sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-01-24 08:14:24 +03:00
Code Issues Packages Projects Releases Wiki Activity

minor refactoring and comment update

Browse Source
This commit is contained in:
Miroslav Stampar 2011-03-29 12:08:07 +00:00
parent 1821a008af
commit 7cf4ba83dc
2 changed files with 13 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
lib/core/settings.py
View File

@ -211,14 +211,17 @@ SQL_STATEMENTS = {
"rollback ", ),
}
# Regular expressions used for parsing error messages (--parse-errors)
ERROR_PARSING_REGEXES = (
r"<b>[^<]*(fatal|error|warning|exception)[^<]*</b>:?\s*(?P<result>.+?)<br\s*/?\s*>",
r"<li>Error Type:<br>(?P<result>.+?)</li>",
r"error '[0-9a-f]{8}'((<[^>]+>)|\s)+(?P<result>[^<>]+)"
)
# Regular expression used for parsing charset info from meta html headers
META_CHARSET_REGEX = r'<meta http-equiv="?content-type"?[^>]+charset=(?P<result>[^">]+)'
# Regular expression used for parsing empty fields in tested form data
EMPTY_FORM_FIELDS_REGEX = r'(?P<result>[^=]+=(&|\Z))'
# Reference: http://www.cs.ru.nl/bachelorscripties/2010/Martin_Devillers___0437999___Analyzing_password_strength.pdf
@ -281,4 +284,8 @@ URLENCODE_FAILSAFE_CHARS = '()|,'
# maximum length of urlencoded value after which failsafe procedure takes away
URLENCODE_CHAR_LIMIT = 4000
DEFAULT_MSSQL_SCHEMA = 'dbo'
# default schema for Microsoft SQL Server DBMS
DEFAULT_MSSQL_SCHEMA = 'dbo'
# display hash attack info every mod number of items
HASH_MOD_ITEM_DISPLAY = 1117

7
lib/utils/hash.py
View File

@ -42,6 +42,7 @@ from lib.core.enums import HASH
from lib.core.exception import sqlmapUserQuitException
from lib.core.settings import COMMON_PASSWORD_SUFFIXES
from lib.core.settings import DUMMY_USER_PREFIX
from lib.core.settings import HASH_MOD_ITEM_DISPLAY
from lib.core.settings import IS_WIN
from lib.core.settings import LIST_EMAIL
from lib.core.settings import UNICODE_ENCODING
@ -422,11 +423,12 @@ def dictionaryAttack(attack_dict):
attack_info.remove(item)
elif count % 1117 == 0 or count == length or hash_regex in (HASH.ORACLE_OLD) or hash_regex == HASH.CRYPT_GENERIC and IS_WIN:
elif count % HASH_MOD_ITEM_DISPLAY == 0 or count == length or hash_regex in (HASH.ORACLE_OLD) or hash_regex == HASH.CRYPT_GENERIC and IS_WIN:
status = '%d/%d words (%d%s)' % (count, length, round(100.0*count/length), '%')
dataToStdout("\r[%s] [INFO] %s" % (time.strftime("%X"), status))
except KeyboardInterrupt:
print
warnMsg = "Ctrl+C detected in dictionary attack phase"
logger.warn(warnMsg)
return results
@ -472,13 +474,14 @@ def dictionaryAttack(attack_dict):
found = True
break
elif count % 1117 == 0 or count == length or hash_regex in (HASH.ORACLE_OLD) or hash_regex == HASH.CRYPT_GENERIC and IS_WIN:
elif count % HASH_MOD_ITEM_DISPLAY == 0 or count == length or hash_regex in (HASH.ORACLE_OLD) or hash_regex == HASH.CRYPT_GENERIC and IS_WIN:
status = '%d/%d words (%d%s)' % (count, length, round(100.0*count/length), '%')
if not user.startswith(DUMMY_USER_PREFIX):
status += ' (user: %s)' % user
dataToStdout("\r[%s] [INFO] %s" % (time.strftime("%X"), status))
except KeyboardInterrupt:
print
warnMsg = "Ctrl+C detected in dictionary attack phase"
logger.warn(warnMsg)
return results