diff --git a/lib/core/common.py b/lib/core/common.py index ae8d5dfcc..ccb4b3fb4 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -1398,7 +1398,6 @@ def setPaths(rootPath): paths.WORDLIST = os.path.join(paths.SQLMAP_TXT_PATH, "wordlist.tx_") paths.ERRORS_XML = os.path.join(paths.SQLMAP_XML_PATH, "errors.xml") paths.BOUNDARIES_XML = os.path.join(paths.SQLMAP_XML_PATH, "boundaries.xml") - paths.LIVE_TESTS_XML = os.path.join(paths.SQLMAP_XML_PATH, "livetests.xml") paths.QUERIES_XML = os.path.join(paths.SQLMAP_XML_PATH, "queries.xml") paths.GENERIC_XML = os.path.join(paths.SQLMAP_XML_BANNER_PATH, "generic.xml") paths.MSSQL_XML = os.path.join(paths.SQLMAP_XML_BANNER_PATH, "mssql.xml") diff --git a/lib/core/option.py b/lib/core/option.py index fa64003d7..d8d234ea5 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -2602,7 +2602,7 @@ def _basicOptionValidation(): errMsg = "value for option '--union-char' must be an alpha-numeric value (e.g. 1)" raise SqlmapSyntaxException(errMsg) - if conf.hashFile and any((conf.direct, conf.url, conf.logFile, conf.bulkFile, conf.googleDork, conf.configFile, conf.requestFile, conf.updateAll, conf.smokeTest, conf.liveTest, conf.wizard, conf.dependencies, conf.purge, conf.listTampers)): + if conf.hashFile and any((conf.direct, conf.url, conf.logFile, conf.bulkFile, conf.googleDork, conf.configFile, conf.requestFile, conf.updateAll, conf.smokeTest, conf.wizard, conf.dependencies, conf.purge, conf.listTampers)): errMsg = "option '--crack' should be used as a standalone" raise SqlmapSyntaxException(errMsg) @@ -2669,7 +2669,7 @@ def init(): parseTargetDirect() - if any((conf.url, conf.logFile, conf.bulkFile, conf.requestFile, conf.googleDork, conf.liveTest)): + if any((conf.url, conf.logFile, conf.bulkFile, conf.requestFile, conf.googleDork)): _setHostname() _setHTTPTimeout() _setHTTPExtraHeaders() diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py index caa75fa90..7273718e6 100644 --- a/lib/core/optiondict.py +++ b/lib/core/optiondict.py @@ -252,7 +252,6 @@ optDict = { "forceDns": "boolean", "murphyRate": "integer", "smokeTest": "boolean", - "liveTest": "boolean", "stopFail": "boolean", "runCase": "string", }, diff --git a/lib/core/settings.py b/lib/core/settings.py index 9410744ac..addeff4dd 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -18,7 +18,7 @@ from lib.core.enums import OS from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.4.1.4" +VERSION = "1.4.1.5" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/testing.py b/lib/core/testing.py index 295bc3ebc..9b5e1451a 100644 --- a/lib/core/testing.py +++ b/lib/core/testing.py @@ -289,130 +289,6 @@ def adjustValueType(tagName, value): break return value -def liveTest(): - """ - Runs the test of a program against the live testing environment - """ - - retVal = True - count = 0 - global_ = {} - vars_ = {} - - livetests = readXmlFile(paths.LIVE_TESTS_XML) - length = len(livetests.getElementsByTagName("case")) - - element = livetests.getElementsByTagName("global") - if element: - for item in element: - for child in item.childNodes: - if child.nodeType == child.ELEMENT_NODE and child.hasAttribute("value"): - global_[child.tagName] = adjustValueType(child.tagName, child.getAttribute("value")) - - element = livetests.getElementsByTagName("vars") - if element: - for item in element: - for child in item.childNodes: - if child.nodeType == child.ELEMENT_NODE and child.hasAttribute("value"): - var = child.getAttribute("value") - vars_[child.tagName] = randomStr(6) if var == "random" else var - - for case in livetests.getElementsByTagName("case"): - parse_from_console_output = False - count += 1 - name = None - parse = [] - switches = dict(global_) - value = "" - vulnerable = True - result = None - - if case.hasAttribute("name"): - name = case.getAttribute("name") - - if conf.runCase and ((conf.runCase.isdigit() and conf.runCase != count) or not re.search(conf.runCase, name, re.DOTALL)): - continue - - if case.getElementsByTagName("switches"): - for child in case.getElementsByTagName("switches")[0].childNodes: - if child.nodeType == child.ELEMENT_NODE and child.hasAttribute("value"): - value = replaceVars(child.getAttribute("value"), vars_) - switches[child.tagName] = adjustValueType(child.tagName, value) - - if case.getElementsByTagName("parse"): - for item in case.getElementsByTagName("parse")[0].getElementsByTagName("item"): - if item.hasAttribute("value"): - value = replaceVars(item.getAttribute("value"), vars_) - - if item.hasAttribute("console_output"): - parse_from_console_output = bool(item.getAttribute("console_output")) - - parse.append((value, parse_from_console_output)) - - conf.verbose = global_.get("verbose", 1) - setVerbosity() - - msg = "running live test case: %s (%d/%d)" % (name, count, length) - logger.info(msg) - - initCase(switches, count) - - test_case_fd = codecs.open(os.path.join(paths.SQLMAP_OUTPUT_PATH, "test_case"), "wb", UNICODE_ENCODING) - test_case_fd.write("%s\n" % name) - - try: - result = runCase(parse) - except SqlmapNotVulnerableException: - vulnerable = False - finally: - conf.verbose = global_.get("verbose", 1) - setVerbosity() - - if result is True: - logger.info("test passed") - cleanCase() - else: - errMsg = "test failed" - - if _failures.failedItems: - errMsg += " at parsing items: %s" % ", ".join(i for i in _failures.failedItems) - - errMsg += " - scan folder: %s" % paths.SQLMAP_OUTPUT_PATH - errMsg += " - traceback: %s" % bool(_failures.failedTraceBack) - - if not vulnerable: - errMsg += " - SQL injection not detected" - - logger.error(errMsg) - test_case_fd.write("%s\n" % errMsg) - - if _failures.failedParseOn: - console_output_fd = codecs.open(os.path.join(paths.SQLMAP_OUTPUT_PATH, "console_output"), "wb", UNICODE_ENCODING) - console_output_fd.write(_failures.failedParseOn) - console_output_fd.close() - - if _failures.failedTraceBack: - traceback_fd = codecs.open(os.path.join(paths.SQLMAP_OUTPUT_PATH, "traceback"), "wb", UNICODE_ENCODING) - traceback_fd.write(_failures.failedTraceBack) - traceback_fd.close() - - beep() - - if conf.stopFail is True: - return retVal - - test_case_fd.close() - retVal &= bool(result) - - dataToStdout("\n") - - if retVal: - logger.info("live test final result: PASSED") - else: - logger.error("live test final result: FAILED") - - return retVal - def initCase(switches, count): _failures.failedItems = [] _failures.failedParseOn = None diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index 7c6fa2986..c56b4b0d6 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -787,9 +787,6 @@ def cmdLineParser(argv=None): parser.add_argument("--smoke-test", dest="smokeTest", action="store_true", help=SUPPRESS) - parser.add_argument("--live-test", dest="liveTest", action="store_true", - help=SUPPRESS) - parser.add_argument("--vuln-test", dest="vulnTest", action="store_true", help=SUPPRESS) @@ -1005,7 +1002,7 @@ def cmdLineParser(argv=None): if args.dummy: args.url = args.url or DUMMY_URL - if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, args.requestFile, args.updateAll, args.smokeTest, args.vulnTest, args.liveTest, args.wizard, args.dependencies, args.purge, args.listTampers, args.hashFile)): + if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, args.requestFile, args.updateAll, args.smokeTest, args.vulnTest, args.wizard, args.dependencies, args.purge, args.listTampers, args.hashFile)): errMsg = "missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, --list-tampers, --wizard, --update, --purge or --dependencies). " errMsg += "Use -h for basic and -hh for advanced help\n" parser.error(errMsg) diff --git a/lib/takeover/metasploit.py b/lib/takeover/metasploit.py index 2e12d2c07..0abc6c574 100644 --- a/lib/takeover/metasploit.py +++ b/lib/takeover/metasploit.py @@ -569,13 +569,6 @@ class Metasploit(object): errMsg += "to open a remote session" raise SqlmapGenericException(errMsg) - if conf.liveTest and timeout: - if initialized: - send_all(proc, "exit\n") - time.sleep(2) - else: - proc.kill() - except select.error as ex: # Reference: https://github.com/andymccurdy/redis-py/pull/743/commits/2b59b25bb08ea09e98aede1b1f23a270fc085a9f if ex.args[0] == errno.EINTR: diff --git a/lib/utils/progress.py b/lib/utils/progress.py index 76ad2cf06..97874854a 100644 --- a/lib/utils/progress.py +++ b/lib/utils/progress.py @@ -93,11 +93,8 @@ class ProgressBar(object): dataToStdout("\r%s %d/%d%s" % (self._progBar, self._amount, self._max, (" (ETA %s)" % (self._convertSeconds(int(eta)) if eta is not None else "??:??")))) if self._amount >= self._max: - if not conf.liveTest: - dataToStdout("\r%s\r" % (" " * self._width)) - kb.prependFlag = False - else: - dataToStdout("\n") + dataToStdout("\r%s\r" % (" " * self._width)) + kb.prependFlag = False def __str__(self): """ diff --git a/sqlmap.py b/sqlmap.py index 811fc4ca7..347460cc5 100755 --- a/sqlmap.py +++ b/sqlmap.py @@ -173,9 +173,6 @@ def main(): elif conf.vulnTest: from lib.core.testing import vulnTest os._exitcode = 1 - (vulnTest() or 0) - elif conf.liveTest: - from lib.core.testing import liveTest - os._exitcode = 1 - (liveTest() or 0) else: from lib.controller.controller import start if conf.profile and six.PY2: