From 828140cb88e9c80f864470cb4fe7c17e01c5a3ef Mon Sep 17 00:00:00 2001 From: Levi Gross Date: Wed, 5 Dec 2012 15:41:12 -0500 Subject: [PATCH] Fixed import style Signed-off-by: Levi Gross --- .gitignore | 1 + lib/__init__.py | 2 - lib/controller/checks.py | 63 +-- lib/controller/controller.py | 62 +-- lib/controller/handler.py | 15 +- lib/core/__init__.py | 1 - lib/core/agent.py | 28 +- lib/core/common.py | 116 ++--- lib/core/convert.py | 12 +- lib/core/dicts.py | 327 +++++++------- lib/core/dump.py | 29 +- lib/core/enums.py | 107 +++-- lib/core/exception.py | 54 ++- lib/core/htmlentities.py | 386 ++++++++-------- lib/core/log.py | 2 +- lib/core/option.py | 116 +---- lib/core/optiondict.py | 370 +++++++-------- lib/core/progress.py | 5 +- lib/core/readlineng.py | 3 +- lib/core/replication.py | 4 +- lib/core/revision.py | 3 +- lib/core/session.py | 17 +- lib/core/settings.py | 127 +++--- lib/core/shell.py | 3 +- lib/core/target.py | 50 +-- lib/core/testing.py | 12 +- lib/core/threads.py | 11 +- lib/core/unescaper.py | 1 - lib/core/update.py | 9 +- lib/core/xmldump.py | 66 ++- lib/parse/__init__.py | 1 - lib/parse/banner.py | 8 +- lib/parse/cmdline.py | 573 ++++++++++++------------ lib/parse/configfile.py | 11 +- lib/parse/headers.py | 12 +- lib/parse/html.py | 1 + lib/parse/payloads.py | 5 +- lib/request/__init__.py | 2 - lib/request/basic.py | 9 +- lib/request/basicauthhandler.py | 14 +- lib/request/certhandler.py | 2 + lib/request/comparison.py | 26 +- lib/request/connect.py | 191 ++++---- lib/request/direct.py | 17 +- lib/request/dns.py | 2 - lib/request/inject.py | 41 +- lib/request/rangehandler.py | 2 +- lib/request/redirecthandler.py | 15 +- lib/takeover/abstraction.py | 22 +- lib/takeover/icmpsh.py | 13 +- lib/takeover/metasploit.py | 134 +++--- lib/takeover/registry.py | 18 +- lib/takeover/udf.py | 24 +- lib/takeover/web.py | 41 +- lib/takeover/xp_cmdshell.py | 28 +- lib/techniques/__init__.py | 1 - lib/techniques/blind/__init__.py | 1 - lib/techniques/blind/inference.py | 45 +- lib/techniques/brute/__init__.py | 1 - lib/techniques/brute/use.py | 37 +- lib/techniques/dns/__init__.py | 1 - lib/techniques/dns/test.py | 7 +- lib/techniques/dns/use.py | 16 +- lib/techniques/error/__init__.py | 1 - lib/techniques/error/use.py | 36 +- lib/techniques/union/use.py | 38 +- lib/utils/checkpayload.py | 20 +- lib/utils/crawler.py | 12 +- lib/utils/google.py | 19 +- lib/utils/hash.py | 45 +- lib/utils/hashdb.py | 11 +- lib/utils/pivotdumptable.py | 20 +- plugins/__init__.py | 2 - plugins/dbms/__init__.py | 1 - plugins/dbms/access/connector.py | 2 +- plugins/dbms/access/fingerprint.py | 27 +- plugins/dbms/db2/connector.py | 3 +- plugins/dbms/db2/enumeration.py | 7 +- plugins/dbms/db2/fingerprint.py | 11 +- plugins/dbms/firebird/fingerprint.py | 14 +- plugins/dbms/maxdb/fingerprint.py | 4 +- plugins/dbms/mssqlserver/enumeration.py | 20 +- plugins/dbms/mssqlserver/filesystem.py | 18 +- plugins/dbms/mssqlserver/fingerprint.py | 12 +- plugins/dbms/mysql/__init__.py | 10 +- plugins/dbms/mysql/connector.py | 5 +- plugins/dbms/mysql/filesystem.py | 14 +- plugins/dbms/mysql/fingerprint.py | 34 +- plugins/dbms/mysql/takeover.py | 17 +- plugins/dbms/oracle/connector.py | 3 +- plugins/dbms/oracle/enumeration.py | 26 +- plugins/dbms/oracle/fingerprint.py | 7 +- plugins/dbms/postgresql/connector.py | 2 +- plugins/dbms/postgresql/filesystem.py | 3 +- plugins/dbms/postgresql/fingerprint.py | 15 +- plugins/dbms/postgresql/takeover.py | 4 +- plugins/dbms/sqlite/connector.py | 8 +- plugins/dbms/sqlite/fingerprint.py | 10 +- plugins/dbms/sybase/connector.py | 3 +- plugins/dbms/sybase/enumeration.py | 15 +- plugins/dbms/sybase/fingerprint.py | 14 +- plugins/generic/__init__.py | 2 - plugins/generic/connector.py | 10 +- plugins/generic/custom.py | 12 +- plugins/generic/databases.py | 39 +- plugins/generic/entries.py | 41 +- plugins/generic/enumeration.py | 8 +- plugins/generic/filesystem.py | 19 +- plugins/generic/misc.py | 25 +- plugins/generic/search.py | 29 +- plugins/generic/takeover.py | 20 +- plugins/generic/users.py | 38 +- tamper/__init__.py | 1 - tamper/appendnullbyte.py | 1 + tamper/base64encode.py | 1 + tamper/between.py | 7 +- tamper/charunicodeencode.py | 9 +- tamper/equaltolike.py | 7 +- tamper/halfversionedmorekeywords.py | 7 +- tamper/modsecurityversioned.py | 4 +- tamper/modsecurityzeroversioned.py | 1 + tamper/multiplespaces.py | 6 +- tamper/percentage.py | 9 +- tamper/randomcase.py | 5 +- tamper/randomcomments.py | 4 +- tamper/securesphere.py | 3 +- tamper/sp_password.py | 3 +- tamper/space2comment.py | 3 +- tamper/space2dash.py | 5 +- tamper/space2hash.py | 9 +- tamper/space2morehash.py | 17 +- tamper/space2mssqlblank.py | 10 +- tamper/space2mssqlhash.py | 2 +- tamper/space2mysqlblank.py | 7 +- tamper/space2mysqldash.py | 9 +- tamper/unionalltounion.py | 3 +- tamper/unmagicquotes.py | 1 + tamper/versionedkeywords.py | 7 +- tamper/versionedmorekeywords.py | 7 +- 139 files changed, 1715 insertions(+), 2512 deletions(-) diff --git a/.gitignore b/.gitignore index 94eac32d7..9dcd567f7 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ *.py[cod] output/ .sqlmap_history +.idea/ diff --git a/lib/__init__.py b/lib/__init__.py index 72630d2e8..203dd12d1 100644 --- a/lib/__init__.py +++ b/lib/__init__.py @@ -4,5 +4,3 @@ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ - -pass diff --git a/lib/controller/checks.py b/lib/controller/checks.py index a1ea26434..e11a6738c 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -13,54 +13,21 @@ import socket import time from lib.core.agent import agent -from lib.core.common import arrayizeValue -from lib.core.common import Backend -from lib.core.common import beep -from lib.core.common import extractRegexResult -from lib.core.common import extractTextTagContent -from lib.core.common import findDynamicContent -from lib.core.common import Format -from lib.core.common import getComparePageRatio -from lib.core.common import getLastRequestHTTPError -from lib.core.common import getSortedInjectionTests -from lib.core.common import getUnicode -from lib.core.common import intersect -from lib.core.common import listToStrValue -from lib.core.common import parseFilePaths -from lib.core.common import popValue -from lib.core.common import pushValue -from lib.core.common import randomInt -from lib.core.common import randomStr -from lib.core.common import readInput -from lib.core.common import showStaticWords -from lib.core.common import singleTimeLogMessage -from lib.core.common import singleTimeWarnMessage -from lib.core.common import wasLastRequestDBMSError -from lib.core.common import wasLastRequestHTTPError -from lib.core.data import conf -from lib.core.data import kb -from lib.core.data import logger -from lib.core.data import queries -from lib.core.datatype import AttribDict -from lib.core.datatype import InjectionDict -from lib.core.enums import HEURISTIC_TEST -from lib.core.enums import HTTPHEADER -from lib.core.enums import HTTPMETHOD -from lib.core.enums import NULLCONNECTION -from lib.core.enums import PAYLOAD -from lib.core.enums import PLACE -from lib.core.exception import sqlmapConnectionException -from lib.core.exception import sqlmapNoneDataException -from lib.core.exception import sqlmapSilentQuitException -from lib.core.exception import sqlmapUserQuitException -from lib.core.settings import CONSTANT_RATIO -from lib.core.settings import FORMAT_EXCEPTION_STRINGS -from lib.core.settings import HEURISTIC_CHECK_ALPHABET -from lib.core.settings import SUHOSHIN_MAX_VALUE_LENGTH -from lib.core.settings import UNKNOWN_DBMS_VERSION -from lib.core.settings import LOWER_RATIO_BOUND -from lib.core.settings import UPPER_RATIO_BOUND -from lib.core.settings import IDS_WAF_CHECK_PAYLOAD +from lib.core.common import arrayizeValue, Backend, beep, extractRegexResult, extractTextTagContent, \ + findDynamicContent, Format, getLastRequestHTTPError, getSortedInjectionTests, getUnicode, intersect, \ + listToStrValue, parseFilePaths, popValue, pushValue, randomInt, randomStr, readInput, showStaticWords, \ + singleTimeLogMessage, singleTimeWarnMessage, wasLastRequestDBMSError, wasLastRequestHTTPError + +from lib.core.data import conf, kb, logger + +from lib.core.datatype import AttribDict, InjectionDict +from lib.core.enums import HEURISTIC_TEST, HTTPHEADER, HTTPMETHOD, NULLCONNECTION, PAYLOAD, PLACE + +from lib.core.exception import sqlmapConnectionException, sqlmapNoneDataException, sqlmapSilentQuitException ,\ + sqlmapUserQuitException +from lib.core.settings import UPPER_RATIO_BOUND, FORMAT_EXCEPTION_STRINGS, HEURISTIC_CHECK_ALPHABET, \ + SUHOSHIN_MAX_VALUE_LENGTH, UNKNOWN_DBMS_VERSION, LOWER_RATIO_BOUND, IDS_WAF_CHECK_PAYLOAD + from lib.core.threads import getCurrentThreadData from lib.request.connect import Connect as Request from lib.request.inject import checkBooleanExpression diff --git a/lib/controller/controller.py b/lib/controller/controller.py index 2a971f38a..58bbb455c 100644 --- a/lib/controller/controller.py +++ b/lib/controller/controller.py @@ -9,55 +9,21 @@ import os import re from lib.controller.action import action -from lib.controller.checks import checkSqlInjection -from lib.controller.checks import checkDynParam -from lib.controller.checks import checkStability -from lib.controller.checks import checkString -from lib.controller.checks import checkRegexp -from lib.controller.checks import checkConnection -from lib.controller.checks import checkNullConnection -from lib.controller.checks import checkWaf -from lib.controller.checks import heuristicCheckSqlInjection +from lib.controller.checks import checkSqlInjection, checkDynParam, checkStability, checkString, checkRegexp, \ + checkConnection, checkNullConnection, checkWaf, heuristicCheckSqlInjection from lib.core.agent import agent -from lib.core.common import extractRegexResult -from lib.core.common import getFilteredPageContent -from lib.core.common import getPublicTypeMembers -from lib.core.common import getUnicode -from lib.core.common import hashDBRetrieve -from lib.core.common import hashDBWrite -from lib.core.common import intersect -from lib.core.common import parseTargetUrl -from lib.core.common import randomStr -from lib.core.common import readInput -from lib.core.common import showHttpErrorCodes -from lib.core.common import urlencode -from lib.core.common import urldecode -from lib.core.data import conf -from lib.core.data import kb -from lib.core.data import logger -from lib.core.enums import HASHDB_KEYS -from lib.core.enums import HEURISTIC_TEST -from lib.core.enums import HTTPHEADER -from lib.core.enums import HTTPMETHOD -from lib.core.enums import PAYLOAD -from lib.core.enums import PLACE -from lib.core.exception import exceptionsTuple -from lib.core.exception import sqlmapNoneDataException -from lib.core.exception import sqlmapNotVulnerableException -from lib.core.exception import sqlmapSilentQuitException -from lib.core.exception import sqlmapValueException -from lib.core.exception import sqlmapUserQuitException -from lib.core.settings import ASP_NET_CONTROL_REGEX -from lib.core.settings import DEFAULT_COOKIE_DELIMITER -from lib.core.settings import DEFAULT_GET_POST_DELIMITER -from lib.core.settings import EMPTY_FORM_FIELDS_REGEX -from lib.core.settings import IGNORE_PARAMETERS -from lib.core.settings import LOW_TEXT_PERCENT -from lib.core.settings import HOST_ALIASES -from lib.core.settings import REFERER_ALIASES -from lib.core.settings import USER_AGENT_ALIASES -from lib.core.target import initTargetEnv -from lib.core.target import setupTargetEnv +from lib.core.common import extractRegexResult, getFilteredPageContent, getPublicTypeMembers, getUnicode,\ + hashDBRetrieve, hashDBWrite, intersect, parseTargetUrl, randomStr, readInput, showHttpErrorCodes, urlencode, \ + urldecode + +from lib.core.data import conf, kb, logger +from lib.core.enums import HASHDB_KEYS, HEURISTIC_TEST, HTTPMETHOD, PAYLOAD, PLACE +from lib.core.exception import exceptionsTuple, sqlmapNoneDataException, sqlmapNotVulnerableException,\ + sqlmapSilentQuitException, sqlmapValueException, sqlmapUserQuitException +from lib.core.settings import ASP_NET_CONTROL_REGEX, DEFAULT_GET_POST_DELIMITER, EMPTY_FORM_FIELDS_REGEX,\ + IGNORE_PARAMETERS, LOW_TEXT_PERCENT, HOST_ALIASES, REFERER_ALIASES, USER_AGENT_ALIASES +from lib.core.target import initTargetEnv, setupTargetEnv + from thirdparty.pagerank.pagerank import get_pagerank def __selectInjection(): diff --git a/lib/controller/handler.py b/lib/controller/handler.py index 1c3cfe042..5a6153f7f 100644 --- a/lib/controller/handler.py +++ b/lib/controller/handler.py @@ -6,18 +6,9 @@ See the file 'doc/COPYING' for copying permission """ from lib.core.common import Backend -from lib.core.data import conf -from lib.core.data import logger -from lib.core.settings import MSSQL_ALIASES -from lib.core.settings import MYSQL_ALIASES -from lib.core.settings import ORACLE_ALIASES -from lib.core.settings import PGSQL_ALIASES -from lib.core.settings import SQLITE_ALIASES -from lib.core.settings import ACCESS_ALIASES -from lib.core.settings import FIREBIRD_ALIASES -from lib.core.settings import MAXDB_ALIASES -from lib.core.settings import SYBASE_ALIASES -from lib.core.settings import DB2_ALIASES +from lib.core.data import conf, logger +from lib.core.settings import MSSQL_ALIASES, MYSQL_ALIASES, ORACLE_ALIASES, PGSQL_ALIASES, SQLITE_ALIASES,\ + ACCESS_ALIASES, FIREBIRD_ALIASES, MAXDB_ALIASES, SYBASE_ALIASES, DB2_ALIASES from plugins.dbms.mssqlserver import MSSQLServerMap from plugins.dbms.mssqlserver.connector import Connector as MSSQLServerConn diff --git a/lib/core/__init__.py b/lib/core/__init__.py index 72630d2e8..b04606ac5 100644 --- a/lib/core/__init__.py +++ b/lib/core/__init__.py @@ -5,4 +5,3 @@ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ -pass diff --git a/lib/core/agent.py b/lib/core/agent.py index c70794a4e..ba725d5b0 100644 --- a/lib/core/agent.py +++ b/lib/core/agent.py @@ -7,31 +7,13 @@ See the file 'doc/COPYING' for copying permission import re -from xml.etree import ElementTree as ET - -from lib.core.common import Backend -from lib.core.common import extractRegexResult -from lib.core.common import getSQLSnippet -from lib.core.common import isDBMSVersionAtLeast -from lib.core.common import isNumber -from lib.core.common import isTechniqueAvailable -from lib.core.common import randomInt -from lib.core.common import randomStr -from lib.core.common import singleTimeWarnMessage -from lib.core.data import conf -from lib.core.data import kb -from lib.core.data import queries +from lib.core.common import Backend, extractRegexResult, getSQLSnippet, isDBMSVersionAtLeast, isNumber, \ + isTechniqueAvailable, randomInt, randomStr, singleTimeWarnMessage +from lib.core.data import conf, kb, queries from lib.core.dicts import FROM_DUMMY_TABLE -from lib.core.dicts import SQL_STATEMENTS -from lib.core.enums import DBMS -from lib.core.enums import PAYLOAD -from lib.core.enums import PLACE -from lib.core.enums import POST_HINT +from lib.core.enums import DBMS, PAYLOAD, PLACE, POST_HINT from lib.core.exception import sqlmapNoneDataException -from lib.core.settings import ASTERISK_MARKER -from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR -from lib.core.settings import GENERIC_SQL_COMMENT -from lib.core.settings import PAYLOAD_DELIMITER +from lib.core.settings import ASTERISK_MARKER, CUSTOM_INJECTION_MARK_CHAR, GENERIC_SQL_COMMENT ,PAYLOAD_DELIMITER from lib.core.unescaper import unescaper class Agent: diff --git a/lib/core/common.py b/lib/core/common.py index c5e82c844..cc144d2d9 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -15,7 +15,6 @@ import inspect import logging import ntpath import os -import pickle import posixpath import random import re @@ -27,113 +26,50 @@ import time import urllib import urlparse import unicodedata - -from ConfigParser import DEFAULTSECT -from ConfigParser import RawConfigParser -from StringIO import StringIO +from ConfigParser import DEFAULTSECT, RawConfigParser from difflib import SequenceMatcher from math import sqrt from optparse import OptionValueError from subprocess import PIPE from subprocess import Popen as execute -from tempfile import mkstemp -from xml.etree import ElementTree as ET from xml.dom import minidom from xml.sax import parse +try: + from cStringIO import StringIO +except ImportError: + from StringIO import StringIO + + + from extra.cloak.cloak import decloak from extra.safe2bin.safe2bin import safecharencode from lib.core.bigarray import BigArray -from lib.core.data import conf -from lib.core.data import kb -from lib.core.data import logger -from lib.core.data import paths -from lib.core.convert import base64pickle -from lib.core.convert import base64unpickle -from lib.core.convert import htmlunescape -from lib.core.convert import stdoutencode -from lib.core.convert import unicodeencode -from lib.core.convert import utf8encode +from lib.core.data import conf, kb, logger, paths +from lib.core.convert import base64pickle, base64unpickle, htmlunescape, stdoutencode, unicodeencode, utf8encode from lib.core.decorators import cachedmethod from lib.core.dicts import DBMS_DICT from lib.core.dicts import DEPRECATED_HINTS from lib.core.dicts import SQL_STATEMENTS -from lib.core.enums import ADJUST_TIME_DELAY -from lib.core.enums import CHARSET_TYPE -from lib.core.enums import DBMS -from lib.core.enums import EXPECTED -from lib.core.enums import HEURISTIC_TEST -from lib.core.enums import HTTPHEADER -from lib.core.enums import HTTPMETHOD -from lib.core.enums import OS -from lib.core.enums import PLACE -from lib.core.enums import PAYLOAD -from lib.core.enums import REFLECTIVE_COUNTER -from lib.core.enums import SORT_ORDER -from lib.core.exception import sqlmapDataException -from lib.core.exception import sqlmapFilePathException -from lib.core.exception import sqlmapGenericException -from lib.core.exception import sqlmapNoneDataException -from lib.core.exception import sqlmapMissingDependence -from lib.core.exception import sqlmapSilentQuitException -from lib.core.exception import sqlmapSyntaxException -from lib.core.exception import sqlmapUserQuitException -from lib.core.log import FORMATTER +from lib.core.enums import ADJUST_TIME_DELAY, CHARSET_TYPE, DBMS, EXPECTED, HEURISTIC_TEST, HTTPHEADER, HTTPMETHOD, \ + OS, PLACE, PAYLOAD, REFLECTIVE_COUNTER, SORT_ORDER +from lib.core.exception import sqlmapDataException, sqlmapFilePathException, sqlmapGenericException, \ + sqlmapNoneDataException, sqlmapMissingDependence, sqlmapSilentQuitException, sqlmapSyntaxException, \ + sqlmapUserQuitException from lib.core.log import LOGGER_HANDLER from lib.core.optiondict import optDict -from lib.core.settings import BOLD_PATTERNS -from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR -from lib.core.settings import DBMS_DIRECTORY_DICT -from lib.core.settings import DEFAULT_COOKIE_DELIMITER -from lib.core.settings import DEFAULT_GET_POST_DELIMITER -from lib.core.settings import DEFAULT_MSSQL_SCHEMA -from lib.core.settings import DEPRECATED_OPTIONS -from lib.core.settings import DESCRIPTION -from lib.core.settings import DUMMY_SQL_INJECTION_CHARS -from lib.core.settings import DUMMY_USER_INJECTION -from lib.core.settings import DYNAMICITY_MARK_LENGTH -from lib.core.settings import ERROR_PARSING_REGEXES -from lib.core.settings import FORM_SEARCH_REGEX -from lib.core.settings import GENERIC_DOC_ROOT_DIRECTORY_NAMES -from lib.core.settings import HASHDB_MILESTONE_VALUE -from lib.core.settings import HOST_ALIASES -from lib.core.settings import INFERENCE_UNKNOWN_CHAR -from lib.core.settings import ISSUES_PAGE -from lib.core.settings import IS_WIN -from lib.core.settings import LARGE_OUTPUT_THRESHOLD -from lib.core.settings import MIN_TIME_RESPONSES -from lib.core.settings import ML -from lib.core.settings import NULL -from lib.core.settings import PARAMETER_AMP_MARKER -from lib.core.settings import PARAMETER_SEMICOLON_MARKER -from lib.core.settings import PARTIAL_VALUE_MARKER -from lib.core.settings import PAYLOAD_DELIMITER -from lib.core.settings import PLATFORM -from lib.core.settings import PRINTABLE_CHAR_REGEX -from lib.core.settings import PYVERSION -from lib.core.settings import REFERER_ALIASES -from lib.core.settings import REFLECTED_BORDER_REGEX -from lib.core.settings import REFLECTED_MAX_REGEX_PARTS -from lib.core.settings import