diff --git a/lib/core/common.py b/lib/core/common.py index 820ffb5aa..22878aafe 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -79,7 +79,6 @@ from lib.core.settings import DEFAULT_GET_POST_DELIMITER from lib.core.settings import INFERENCE_UNKNOWN_CHAR from lib.core.settings import UNICODE_ENCODING from lib.core.settings import DBMS_DICT -from lib.core.settings import DEFAULT_CSV_DELIMITER from lib.core.settings import DESCRIPTION from lib.core.settings import DUMMY_SQL_INJECTION_CHARS from lib.core.settings import IS_WIN @@ -2989,7 +2988,7 @@ def safeCSValue(value): if retVal and isinstance(retVal, basestring): if not (retVal[0] == retVal[-1] == '"'): - if any(map(lambda x: x in retVal, [DEFAULT_CSV_DELIMITER, '"', '\n'])): + if any(map(lambda x: x in retVal, [conf.csvDel, '"', '\n'])): retVal = '"%s"' % retVal.replace('"', '""') return retVal diff --git a/lib/core/defaults.py b/lib/core/defaults.py index 8aadb02c1..c797846a1 100644 --- a/lib/core/defaults.py +++ b/lib/core/defaults.py @@ -10,6 +10,7 @@ See the file 'doc/COPYING' for copying permission from lib.core.datatype import AttribDict _defaults = { + "csvDel": ",", "timeSec": 5, "googlePage": 1, "cpuThrottle": 5, diff --git a/lib/core/dump.py b/lib/core/dump.py index 0b7b8b03b..373b25a80 100644 --- a/lib/core/dump.py +++ b/lib/core/dump.py @@ -24,7 +24,6 @@ from lib.core.data import kb from lib.core.data import logger from lib.core.enums import DBMS from lib.core.replication import Replication -from lib.core.settings import DEFAULT_CSV_DELIMITER from lib.core.settings import TRIM_STDOUT_DUMP_SIZE from lib.core.settings import UNICODE_ENCODING @@ -398,7 +397,7 @@ class Dump: if field == fields: dataToDumpFile(dumpFP, "%s" % safeCSValue(column)) else: - dataToDumpFile(dumpFP, "%s%s" % (safeCSValue(column), DEFAULT_CSV_DELIMITER)) + dataToDumpFile(dumpFP, "%s%s" % (safeCSValue(column), conf.csvDel)) field += 1 @@ -444,7 +443,7 @@ class Dump: if field == fields: dataToDumpFile(dumpFP, "%s" % safeCSValue(value)) else: - dataToDumpFile(dumpFP, "%s%s" % (safeCSValue(value), DEFAULT_CSV_DELIMITER)) + dataToDumpFile(dumpFP, "%s%s" % (safeCSValue(value), conf.csvDel)) field += 1 diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py index b25d36d51..b7196358a 100644 --- a/lib/core/optiondict.py +++ b/lib/core/optiondict.py @@ -161,7 +161,9 @@ optDict = { "trafficFile": "string", "batch": "boolean", "charset": "string", + "checkTor": "boolean", "crawlDepth": "integer", + "csvDel": "string", "eta": "boolean", "flushSession": "boolean", "forms": "boolean", @@ -170,7 +172,6 @@ optDict = { "replicate": "boolean", "updateAll": "boolean", "tor": "boolean", - "checkTor": "boolean" }, "Miscellaneous": { diff --git a/lib/core/settings.py b/lib/core/settings.py index 6c0cb3d72..e2a4d1000 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -413,9 +413,6 @@ UNENCODED_ORIGINAL_VALUE = 'original' # Common column names containing usernames (used for hash cracking in some cases) COMMON_USER_COLUMNS = ('user', 'username', 'user_name', 'benutzername', 'benutzer', 'utilisateur', 'usager', 'consommateur', 'utente', 'utilizzatore', 'usufrutuario', 'korisnik', 'usuario', 'consumidor') -# Default delimiter used in CSV file format -DEFAULT_CSV_DELIMITER = ',' - # Default delimiter in GET/POST values DEFAULT_GET_POST_DELIMITER = '&' diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index f6492a935..af4e76174 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -238,12 +238,12 @@ def cmdLineParser(): techniques.add_option("--technique", dest="tech", help="SQL injection techniques to test for " - "(default %s)" % defaults.tech) + "(default \"%s\")" % defaults.tech) techniques.add_option("--time-sec", dest="timeSec", type="int", help="Seconds to delay the DBMS response " - "(default %s)" % defaults.timeSec) + "(default %d)" % defaults.timeSec) techniques.add_option("--union-cols", dest="uCols", help="Range of columns to test for UNION query SQL injection") @@ -487,9 +487,17 @@ def cmdLineParser(): general.add_option("--charset", dest="charset", help="Force character encoding used for data retrieval") + general.add_option("--check-tor", dest="checkTor", + action="store_true", + help="Check to see if Tor is used properly") + general.add_option("--crawl", dest="crawlDepth", type="int", help="Crawl the website starting from the target url") + general.add_option("--csv-del", dest="csvDel", + help="Delimiting character used in CSV output " + "(default \"%s\")" % defaults.csvDel) + general.add_option("--eta", dest="eta", action="store_true", help="Display for each output the " @@ -523,10 +531,6 @@ def cmdLineParser(): action="store_true", help="Use default Tor (Vidalia/Privoxy/Polipo) proxy address") - general.add_option("--check-tor", dest="checkTor", - action="store_true", - help="Check to see if Tor is used properly") - general.add_option("--update", dest="updateAll", action="store_true", help="Update sqlmap") diff --git a/sqlmap.conf b/sqlmap.conf index 2021df5b8..5fb15404b 100644 --- a/sqlmap.conf +++ b/sqlmap.conf @@ -533,11 +533,19 @@ batch = False # Force character encoding used for data retrieval. charset = +# Check to see if Tor is used properly +# Valid: True or False +checkTor = False + # Crawl the website starting from the target url # Valid: integer # Default: 0 crawlDepth = 0 +# Delimiting character used in CSV output. +# Default: , +csvDel = , + # Retrieve each query output length and calculate the estimated time of # arrival in real time. # Valid: True or False @@ -567,10 +575,6 @@ replicate = False # Valid: True or False tor = False -# Check to see if Tor is used properly -# Valid: True or False -checkTor = False - # Update sqlmap. # Valid: True or False updateAll = False