sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 09:36:35 +03:00
Code Issues Packages Projects Releases Wiki Activity

Implementing support for piped input of targets

Browse Source
This commit is contained in:
Miroslav Stampar 2020-10-14 11:34:52 +02:00
parent 0585a55ee0
commit 2bf22df53a
4 changed files with 36 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/controller/controller.py
View File

@ -291,7 +291,7 @@ def start():
logger.error(errMsg) logger.error(errMsg)
return False return False
if kb.targets and len(kb.targets) > 1: if kb.targets and isListLike(kb.targets) and len(kb.targets) > 1:
infoMsg = "found a total of %d targets" % len(kb.targets) infoMsg = "found a total of %d targets" % len(kb.targets)
logger.info(infoMsg) logger.info(infoMsg)

49
lib/core/option.py
View File

@ -8,6 +8,7 @@ See the file 'LICENSE' for copying permission
from __future__ import division from __future__ import division
import codecs import codecs
import collections
import functools import functools
import glob import glob
import inspect import inspect
@ -416,28 +417,39 @@ def _setBulkMultipleTargets():
if not conf.bulkFile: if not conf.bulkFile:
return return
conf.bulkFile = safeExpandUser(conf.bulkFile) if isinstance(conf.bulkFile, collections.Iterable):
def _():
for line in conf.bulkFile:
if line:
match = re.search(r"\bhttps?://[^\s'\"]+", line, re.I)
if match:
yield (match.group(0), conf.method, conf.data, conf.cookie, None)
else:
break
kb.targets = _()
else:
conf.bulkFile = safeExpandUser(conf.bulkFile)
infoMsg = "parsing multiple targets list from '%s'" % conf.bulkFile infoMsg = "parsing multiple targets list from '%s'" % conf.bulkFile
logger.info(infoMsg) logger.info(infoMsg)
if not checkFile(conf.bulkFile, False): if not checkFile(conf.bulkFile, False):
errMsg = "the specified bulk file " errMsg = "the specified bulk file "
errMsg += "does not exist" errMsg += "does not exist"
raise SqlmapFilePathException(errMsg) raise SqlmapFilePathException(errMsg)
found = False found = False
for line in getFileItems(conf.bulkFile): for line in getFileItems(conf.bulkFile):
if conf.scope and not re.search(conf.scope, line, re.I): if conf.scope and not re.search(conf.scope, line, re.I):
continue continue
if re.match(r"[^ ]+\?(.+)", line, re.I) or kb.customInjectionMark in line: if re.match(r"[^ ]+\?(.+)", line, re.I) or kb.customInjectionMark in line:
found = True found = True
kb.targets.add((line.strip(), conf.method, conf.data, conf.cookie, None)) kb.targets.add((line.strip(), conf.method, conf.data, conf.cookie, None))
if not found and not conf.forms and not conf.crawlDepth: if not found and not conf.forms and not conf.crawlDepth:
warnMsg = "no usable links found (with GET parameters)" warnMsg = "no usable links found (with GET parameters)"
logger.warn(warnMsg) logger.warn(warnMsg)
def _findPageForms(): def _findPageForms():
if not conf.forms or conf.crawlDepth: if not conf.forms or conf.crawlDepth:
@ -1631,7 +1643,8 @@ def _cleanupOptions():
for key, value in conf.items(): for key, value in conf.items():
if value and any(key.endswith(_) for _ in ("Path", "File", "Dir")): if value and any(key.endswith(_) for _ in ("Path", "File", "Dir")):
conf[key] = safeExpandUser(value) if isinstance(value, str):
conf[key] = safeExpandUser(value)
if conf.testParameter: if conf.testParameter:
conf.testParameter = urldecode(conf.testParameter) conf.testParameter = urldecode(conf.testParameter)

2
lib/core/settings.py
View File

@ -18,7 +18,7 @@ from lib.core.enums import OS
from thirdparty.six import unichr as _unichr from thirdparty.six import unichr as _unichr
# sqlmap version (<major>.<minor>.<month>.<monthly commit>) # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.4.10.5" VERSION = "1.4.10.6"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

3
lib/parse/cmdline.py
View File

@ -1035,6 +1035,9 @@ def cmdLineParser(argv=None):
if args.dummy: if args.dummy:
args.url = args.url or DUMMY_URL args.url = args.url or DUMMY_URL
if hasattr(sys.stdin, "fileno") and not os.isatty(sys.stdin.fileno()) and '-' not in sys.argv:
args.bulkFile = iter(sys.stdin.readline, None)
if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, args.requestFile, args.updateAll, args.smokeTest, args.vulnTest, args.bedTest, args.fuzzTest, args.wizard, args.dependencies, args.purge, args.listTampers, args.hashFile)): if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, args.requestFile, args.updateAll, args.smokeTest, args.vulnTest, args.bedTest, args.fuzzTest, args.wizard, args.dependencies, args.purge, args.listTampers, args.hashFile)):
errMsg = "missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, --list-tampers, --wizard, --update, --purge or --dependencies). " errMsg = "missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, --list-tampers, --wizard, --update, --purge or --dependencies). "
errMsg += "Use -h for basic and -hh for advanced help\n" errMsg += "Use -h for basic and -hh for advanced help\n"