REFLECTED_REPLACEMENT_REGEX -from lib.core.settings import REFLECTED_VALUE_MARKER -from lib.core.settings import REFLECTIVE_MISS_THRESHOLD -from lib.core.settings import REVISION -from lib.core.settings import SENSITIVE_DATA_REGEX -from lib.core.settings import SITE -from lib.core.settings import SUPPORTED_DBMS -from lib.core.settings import TEXT_TAG_REGEX -from lib.core.settings import TIME_STDEV_COEFF -from lib.core.settings import UNICODE_ENCODING -from lib.core.settings import UNKNOWN_DBMS_VERSION -from lib.core.settings import URI_QUESTION_MARKER -from lib.core.settings import URLENCODE_CHAR_LIMIT -from lib.core.settings import URLENCODE_FAILSAFE_CHARS -from lib.core.settings import USER_AGENT_ALIASES -from lib.core.settings import VERSION -from lib.core.settings import VERSION_STRING +from lib.core.settings import BOLD_PATTERNS, CUSTOM_INJECTION_MARK_CHAR, DBMS_DIRECTORY_DICT,\ + DEFAULT_COOKIE_DELIMITER,DEFAULT_GET_POST_DELIMITER, DEFAULT_MSSQL_SCHEMA, DEPRECATED_OPTIONS, DESCRIPTION, \ + DUMMY_SQL_INJECTION_CHARS, DUMMY_USER_INJECTION, DYNAMICITY_MARK_LENGTH, ERROR_PARSING_REGEXES, \ + FORM_SEARCH_REGEX, GENERIC_DOC_ROOT_DIRECTORY_NAMES, HASHDB_MILESTONE_VALUE, HOST_ALIASES,\ + INFERENCE_UNKNOWN_CHAR, ISSUES_PAGE, IS_WIN, LARGE_OUTPUT_THRESHOLD, MIN_TIME_RESPONSES, ML, \ + NULL, PARAMETER_AMP_MARKER, PARAMETER_SEMICOLON_MARKER, PARTIAL_VALUE_MARKER, PAYLOAD_DELIMITER,\ + PLATFORM, PRINTABLE_CHAR_REGEX, PYVERSION, REFERER_ALIASES, REFLECTED_BORDER_REGEX, REFLECTED_MAX_REGEX_PARTS, \ + REFLECTED_REPLACEMENT_REGEX, REFLECTED_VALUE_MARKER, REFLECTIVE_MISS_THRESHOLD, REVISION, SENSITIVE_DATA_REGEX, \ + SITE, SUPPORTED_DBMS, TEXT_TAG_REGEX, TIME_STDEV_COEFF, UNICODE_ENCODING, UNKNOWN_DBMS_VERSION, \ + URI_QUESTION_MARKER, URLENCODE_CHAR_LIMIT, URLENCODE_FAILSAFE_CHARS, USER_AGENT_ALIASES, VERSION, VERSION_STRING from lib.core.threads import getCurrentThreadData -from thirdparty.clientform.clientform import ParseResponse -from thirdparty.clientform.clientform import ParseError +from thirdparty.clientform.clientform import ParseResponse, ParseError from thirdparty.magic import magic from thirdparty.odict.odict import OrderedDict from thirdparty.termcolor.termcolor import colored diff --git a/lib/core/convert.py b/lib/core/convert.py index 407d06765..7c53241c3 100644 --- a/lib/core/convert.py +++ b/lib/core/convert.py @@ -7,17 +7,14 @@ See the file 'doc/COPYING' for copying permission try: import hashlib -except: +except ImportError: import md5 import sha import pickle -import re import sys import struct -import urllib -from lib.core.enums import PLACE from lib.core.settings import IS_WIN from lib.core.settings import UNICODE_ENCODING @@ -31,9 +28,8 @@ def base64pickle(value): retVal = None try: retVal = base64encode(pickle.dumps(value, pickle.HIGHEST_PROTOCOL)) - except: - warnMsg = "problem occurred while serializing " - warnMsg += "instance of a type '%s'" % type(value) + except pickle.PicklingError: + warnMsg = "problem occurred while serializing instance of a type '%s'" % type(value) singleTimeWarnMessage(warnMsg) retVal = base64encode(pickle.dumps(str(value), pickle.HIGHEST_PROTOCOL)) @@ -116,7 +112,7 @@ def stdoutencode(data): warnMsg = "cannot properly display Unicode characters " warnMsg += "inside Windows OS command prompt " warnMsg += "(http://bugs.python.org/issue1602). All " - warnMsg += "unhandled occurances will result in " + warnMsg += "unhandled occurrences will result in " warnMsg += "replacement with '?' character. Please, find " warnMsg += "proper character representation inside " warnMsg += "corresponding output files. " diff --git a/lib/core/dicts.py b/lib/core/dicts.py index 8bec7efe1..0f2b0e61c 100644 --- a/lib/core/dicts.py +++ b/lib/core/dicts.py @@ -5,201 +5,190 @@ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ -from lib.core.enums import DBMS -from lib.core.enums import POST_HINT -from lib.core.settings import BLANK -from lib.core.settings import NULL -from lib.core.settings import MSSQL_ALIASES -from lib.core.settings import MYSQL_ALIASES -from lib.core.settings import PGSQL_ALIASES -from lib.core.settings import ORACLE_ALIASES -from lib.core.settings import SQLITE_ALIASES -from lib.core.settings import ACCESS_ALIASES -from lib.core.settings import FIREBIRD_ALIASES -from lib.core.settings import MAXDB_ALIASES -from lib.core.settings import SYBASE_ALIASES -from lib.core.settings import DB2_ALIASES +from lib.core.enums import DBMS, POST_HINT +from lib.core.settings import BLANK, NULL, MSSQL_ALIASES, MYSQL_ALIASES, PGSQL_ALIASES, ORACLE_ALIASES,\ + SQLITE_ALIASES, ACCESS_ALIASES, FIREBIRD_ALIASES, MAXDB_ALIASES, SYBASE_ALIASES, DB2_ALIASES FIREBIRD_TYPES = { - "261":"BLOB", - "14":"CHAR", - "40":"CSTRING", - "11":"D_FLOAT", - "27":"DOUBLE", - "10":"FLOAT", - "16":"INT64", - "8":"INTEGER", - "9":"QUAD", - "7":"SMALLINT", - "12":"DATE", - "13":"TIME", - "35":"TIMESTAMP", - "37":"VARCHAR" - } + "261": "BLOB", + "14": "CHAR", + "40": "CSTRING", + "11": "D_FLOAT", + "27": "DOUBLE", + "10": "FLOAT", + "16": "INT64", + "8": "INTEGER", + "9": "QUAD", + "7": "SMALLINT", + "12": "DATE", + "13": "TIME", + "35": "TIMESTAMP", + "37": "VARCHAR" +} SYBASE_TYPES = { - "14":"floatn", - "8":"float", - "15":"datetimn", - "12":"datetime", - "23":"real", - "28":"numericn", - "10":"numeric", - "27":"decimaln", - "26":"decimal", - "17":"moneyn", - "11":"money", - "21":"smallmoney", - "22":"smalldatetime", - "13":"intn", - "7":"int", - "6":"smallint", - "5":"tinyint", - "16":"bit", - "2":"varchar", - "18":"sysname", - "25":"nvarchar", - "1":"char", - "24":"nchar", - "4":"varbinary", - "80":"timestamp", - "3":"binary", - "19":"text", - "20":"image", - } + "14": "floatn", + "8": "float", + "15": "datetimn", + "12": "datetime", + "23": "real", + "28": "numericn", + "10": "numeric", + "27": "decimaln", + "26": "decimal", + "17": "moneyn", + "11": "money", + "21": "smallmoney", + "22": "smalldatetime", + "13": "intn", + "7": "int", + "6": "smallint", + "5": "tinyint", + "16": "bit", + "2": "varchar", + "18": "sysname", + "25": "nvarchar", + "1": "char", + "24": "nchar", + "4": "varbinary", + "80": "timestamp", + "3": "binary", + "19": "text", + "20": "image", +} MYSQL_PRIVS = { - 1:"select_priv", - 2:"insert_priv", - 3:"update_priv", - 4:"delete_priv", - 5:"create_priv", - 6:"drop_priv", - 7:"reload_priv", - 8:"shutdown_priv", - 9:"process_priv", - 10:"file_priv", - 11:"grant_priv", - 12:"references_priv", - 13:"index_priv", - 14:"alter_priv", - 15:"show_db_priv", - 16:"super_priv", - 17:"create_tmp_table_priv", - 18:"lock_tables_priv", - 19:"execute_priv", - 20:"repl_slave_priv", - 21:"repl_client_priv", - 22:"create_view_priv", - 23:"show_view_priv", - 24:"create_routine_priv", - 25:"alter_routine_priv", - 26:"create_user_priv", - } + 1: "select_priv", + 2: "insert_priv", + 3: "update_priv", + 4: "delete_priv", + 5: "create_priv", + 6: "drop_priv", + 7: "reload_priv", + 8: "shutdown_priv", + 9: "process_priv", + 10: "file_priv", + 11: "grant_priv", + 12: "references_priv", + 13: "index_priv", + 14: "alter_priv", + 15: "show_db_priv", + 16: "super_priv", + 17: "create_tmp_table_priv", + 18: "lock_tables_priv", + 19: "execute_priv", + 20: "repl_slave_priv", + 21: "repl_client_priv", + 22: "create_view_priv", + 23: "show_view_priv", + 24: "create_routine_priv", + 25: "alter_routine_priv", + 26: "create_user_priv", +} PGSQL_PRIVS = { - 1:"createdb", - 2:"super", - 3:"catupd", - } + 1: "createdb", + 2: "super", + 3: "catupd", +} FIREBIRD_PRIVS = { - "S": "SELECT", - "I": "INSERT", - "U": "UPDATE", - "D": "DELETE", - "R": "REFERENCES", - "E": "EXECUTE" - } + "S": "SELECT", + "I": "INSERT", + "U": "UPDATE", + "D": "DELETE", + "R": "REFERENCES", + "E": "EXECUTE" +} DB2_PRIVS = { - 1: "CONTROLAUTH", - 2: "ALTERAUTH", - 3: "DELETEAUTH", - 4: "INDEXAUTH", - 5: "INSERTAUTH", - 6: "REFAUTH", - 7: "SELECTAUTH", - 8: "UPDATEAUTH" - } + 1: "CONTROLAUTH", + 2: "ALTERAUTH", + 3: "DELETEAUTH", + 4: "INDEXAUTH", + 5: "INSERTAUTH", + 6: "REFAUTH", + 7: "SELECTAUTH", + 8: "UPDATEAUTH" +} DUMP_REPLACEMENTS = {" ": NULL, "": BLANK} DBMS_DICT = { - DBMS.MSSQL: (MSSQL_ALIASES, "python-pymssql", "http://pymssql.sourceforge.net/"), - DBMS.MYSQL: (MYSQL_ALIASES, "python pymysql", "http://code.google.com/p/pymysql/"), - DBMS.PGSQL: (PGSQL_ALIASES, "python-psycopg2", "http://initd.org/psycopg/"), - DBMS.ORACLE: (ORACLE_ALIASES, "python cx_Oracle", "http://cx-oracle.sourceforge.net/"), - DBMS.SQLITE: (SQLITE_ALIASES, "python-pysqlite2", "http://pysqlite.googlecode.com/"), - DBMS.ACCESS: (ACCESS_ALIASES, "python-pyodbc", "http://pyodbc.googlecode.com/"), - DBMS.FIREBIRD: (FIREBIRD_ALIASES, "python-kinterbasdb", "http://kinterbasdb.sourceforge.net/"), - DBMS.MAXDB: (MAXDB_ALIASES, None, None), - DBMS.SYBASE: (SYBASE_ALIASES, "python-pymssql", "http://pymssql.sourceforge.net/"), - DBMS.DB2: (DB2_ALIASES, "python ibm-db", "http://code.google.com/p/ibm-db/") - } + DBMS.MSSQL: (MSSQL_ALIASES, "python-pymssql", "http://pymssql.sourceforge.net/"), + DBMS.MYSQL: (MYSQL_ALIASES, "python pymysql", "http://code.google.com/p/pymysql/"), + DBMS.PGSQL: (PGSQL_ALIASES, "python-psycopg2", "http://initd.org/psycopg/"), + DBMS.ORACLE: (ORACLE_ALIASES, "python cx_Oracle", "http://cx-oracle.sourceforge.net/"), + DBMS.SQLITE: (SQLITE_ALIASES, "python-pysqlite2", "http://pysqlite.googlecode.com/"), + DBMS.ACCESS: (ACCESS_ALIASES, "python-pyodbc", "http://pyodbc.googlecode.com/"), + DBMS.FIREBIRD: (FIREBIRD_ALIASES, "python-kinterbasdb", "http://kinterbasdb.sourceforge.net/"), + DBMS.MAXDB: (MAXDB_ALIASES, None, None), + DBMS.SYBASE: (SYBASE_ALIASES, "python-pymssql", "http://pymssql.sourceforge.net/"), + DBMS.DB2: (DB2_ALIASES, "python ibm-db", "http://code.google.com/p/ibm-db/") +} FROM_DUMMY_TABLE = { - DBMS.ORACLE: " FROM DUAL", - DBMS.ACCESS: " FROM MSysAccessObjects", - DBMS.FIREBIRD: " FROM RDB$DATABASE", - DBMS.MAXDB: " FROM VERSIONS", - DBMS.DB2: " FROM SYSIBM.SYSDUMMY1" - } + DBMS.ORACLE: " FROM DUAL", + DBMS.ACCESS: " FROM MSysAccessObjects", + DBMS.FIREBIRD: " FROM RDB$DATABASE", + DBMS.MAXDB: " FROM VERSIONS", + DBMS.DB2: " FROM SYSIBM.SYSDUMMY1" +} SQL_STATEMENTS = { - "SQL SELECT statement": ( - "select ", - "show ", - " top ", - " distinct ", - " from ", - " from dual", - " where ", - " group by ", - " order by ", - " having ", - " limit ", - " offset ", - " union all ", - " rownum as ", - "(case ", ), + "SQL SELECT statement": ( + "select ", + "show ", + " top ", + " distinct ", + " from ", + " from dual", + " where ", + " group by ", + " order by ", + " having ", + " limit ", + " offset ", + " union all ", + " rownum as ", + "(case ", ), - "SQL data definition": ( - "create ", - "declare ", - "drop ", - "truncate ", - "alter ", ), + "SQL data definition": ( + "create ", + "declare ", + "drop ", + "truncate ", + "alter ", ), - "SQL data manipulation": ( - "bulk ", - "insert ", - "update ", - "delete ", - "merge ", - "load ", ), + "SQL data manipulation": ( + "bulk ", + "insert ", + "update ", + "delete ", + "merge ", + "load ", ), - "SQL data control": ( - "grant ", - "revoke ", ), + "SQL data control": ( + "grant ", + "revoke ", ), - "SQL data execution": ( - "exec ", - "execute ", ), + "SQL data execution": ( + "exec ", + "execute ", ), - "SQL transaction": ( - "start transaction ", - "begin work ", - "begin transaction ", - "commit ", - "rollback ", ), - } + "SQL transaction": ( + "start transaction ", + "begin work ", + "begin transaction ", + "commit ", + "rollback ", ), +} POST_HINT_CONTENT_TYPES = { - POST_HINT.JSON: "application/json", - POST_HINT.MULTIPART: "multipart/form-data", - POST_HINT.SOAP: "application/soap+xml", - POST_HINT.XML: "application/xml" - } + POST_HINT.JSON: "application/json", + POST_HINT.MULTIPART: "multipart/form-data", + POST_HINT.SOAP: "application/soap+xml", + POST_HINT.XML: "application/xml" +} DEPRECATED_HINTS = {"--replicate": "use '--dump-format=SQLITE' instead"} diff --git a/lib/core/dump.py b/lib/core/dump.py index aaac5f8ad..a159e2ba4 100644 --- a/lib/core/dump.py +++ b/lib/core/dump.py @@ -6,36 +6,19 @@ See the file 'doc/COPYING' for copying permission """ import codecs -import re import os -import StringIO import threading from xml.dom.minidom import getDOMImplementation -from lib.core.common import Backend -from lib.core.common import dataToDumpFile -from lib.core.common import dataToStdout -from lib.core.common import getUnicode -from lib.core.common import isListLike -from lib.core.common import normalizeUnicode -from lib.core.common import openFile -from lib.core.common import prioritySortColumns -from lib.core.common import safeCSValue -from lib.core.common import unsafeSQLIdentificatorNaming -from lib.core.data import conf -from lib.core.data import kb -from lib.core.data import logger -from lib.core.dicts import DUMP_REPLACEMENTS -from lib.core.enums import DBMS +from lib.core.common import Backend, dataToDumpFile, dataToStdout, getUnicode, isListLike, normalizeUnicode, \ + openFile, prioritySortColumns, safeCSValue, unsafeSQLIdentificatorNaming +from lib.core.data import conf, kb, logger +from lib.core.dicts import DUMP_REPLACEMENTS, DBMS from lib.core.enums import DUMP_FORMAT -from lib.core.exception import sqlmapGenericException -from lib.core.exception import sqlmapValueException +from lib.core.exception import sqlmapGenericException, sqlmapValueException from lib.core.replication import Replication -from lib.core.settings import HTML_DUMP_CSS_STYLE -from lib.core.settings import METADB_SUFFIX -from lib.core.settings import TRIM_STDOUT_DUMP_SIZE -from lib.core.settings import UNICODE_ENCODING +from lib.core.settings import HTML_DUMP_CSS_STYLE, METADB_SUFFIX, TRIM_STDOUT_DUMP_SIZE, UNICODE_ENCODING class Dump: """ diff --git a/lib/core/enums.py b/lib/core/enums.py index 62cbbceda..468aa2b54 100644 --- a/lib/core/enums.py +++ b/lib/core/enums.py @@ -5,6 +5,8 @@ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ +#TODO: Moved all of these to namedtuple + class PRIORITY: LOWEST = -100 LOWER = -50 @@ -14,6 +16,7 @@ class PRIORITY: HIGHER = 50 HIGHEST = 100 + class SORT_ORDER: FIRST = 0 SECOND = 1 @@ -22,9 +25,10 @@ class SORT_ORDER: FIFTH = 4 LAST = 100 + class DBMS: ACCESS = "Microsoft Access" - DB2 = "IBM DB2" + DB2 = "IBM DB2" FIREBIRD = "Firebird" MAXDB = "SAP MaxDB" MSSQL = "Microsoft SQL Server" @@ -34,6 +38,7 @@ class DBMS: SQLITE = "SQLite" SYBASE = "Sybase" + class DBMS_DIRECTORY_NAME: ACCESS = "access" DB2 = "db2" @@ -46,15 +51,18 @@ class DBMS_DIRECTORY_NAME: SQLITE = "sqlite" SYBASE = "sybase" + class CUSTOM_LOGGING: PAYLOAD = 9 TRAFFIC_OUT = 8 TRAFFIC_IN = 7 + class OS: LINUX = "Linux" WINDOWS = "Windows" + class PLACE: GET = "GET" POST = "POST" @@ -65,25 +73,30 @@ class PLACE: HOST = "Host" CUSTOM_POST = "(custom) POST" + class POST_HINT: SOAP = "SOAP" JSON = "JSON" MULTIPART = "MULTIPART" XML = "XML (generic)" + class HTTPMETHOD: GET = "GET" POST = "POST" HEAD = "HEAD" + class NULLCONNECTION: HEAD = "HEAD" RANGE = "Range" + class REFLECTIVE_COUNTER: MISS = "MISS" HIT = "HIT" + class CHARSET_TYPE: BINARY = 1 DIGITS = 2 @@ -91,11 +104,13 @@ class CHARSET_TYPE: ALPHA = 4 ALPHANUM = 5 + class HEURISTIC_TEST: CASTED = 1 NEGATIVE = 2 POSITIVE = 3 + class HASH: MYSQL = r'(?i)\A\*[0-9a-f]{40}\Z' MYSQL_OLD = r'(?i)\A(?![0-9]+\Z)[0-9a-f]{16}\Z' @@ -111,24 +126,33 @@ class HASH: # Reference: http://www.zytrax.com/tech/web/mobile_ids.html class MOBILES: - BLACKBERRY = ("BlackBerry 9900", "Mozilla/5.0 (BlackBerry; U; BlackBerry 9900; en) AppleWebKit/534.11+ (KHTML, like Gecko) Version/7.1.0.346 Mobile Safari/534.11+") - GALAXY = ("Samsung Galaxy S", "Mozilla/5.0 (Linux; U; Android 2.2; en-US; SGH-T959D Build/FROYO) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1") + BLACKBERRY = ("BlackBerry 9900", + "Mozilla/5.0 (BlackBerry; U; BlackBerry 9900; en) AppleWebKit/534.11+ (KHTML, like Gecko) Version/7.1.0.346 Mobile Safari/534.11+") + GALAXY = ("Samsung Galaxy S", + "Mozilla/5.0 (Linux; U; Android 2.2; en-US; SGH-T959D Build/FROYO) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1") HP = ("HP iPAQ 6365", "Mozilla/4.0 (compatible; MSIE 4.01; Windows CE; PPC; 240x320; HP iPAQ h6300)") - HTC = ("HTC Sensation", "Mozilla/5.0 (Linux; U; Android 4.0.3; de-ch; HTC Sensation Build/IML74K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30") - IPHONE = ("Apple iPhone 4s", "Mozilla/5.0 (iPhone; CPU iPhone OS 5_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B179 Safari/7534.48.3") - NEXUS = ("Google Nexus 7", "Mozilla/5.0 (Linux; Android 4.1.1; Nexus 7 Build/JRO03D) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.166 Safari/535.19") - NOKIA = ("Nokia N97", "Mozilla/5.0 (SymbianOS/9.4; Series60/5.0 NokiaN97-1/10.0.012; Profile/MIDP-2.1 Configuration/CLDC-1.1; en-us) AppleWebKit/525 (KHTML, like Gecko) WicKed/7.1.12344") + HTC = ("HTC Sensation", + "Mozilla/5.0 (Linux; U; Android 4.0.3; de-ch; HTC Sensation Build/IML74K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30") + IPHONE = ("Apple iPhone 4s", + "Mozilla/5.0 (iPhone; CPU iPhone OS 5_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B179 Safari/7534.48.3") + NEXUS = ("Google Nexus 7", + "Mozilla/5.0 (Linux; Android 4.1.1; Nexus 7 Build/JRO03D) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.166 Safari/535.19") + NOKIA = ("Nokia N97", + "Mozilla/5.0 (SymbianOS/9.4; Series60/5.0 NokiaN97-1/10.0.012; Profile/MIDP-2.1 Configuration/CLDC-1.1; en-us) AppleWebKit/525 (KHTML, like Gecko) WicKed/7.1.12344") + class PROXY_TYPE: HTTP = "HTTP" SOCKS4 = "SOCKS4" SOCKS5 = "SOCKS5" + class DUMP_FORMAT: CSV = "CSV" HTML = "HTML" SQLITE = "SQLITE" + class HTTPHEADER: ACCEPT = "Accept" ACCEPT_CHARSET = "Accept-Charset" @@ -151,10 +175,12 @@ class HTTPHEADER: REFERER = "Referer" USER_AGENT = "User-Agent" + class EXPECTED: BOOL = "bool" INT = "int" + class HASHDB_KEYS: DBMS = "DBMS" CONF_TMP_PATH = "CONF_TMP_PATH" @@ -167,46 +193,48 @@ class HASHDB_KEYS: KB_XP_CMDSHELL_AVAILABLE = "KB_XP_CMDSHELL_AVAILABLE" OS = "OS" + class REDIRECTION: YES = "Y" NO = "N" + class PAYLOAD: SQLINJECTION = { - 1: "boolean-based blind", - 2: "error-based", - 3: "UNION query", - 4: "stacked queries", - 5: "AND/OR time-based blind", - 6: "inline query" - } + 1: "boolean-based blind", + 2: "error-based", + 3: "UNION query", + 4: "stacked queries", + 5: "AND/OR time-based blind", + 6: "inline query" + } PARAMETER = { - 1: "Unescaped numeric", - 2: "Single quoted string", - 3: "LIKE single quoted string", - 4: "Double quoted string", - 5: "LIKE double quoted string" - } + 1: "Unescaped numeric", + 2: "Single quoted string", + 3: "LIKE single quoted string", + 4: "Double quoted string", + 5: "LIKE double quoted string" + } RISK = { - 0: "No risk", - 1: "Low risk", - 2: "Medium risk", - 3: "High risk" - } + 0: "No risk", + 1: "Low risk", + 2: "Medium risk", + 3: "High risk" + } CLAUSE = { - 0: "Always", - 1: "WHERE", - 2: "GROUP BY", - 3: "ORDER BY", - 4: "LIMIT", - 5: "OFFSET", - 6: "TOP", - 7: "Table name", - 8: "Column name" - } + 0: "Always", + 1: "WHERE", + 2: "GROUP BY", + 3: "ORDER BY", + 4: "LIMIT", + 5: "OFFSET", + 6: "TOP", + 7: "Table name", + 8: "Column name" + } class METHOD: COMPARISON = "comparison" @@ -227,16 +255,21 @@ class PAYLOAD: NEGATIVE = 2 REPLACE = 3 + class WIZARD: BASIC = ("getBanner", "getCurrentUser", "getCurrentDb", "isDba") - SMART = ("getBanner", "getCurrentUser", "getCurrentDb", "isDba", "getUsers", "getDbs", "getTables", "getSchema", "excludeSysDbs") - ALL = ("getBanner", "getCurrentUser", "getCurrentDb", "isDba", "getHostname", "getUsers", "getPasswordHashes", "getPrivileges", "getRoles", "dumpAll") + SMART = ("getBanner", "getCurrentUser", "getCurrentDb", "isDba", "getUsers", "getDbs", "getTables", "getSchema", + "excludeSysDbs") + ALL = ("getBanner", "getCurrentUser", "getCurrentDb", "isDba", "getHostname", "getUsers", "getPasswordHashes", + "getPrivileges", "getRoles", "dumpAll") + class ADJUST_TIME_DELAY: DISABLE = -1 NO = 0 YES = 1 + class WEB_API: PHP = "php" ASP = "asp" diff --git a/lib/core/exception.py b/lib/core/exception.py index 966342e84..610e817ec 100644 --- a/lib/core/exception.py +++ b/lib/core/exception.py @@ -8,76 +8,94 @@ See the file 'doc/COPYING' for copying permission class sqlmapCompressionException(Exception): pass + class sqlmapConnectionException(Exception): pass + class sqlmapDataException(Exception): pass + class sqlmapFilePathException(Exception): pass + class