sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 09:36:35 +03:00
Code Issues Packages Projects Releases Wiki Activity

Removing --fuzz-test

Browse Source
This commit is contained in:
Miroslav Stampar 2021-09-29 17:23:38 +02:00
parent cfa5042358
commit 564c5a2494
4 changed files with 2 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/core/settings.py
View File

@ -20,7 +20,7 @@ from thirdparty import six
from thirdparty.six import unichr as _unichr from thirdparty.six import unichr as _unichr
# sqlmap version (<major>.<minor>.<month>.<monthly commit>) # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.5.9.16" VERSION = "1.5.9.17"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

65
lib/core/testing.py
View File

@ -166,71 +166,6 @@ def vulnTest():
return retVal return retVal
def fuzzTest():
count = 0
address, port = "127.0.0.10", random.randint(1025, 65535)
def _thread():
vulnserver.init(quiet=True)
vulnserver.run(address=address, port=port)
thread = threading.Thread(target=_thread)
thread.daemon = True
thread.start()
while True:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
s.connect((address, port))
break
except:
time.sleep(1)
handle, config = tempfile.mkstemp(suffix=".conf")
os.close(handle)
url = "http://%s:%d/?id=1" % (address, port)
content = open(os.path.abspath(os.path.join(os.path.dirname(__file__), "..", "..", "sqlmap.conf"))).read().replace("url =", "url = %s" % url)
open(config, "w+").write(content)
while True:
lines = content.split("\n")
for i in xrange(20):
j = random.randint(0, len(lines) - 1)
if any(_ in lines[j] for _ in ("googleDork",)):
continue
if re.search(r"= (True|False)", lines[j]):
lines[j] = lines[j].replace(" = False", " = True")
continue
if lines[j].strip().endswith('='):
lines[j] += random.sample(("True", "False", randomStr(), str(randomInt())), 1)[0]
k = random.randint(0, len(lines) - 1)
if '=' in lines[k] and not re.search(r"= (True|False)", lines[k]):
lines[k] += chr(random.randint(0, 255))
open(config, "w+").write("\n".join(lines))
cmd = "%s %s -c %s --non-interactive --answers='Github=n' --flush-session --technique=%s --banner" % (sys.executable, os.path.abspath(os.path.join(os.path.dirname(__file__), "..", "..", "sqlmap.py")), config, random.sample("BEUQ", 1)[0])
output = shellExec(cmd)
if "Traceback" in output:
dataToStdout("---\n\n$ %s\n" % cmd)
dataToStdout("%s---\n" % output, coloring=False)
handle, config = tempfile.mkstemp(prefix="sqlmapcrash", suffix=".conf")
os.close(handle)
open(config, "w+").write("\n".join(lines))
else:
dataToStdout("\r%d\r" % count)
count += 1
def smokeTest(): def smokeTest():
""" """
Runs the basic smoke testing of a program Runs the basic smoke testing of a program

5
lib/parse/cmdline.py
View File

@ -824,9 +824,6 @@ def cmdLineParser(argv=None):
parser.add_argument("--vuln-test", dest="vulnTest", action="store_true", parser.add_argument("--vuln-test", dest="vulnTest", action="store_true",
help=SUPPRESS) help=SUPPRESS)
parser.add_argument("--fuzz-test", dest="fuzzTest", action="store_true",
help=SUPPRESS)
# API options # API options
parser.add_argument("--api", dest="api", action="store_true", parser.add_argument("--api", dest="api", action="store_true",
help=SUPPRESS) help=SUPPRESS)
@ -1065,7 +1062,7 @@ def cmdLineParser(argv=None):
else: else:
args.stdinPipe = None args.stdinPipe = None
if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, args.requestFile, args.updateAll, args.smokeTest, args.vulnTest, args.fuzzTest, args.wizard, args.dependencies, args.purge, args.listTampers, args.hashFile, args.stdinPipe)): if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, args.requestFile, args.updateAll, args.smokeTest, args.vulnTest, args.wizard, args.dependencies, args.purge, args.listTampers, args.hashFile, args.stdinPipe)):
errMsg = "missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, --wizard, --shell, --update, --purge, --list-tampers or --dependencies). " errMsg = "missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, --wizard, --shell, --update, --purge, --list-tampers or --dependencies). "
errMsg += "Use -h for basic and -hh for advanced help\n" errMsg += "Use -h for basic and -hh for advanced help\n"
parser.error(errMsg) parser.error(errMsg)

3
sqlmap.py
View File

@ -175,9 +175,6 @@ def main():
elif conf.vulnTest: elif conf.vulnTest:
from lib.core.testing import vulnTest from lib.core.testing import vulnTest
os._exitcode = 1 - (vulnTest() or 0) os._exitcode = 1 - (vulnTest() or 0)
elif conf.fuzzTest:
from lib.core.testing import fuzzTest
fuzzTest()
else: else:
from lib.controller.controller import start from lib.controller.controller import start
if conf.profile: if conf.profile: