Implementation for an Issue #3108

This commit is contained in:
Miroslav Stampar 2018-07-31 02:18:33 +02:00
parent f0e4c20004
commit 1f9bf587b5
42 changed files with 113 additions and 99 deletions

View File

@ -868,11 +868,11 @@ def boldifyMessage(message):
retVal = message retVal = message
if any(_ in message for _ in BOLD_PATTERNS): if any(_ in message for _ in BOLD_PATTERNS):
retVal = setColor(message, True) retVal = setColor(message, bold=True)
return retVal return retVal
def setColor(message, bold=False): def setColor(message, color=None, bold=False):
retVal = message retVal = message
level = extractRegexResult(r"\[(?P<result>%s)\]" % '|'.join(_[0] for _ in getPublicTypeMembers(LOGGING_LEVELS)), message) or kb.get("stickyLevel") level = extractRegexResult(r"\[(?P<result>%s)\]" % '|'.join(_[0] for _ in getPublicTypeMembers(LOGGING_LEVELS)), message) or kb.get("stickyLevel")
@ -880,8 +880,8 @@ def setColor(message, bold=False):
level = unicodeencode(level) level = unicodeencode(level)
if message and getattr(LOGGER_HANDLER, "is_tty", False): # colorizing handler if message and getattr(LOGGER_HANDLER, "is_tty", False): # colorizing handler
if bold: if bold or color:
retVal = colored(message, color=None, on_color=None, attrs=("bold",)) retVal = colored(message, color=color, on_color=None, attrs=("bold",) if bold else None)
elif level: elif level:
level = getattr(logging, level, None) if isinstance(level, basestring) else level level = getattr(logging, level, None) if isinstance(level, basestring) else level
retVal = LOGGER_HANDLER.colorize(message, level) retVal = LOGGER_HANDLER.colorize(message, level)
@ -925,7 +925,7 @@ def dataToStdout(data, forceOutput=False, bold=False, content_type=None, status=
if conf.get("api"): if conf.get("api"):
sys.stdout.write(message, status, content_type) sys.stdout.write(message, status, content_type)
else: else:
sys.stdout.write(setColor(message, bold)) sys.stdout.write(setColor(message, bold=bold))
sys.stdout.flush() sys.stdout.flush()
except IOError: except IOError:

View File

@ -54,6 +54,7 @@ from lib.core.common import resetCookieJar
from lib.core.common import runningAsAdmin from lib.core.common import runningAsAdmin
from lib.core.common import safeExpandUser from lib.core.common import safeExpandUser
from lib.core.common import saveConfig from lib.core.common import saveConfig
from lib.core.common import setColor
from lib.core.common import setOptimize from lib.core.common import setOptimize
from lib.core.common import setPaths from lib.core.common import setPaths
from lib.core.common import singleTimeWarnMessage from lib.core.common import singleTimeWarnMessage
@ -699,6 +700,22 @@ def _setDBMS():
break break
def _listTamperingFunctions():
"""
Lists available tamper functions
"""
if conf.listTampers:
infoMsg = "listing available tamper scripts\n"
logger.info(infoMsg)
for script in sorted(glob.glob(os.path.join(paths.SQLMAP_TAMPER_PATH, "*.py"))):
content = openFile(script, "rb").read()
match = re.search(r'(?s)__priority__.+"""(.+)"""', content)
if match:
comment = match.group(1).strip()
dataToStdout("* %s - %s\n" % (setColor(os.path.basename(script), "yellow"), re.sub(r" *\n *", " ", comment.split("\n\n")[0].strip())))
def _setTamperingFunctions(): def _setTamperingFunctions():
""" """
Loads tampering functions from given script(s) Loads tampering functions from given script(s)
@ -2459,6 +2476,7 @@ def init():
_setDNSServer() _setDNSServer()
_adjustLoggingFormatter() _adjustLoggingFormatter()
_setMultipleTargets() _setMultipleTargets()
_listTamperingFunctions()
_setTamperingFunctions() _setTamperingFunctions()
_setWafFunctions() _setWafFunctions()
_setTrafficOutputFP() _setTrafficOutputFP()

View File

@ -227,6 +227,7 @@ optDict = {
"disableColoring": "boolean", "disableColoring": "boolean",
"googlePage": "integer", "googlePage": "integer",
"identifyWaf": "boolean", "identifyWaf": "boolean",
"listTampers": "boolean",
"mobile": "boolean", "mobile": "boolean",
"offline": "boolean", "offline": "boolean",
"purge": "boolean", "purge": "boolean",

View File

@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
from lib.core.enums import OS from lib.core.enums import OS
# sqlmap version (<major>.<minor>.<month>.<monthly commit>) # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.2.7.27" VERSION = "1.2.7.28"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