sqlmapGenericException(Exception): pass + class sqlmapMissingDependence(Exception): pass + class sqlmapMissingMandatoryOptionException(Exception): pass + class sqlmapMissingPrivileges(Exception): pass + class sqlmapNoneDataException(Exception): pass + class sqlmapNotVulnerableException(Exception): pass + class sqlmapSilentQuitException(Exception): pass + class sqlmapUserQuitException(Exception): pass + class sqlmapRegExprException(Exception): pass + class sqlmapSyntaxException(Exception): pass + class sqlmapThreadException(Exception): pass + class sqlmapUndefinedMethod(Exception): pass + class sqlmapUnsupportedDBMSException(Exception): pass + class sqlmapUnsupportedFeatureException(Exception): pass + class sqlmapValueException(Exception): pass exceptionsTuple = ( - sqlmapCompressionException, - sqlmapConnectionException, - sqlmapDataException, - sqlmapFilePathException, - sqlmapGenericException, - sqlmapMissingDependence, - sqlmapMissingMandatoryOptionException, - sqlmapNoneDataException, - sqlmapRegExprException, - sqlmapSyntaxException, - sqlmapUndefinedMethod, - sqlmapMissingPrivileges, - sqlmapNotVulnerableException, - sqlmapThreadException, - sqlmapUnsupportedDBMSException, - sqlmapUnsupportedFeatureException, - sqlmapValueException, - ) + sqlmapCompressionException, + sqlmapConnectionException, + sqlmapDataException, + sqlmapFilePathException, + sqlmapGenericException, + sqlmapMissingDependence, + sqlmapMissingMandatoryOptionException, + sqlmapNoneDataException, + sqlmapRegExprException, + sqlmapSyntaxException, + sqlmapUndefinedMethod, + sqlmapMissingPrivileges, + sqlmapNotVulnerableException, + sqlmapThreadException, + sqlmapUnsupportedDBMSException, + sqlmapUnsupportedFeatureException, + sqlmapValueException, + ) diff --git a/lib/core/htmlentities.py b/lib/core/htmlentities.py index cc479cbed..d4ea4d8bb 100644 --- a/lib/core/htmlentities.py +++ b/lib/core/htmlentities.py @@ -8,256 +8,256 @@ See the file 'doc/COPYING' for copying permission # Reference: http://www.w3.org/TR/1999/REC-html401-19991224/sgml/entities.html htmlEntities = { - 'quot': 34, - 'amp': 38, - 'lt': 60, - 'gt': 62, - 'nbsp': 160, - 'iexcl': 161, - 'cent': 162, - 'pound': 163, + 'quot': 34, + 'amp': 38, + 'lt': 60, + 'gt': 62, + 'nbsp': 160, + 'iexcl': 161, + 'cent': 162, + 'pound': 163, 'curren': 164, - 'yen': 165, + 'yen': 165, 'brvbar': 166, - 'sect': 167, - 'uml': 168, - 'copy': 169, - 'ordf': 170, - 'laquo': 171, - 'not': 172, - 'shy': 173, - 'reg': 174, - 'macr': 175, - 'deg': 176, + 'sect': 167, + 'uml': 168, + 'copy': 169, + 'ordf': 170, + 'laquo': 171, + 'not': 172, + 'shy': 173, + 'reg': 174, + 'macr': 175, + 'deg': 176, 'plusmn': 177, - 'sup2': 178, - 'sup3': 179, - 'acute': 180, - 'micro': 181, - 'para': 182, + 'sup2': 178, + 'sup3': 179, + 'acute': 180, + 'micro': 181, + 'para': 182, 'middot': 183, - 'cedil': 184, - 'sup1': 185, - 'ordm': 186, - 'raquo': 187, + 'cedil': 184, + 'sup1': 185, + 'ordm': 186, + 'raquo': 187, 'frac14': 188, 'frac12': 189, 'frac34': 190, 'iquest': 191, 'Agrave': 192, 'Aacute': 193, - 'Acirc': 194, + 'Acirc': 194, 'Atilde': 195, - 'Auml': 196, - 'Aring': 197, - 'AElig': 198, + 'Auml': 196, + 'Aring': 197, + 'AElig': 198, 'Ccedil': 199, 'Egrave': 200, 'Eacute': 201, - 'Ecirc': 202, - 'Euml': 203, + 'Ecirc': 202, + 'Euml': 203, 'Igrave': 204, 'Iacute': 205, - 'Icirc': 206, - 'Iuml': 207, - 'ETH': 208, + 'Icirc': 206, + 'Iuml': 207, + 'ETH': 208, 'Ntilde': 209, 'Ograve': 210, 'Oacute': 211, - 'Ocirc': 212, + 'Ocirc': 212, 'Otilde': 213, - 'Ouml': 214, - 'times': 215, + 'Ouml': 214, + 'times': 215, 'Oslash': 216, 'Ugrave': 217, 'Uacute': 218, - 'Ucirc': 219, - 'Uuml': 220, + 'Ucirc': 219, + 'Uuml': 220, 'Yacute': 221, - 'THORN': 222, - 'szlig': 223, + 'THORN': 222, + 'szlig': 223, 'agrave': 224, 'aacute': 225, - 'acirc': 226, + 'acirc': 226, 'atilde': 227, - 'auml': 228, - 'aring': 229, - 'aelig': 230, + 'auml': 228, + 'aring': 229, + 'aelig': 230, 'ccedil': 231, 'egrave': 232, 'eacute': 233, - 'ecirc': 234, - 'euml': 235, + 'ecirc': 234, + 'euml': 235, 'igrave': 236, 'iacute': 237, - 'icirc': 238, - 'iuml': 239, - 'eth': 240, + 'icirc': 238, + 'iuml': 239, + 'eth': 240, 'ntilde': 241, 'ograve': 242, 'oacute': 243, - 'ocirc': 244, + 'ocirc': 244, 'otilde': 245, - 'ouml': 246, + 'ouml': 246, 'divide': 247, 'oslash': 248, 'ugrave': 249, 'uacute': 250, - 'ucirc': 251, - 'uuml': 252, + 'ucirc': 251, + 'uuml': 252, 'yacute': 253, - 'thorn': 254, - 'yuml': 255, - 'OElig': 338, - 'oelig': 339, + 'thorn': 254, + 'yuml': 255, + 'OElig': 338, + 'oelig': 339, 'Scaron': 352, - 'fnof': 402, + 'fnof': 402, 'scaron': 353, - 'Yuml': 376, - 'circ': 710, - 'tilde': 732, - 'Alpha': 913, - 'Beta': 914, - 'Gamma': 915, - 'Delta': 916, - 'Epsilon': 917, - 'Zeta': 918, - 'Eta': 919, - 'Theta': 920, - 'Iota': 921, - 'Kappa': 922, - 'Lambda': 923, - 'Mu': 924, - 'Nu': 925, - 'Xi': 926, - 'Omicron': 927, - 'Pi': 928, - 'Rho': 929, - 'Sigma': 931, - 'Tau': 932, - 'Upsilon': 933, - 'Phi': 934, - 'Chi': 935, - 'Psi': 936, - 'Omega': 937, - 'alpha': 945, - 'beta': 946, - 'gamma': 947, - 'delta': 948, - 'epsilon': 949, - 'zeta': 950, - 'eta': 951, - 'theta': 952, - 'iota': 953, - 'kappa': 954, - 'lambda': 955, - 'mu': 956, - 'nu': 957, - 'xi': 958, - 'omicron': 959, - 'pi': 960, - 'rho': 961, - 'sigmaf': 962, - 'sigma': 963, - 'tau': 964, - 'upsilon': 965, - 'phi': 966, - 'chi': 967, - 'psi': 968, - 'omega': 969, + 'Yuml': 376, + 'circ': 710, + 'tilde': 732, + 'Alpha': 913, + 'Beta': 914, + 'Gamma': 915, + 'Delta': 916, + 'Epsilon': 917, + 'Zeta': 918, + 'Eta': 919, + 'Theta': 920, + 'Iota': 921, + 'Kappa': 922, + 'Lambda': 923, + 'Mu': 924, + 'Nu': 925, + 'Xi': 926, + 'Omicron': 927, + 'Pi': 928, + 'Rho': 929, + 'Sigma': 931, + 'Tau': 932, + 'Upsilon': 933, + 'Phi': 934, + 'Chi': 935, + 'Psi': 936, + 'Omega': 937, + 'alpha': 945, + 'beta': 946, + 'gamma': 947, + 'delta': 948, + 'epsilon': 949, + 'zeta': 950, + 'eta': 951, + 'theta': 952, + 'iota': 953, + 'kappa': 954, + 'lambda': 955, + 'mu': 956, + 'nu': 957, + 'xi': 958, + 'omicron': 959, + 'pi': 960, + 'rho': 961, + 'sigmaf': 962, + 'sigma': 963, + 'tau': 964, + 'upsilon': 965, + 'phi': 966, + 'chi': 967, + 'psi': 968, + 'omega': 969, 'thetasym': 977, - 'upsih': 978, - 'piv': 982, - 'bull': 8226, - 'hellip': 8230, - 'prime': 8242, - 'Prime': 8243, - 'oline': 8254, - 'frasl': 8260, - 'ensp': 8194, - 'emsp': 8195, + 'upsih': 978, + 'piv': 982, + 'bull': 8226, + 'hellip': 8230, + 'prime': 8242, + 'Prime': 8243, + 'oline': 8254, + 'frasl': 8260, + 'ensp': 8194, + 'emsp': 8195, 'thinsp': 8201, - 'zwnj': 8204, - 'zwj': 8205, - 'lrm': 8206, - 'rlm': 8207, - 'ndash': 8211, - 'mdash': 8212, - 'lsquo': 8216, - 'rsquo': 8217, - 'sbquo': 8218, - 'ldquo': 8220, - 'rdquo': 8221, - 'bdquo': 8222, + 'zwnj': 8204, + 'zwj': 8205, + 'lrm': 8206, + 'rlm': 8207, + 'ndash': 8211, + 'mdash': 8212, + 'lsquo': 8216, + 'rsquo': 8217, + 'sbquo': 8218, + 'ldquo': 8220, + 'rdquo': 8221, + 'bdquo': 8222, 'dagger': 8224, 'Dagger': 8225, 'permil': 8240, 'lsaquo': 8249, 'rsaquo': 8250, - 'euro': 8364, - 'weierp': 8472, - 'image': 8465, - 'real': 8476, - 'trade': 8482, + 'euro': 8364, + 'weierp': 8472, + 'image': 8465, + 'real': 8476, + 'trade': 8482, 'alefsym': 8501, - 'larr': 8592, - 'uarr': 8593, - 'rarr': 8594, - 'darr': 8595, - 'harr': 8596, - 'crarr': 8629, - 'lArr': 8656, - 'uArr': 8657, - 'rArr': 8658, - 'dArr': 8659, - 'hArr': 8660, + 'larr': 8592, + 'uarr': 8593, + 'rarr': 8594, + 'darr': 8595, + 'harr': 8596, + 'crarr': 8629, + 'lArr': 8656, + 'uArr': 8657, + 'rArr': 8658, + 'dArr': 8659, + 'hArr': 8660, 'forall': 8704, - 'part': 8706, - 'exist': 8707, - 'empty': 8709, - 'nabla': 8711, - 'isin': 8712, - 'notin': 8713, - 'ni': 8715, - 'prod': 8719, - 'sum': 8721, - 'minus': 8722, + 'part': 8706, + 'exist': 8707, + 'empty': 8709, + 'nabla': 8711, + 'isin': 8712, + 'notin': 8713, + 'ni': 8715, + 'prod': 8719, + 'sum': 8721, + 'minus': 8722, 'lowast': 8727, - 'radic': 8730, - 'prop': 8733, - 'infin': 8734, - 'ang': 8736, - 'and': 8743, - 'or': 8744, - 'cap': 8745, - 'cup': 8746, - 'int': 8747, + 'radic': 8730, + 'prop': 8733, + 'infin': 8734, + 'ang': 8736, + 'and': 8743, + 'or': 8744, + 'cap': 8745, + 'cup': 8746, + 'int': 8747, 'there4': 8756, - 'sim': 8764, - 'cong': 8773, - 'asymp': 8776, - 'ne': 8800, - 'equiv': 8801, - 'le': 8804, - 'ge': 8805, - 'sub': 8834, - 'sup': 8835, - 'nsub': 8836, - 'sube': 8838, - 'supe': 8839, - 'oplus': 8853, + 'sim': 8764, + 'cong': 8773, + 'asymp': 8776, + 'ne': 8800, + 'equiv': 8801, + 'le': 8804, + 'ge': 8805, + 'sub': 8834, + 'sup': 8835, + 'nsub': 8836, + 'sube': 8838, + 'supe': 8839, + 'oplus': 8853, 'otimes': 8855, - 'perp': 8869, - 'sdot': 8901, - 'lceil': 8968, - 'rceil': 8969, + 'perp': 8869, + 'sdot': 8901, + 'lceil': 8968, + 'rceil': 8969, 'lfloor': 8970, 'rfloor': 8971, - 'lang': 9001, - 'rang': 9002, - 'loz': 9674, + 'lang': 9001, + 'rang': 9002, + 'loz': 9674, 'spades': 9824, - 'clubs': 9827, + 'clubs': 9827, 'hearts': 9829, - 'diams': 9830, + 'diams': 9830, } diff --git a/lib/core/log.py b/lib/core/log.py index 091b287bb..c2e530b45 100644 --- a/lib/core/log.py +++ b/lib/core/log.py @@ -26,7 +26,7 @@ try: except ImportError: LOGGER_HANDLER = logging.StreamHandler(sys.stdout) -FORMATTER = logging.Formatter("\r[%(asctime)s] [%(levelname)s] %(message)s", "%H:%M:%S") +FORMATTER = logging.Formatter(u"\r[%(asctime)s] [%(levelname)s] %(message)s", "%H:%M:%S") LOGGER_HANDLER.setFormatter(FORMATTER) LOGGER.addHandler(LOGGER_HANDLER) diff --git a/lib/core/option.py b/lib/core/option.py index c7aa7ed48..62a5e1b7c 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -17,110 +17,38 @@ import sys import threading import urllib2 import urlparse +from xml.etree.ElementTree import ElementTree import lib.core.common import lib.core.threads import lib.core.convert from lib.controller.checks import checkConnection -from lib.core.common import Backend -from lib.core.common import boldifyMessage -from lib.core.common import dataToStdout -from lib.core.common import getPublicTypeMembers -from lib.core.common import extractRegexResult -from lib.core.common import filterStringValue -from lib.core.common import findPageForms -from lib.core.common import getConsoleWidth -from lib.core.common import getFileItems -from lib.core.common import getFileType -from lib.core.common import getUnicode -from lib.core.common import isListLike -from lib.core.common import normalizePath -from lib.core.common import ntToPosixSlashes -from lib.core.common import openFile -from lib.core.common import parseTargetDirect -from lib.core.common import parseTargetUrl -from lib.core.common import paths -from lib.core.common import randomRange -from lib.core.common import randomStr -from lib.core.common import readInput -from lib.core.common import resetCookieJar -from lib.core.common import runningAsAdmin -from lib.core.common import sanitizeStr -from lib.core.common import setOptimize -from lib.core.common import singleTimeWarnMessage -from lib.core.common import UnicodeRawConfigParser -from lib.core.common import urldecode -from lib.core.common import urlencode -from lib.core.data import conf -from lib.core.data import kb -from lib.core.data import logger -from lib.core.data import queries -from lib.core.datatype import AttribDict -from lib.core.datatype import InjectionDict +from lib.core.common import Backend, boldifyMessage, dataToStdout, getPublicTypeMembers, extractRegexResult,\ + filterStringValue, findPageForms, getConsoleWidth, getFileItems, getFileType, getUnicode, isListLike,\ + normalizePath, ntToPosixSlashes, openFile, parseTargetDirect, parseTargetUrl, paths, randomRange, randomStr,\ + readInput, resetCookieJar, runningAsAdmin, sanitizeStr, setOptimize, singleTimeWarnMessage,\ + UnicodeRawConfigParser, urldecode, urlencode +from lib.core.data import conf, kb, logger, queries +from lib.core.datatype import AttribDict, InjectionDict from lib.core.defaults import defaults from lib.core.dicts import DBMS_DICT from lib.core.dicts import DUMP_REPLACEMENTS -from lib.core.enums import ADJUST_TIME_DELAY -from lib.core.enums import CUSTOM_LOGGING -from lib.core.enums import DUMP_FORMAT -from lib.core.enums import HTTPHEADER -from lib.core.enums import HTTPMETHOD -from lib.core.enums import MOBILES -from lib.core.enums import PAYLOAD -from lib.core.enums import PRIORITY -from lib.core.enums import PROXY_TYPE -from lib.core.enums import REFLECTIVE_COUNTER -from lib.core.enums import WIZARD -from lib.core.exception import sqlmapConnectionException -from lib.core.exception import sqlmapFilePathException -from lib.core.exception import sqlmapGenericException -from lib.core.exception import sqlmapMissingDependence -from lib.core.exception import sqlmapMissingMandatoryOptionException -from lib.core.exception import sqlmapMissingPrivileges -from lib.core.exception import sqlmapSilentQuitException -from lib.core.exception import sqlmapSyntaxException -from lib.core.exception import sqlmapUnsupportedDBMSException -from lib.core.exception import sqlmapUserQuitException -from lib.core.log import FORMATTER -from lib.core.log import LOGGER_HANDLER +from lib.core.enums import ADJUST_TIME_DELAY, CUSTOM_LOGGING, DUMP_FORMAT, HTTPHEADER, HTTPMETHOD, MOBILES,\ + PAYLOAD, PRIORITY, PROXY_TYPE, REFLECTIVE_COUNTER, WIZARD +from lib.core.exception import sqlmapConnectionException, sqlmapFilePathException, sqlmapGenericException,\ + sqlmapMissingDependence, sqlmapMissingMandatoryOptionException, sqlmapMissingPrivileges,\ + sqlmapSilentQuitException, sqlmapSyntaxException, sqlmapUnsupportedDBMSException, sqlmapUserQuitException +from lib.core.log import FORMATTER, LOGGER_HANDLER from lib.core.optiondict import optDict from lib.core.purge import purge -from lib.core.settings import ACCESS_ALIASES -from lib.core.settings import BURP_REQUEST_REGEX -from lib.core.settings import CODECS_LIST_PAGE -from lib.core.settings import CRAWL_EXCLUDE_EXTENSIONS -from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR -from lib.core.settings import DB2_ALIASES -from lib.core.settings import DEFAULT_GET_POST_DELIMITER -from lib.core.settings import DEFAULT_PAGE_ENCODING -from lib.core.settings import DEFAULT_TOR_HTTP_PORTS -from lib.core.settings import DEFAULT_TOR_SOCKS_PORT -from lib.core.settings import FIREBIRD_ALIASES -from lib.core.settings import INJECT_HERE_MARK -from lib.core.settings import IS_WIN -from lib.core.settings import LOCALHOST -from lib.core.settings import MAXDB_ALIASES -from lib.core.settings import MAX_NUMBER_OF_THREADS -from lib.core.settings import MSSQL_ALIASES -from lib.core.settings import MYSQL_ALIASES -from lib.core.settings import NULL -from lib.core.settings import ORACLE_ALIASES -from lib.core.settings import PARAMETER_SPLITTING_REGEX -from lib.core.settings import PGSQL_ALIASES -from lib.core.settings import PYVERSION -from lib.core.settings import SITE -from lib.core.settings import SQLITE_ALIASES -from lib.core.settings import SUPPORTED_DBMS -from lib.core.settings import SUPPORTED_OS -from lib.core.settings import SYBASE_ALIASES -from lib.core.settings import TIME_DELAY_CANDIDATES -from lib.core.settings import UNENCODED_ORIGINAL_VALUE -from lib.core.settings import UNION_CHAR_REGEX -from lib.core.settings import UNKNOWN_DBMS_VERSION -from lib.core.settings import URI_INJECTABLE_REGEX -from lib.core.settings import VERSION_STRING -from lib.core.settings import WEBSCARAB_SPLITTER +from lib.core.settings import ACCESS_ALIASES, BURP_REQUEST_REGEX, CODECS_LIST_PAGE, CRAWL_EXCLUDE_EXTENSIONS,\ + CUSTOM_INJECTION_MARK_CHAR, DB2_ALIASES, DEFAULT_GET_POST_DELIMITER, DEFAULT_PAGE_ENCODING,\ + DEFAULT_TOR_HTTP_PORTS, DEFAULT_TOR_SOCKS_PORT, FIREBIRD_ALIASES, INJECT_HERE_MARK, IS_WIN,\ + LOCALHOST, MAXDB_ALIASES, MAX_NUMBER_OF_THREADS, MSSQL_ALIASES, MYSQL_ALIASES, NULL, ORACLE_ALIASES,\ + PARAMETER_SPLITTING_REGEX, PGSQL_ALIASES, PYVERSION, SITE, SQLITE_ALIASES, SUPPORTED_DBMS, SUPPORTED_OS,\ + SYBASE_ALIASES, TIME_DELAY_CANDIDATES, UNENCODED_ORIGINAL_VALUE, UNION_CHAR_REGEX, UNKNOWN_DBMS_VERSION,\ + URI_INJECTABLE_REGEX, VERSION_STRING, WEBSCARAB_SPLITTER from lib.core.threads import getCurrentThreadData from lib.core.update import update from lib.parse.configfile import configFileParser @@ -142,7 +70,7 @@ from thirdparty.colorama.initialise import init as coloramainit from thirdparty.keepalive import keepalive from thirdparty.oset.pyoset import oset from thirdparty.socks import socks -from xml.etree.ElementTree import ElementTree + authHandler = urllib2.BaseHandler() httpsHandler = HTTPSHandler() diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py index 479e51905..7319fac7c 100644 --- a/lib/core/optiondict.py +++ b/lib/core/optiondict.py @@ -6,202 +6,202 @@ See the file 'doc/COPYING' for copying permission """ optDict = { - # Format: - # Family: { "parameter name": "parameter datatype" }, - # Or: - # Family: { "parameter name": ("parameter datatype", "category name used for common outputs feature") }, - "Target": { - "direct": "string", - "url": "string", - "logFile": "string", - "bulkFile": "string", - "requestFile": "string", - "sessionFile": "string", - "googleDork": "string", - "configFile": "string" - }, + # Format: + # Family: { "parameter name": "parameter datatype" }, + # Or: + # Family: { "parameter name": ("parameter datatype", "category name used for common outputs feature") }, + "Target": { + "direct": "string", + "url": "string", + "logFile": "string", + "bulkFile": "string", + "requestFile": "string", + "sessionFile": "string", + "googleDork": "string", + "configFile": "string" + }, - "Request": { - "data": "string", - "pDel": "string", - "cookie": "string", - "loadCookies": "string", - "dropSetCookie": "boolean", - "agent": "string", - "randomAgent": "boolean", - "rParam": "string", - "forceSSL": "boolean", - "host": "string", - "referer": "string", - "headers": "string", - "aType": "string", - "aCred": "string", - "aCert": "string", - "proxy": "string", - "pCred": "string", - "ignoreProxy": "boolean", - "delay": "float", - "timeout": "float", - "retries": "integer", - "scope": "string", - "safUrl": "string", - "saFreq": "integer", - "skipUrlEncode": "boolean", - "evalCode": "string" - }, + "Request": { + "data": "string", + "pDel": "string", + "cookie": "string", + "loadCookies": "string", + "dropSetCookie": "boolean", + "agent": "string", + "randomAgent": "boolean", + "rParam": "string", + "forceSSL": "boolean", + "host": "string", + "referer": "string", + "headers": "string", + "aType": "string", + "aCred": "string", + "aCert": "string", + "proxy": "string", + "pCred": "string", + "ignoreProxy": "boolean", + "delay": "float", + "timeout": "float", + "retries": "integer", + "scope": "string", + "safUrl": "string", + "saFreq": "integer", + "skipUrlEncode": "boolean", + "evalCode": "string" + }, - "Optimization": { - "optimize": "boolean", - "predictOutput": "boolean", - "keepAlive": "boolean", - "nullConnection": "boolean", - "threads": "integer" - }, + "Optimization": { + "optimize": "boolean", + "predictOutput": "boolean", + "keepAlive": "boolean", + "nullConnection": "boolean", + "threads": "integer" + }, - "Injection": { - "testParameter": "string", - "dbms": "string", - "os": "string", - "invalidBignum": "boolean", - "invalidLogical": "boolean", - "noCast": "boolean", - "noUnescape": "boolean", - "prefix": "string", - "suffix": "string", - "skip": "string", - "tamper": "string" - }, + "Injection": { + "testParameter": "string", + "dbms": "string", + "os": "string", + "invalidBignum": "boolean", + "invalidLogical": "boolean", + "noCast": "boolean", + "noUnescape": "boolean", + "prefix": "string", + "suffix": "string", + "skip": "string", + "tamper": "string" + }, - "Detection": { - "level": "integer", - "risk": "integer", - "string": "string", - "notString": "string", - "regexp": "string", - "code": "integer", - "textOnly": "boolean", - "titles": "boolean" - }, + "Detection": { + "level": "integer", + "risk": "integer", + "string": "string", + "notString": "string", + "regexp": "string", + "code": "integer", + "textOnly": "boolean", + "titles": "boolean" + }, - "Techniques": { - "tech": "string", - "timeSec": "integer", - "uCols": "string", - "uChar": "string", - "dnsName": "string", - "secondOrder": "string" - }, + "Techniques": { + "tech": "string", + "timeSec": "integer", + "uCols": "string", + "uChar": "string", + "dnsName": "string", + "secondOrder": "string" + }, - "Fingerprint": { - "extensiveFp": "boolean" - }, + "Fingerprint": { + "extensiveFp": "boolean" + }, - "Enumeration": { - "getAll": "boolean", - "getBanner": ("boolean", "Banners"), - "getCurrentUser": ("boolean", "Users"), - "getCurrentDb": ("boolean", "Databases"), - "getHostname": "boolean", - "isDba": "boolean", - "getUsers": ("boolean", "Users"), - "getPasswordHashes": ("boolean", "Passwords"), - "getPrivileges": ("boolean", "Privileges"), - "getRoles": ("boolean", "Roles"), - "getDbs": ("boolean", "Databases"), - "getTables": ("boolean", "Tables"), - "getColumns": ("boolean", "Columns"), - "getSchema": "boolean", - "getCount": "boolean", - "dumpTable": "boolean", - "dumpAll": "boolean", - "search": "boolean", - "db": "string", - "tbl": "string", - "col": "string", - "user": "string", - "excludeSysDbs": "boolean", - "limitStart": "integer", - "limitStop": "integer", - "firstChar": "integer", - "lastChar": "integer", - "query": "string", - "sqlShell": "boolean", - "sqlFile": "string" - }, + "Enumeration": { + "getAll": "boolean", + "getBanner": ("boolean", "Banners"), + "getCurrentUser": ("boolean", "Users"), + "getCurrentDb": ("boolean", "Databases"), + "getHostname": "boolean", + "isDba": "boolean", + "getUsers": ("boolean", "Users"), + "getPasswordHashes": ("boolean", "Passwords"), + "getPrivileges": ("boolean", "Privileges"), + "getRoles": ("boolean", "Roles"), + "getDbs": ("boolean", "Databases"), + "getTables": ("boolean", "Tables"), + "getColumns": ("boolean", "Columns"), + "getSchema": "boolean", + "getCount": "boolean", + "dumpTable": "boolean", + "dumpAll": "boolean", + "search": "boolean", + "db": "string", + "tbl": "string", + "col": "string", + "user": "string", + "excludeSysDbs": "boolean", + "limitStart": "integer", + "limitStop": "integer", + "firstChar": "integer", + "lastChar": "integer", + "query": "string", + "sqlShell": "boolean", + "sqlFile": "string" + }, - "Brute": { - "commonTables": "boolean", - "commonColumns": "boolean" - }, + "Brute": { + "commonTables": "boolean", + "commonColumns": "boolean" + }, - "User-defined