Unhidding switch '--identify-waf' (Issue #290)

2024-11-22 09:36:35 +03:00 · 2013-02-21 14:48:19 +01:00 · 2013-02-21 14:48:19 +01:00 · 29ba43ee6c
commit 29ba43ee6c
parent 08f0670aca
3 changed files with 11 additions and 6 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@ -993,7 +993,7 @@ def checkWaf():
    if not conf.checkWaf:
        return False

-    infoMsg = "testing if the target is protected by "
+    infoMsg = "heuristic checking if the target is protected by "
    infoMsg += "some kind of WAF/IPS/IDS"
    logger.info(infoMsg)

--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@ -614,7 +614,7 @@ def cmdLineParser():

        miscellaneous.add_option("--check-waf", dest="checkWaf",
                                  action="store_true",
-                                  help="Check for existence of WAF/IPS/IDS protection")
+                                  help="Heuristically check for WAF/IPS/IDS protection")

        miscellaneous.add_option("--cleanup", dest="cleanup",
                                  action="store_true",
@ -636,6 +636,10 @@ def cmdLineParser():
                                  action="store_true",
                                  help="Use HTTP parameter pollution")

+        miscellaneous.add_option("--identify-waf", dest="identifyWaf",
+                                  action="store_true",
+                                  help="Make a through testing for a WAF/IPS/IDS protection")
+
        miscellaneous.add_option("--mobile", dest="mobile",
                                  action="store_true",
                                  help="Imitate smartphone through HTTP User-Agent header")
@ -674,9 +678,6 @@ def cmdLineParser():
        parser.add_option("--force-dns", dest="forceDns", action="store_true",
                          help=SUPPRESS_HELP)

-        parser.add_option("--identify-waf", dest="identifyWaf", action="store_true",
-                          help=SUPPRESS_HELP)
-
        parser.add_option("--smoke-test", dest="smokeTest", action="store_true",
                          help=SUPPRESS_HELP)

--- a/sqlmap.conf
+++ b/sqlmap.conf
@ -667,7 +667,7 @@ beep = False
 # Valid: True or False
 checkPayload = False

-# Check for existence of WAF/IPS/IDS protection.
+# Heuristically check for WAF/IPS/IDS protection.
 # Valid: True or False
 checkWaf = False

@ -692,6 +692,10 @@ googlePage = 1
 # Valid: True or False
 hpp = False

+# Make a through testing for a WAF/IPS/IDS protection.
+# Valid: True or False
+identifyWaf = False
+
 # Imitate smartphone through HTTP User-Agent header.
 # Valid: True or False
 mobile = False