View File

@ -637,6 +637,9 @@ def cmdLineParser(argv=None):
miscellaneous.add_option("--identify-waf", dest="identifyWaf", action="store_true", miscellaneous.add_option("--identify-waf", dest="identifyWaf", action="store_true",
help="Make a thorough testing for a WAF/IPS/IDS protection") help="Make a thorough testing for a WAF/IPS/IDS protection")
miscellaneous.add_option("--list-tampers", dest="listTampers", action="store_true",
help="Display list of available tamper scripts")
miscellaneous.add_option("--mobile", dest="mobile", action="store_true", miscellaneous.add_option("--mobile", dest="mobile", action="store_true",
help="Imitate smartphone through HTTP User-Agent header") help="Imitate smartphone through HTTP User-Agent header")
@ -874,9 +877,9 @@ def cmdLineParser(argv=None):
if args.dummy: if args.dummy:
args.url = args.url or DUMMY_URL args.url = args.url or DUMMY_URL
if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, args.requestFile, args.updateAll, args.smokeTest, args.liveTest, args.wizard, args.dependencies, args.purge, args.sitemapUrl)): if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, args.requestFile, args.updateAll, args.smokeTest, args.liveTest, args.wizard, args.dependencies, args.purge, args.sitemapUrl, args.listTampers)):
errMsg = "missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, -x, --wizard, --update, --purge or --dependencies), " errMsg = "missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, -x, --list-tampers, --wizard, --update, --purge or --dependencies). "
errMsg += "use -h for basic or -hh for advanced help\n" errMsg += "Use -h for basic and -hh for advanced help\n"
parser.error(errMsg) parser.error(errMsg)
return args return args

View File

@ -778,6 +778,10 @@ googlePage = 1
# Valid: True or False # Valid: True or False
identifyWaf = False identifyWaf = False
# Display list of available tamper scripts
# Valid: True or False
listTampers = False
# Imitate smartphone through HTTP User-Agent header. # Imitate smartphone through HTTP User-Agent header.
# Valid: True or False # Valid: True or False
mobile = False mobile = False

View File

@ -14,7 +14,7 @@ def dependencies():
def tamper(payload, **kwargs): def tamper(payload, **kwargs):
""" """
Replaces apostrophe character (') with its UTF-8 full width counterpart Replaces apostrophe character (') with its UTF-8 full width counterpart (e.g. ' -> %EF%BC%87)
References: References:
* http://www.utf8-chartable.de/unicode-utf8-table.pl?start=65280&number=128 * http://www.utf8-chartable.de/unicode-utf8-table.pl?start=65280&number=128

View File

@ -14,7 +14,7 @@ def dependencies():
def tamper(payload, **kwargs): def tamper(payload, **kwargs):
""" """
Replaces apostrophe character (') with its illegal double unicode counterpart Replaces apostrophe character (') with its illegal double unicode counterpart (e.g. ' -> %00%27)
>>> tamper("1 AND '1'='1") >>> tamper("1 AND '1'='1")
'1 AND %00%271%00%27=%00%271' '1 AND %00%271%00%27=%00%271'

View File

@ -18,7 +18,7 @@ def dependencies():
def tamper(payload, **kwargs): def tamper(payload, **kwargs):
""" """
Appends encoded NULL byte character (%00) at the end of payload Appends (Access) NULL byte character (%00) at the end of payload
Requirement: Requirement:
* Microsoft Access * Microsoft Access

View File

@ -17,7 +17,7 @@ def dependencies():
def tamper(payload, **kwargs): def tamper(payload, **kwargs):
""" """
Base64 all characters in a given payload Base64-encodes all characters in a given payload
>>> tamper("1' AND SLEEP(5)#") >>> tamper("1' AND SLEEP(5)#")
'MScgQU5EIFNMRUVQKDUpIw==' 'MScgQU5EIFNMRUVQKDUpIw=='

View File

@ -17,8 +17,7 @@ def dependencies():
def tamper(payload, **kwargs): def tamper(payload, **kwargs):
""" """
Replaces space character after SQL statement with a valid random blank character. Replaces space character after SQL statement with a valid random blank character. Afterwards replace character '=' with operator LIKE
Afterwards replace character '=' with operator LIKE
Requirement: Requirement:
* Blue Coat SGOS with WAF activated as documented in * Blue Coat SGOS with WAF activated as documented in