function": { - "udfInject": "boolean", - "shLib": "string" - }, + "User-defined function": { + "udfInject": "boolean", + "shLib": "string" + }, - "File system": { - "rFile": "string", - "wFile": "string", - "dFile": "string" - }, + "File system": { + "rFile": "string", + "wFile": "string", + "dFile": "string" + }, - "Takeover": { - "osCmd": "string", - "osShell": "boolean", - "osPwn": "boolean", - "osSmb": "boolean", - "osBof": "boolean", - "privEsc": "boolean", - "msfPath": "string", - "tmpPath": "string" - }, + "Takeover": { + "osCmd": "string", + "osShell": "boolean", + "osPwn": "boolean", + "osSmb": "boolean", + "osBof": "boolean", + "privEsc": "boolean", + "msfPath": "string", + "tmpPath": "string" + }, - "Windows": { - "regRead": "boolean", - "regAdd": "boolean", - "regDel": "boolean", - "regKey": "string", - "regVal": "string", - "regData": "string", - "regType": "string" - }, + "Windows": { + "regRead": "boolean", + "regAdd": "boolean", + "regDel": "boolean", + "regKey": "string", + "regVal": "string", + "regData": "string", + "regType": "string" + }, - "General": { - #"xmlFile": "string", - "trafficFile": "string", - "batch": "boolean", - "charset": "string", - "checkTor": "boolean", - "crawlDepth": "integer", - "csvDel": "string", - "dbmsCred": "string", - "dumpFormat": "string", - "eta": "boolean", - "flushSession": "boolean", - "forms": "boolean", - "freshQueries": "boolean", - "hexConvert": "boolean", - "oDir": "string", - "parseErrors": "boolean", - "updateAll": "boolean", - "tor": "boolean", - "torPort": "integer", - "torType": "string", - }, + "General": { + #"xmlFile": "string", + "trafficFile": "string", + "batch": "boolean", + "charset": "string", + "checkTor": "boolean", + "crawlDepth": "integer", + "csvDel": "string", + "dbmsCred": "string", + "dumpFormat": "string", + "eta": "boolean", + "flushSession": "boolean", + "forms": "boolean", + "freshQueries": "boolean", + "hexConvert": "boolean", + "oDir": "string", + "parseErrors": "boolean", + "updateAll": "boolean", + "tor": "boolean", + "torPort": "integer", + "torType": "string", + }, - "Miscellaneous": { - "mnemonics": "string", - "answers": "string", - "checkPayload": "boolean", - "cleanup": "boolean", - "dependencies": "boolean", - "disableColoring": "boolean", - "googlePage": "integer", - "mobile": "boolean", - "pageRank": "boolean", - "smart": "boolean", - "testFilter": "string", - "wizard": "boolean", - "verbose": "integer" - }, - } + "Miscellaneous": { + "mnemonics": "string", + "answers": "string", + "checkPayload": "boolean", + "cleanup": "boolean", + "dependencies": "boolean", + "disableColoring": "boolean", + "googlePage": "integer", + "mobile": "boolean", + "pageRank": "boolean", + "smart": "boolean", + "testFilter": "string", + "wizard": "boolean", + "verbose": "integer" + }, +} diff --git a/lib/core/progress.py b/lib/core/progress.py index 853f74e94..54dd46c5b 100644 --- a/lib/core/progress.py +++ b/lib/core/progress.py @@ -25,9 +25,8 @@ class ProgressBar: self.update() def __convertSeconds(self, value): - seconds = value - minutes = seconds / 60 - seconds = seconds - (minutes * 60) + minutes = value / 60 + seconds = value - (minutes * 60) return "%.2d:%.2d" % (minutes, seconds) diff --git a/lib/core/readlineng.py b/lib/core/readlineng.py index c1e07822a..19d04d181 100644 --- a/lib/core/readlineng.py +++ b/lib/core/readlineng.py @@ -6,8 +6,7 @@ See the file 'doc/COPYING' for copying permission """ from lib.core.data import logger -from lib.core.settings import IS_WIN -from lib.core.settings import PLATFORM +from lib.core.settings import IS_WIN, PLATFORM _readline = None diff --git a/lib/core/replication.py b/lib/core/replication.py index 30e4ecbf9..40da63ec5 100644 --- a/lib/core/replication.py +++ b/lib/core/replication.py @@ -9,9 +9,7 @@ import sqlite3 from extra.safe2bin.safe2bin import safechardecode from lib.core.common import unsafeSQLIdentificatorNaming -from lib.core.exception import sqlmapGenericException -from lib.core.exception import sqlmapMissingDependence -from lib.core.exception import sqlmapValueException +from lib.core.exception import sqlmapGenericException, sqlmapValueException class Replication: """ diff --git a/lib/core/revision.py b/lib/core/revision.py index 8e816939c..f601d9dbf 100644 --- a/lib/core/revision.py +++ b/lib/core/revision.py @@ -8,8 +8,7 @@ See the file 'doc/COPYING' for copying permission import os import re -from subprocess import PIPE -from subprocess import Popen as execute +from subprocess import PIPE, Popen as execute def getRevisionNumber(): """ diff --git a/lib/core/session.py b/lib/core/session.py index 9ad0387df..230dc7d2d 100644 --- a/lib/core/session.py +++ b/lib/core/session.py @@ -7,21 +7,10 @@ See the file 'doc/COPYING' for copying permission import re -from lib.core.common import Backend -from lib.core.common import Format -from lib.core.common import hashDBWrite -from lib.core.common import intersect -from lib.core.common import readInput -from lib.core.common import singleTimeWarnMessage -from lib.core.convert import base64pickle -from lib.core.convert import base64unpickle -from lib.core.data import conf -from lib.core.data import kb -from lib.core.data import logger -from lib.core.enums import HASHDB_KEYS -from lib.core.enums import OS +from lib.core.common import Backend, Format, hashDBWrite +from lib.core.data import kb, logger +from lib.core.enums import HASHDB_KEYS, OS from lib.core.settings import SUPPORTED_DBMS -from lib.core.settings import UNKNOWN_DBMS_VERSION def setDbms(dbms): """ diff --git a/lib/core/settings.py b/lib/core/settings.py index fac3e9b24..bb6de8824 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -16,7 +16,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME from lib.core.revision import getRevisionNumber # sqlmap version and site -VERSION = "1.0-dev" +VERSION = "1.0-dev" #TODO: Move to read from file REVISION = getRevisionNumber() VERSION_STRING = "sqlmap/%s%s" % (VERSION, "-%s" % REVISION if REVISION else "") DESCRIPTION = "automatic SQL injection and database takeover tool" @@ -136,14 +136,17 @@ MYSQL_SYSTEM_DBS = ( "information_schema", "mysql" ) # Before PGSQL_SYSTEM_DBS = ( "information_schema", "pg_catalog", "pg_toast" ) ORACLE_SYSTEM_DBS = ( "SYSTEM", "SYSAUX", "SYS" ) # These are TABLESPACE_NAME SQLITE_SYSTEM_DBS = ( "sqlite_master", "sqlite_temp_master" ) -ACCESS_SYSTEM_DBS = ( "MSysAccessObjects", "MSysACEs", "MSysObjects", "MSysQueries", "MSysRelationships", "MSysAccessStorage",\ - "MSysAccessXML", "MSysModules", "MSysModules2" ) -FIREBIRD_SYSTEM_DBS = ( "RDB$BACKUP_HISTORY", "RDB$CHARACTER_SETS", "RDB$CHECK_CONSTRAINTS", "RDB$COLLATIONS", "RDB$DATABASE",\ - "RDB$DEPENDENCIES", "RDB$EXCEPTIONS", "RDB$FIELDS", "RDB$FIELD_DIMENSIONS", " RDB$FILES", "RDB$FILTERS",\ - "RDB$FORMATS", "RDB$FUNCTIONS", "RDB$FUNCTION_ARGUMENTS", "RDB$GENERATORS", "RDB$INDEX_SEGMENTS", "RDB$INDICES",\ - "RDB$LOG_FILES", "RDB$PAGES", "RDB$PROCEDURES", "RDB$PROCEDURE_PARAMETERS", "RDB$REF_CONSTRAINTS", "RDB$RELATIONS",\ - "RDB$RELATION_CONSTRAINTS", "RDB$RELATION_FIELDS", "RDB$ROLES", "RDB$SECURITY_CLASSES", "RDB$TRANSACTIONS", "RDB$TRIGGERS",\ - "RDB$TRIGGER_MESSAGES", "RDB$TYPES", "RDB$USER_PRIVILEGES", "RDB$VIEW_RELATIONS" ) +ACCESS_SYSTEM_DBS = ( +"MSysAccessObjects", "MSysACEs", "MSysObjects", "MSysQueries", "MSysRelationships", "MSysAccessStorage",\ +"MSysAccessXML", "MSysModules", "MSysModules2" ) +FIREBIRD_SYSTEM_DBS = ( +"RDB$BACKUP_HISTORY", "RDB$CHARACTER_SETS", "RDB$CHECK_CONSTRAINTS", "RDB$COLLATIONS", "RDB$DATABASE",\ +"RDB$DEPENDENCIES", "RDB$EXCEPTIONS", "RDB$FIELDS", "RDB$FIELD_DIMENSIONS", " RDB$FILES", "RDB$FILTERS",\ +"RDB$FORMATS", "RDB$FUNCTIONS", "RDB$FUNCTION_ARGUMENTS", "RDB$GENERATORS", "RDB$INDEX_SEGMENTS", "RDB$INDICES",\ +"RDB$LOG_FILES", "RDB$PAGES", "RDB$PROCEDURES", "RDB$PROCEDURE_PARAMETERS", "RDB$REF_CONSTRAINTS", "RDB$RELATIONS",\ +"RDB$RELATION_CONSTRAINTS", "RDB$RELATION_FIELDS", "RDB$ROLES", "RDB$SECURITY_CLASSES", "RDB$TRANSACTIONS", +"RDB$TRIGGERS",\ +"RDB$TRIGGER_MESSAGES", "RDB$TYPES", "RDB$USER_PRIVILEGES", "RDB$VIEW_RELATIONS" ) MAXDB_SYSTEM_DBS = ( "SYSINFO", "DOMAIN" ) SYBASE_SYSTEM_DBS = ( "master", "model", "sybsystemdb", "sybsystemprocs" ) DB2_SYSTEM_DBS = ( "NULLID", "SQLJ", "SYSCAT", "SYSFUN", "SYSIBM", "SYSIBMADM", "SYSIBMINTERNAL", "SYSIBMTS",\ @@ -160,7 +163,8 @@ MAXDB_ALIASES = ( "maxdb", "sap maxdb", "sap db" ) SYBASE_ALIASES = ( "sybase", "sybase sql server" ) DB2_ALIASES = ( "db2", "ibm db2", "ibmdb2" ) -DBMS_DIRECTORY_DICT = dict((getattr(DBMS, _), getattr(DBMS_DIRECTORY_NAME, _)) for _ in dir(DBMS) if not _.startswith("_")) +DBMS_DIRECTORY_DICT = dict( + (getattr(DBMS, _), getattr(DBMS_DIRECTORY_NAME, _)) for _ in dir(DBMS) if not _.startswith("_")) SUPPORTED_DBMS = MSSQL_ALIASES + MYSQL_ALIASES + PGSQL_ALIASES + ORACLE_ALIASES + SQLITE_ALIASES + ACCESS_ALIASES + FIREBIRD_ALIASES + MAXDB_ALIASES + SYBASE_ALIASES + DB2_ALIASES SUPPORTED_OS = ( "linux", "windows" ) @@ -171,38 +175,38 @@ HOST_ALIASES = ( "host", ) # Items displayed in basic help (-h) output BASIC_HELP_ITEMS = ( - "url", - "googleDork", - "data", - "cookie", - "randomAgent", - "proxy", - "testParameter", - "dbms", - "level", - "risk", - "tech", - "getAll", - "getBanner", - "getCurrentUser", - "getCurrentDb", - "getPasswordHashes", - "getTables", - "getColumns", - "getSchema", - "dumpTable", - "dumpAll", - "db", - "tbl", - "col", - "osShell", - "osPwn", - "batch", - "checkTor", - "flushSession", - "tor", - "wizard" - ) + "url", + "googleDork", + "data", + "cookie", + "randomAgent", + "proxy", + "testParameter", + "dbms", + "level", + "risk", + "tech", + "getAll", + "getBanner", + "getCurrentUser", + "getCurrentDb", + "getPasswordHashes", + "getTables", + "getColumns", + "getSchema", + "dumpTable", + "dumpAll", + "db", + "tbl", + "col", + "osShell", + "osPwn", + "batch", + "checkTor", + "flushSession", + "tor", + "wizard" + ) # String representation for NULL value NULL = "NULL" @@ -215,11 +219,11 @@ CURRENT_DB = "CD" # Regular expressions used for parsing error messages (--parse-errors) ERROR_PARSING_REGEXES = ( - r"[^<]*(fatal|error|warning|exception)[^<]*:?\s*(?P.+?)", - r"(?m)^(fatal|error|warning|exception):?\s*(?P.+?)$", - r"
  • Error Type:
    (?P.+?)
  • ", - r"error '[0-9a-f]{8}'((<[^>]+>)|\s)+(?P[^<>]+)" - ) + r"[^<]*(fatal|error|warning|exception)[^<]*:?\s*(?P.+?)", + r"(?m)^(fatal|error|warning|exception):?\s*(?P.+?)$", + r"
  • Error Type:
    (?P.+?)
  • ", + r"error '[0-9a-f]{8}'((<[^>]+>)|\s)+(?P[^<>]+)" + ) # Regular expression used for parsing charset info from meta html headers META_CHARSET_REGEX = r'(?si).*]+charset=(?P[^">]+).*' @@ -231,7 +235,9 @@ META_REFRESH_REGEX = r'(?si).*]+content="?[ EMPTY_FORM_FIELDS_REGEX = r'(&|\A)(?P[^=]+=(&|\Z))' # Reference: http://www.cs.ru.nl/bachelorscripties/2010/Martin_Devillers___0437999___Analyzing_password_strength.pdf -COMMON_PASSWORD_SUFFIXES = ("1", "123", "2", "12", "3", "13", "7", "11", "5", "22", "23", "01", "4", "07", "21", "14", "10", "06", "08", "8", "15", "69", "16", "6", "18") +COMMON_PASSWORD_SUFFIXES = ( +"1", "123", "2", "12", "3", "13", "7", "11", "5", "22", "23", "01", "4", "07", "21", "14", "10", "06", "08", "8", "15", +"69", "16", "6", "18") # Reference: http://www.the-interweb.com/serendipity/index.php?/archives/94-A-brief-analysis-of-40,000-leaked-MySpace-passwords.html COMMON_PASSWORD_SUFFIXES += ("!", ".", "*", "!!", "?", ";", "..", "!!!", ",", "@") @@ -279,7 +285,9 @@ MYSQL_ERROR_CHUNK_LENGTH = 50 MSSQL_ERROR_CHUNK_LENGTH = 100 # Do not unescape the injected statement if it contains any of the following SQL words -EXCLUDE_UNESCAPE = ("WAITFOR DELAY ", " INTO DUMPFILE ", " INTO OUTFILE ", "CREATE ", "BULK ", "EXEC ", "RECONFIGURE ", "DECLARE ", "'%s'" % CHAR_INFERENCE_MARK) +EXCLUDE_UNESCAPE = ( +"WAITFOR DELAY ", " INTO DUMPFILE ", " INTO OUTFILE ", "CREATE ", "BULK ", "EXEC ", "RECONFIGURE ", "DECLARE ", +"'%s'" % CHAR_INFERENCE_MARK) # Mark used for replacement of reflected values REFLECTED_VALUE_MARKER = "__REFLECTED_VALUE__" @@ -312,7 +320,9 @@ MAX_INT = sys.maxint DEPRECATED_OPTIONS = ("--replicate",) # Parameters to be ignored in detection phase (upper case) -IGNORE_PARAMETERS = ("__VIEWSTATE", "__VIEWSTATEENCRYPTED", "__EVENTARGUMENT", "__EVENTTARGET", "__EVENTVALIDATION", "ASPSESSIONID", "ASP.NET_SESSIONID", "JSESSIONID", "CFID", "CFTOKEN") +IGNORE_PARAMETERS = ( +"__VIEWSTATE", "__VIEWSTATEENCRYPTED", "__EVENTARGUMENT", "__EVENTTARGET", "__EVENTVALIDATION", "ASPSESSIONID", +"ASP.NET_SESSIONID", "JSESSIONID", "CFID", "CFTOKEN") # Regular expression used for recognition of ASP.NET control parameters ASP_NET_CONTROL_REGEX = r"(?i)\Actl\d+\$" @@ -343,7 +353,9 @@ LOW_TEXT_PERCENT = 20 # These MySQL keywords can't go (alone) into versioned comment form (/*!...*/) # Reference: http://dev.mysql.com/doc/refman/5.1/en/function-resolution.html -IGNORE_SPACE_AFFECTED_KEYWORDS = ("CAST", "COUNT", "EXTRACT", "GROUP_CONCAT", "MAX", "MID", "MIN", "SESSION_USER", "SUBSTR", "SUBSTRING", "SUM", "SYSTEM_USER", "TRIM") +IGNORE_SPACE_AFFECTED_KEYWORDS = ( +"CAST", "COUNT", "EXTRACT", "GROUP_CONCAT", "MAX", "MID", "MIN", "SESSION_USER", "SUBSTR", "SUBSTRING", "SUM", +"SYSTEM_USER", "TRIM") LEGAL_DISCLAIMER = "Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program" @@ -363,7 +375,9 @@ DUMMY_SQL_INJECTION_CHARS = ";()'" DUMMY_USER_INJECTION = r"(?i)[^\w](AND|OR)\s+[^\s]+[=><]" # Extensions skipped by crawler -CRAWL_EXCLUDE_EXTENSIONS = ("gif","jpg","jar","tif","bmp","war","ear","mpg","wmv","mpeg","scm","iso","dmp","dll","cab","so","avi","bin","exe","iso","tar","png","pdf","ps","mp3","zip","rar","gz") +CRAWL_EXCLUDE_EXTENSIONS = ( +"gif", "jpg", "jar", "tif", "bmp", "war", "ear", "mpg", "wmv", "mpeg", "scm", "iso", "dmp", "dll", "cab", "so", "avi", +"bin", "exe", "iso", "tar", "png", "pdf", "ps", "mp3", "zip", "rar", "gz") # Template used for common table existence check BRUTE_TABLE_EXISTS_TEMPLATE = "EXISTS(SELECT %d FROM %s)" @@ -402,7 +416,9 @@ UNION_CHAR_REGEX = r'\A\w+\Z' UNENCODED_ORIGINAL_VALUE = 'original' # Common column names containing usernames (used for hash cracking in some cases) -COMMON_USER_COLUMNS = ('user', 'username', 'user_name', 'benutzername', 'benutzer', 'utilisateur', 'usager', 'consommateur', 'utente', 'utilizzatore', 'usufrutuario', 'korisnik', 'usuario', 'consumidor') +COMMON_USER_COLUMNS = ( +'user', 'username', 'user_name', 'benutzername', 'benutzer', 'utilisateur', 'usager', 'consommateur', 'utente', +'utilizzatore', 'usufrutuario', 'korisnik', 'usuario', 'consumidor') # Default delimiter in GET/POST values DEFAULT_GET_POST_DELIMITER = '&' @@ -420,7 +436,7 @@ HASHDB_FLUSH_RETRIES = 3 HASHDB_MILESTONE_VALUE = "cAWxkLYCQT" # r5129 "".join(random.sample(string.letters, 10)) # Warn user of possible delay due to large page dump in full UNION query injections -LARGE_OUTPUT_THRESHOLD = 1024**2 +LARGE_OUTPUT_THRESHOLD = 1024 ** 2 # On huge tables there is a considerable slowdown if every row retrieval requires ORDER BY (most noticable in table dumping using ERROR injections) SLOW_ORDER_COUNT_THRESHOLD = 10000 @@ -471,7 +487,8 @@ GENERIC_DOC_ROOT_DIRECTORY_NAMES = ("htdocs", "wwwroot", "www") MAX_HELP_OPTION_LENGTH = 18 # Strings for detecting formatting errors -FORMAT_EXCEPTION_STRINGS = ("Type mismatch", "Error converting", "Failed to convert", "System.FormatException", "java.lang.NumberFormatException") +FORMAT_EXCEPTION_STRINGS = ( +"Type mismatch", "Error converting", "Failed to convert", "System.FormatException", "java.lang.NumberFormatException") # Regular expression used for extracting ASP.NET view state values VIEWSTATE_REGEX = r'(?i)(?P__VIEWSTATE[^"]*)[^>]+value="(?P[^"]+)' diff --git a/lib/core/shell.py b/lib/core/shell.py index f287a2f12..3dcd53bc0 100644 --- a/lib/core/shell.py +++ b/lib/core/shell.py @@ -11,8 +11,7 @@ import rlcompleter from lib.core import readlineng as readline from lib.core.common import Backend -from lib.core.data import logger -from lib.core.data import paths +from lib.core.data import logger, paths from lib.core.enums import OS def saveHistory(): diff --git a/lib/core/target.py b/lib/core/target.py index 179eb3f76..e9b5ed650 100644 --- a/lib/core/target.py +++ b/lib/core/target.py @@ -5,7 +5,6 @@ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ -import binascii import codecs import os import re @@ -13,47 +12,18 @@ import tempfile import time import urlparse -from lib.core.common import Backend -from lib.core.common import hashDBRetrieve -from lib.core.common import intersect -from lib.core.common import paramToDict -from lib.core.common import readInput -from lib.core.common import resetCookieJar -from lib.core.common import urldecode -from lib.core.data import cmdLineOptions -from lib.core.data import conf -from lib.core.data import kb -from lib.core.data import logger -from lib.core.data import paths +from lib.core.common import Backend, hashDBRetrieve, intersect, paramToDict, readInput, resetCookieJar, urldecode +from lib.core.data import cmdLineOptions, conf, kb, logger, paths from lib.core.dicts import DBMS_DICT from lib.core.dump import dumper -from lib.core.enums import HASHDB_KEYS -from lib.core.enums import HTTPHEADER -from lib.core.enums import HTTPMETHOD -from lib.core.enums import PLACE -from lib.core.enums import POST_HINT -from lib.core.exception import sqlmapFilePathException -from lib.core.exception import sqlmapGenericException -from lib.core.exception import sqlmapMissingPrivileges -from lib.core.exception import sqlmapSyntaxException -from lib.core.exception import sqlmapUserQuitException -from lib.core.option import authHandler -from lib.core.option import __setDBMS -from lib.core.option import __setKnowledgeBaseAttributes -from lib.core.option import __setAuthCred -from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR -from lib.core.settings import HOST_ALIASES -from lib.core.settings import JSON_RECOGNITION_REGEX -from lib.core.settings import MULTIPART_RECOGNITION_REGEX -from lib.core.settings import REFERER_ALIASES -from lib.core.settings import RESULTS_FILE_FORMAT -from lib.core.settings import SOAP_RECOGNITION_REGEX -from lib.core.settings import SUPPORTED_DBMS -from lib.core.settings import UNENCODED_ORIGINAL_VALUE -from lib.core.settings import UNICODE_ENCODING -from