sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-21 14:02:49 +03:00
Code Issues Packages Projects Releases Wiki Activity

Split character for tamper scripts (--tamper option) is now comma, not semi-colon.

Browse Source 
Minor enhancement
This commit is contained in:
Bernardo Damele 2010-10-16 21:52:16 +00:00
parent 2dae934a2b
commit 2129935e06
5 changed files with 47 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/controller/controller.py
View File

@ -167,7 +167,7 @@ def start():
if not checkConnection() or not checkString() or not checkRegexp(): if not checkConnection() or not checkString() or not checkRegexp():
continue continue
if conf.useNullConnection: if conf.nullConnection:
checkNullConnection() checkNullConnection()
if not conf.dropSetCookie and conf.cj: if not conf.dropSetCookie and conf.cj:

10
lib/core/option.py
View File

@ -536,7 +536,7 @@ def __setTamperingFunctions():
""" """
if conf.tamper: if conf.tamper:
for tfile in conf.tamper.split(';'): for tfile in conf.tamper.split(','):
found = False found = False
if not tfile: if not tfile:
@ -980,8 +980,8 @@ def __cleanupOptions():
conf.multipleTargets = True conf.multipleTargets = True
if conf.optimize: if conf.optimize:
conf.useCommonPrediction = conf.keepAlive = True conf.commonPrediction = conf.keepAlive = True
conf.useNullConnection = not conf.textOnly conf.nullConnection = not conf.textOnly
def __setConfAttributes(): def __setConfAttributes():
""" """
@ -1207,11 +1207,11 @@ def __basicOptionValidation():
errMsg = "value for --threshold (thold) option must be in range [0,1]" errMsg = "value for --threshold (thold) option must be in range [0,1]"
raise sqlmapSyntaxException, errMsg raise sqlmapSyntaxException, errMsg
if conf.textOnly and conf.useNullConnection: if conf.textOnly and conf.nullConnection:
errMsg = "switch --text-only is incompatible with switch --null-connection" errMsg = "switch --text-only is incompatible with switch --null-connection"
raise sqlmapSyntaxException, errMsg raise sqlmapSyntaxException, errMsg
if conf.data and conf.useNullConnection: if conf.data and conf.nullConnection:
errMsg = "switch --data is incompatible with switch --null-connection" errMsg = "switch --data is incompatible with switch --null-connection"
raise sqlmapSyntaxException, errMsg raise sqlmapSyntaxException, errMsg

21
lib/core/optiondict.py
View File

@ -27,18 +27,16 @@ optDict = {
"cookie": "string", "cookie": "string",
"cookieUrlencode": "boolean", "cookieUrlencode": "boolean",
"dropSetCookie": "boolean", "dropSetCookie": "boolean",
"referer": "string",
"agent": "string", "agent": "string",
"userAgentsFile": "string", "userAgentsFile": "string",
"referer": "string",
"headers": "string", "headers": "string",
"aType": "string", "aType": "string",
"aCred": "string", "aCred": "string",
"aCert": "string", "aCert": "string",
"keepAlive": "boolean",
"proxy": "string", "proxy": "string",
"pCred": "string", "pCred": "string",
"ignoreProxy": "boolean", "ignoreProxy": "boolean",
"threads": "integer",
"delay": "float", "delay": "float",
"timeout": "float", "timeout": "float",
"retries": "integer", "retries": "integer",
@ -47,6 +45,14 @@ optDict = {
"saFreq": "integer" "saFreq": "integer"
}, },
"Optimization": {
"optimize": "boolean",
"commonPrediction": "boolean",
"keepAlive": "boolean",
"nullConnection": "boolean",
"threads": "integer"
},
"Injection": { "Injection": {
"testParameter": "string", "testParameter": "string",
"dbms": "string", "dbms": "string",
@ -58,6 +64,8 @@ optDict = {
"eString": "string", "eString": "string",
"eRegexp": "string", "eRegexp": "string",
"thold": "float", "thold": "float",
"textOnly": "boolean",
"tamper": "string"
}, },
"Techniques": { "Techniques": {
@ -88,17 +96,19 @@ optDict = {
"dumpTable": "boolean", "dumpTable": "boolean",
"dumpAll": "boolean", "dumpAll": "boolean",
"search": "boolean", "search": "boolean",
"user": "string",
"db": "string", "db": "string",
"tbl": "string", "tbl": "string",
"col": "string", "col": "string",
"user": "string",
"excludeSysDbs": "boolean", "excludeSysDbs": "boolean",
"limitStart": "integer", "limitStart": "integer",
"limitStop": "integer", "limitStop": "integer",
"firstChar": "integer", "firstChar": "integer",
"lastChar": "integer", "lastChar": "integer",
"query": "string", "query": "string",
"sqlShell": "boolean" "sqlShell": "boolean",
"cExists": "boolean",
"tableFile": "string"
}, },
"User-defined function": { "User-defined function": {
@ -137,6 +147,7 @@ optDict = {
"xmlFile": "string", "xmlFile": "string",
"sessionFile": "string", "sessionFile": "string",
"flushSession": "boolean", "flushSession": "boolean",
"forms": "boolean",
"eta": "boolean", "eta": "boolean",
"googlePage": "integer", "googlePage": "integer",
"updateAll": "boolean", "updateAll": "boolean",

