diff --git a/lib/core/option.py b/lib/core/option.py index fdf43eadf..536c3b76b 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -413,14 +413,14 @@ def _doSearch(): else: conf.googlePage += 1 -def _setBulkMultipleTargets(): - if not conf.bulkFile: - return +def _setStdinPipeTargets(): + if isinstance(conf.stdinPipe, collections.Iterable): + infoMsg = "using 'STDIN' for parsing targets list" + logger.info(infoMsg) - if isinstance(conf.bulkFile, collections.Iterable): class _(object): def __init__(self): - self.__rest = set() + self.__rest = OrderedSet() def __iter__(self): return self @@ -429,43 +429,47 @@ def _setBulkMultipleTargets(): return self.next() def next(self): - line = next(conf.bulkFile) + line = next(conf.stdinPipe) if line: - match = re.search(r"\bhttps?://[^\s'\"]+", line, re.I) + match = re.search(r"\b(https?://[^\s'\"]+|[\w.]+\.\w{2,3}[/\w+]*\?[^\s'\"]+)", line, re.I) if match: return (match.group(0), conf.method, conf.data, conf.cookie, None) elif self.__rest: return self.__rest.pop() - else: - raise StopIteration() + + raise StopIteration() def add(self, elem): self.__rest.add(elem) kb.targets = _() - else: - conf.bulkFile = safeExpandUser(conf.bulkFile) - infoMsg = "parsing multiple targets list from '%s'" % conf.bulkFile - logger.info(infoMsg) +def _setBulkMultipleTargets(): + if not conf.bulkFile: + return - if not checkFile(conf.bulkFile, False): - errMsg = "the specified bulk file " - errMsg += "does not exist" - raise SqlmapFilePathException(errMsg) + conf.bulkFile = safeExpandUser(conf.bulkFile) - found = False - for line in getFileItems(conf.bulkFile): - if conf.scope and not re.search(conf.scope, line, re.I): - continue + infoMsg = "parsing multiple targets list from '%s'" % conf.bulkFile + logger.info(infoMsg) - if re.match(r"[^ ]+\?(.+)", line, re.I) or kb.customInjectionMark in line: - found = True - kb.targets.add((line.strip(), conf.method, conf.data, conf.cookie, None)) + if not checkFile(conf.bulkFile, False): + errMsg = "the specified bulk file " + errMsg += "does not exist" + raise SqlmapFilePathException(errMsg) - if not found and not conf.forms and not conf.crawlDepth: - warnMsg = "no usable links found (with GET parameters)" - logger.warn(warnMsg) + found = False + for line in getFileItems(conf.bulkFile): + if conf.scope and not re.search(conf.scope, line, re.I): + continue + + if re.match(r"[^ ]+\?(.+)", line, re.I) or kb.customInjectionMark in line: + found = True + kb.targets.add((line.strip(), conf.method, conf.data, conf.cookie, None)) + + if not found and not conf.forms and not conf.crawlDepth: + warnMsg = "no usable links found (with GET parameters)" + logger.warn(warnMsg) def _findPageForms(): if not conf.forms or conf.crawlDepth: @@ -2802,7 +2806,7 @@ def init(): parseTargetDirect() - if any((conf.url, conf.logFile, conf.bulkFile, conf.requestFile, conf.googleDork)): + if any((conf.url, conf.logFile, conf.bulkFile, conf.requestFile, conf.googleDork, conf.stdinPipe)): _setHostname() _setHTTPTimeout() _setHTTPExtraHeaders() @@ -2816,6 +2820,7 @@ def init(): _setSocketPreConnect() _setSafeVisit() _doSearch() + _setStdinPipeTargets() _setBulkMultipleTargets() _checkTor() _setCrawler() diff --git a/lib/core/settings.py b/lib/core/settings.py index 450eec110..fe852df3b 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -18,7 +18,7 @@ from lib.core.enums import OS from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.4.10.9" +VERSION = "1.4.10.10" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index f96ec0853..a198a300b 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -803,6 +803,9 @@ def cmdLineParser(argv=None): parser.add_argument("--smoke-test", dest="smokeTest", action="store_true", help=SUPPRESS) + parser.add_argument("--stdin-pipe", dest="stdinPipe", + help=SUPPRESS) + parser.add_argument("--vuln-test", dest="vulnTest", action="store_true", help=SUPPRESS) @@ -1036,9 +1039,9 @@ def cmdLineParser(argv=None): args.url = args.url or DUMMY_URL if hasattr(sys.stdin, "fileno") and not os.isatty(sys.stdin.fileno()) and '-' not in sys.argv: - args.bulkFile = iter(sys.stdin.readline, None) + args.stdinPipe = iter(sys.stdin.readline, None) - if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, args.requestFile, args.updateAll, args.smokeTest, args.vulnTest, args.bedTest, args.fuzzTest, args.wizard, args.dependencies, args.purge, args.listTampers, args.hashFile)): + if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, args.requestFile, args.updateAll, args.smokeTest, args.vulnTest, args.bedTest, args.fuzzTest, args.wizard, args.dependencies, args.purge, args.listTampers, args.hashFile, args.stdinPipe)): errMsg = "missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, --list-tampers, --wizard, --update, --purge or --dependencies). " errMsg += "Use -h for basic and -hh for advanced help\n" parser.error(errMsg)