diff --git a/extra/safe2bin/README.txt b/extra/safe2bin/README.txt deleted file mode 100644 index 06400d6ea..000000000 --- a/extra/safe2bin/README.txt +++ /dev/null @@ -1,17 +0,0 @@ -To use safe2bin.py you need to pass it the original file, -and optionally the output file name. - -Example: - -$ python ./safe2bin.py -i output.txt -o output.txt.bin - -This will create an binary decoded file output.txt.bin. For example, -if the content of output.txt is: "\ttest\t\x32\x33\x34\nnewline" it will -be decoded to: " test 234 -newline" - -If you skip the output file name, general rule is that the binary -file names are suffixed with the string '.bin'. So, that means that -the upper example can also be written in the following form: - -$ python ./safe2bin.py -i output.txt diff --git a/extra/safe2bin/__init__.py b/extra/safe2bin/__init__.py deleted file mode 100644 index c654cbef7..000000000 --- a/extra/safe2bin/__init__.py +++ /dev/null @@ -1,8 +0,0 @@ -#!/usr/bin/env python - -""" -Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) -See the file 'LICENSE' for copying permission -""" - -pass diff --git a/lib/core/common.py b/lib/core/common.py index 30e472d05..7da5064b8 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -46,7 +46,6 @@ from xml.sax import SAXParseException from extra.beep.beep import beep from extra.cloak.cloak import decloak -from extra.safe2bin.safe2bin import safecharencode from lib.core.bigarray import BigArray from lib.core.compat import cmp from lib.core.compat import round @@ -180,6 +179,7 @@ from lib.core.settings import VERSION_STRING from lib.core.settings import ZIP_HEADER from lib.core.settings import WEBSCARAB_SPLITTER from lib.core.threads import getCurrentThreadData +from lib.utils.safe2bin import safecharencode from lib.utils.sqlalchemy import _sqlalchemy from thirdparty import six from thirdparty.clientform.clientform import ParseResponse diff --git a/lib/core/dump.py b/lib/core/dump.py index 846c445bd..4988f103e 100644 --- a/lib/core/dump.py +++ b/lib/core/dump.py @@ -13,7 +13,6 @@ import shutil import tempfile import threading -from extra.safe2bin.safe2bin import safechardecode from lib.core.common import Backend from lib.core.common import checkFile from lib.core.common import dataToDumpFile @@ -53,6 +52,7 @@ from lib.core.settings import UNICODE_ENCODING from lib.core.settings import UNSAFE_DUMP_FILEPATH_REPLACEMENT from lib.core.settings import VERSION_STRING from lib.core.settings import WINDOWS_RESERVED_NAMES +from lib.utils.safe2bin import safechardecode from thirdparty import six from thirdparty.magic import magic diff --git a/lib/core/replication.py b/lib/core/replication.py index e68710618..d0a1a3d1e 100644 --- a/lib/core/replication.py +++ b/lib/core/replication.py @@ -7,13 +7,13 @@ See the file 'LICENSE' for copying permission import sqlite3 -from extra.safe2bin.safe2bin import safechardecode from lib.core.common import getSafeExString from lib.core.common import unsafeSQLIdentificatorNaming from lib.core.exception import SqlmapConnectionException from lib.core.exception import SqlmapGenericException from lib.core.exception import SqlmapValueException from lib.core.settings import UNICODE_ENCODING +from lib.utils.safe2bin import safechardecode class Replication(object): """ diff --git a/lib/core/settings.py b/lib/core/settings.py index 2e3a23602..7f0cb6dfc 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -18,7 +18,7 @@ from lib.core.enums import OS from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.3.9.8" +VERSION = "1.3.9.9" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/connect.py b/lib/request/connect.py index bf455f2ed..4f9593fa6 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -22,7 +22,6 @@ except ImportError: class WebSocketException(Exception): pass -from