added -m switch for bulk loading multiple targets

2025-01-24 08:14:24 +03:00 · 2011-05-11 08:46:40 +00:00 · 2011-05-11 08:46:40 +00:00 · 5ee07b90b9
commit 5ee07b90b9
parent 120b0d756e
4 changed files with 36 additions and 8 deletions
--- a/lib/core/option.py
+++ b/lib/core/option.py
@ -437,6 +437,26 @@ def __setGoogleDorking():
        errMsg += "have GET parameters to test for SQL injection"
        raise sqlmapGenericException, errMsg

+def __setBulkMultipleTargets():
+    if not conf.bulkFile:
+        return
+
+    conf.bulkFile = os.path.expanduser(conf.bulkFile)
+
+    infoMsg = "parsing multiple targets list from '%s'" % conf.bulkFile
+    logger.info(infoMsg)
+
+    if not os.path.isfile(conf.bulkFile):
+        errMsg = "the specified bulk file "
+        errMsg += "does not exist"
+        raise sqlmapFilePathException, errMsg
+
+    f = open(conf.bulkFile, 'r')
+    for line in f.xreadlines():
+        if re.search(r"[^ ]+\?(.+)", line, re.I):
+            kb.targetUrls.add((line, None, None, None))
+    f.close()
+
 def __findPageForms():
    if not conf.forms:
        return
@ -1211,7 +1231,7 @@ def __cleanupOptions():
    if conf.tmpPath:
        conf.tmpPath = ntToPosixSlashes(normalizePath(conf.tmpPath))

-    if conf.googleDork or conf.logFile or conf.forms:
+    if conf.googleDork or conf.logFile or conf.bulkFile or conf.forms:
        conf.multipleTargets = True

    if conf.optimize:
@ -1602,7 +1622,7 @@ def __basicOptionValidation():
        errMsg = "switch --proxy is incompatible with switch --ignore-proxy"
        raise sqlmapSyntaxException, errMsg

-    if conf.forms and (conf.logFile or conf.direct or conf.requestFile or conf.googleDork):
+    if conf.forms and any([conf.logFile, conf.bulkFile, conf.direct, conf.requestFile, conf.googleDork]):
        errMsg = "switch --forms is compatible only with -u (--url) target switch"
        raise sqlmapSyntaxException, errMsg

@ -1636,7 +1656,7 @@ def init(inputOptions=advancedDict(), overrideOptions=False):
    parseTargetUrl()
    parseTargetDirect()

-    if conf.url or conf.logFile or conf.requestFile or conf.googleDork or conf.liveTest:
+    if any([conf.url, conf.logFile, conf.bulkFile, conf.requestFile, conf.googleDork, conf.liveTest]):
        __setHTTPTimeout()
        __setHTTPExtraHeaders()
        __setHTTPCookies()
@ -1648,6 +1668,7 @@ def init(inputOptions=advancedDict(), overrideOptions=False):
        __setDNSCache()
        __setSafeUrl()
        __setGoogleDorking()
+        __setBulkMultipleTargets()
        __urllib2Opener()
        __findPageForms()
        __setDBMS()
--- a/lib/core/optiondict.py
+++ b/lib/core/optiondict.py
@ -16,6 +16,7 @@ optDict = {
                               "direct":            "string",
                               "url":               "string",
                               "logFile":           "string",
+                               "bulkFile":           "string",
                               "requestFile":       "string",
                               "googleDork":        "string",
                               "configFile":        "string"
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@ -47,6 +47,9 @@ def cmdLineParser():
        target.add_option("-l", dest="logFile", help="Parse targets from Burp "
                          "or WebScarab proxy logs")

+        target.add_option("-m", dest="bulkFile", help="Scan multiple targets enlisted "
+                          "in a given textual file ")
+
        target.add_option("-r", dest="requestFile",
                          help="Load HTTP request from a file")

@ -569,9 +572,9 @@ def cmdLineParser():

        (args, _) = parser.parse_args(args)

-        if not any([args.direct, args.url, args.logFile, args.googleDork, args.configFile, \
+        if not any([args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, \
            args.requestFile, args.updateAll, args.smokeTest, args.liveTest, args.realTest, args.wizard]):
-            errMsg = "missing a mandatory parameter ('-d', '-u', '-l', '-r', '-g', '-c', '--wizard' or '--update'), "
+            errMsg = "missing a mandatory parameter ('-d', '-u', '-l', '-m', '-r', '-g', '-c', '--wizard' or '--update'), "
            errMsg += "-h for help"
            parser.error(errMsg)

--- a/lib/parse/configfile.py
+++ b/lib/parse/configfile.py
@ -67,12 +67,15 @@ def configFileParser(configFile):
        raise NoSectionError, "Target in the configuration file is mandatory"

    condition = not config.has_option("Target", "url")
-    condition &= not config.has_option("Target", "list")
+    condition &= not config.has_option("Target", "logFile")
+    condition &= not config.has_option("Target", "bulkFile")
    condition &= not config.has_option("Target", "googleDork")
+    condition &= not config.has_option("Target", "requestFile")
+    condition &= not config.has_option("Target", "wizard")

    if condition:
-        errMsg = "missing a mandatory option in the configuration "
-        errMsg += "file (url, list or googleDork)"
+        errMsg = "missing a mandatory option in the configuration file "
+        errMsg += "(url, logFile, bulkFile, googleDork, requestFile or wizard)"
        raise sqlmapMissingMandatoryOptionException, errMsg

    for family, optionData in optDict.items():