lib.core.settings import UNKNOWN_DBMS_VERSION -from lib.core.settings import URI_INJECTABLE_REGEX -from lib.core.settings import USER_AGENT_ALIASES +from lib.core.enums import HASHDB_KEYS, HTTPHEADER, HTTPMETHOD, PLACE, POST_HINT +from lib.core.exception import sqlmapFilePathException, sqlmapGenericException, sqlmapMissingPrivileges,\ + sqlmapSyntaxException, sqlmapUserQuitException + +from lib.core.option import __setDBMS, __setKnowledgeBaseAttributes, __setAuthCred +from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR, HOST_ALIASES, JSON_RECOGNITION_REGEX,\ + MULTIPART_RECOGNITION_REGEX, REFERER_ALIASES, RESULTS_FILE_FORMAT, SOAP_RECOGNITION_REGEX,\ + SUPPORTED_DBMS, UNICODE_ENCODING, UNKNOWN_DBMS_VERSION, URI_INJECTABLE_REGEX, USER_AGENT_ALIASES from lib.utils.hashdb import HashDB from lib.core.xmldump import dumper as xmldumper from thirdparty.odict.odict import OrderedDict diff --git a/lib/core/testing.py b/lib/core/testing.py index 3f72eead9..b08926e31 100644 --- a/lib/core/testing.py +++ b/lib/core/testing.py @@ -14,15 +14,9 @@ import tempfile import time from lib.controller.controller import start -from lib.core.common import beep -from lib.core.common import clearConsoleLine -from lib.core.common import dataToStdout -from lib.core.common import readXmlFile -from lib.core.data import conf -from lib.core.data import logger -from lib.core.data import paths -from lib.core.option import init -from lib.core.option import __setVerbosity +from lib.core.common import beep, clearConsoleLine, dataToStdout, readXmlFile +from lib.core.data import conf, logger, paths +from lib.core.option import init, __setVerbosity from lib.core.optiondict import optDict from lib.parse.cmdline import cmdLineParser diff --git a/lib/core/threads.py b/lib/core/threads.py index 88a35109a..505d3fa73 100644 --- a/lib/core/threads.py +++ b/lib/core/threads.py @@ -12,16 +12,11 @@ import traceback from thread import error as threadError -from lib.core.data import conf -from lib.core.data import kb -from lib.core.data import logger +from lib.core.data import conf, kb, logger from lib.core.datatype import AttribDict from lib.core.enums import PAYLOAD -from lib.core.exception import sqlmapConnectionException -from lib.core.exception import sqlmapThreadException -from lib.core.exception import sqlmapValueException -from lib.core.settings import MAX_NUMBER_OF_THREADS -from lib.core.settings import PYVERSION +from lib.core.exception import sqlmapConnectionException, sqlmapThreadException, sqlmapValueException +from lib.core.settings import MAX_NUMBER_OF_THREADS, PYVERSION shared = AttribDict() diff --git a/lib/core/unescaper.py b/lib/core/unescaper.py index 922e7d4b4..01112e8f1 100644 --- a/lib/core/unescaper.py +++ b/lib/core/unescaper.py @@ -7,7 +7,6 @@ See the file 'doc/COPYING' for copying permission from lib.core.common import Backend from lib.core.data import conf -from lib.core.data import kb from lib.core.datatype import AttribDict from lib.core.settings import EXCLUDE_UNESCAPE diff --git a/lib/core/update.py b/lib/core/update.py index e929add3e..a3cc98e42 100644 --- a/lib/core/update.py +++ b/lib/core/update.py @@ -9,19 +9,14 @@ import os import re import time -from subprocess import PIPE -from subprocess import Popen as execute +from subprocess import PIPE, Popen as execute from lib.core.common import dataToStdout -from lib.core.common import getUnicode from lib.core.data import conf from lib.core.data import logger from lib.core.data import paths from lib.core.revision import getRevisionNumber -from lib.core.settings import GIT_REPOSITORY -from lib.core.settings import IS_WIN -from lib.core.settings import REVISION -from lib.core.settings import UNICODE_ENCODING +from lib.core.settings import GIT_REPOSITORY, IS_WIN from lib.core.subprocessng import pollProcess def update(): diff --git a/lib/core/xmldump.py b/lib/core/xmldump.py index 14e86ab33..cba104ef2 100644 --- a/lib/core/xmldump.py +++ b/lib/core/xmldump.py @@ -8,9 +8,7 @@ import xml import xml.sax.saxutils as saxutils from lib.core.common import getUnicode -from lib.core.data import conf -from lib.core.data import kb -from lib.core.data import logger +from lib.core.data import conf, kb, logger from lib.core.exception import sqlmapFilePathException from lib.core.settings import UNICODE_ENCODING from thirdparty.prettyprint import prettyprint @@ -32,7 +30,7 @@ DB_TABLE_ELEM_NAME = "DBTable" IS_DBA_ELEM_NAME = "isDBA" FILE_CONTENT_ELEM_NAME = "FileContent" DB_ATTR = "db" -UNKNOWN_COLUMN_TYPE= "unknown" +UNKNOWN_COLUMN_TYPE = "unknown" USER_SETTINGS_ELEM_NAME = "UserSettings" USER_SETTING_ELEM_NAME = "UserSetting" USERS_ELEM_NAME = "Users" @@ -72,7 +70,7 @@ XMLNS_ATTR = "xmlns:xsi" SCHEME_NAME = "sqlmap.xsd" SCHEME_NAME_ATTR = "xsi:noNamespaceSchemaLocation" CHARACTERS_TO_ENCODE = range(32) + range(127, 256) -ENTITIES = {'"':'"',"'":"'"} +ENTITIES = {'"': '"', "'": "'"} class XMLDump: ''' @@ -86,7 +84,7 @@ class XMLDump: self.__root = None self.__doc = Document() - def __addToRoot(self,element): + def __addToRoot(self, element): ''' Adds element to the root element ''' @@ -105,36 +103,36 @@ class XMLDump: kb.dataOutputFlag = True - def __getRootChild(self,elemName): + def __getRootChild(self, elemName): ''' Returns the child of the root with the described name ''' elements = self.__root.getElementsByTagName(elemName) - if elements : + if elements: return elements[0] return elements - def __createTextNode(self,data): + def __createTextNode(self, data): ''' Creates a text node with utf8 data inside. The text is escaped to an fit the xml text Format. ''' - if data is None : + if data is None: return self.__doc.createTextNode(u'') - else : + else: escaped_data = saxutils.escape(data, ENTITIES) return self.__doc.createTextNode(escaped_data) - def __createAttribute(self,attrName,attrValue): + def __createAttribute(self, attrName, attrValue): ''' Creates an attribute node with utf8 data inside. The text is escaped to an fit the xml text Format. ''' attr = self.__doc.createAttribute(attrName) - if attrValue is None : + if attrValue is None: attr.nodeValue = u'' - else : + else: attr.nodeValue = getUnicode(attrValue) return attr @@ -153,7 +151,7 @@ class XMLDump: if data: data = self.__formatString(data) - else : + else: data = "" elem = self.__doc.createElement(MESSAGE_ELEM) @@ -168,7 +166,6 @@ class XMLDump: lstElem = self.__doc.createElement(LST_ELEM_NAME) lstElem.setAttributeNode(self.__createAttribute(TYPE_ATTR, header)) if elements: - if sort: try: elements = set(elements) @@ -185,7 +182,7 @@ class XMLDump: memberElem.appendChild(self.__createTextNode(element)) elif isinstance(element, (list, tuple, set)): memberElem.setAttributeNode(self.__createAttribute(TYPE_ATTR, "list")) - for e in element : + for e in element: memberElemStr = self.__doc.createElement(MEMBER_ELEM) memberElemStr.setAttributeNode(self.__createAttribute(TYPE_ATTR, "string")) memberElemStr.appendChild(self.__createTextNode(getUnicode(e))) @@ -196,7 +193,7 @@ class XMLDump: self.__addToRoot(listsElem) listsElem.appendChild(lstElem) - def technic(self,technicType,data): + def technic(self, technicType, data): ''' Adds information about the technic used to extract data from the db ''' @@ -210,7 +207,7 @@ class XMLDump: self.__addToRoot(technicsElem) technicsElem.appendChild(technicElem) - def banner(self,data): + def banner(self, data): ''' Adds information about the database banner to the xml. The banner contains information about the type and the version of the database. @@ -219,7 +216,7 @@ class XMLDump: bannerElem.appendChild(self.__createTextNode(data)) self.__addToRoot(bannerElem) - def currentUser(self,data): + def currentUser(self, data): ''' Adds information about the current database user to the xml ''' @@ -228,7 +225,7 @@ class XMLDump: currentUserElem.appendChild(textNode) self.__addToRoot(currentUserElem) - def currentDb(self,data): + def currentDb(self, data): ''' Adds information about the current database is use to the xml ''' @@ -237,7 +234,7 @@ class XMLDump: currentDBElem.appendChild(textNode) self.__addToRoot(currentDBElem) - def dba(self,isDBA): + def dba(self, isDBA): ''' Adds information to the xml that indicates whether the user has DBA privileges ''' @@ -245,7 +242,7 @@ class XMLDump: isDBAElem.setAttributeNode(self.__createAttribute(VALUE_ATTR, getUnicode(isDBA))) self.__addToRoot(isDBAElem) - def users(self,users): + def users(self, users): ''' Adds a list of the existing users to the xml ''' @@ -325,7 +322,7 @@ class XMLDump: for db, tables in dbTables.items(): tables.sort(key=lambda x: x.lower()) dbElem = self.__doc.createElement(DATABASE_ELEM_NAME) - dbElem.setAttributeNode(self.__createAttribute(NAME_ATTR,db)) + dbElem.setAttributeNode(self.__createAttribute(NAME_ATTR, db)) dbTablesElem.appendChild(dbElem) for table in tables: tableElem = self.__doc.createElement(DB_TABLE_ELEM_NAME) @@ -361,7 +358,7 @@ class XMLDump: colElem = self.__doc.createElement(COLUMN_ELEM_NAME) if colType is not None: colElem.setAttributeNode(self.__createAttribute(TYPE_ATTR, colType)) - else : + else: colElem.setAttributeNode(self.__createAttribute(TYPE_ATTR, UNKNOWN_COLUMN_TYPE)) colElem.appendChild(self.__createTextNode(column)) tableElem.appendChild(colElem) @@ -426,16 +423,16 @@ class XMLDump: if tbl in printDbs[db]: printDbs[db][tbl][col] = dataType else: - printDbs[db][tbl] = { col: dataType } + printDbs[db][tbl] = {col: dataType} else: printDbs[db] = {} - printDbs[db][tbl] = { col: dataType } + printDbs[db][tbl] = {col: dataType} continue self.dbTableColumns(printDbs) - def query(self,query,queryRes): + def query(self, query, queryRes): ''' Adds details of an executed query to the xml. The query details are the query itself and it's results. @@ -449,7 +446,7 @@ class XMLDump: self.__addToRoot(queriesElem) queriesElem.appendChild(queryElem) - def registerValue(self,registerData): + def registerValue(self, registerData): ''' Adds information about an extracted registry key to the xml ''' @@ -474,8 +471,8 @@ class XMLDump: ''' Initiates the xml file from the configuration. ''' - if (conf.xmlFile) : - try : + if (conf.xmlFile): + try: self.__outputFile = conf.xmlFile self.__root = None @@ -490,8 +487,8 @@ class XMLDump: if self.__root is None: self.__root = self.__doc.createElementNS(NAME_SPACE_ATTR, RESULTS_ELEM_NAME) - self.__root.setAttributeNode(self.__createAttribute(XMLNS_ATTR,NAME_SPACE_ATTR)) - self.__root.setAttributeNode(self.__createAttribute(SCHEME_NAME_ATTR,SCHEME_NAME)) + self.__root.setAttributeNode(self.__createAttribute(XMLNS_ATTR, NAME_SPACE_ATTR)) + self.__root.setAttributeNode(self.__createAttribute(SCHEME_NAME_ATTR, SCHEME_NAME)) self.__doc.appendChild(self.__root) except IOError: raise sqlmapFilePathException("Wrong filename provided for saving the xml file: %s" % conf.xmlFile) @@ -508,7 +505,7 @@ class XMLDump: ''' if ((self.__outputFP is not None) and not(self.__outputFP.closed)): statusElem = self.__doc.createElement(STATUS_ELEM_NAME) - statusElem.setAttributeNode(self.__createAttribute(SUCESS_ATTR,getUnicode(resultStatus))) + statusElem.setAttributeNode(self.__createAttribute(SUCESS_ATTR, getUnicode(resultStatus))) if not resultStatus: errorElem = self.__doc.createElement(ERROR_ELEM_NAME) @@ -525,6 +522,7 @@ class XMLDump: self.__write(prettyprint.formatXML(self.__doc, encoding=UNICODE_ENCODING)) self.__outputFP.close() + def closeDumper(status, msg=""): """ Closes the dumper of the session diff --git a/lib/parse/__init__.py b/lib/parse/__init__.py index 72630d2e8..b04606ac5 100644 --- a/lib/parse/__init__.py +++ b/lib/parse/__init__.py @@ -5,4 +5,3 @@ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ -pass diff --git a/lib/parse/banner.py b/lib/parse/banner.py index 693bd7f34..f1d95d9a8 100644 --- a/lib/parse/banner.py +++ b/lib/parse/banner.py @@ -9,12 +9,8 @@ import re from xml.sax.handler import ContentHandler -from lib.core.common import checkFile -from lib.core.common import Backend -from lib.core.common import parseXmlFile -from lib.core.common import sanitizeStr -from lib.core.data import kb -from lib.core.data import paths +from lib.core.common import checkFile, Backend, parseXmlFile, sanitizeStr +from lib.core.data import kb, paths from lib.core.enums import DBMS from lib.parse.handler import FingerprintHandler diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index ac1759d4d..5874bed05 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -7,674 +7,666 @@ See the file 'doc/COPYING' for copying permission import sys -from optparse import OptionError -from optparse import OptionGroup -from optparse import OptionParser -from optparse import SUPPRESS_HELP +from optparse import OptionError, OptionGroup, OptionParser, SUPPRESS_HELP -from lib.core.common import checkDeprecatedOptions -from lib.core.common import expandMnemonics -from lib.core.common import getUnicode +from lib.core.common import checkDeprecatedOptions, expandMnemonics, getUnicode from lib.core.data import logger from lib.core.defaults import defaults -from lib.core.settings import BASIC_HELP_ITEMS -from lib.core.settings import IS_WIN -from lib.core.settings import MAX_HELP_OPTION_LENGTH -from lib.core.settings import VERSION_STRING +from lib.core.settings import BASIC_HELP_ITEMS, IS_WIN, MAX_HELP_OPTION_LENGTH def cmdLineParser(): """ This function parses the command line parameters and arguments """ - usage = "%s%s [options]" % ("python " if not IS_WIN else "", \ - "\"%s\"" % sys.argv[0] if " " in sys.argv[0] else sys.argv[0]) + usage = "%s%s [options]" % ("python " if not IS_WIN else "",\ + "\"%s\"" % sys.argv[0] if " " in sys.argv[0] else sys.argv[0]) parser = OptionParser(usage=usage) try: parser.add_option("--hh", dest="advancedHelp", - action="store_true", - help="Show advanced help message and exit") + action="store_true", + help="Show advanced help message and exit") parser.add_option("-v", dest="verbose", type="int", - help="Verbosity level: 0-6 (default %d)" % defaults.verbose) + help="Verbosity level: 0-6 (default %d)" % defaults.verbose) # Target options target = OptionGroup(parser, "Target", "At least one of these " - "options has to be specified to set the source " - "to get target urls from") + "options has to be specified to set the source " + "to get target urls from") target.add_option("-d", dest="direct", help="Direct " - "connection to the database") + "connection to the database") target.add_option("-u", "--url", dest="url", help="Target url") target.add_option("-l", dest="logFile", help="Parse targets from Burp " - "or WebScarab proxy logs") + "or WebScarab proxy logs") target.add_option("-m", dest="bulkFile", help="Scan multiple targets enlisted " - "in a given textual file ") + "in a given textual file ") target.add_option("-r", dest="requestFile", - help="Load HTTP request from a file") + help="Load HTTP request from a file") target.add_option("-s", dest="sessionFile", - help="Load session from a stored (.sqlite) file") + help="Load session from a stored (.sqlite) file") target.add_option("-g", dest="googleDork", - help="Process Google dork results as target urls") + help="Process Google dork results as target urls") target.add_option("-c", dest="configFile", - help="Load options from a configuration INI file") + help="Load options from a configuration INI file") # Request options request = OptionGroup(parser, "Request", "These options can be used " - "to specify how to connect to the target url") + "to specify how to connect to the target url") request.add_option("--data", dest="data", - help="Data string to be sent through POST") + help="Data string to be sent through POST") request.add_option("--param-del", dest="pDel", - help="Character used for splitting parameter values") + help="Character used for splitting parameter values") request.add_option("--cookie", dest="cookie", - help="HTTP Cookie header") + help="HTTP Cookie header") request.add_option("--load-cookies", dest="loadCookies", - help="File containing cookies in Netscape/wget format") + help="File containing cookies in Netscape/wget format") request.add_option("--drop-set-cookie", dest="dropSetCookie", - action="store_true", - help="Ignore Set-Cookie header from response") + action="store_true", + help="Ignore Set-Cookie header from response") request.add_option("--user-agent", dest="agent", - help="HTTP User-Agent header") + help="HTTP User-Agent header") request.add_option("--random-agent", dest="randomAgent", - action="store_true", - help="Use randomly selected HTTP User-Agent header") + action="store_true", + help="Use randomly selected HTTP User-Agent header") request.add_option("--randomize", dest="rParam", - help="Randomly change value for given parameter(s)") + help="Randomly change value for given parameter(s)") request.add_option("--force-ssl", dest="forceSSL", - action="store_true", - help="Force usage of SSL/HTTPS requests") + action="store_true", + help="Force usage of SSL/HTTPS requests") request.add_option("--host", dest="host", - help="HTTP Host header") + help="HTTP Host header") request.add_option("--referer", dest="referer", - help="HTTP Referer header") + help="HTTP Referer header") request.add_option("--headers", dest="headers", - help="Extra headers (e.g. \"Accept-Language: fr\\nETag: 123\")") + help="Extra headers (e.g. \"Accept-Language: fr\\nETag: 123\")") request.add_option("--auth-type", dest="aType", - help="HTTP authentication type " - "(Basic, Digest or NTLM)") + help="HTTP authentication type " + "(Basic, Digest or NTLM)") request.add_option("--auth-cred", dest="aCred", - help="HTTP authentication credentials " - "(name:password)") + help="HTTP authentication credentials " + "(name:password)") request.add_option("--auth-cert", dest="aCert", - help="HTTP authentication certificate (" - "key_file,cert_file)") + help="HTTP authentication certificate (" + "key_file,cert_file)") request.add_option("--proxy", dest="proxy", - help="Use a HTTP proxy to connect to the target url") + help="Use a HTTP proxy to connect to the target url") request.add_option("--proxy-cred", dest="pCred", - help="HTTP proxy authentication credentials " - "(name:password)") + help="HTTP proxy authentication credentials " + "(name:password)") request.add_option("--ignore-proxy", dest="ignoreProxy", action="store_true", - help="Ignore system default HTTP proxy") + help="Ignore system default HTTP proxy") request.add_option("--delay", dest="delay", type="float", - help="Delay in seconds between each HTTP request") + help="Delay in seconds between each HTTP request") request.add_option("--timeout", dest="timeout", type="float", - help="Seconds to wait before timeout connection " - "(default %d)" % defaults.timeout) + help="Seconds to wait before timeout connection " + "(default %d)" % defaults.timeout) request.add_option("--retries", dest="retries", type="int", - help="Retries when the connection timeouts " - "(default %d)" % defaults.retries) + help="Retries when the connection timeouts " + "(default %d)" % defaults.retries) request.add_option("--scope", dest="scope", - help="Regexp to filter targets from provided proxy log") + help="Regexp to filter targets from provided proxy log") request.add_option("--safe-url", dest="safUrl", - help="Url address to visit frequently during testing") + help="Url address to visit frequently during testing") request.add_option("--safe-freq", dest="saFreq", type="int", - help="Test requests between two visits to a given safe url") + help="Test requests between two visits to a given safe url") request.add_option("--skip-urlencode", dest="skipUrlEncode", - action="store_true", - help="Skip URL encoding of payload data") + action="store_true", + help="Skip URL encoding of payload data") request.add_option("--eval", dest="evalCode", - help="Evaluate provided Python code before the request (e.g. \"import hashlib;id2=hashlib.md5(id).hexdigest()\")") + help="Evaluate provided Python code before the request (e.g. \"import hashlib;id2=hashlib.md5(id).hexdigest()\")") # Optimization options optimization = OptionGroup(parser, "Optimization", "These " - "options can be used to optimize the " - "performance of sqlmap") + "options can be used to optimize the " + "performance of sqlmap") optimization.add_option("-o", dest="optimize", - action="store_true", - help="Turn on all optimization switches") + action="store_true", + help="Turn on all optimization