JSON contexes

tamper/ifnull2casewhenisnull.py

@@ -14,7 +14,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces instances like 'IFNULL(A, B)' with 'CASE WHEN ISNULL(A) THEN (B) ELSE (A) END'
+    Replaces instances like 'IFNULL(A, B)' with 'CASE WHEN ISNULL(A) THEN (B) ELSE (A) END' counterpart
 
     Requirement:
         * MySQL

tamper/ifnull2ifisnull.py

@@ -14,7 +14,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces instances like 'IFNULL(A, B)' with 'IF(ISNULL(A), B, A)'
+    Replaces instances like 'IFNULL(A, B)' with 'IF(ISNULL(A), B, A)' counterpart
 
     Requirement:
         * MySQL

tamper/informationschemacomment.py

@@ -13,7 +13,7 @@ __priority__ = PRIORITY.NORMAL
 
 def tamper(payload, **kwargs):
     """
-    Add a comment to the end of all occurrences of (MySQL) "information_schema" identifier
+    Add an inline comment (/**/) to the end of all occurrences of (MySQL) "information_schema" identifier
 
     >>> tamper('SELECT table_name FROM INFORMATION_SCHEMA.TABLES')
     'SELECT table_name FROM INFORMATION_SCHEMA/**/.TABLES'

tamper/lowercase.py

@@ -17,7 +17,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces each keyword character with lower case value
+    Replaces each keyword character with lower case value (e.g. SELECT -> select)
 
     Tested against:
         * Microsoft SQL Server 2005

tamper/overlongutf8.py

@@ -16,7 +16,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Converts all (non-alphanum) characters in a given payload (not processing already encoded)
+    Converts all (non-alphanum) characters in a given payload to overlong UTF8 (not processing already encoded) (e.g. ' -> %C0%A7)
 
     Reference:
         * https://www.acunetix.com/vulnerabilities/unicode-transformation-issues/

tamper/overlongutf8more.py

@@ -16,7 +16,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Converts all characters in a given payload (not processing already encoded)
+    Converts all characters in a given payload to overlong UTF8 (not processing already encoded) (e.g. SELECT -> %C1%93%C1%85%C1%8C%C1%85%C1%83%C1%94)
 
     Reference:
         * https://www.acunetix.com/vulnerabilities/unicode-transformation-issues/

tamper/percentage.py

@@ -18,7 +18,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Adds a percentage sign ('%') infront of each character
+    Adds a percentage sign ('%') infront of each character (e.g. SELECT -> %S%E%L%E%C%T)
 
     Requirement:
         * ASP

tamper/plus2concat.py

@@ -20,7 +20,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces plus operator ('+') with (MsSQL) function CONCAT()
+    Replaces plus operator ('+') with (MsSQL) function CONCAT() counterpart
 
     Tested against:
         * Microsoft SQL Server 2012

tamper/plus2fnconcat.py

@@ -20,7 +20,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces plus operator ('+') with (MsSQL) ODBC function {fn CONCAT()}
+    Replaces plus operator ('+') with (MsSQL) ODBC function {fn CONCAT()} counterpart
 
     Tested against:
         * Microsoft SQL Server 2008

tamper/randomcase.py

@@ -18,7 +18,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces each keyword character with random case value
+    Replaces each keyword character with random case value (e.g. SELECT -> SEleCt)
 
     Tested against:
         * Microsoft SQL Server 2005

tamper/randomcomments.py

@@ -15,7 +15,7 @@ __priority__ = PRIORITY.LOW
 
 def tamper(payload, **kwargs):
     """
-    Add random inline comments inside SQL keywords
+    Add random inline comments inside SQL keywords (e.g. SELECT -> S/**/E/**/LECT)
 
     >>> import random
     >>> random.seed(0)

tamper/space2dash.py

@@ -14,8 +14,7 @@ __priority__ = PRIORITY.LOW
 
 def tamper(payload, **kwargs):
     """
-    Replaces space character (' ') with a dash comment ('--') followed by
+    Replaces space character (' ') with a dash comment ('--') followed by a random string and a new line ('\n')
-    a random string and a new line ('\n')
 