View File

@ -16,7 +16,7 @@ def dependencies():
def tamper(payload, **kwargs): def tamper(payload, **kwargs):
""" """
Double URL-encodes all characters in a given payload (not processing already encoded) Double URL-encodes all characters in a given payload (not processing already encoded) (e.g. SELECT -> %2553%2545%254C%2545%2543%2554)
Notes: Notes:
* Useful to bypass some weak web application firewalls that do not double URL-decode the request before processing it through their ruleset * Useful to bypass some weak web application firewalls that do not double URL-decode the request before processing it through their ruleset

View File

@ -16,7 +16,7 @@ def dependencies():
def tamper(payload, **kwargs): def tamper(payload, **kwargs):
""" """
URL-encodes all characters in a given payload (not processing already encoded) URL-encodes all characters in a given payload (not processing already encoded) (e.g. SELECT -> %53%45%4C%45%43%54)
Tested against: Tested against:
* Microsoft SQL Server 2005 * Microsoft SQL Server 2005

View File

@ -18,7 +18,7 @@ def dependencies():
def tamper(payload, **kwargs): def tamper(payload, **kwargs):
""" """
Unicode-URL-encodes all characters in a given payload (not processing already encoded) Unicode-URL-encodes all characters in a given payload (not processing already encoded) (e.g. SELECT -> %u0053%u0045%u004C%u0045%u0043%u0054)
Requirement: Requirement:
* ASP * ASP

View File

@ -13,7 +13,7 @@ __priority__ = PRIORITY.NORMAL
def tamper(payload, **kwargs): def tamper(payload, **kwargs):
""" """
Unicode-escapes non-encoded characters in a given payload (not processing already encoded) Unicode-escapes non-encoded characters in a given payload (not processing already encoded) (e.g. SELECT -> \u0053\u0045\u004C\u0045\u0043\u0054)
Notes: Notes:
* Useful to bypass weak filtering and/or WAFs in JSON contexes * Useful to bypass weak filtering and/or WAFs in JSON contexes

View File

@ -14,7 +14,7 @@ def dependencies():
def tamper(payload, **kwargs): def tamper(payload, **kwargs):
""" """
Replaces instances like 'IFNULL(A, B)' with 'CASE WHEN ISNULL(A) THEN (B) ELSE (A) END' Replaces instances like 'IFNULL(A, B)' with 'CASE WHEN ISNULL(A) THEN (B) ELSE (A) END' counterpart
Requirement: Requirement:
* MySQL * MySQL

View File

@ -14,7 +14,7 @@ def dependencies():
def tamper(payload, **kwargs): def tamper(payload, **kwargs):
""" """
Replaces instances like 'IFNULL(A, B)' with 'IF(ISNULL(A), B, A)' Replaces instances like 'IFNULL(A, B)' with 'IF(ISNULL(A), B, A)' counterpart
Requirement: Requirement:
* MySQL * MySQL

View File

@ -13,7 +13,7 @@ __priority__ = PRIORITY.NORMAL
def tamper(payload, **kwargs): def tamper(payload, **kwargs):
""" """
Add a comment to the end of all occurrences of (MySQL) "information_schema" identifier Add an inline comment (/**/) to the end of all occurrences of (MySQL) "information_schema" identifier
>>> tamper('SELECT table_name FROM INFORMATION_SCHEMA.TABLES') >>> tamper('SELECT table_name FROM INFORMATION_SCHEMA.TABLES')
'SELECT table_name FROM INFORMATION_SCHEMA/**/.TABLES' 'SELECT table_name FROM INFORMATION_SCHEMA/**/.TABLES'

View File

@ -17,7 +17,7 @@ def dependencies():
def tamper(payload, **kwargs): def tamper(payload, **kwargs):
""" """
Replaces each keyword character with lower case value Replaces each keyword character with lower case value (e.g. SELECT -> select)
Tested against: Tested against:
* Microsoft SQL Server 2005 * Microsoft SQL Server 2005

View File

@ -16,7 +16,7 @@ def dependencies():
def tamper(payload, **kwargs): def tamper(payload, **kwargs):
""" """
Converts all (non-alphanum) characters in a given payload (not processing already encoded) Converts all (non-alphanum) characters in a given payload to overlong UTF8 (not processing already encoded) (e.g. ' -> %C0%A7)
Reference: Reference:
* https://www.acunetix.com/vulnerabilities/unicode-transformation-issues/ * https://www.acunetix.com/vulnerabilities/unicode-transformation-issues/

View File

@ -16,7 +16,7 @@ def dependencies():
def tamper(payload, **kwargs): def tamper(payload, **kwargs):
""" """
Converts all characters in a given payload (not processing already encoded) Converts all characters in a given payload to overlong UTF8 (not processing already encoded) (e.g. SELECT -> %C1%93%C1%85%C1%8C%C1%85%C1%83%C1%94)
Reference: Reference:
* https://www.acunetix.com/vulnerabilities/unicode-transformation-issues/ * https://www.acunetix.com/vulnerabilities/unicode-transformation-issues/

View File

@ -18,7 +18,7 @@ def dependencies():
def tamper(payload, **kwargs): def tamper(payload, **kwargs):
""" """
Adds a percentage sign ('%') infront of each character Adds a percentage sign ('%') infront of each character (e.g. SELECT -> %S%E%L%E%C%T)
Requirement: Requirement:
* ASP * ASP

View File

@ -20,7 +20,7 @@ def dependencies():
def tamper(payload, **kwargs): def tamper(payload, **kwargs):
""" """
Replaces plus operator ('+') with (MsSQL) function CONCAT() Replaces plus operator ('+') with (MsSQL) function CONCAT() counterpart
Tested against: Tested against:
* Microsoft SQL Server 2012 * Microsoft SQL Server 2012

View File

@ -20,7 +20,7 @@ def dependencies():
def tamper(payload, **kwargs): def tamper(payload, **kwargs):
""" """
Replaces plus operator ('+') with (MsSQL) ODBC function {fn CONCAT()} Replaces plus operator ('+') with (MsSQL) ODBC function {fn CONCAT()} counterpart
Tested against: Tested against:
* Microsoft SQL Server 2008 * Microsoft SQL Server 2008

View File

@ -18,7 +18,7 @@ def dependencies():
def tamper(payload, **kwargs): def tamper(payload, **kwargs):
""" """
Replaces each keyword character with random case value Replaces each keyword character with random case value (e.g. SELECT -> SEleCt)
Tested against: Tested against:
* Microsoft SQL Server 2005 * Microsoft SQL Server 2005

View File

@ -15,7 +15,7 @@ __priority__ = PRIORITY.LOW
def tamper(payload, **kwargs): def tamper(payload, **kwargs):
""" """
Add random inline comments inside SQL keywords Add random inline comments inside SQL keywords (e.g. SELECT -> S/**/E/**/LECT)
>>> import random >>> import random
>>> random.seed(0) >>> random.seed(0)

View File

@ -14,8 +14,7 @@ __priority__ = PRIORITY.LOW
def tamper(payload, **kwargs): def tamper(payload, **kwargs):
""" """
Replaces space character (' ') with a dash comment ('--') followed by Replaces space character (' ') with a dash comment ('--') followed by a random string and a new line ('\n')
a random string and a new line ('\n')
Requirement: Requirement:
* MSSQL * MSSQL

View File

@ -20,8 +20,7 @@ def dependencies():
def tamper(payload, **kwargs): def tamper(payload, **kwargs):
""" """
Replaces space character (' ') with a pound character ('#') followed by Replaces (MySQL) instances of space character (' ') with a pound character ('#') followed by a random string and a new line ('\n')
a random string and a new line ('\n')
Requirement: Requirement:
* MySQL * MySQL

View File

@ -14,7 +14,7 @@ def dependencies():
def tamper(payload, **kwargs): def tamper(payload, **kwargs):
""" """
Replaces space character (' ') with comments '/**_**/' Replaces (MySQL) instances of space character (' ') with comments '/**_**/'
Tested against: Tested against:
* MySQL 5.0 and 5.5 * MySQL 5.0 and 5.5

View File

@ -23,8 +23,7 @@ def dependencies():
def tamper(payload, **kwargs): def tamper(payload, **kwargs):
""" """
Replaces space character (' ') with a pound character ('#') followed by Replaces (MySQL) instances of space character (' ') with a pound character ('#') followed by a random string and a new line ('\n')
a random string and a new line ('\n')
Requirement: Requirement:
* MySQL >= 5.1.13 * MySQL >= 5.1.13

View File

@ -19,8 +19,7 @@ def dependencies():
def tamper(payload, **kwargs): def tamper(payload, **kwargs):
""" """
Replaces space character (' ') with a random blank character from a Replaces (MsSQL) instances of space character (' ') with a random blank character from a valid set of alternate characters
valid set of alternate characters
Requirement: Requirement:
* Microsoft SQL Server * Microsoft SQL Server

View File

@ -11,8 +11,7 @@ __priority__ = PRIORITY.LOW
def tamper(payload, **kwargs): def tamper(payload, **kwargs):
""" """
Replaces space character (' ') with a pound character ('#') followed by Replaces space character (' ') with a pound character ('#') followed by a new line ('\n')
a new line ('\n')
Requirement: Requirement:
* MSSQL * MSSQL