switches") optimization.add_option("--predict-output", dest="predictOutput", action="store_true", - help="Predict common queries output") + help="Predict common queries output") optimization.add_option("--keep-alive", dest="keepAlive", action="store_true", - help="Use persistent HTTP(s) connections") + help="Use persistent HTTP(s) connections") optimization.add_option("--null-connection", dest="nullConnection", action="store_true", - help="Retrieve page length without actual HTTP response body") + help="Retrieve page length without actual HTTP response body") optimization.add_option("--threads", dest="threads", type="int", - help="Max number of concurrent HTTP(s) " - "requests (default %d)" % defaults.threads) + help="Max number of concurrent HTTP(s) " + "requests (default %d)" % defaults.threads) # Injection options injection = OptionGroup(parser, "Injection", "These options can be " - "used to specify which parameters to test " - "for, provide custom injection payloads and " - "optional tampering scripts") + "used to specify which parameters to test " + "for, provide custom injection payloads and " + "optional tampering scripts") injection.add_option("-p", dest="testParameter", - help="Testable parameter(s)") + help="Testable parameter(s)") injection.add_option("--dbms", dest="dbms", - help="Force back-end DBMS to this value") + help="Force back-end DBMS to this value") injection.add_option("--os", dest="os", - help="Force back-end DBMS operating system " - "to this value") + help="Force back-end DBMS operating system " + "to this value") injection.add_option("--invalid-bignum", dest="invalidBignum", - action="store_true", - help="Use big numbers for invalidating values") + action="store_true", + help="Use big numbers for invalidating values") injection.add_option("--invalid-logical", dest="invalidLogical", - action="store_true", - help="Use logical operations for invalidating values") + action="store_true", + help="Use logical operations for invalidating values") injection.add_option("--no-cast", dest="noCast", - action="store_true", - help="Turn off payload casting mechanism") + action="store_true", + help="Turn off payload casting mechanism") injection.add_option("--no-unescape", dest="noUnescape", - action="store_true", - help="Turn off string unescaping mechanism") + action="store_true", + help="Turn off string unescaping mechanism") injection.add_option("--prefix", dest="prefix", - help="Injection payload prefix string") + help="Injection payload prefix string") injection.add_option("--suffix", dest="suffix", - help="Injection payload suffix string") + help="Injection payload suffix string") injection.add_option("--skip", dest="skip", - help="Skip testing for given parameter(s)") + help="Skip testing for given parameter(s)") injection.add_option("--tamper", dest="tamper", - help="Use given script(s) for tampering injection data") + help="Use given script(s) for tampering injection data") # Detection options detection = OptionGroup(parser, "Detection", "These options can be " - "used to specify how to parse " - "and compare page content from " - "HTTP responses when using blind SQL " - "injection technique") + "used to specify how to parse " + "and compare page content from " + "HTTP responses when using blind SQL " + "injection technique") detection.add_option("--level", dest="level", type="int", - help="Level of tests to perform (1-5, " - "default %d)" % defaults.level) + help="Level of tests to perform (1-5, " + "default %d)" % defaults.level) detection.add_option("--risk", dest="risk", type="int", - help="Risk of tests to perform (0-3, " - "default %d)" % defaults.level) + help="Risk of tests to perform (0-3, " + "default %d)" % defaults.level) detection.add_option("--string", dest="string", - help="String to match when " - "query is evaluated to True") + help="String to match when " + "query is evaluated to True") detection.add_option("--not-string", dest="notString", - help="String to match when " - "query is evaluated to False") + help="String to match when " + "query is evaluated to False") detection.add_option("--regexp", dest="regexp", - help="Regexp to match when " - "query is evaluated to True") + help="Regexp to match when " + "query is evaluated to True") detection.add_option("--code", dest="code", type="int", - help="HTTP code to match when " - "query is evaluated to True") + help="HTTP code to match when " + "query is evaluated to True") detection.add_option("--text-only", dest="textOnly", - action="store_true", - help="Compare pages based only on the textual content") + action="store_true", + help="Compare pages based only on the textual content") detection.add_option("--titles", dest="titles", - action="store_true", - help="Compare pages based only on their titles") + action="store_true", + help="Compare pages based only on their titles") # Techniques options techniques = OptionGroup(parser, "Techniques", "These options can be " - "used to tweak testing of specific SQL " - "injection techniques") + "used to tweak testing of specific SQL " + "injection techniques") techniques.add_option("--technique", dest="tech", - help="SQL injection techniques to test for " - "(default \"%s\")" % defaults.tech) + help="SQL injection techniques to test for " + "(default \"%s\")" % defaults.tech) techniques.add_option("--time-sec", dest="timeSec", - type="int", - help="Seconds to delay the DBMS response " - "(default %d)" % defaults.timeSec) + type="int", + help="Seconds to delay the DBMS response " + "(default %d)" % defaults.timeSec) techniques.add_option("--union-cols", dest="uCols", - help="Range of columns to test for UNION query SQL injection") + help="Range of columns to test for UNION query SQL injection") techniques.add_option("--union-char", dest="uChar", - help="Character to use for bruteforcing number of columns") + help="Character to use for bruteforcing number of columns") techniques.add_option("--dns-domain", dest="dnsName", - help="Domain name used for DNS exfiltration attack") + help="Domain name used for DNS exfiltration attack") techniques.add_option("--second-order", dest="secondOrder", - help="Resulting page url searched for second-order " - "response") + help="Resulting page url searched for second-order " + "response") # Fingerprint options fingerprint = OptionGroup(parser, "Fingerprint") fingerprint.add_option("-f", "--fingerprint", dest="extensiveFp", - action="store_true", - help="Perform an extensive DBMS version fingerprint") + action="store_true", + help="Perform an extensive DBMS version fingerprint") # Enumeration options enumeration = OptionGroup(parser, "Enumeration", "These options can " - "be used to enumerate the back-end database " - "management system information, structure " - "and data contained in the tables. Moreover " - "you can run your own SQL statements") + "be used to enumerate the back-end database " + "management system information, structure " + "and data contained in the tables. Moreover " + "you can run your own SQL statements") enumeration.add_option("-a", "--all", dest="getAll", - action="store_true", help="Retrieve everything") + action="store_true", help="Retrieve everything") enumeration.add_option("-b", "--banner", dest="getBanner", - action="store_true", help="Retrieve DBMS banner") + action="store_true", help="Retrieve DBMS banner") enumeration.add_option("--current-user", dest="getCurrentUser", - action="store_true", - help="Retrieve DBMS current user") + action="store_true", + help="Retrieve DBMS current user") enumeration.add_option("--current-db", dest="getCurrentDb", - action="store_true", - help="Retrieve DBMS current database") + action="store_true", + help="Retrieve DBMS current database") enumeration.add_option("--hostname", dest="getHostname", - action="store_true", - help="Retrieve DBMS server hostname") + action="store_true", + help="Retrieve DBMS server hostname") enumeration.add_option("--is-dba", dest="isDba", - action="store_true", - help="Detect if the DBMS current user is DBA") + action="store_true", + help="Detect if the DBMS current user is DBA") enumeration.add_option("--users", dest="getUsers", action="store_true", - help="Enumerate DBMS users") + help="Enumerate DBMS users") enumeration.add_option("--passwords", dest="getPasswordHashes", - action="store_true", - help="Enumerate DBMS users password hashes") + action="store_true", + help="Enumerate DBMS users password hashes") enumeration.add_option("--privileges", dest="getPrivileges", - action="store_true", - help="Enumerate DBMS users privileges") + action="store_true", + help="Enumerate DBMS users privileges") enumeration.add_option("--roles", dest="getRoles", - action="store_true", - help="Enumerate DBMS users roles") + action="store_true", + help="Enumerate DBMS users roles") enumeration.add_option("--dbs", dest="getDbs", action="store_true", - help="Enumerate DBMS databases") + help="Enumerate DBMS databases") enumeration.add_option("--tables", dest="getTables", action="store_true", - help="Enumerate DBMS database tables") + help="Enumerate DBMS database tables") enumeration.add_option("--columns", dest="getColumns", action="store_true", - help="Enumerate DBMS database table columns") + help="Enumerate DBMS database table columns") enumeration.add_option("--schema", dest="getSchema", action="store_true", - help="Enumerate DBMS schema") + help="Enumerate DBMS schema") enumeration.add_option("--count", dest="getCount", action="store_true", - help="Retrieve number of entries for table(s)") + help="Retrieve number of entries for table(s)") enumeration.add_option("--dump", dest="dumpTable", action="store_true", - help="Dump DBMS database table entries") + help="Dump DBMS database table entries") enumeration.add_option("--dump-all", dest="dumpAll", action="store_true", - help="Dump all DBMS databases tables entries") + help="Dump all DBMS databases tables entries") enumeration.add_option("--search", dest="search", action="store_true", - help="Search column(s), table(s) and/or database name(s)") + help="Search column(s), table(s) and/or database name(s)") enumeration.add_option("-D", dest="db", - help="DBMS database to enumerate") + help="DBMS database to enumerate") enumeration.add_option("-T", dest="tbl", - help="DBMS database table to enumerate") + help="DBMS database table to enumerate") enumeration.add_option("-C", dest="col", - help="DBMS database table column to enumerate") + help="DBMS database table column to enumerate") enumeration.add_option("-U", dest="user", - help="DBMS user to enumerate") + help="DBMS user to enumerate") enumeration.add_option("--exclude-sysdbs", dest="excludeSysDbs", - action="store_true", - help="Exclude DBMS system databases when " - "enumerating tables") + action="store_true", + help="Exclude DBMS system databases when " + "enumerating tables") enumeration.add_option("--start", dest="limitStart", type="int", - help="First query output entry to retrieve") + help="First query output entry to retrieve") enumeration.add_option("--stop", dest="limitStop", type="int", - help="Last query output entry to retrieve") + help="Last query output entry to retrieve") enumeration.add_option("--first", dest="firstChar", type="int", - help="First query output word character to retrieve") + help="First query output word character to retrieve") enumeration.add_option("--last", dest="lastChar", type="int", - help="Last query output word character to retrieve") + help="Last query output word character to retrieve") enumeration.add_option("--sql-query", dest="query", - help="SQL statement to be executed") + help="SQL statement to be executed") enumeration.add_option("--sql-shell", dest="sqlShell", - action="store_true", - help="Prompt for an interactive SQL shell") + action="store_true", + help="Prompt for an interactive SQL shell") enumeration.add_option("--sql-file", dest="sqlFile", - help="Execute SQL statements from given file(s)") + help="Execute SQL statements from given file(s)") # User-defined function options brute = OptionGroup(parser, "Brute force", "These " - "options can be used to run brute force " - "checks") + "options can be used to run brute force " + "checks") brute.add_option("--common-tables", dest="commonTables", action="store_true", - help="Check existence of common tables") + help="Check existence of common tables") brute.add_option("--common-columns", dest="commonColumns", action="store_true", - help="Check existence of common columns") + help="Check existence of common columns") # User-defined function options udf = OptionGroup(parser, "User-defined function injection", "These " - "options can be used to create custom user-defined " - "functions") + "options can be used to create custom user-defined " + "functions") udf.add_option("--udf-inject", dest="udfInject", action="store_true", - help="Inject custom user-defined functions") + help="Inject custom user-defined functions") udf.add_option("--shared-lib", dest="shLib", - help="Local path of the shared library") + help="Local path of the shared library") # File system options filesystem = OptionGroup(parser, "File system access", "These options " - "can be used to access the back-end database " - "management system underlying file system") + "can be used to access the back-end database " + "management system underlying file system") filesystem.add_option("--file-read", dest="rFile", - help="Read a file from the back-end DBMS " - "file system") + help="Read a file from the back-end DBMS " + "file system") filesystem.add_option("--file-write", dest="wFile", - help="Write a local file on the back-end " - "DBMS file system") + help="Write a local file on the back-end " + "DBMS file system") filesystem.add_option("--file-dest", dest="dFile", - help="Back-end DBMS absolute filepath to " - "write to") + help="Back-end DBMS absolute filepath to " + "write to") # Takeover options takeover = OptionGroup(parser, "Operating system access", "These " - "options can be used to access the back-end " - "database management system underlying " - "operating system") + "options can be used to access the back-end " + "database management system underlying " + "operating system") takeover.add_option("--os-cmd", dest="osCmd", - help="Execute an operating system command") + help="Execute an operating system command") takeover.add_option("--os-shell", dest="osShell", - action="store_true", - help="Prompt for an interactive operating " - "system shell") + action="store_true", + help="Prompt for an interactive operating " + "system shell") takeover.add_option("--os-pwn", dest="osPwn", - action="store_true", - help="Prompt for an out-of-band shell, " - "meterpreter or VNC") + action="store_true", + help="Prompt for an out-of-band shell, " + "meterpreter or VNC") takeover.add_option("--os-smbrelay", dest="osSmb", - action="store_true", - help="One click prompt for an OOB shell, " - "meterpreter or VNC") + action="store_true", + help="One click prompt for an OOB shell, " + "meterpreter or VNC") takeover.add_option("--os-bof", dest="osBof", - action="store_true", - help="Stored procedure buffer overflow " - "exploitation") + action="store_true", + help="Stored procedure buffer overflow " + "exploitation") takeover.add_option("--priv-esc", dest="privEsc", - action="store_true", - help="Database process' user privilege escalation") + action="store_true", + help="Database process' user privilege escalation") takeover.add_option("--msf-path", dest="msfPath", - help="Local path where Metasploit Framework " - "is installed") + help="Local path where Metasploit Framework " + "is installed") takeover.add_option("--tmp-path", dest="tmpPath", - help="Remote absolute path of temporary files " - "directory") + help="Remote absolute path of temporary files " + "directory") # Windows registry options windows = OptionGroup(parser, "Windows registry access", "These " - "options can be used to access the back-end " - "database management system Windows " - "registry") + "options can be used to access the back-end " + "database management system Windows " + "registry") windows.add_option("--reg-read", dest="regRead", - action="store_true", - help="Read a Windows registry key value") + action="store_true", + help="Read a Windows registry key value") windows.add_option("--reg-add", dest="regAdd", - action="store_true", - help="Write a Windows registry key value data") + action="store_true", + help="Write a Windows registry key value data") windows.add_option("--reg-del", dest="regDel", - action="store_true", - help="Delete a Windows registry key value") + action="store_true", + help="Delete a Windows registry key value") windows.add_option("--reg-key", dest="regKey", - help="Windows registry key") + help="Windows registry key") windows.add_option("--reg-value", dest="regVal", - help="Windows registry key value") + help="Windows registry key value") windows.add_option("--reg-data", dest="regData", - help="Windows registry key value data") + help="Windows registry key value data") windows.add_option("--reg-type", dest="regType", - help="Windows registry key value type") + help="Windows registry key value type") # General options general = OptionGroup(parser, "General", "These options can be used " - "to set some general working parameters" ) + "to set some general working parameters") #general.add_option("-x", dest="xmlFile", # help="Dump the data into an XML file") general.add_option("-t", dest="trafficFile", - help="Log all HTTP traffic into a " - "textual file") + help="Log all HTTP traffic into a " + "textual file") general.add_option("--batch", dest="batch", - action="store_true", - help="Never ask for user input, use the default behaviour") + action="store_true", + help="Never ask for user input, use the default behaviour") general.add_option("--charset", dest="charset", - help="Force character encoding used for data retrieval") + help="Force character encoding used for data retrieval") general.add_option("--check-tor", dest="checkTor", - action="store_true", - help="Check to see if Tor is used properly") + action="store_true", + help="Check to see if Tor is used properly") general.add_option("--crawl", dest="crawlDepth", type="int", - help="Crawl the website starting from the target url") + help="Crawl the website starting from the target url") general.add_option("--csv-del", dest="csvDel", - help="Delimiting character used in CSV output " - "(default \"%s\")" % defaults.csvDel) + help="Delimiting character used in CSV output " + "(default \"%s\")" % defaults.csvDel) general.add_option("--dbms-cred", dest="dbmsCred", - help="DBMS authentication credentials (user:password)") + help="DBMS authentication credentials (user:password)") general.add_option("--dump-format", dest="dumpFormat", - help="Format of dumped data (CSV (default), HTML or SQLITE)") + help="Format of dumped data (CSV (default), HTML or SQLITE)") general.add_option("--eta", dest="eta", - action="store_true", - help="Display for each output the " - "estimated time of arrival") + action="store_true", + help="Display for each output the " + "estimated time of arrival") general.add_option("--flush-session", dest="flushSession", - action="store_true", - help="Flush session files for current target") + action="store_true", + help="Flush session files for current target") general.add_option("--forms", dest="forms", - action="store_true", - help="Parse and test forms on target url") + action="store_true", + help="Parse and test forms on target url") general.add_option("--fresh-queries", dest="freshQueries", - action="store_true", - help="Ignores query results stored in session file") + action="store_true", + help="Ignores query results stored in session file") general.add_option("--hex", dest="hexConvert", - action="store_true", - help="Uses DBMS hex function(s) for data retrieval") + action="store_true", + help="Uses DBMS hex function(s) for data retrieval") general.add_option("--output-dir", dest="oDir", - action="store", - help="Custom output directory path") + action="store", + help="Custom output directory path") general.add_option("--parse-errors", dest="parseErrors", - action="store_true", - help="Parse and display DBMS error messages from responses") + action="store_true", + help="Parse and display DBMS error messages from responses") general.add_option("--save", dest="saveCmdline", - action="store_true", - help="Save options to a configuration