     Requirement:
         * MSSQL

tamper/space2hash.py

@@ -20,8 +20,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces space character (' ') with a pound character ('#') followed by
+    Replaces (MySQL) instances of space character (' ') with a pound character ('#') followed by a random string and a new line ('\n')
-    a random string and a new line ('\n')
 
     Requirement:
         * MySQL

tamper/space2morecomment.py

@@ -14,7 +14,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces space character (' ') with comments '/**_**/'
+    Replaces (MySQL) instances of space character (' ') with comments '/**_**/'
 
     Tested against:
         * MySQL 5.0 and 5.5

tamper/space2morehash.py

@@ -23,8 +23,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces space character (' ') with a pound character ('#') followed by
+    Replaces (MySQL) instances of space character (' ') with a pound character ('#') followed by a random string and a new line ('\n')
-    a random string and a new line ('\n')
 
     Requirement:
         * MySQL >= 5.1.13

tamper/space2mssqlblank.py

@@ -19,8 +19,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces space character (' ') with a random blank character from a
+    Replaces (MsSQL) instances of space character (' ') with a random blank character from a valid set of alternate characters
-    valid set of alternate characters
 
     Requirement:
         * Microsoft SQL Server

tamper/space2mssqlhash.py

@@ -11,8 +11,7 @@ __priority__ = PRIORITY.LOW
 
 def tamper(payload, **kwargs):
     """
-    Replaces space character (' ') with a pound character ('#') followed by
+    Replaces space character (' ') with a pound character ('#') followed by a new line ('\n')
-    a new line ('\n')
 
     Requirement:
         * MSSQL

tamper/space2mysqlblank.py

@@ -19,8 +19,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces space character (' ') with a random blank character from a
+    Replaces (MySQL) instances of space character (' ') with a random blank character from a valid set of alternate characters
-    valid set of alternate characters
 
     Requirement:
         * MySQL

tamper/space2mysqldash.py

@@ -18,15 +18,12 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces space character (' ') with a dash comment ('--') followed by
+    Replaces space character (' ') with a dash comment ('--') followed by a new line ('\n')
-    a new line ('\n')
 
     Requirement:
         * MySQL
         * MSSQL
 
-    Tested against:
-
     Notes:
         * Useful to bypass several web application firewalls.
 

tamper/space2randomblank.py

@@ -16,8 +16,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces space character (' ') with a random blank character from a
+    Replaces space character (' ') with a random blank character from a valid set of alternate characters
-    valid set of alternate characters
 
     Tested against:
         * Microsoft SQL Server 2005

tamper/unionalltounion.py

@@ -14,7 +14,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces UNION ALL SELECT with UNION SELECT
+    Replaces instances of UNION ALL SELECT with UNION SELECT counterpart
 
     >>> tamper('-1 UNION ALL SELECT')
     '-1 UNION SELECT'

tamper/uppercase.py

@@ -17,7 +17,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces each keyword character with upper case value
+    Replaces each keyword character with upper case value (e.g. select -> SELECT)
 
     Tested against:
         * Microsoft SQL Server 2005

tamper/varnish.py

@@ -14,12 +14,12 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Append a HTTP header 'X-originating-IP' to bypass
+    Appends a HTTP header 'X-originating-IP' to bypass Varnish Firewall
-    WAF Protection of Varnish Firewall
+
+    Reference:
+        * http://h30499.www3.hp.com/t5/Fortify-Application-Security/Bypassing-web-application-firewalls-using-HTTP-headers/ba-p/6418366
 
     Notes:
-        Reference: http://h30499.www3.hp.com/t5/Fortify-Application-Security/Bypassing-web-application-firewalls-using-HTTP-headers/ba-p/6418366
-
         Examples:
         >> X-forwarded-for: TARGET_CACHESERVER_IP (184.189.250.X)
         >> X-remote-IP: TARGET_PROXY_IP (184.189.250.X)

tamper/versionedkeywords.py

@@ -20,7 +20,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Encloses each non-function keyword with versioned MySQL comment
+    Encloses each non-function keyword with (MySQL) versioned comment
 
     Requirement:
         * MySQL

tamper/versionedmorekeywords.py

@@ -21,7 +21,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Encloses each keyword with versioned MySQL comment
+    Encloses each keyword with (MySQL) versioned comment
 