extra.safe2bin.safe2bin import safecharencode from lib.core.agent import agent from lib.core.common import asciifyUrl from lib.core.common import calculateDeltaSeconds @@ -125,6 +124,7 @@ from lib.request.basic import processResponse from lib.request.comparison import comparison from lib.request.direct import direct from lib.request.methodrequest import MethodRequest +from lib.utils.safe2bin import safecharencode from thirdparty import six from thirdparty.odict import OrderedDict from thirdparty.six import unichr as _unichr diff --git a/lib/request/direct.py b/lib/request/direct.py index 14c5e1c0b..b107cb599 100644 --- a/lib/request/direct.py +++ b/lib/request/direct.py @@ -7,7 +7,6 @@ See the file 'LICENSE' for copying permission import time -from extra.safe2bin.safe2bin import safecharencode from lib.core.agent import agent from lib.core.common import Backend from lib.core.common import calculateDeltaSeconds @@ -26,6 +25,7 @@ from lib.core.enums import DBMS from lib.core.enums import EXPECTED from lib.core.enums import TIMEOUT_STATE from lib.core.settings import UNICODE_ENCODING +from lib.utils.safe2bin import safecharencode from lib.utils.timeout import timeout def direct(query, content=True): diff --git a/lib/takeover/abstraction.py b/lib/takeover/abstraction.py index ffcd5d89f..d4c2b4c51 100644 --- a/lib/takeover/abstraction.py +++ b/lib/takeover/abstraction.py @@ -9,7 +9,6 @@ from __future__ import print_function import sys -from extra.safe2bin.safe2bin import safechardecode from lib.core.common import Backend from lib.core.common import dataToStdout from lib.core.common import getSQLSnippet @@ -28,6 +27,7 @@ from lib.request import inject from lib.takeover.udf import UDF from lib.takeover.web import Web from lib.takeover.xp_cmdshell import XP_cmdshell +from lib.utils.safe2bin import safechardecode from thirdparty.six.moves import input as _input class Abstraction(Web, UDF, XP_cmdshell): diff --git a/lib/techniques/blind/inference.py b/lib/techniques/blind/inference.py index 85dc3629a..cd6289b88 100644 --- a/lib/techniques/blind/inference.py +++ b/lib/techniques/blind/inference.py @@ -10,7 +10,6 @@ from __future__ import division import re import time -from extra.safe2bin.safe2bin import safecharencode from lib.core.agent import agent from lib.core.common import Backend from lib.core.common import calculateDeltaSeconds @@ -58,6 +57,7 @@ from lib.core.threads import runThreads from lib.core.unescaper import unescaper from lib.request.connect import Connect as Request from lib.utils.progress import ProgressBar +from lib.utils.safe2bin import safecharencode from lib.utils.xrange import xrange def bisection(payload, expression, length=None, charsetType=None, firstChar=None, lastChar=None, dump=False): diff --git a/lib/techniques/dns/use.py b/lib/techniques/dns/use.py index 1e9bde529..bca5594b8 100644 --- a/lib/techniques/dns/use.py +++ b/lib/techniques/dns/use.py @@ -8,7 +8,6 @@ See the file 'LICENSE' for copying permission import re import time -from extra.safe2bin.safe2bin import safecharencode from lib.core.agent import agent from lib.core.common import Backend from lib.core.common import calculateDeltaSeconds @@ -33,6 +32,7 @@ from lib.core.settings import MAX_DNS_LABEL from lib.core.settings import PARTIAL_VALUE_MARKER from lib.core.unescaper import unescaper from lib.request.connect import Connect as Request +from lib.utils.safe2bin import safecharencode def dnsUse(payload, expression): """ diff --git a/lib/techniques/error/use.py b/lib/techniques/error/use.py index 478aa86ae..783a2e952 100644 --- a/lib/techniques/error/use.py +++ b/lib/techniques/error/use.py @@ -10,7 +10,6 @@ from __future__ import print_function import re import time -from extra.safe2bin.safe2bin import safecharencode from lib.core.agent import agent from