Implementing support for piped input of targets

2024-11-22 09:36:35 +03:00 · 2020-10-14 11:34:52 +02:00 · 2020-10-14 11:34:52 +02:00 · 2bf22df53a
commit 2bf22df53a
parent 0585a55ee0
4 changed files with 36 additions and 20 deletions
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@ -291,7 +291,7 @@ def start():
        logger.error(errMsg)
        return False

-    if kb.targets and len(kb.targets) > 1:
+    if kb.targets and isListLike(kb.targets) and len(kb.targets) > 1:
        infoMsg = "found a total of %d targets" % len(kb.targets)
        logger.info(infoMsg)

--- a/lib/core/option.py
+++ b/lib/core/option.py
@ -8,6 +8,7 @@ See the file 'LICENSE' for copying permission
 from __future__ import division

 import codecs
+import collections
 import functools
 import glob
 import inspect
@ -416,6 +417,17 @@ def _setBulkMultipleTargets():
    if not conf.bulkFile:
        return

+    if isinstance(conf.bulkFile, collections.Iterable):
+        def _():
+            for line in conf.bulkFile:
+                if line:
+                    match = re.search(r"\bhttps?://[^\s'\"]+", line, re.I)
+                    if match:
+                        yield (match.group(0), conf.method, conf.data, conf.cookie, None)
+                else:
+                    break
+        kb.targets = _()
+    else:
        conf.bulkFile = safeExpandUser(conf.bulkFile)

        infoMsg = "parsing multiple targets list from '%s'" % conf.bulkFile
@ -1631,6 +1643,7 @@ def _cleanupOptions():

    for key, value in conf.items():
        if value and any(key.endswith(_) for _ in ("Path", "File", "Dir")):
+            if isinstance(value, str):
                conf[key] = safeExpandUser(value)

    if conf.testParameter:
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -18,7 +18,7 @@ from lib.core.enums import OS
 from thirdparty.six import unichr as _unichr

 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.4.10.5"
+VERSION = "1.4.10.6"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@ -1035,6 +1035,9 @@ def cmdLineParser(argv=None):
        if args.dummy:
            args.url = args.url or DUMMY_URL

+        if hasattr(sys.stdin, "fileno") and not os.isatty(sys.stdin.fileno()) and '-' not in sys.argv:
+            args.bulkFile = iter(sys.stdin.readline, None)
+
        if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, args.requestFile, args.updateAll, args.smokeTest, args.vulnTest, args.bedTest, args.fuzzTest, args.wizard, args.dependencies, args.purge, args.listTampers, args.hashFile)):
            errMsg = "missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, --list-tampers, --wizard, --update, --purge or --dependencies). "
            errMsg += "Use -h for basic and -hh for advanced help\n"