     Requirement:
         * MySQL >= 5.1.13

tamper/xforwardedfor.py

@@ -20,8 +20,7 @@ def randomIP():
 
 def tamper(payload, **kwargs):
     """
-    Append a fake HTTP header 'X-Forwarded-For' to bypass
+    Append a fake HTTP header 'X-Forwarded-For'
-    WAF (usually application based) protection
     """
 
     headers = kwargs.get("headers", {})

txt/checksum.md5

@@ -28,7 +28,7 @@ c7443613a0a2505b1faec931cee2a6ef  lib/controller/handler.py
 1e5532ede194ac9c083891c2f02bca93  lib/controller/__init__.py
 0adf547455a76dc71e6a599e52da1ed9  lib/core/agent.py
 fd8f239e259afaf5f24bcf34a0ad187f  lib/core/bigarray.py
-af0c5caaa6328319a682073afa93ec84  lib/core/common.py
+ee1b800e860263b877a2b292a3e4becd  lib/core/common.py
 0d082da16c388b3445e656e0760fb582  lib/core/convert.py
 9f87391b6a3395f7f50830b391264f27  lib/core/data.py
 72016ea5c994a711a262fd64572a0fcd  lib/core/datatype.py
@@ -40,15 +40,15 @@ ab3f4f3e3019add5f4a2e28f7e8748a4  lib/core/enums.py
 cada93357a7321655927fc9625b3bfec  lib/core/exception.py
 1e5532ede194ac9c083891c2f02bca93  lib/core/__init__.py
 458a194764805cd8312c14ecd4be4d1e  lib/core/log.py
-13c0a490b5a928b64236b4a15e578267  lib/core/optiondict.py
+05f72baa2db4073bb0273d7fc1df13eb  lib/core/optiondict.py
-c82dee0f62e729213b92f5ec85f74b70  lib/core/option.py
+8e759d4c8711a5980d4bdc2d044a4fd4  lib/core/option.py
 c8c386d644d57c659d74542f5f57f632  lib/core/patch.py
 6783160150b4711d02c56ee2beadffdb  lib/core/profiling.py
 6f654e1715571eff68a0f8af3d62dcf8  lib/core/readlineng.py
 0c3eef46bdbf87e29a3f95f90240d192  lib/core/replication.py
 a7db43859b61569b601b97f187dd31c5  lib/core/revision.py
 fcb74fcc9577523524659ec49e2e964b  lib/core/session.py
-ec2adffae2982c11332c573fe4e68d6d  lib/core/settings.py
+b0c61c78049b4e342aeafd2fc85430fe  lib/core/settings.py
 dd68a9d02fccb4fa1428b20e15b0db5d  lib/core/shell.py
 a7edc9250d13af36ac0108f259859c19  lib/core/subprocessng.py
 12bed9603b6fba3e5ffda11d584bc449  lib/core/target.py
@@ -59,7 +59,7 @@ b35636650cfe721f5cc47fb91737c061  lib/core/update.py
 e772deb63270375e685fa5a7b775c382  lib/core/wordlist.py
 1e5532ede194ac9c083891c2f02bca93  lib/__init__.py
 7620f1f4b8791e13c7184c06b5421754  lib/parse/banner.py
-bc34167c7accc61df07b2982cddd0338  lib/parse/cmdline.py
+babf5c48bc6a3797fc459706af4465cd  lib/parse/cmdline.py
 fb2e2f05dde98caeac6ccf3e67192177  lib/parse/configfile.py
 3794ff139869f5ae8e81cfdbe5714f56  lib/parse/handler.py
 6bab53ea9d75bc9bb8169d3e8f3f149f  lib/parse/headers.py
@@ -228,16 +228,16 @@ ec2ba8c757ac96425dcd2b97970edd3a  shell/stagers/stager.asp_
 4eaeef94314956e4517e5310a28d579a  sqlmapapi.py
 a35b5b83c12841fdf3925190c9d24299  sqlmap.py
 523dab9e1093eb59264c6beb366b255a  tamper/0x2char.py
-4e6956958ef8135cd543d7a57f2e73ff  tamper/apostrophemask.py
