sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-01-24 08:14:24 +03:00
Code Issues Packages Projects Releases Wiki Activity

added -m switch for bulk loading multiple targets

Browse Source
This commit is contained in:
Miroslav Stampar 2011-05-11 08:46:40 +00:00
parent 120b0d756e
commit 5ee07b90b9
4 changed files with 36 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
lib/core/option.py
View File

@ -437,6 +437,26 @@ def __setGoogleDorking():
errMsg += "have GET parameters to test for SQL injection" errMsg += "have GET parameters to test for SQL injection"
raise sqlmapGenericException, errMsg raise sqlmapGenericException, errMsg
def __setBulkMultipleTargets():
if not conf.bulkFile:
return
conf.bulkFile = os.path.expanduser(conf.bulkFile)
infoMsg = "parsing multiple targets list from '%s'" % conf.bulkFile
logger.info(infoMsg)
if not os.path.isfile(conf.bulkFile):
errMsg = "the specified bulk file "
errMsg += "does not exist"
raise sqlmapFilePathException, errMsg
f = open(conf.bulkFile, 'r')
for line in f.xreadlines():
if re.search(r"[^ ]+\?(.+)", line, re.I):
kb.targetUrls.add((line, None, None, None))
f.close()
def __findPageForms(): def __findPageForms():
if not conf.forms: if not conf.forms:
return return
@ -1211,7 +1231,7 @@ def __cleanupOptions():
if conf.tmpPath: if conf.tmpPath:
conf.tmpPath = ntToPosixSlashes(normalizePath(conf.tmpPath)) conf.tmpPath = ntToPosixSlashes(normalizePath(conf.tmpPath))
if conf.googleDork or conf.logFile or conf.forms: if conf.googleDork or conf.logFile or conf.bulkFile or conf.forms:
conf.multipleTargets = True conf.multipleTargets = True
if conf.optimize: if conf.optimize:
@ -1602,7 +1622,7 @@ def __basicOptionValidation():
errMsg = "switch --proxy is incompatible with switch --ignore-proxy" errMsg = "switch --proxy is incompatible with switch --ignore-proxy"
raise sqlmapSyntaxException, errMsg raise sqlmapSyntaxException, errMsg
if conf.forms and (conf.logFile or conf.direct or conf.requestFile or conf.googleDork): if conf.forms and any([conf.logFile, conf.bulkFile, conf.direct, conf.requestFile, conf.googleDork]):
errMsg = "switch --forms is compatible only with -u (--url) target switch" errMsg = "switch --forms is compatible only with -u (--url) target switch"
raise sqlmapSyntaxException, errMsg raise sqlmapSyntaxException, errMsg
@ -1636,7 +1656,7 @@ def init(inputOptions=advancedDict(), overrideOptions=False):
parseTargetUrl() parseTargetUrl()
parseTargetDirect() parseTargetDirect()
if conf.url or conf.logFile or conf.requestFile or conf.googleDork or conf.liveTest: if any([conf.url, conf.logFile, conf.bulkFile, conf.requestFile, conf.googleDork, conf.liveTest]):
__setHTTPTimeout() __setHTTPTimeout()
__setHTTPExtraHeaders() __setHTTPExtraHeaders()
__setHTTPCookies() __setHTTPCookies()
@ -1648,6 +1668,7 @@ def init(inputOptions=advancedDict(), overrideOptions=False):
__setDNSCache() __setDNSCache()
__setSafeUrl() __setSafeUrl()
__setGoogleDorking() __setGoogleDorking()
__setBulkMultipleTargets()
__urllib2Opener() __urllib2Opener()
__findPageForms() __findPageForms()
__setDBMS() __setDBMS()

1
lib/core/optiondict.py
View File

@ -16,6 +16,7 @@ optDict = {
"direct": "string", "direct": "string",
"url": "string", "url": "string",
"logFile": "string", "logFile": "string",
"bulkFile": "string",
"requestFile": "string", "requestFile": "string",
"googleDork": "string", "googleDork": "string",
"configFile": "string" "configFile": "string"

7
lib/parse/cmdline.py
View File

@ -47,6 +47,9 @@ def cmdLineParser():
target.add_option("-l", dest="logFile", help="Parse targets from Burp " target.add_option("-l", dest="logFile", help="Parse targets from Burp "
"or WebScarab proxy logs") "or WebScarab proxy logs")
target.add_option("-m", dest="bulkFile", help="Scan multiple targets enlisted "
"in a given textual file ")
target.add_option("-r", dest="requestFile", target.add_option("-r", dest="requestFile",
help="Load HTTP request from a file") help="Load HTTP request from a file")
@ -569,9 +572,9 @@ def cmdLineParser():
(args, _) = parser.parse_args(args) (args, _) = parser.parse_args(args)
if not any([args.direct, args.url, args.logFile, args.googleDork, args.configFile, \ if not any([args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, \
args.requestFile, args.updateAll, args.smokeTest, args.liveTest, args.realTest, args.wizard]): args.requestFile, args.updateAll, args.smokeTest, args.liveTest, args.realTest, args.wizard]):
errMsg = "missing a mandatory parameter ('-d', '-u', '-l', '-r', '-g', '-c', '--wizard' or '--update'), " errMsg = "missing a mandatory parameter ('-d', '-u', '-l', '-m', '-r', '-g', '-c', '--wizard' or '--update'), "
errMsg += "-h for help" errMsg += "-h for help"
parser.error(errMsg) parser.error(errMsg)

9
lib/parse/configfile.py
View File

@ -67,12 +67,15 @@ def configFileParser(configFile):
raise NoSectionError, "Target in the configuration file is mandatory" raise NoSectionError, "Target in the configuration file is mandatory"
condition = not config.has_option("Target", "url") condition = not config.has_option("Target", "url")
condition &= not config.has_option("Target", "list") condition &= not config.has_option("Target", "logFile")
condition &= not config.has_option("Target", "bulkFile")
condition &= not config.has_option("Target", "googleDork") condition &= not config.has_option("Target", "googleDork")
condition &= not config.has_option("Target", "requestFile")
condition &= not config.has_option("Target", "wizard")
if condition: if condition:
errMsg = "missing a mandatory option in the configuration " errMsg = "missing a mandatory option in the configuration file "
errMsg += "file (url, list or googleDork)" errMsg += "(url, logFile, bulkFile, googleDork, requestFile or wizard)"
raise sqlmapMissingMandatoryOptionException, errMsg raise sqlmapMissingMandatoryOptionException, errMsg
for family, optionData in optDict.items(): for family, optionData in optDict.items():