46
lib/parse/cmdline.py
View File

@ -128,6 +128,28 @@ def cmdLineParser():
request.add_option("--safe-freq", dest="saFreq", type="int", default=0, request.add_option("--safe-freq", dest="saFreq", type="int", default=0,
help="Test requests between two visits to a given safe url") help="Test requests between two visits to a given safe url")
# Optimization options
optimization = OptionGroup(parser, "Optimization", "These "
"options can be used to optimize the "
"performance of sqlmap.")
optimization.add_option("-o", dest="optimize",
action="store_true", default=False,
help="Use all optimization options")
optimization.add_option("--common-prediction", dest="commonPrediction", action="store_true",
default=False, help="Use 'Good samaritan' feature")
optimization.add_option("--keep-alive", dest="keepAlive", action="store_true",
default=False, help="Use persistent HTTP(s) connections")
optimization.add_option("--null-connection", dest="nullConnection", action="store_true",
default=False, help="Retrieve page length without actual HTTP response body")
optimization.add_option("--threads", dest="threads", type="int", default=1,
help="Maximum number of concurrent HTTP "
"requests (default 1)")
# Injection options # Injection options
injection = OptionGroup(parser, "Injection", "These options can be " injection = OptionGroup(parser, "Injection", "These options can be "
"used to specify which parameters to test " "used to specify which parameters to test "
@ -415,28 +437,6 @@ def cmdLineParser():
windows.add_option("--reg-type", dest="regType", windows.add_option("--reg-type", dest="regType",
help="Windows registry key value type") help="Windows registry key value type")
# Optimization options
optimization = OptionGroup(parser, "Optimization", "These "
"options can be used to optimize the "
"performance of sqlmap.")
optimization.add_option("-o", dest="optimize",
action="store_true", default=False,
help="Use all optimization options")
optimization.add_option("--common-prediction", dest="useCommonPrediction", action="store_true",
default=False, help="Use 'Good samaritan' feature")
optimization.add_option("--keep-alive", dest="keepAlive", action="store_true",
default=False, help="Use persistent HTTP(s) connections")
optimization.add_option("--null-connection", dest="useNullConnection", action="store_true",
default=False, help="Retrieve page length without actual HTTP response body")
optimization.add_option("--threads", dest="threads", type="int", default=1,
help="Maximum number of concurrent HTTP "
"requests (default 1)")
# Miscellaneous options # Miscellaneous options
miscellaneous = OptionGroup(parser, "Miscellaneous") miscellaneous = OptionGroup(parser, "Miscellaneous")
@ -499,6 +499,7 @@ def cmdLineParser():
parser.add_option_group(target) parser.add_option_group(target)
parser.add_option_group(request) parser.add_option_group(request)
parser.add_option_group(optimization)
parser.add_option_group(injection) parser.add_option_group(injection)
parser.add_option_group(techniques) parser.add_option_group(techniques)
parser.add_option_group(fingerprint) parser.add_option_group(fingerprint)
@ -507,7 +508,6 @@ def cmdLineParser():
parser.add_option_group(filesystem) parser.add_option_group(filesystem)
parser.add_option_group(takeover) parser.add_option_group(takeover)
parser.add_option_group(windows) parser.add_option_group(windows)
parser.add_option_group(optimization)
parser.add_option_group(miscellaneous) parser.add_option_group(miscellaneous)
args = [] args = []

4
lib/techniques/blind/inference.py
View File

@ -45,7 +45,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
# Set kb.partRun in case "common prediction" feature (a.k.a. "good # Set kb.partRun in case "common prediction" feature (a.k.a. "good
# samaritan") is used # samaritan") is used
kb.partRun = getPartRun() if conf.useCommonPrediction else None kb.partRun = getPartRun() if conf.commonPrediction else None
if "LENGTH(" in expression or "LEN(" in expression: if "LENGTH(" in expression or "LEN(" in expression:
firstChar = 0 firstChar = 0
@ -427,7 +427,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
# Common prediction feature (a.k.a. "good samaritan") # Common prediction feature (a.k.a. "good samaritan")
# NOTE: to be used only when multi-threading is not set for # NOTE: to be used only when multi-threading is not set for
# the moment # the moment
if conf.useCommonPrediction and len(finalValue) > 0 and kb.partRun is not None: if conf.commonPrediction and len(finalValue) > 0 and kb.partRun is not None:
val = None val = None
commonValue, commonPattern, commonCharset, otherCharset = goGoodSamaritan(finalValue, asciiTbl) commonValue, commonPattern, commonCharset, otherCharset = goGoodSamaritan(finalValue, asciiTbl)