View File

@ -19,8 +19,7 @@ def dependencies():
def tamper(payload, **kwargs): def tamper(payload, **kwargs):
""" """
Replaces space character (' ') with a random blank character from a Replaces (MySQL) instances of space character (' ') with a random blank character from a valid set of alternate characters
valid set of alternate characters
Requirement: Requirement:
* MySQL * MySQL

View File

@ -18,15 +18,12 @@ def dependencies():
def tamper(payload, **kwargs): def tamper(payload, **kwargs):
""" """
Replaces space character (' ') with a dash comment ('--') followed by Replaces space character (' ') with a dash comment ('--') followed by a new line ('\n')
a new line ('\n')
Requirement: Requirement:
* MySQL * MySQL
* MSSQL * MSSQL
Tested against:
Notes: Notes:
* Useful to bypass several web application firewalls. * Useful to bypass several web application firewalls.

View File

@ -16,8 +16,7 @@ def dependencies():
def tamper(payload, **kwargs): def tamper(payload, **kwargs):
""" """
Replaces space character (' ') with a random blank character from a Replaces space character (' ') with a random blank character from a valid set of alternate characters
valid set of alternate characters
Tested against: Tested against:
* Microsoft SQL Server 2005 * Microsoft SQL Server 2005

View File

@ -14,7 +14,7 @@ def dependencies():
def tamper(payload, **kwargs): def tamper(payload, **kwargs):
""" """
Replaces UNION ALL SELECT with UNION SELECT Replaces instances of UNION ALL SELECT with UNION SELECT counterpart
>>> tamper('-1 UNION ALL SELECT') >>> tamper('-1 UNION ALL SELECT')
'-1 UNION SELECT' '-1 UNION SELECT'

View File

@ -17,7 +17,7 @@ def dependencies():
def tamper(payload, **kwargs): def tamper(payload, **kwargs):
""" """
Replaces each keyword character with upper case value Replaces each keyword character with upper case value (e.g. select -> SELECT)
Tested against: Tested against:
* Microsoft SQL Server 2005 * Microsoft SQL Server 2005

View File

@ -14,12 +14,12 @@ def dependencies():
def tamper(payload, **kwargs): def tamper(payload, **kwargs):
""" """
Append a HTTP header 'X-originating-IP' to bypass Appends a HTTP header 'X-originating-IP' to bypass Varnish Firewall
WAF Protection of Varnish Firewall
Reference:
* http://h30499.www3.hp.com/t5/Fortify-Application-Security/Bypassing-web-application-firewalls-using-HTTP-headers/ba-p/6418366
Notes: Notes:
Reference: http://h30499.www3.hp.com/t5/Fortify-Application-Security/Bypassing-web-application-firewalls-using-HTTP-headers/ba-p/6418366
Examples: Examples:
>> X-forwarded-for: TARGET_CACHESERVER_IP (184.189.250.X) >> X-forwarded-for: TARGET_CACHESERVER_IP (184.189.250.X)
>> X-remote-IP: TARGET_PROXY_IP (184.189.250.X) >> X-remote-IP: TARGET_PROXY_IP (184.189.250.X)

View File

@ -20,7 +20,7 @@ def dependencies():
def tamper(payload, **kwargs): def tamper(payload, **kwargs):
""" """
Encloses each non-function keyword with versioned MySQL comment Encloses each non-function keyword with (MySQL) versioned comment
Requirement: Requirement:
* MySQL * MySQL

View File

@ -21,7 +21,7 @@ def dependencies():
def tamper(payload, **kwargs): def tamper(payload, **kwargs):
""" """
Encloses each keyword with versioned MySQL comment Encloses each keyword with (MySQL) versioned comment
Requirement: Requirement:
* MySQL >= 5.1.13 * MySQL >= 5.1.13

View File

@ -20,8 +20,7 @@ def randomIP():
def tamper(payload, **kwargs): def tamper(payload, **kwargs):
""" """
Append a fake HTTP header 'X-Forwarded-For' to bypass Append a fake HTTP header 'X-Forwarded-For'
WAF (usually application based) protection
""" """
headers = kwargs.get("headers", {}) headers = kwargs.get("headers", {})

