sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-04-25 11:23:44 +03:00
Code Issues Packages Projects Releases Wiki Activity

code cleanup

Browse Source
This commit is contained in:
Miroslav Stampar 2011-12-21 22:59:23 +00:00
parent 41ccf88990
commit 526aacb640
17 changed files with 35 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
extra/icmpsh/icmpsh_m.py
View File

@ -57,7 +57,7 @@ def main(src, dst):
# with the returned data # with the returned data
try: try:
sock = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_ICMP) sock = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_ICMP)
except socket.error, e: except socket.error:
sys.stderr.write('You need to run icmpsh master with administrator privileges\n') sys.stderr.write('You need to run icmpsh master with administrator privileges\n')
sys.exit(1) sys.exit(1)

39
extra/shutils/duplicates.py
View File

@ -1,11 +1,11 @@
#!/usr/bin/env python #!/usr/bin/env python
""" """
$Id$ $Id$
Copyright (c) 2006-2011 sqlmap developers (http://www.sqlmap.org/) Copyright (c) 2006-2011 sqlmap developers (http://www.sqlmap.org/)
See the file 'doc/COPYING' for copying permission See the file 'doc/COPYING' for copying permission
"""
# Removes duplicate entries in wordlist like files # Removes duplicate entries in wordlist like files
@ -13,25 +13,24 @@ import sys
if len(sys.argv) > 0: if len(sys.argv) > 0:
items = list() items = list()
f = open(sys.argv[1], 'r') f = open(sys.argv[1], 'r')
for item in f.readlines(): for item in f.readlines():
item = item.strip() item = item.strip()
try: try:
str.encode(item) str.encode(item)
if item in items: if item in items:
if item: if item:
print item print item
else: else:
items.append(item) items.append(item)
if not item: if not item:
items.append('') items.append('')
except: except:
pass pass
f.close() f.close()
f = open(sys.argv[1], 'w+') f = open(sys.argv[1], 'w+')
f.writelines("\n".join(items)) f.writelines("\n".join(items))
f.close()

1
extra/socks/socks.py
View File

@ -46,7 +46,6 @@ mainly to merge bug fixes found in Sourceforge
import socket import socket
import struct import struct
import sys
PROXY_TYPE_SOCKS4 = 1 PROXY_TYPE_SOCKS4 = 1
PROXY_TYPE_SOCKS5 = 2 PROXY_TYPE_SOCKS5 = 2

2
lib/core/agent.py
View File

@ -559,7 +559,7 @@ class Agent:
inbandQuery = self.prefixQuery("UNION ALL SELECT ", prefix=prefix) inbandQuery = self.prefixQuery("UNION ALL SELECT ", prefix=prefix)
if limited: if limited:
inbandQuery += ",".join(map(lambda x: char if x != position else '(SELECT %s)' % query, xrange(0, count))) inbandQuery += ",".join(char if _ != position else '(SELECT %s)' % query for _ in xrange(0, count))
inbandQuery += FROM_TABLE.get(Backend.getIdentifiedDbms(), "") inbandQuery += FROM_TABLE.get(Backend.getIdentifiedDbms(), "")
inbandQuery = self.suffixQuery(inbandQuery, comment, suffix) inbandQuery = self.suffixQuery(inbandQuery, comment, suffix)

9
lib/core/common.py
View File

@ -2346,15 +2346,12 @@ def findDynamicContent(firstPage, secondPage):
kb.dynamicMarkings = [] kb.dynamicMarkings = []
# Removing too small matching blocks # Removing too small matching blocks
while block in blocks[:]: for block in blocks[:]:
(_, _, length) = block (_, _, length) = block
if length <= DYNAMICITY_MARK_LENGTH: if length <= DYNAMICITY_MARK_LENGTH:
blocks.remove(block) blocks.remove(block)
else:
i += 1
# Making of dynamic markings based on prefix/suffix principle # Making of dynamic markings based on prefix/suffix principle
if len(blocks) > 0: if len(blocks) > 0:
blocks.insert(0, None) blocks.insert(0, None)
@ -2965,7 +2962,7 @@ def safeCSValue(value):
if retVal and isinstance(retVal, basestring): if retVal and isinstance(retVal, basestring):
if not (retVal[0] == retVal[-1] == '"'): if not (retVal[0] == retVal[-1] == '"'):
if any(map(lambda x: x in retVal, (conf.csvDel, '"', '\n'))): if any(_ in retVal for _ in (conf.csvDel, '"', '\n')):
retVal = '"%s"' % retVal.replace('"', '""') retVal = '"%s"' % retVal.replace('"', '""')
return retVal return retVal
@ -3124,7 +3121,7 @@ def findPageForms(content, url, raise_=False, addToTargets=False):
def getHostHeader(url): def getHostHeader(url):
retVal = urlparse.urlparse(url).netloc retVal = urlparse.urlparse(url).netloc
if any(map(lambda x: retVal.endswith(':%d' % x), [80, 443])): if any(retVal.endswith(':%d' % _) for _ in [80, 443]):
retVal = retVal.split(':')[0] retVal = retVal.split(':')[0]
return retVal return retVal

