sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-03-14 15:14:31 +03:00
Code Issues Packages Projects Releases Wiki Activity

Minor adjustments to the operating system fingerprint.

Browse Source
This commit is contained in:
Bernardo Damele 2008-11-19 00:36:44 +00:00
parent 727664aea7
commit 736b2e7323
6 changed files with 59 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
lib/core/common.py
View File

@ -130,9 +130,9 @@ def formatDBMSfp(versions=None):
return "%s %s" % (kb.dbms, " and ".join([version for version in versions]))
def __formatFingerprintString(values, chain="or"):
def __formatFingerprintString(values, chain=" or "):
string = "|".join([v for v in values])
return string.replace("|", " %s " % chain)
return string.replace("|", chain)
def formatFingerprint(target, info):
@ -140,22 +140,24 @@ def formatFingerprint(target, info):
This function format the back-end operating system fingerprint value
and return its values formatted as a human readable string.
Examples of info dictionary:
Example of info (kb.headersFp) dictionary:
{
"distrib": set(["2000"]),
"dbmsVersion": "8.00.194",
"dbmsRelease": "2000",
"dbmsServicePack": "0",
"type": set(["Windows"])
'distrib': set(['Ubuntu']),
'type': set(['Linux']),
'technology': set(['PHP 5.2.6', 'Apache 2.2.9']),
'release': set(['8.10'])
}
Example of info (kb.bannerFp) dictionary:
{
"distrib": set(["Ubuntu"]),
"release": set(["8.10"]),
"codename": set(["Intrepid"]),
"version": "5.0.67",
"type": set(["Linux"])
'sp': set(['Service Pack 4']),
'dbmsVersion': '8.00.194',
'dbmsServicePack': '0',
'distrib': set(['2000']),
'dbmsRelease': '2000',
'type': set(['Windows'])
}
@return: detected back-end operating system based upon fingerprint
@ -165,25 +167,23 @@ def formatFingerprint(target, info):
infoStr = ""
if not info or "type" not in info:
return infoStr
else:
if info and "type" in info:
infoStr += "%s operating system: %s" % (target, __formatFingerprintString(info["type"]))
if "distrib" in info:
infoStr += " %s" % __formatFingerprintString(info["distrib"])
if "distrib" in info:
infoStr += " %s" % __formatFingerprintString(info["distrib"])
if "release" in info:
infoStr += " %s" % __formatFingerprintString(info["release"])
if "release" in info:
infoStr += " %s" % __formatFingerprintString(info["release"])
if "sp" in info:
infoStr += " %s" % __formatFingerprintString(info["sp"])
if "sp" in info:
infoStr += " %s" % __formatFingerprintString(info["sp"])
if "codename" in info:
infoStr += " (%s)" % __formatFingerprintString(info["codename"])
if "codename" in info:
infoStr += " (%s)" % __formatFingerprintString(info["codename"])
if "technology" in info:
infoStr += "\nweb application technology: %s" % __formatFingerprintString(info["technology"], "and")
infoStr += "\nweb application technology: %s" % __formatFingerprintString(info["technology"], ", ")
return infoStr

3
lib/parse/handler.py
View File

@ -60,7 +60,8 @@ class FingerprintHandler(ContentHandler):
if key not in self.__info.keys():
self.__info[key] = set()
self.__info[key].add(value)
for v in value.split("|"):
self.__info[key].add(v)
def startElement(self, name, attrs):

21
sqlmap.conf
View File

@ -2,7 +2,22 @@
# Target URL.
# Example: http://192.168.1.121/sqlmap/mysql/get_int.php?id=1&cat=2
url =
# PHP and MySQL (local)
#url = http://127.0.0.1/sqlmap/mysql/get_int.php?id=1
# PHP and Oracle (local)
#url = http://127.0.0.1/sqlmap/oracle/get_int.php?id=1
# PHP and PostgreSQL (local)
#url = http://127.0.0.1/sqlmap/pgsql/get_int.php?id=1
# PHP and Microsoft SQL Server (remote)
#url = http://127.0.0.1/sqlmap/mssql/get_int.php?id=1
# PHP and MySQL (remote on Windows)
#url = http://127.0.0.1/sqlmap/mysql/win_get_int.php?id=1
# ASP and Microsoft SQL Server (local)
#url = http://192.168.192.10/sqlmap/get_str.asp?name=luther
# ASP and MySQL (local)
#url = http://192.168.192.10/sqlmap/get_int.asp?id=1
# ASP.NET and MySQL (local)
#url = http://192.168.192.10/sqlmap/get_int.aspx?id=1
# Rather than providing a target url, let Google return target
# hosts as result of your Google dork expression. For a list of Google
@ -34,10 +49,10 @@ referer =
# HTTP User-Agent header. Useful to fake the HTTP User-Agent header value
# at each HTTP request
# sqlmap will also test for SQL injection on the HTTP User-Agent value.
agent = sqlmap/0.6.1 (http://sqlmap.sourceforge.net)
agent =
# Load a random HTTP User-Agent header from file
# Example: txt/user-agents.txt
# Example: ./txt/user-agents.txt
userAgentsFile =
# HTTP Authentication type. Useful only if the target url requires

2
xml/banner/generic.xml
View File

@ -56,7 +56,7 @@
</regexp>
<regexp value="Debian">
<info type="Linux" distrib="Debian or Ubuntu"/>
<info type="Linux" distrib="Debian|Ubuntu"/>
</regexp>
<regexp value="Fedora">

18
xml/banner/server.xml
View File

@ -22,7 +22,7 @@
</regexp>
<regexp value="Apache/2.0.52 \(CentOS\)">
<info type="Linux" distrib="CentOS" release="4.3 or 4.4"/>
<info type="Linux" distrib="CentOS" release="4.3|4.4"/>
</regexp>
<regexp value="Apache/2.0.46 \(CentOS\)">
@ -77,7 +77,7 @@
</regexp>
<regexp value="Apache/2.2.6 \(Fedora\)">
<info type="Linux" distrib="Fedora" release="6 or 7" updated="True"/>
<info type="Linux" distrib="Fedora" release="6|7" updated="True"/>
</regexp>
<!-- Apache: Red Hat -->
@ -116,11 +116,11 @@
</regexp>
<regexp value="Apache/1.3.27 \(Unix\) \(Red-Hat/Linux\)">
<info type="Linux" distrib="Red Hat" release="7.1 or 7.2 or 7.3" updated="True"/>
<info type="Linux" distrib="Red Hat" release="7.1|7.2|7.3" updated="True"/>
</regexp>
<regexp value="Apache/2.0.40 \(Red Hat Linux\)">
<info type="Linux" distrib="Red Hat" release="8.0 or 9"/>
<info type="Linux" distrib="Red Hat" release="8.0|9"/>
</regexp>
<regexp value="Apache/1.3.22 \(Unix\) \(Red-Hat/Linux\)">
@ -197,7 +197,7 @@
</regexp>
<regexp value="Apache/2.0.55 \(Ubuntu\)">
<info type="Linux" distrib="Ubuntu" release="6.06 or 6.10"/>
<info type="Linux" distrib="Ubuntu" release="6.06|6.10"/>
</regexp>
<regexp value="Apache/2.2.3 \(Ubuntu\)">
@ -224,7 +224,7 @@
</regexp>
<regexp value="Apache/1.3.9 \(Unix\)\s+\(NetRevolution Advanced Server/Linux-Mandrake\)">
<info type="Linux" distrib="Mandrake" release="6.1 or 7.0"/>
<info type="Linux" distrib="Mandrake" release="6.1|7.0"/>
</regexp>
<regexp value="Apache-AdvancedExtranetServer/1.3.12 \(NetRevolution/Linux-Mandrake\)">
@ -264,7 +264,7 @@
</regexp>
<regexp value="Apache-AdvancedExtranetServer/2.0.47 \(Mandrake Linux/">
<info type="Linux" distrib="Mandrake" release="9.1 or 9.2"/>
<info type="Linux" distrib="Mandrake" release="9.1|9.2"/>
</regexp>
<regexp value="Apache-AdvancedExtranetServer/1.3.29 \(Mandrake Linux/">
@ -280,7 +280,7 @@
</regexp>
<regexp value="Apache-AdvancedExtranetServer/2.0.50 \(Mandrake Linux/">
<info type="Linux" distrib="Mandrake" release="10.0 or 10.1"/>
<info type="Linux" distrib="Mandrake" release="10.0|10.1"/>
</regexp>
<regexp value="Apache-AdvancedExtranetServer/2.0.53 \(Mandriva Linux/">
@ -308,7 +308,7 @@
<regexp value="Apache/1.3.12 \(Unix\) \(SuSE/Linux\)">
<info technology="operating-system.type" type="str" value="Linux"/>
<info type="Linux" distrib="SuSE" release="6.4 or 7.0"/>
<info type="Linux" distrib="SuSE" release="6.4|7.0"/>
</regexp>
<regexp value="Apache/1.3.17 \(Unix\) \(SuSE/Linux\)">

8
xml/banner/x-powered-by.xml
View File

@ -9,15 +9,15 @@
<info technology="JSP" tech_version="1"/>
</regexp>
<regexp value="ASP">
<info technology="ASP" type="Windows" distrib="2000|XP|2003|2008|Vista"/>
<regexp value="ASP[\/]*$">
<info technology="ASP" type="Windows"/>
</regexp>
<regexp value="ASP\.NET">
<info technology="ASP.NET" type="Windows" distrib="2000|XP|2003|2008|Vista"/>
<info technology="ASP.NET" type="Windows"/>
</regexp>
<regexp value="(JBoss|Servlet|Tomcat)[\-\_\/\ ]([\d\.]+)">
<regexp value="(JBoss|Servlet|Tomcat)[\-\_\/\ ]*([\d\.]+)">
<info technology="Tomcat" tech_version="2"/>
</regexp>
</root>