View File

@ -28,7 +28,7 @@ c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py
1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py
0adf547455a76dc71e6a599e52da1ed9 lib/core/agent.py 0adf547455a76dc71e6a599e52da1ed9 lib/core/agent.py
fd8f239e259afaf5f24bcf34a0ad187f lib/core/bigarray.py fd8f239e259afaf5f24bcf34a0ad187f lib/core/bigarray.py
af0c5caaa6328319a682073afa93ec84 lib/core/common.py ee1b800e860263b877a2b292a3e4becd lib/core/common.py
0d082da16c388b3445e656e0760fb582 lib/core/convert.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py
9f87391b6a3395f7f50830b391264f27 lib/core/data.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py
72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py
@ -40,15 +40,15 @@ ab3f4f3e3019add5f4a2e28f7e8748a4 lib/core/enums.py
cada93357a7321655927fc9625b3bfec lib/core/exception.py cada93357a7321655927fc9625b3bfec lib/core/exception.py
1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py 1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py
458a194764805cd8312c14ecd4be4d1e lib/core/log.py 458a194764805cd8312c14ecd4be4d1e lib/core/log.py
13c0a490b5a928b64236b4a15e578267 lib/core/optiondict.py 05f72baa2db4073bb0273d7fc1df13eb lib/core/optiondict.py
c82dee0f62e729213b92f5ec85f74b70 lib/core/option.py 8e759d4c8711a5980d4bdc2d044a4fd4 lib/core/option.py
c8c386d644d57c659d74542f5f57f632 lib/core/patch.py c8c386d644d57c659d74542f5f57f632 lib/core/patch.py
6783160150b4711d02c56ee2beadffdb lib/core/profiling.py 6783160150b4711d02c56ee2beadffdb lib/core/profiling.py
6f654e1715571eff68a0f8af3d62dcf8 lib/core/readlineng.py 6f654e1715571eff68a0f8af3d62dcf8 lib/core/readlineng.py
0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py
a7db43859b61569b601b97f187dd31c5 lib/core/revision.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py
fcb74fcc9577523524659ec49e2e964b lib/core/session.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py
ec2adffae2982c11332c573fe4e68d6d lib/core/settings.py b0c61c78049b4e342aeafd2fc85430fe lib/core/settings.py
dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py
a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py
12bed9603b6fba3e5ffda11d584bc449 lib/core/target.py 12bed9603b6fba3e5ffda11d584bc449 lib/core/target.py
@ -59,7 +59,7 @@ b35636650cfe721f5cc47fb91737c061 lib/core/update.py
e772deb63270375e685fa5a7b775c382 lib/core/wordlist.py e772deb63270375e685fa5a7b775c382 lib/core/wordlist.py
1e5532ede194ac9c083891c2f02bca93 lib/__init__.py 1e5532ede194ac9c083891c2f02bca93 lib/__init__.py
7620f1f4b8791e13c7184c06b5421754 lib/parse/banner.py 7620f1f4b8791e13c7184c06b5421754 lib/parse/banner.py
bc34167c7accc61df07b2982cddd0338 lib/parse/cmdline.py babf5c48bc6a3797fc459706af4465cd lib/parse/cmdline.py
fb2e2f05dde98caeac6ccf3e67192177 lib/parse/configfile.py fb2e2f05dde98caeac6ccf3e67192177 lib/parse/configfile.py
3794ff139869f5ae8e81cfdbe5714f56 lib/parse/handler.py 3794ff139869f5ae8e81cfdbe5714f56 lib/parse/handler.py
6bab53ea9d75bc9bb8169d3e8f3f149f lib/parse/headers.py 6bab53ea9d75bc9bb8169d3e8f3f149f lib/parse/headers.py
@ -228,16 +228,16 @@ ec2ba8c757ac96425dcd2b97970edd3a shell/stagers/stager.asp_
4eaeef94314956e4517e5310a28d579a sqlmapapi.py 4eaeef94314956e4517e5310a28d579a sqlmapapi.py
a35b5b83c12841fdf3925190c9d24299 sqlmap.py a35b5b83c12841fdf3925190c9d24299 sqlmap.py
523dab9e1093eb59264c6beb366b255a tamper/0x2char.py 523dab9e1093eb59264c6beb366b255a tamper/0x2char.py