+3a1697585ae4e7bf315e9dda97d6f321  tamper/apostrophemask.py
-7c838eadd96b20800ba0bd394f5014f0  tamper/apostrophenullencode.py
+d7a119a74be9b385ee3884fb5e6af041  tamper/apostrophenullencode.py
-0d7e8a3a0e17c92d51c49415884a47c9  tamper/appendnullbyte.py
+a14420ef43cdeb8fbc091116d31d31f1  tamper/appendnullbyte.py
-0298d81e9dfac7ff18a5236c0f1d84b6  tamper/base64encode.py
+cfe19908ec32e3f2e113e759705f986b  tamper/base64encode.py
 e77a89b2af931a1820f6ba4b86d19cd4  tamper/between.py
-e1d2329adc6ca89828a2eaec2951806c  tamper/bluecoat.py
+9df0a1810a27b92eec1375d19a95b7ef  tamper/bluecoat.py
-1807417f8a7fc0bb30c36ead458da0c8  tamper/chardoubleencode.py
+8c174b8925f4f075010b04d85c02a169  tamper/chardoubleencode.py
-043c97c7b214335838a6bb15eeedcba3  tamper/charencode.py
+45174c61533f464806f4454be6a3f2d6  tamper/charencode.py
-0c0d0e5d0caf4258a75112ab59fa3e75  tamper/charunicodeencode.py
+0aadf3e93dd72a9b94cb6532b3343dd1  tamper/charunicodeencode.py
-18b2ca09390686f895c3bbd6460ac034  tamper/charunicodeescape.py
+014f352771f0c1fb9e0f5397c5a03dc3  tamper/charunicodeescape.py
 6c618b9310ed5c8de93c927e920b1d31  tamper/commalesslimit.py
 50f6532870d2e109bf46468e8d3ded49  tamper/commalessmid.py
 4951fec0a1af043e4b9c0728882d3452  tamper/commentbeforeparentheses.py
@@ -247,44 +247,44 @@ e1d2329adc6ca89828a2eaec2951806c  tamper/bluecoat.py
 4393cc5220d2e39c5c9c5a9af4e2635d  tamper/greatest.py
 6124bc647bfa04f2b16ff8cad98382d4  tamper/halfversionedmorekeywords.py
 ef0639557a79e57b06296c4bc223ebef  tamper/htmlencode.py
-3f79551baf811ff70b2ba8795a2064be  tamper/ifnull2casewhenisnull.py
+42f232d776065e325e862867c522c523  tamper/ifnull2casewhenisnull.py
-e2c2b6a67546b36983a72f129a817ec0  tamper/ifnull2ifisnull.py
+6e3ab1cf4ccf5524dcb60e390f920b60  tamper/ifnull2ifisnull.py
-4615cbeff722583e7ab3dbe774e38c93  tamper/informationschemacomment.py
+3ed2c6299c7c94776306535ff6090ab3  tamper/informationschemacomment.py
 1e5532ede194ac9c083891c2f02bca93  tamper/__init__.py
 2dc49bcd6c55f4e2322b07fa92685356  tamper/least.py
-1834b5409c449d2ea1b70a5038fed9eb  tamper/lowercase.py
+40d1ea0796fd91cb3cdd602e36daed15  tamper/lowercase.py
 1c4d622d1c2c77fc3db1f8b3849467ee  tamper/modsecurityversioned.py
 f177a624c2cd3431c433769c6eb995e7  tamper/modsecurityzeroversioned.py
 91b63afdb96b1d51c12a14cbd425d310  tamper/multiplespaces.py
 efd1917c6ccc632f044084a30e0e0f98  tamper/nonrecursivereplacement.py
-95bf07047343c68a05658f5f11c6b413  tamper/overlongutf8more.py
+dcf3458f9010ca41bc4b56804f15792c  tamper/overlongutf8more.py
-db4687249dedddbe057c8b163923ef01  tamper/overlongutf8.py
+a3a3cef042b864c4226b63f89548f939  tamper/overlongutf8.py
-bc0363e4fc04240c9f7b81e4ecce0714  tamper/percentage.py
+89f8753a0ef65d2bb860c8864e9e935a  tamper/percentage.py
-db9cd6325d1814e5fe88323fe4add4e1  tamper/plus2concat.py