2
lib/core/settings.py
View File

@ -9,8 +9,6 @@ See the file 'doc/COPYING' for copying permission
import logging import logging
import os import os
import _socket
import socket
import subprocess import subprocess
import sys import sys

2
lib/request/comparison.py
View File

@ -32,8 +32,6 @@ def comparison(page, headers, code=None, getRatioValue=False, pageLength=None):
if page is None and pageLength is None: if page is None and pageLength is None:
return None return None
regExpResults = None
seqMatcher = getCurrentThreadData().seqMatcher seqMatcher = getCurrentThreadData().seqMatcher
seqMatcher.set_seq1(kb.pageTemplate) seqMatcher.set_seq1(kb.pageTemplate)

6
lib/request/connect.py
View File

@ -339,7 +339,9 @@ class Connect:
return conn, None, None return conn, None, None
# Get HTTP response # Get HTTP response
page = conn.read() if page is None else page if page is None:
page = conn.read()
code = redirecting or conn.code code = redirecting or conn.code
responseHeaders = conn.info() responseHeaders = conn.info()
responseHeaders[URI_HTTP_HEADER] = conn.geturl() responseHeaders[URI_HTTP_HEADER] = conn.geturl()
@ -486,7 +488,7 @@ class Connect:
if "forcibly closed" in tbMsg: if "forcibly closed" in tbMsg:
logger.critical(warnMsg) logger.critical(warnMsg)
return None, None, None return None, None, None
elif silent or (ignoreTimeout and any(map(lambda x: x in tbMsg, ["timed out", "IncompleteRead"]))): elif silent or (ignoreTimeout and any(_ in tbMsg for _ in ("timed out", "IncompleteRead"))):
return None, None, None return None, None, None
elif threadData.retriesCount < conf.retries and not kb.threadException and not conf.realTest: elif threadData.retriesCount < conf.retries and not kb.threadException and not conf.realTest:
warnMsg += ", sqlmap is going to retry the request" warnMsg += ", sqlmap is going to retry the request"

1
lib/techniques/blind/inference.py
View File

@ -102,7 +102,6 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
showEta = conf.eta and isinstance(length, int) showEta = conf.eta and isinstance(length, int)
numThreads = min(conf.threads, length) numThreads = min(conf.threads, length)
threads = []
if showEta: if showEta:
progress = ProgressBar(maxValue=length) progress = ProgressBar(maxValue=length)

11
lib/techniques/union/test.py
View File

@ -161,7 +161,7 @@ def __findUnionCharCount(comment, place, parameter, value, prefix, suffix, where
return retVal return retVal
def __unionPosition(comment, place, parameter, value, prefix, suffix, count, where=PAYLOAD.WHERE.ORIGINAL): def __unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYLOAD.WHERE.ORIGINAL):
validPayload = None validPayload = None
vector = None vector = None
@ -224,18 +224,18 @@ def __unionPosition(comment, place, parameter, value, prefix, suffix, count, whe
return validPayload, vector return validPayload, vector
def __unionConfirm(comment, place, parameter, value, prefix, suffix, count): def __unionConfirm(comment, place, parameter, prefix, suffix, count):
validPayload = None validPayload = None
vector = None vector = None
# Confirm the inband SQL injection and get the exact column # Confirm the inband SQL injection and get the exact column
# position which can be used to extract data # position which can be used to extract data
validPayload, vector = __unionPosition(comment, place, parameter, value, prefix, suffix, count) validPayload, vector = __unionPosition(comment, place, parameter, prefix, suffix, count)
# Assure that the above function found the exploitable full inband # Assure that the above function found the exploitable full inband
# SQL injection position # SQL injection position
if not validPayload: if not validPayload:
validPayload, vector = __unionPosition(comment, place, parameter, value, prefix, suffix, count, where=PAYLOAD.WHERE.NEGATIVE) validPayload, vector = __unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYLOAD.WHERE.NEGATIVE)
return validPayload, vector return validPayload, vector
@ -249,7 +249,6 @@ def __unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix
validPayload = None validPayload = None
vector = None vector = None
query = agent.prefixQuery("UNION ALL SELECT %s" % kb.uChar) query = agent.prefixQuery("UNION ALL SELECT %s" % kb.uChar)
total = conf.uColsStop+1 - conf.uColsStart
# In case that user explicitly stated number of columns affected # In case that user explicitly stated number of columns affected
if conf.uColsStop == conf.uColsStart: if conf.uColsStop == conf.uColsStart:
@ -267,7 +266,7 @@ def __unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix
if Backend.getIdentifiedDbms() in FROM_TABLE: if Backend.getIdentifiedDbms() in FROM_TABLE:
query += FROM_TABLE[Backend.getIdentifiedDbms()] query += FROM_TABLE[Backend.getIdentifiedDbms()]
validPayload, vector = __unionConfirm(comment, place, parameter, value, prefix, suffix, count) validPayload, vector = __unionConfirm(comment, place, parameter, prefix, suffix, count)
if not all([validPayload, vector]) and not all([conf.uChar, conf.dbms]): if not all([validPayload, vector]) and not all([conf.uChar, conf.dbms]):
warnMsg = "if UNION based SQL injection is not detected, " warnMsg = "if UNION based SQL injection is not detected, "