INI file") + action="store_true", + help="Save options to a configuration INI file") general.add_option("--tor", dest="tor", - action="store_true", - help="Use Tor anonymity network") + action="store_true", + help="Use Tor anonymity network") general.add_option("--tor-port", dest="torPort", - help="Set Tor proxy port other than default") + help="Set Tor proxy port other than default") general.add_option("--tor-type", dest="torType", - help="Set Tor proxy type (HTTP (default), SOCKS4 or SOCKS5)") + help="Set Tor proxy type (HTTP (default), SOCKS4 or SOCKS5)") general.add_option("--update", dest="updateAll", - action="store_true", - help="Update sqlmap") + action="store_true", + help="Update sqlmap") # Miscellaneous options miscellaneous = OptionGroup(parser, "Miscellaneous") miscellaneous.add_option("-z", dest="mnemonics", - help="Use short mnemonics (e.g. \"flu,bat,ban,tec=EU\")") + help="Use short mnemonics (e.g. \"flu,bat,ban,tec=EU\")") miscellaneous.add_option("--answers", dest="answers", - help="Set question answers (e.g. \"quit=N,follow=N\")") + help="Set question answers (e.g. \"quit=N,follow=N\")") miscellaneous.add_option("--check-payload", dest="checkPayload", - action="store_true", - help="Offline WAF/IPS/IDS payload detection testing") + action="store_true", + help="Offline WAF/IPS/IDS payload detection testing") miscellaneous.add_option("--check-waf", dest="checkWaf", - action="store_true", - help="Check for existence of WAF/IPS/IDS protection") + action="store_true", + help="Check for existence of WAF/IPS/IDS protection") miscellaneous.add_option("--cleanup", dest="cleanup", - action="store_true", - help="Clean up the DBMS by sqlmap specific " - "UDF and tables") + action="store_true", + help="Clean up the DBMS by sqlmap specific " + "UDF and tables") miscellaneous.add_option("--dependencies", dest="dependencies", - action="store_true", - help="Check for missing (non-core) sqlmap dependencies") + action="store_true", + help="Check for missing (non-core) sqlmap dependencies") miscellaneous.add_option("--disable-coloring", dest="disableColoring", - action="store_true", - help="Disable console output coloring") + action="store_true", + help="Disable console output coloring") miscellaneous.add_option("--gpage", dest="googlePage", type="int", - help="Use Google dork results from specified page number") + help="Use Google dork results from specified page number") miscellaneous.add_option("--mobile", dest="mobile", - action="store_true", - help="Imitate smartphone through HTTP User-Agent header") + action="store_true", + help="Imitate smartphone through HTTP User-Agent header") miscellaneous.add_option("--page-rank", dest="pageRank", - action="store_true", - help="Display page rank (PR) for Google dork results") + action="store_true", + help="Display page rank (PR) for Google dork results") miscellaneous.add_option("--purge-output", dest="purgeOutput", - action="store_true", - help="Safely remove all content from output directory") + action="store_true", + help="Safely remove all content from output directory") miscellaneous.add_option("--smart", dest="smart", - action="store_true", - help="Conduct through tests only if positive heuristic(s)") + action="store_true", + help="Conduct through tests only if positive heuristic(s)") miscellaneous.add_option("--test-filter", dest="testFilter", - help="Select tests by payloads and/or titles (e.g. ROW)") + help="Select tests by payloads and/or titles (e.g. ROW)") miscellaneous.add_option("--wizard", dest="wizard", - action="store_true", - help="Simple wizard interface for beginner users") + action="store_true", + help="Simple wizard interface for beginner users") # Hidden and/or experimental options parser.add_option("--beep", dest="beep", action="store_true", - help=SUPPRESS_HELP) + help=SUPPRESS_HELP) parser.add_option("--profile", dest="profile", action="store_true", - help=SUPPRESS_HELP) + help=SUPPRESS_HELP) parser.add_option("--cpu-throttle", dest="cpuThrottle", type="int", - help=SUPPRESS_HELP) + help=SUPPRESS_HELP) parser.add_option("--force-dns", dest="forceDns", action="store_true", - help=SUPPRESS_HELP) + help=SUPPRESS_HELP) parser.add_option("--smoke-test", dest="smokeTest", action="store_true", - help=SUPPRESS_HELP) + help=SUPPRESS_HELP) parser.add_option("--live-test", dest="liveTest", action="store_true", - help=SUPPRESS_HELP) + help=SUPPRESS_HELP) parser.add_option("--run-case", dest="runCase", type="int", - help=SUPPRESS_HELP) + help=SUPPRESS_HELP) parser.add_option_group(target) parser.add_option_group(request) @@ -745,10 +737,11 @@ def cmdLineParser(): # Expand given mnemonic options (e.g. -z "ign,flu,bat") for i in xrange(len(sys.argv) - 1): if sys.argv[i] == '-z': - expandMnemonics(sys.argv[i+1], parser, args) + expandMnemonics(sys.argv[i + 1], parser, args) - if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, \ - args.requestFile, args.updateAll, args.smokeTest, args.liveTest, args.wizard, args.dependencies, args.purgeOutput)): + if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile,\ + args.requestFile, args.updateAll, args.smokeTest, args.liveTest, args.wizard, args.dependencies, + args.purgeOutput)): errMsg = "missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, --wizard, --update, --purge-output or --dependencies), " errMsg += "use -h for basic or -hh for advanced help" parser.error(errMsg) diff --git a/lib/parse/configfile.py b/lib/parse/configfile.py index 1ea6e0066..5509bc7e1 100644 --- a/lib/parse/configfile.py +++ b/lib/parse/configfile.py @@ -6,16 +6,11 @@ See the file 'doc/COPYING' for copying permission """ import codecs - from ConfigParser import MissingSectionHeaderError -from lib.core.common import checkFile -from lib.core.common import unArrayizeValue -from lib.core.common import UnicodeRawConfigParser -from lib.core.data import conf -from lib.core.data import logger -from lib.core.exception import sqlmapMissingMandatoryOptionException -from lib.core.exception import sqlmapSyntaxException +from lib.core.common import checkFile, unArrayizeValue, UnicodeRawConfigParser +from lib.core.data import conf, logger +from lib.core.exception import sqlmapMissingMandatoryOptionException, sqlmapSyntaxException from lib.core.optiondict import optDict from lib.core.settings import UNICODE_ENCODING diff --git a/lib/parse/headers.py b/lib/parse/headers.py index 48da4fed3..f3ae7a275 100644 --- a/lib/parse/headers.py +++ b/lib/parse/headers.py @@ -24,13 +24,13 @@ def headersParser(headers): if not kb.headerPaths: kb.headerPaths = { - "cookie": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "cookie.xml"), + "cookie": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "cookie.xml"), "microsoftsharepointteamservices": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "sharepoint.xml"), - "server": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "server.xml"), - "servlet-engine": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "servlet.xml"), - "set-cookie": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "cookie.xml"), - "x-aspnet-version": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "x-aspnet-version.xml"), - "x-powered-by": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "x-powered-by.xml") + "server": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "server.xml"), + "servlet-engine": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "servlet.xml"), + "set-cookie": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "cookie.xml"), + "x-aspnet-version": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "x-aspnet-version.xml"), + "x-powered-by": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "x-powered-by.xml") } for header in itertools.ifilter(lambda x: x in kb.headerPaths, headers): diff --git a/lib/parse/html.py b/lib/parse/html.py index 3014f1d13..0f7acd1f5 100644 --- a/lib/parse/html.py +++ b/lib/parse/html.py @@ -42,6 +42,7 @@ class htmlHandler(ContentHandler): self.dbms = self._dbms self._markAsErrorPage() + def htmlParser(page): """ This function calls a class that parses the input HTML page to diff --git a/lib/parse/payloads.py b/lib/parse/payloads.py index 30e9b8533..56c21374f 100644 --- a/lib/parse/payloads.py +++ b/lib/parse/payloads.py @@ -7,8 +7,7 @@ See the file 'doc/COPYING' for copying permission from xml.etree import ElementTree as et -from lib.core.data import conf -from lib.core.data import paths +from lib.core.data import conf, paths from lib.core.datatype import AttribDict def cleanupVals(text, tag): @@ -38,6 +37,7 @@ def cleanupVals(text, tag): return text + def parseXmlNode(node): for element in node.getiterator('boundary'): boundary = AttribDict() @@ -74,6 +74,7 @@ def parseXmlNode(node): conf.tests.append(test) + def loadPayloads(): doc = et.parse(paths.PAYLOADS_XML) root = doc.getroot() diff --git a/lib/request/__init__.py b/lib/request/__init__.py index 72630d2e8..203dd12d1 100644 --- a/lib/request/__init__.py +++ b/lib/request/__init__.py @@ -4,5 +4,3 @@ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ - -pass diff --git a/lib/request/basic.py b/lib/request/basic.py index 0238e920c..31a0538b5 100644 --- a/lib/request/basic.py +++ b/lib/request/basic.py @@ -9,9 +9,12 @@ import codecs import gzip import logging import re -import StringIO import struct import zlib +try: + import cStringIO as StringIO +except ImportError: + import StringIO from lib.core.common import extractErrorMessage from lib.core.common import extractRegexResult @@ -46,14 +49,14 @@ def forgeHeaders(items=None): items = items or {} - for _ in items.keys(): + for _ in items.iterkeys(): if items[_] is None: del items[_] headers = dict(conf.httpHeaders) headers.update(items or {}) - headers = dict(("-".join(_.capitalize() for _ in key.split('-')), value) for (key, value) in headers.items()) + headers = dict(("-".join(_.capitalize() for _ in key.split('-')), value) for (key, value) in headers.iteritems()) if conf.cj: if HTTPHEADER.COOKIE in headers: diff --git a/lib/request/basicauthhandler.py b/lib/request/basicauthhandler.py index fd68b3853..7d264a875 100644 --- a/lib/request/basicauthhandler.py +++ b/lib/request/basicauthhandler.py @@ -4,6 +4,7 @@ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ +#TODO: Move to requests import urllib2 @@ -12,6 +13,7 @@ class SmartHTTPBasicAuthHandler(urllib2.HTTPBasicAuthHandler): Reference: http://selenic.com/hg/rev/6c51a5056020 Fix for a: http://bugs.python.org/issue8797 """ + def __init__(self, *args, **kwargs): urllib2.HTTPBasicAuthHandler.__init__(self, *args, **kwargs) self.retried_req = set() @@ -29,11 +31,11 @@ class SmartHTTPBasicAuthHandler(urllib2.HTTPBasicAuthHandler): self.retried_req.add(hash(req)) self.retried_count = 0 else: - if self.retried_count > 5: - raise urllib2.HTTPError(req.get_full_url(), 401, "basic auth failed", - headers, None) - else: - self.retried_count += 1 + if self.retried_count > 5: + raise urllib2.HTTPError(req.get_full_url(), 401, "basic auth failed", + headers, None) + else: + self.retried_count += 1 return urllib2.HTTPBasicAuthHandler.http_error_auth_reqed( - self, auth_header, host, req, headers) + self, auth_header, host, req, headers) diff --git a/lib/request/certhandler.py b/lib/request/certhandler.py index c40534b26..179fffffa 100644 --- a/lib/request/certhandler.py +++ b/lib/request/certhandler.py @@ -5,6 +5,8 @@ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ +#TODO: Move to requests + import httplib import urllib2 import sys diff --git a/lib/request/comparison.py b/lib/request/comparison.py index 1081d23a1..19a475846 100644 --- a/lib/request/comparison.py +++ b/lib/request/comparison.py @@ -7,29 +7,17 @@ See the file 'doc/COPYING' for copying permission import re -from lib.core.common import extractRegexResult -from lib.core.common import getFilteredPageContent -from lib.core.common import listToStrValue -from lib.core.common import removeDynamicContent -from lib.core.common import wasLastRequestDBMSError -from lib.core.common import wasLastRequestHTTPError -from lib.core.data import conf -from lib.core.data import kb -from lib.core.data import logger +from lib.core.common import extractRegexResult, getFilteredPageContent, listToStrValue, removeDynamicContent, \ + wasLastRequestDBMSError, wasLastRequestHTTPError +from lib.core.data import conf, kb, logger from lib.core.exception import sqlmapNoneDataException -from lib.core.settings import DEFAULT_PAGE_ENCODING -from lib.core.settings import DIFF_TOLERANCE -from lib.core.settings import HTML_TITLE_REGEX -from lib.core.settings import MIN_RATIO -from lib.core.settings import MAX_RATIO -from lib.core.settings import REFLECTED_VALUE_MARKER -from lib.core.settings import LOWER_RATIO_BOUND -from lib.core.settings import UPPER_RATIO_BOUND +from lib.core.settings import DEFAULT_PAGE_ENCODING, DIFF_TOLERANCE, HTML_TITLE_REGEX, MIN_RATIO, MAX_RATIO, \ + REFLECTED_VALUE_MARKER, LOWER_RATIO_BOUND, UPPER_RATIO_BOUND + from lib.core.threads import getCurrentThreadData def comparison(page, headers, code=None, getRatioValue=False, pageLength=None): - _ = _adjust(_comparison(page, headers, code, getRatioValue, pageLength), getRatioValue) - return _ + return _adjust(_comparison(page, headers, code, getRatioValue, pageLength), getRatioValue) def _adjust(condition, getRatioValue): if not any((conf.string, conf.notString, conf.regexp, conf.code)): diff --git a/lib/request/connect.py b/lib/request/connect.py index dd0fa0b26..c39b7af24 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -17,62 +17,21 @@ import traceback from extra.safe2bin.safe2bin import safecharencode from lib.core.agent import agent -from lib.core.common import asciifyUrl -from lib.core.common import calculateDeltaSeconds -from lib.core.common import clearConsoleLine -from lib.core.common import cpuThrottle -from lib.core.common import evaluateCode -from lib.core.common import extractRegexResult -from lib.core.common import findMultipartPostBoundary -from lib.core.common import getCurrentThreadData -from lib.core.common import getHostHeader -from lib.core.common import getRequestHeader -from lib.core.common import getUnicode -from lib.core.common import logHTTPTraffic -from lib.core.common import randomizeParameterValue -from lib.core.common import readInput -from lib.core.common import removeReflectiveValues -from lib.core.common import singleTimeWarnMessage -from lib.core.common import stdev -from lib.core.common import wasLastRequestDelayed -from lib.core.common import unicodeencode -from lib.core.common import urlencode -from lib.core.data import conf -from lib.core.data import kb -from lib.core.data import logger +from lib.core.common import asciifyUrl, calculateDeltaSeconds, clearConsoleLine, cpuThrottle, evaluateCode,\ + extractRegexResult, findMultipartPostBoundary, getCurrentThreadData, getHostHeader, getRequestHeader,\ + getUnicode, logHTTPTraffic, randomizeParameterValue, readInput, removeReflectiveValues, singleTimeWarnMessage,\ + stdev, wasLastRequestDelayed, unicodeencode, urlencode +from lib.core.data import conf, kb, logger from lib.core.dicts import POST_HINT_CONTENT_TYPES -from lib.core.enums import ADJUST_TIME_DELAY -from lib.core.enums import CUSTOM_LOGGING -from lib.core.enums import HTTPHEADER -from lib.core.enums import HTTPMETHOD -from lib.core.enums import NULLCONNECTION -from lib.core.enums import PAYLOAD -from lib.core.enums import PLACE -from lib.core.enums import POST_HINT -from lib.core.enums import REDIRECTION -from lib.core.exception import sqlmapCompressionException -from lib.core.exception import sqlmapConnectionException -from lib.core.exception import sqlmapSyntaxException -from lib.core.exception import sqlmapValueException -from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR -from lib.core.settings import DEFAULT_CONTENT_TYPE -from lib.core.settings import HTTP_ACCEPT_HEADER_VALUE -from lib.core.settings import HTTP_ACCEPT_ENCODING_HEADER_VALUE -from lib.core.settings import HTTP_SILENT_TIMEOUT -from lib.core.settings import MAX_CONNECTION_CHUNK_SIZE -from lib.core.settings import MAX_CONNECTIONS_REGEX -from lib.core.settings import MAX_CONNECTION_TOTAL_SIZE -from lib.core.settings import META_REFRESH_REGEX -from lib.core.settings import MIN_TIME_RESPONSES -from lib.core.settings import IS_WIN -from lib.core.settings import LARGE_CHUNK_TRIM_MARKER -from lib.core.settings import PERMISSION_DENIED_REGEX -from lib.core.settings import UNENCODED_ORIGINAL_VALUE -from lib.core.settings import URI_HTTP_HEADER -from lib.core.settings import WARN_TIME_STDEV -from lib.request.basic import decodePage -from lib.request.basic import forgeHeaders -from lib.request.basic import processResponse +from lib.core.enums import ADJUST_TIME_DELAY, CUSTOM_LOGGING, HTTPHEADER, HTTPMETHOD, NULLCONNECTION, PAYLOAD,\ + PLACE, POST_HINT, REDIRECTION +from lib.core.exception import sqlmapCompressionException, sqlmapConnectionException, sqlmapSyntaxException,\ + sqlmapValueException +from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR, DEFAULT_CONTENT_TYPE, HTTP_ACCEPT_HEADER_VALUE,\ + HTTP_ACCEPT_ENCODING_HEADER_VALUE, HTTP_SILENT_TIMEOUT, MAX_CONNECTION_CHUNK_SIZE, MAX_CONNECTIONS_REGEX,\ + MAX_CONNECTION_TOTAL_SIZE, META_REFRESH_REGEX, MIN_TIME_RESPONSES, IS_WIN, LARGE_CHUNK_TRIM_MARKER,\ + PERMISSION_DENIED_REGEX, UNENCODED_ORIGINAL_VALUE, URI_HTTP_HEADER, WARN_TIME_STDEV +from lib.request.basic import decodePage, forgeHeaders, processResponse from lib.request.direct import direct from lib.request.comparison import comparison from lib.request.methodrequest import MethodRequest @@ -138,7 +97,7 @@ class Connect: if not kb.dnsMode and conn: headers = conn.info() if headers and (headers.getheader(HTTPHEADER.CONTENT_ENCODING, "").lower() in ("gzip", "deflate")\ - or "text" not in headers.getheader(HTTPHEADER.CONTENT_TYPE, "").lower()): + or "text" not in headers.getheader(HTTPHEADER.CONTENT_TYPE, "").lower()): retVal = conn.read() else: while True: @@ -146,7 +105,8 @@ class Connect: if len(_) == MAX_CONNECTION_CHUNK_SIZE: warnMsg = "large response detected. This could take a while" singleTimeWarnMessage(warnMsg) - _ = re.sub(r"(?si)%s.+?%s" % (kb.chars.stop, kb.chars.start), "%s%s%s" % (kb.chars.stop, LARGE_CHUNK_TRIM_MARKER, kb.chars.start), _) + _ = re.sub(r"(?si)%s.+?%s" % (kb.chars.stop, kb.chars.start), + "%s%s%s" % (kb.chars.stop, LARGE_CHUNK_TRIM_MARKER, kb.chars.start), _) retVal += _ else: retVal += _ @@ -174,30 +134,31 @@ class Connect: threadData = getCurrentThreadData() threadData.lastRequestUID += 1 - url = kwargs.get('url', conf.url) - get = kwargs.get('get', None) - post = kwargs.get('post', None) - method = kwargs.get('method', None) - cookie = kwargs.get('cookie', None) - ua = kwargs.get('ua', None) - referer = kwargs.get('referer', None) - host = kwargs.get('host', conf.host) - direct = kwargs.get('direct', False) - multipart = kwargs.get('multipart', False) - silent = kwargs.get('silent', False) - raise404 = kwargs.get('raise404', True) - auxHeaders = kwargs.get('auxHeaders', None) - response = kwargs.get('response', False) + url = kwargs.get('url', conf.url) + get = kwargs.get('get', None) + post = kwargs.get('post', None) + method = kwargs.get('method', None) + cookie = kwargs.get('cookie', None) + ua = kwargs.get('ua', None) + referer = kwargs.get('referer', None) + host = kwargs.get('host', conf.host) + direct = kwargs.get('direct', False) + multipart = kwargs.get('multipart', False) + silent = kwargs.get('silent', False) + raise404 = kwargs.get('raise404', True) + auxHeaders = kwargs.get('auxHeaders', None) + response = kwargs.get('response', False) ignoreTimeout = kwargs.get('ignoreTimeout', kb.ignoreTimeout) - refreshing = kwargs.get('refreshing', False) - retrying = kwargs.get('retrying', False) - crawling = kwargs.get('crawling', False) + refreshing = kwargs.get('refreshing', False) + retrying = kwargs.get('retrying', False) + crawling = kwargs.get('crawling', False) if not urlparse.urlsplit(url).netloc: url = urlparse.urljoin(conf.url, url) # flag to know if we are dealing with the same target host - target = reduce(lambda x, y: x == y, map(lambda x: urlparse.urlparse(x).netloc.split(':')[0], [url, conf.url or ""])) + target = reduce(lambda x, y: x == y, + map(lambda x: urlparse.urlparse(x).netloc.split(':')[0], [url, conf.url or ""])) if not retrying: # Reset the number of connection retries @@ -211,8 +172,10 @@ class Connect: page = None _ = urlparse.urlsplit(url) - requestMsg = u"HTTP request [#%d]:\n%s " % (threadData.lastRequestUID, method or (HTTPMETHOD.POST if post is not None else HTTPMETHOD.GET)) - requestMsg += ("%s%s" % (_.path or "/", ("?