4e6956958ef8135cd543d7a57f2e73ff tamper/apostrophemask.py 3a1697585ae4e7bf315e9dda97d6f321 tamper/apostrophemask.py
7c838eadd96b20800ba0bd394f5014f0 tamper/apostrophenullencode.py d7a119a74be9b385ee3884fb5e6af041 tamper/apostrophenullencode.py
0d7e8a3a0e17c92d51c49415884a47c9 tamper/appendnullbyte.py a14420ef43cdeb8fbc091116d31d31f1 tamper/appendnullbyte.py
0298d81e9dfac7ff18a5236c0f1d84b6 tamper/base64encode.py cfe19908ec32e3f2e113e759705f986b tamper/base64encode.py
e77a89b2af931a1820f6ba4b86d19cd4 tamper/between.py e77a89b2af931a1820f6ba4b86d19cd4 tamper/between.py
e1d2329adc6ca89828a2eaec2951806c tamper/bluecoat.py 9df0a1810a27b92eec1375d19a95b7ef tamper/bluecoat.py
1807417f8a7fc0bb30c36ead458da0c8 tamper/chardoubleencode.py 8c174b8925f4f075010b04d85c02a169 tamper/chardoubleencode.py
043c97c7b214335838a6bb15eeedcba3 tamper/charencode.py 45174c61533f464806f4454be6a3f2d6 tamper/charencode.py
0c0d0e5d0caf4258a75112ab59fa3e75 tamper/charunicodeencode.py 0aadf3e93dd72a9b94cb6532b3343dd1 tamper/charunicodeencode.py
18b2ca09390686f895c3bbd6460ac034 tamper/charunicodeescape.py 014f352771f0c1fb9e0f5397c5a03dc3 tamper/charunicodeescape.py
6c618b9310ed5c8de93c927e920b1d31 tamper/commalesslimit.py 6c618b9310ed5c8de93c927e920b1d31 tamper/commalesslimit.py
50f6532870d2e109bf46468e8d3ded49 tamper/commalessmid.py 50f6532870d2e109bf46468e8d3ded49 tamper/commalessmid.py
4951fec0a1af043e4b9c0728882d3452 tamper/commentbeforeparentheses.py 4951fec0a1af043e4b9c0728882d3452 tamper/commentbeforeparentheses.py
@ -247,44 +247,44 @@ e1d2329adc6ca89828a2eaec2951806c tamper/bluecoat.py
4393cc5220d2e39c5c9c5a9af4e2635d tamper/greatest.py 4393cc5220d2e39c5c9c5a9af4e2635d tamper/greatest.py
6124bc647bfa04f2b16ff8cad98382d4 tamper/halfversionedmorekeywords.py 6124bc647bfa04f2b16ff8cad98382d4 tamper/halfversionedmorekeywords.py
ef0639557a79e57b06296c4bc223ebef tamper/htmlencode.py ef0639557a79e57b06296c4bc223ebef tamper/htmlencode.py
3f79551baf811ff70b2ba8795a2064be tamper/ifnull2casewhenisnull.py 42f232d776065e325e862867c522c523 tamper/ifnull2casewhenisnull.py
e2c2b6a67546b36983a72f129a817ec0 tamper/ifnull2ifisnull.py 6e3ab1cf4ccf5524dcb60e390f920b60 tamper/ifnull2ifisnull.py
4615cbeff722583e7ab3dbe774e38c93 tamper/informationschemacomment.py 3ed2c6299c7c94776306535ff6090ab3 tamper/informationschemacomment.py
1e5532ede194ac9c083891c2f02bca93 tamper/__init__.py 1e5532ede194ac9c083891c2f02bca93 tamper/__init__.py
2dc49bcd6c55f4e2322b07fa92685356 tamper/least.py 2dc49bcd6c55f4e2322b07fa92685356 tamper/least.py
1834b5409c449d2ea1b70a5038fed9eb tamper/lowercase.py 40d1ea0796fd91cb3cdd602e36daed15 tamper/lowercase.py
1c4d622d1c2c77fc3db1f8b3849467ee tamper/modsecurityversioned.py 1c4d622d1c2c77fc3db1f8b3849467ee tamper/modsecurityversioned.py
f177a624c2cd3431c433769c6eb995e7 tamper/modsecurityzeroversioned.py f177a624c2cd3431c433769c6eb995e7 tamper/modsecurityzeroversioned.py
91b63afdb96b1d51c12a14cbd425d310 tamper/multiplespaces.py 91b63afdb96b1d51c12a14cbd425d310 tamper/multiplespaces.py
efd1917c6ccc632f044084a30e0e0f98 tamper/nonrecursivereplacement.py efd1917c6ccc632f044084a30e0e0f98 tamper/nonrecursivereplacement.py
95bf07047343c68a05658f5f11c6b413 tamper/overlongutf8more.py dcf3458f9010ca41bc4b56804f15792c tamper/overlongutf8more.py
db4687249dedddbe057c8b163923ef01 tamper/overlongutf8.py a3a3cef042b864c4226b63f89548f939 tamper/overlongutf8.py
