diff --git a/lib/core/common.py b/lib/core/common.py index 37f33bf20..15d5bba91 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -1020,9 +1020,9 @@ def parseTargetDirect(): import pymssql if not hasattr(pymssql, "__version__") or pymssql.__version__ < "1.0.2": - errMsg = "pymssql library on your system must be " - errMsg += "version 1.0.2 to work, get it from " - errMsg += "http://sourceforge.net/projects/pymssql/files/pymssql/1.0.2/" + errMsg = "'%s' third-party library must be " % data[1] + errMsg += "version >= 1.0.2 to work properly. " + errMsg += "Download from %s" % data[2] raise sqlmapMissingDependence, errMsg elif dbmsName == DBMS.MYSQL: @@ -1040,7 +1040,7 @@ def parseTargetDirect(): except ImportError, _: errMsg = "sqlmap requires '%s' third-party library " % data[1] errMsg += "in order to directly connect to the database " - errMsg += "'%s'. Download from '%s'" % (dbmsName, data[2]) + errMsg += "%s. Download from %s" % (dbmsName, data[2]) raise sqlmapMissingDependence, errMsg def parseTargetUrl(): diff --git a/lib/core/option.py b/lib/core/option.py index 702fa7049..49823576b 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -113,6 +113,7 @@ from lib.request.certhandler import HTTPSCertAuthHandler from lib.request.rangehandler import HTTPRangeHandler from lib.request.redirecthandler import SmartRedirectHandler from lib.request.templates import getPageTemplate +from lib.utils.dependences import checkDependences from lib.utils.google import Google authHandler = urllib2.BaseHandler() @@ -1743,6 +1744,7 @@ def init(inputOptions=advancedDict(), overrideOptions=False): __saveCmdline() __setRequestFromFile() __cleanupOptions() + checkDependences() __basicOptionValidation() __setTorProxySettings() __setMultipleTargets() diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py index 15961b3f0..9ed4f8512 100644 --- a/lib/core/optiondict.py +++ b/lib/core/optiondict.py @@ -174,6 +174,7 @@ optDict = { "replicate": "boolean", "tor": "boolean", "wizard": "boolean", + "dependences": "boolean", "verbose": "integer" }, } diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index fbad2d833..ac20b47e6 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -537,6 +537,10 @@ def cmdLineParser(): action="store_true", default=False, help="Simple wizard interface for beginner users") + miscellaneous.add_option("--dependences", dest="dependences", + action="store_true", default=False, + help="Show which sqlmap dependences are not available") + # Hidden and/or experimental options parser.add_option("--profile", dest="profile", action="store_true", default=False, help=SUPPRESS_HELP) @@ -586,8 +590,8 @@ def cmdLineParser(): (args, _) = parser.parse_args(args) if not any([args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, \ - args.requestFile, args.updateAll, args.smokeTest, args.liveTest, args.realTest, args.wizard]): - errMsg = "missing a mandatory parameter ('-d', '-u', '-l', '-m', '-r', '-g', '-c', '--wizard' or '--update'), " + args.requestFile, args.updateAll, args.smokeTest, args.liveTest, args.realTest, args.wizard, args.dependences]): + errMsg = "missing a mandatory parameter (-d, -u, -l, -m, -r, -g, -c, --wizard, --update or --dependences), " errMsg += "-h for help" parser.error(errMsg) diff --git a/lib/utils/dependences.py b/lib/utils/dependences.py new file mode 100644 index 000000000..993668d45 --- /dev/null +++ b/lib/utils/dependences.py @@ -0,0 +1,106 @@ +#!/usr/bin/env python + +""" +$Id$ + +Copyright (c) 2006-2011 sqlmap developers (http://sqlmap.sourceforge.net/) +See the file 'doc/COPYING' for copying permission +""" + +from lib.core.data import conf +from lib.core.data import logger +from lib.core.enums import DBMS +from lib.core.exception import sqlmapMissingDependence +from lib.core.settings import DBMS_DICT +from lib.core.settings import IS_WIN + +def checkDependences(): + missing_libraries = set() + + for dbmsName, data in DBMS_DICT.items(): + if data[1] is None: + continue + + try: + if dbmsName in (DBMS.MSSQL, DBMS.SYBASE): + import _mssql + import pymssql + + if not hasattr(pymssql, "__version__") or pymssql.__version__ < "1.0.2": + errMsg = "'%s' third-party library must be " % data[1] + errMsg += "version >= 1.0.2 to work properly. " + errMsg += "Download from %s" % data[2] + logger.error(errMsg) + elif dbmsName == DBMS.MYSQL: + import MySQLdb + elif dbmsName == DBMS.PGSQL: + import psycopg2 + elif dbmsName == DBMS.ORACLE: + import cx_Oracle + elif dbmsName == DBMS.SQLITE: + import sqlite3 + elif dbmsName == DBMS.ACCESS: + import pyodbc + elif dbmsName == DBMS.FIREBIRD: + import kinterbasdb + except ImportError, _: + errMsg = "sqlmap requires '%s' third-party library " % data[1] + errMsg += "in order to directly connect to the database " + errMsg += "%s. Download from %s" % (dbmsName, data[2]) + logger.error(errMsg) + missing_libraries.add(data[1]) + + continue + + debugMsg = "'%s' third-party library is found" % data[1] + logger.debug(debugMsg) + + try: + import impacket + debugMsg = "'python-impacket' third-party library is found" + logger.debug(debugMsg) + except ImportError, _: + errMsg = "sqlmap requires 'python-impacket' third-party library for " + errMsg += "out-of-band takeover feature. Download from " + errMsg += "http://code.google.com/p/impacket/" + logger.error(errMsg) + missing_libraries.add('python-impacket') + + try: + import ntlm + debugMsg = "'python-ntlm' third-party library is found" + logger.debug(debugMsg) + except ImportError, _: + errMsg = "sqlmap requires 'python-ntlm' third-party library for " + errMsg += "if you plan to attack a web application behind NTLM " + errMsg += "authentication. Download from http://code.google.com/p/python-ntlm/" + logger.error(errMsg) + missing_libraries.add('python-ntlm') + + try: + import pysvn + debugMsg = "'python-svn' third-party library is found" + logger.debug(debugMsg) + except ImportError, _: + errMsg = "sqlmap requires 'python-svn' third-party library for " + errMsg += "if you want to use the sqlmap update functionality. " + errMsg += "Download from http://pysvn.tigris.org/" + logger.error(errMsg) + missing_libraries.add('python-svn') + + if IS_WIN: + try: + import pyreadline + debugMsg = "'python-pyreadline' third-party library is found" + logger.debug(debugMsg) + except ImportError, _: + errMsg = "sqlmap requires 'pyreadline' third-party library to " + errMsg += "be able to take advantage of the sqlmap TAB " + errMsg += "completion and history support features in the SQL " + errMsg += "shell and OS shell. Download from " + errMsg += "http://ipython.scipy.org/moin/PyReadline/Intro" + logger.error(errMsg) + missing_libraries.add('python-pyreadline') + + if len(missing_libraries) == 0: + infoMsg = "all dependences are installed" diff --git a/sqlmap.conf b/sqlmap.conf index 4475e778a..9e8340bf3 100644 --- a/sqlmap.conf +++ b/sqlmap.conf @@ -576,6 +576,10 @@ tor = False # Valid: True or False wizard = False +# Show which sqlmap dependences are not available. +# Valid: True or False +dependences = False + # Verbosity level. # Valid: integer between 0 and 6 # 0: Show only error and critical messages