From 887adfcf10ce559a4bbcc7b768dd70ac8c00e46a Mon Sep 17 00:00:00 2001 From: Bernardo Damele Date: Wed, 9 Jun 2010 21:43:22 +0000 Subject: [PATCH] Minor adjustments to extra/ libraries --- doc/THANKS | 3 ++ extra/cloak/__init__.py | 30 +++++++------ extra/cloak/cloak.py | 3 +- extra/msfauxmod/{wmap_sqlmap.rb => sqlmap.rb} | 42 ++++++++++++------- 4 files changed, 44 insertions(+), 34 deletions(-) rename extra/msfauxmod/{wmap_sqlmap.rb => sqlmap.rb} (76%) diff --git a/doc/THANKS b/doc/THANKS index 8c2cbff1c..f5059f0fb 100644 --- a/doc/THANKS +++ b/doc/THANKS @@ -116,6 +116,9 @@ Davide Guerri David Guimaraes for reporting a few bugs +Chris Hall + for coding the prettyprint.py library + Kristian Erik Hermansen for reporting a bug for donating to sqlmap development diff --git a/extra/cloak/__init__.py b/extra/cloak/__init__.py index c0c019e4b..179c50316 100755 --- a/extra/cloak/__init__.py +++ b/extra/cloak/__init__.py @@ -1,25 +1,23 @@ #!/usr/bin/env python """ -$Id$ +cloak.py - Simple file encryption/compression utility +Copyright (C) 2010 Miroslav Stampar, Bernardo Damele A. G. +email(s): miroslav.stampar@gmail.com, bernardo.damele@gmail.com -This file is part of the sqlmap project, http://sqlmap.sourceforge.net. +This library is free software; you can redistribute it and/or +modify it under the terms of the GNU Lesser General Public +License as published by the Free Software Foundation; either +version 2.1 of the License, or (at your option) any later version. -Copyright (c) 2007-2010 Bernardo Damele A. G. -Copyright (c) 2006 Daniele Bellucci +This library is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +Lesser General Public License for more details. -sqlmap is free software; you can redistribute it and/or modify it under -the terms of the GNU General Public License as published by the Free -Software Foundation version 2 of the License. - -sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY -WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS -FOR A PARTICULAR PURPOSE. See the GNU General Public License for more -details. - -You should have received a copy of the GNU General Public License along -with sqlmap; if not, write to the Free Software Foundation, Inc., 51 -Franklin St, Fifth Floor, Boston, MA 02110-1301 USA +You should have received a copy of the GNU Lesser General Public +License along with this library; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA """ pass diff --git a/extra/cloak/cloak.py b/extra/cloak/cloak.py index 24ddc68b2..9d1222e2e 100755 --- a/extra/cloak/cloak.py +++ b/extra/cloak/cloak.py @@ -88,6 +88,5 @@ def main(): sys.stdout.write(data) sys.stdout.close() - if __name__ == '__main__': - main() \ No newline at end of file + main() diff --git a/extra/msfauxmod/wmap_sqlmap.rb b/extra/msfauxmod/sqlmap.rb similarity index 76% rename from extra/msfauxmod/wmap_sqlmap.rb rename to extra/msfauxmod/sqlmap.rb index dc0050fd2..ad6b19ff8 100644 --- a/extra/msfauxmod/wmap_sqlmap.rb +++ b/extra/msfauxmod/sqlmap.rb @@ -1,5 +1,15 @@ -require 'msf/core' +## +# $Id$ +## +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# Framework web site for more information on licensing and terms of use. +# http://metasploit.com/framework/ +## + +require 'msf/core' class Metasploit3 < Msf::Auxiliary @@ -7,12 +17,11 @@ class Metasploit3 < Msf::Auxiliary include Msf::Auxiliary::WMAPScanUniqueQuery include Msf::Auxiliary::Scanner - def initialize(info = {}) - super(update_info(info, + super(update_info(info, 'Name' => 'SQLMAP SQL Injection External Module', 'Description' => %q{ - This module launch a sqlmap session. + This module launch a sqlmap session. sqlmap is an automatic SQL injection tool developed in Python. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one @@ -25,27 +34,27 @@ class Metasploit3 < Msf::Auxiliary statement, read specific files on the file system and much more. }, - 'Author' => [ 'bernardo.damele [at] gmail.com', 'daniele.bellucci [at] gmail.com' ], + 'Author' => [ 'Bernardo Damele A. G. ' ], 'License' => BSD_LICENSE, - 'Version' => '$Revision$', + 'Version' => '$Revision: 9212 $', 'References' => [ ['URL', 'http://sqlmap.sourceforge.net'], ] )) - + register_options( [ OptString.new('METHOD', [ true, "HTTP Method", 'GET' ]), OptString.new('PATH', [ true, "The path/file to test for SQL injection", 'index.php' ]), OptString.new('QUERY', [ false, "HTTP GET query", 'id=1' ]), - OptString.new('BODY', [ false, "The data string to be sent through POST", '' ]), + OptString.new('DATA', [ false, "The data string to be sent through POST", '' ]), OptString.new('OPTS', [ false, "The sqlmap options to use", ' ' ]), - OptPath.new('SQLMAP_PATH', [ true, "The sqlmap >= 0.6.1 full path ", '/sqlmap/sqlmap.py' ]), + OptPath.new('SQLMAP_PATH', [ true, "The sqlmap >= 0.6.1 full path ", '/sqlmap/sqlmap.py' ]), OptBool.new('BATCH', [ true, "Never ask for user input, use the default behaviour", true ]) ], self.class) end - + # Modify to true if you have sqlmap installed. def wmap_enabled false @@ -53,20 +62,20 @@ class Metasploit3 < Msf::Auxiliary # Test a single host def run_host(ip) - - sqlmap = datastore['SQLMAP_PATH'] - + + sqlmap = datastore['SQLMAP_PATH'] + if not sqlmap print_error("The sqlmap script could not be found") return end - data = datastore['BODY'] + data = datastore['DATA'] method = datastore['METHOD'].upcase sqlmap_url = (datastore['SSL'] ? "https" : "http") - sqlmap_url += "://" + self.target_host + ":" + datastore['RPORT'] - sqlmap_url += "/" + datastore['PATH'] + sqlmap_url += "://" + wmap_target_host + ":" + wmap_target_port + sqlmap_url += "/" + datastore['PATH'] if method == "GET" sqlmap_url += '?' + datastore['QUERY'] @@ -93,3 +102,4 @@ class Metasploit3 < Msf::Auxiliary end end +