lib.core.bigarray import BigArray from lib.core.common import Backend @@ -60,6 +59,7 @@ from lib.core.threads import runThreads from lib.core.unescaper import unescaper from lib.request.connect import Connect as Request from lib.utils.progress import ProgressBar +from lib.utils.safe2bin import safecharencode from thirdparty import six def _oneShotErrorUse(expression, field=None, chunkTest=False): diff --git a/lib/techniques/union/use.py b/lib/techniques/union/use.py index 640c66874..6df868628 100644 --- a/lib/techniques/union/use.py +++ b/lib/techniques/union/use.py @@ -10,7 +10,6 @@ import re import time import xml.etree.ElementTree -from extra.safe2bin.safe2bin import safecharencode from lib.core.agent import agent from lib.core.bigarray import BigArray from lib.core.common import arrayizeValue @@ -62,6 +61,7 @@ from lib.core.threads import runThreads from lib.core.unescaper import unescaper from lib.request.connect import Connect as Request from lib.utils.progress import ProgressBar +from lib.utils.safe2bin import safecharencode from thirdparty import six from thirdparty.odict import OrderedDict diff --git a/lib/utils/pivotdumptable.py b/lib/utils/pivotdumptable.py index 74a4feba9..27774ad3f 100644 --- a/lib/utils/pivotdumptable.py +++ b/lib/utils/pivotdumptable.py @@ -7,7 +7,6 @@ See the file 'LICENSE' for copying permission import re -from extra.safe2bin.safe2bin import safechardecode from lib.core.agent import agent from lib.core.bigarray import BigArray from lib.core.common import Backend @@ -33,6 +32,7 @@ from lib.core.settings import MAX_INT from lib.core.settings import NULL from lib.core.unescaper import unescaper from lib.request import inject +from lib.utils.safe2bin import safechardecode from thirdparty.six import unichr as _unichr def pivotDumpTable(table, colList, count=None, blind=True, alias=None): diff --git a/extra/safe2bin/safe2bin.py b/lib/utils/safe2bin.py similarity index 71% rename from extra/safe2bin/safe2bin.py rename to lib/utils/safe2bin.py index 7fbf7cf69..b8e7d1482 100644 --- a/extra/safe2bin/safe2bin.py +++ b/lib/utils/safe2bin.py @@ -1,23 +1,15 @@ #!/usr/bin/env python """ -safe2bin.py - Simple safe(hex) to binary format converter - Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ -from __future__ import print_function - import binascii import re import string -import os import sys -from optparse import OptionError -from optparse import OptionParser - if sys.version_info >= (3, 0): xrange = range text_type = str @@ -49,10 +41,10 @@ def safecharencode(value): """ Returns safe representation of a given basestring value - >>> safecharencode(u'test123') - u'test123' - >>> safecharencode(u'test\x01\x02\xff') - u'test\\01\\02\\03\\ff' + >>> safecharencode(u'test123') == u'test123' + True + >>> safecharencode(u'test\x01\x02\xaf') == u'test\\\\x01\\\\x02\\xaf' + True """ retVal = value @@ -107,37 +99,3 @@ def safechardecode(value, binary=False): retVal[i] = safechardecode(value[i]) return retVal - -def main(): - usage = '%s -i [-o ]' % sys.argv[0] - parser = OptionParser(usage=usage, version='0.1') - - try: - parser.add_option('-i', dest='inputFile', help='Input file') - parser.add_option('-o', dest='outputFile', help='Output file') - - (args, _) = parser.parse_args() - - if not args.inputFile: - parser.error('Missing the input file, -h for help') - - except (OptionError, TypeError) as ex: - parser.error(ex) - - if not os.path.isfile(args.inputFile): - print('ERROR: the provided input file \'%s\' is not a regular file' % args.inputFile) - sys.exit(1) - - f = open(args.inputFile, 'r') - data = f.read() - f.close() - - if not args.outputFile: - args.outputFile = args.inputFile + '.bin' - - f = open(args.outputFile, 'wb') - f.write(safechardecode(data)) - f.close() - -if __name__ == '__main__': - main()