bc0363e4fc04240c9f7b81e4ecce0714 tamper/percentage.py 89f8753a0ef65d2bb860c8864e9e935a tamper/percentage.py
db9cd6325d1814e5fe88323fe4add4e1 tamper/plus2concat.py a47aafcbc1de2deb85160e29de46f748 tamper/plus2concat.py
bcad55e2f7ce3e58a4cc7fcef77d4a4a tamper/plus2fnconcat.py 759b86cf3bb1d7871dc6489538253f94 tamper/plus2fnconcat.py
e94a1c7e4dc7450ac224436269d823bb tamper/randomcase.py 078494e1217400b485ef653108d32699 tamper/randomcase.py
e50d9ed1c988638899cf82f18452e96c tamper/randomcomments.py 28626e4b8c673228dcfe4f1627a9e08b tamper/randomcomments.py
938bfac6e55a8823e4a66cd29166d980 tamper/securesphere.py 938bfac6e55a8823e4a66cd29166d980 tamper/securesphere.py
cac8a56f8cc6c14524ee392daa5ae2fd tamper/space2comment.py cac8a56f8cc6c14524ee392daa5ae2fd tamper/space2comment.py
62d4d07b640d9d54d26ba33a77de9474 tamper/space2dash.py 4e6da2aca962b6110652e5f83dce5cd7 tamper/space2dash.py
ab91c20f71973b1a9a5fecfb9f2a1d1f tamper/space2hash.py 7cdbae483262f66ef5d77521c59d9621 tamper/space2hash.py
18f827afce8322adfa0c6dfbb4a59379 tamper/space2morecomment.py f3fed47a4fccb2b482f1f01559b8f55a tamper/space2morecomment.py
59e61a9dd1f1e6b79fde026ed771cac4 tamper/space2morehash.py fc3d9896cac8f4a97efd39673fadca7b tamper/space2morehash.py
ad45e799126d2d563b3958f714d2e7c6 tamper/space2mssqlblank.py b55ed15af74ffefc4dc303646c7c6482 tamper/space2mssqlblank.py
74334d72bffb99b0ac092f87f4da2675 tamper/space2mssqlhash.py 64e3d97e22f7e0870e88a87fd2f64243 tamper/space2mssqlhash.py
fd1bff6caefe5007444f7a0fabbc8ce9 tamper/space2mysqlblank.py 3ef95855a38bbc0f031ae3a992dcbf52 tamper/space2mysqlblank.py
48a1f013657186e336d249adefbdbc7b tamper/space2mysqldash.py 8a4737f853354ac9c3788278589a772a tamper/space2mysqldash.py
72a547bc3bf32dba0d1c3093988df8af tamper/space2plus.py 72a547bc3bf32dba0d1c3093988df8af tamper/space2plus.py
6ce135f89259c379d84c85e538300091 tamper/space2randomblank.py a74cd6375c5d5d253e2e7014b00ecd33 tamper/space2randomblank.py
93fc10b57586936cef05e88227c84ad0 tamper/sp_password.py 93fc10b57586936cef05e88227c84ad0 tamper/sp_password.py
041cb567dff6bb6e7389e12ab3fb84c6 tamper/symboliclogical.py 041cb567dff6bb6e7389e12ab3fb84c6 tamper/symboliclogical.py
6459c62914ae643799667de8bd283c97 tamper/unionalltounion.py 6679c4ffb7322315a738dcfa68c6fb7c tamper/unionalltounion.py
51d20b5cb5a50fc2e44d39087f865d23 tamper/unmagicquotes.py 51d20b5cb5a50fc2e44d39087f865d23 tamper/unmagicquotes.py
371afb396f0bb18d97147c5db83354f4 tamper/uppercase.py cc212839f55692d422beef3a8e22a8d4 tamper/uppercase.py
557ce5bf5ae9b7ab26f2c6b57312f41a tamper/varnish.py f2b9eac52d346315f5705f71beeda791 tamper/varnish.py
929a2586dbb7b758a454eb09e13e5a73 tamper/versionedkeywords.py 0e40966a51d1eb5d42a2159d2015a8a4 tamper/versionedkeywords.py
3aff4d344ebd4f38e033e73b63f84447 tamper/versionedmorekeywords.py 0fba004bf1be6edbefbda89f23f4e518 tamper/versionedmorekeywords.py
ed1acafbac707bfa71c72f76b81c1bdd tamper/xforwardedfor.py de532c4e3160039335010c499129d54f tamper/xforwardedfor.py
b25b47ddeeb62e5857fd5ad17fd454b5 thirdparty/ansistrm/ansistrm.py b25b47ddeeb62e5857fd5ad17fd454b5 thirdparty/ansistrm/ansistrm.py
d41d8cd98f00b204e9800998ecf8427e thirdparty/ansistrm/__init__.py d41d8cd98f00b204e9800998ecf8427e thirdparty/ansistrm/__init__.py
8e775c25bc9e84891ad6fcb4f0005c23 thirdparty/beautifulsoup/beautifulsoup.py 8e775c25bc9e84891ad6fcb4f0005c23 thirdparty/beautifulsoup/beautifulsoup.py