+a47aafcbc1de2deb85160e29de46f748  tamper/plus2concat.py
-bcad55e2f7ce3e58a4cc7fcef77d4a4a  tamper/plus2fnconcat.py
+759b86cf3bb1d7871dc6489538253f94  tamper/plus2fnconcat.py
-e94a1c7e4dc7450ac224436269d823bb  tamper/randomcase.py
+078494e1217400b485ef653108d32699  tamper/randomcase.py
-e50d9ed1c988638899cf82f18452e96c  tamper/randomcomments.py
+28626e4b8c673228dcfe4f1627a9e08b  tamper/randomcomments.py
 938bfac6e55a8823e4a66cd29166d980  tamper/securesphere.py
 cac8a56f8cc6c14524ee392daa5ae2fd  tamper/space2comment.py
-62d4d07b640d9d54d26ba33a77de9474  tamper/space2dash.py
+4e6da2aca962b6110652e5f83dce5cd7  tamper/space2dash.py
-ab91c20f71973b1a9a5fecfb9f2a1d1f  tamper/space2hash.py
+7cdbae483262f66ef5d77521c59d9621  tamper/space2hash.py
-18f827afce8322adfa0c6dfbb4a59379  tamper/space2morecomment.py
+f3fed47a4fccb2b482f1f01559b8f55a  tamper/space2morecomment.py
-59e61a9dd1f1e6b79fde026ed771cac4  tamper/space2morehash.py
+fc3d9896cac8f4a97efd39673fadca7b  tamper/space2morehash.py
-ad45e799126d2d563b3958f714d2e7c6  tamper/space2mssqlblank.py
+b55ed15af74ffefc4dc303646c7c6482  tamper/space2mssqlblank.py
-74334d72bffb99b0ac092f87f4da2675  tamper/space2mssqlhash.py
+64e3d97e22f7e0870e88a87fd2f64243  tamper/space2mssqlhash.py
-fd1bff6caefe5007444f7a0fabbc8ce9  tamper/space2mysqlblank.py
+3ef95855a38bbc0f031ae3a992dcbf52  tamper/space2mysqlblank.py
-48a1f013657186e336d249adefbdbc7b  tamper/space2mysqldash.py
+8a4737f853354ac9c3788278589a772a  tamper/space2mysqldash.py
 72a547bc3bf32dba0d1c3093988df8af  tamper/space2plus.py
-6ce135f89259c379d84c85e538300091  tamper/space2randomblank.py
+a74cd6375c5d5d253e2e7014b00ecd33  tamper/space2randomblank.py
 93fc10b57586936cef05e88227c84ad0  tamper/sp_password.py
 041cb567dff6bb6e7389e12ab3fb84c6  tamper/symboliclogical.py
-6459c62914ae643799667de8bd283c97  tamper/unionalltounion.py
+6679c4ffb7322315a738dcfa68c6fb7c  tamper/unionalltounion.py
 51d20b5cb5a50fc2e44d39087f865d23  tamper/unmagicquotes.py
-371afb396f0bb18d97147c5db83354f4  tamper/uppercase.py
+cc212839f55692d422beef3a8e22a8d4  tamper/uppercase.py
-557ce5bf5ae9b7ab26f2c6b57312f41a  tamper/varnish.py
+f2b9eac52d346315f5705f71beeda791  tamper/varnish.py
-929a2586dbb7b758a454eb09e13e5a73  tamper/versionedkeywords.py
+0e40966a51d1eb5d42a2159d2015a8a4  tamper/versionedkeywords.py
-3aff4d344ebd4f38e033e73b63f84447  tamper/versionedmorekeywords.py
+0fba004bf1be6edbefbda89f23f4e518  tamper/versionedmorekeywords.py
-ed1acafbac707bfa71c72f76b81c1bdd  tamper/xforwardedfor.py
+de532c4e3160039335010c499129d54f  tamper/xforwardedfor.py
 b25b47ddeeb62e5857fd5ad17fd454b5  thirdparty/ansistrm/ansistrm.py
 d41d8cd98f00b204e9800998ecf8427e  thirdparty/ansistrm/__init__.py
 8e775c25bc9e84891ad6fcb4f0005c23  thirdparty/beautifulsoup/beautifulsoup.py