1
lib/techniques/union/use.py
View File

@ -145,7 +145,6 @@ def unionUse(expression, unpack=True, dump=False):
origExpr = expression origExpr = expression
startLimit = 0 startLimit = 0
stopLimit = None stopLimit = None
test = True
value = "" value = ""
width = getConsoleWidth() width = getConsoleWidth()

2
lib/utils/hashdb.py
View File

@ -118,7 +118,7 @@ class HashDB(object):
if threadData.inTransaction: if threadData.inTransaction:
try: try:
self.cursor.execute('END TRANSACTION') self.cursor.execute('END TRANSACTION')
except sqlite3.OperationalError, ex: except sqlite3.OperationalError:
pass pass
finally: finally:
threadData.inTransaction = False threadData.inTransaction = False

2
plugins/generic/enumeration.py
View File

@ -1594,7 +1594,7 @@ class Enumeration:
randStr, randStr2 = randomStr(), randomStr() randStr, randStr2 = randomStr(), randomStr()
filterFunction = "REPLACE(REPLACE(IFNULL(%s, ' '),'%s','%s'),'%s','%s')"\ filterFunction = "REPLACE(REPLACE(IFNULL(%s, ' '),'%s','%s'),'%s','%s')"\
% ('%s', CONCAT_VALUE_DELIMITER, randStr, CONCAT_ROW_DELIMITER, randStr2) % ('%s', CONCAT_VALUE_DELIMITER, randStr, CONCAT_ROW_DELIMITER, randStr2)
concats = ",".join(map(lambda x: "CONCAT(%s, '|')" % (filterFunction % x), colList[:-1])) concats = ",".join("CONCAT(%s, '|')" % (filterFunction % _) for _ in colList[:-1])
concats += ",%s" % (filterFunction % colList[-1]) concats += ",%s" % (filterFunction % colList[-1])
query = "SELECT GROUP_CONCAT(%s) FROM %s.%s" % (concats, conf.db, tbl) query = "SELECT GROUP_CONCAT(%s) FROM %s.%s" % (concats, conf.db, tbl)
value = inject.getValue(query, blind=False) value = inject.getValue(query, blind=False)

2
tamper/securesphere.py
View File

@ -7,8 +7,6 @@ Copyright (c) 2006-2011 sqlmap developers (http://www.sqlmap.org/)
See the file 'doc/COPYING' for copying permission See the file 'doc/COPYING' for copying permission
""" """
import re
from lib.core.common import randomRange from lib.core.common import randomRange
from lib.core.data import kb from lib.core.data import kb
from lib.core.enums import PRIORITY from lib.core.enums import PRIORITY

1
tamper/space2dash.py
View File

@ -7,7 +7,6 @@ Copyright (c) 2006-2011 sqlmap developers (http://www.sqlmap.org/)
See the file 'doc/COPYING' for copying permission See the file 'doc/COPYING' for copying permission
""" """
import os
import random import random
import string import string

2
tamper/space2mssqlhash.py
View File

@ -7,8 +7,6 @@ Copyright (c) 2006-2011 sqlmap developers (http://www.sqlmap.org/)
See the file 'doc/COPYING' for copying permission See the file 'doc/COPYING' for copying permission
""" """
import os
from lib.core.common import singleTimeWarnMessage from lib.core.common import singleTimeWarnMessage
from lib.core.enums import DBMS from lib.core.enums import DBMS
from lib.core.enums import PRIORITY from lib.core.enums import PRIORITY

2
tamper/unmagicquotes.py
View File

@ -8,8 +8,6 @@ See the file 'doc/COPYING' for copying permission
""" """
import re import re
import os
import random
from lib.core.common import singleTimeWarnMessage from lib.core.common import singleTimeWarnMessage
from lib.core.enums import DBMS from lib.core.enums import DBMS