%s" % _.query) if _.query else "")) if not any((refreshing, crawling)) else url + requestMsg = u"HTTP request [#%d]:\n%s " % ( + threadData.lastRequestUID, method or (HTTPMETHOD.POST if post is not None else HTTPMETHOD.GET)) + requestMsg += ("%s%s" % (_.path or "/", ("?%s" % _.query) if _.query else "")) if not any( + (refreshing, crawling)) else url responseMsg = u"HTTP response " requestHeaders = u"" responseHeaders = None @@ -252,7 +215,8 @@ class Connect: page = Connect.__connReadProxy(conn) responseHeaders = conn.info() responseHeaders[URI_HTTP_HEADER] = conn.geturl() - page = decodePage(page, responseHeaders.get(HTTPHEADER.CONTENT_ENCODING), responseHeaders.get(HTTPHEADER.CONTENT_TYPE)) + page = decodePage(page, responseHeaders.get(HTTPHEADER.CONTENT_ENCODING), + responseHeaders.get(HTTPHEADER.CONTENT_TYPE)) return page @@ -289,7 +253,8 @@ class Connect: headers[HTTPHEADER.PROXY_AUTHORIZATION] = kb.proxyAuthHeader headers[HTTPHEADER.ACCEPT] = HTTP_ACCEPT_HEADER_VALUE - headers[HTTPHEADER.ACCEPT_ENCODING] = HTTP_ACCEPT_ENCODING_HEADER_VALUE if method != HTTPMETHOD.HEAD and kb.pageCompress else "identity" + headers[ + HTTPHEADER.ACCEPT_ENCODING] = HTTP_ACCEPT_ENCODING_HEADER_VALUE if method != HTTPMETHOD.HEAD and kb.pageCompress else "identity" headers[HTTPHEADER.HOST] = host or getHostHeader(url) if post is not None and HTTPHEADER.CONTENT_TYPE not in headers: @@ -320,12 +285,15 @@ class Connect: else: req = urllib2.Request(url, post, headers) - requestHeaders += "\n".join("%s: %s" % (key.capitalize() if isinstance(key, basestring) else key, getUnicode(value)) for (key, value) in req.header_items()) + requestHeaders += "\n".join( + "%s: %s" % (key.capitalize() if isinstance(key, basestring) else key, getUnicode(value)) for ( + key, value) in req.header_items()) if not getRequestHeader(req, HTTPHEADER.COOKIE) and conf.cj: conf.cj._policy._now = conf.cj._now = int(time.time()) cookies = conf.cj._cookies_for_request(req) - requestHeaders += "\n%s" % ("Cookie: %s" % ";".join("%s=%s" % (getUnicode(cookie.name), getUnicode(cookie.value)) for cookie in cookies)) + requestHeaders += "\n%s" % ("Cookie: %s" % ";".join( + "%s=%s" % (getUnicode(cookie.name), getUnicode(cookie.value)) for cookie in cookies)) if post is not None: if not getRequestHeader(req, HTTPHEADER.CONTENT_LENGTH): @@ -360,7 +328,7 @@ class Connect: # Get HTTP response if hasattr(conn, 'redurl'): page = threadData.lastRedirectMsg[1] if kb.redirectChoice == REDIRECTION.NO\ - else Connect.__connReadProxy(conn) + else Connect.__connReadProxy(conn) skipLogTraffic = kb.redirectChoice == REDIRECTION.NO code = conn.redcode else: @@ -369,7 +337,8 @@ class Connect: code = code or conn.code responseHeaders = conn.info() responseHeaders[URI_HTTP_HEADER] = conn.geturl() - page = decodePage(page, responseHeaders.get(HTTPHEADER.CONTENT_ENCODING), responseHeaders.get(HTTPHEADER.CONTENT_TYPE)) + page = decodePage(page, responseHeaders.get(HTTPHEADER.CONTENT_ENCODING), + responseHeaders.get(HTTPHEADER.CONTENT_TYPE)) status = getUnicode(conn.msg) if extractRegexResult(META_REFRESH_REGEX, page) and not refreshing: @@ -391,7 +360,7 @@ class Connect: if url.lower().startswith('http://'): kwargs['url'] = url else: - kwargs['url'] = conf.url[:conf.url.rfind('/')+1] + url + kwargs['url'] = conf.url[:conf.url.rfind('/') + 1] + url threadData.lastRedirectMsg = (threadData.lastRequestUID, page) kwargs['refreshing'] = True @@ -421,7 +390,8 @@ class Connect: page = e.read() responseHeaders = e.info() responseHeaders[URI_HTTP_HEADER] = e.geturl() - page = decodePage(page, responseHeaders.get(HTTPHEADER.CONTENT_ENCODING), responseHeaders.get(HTTPHEADER.CONTENT_TYPE)) + page = decodePage(page, responseHeaders.get(HTTPHEADER.CONTENT_ENCODING), + responseHeaders.get(HTTPHEADER.CONTENT_TYPE)) except socket.timeout: warnMsg = "connection timed out while trying " warnMsg += "to get error page information (%d)" % e.code @@ -443,9 +413,12 @@ class Connect: responseMsg += "[#%d] (%d %s):\n" % (threadData.lastRequestUID, code, status) if responseHeaders: - logHeaders = "\n".join("%s: %s" % (key.capitalize() if isinstance(key, basestring) else key, getUnicode(value)) for (key, value) in responseHeaders.items()) + logHeaders = "\n".join( + "%s: %s" % (key.capitalize() if isinstance(key, basestring) else key, getUnicode(value)) for ( + key, value) in responseHeaders.items()) - logHTTPTraffic(requestMsg, "%s%s\n\n%s" % (responseMsg, logHeaders, (page or "")[:MAX_CONNECTION_CHUNK_SIZE])) + logHTTPTraffic(requestMsg, + "%s%s\n\n%s" % (responseMsg, logHeaders, (page or "")[:MAX_CONNECTION_CHUNK_SIZE])) skipLogTraffic = True @@ -486,7 +459,9 @@ class Connect: debugMsg = "got HTTP error code: %d (%s)" % (code, status) logger.debug(debugMsg) - except (urllib2.URLError, socket.error, socket.timeout, httplib.BadStatusLine, httplib.IncompleteRead, ProxyError, sqlmapCompressionException), e: + except ( + urllib2.URLError, socket.error, socket.timeout, httplib.BadStatusLine, httplib.IncompleteRead, ProxyError, + sqlmapCompressionException), e: tbMsg = traceback.format_exc() if "no host given" in tbMsg: @@ -534,10 +509,13 @@ class Connect: responseMsg += "[#%d] (%d %s):\n" % (threadData.lastRequestUID, code, status) if responseHeaders: - logHeaders = "\n".join("%s: %s" % (key.capitalize() if isinstance(key, basestring) else key, getUnicode(value)) for (key, value) in responseHeaders.items()) + logHeaders = "\n".join( + "%s: %s" % (key.capitalize() if isinstance(key, basestring) else key, getUnicode(value)) for ( + key, value) in responseHeaders.items()) if not skipLogTraffic: - logHTTPTraffic(requestMsg, "%s%s\n\n%s" % (responseMsg, logHeaders, (page or "")[:MAX_CONNECTION_CHUNK_SIZE])) + logHTTPTraffic(requestMsg, + "%s%s\n\n%s" % (responseMsg, logHeaders, (page or "")[:MAX_CONNECTION_CHUNK_SIZE])) if conf.verbose <= 5: responseMsg += getUnicode(logHeaders) @@ -549,7 +527,9 @@ class Connect: return page, responseHeaders, code @staticmethod - def queryPage(value=None, place=None, content=False, getRatioValue=False, silent=False, method=None, timeBasedCompare=False, noteResponseTime=True, auxHeaders=None, response=False, raise404=None, removeReflection=True): + def queryPage(value=None, place=None, content=False, getRatioValue=False, silent=False, method=None, + timeBasedCompare=False, noteResponseTime=True, auxHeaders=None, response=False, raise404=None, + removeReflection=True): """ This method calls a function to get the target url page content and returns its page MD5 hash or a boolean value in case of @@ -614,7 +594,8 @@ class Connect: else: if place != PLACE.URI or (value and payload and '?' in value and value.find('?') < value.find(payload)): # GET, URI and Cookie need to be throughly URL encoded (POST is encoded down below) - payload = urlencode(payload, '%', False, True) if place in (PLACE.GET, PLACE.COOKIE, PLACE.URI) and not skipUrlEncode else payload + payload = urlencode(payload, '%', False, True) if place in ( + PLACE.GET, PLACE.COOKIE, PLACE.URI) and not skipUrlEncode else payload value = agent.replacePayload(value, payload) if place: @@ -630,7 +611,8 @@ class Connect: post = conf.parameters[PLACE.POST] if place != PLACE.POST or not value else value if PLACE.CUSTOM_POST in conf.parameters: - post = conf.parameters[PLACE.CUSTOM_POST].replace(CUSTOM_INJECTION_MARK_CHAR, "") if place != PLACE.CUSTOM_POST or not value else value + post = conf.parameters[PLACE.CUSTOM_POST].replace(CUSTOM_INJECTION_MARK_CHAR, + "") if place != PLACE.CUSTOM_POST or not value else value if PLACE.COOKIE in conf.parameters: cookie = conf.parameters[PLACE.COOKIE] if place != PLACE.COOKIE or not value else value @@ -655,7 +637,8 @@ class Connect: match = re.search("%s=(?P[^&;]+)" % randomParameter, paramString) if match: origValue = match.group("value") - retVal = re.sub("%s=[^&;]+" % randomParameter, "%s=%s" % (randomParameter, randomizeParameterValue(origValue)), paramString) + retVal = re.sub("%s=[^&;]+" % randomParameter, + "%s=%s" % (randomParameter, randomizeParameterValue(origValue)), paramString) return retVal for randomParameter in conf.rParam: @@ -737,7 +720,8 @@ class Connect: if conf.safUrl and conf.saFreq > 0: kb.queryCounter += 1 if kb.queryCounter % conf.saFreq == 0: - Connect.getPage(url=conf.safUrl, cookie=cookie, direct=True, silent=True, ua=ua, referer=referer, host=host) + Connect.getPage(url=conf.safUrl, cookie=cookie, direct=True, silent=True, ua=ua, referer=referer, + host=host) start = time.time() @@ -752,19 +736,25 @@ class Connect: auxHeaders[HTTPHEADER.RANGE] = "bytes=-1" - _, headers, code = Connect.getPage(url=uri, get=get, post=post, cookie=cookie, ua=ua, referer=referer, host=host, silent=silent, method=method, auxHeaders=auxHeaders, raise404=raise404) + _, headers, code = Connect.getPage(url=uri, get=get, post=post, cookie=cookie, ua=ua, referer=referer, + host=host, silent=silent, method=method, auxHeaders=auxHeaders, raise404=raise404) if headers: if kb.nullConnection == NULLCONNECTION.HEAD and HTTPHEADER.CONTENT_LENGTH in headers: pageLength = int(headers[HTTPHEADER.CONTENT_LENGTH]) elif kb.nullConnection == NULLCONNECTION.RANGE and HTTPHEADER.CONTENT_RANGE in headers: - pageLength = int(headers[HTTPHEADER.CONTENT_RANGE][headers[HTTPHEADER.CONTENT_RANGE].find('/') + 1:]) + pageLength = int( + headers[HTTPHEADER.CONTENT_RANGE][headers[HTTPHEADER.CONTENT_RANGE].find('/') + 1:]) if not pageLength: - page, headers, code = Connect.getPage(url=uri, get=get, post=post, cookie=cookie, ua=ua, referer=referer, host=host, silent=silent, method=method, auxHeaders=auxHeaders, response=response, raise404=raise404, ignoreTimeout=timeBasedCompare) + page, headers, code = Connect.getPage(url=uri, get=get, post=post, cookie=cookie, ua=ua, referer=referer, + host=host, silent=silent, method=method, auxHeaders=auxHeaders, response=response, raise404=raise404, + ignoreTimeout=timeBasedCompare) if conf.secondOrder: - page, headers, code = Connect.getPage(url=conf.secondOrder, cookie=cookie, ua=ua, silent=silent, auxHeaders=auxHeaders, response=response, raise404=False, ignoreTimeout=timeBasedCompare, refreshing=True) + page, headers, code = Connect.getPage(url=conf.secondOrder, cookie=cookie, ua=ua, silent=silent, + auxHeaders=auxHeaders, response=response, raise404=False, ignoreTimeout=timeBasedCompare, + refreshing=True) threadData.lastQueryDuration = calculateDeltaSeconds(start) @@ -788,7 +778,8 @@ class Connect: return page, headers if getRatioValue: - return comparison(page, headers, code, getRatioValue=False, pageLength=pageLength), comparison(page, headers, code, getRatioValue=True, pageLength=pageLength) + return comparison(page, headers, code, getRatioValue=False, pageLength=pageLength), comparison(page, + headers, code, getRatioValue=True, pageLength=pageLength) elif pageLength or page: return comparison(page, headers, code, getRatioValue, pageLength) else: diff --git a/lib/request/direct.py b/lib/request/direct.py index 098887d86..c22b96dcb 100644 --- a/lib/request/direct.py +++ b/lib/request/direct.py @@ -9,20 +9,11 @@ import time from extra.safe2bin.safe2bin import safecharencode from lib.core.agent import agent -from lib.core.common import Backend -from lib.core.common import calculateDeltaSeconds -from lib.core.common import extractExpectedValue -from lib.core.common import getCurrentThreadData -from lib.core.common import getUnicode -from lib.core.common import hashDBRetrieve -from lib.core.common import hashDBWrite -from lib.core.common import isListLike -from lib.core.data import conf -from lib.core.data import kb -from lib.core.data import logger +from lib.core.common import Backend, calculateDeltaSeconds, extractExpectedValue, getCurrentThreadData, \ + getUnicode, hashDBRetrieve, hashDBWrite, isListLike +from lib.core.data import conf, kb, logger from lib.core.dicts import SQL_STATEMENTS -from lib.core.enums import DBMS -from lib.core.enums import EXPECTED +from lib.core.enums import DBMS, EXPECTED from lib.core.settings import UNICODE_ENCODING from lib.utils.timeout import timeout diff --git a/lib/request/dns.py b/lib/request/dns.py index 16d77fbd7..6475216bc 100644 --- a/lib/request/dns.py +++ b/lib/request/dns.py @@ -4,9 +4,7 @@ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ - import os -import random import re import socket import threading diff --git a/lib/request/inject.py b/lib/request/inject.py index 80a150f5f..e5990fb39 100644 --- a/lib/request/inject.py +++ b/lib/request/inject.py @@ -10,41 +10,16 @@ import time from lib.core.agent import agent from lib.core.bigarray import BigArray -from lib.core.common import Backend -from lib.core.common import calculateDeltaSeconds -from lib.core.common import cleanQuery -from lib.core.common import expandAsteriskForColumns -from lib.core.common import extractExpectedValue -from lib.core.common import getPublicTypeMembers -from lib.core.common import hashDBRetrieve -from lib.core.common import hashDBWrite -from lib.core.common import initTechnique -from lib.core.common import isNoneValue -from lib.core.common import isNumPosStrValue -from lib.core.common import isTechniqueAvailable -from lib.core.common import parseUnionPage -from lib.core.common import popValue -from lib.core.common import pushValue -from lib.core.common import randomInt -from lib.core.common import readInput -from lib.core.common import safeStringFormat -from lib.core.common import singleTimeWarnMessage -from lib.core.data import conf -from lib.core.data import kb -from lib.core.data import logger -from lib.core.data import queries +from lib.core.common import Backend, calculateDeltaSeconds, cleanQuery, expandAsteriskForColumns, \ + extractExpectedValue, getPublicTypeMembers, hashDBRetrieve, hashDBWrite, initTechnique, \ + isNoneValue, isNumPosStrValue, isTechniqueAvailable, parseUnionPage, popValue, pushValue, readInput,\ + singleTimeWarnMessage +from lib.core.data import conf, kb, logger, queries from lib.core.dicts import FROM_DUMMY_TABLE -from lib.core.enums import CHARSET_TYPE -from lib.core.enums import DBMS -from lib.core.enums import EXPECTED -from lib.core.enums import PAYLOAD -from lib.core.exception import sqlmapNotVulnerableException -from lib.core.exception import sqlmapUserQuitException -from lib.core.settings import MIN_TIME_RESPONSES -from lib.core.settings import MAX_TECHNIQUES_PER_VALUE -from lib.core.settings import SQL_SCALAR_REGEX +from lib.core.enums import CHARSET_TYPE, DBMS, EXPECTED, PAYLOAD +from lib.core.exception import sqlmapNotVulnerableException, sqlmapUserQuitException +from lib.core.settings import MAX_TECHNIQUES_PER_VALUE, SQL_SCALAR_REGEX from lib.core.threads import getCurrentThreadData -from lib.core.unescaper import unescaper from lib.request.connect import Connect as Request from lib.request.direct import direct from lib.techniques.blind.inference import bisection diff --git a/lib/request/rangehandler.py b/lib/request/rangehandler.py index 7fe23d5b2..ab61879e7 100644 --- a/lib/request/rangehandler.py +++ b/lib/request/rangehandler.py @@ -18,7 +18,7 @@ class HTTPRangeHandler(urllib2.BaseHandler): This was extremely simple. The Range header is a HTTP feature to begin with so all this class does is tell urllib2 that the - "206 Partial Content" reponse from the HTTP server is what we + "206 Partial Content" response from the HTTP server is what we expected. Example: diff --git a/lib/request/redirecthandler.py b/lib/request/redirecthandler.py index 7062a9724..ef9507bb8 100644 --- a/lib/request/redirecthandler.py +++ b/lib/request/redirecthandler.py @@ -8,18 +8,11 @@ See the file 'doc/COPYING' for copying permission import urllib2 import urlparse -from lib.core.data import conf -from lib.core.data import kb -from lib.core.data import logger -from lib.core.common import getHostHeader -from lib.core.common import getUnicode -from lib.core.common import logHTTPTraffic -from lib.core.common import readInput -from lib.core.enums import HTTPHEADER -from lib.core.enums import REDIRECTION +from lib.core.data import kb, logger +from lib.core.common import getHostHeader, getUnicode, logHTTPTraffic, readInput +from lib.core.enums import HTTPHEADER, REDIRECTION from lib.core.exception import sqlmapConnectionException -from lib.core.settings import MAX_SINGLE_URL_REDIRECTIONS -from lib.core.settings import MAX_TOTAL_REDIRECTIONS +from lib.core.settings import MAX_SINGLE_URL_REDIRECTIONS, MAX_TOTAL_REDIRECTIONS from lib.core.threads import getCurrentThreadData from lib.request.basic import decodePage diff --git a/lib/takeover/abstraction.py b/lib/takeover/abstraction.py index f29a93e3a..3a21cd901 100644 --- a/lib/takeover/abstraction.py +++ b/lib/takeover/abstraction.py @@ -6,15 +6,9 @@ See the file 'doc/COPYING' for copying permission """ from extra.safe2bin.safe2bin import safechardecode -from lib.core.common import dataToStdout -from lib.core.common import Backend -from lib.core.common import getSQLSnippet -from lib.core.common import isTechniqueAvailable -from lib.core.common import readInput -from lib.core.data import conf -from lib.core.data import logger -from lib.core.enums import DBMS -from lib.core.enums import PAYLOAD +from lib.core.common import dataToStdout, Backend, getSQLSnippet, isTechniqueAvailable, readInput +from lib.core.data import conf, logger +from lib.core.enums import DBMS, PAYLOAD from lib.core.exception import sqlmapUnsupportedFeatureException from lib.core.shell import autoCompletion from lib.request import inject @@ -25,7 +19,7 @@ from lib.takeover.xp_cmdshell import xp_cmdshell class Abstraction(Web, UDF, xp_cmdshell): """ - This class defines an abstraction layer for OS takeover functionalities + This class defines an abstraction layer for OS takeover functionality to UDF / xp_cmdshell objects """ @@ -166,10 +160,10 @@ class Abstraction(Web, UDF, xp_cmdshell): expression = getSQLSnippet(DBMS.MSSQL, "configure_openrowset", ENABLE="1") inject.goStacked(expression) - # TODO: add support for PostgreSQL - #elif Backend.isDbms(DBMS.PGSQL): - # expression = getSQLSnippet(DBMS.PGSQL, "configure_dblink", ENABLE="1") - # inject.goStacked(expression) + # TODO: add support for PostgreSQL + #elif Backend.isDbms(DBMS.PGSQL): + # expression = getSQLSnippet(DBMS.PGSQL, "configure_dblink", ENABLE="1") + # inject.goStacked(expression) def initEnv(self, mandatory=True, detailed=False, web=False): self.__initRunAs() diff --git a/lib/takeover/icmpsh.py b/lib/takeover/icmpsh.py index 240ed1e46..d3a03ba48 100644 --- a/lib/takeover/icmpsh.py +++ b/lib/takeover/icmpsh.py @@ -9,18 +9,11 @@ import os import time from extra.icmpsh.icmpsh_m import main as icmpshmaster -from lib.core.common import getLocalIP -from lib.core.common import getRemoteIP -from lib.core.common import normalizePath -from lib.core.common import ntToPosixSlashes -from lib.core.common import randomStr -from lib.core.common import readInput -from lib.core.data import conf -from lib.core.data import logger -from lib.core.data import paths +from lib.core.common import getLocalIP, getRemoteIP, normalizePath, ntToPosixSlashes, randomStr, readInput +from lib.core.data import conf, logger, paths -class ICMPsh: +class ICMPsh(object): """ This class defines methods to call icmpsh for plugins. """ diff --git a/lib/takeover/metasploit.py b/lib/takeover/metasploit.py index 3dd3c8dc8..4b6cfb4a4 100644 --- a/lib/takeover/metasploit.py +++ b/lib/takeover/metasploit.py @@ -12,35 +12,18 @@ import sys import time from select import select -from subprocess import PIPE -from subprocess import Popen as execute +from subprocess import PIPE, Popen as execute -from lib.core.common import dataToStdout -from lib.core.common import Backend -from lib.core.common import getLocalIP -from lib.core.common import getRemoteIP -from lib.core.common import getUnicode -from lib.core.common import normalizePath -from lib.core.common import ntToPosixSlashes -from lib.core.common import randomRange -from lib.core.common import randomStr -from lib.core.common import readInput -from lib.core.data import conf -from lib.core.data import logger -from lib.core.data import paths -from lib.core.enums import DBMS -from lib.core.enums import OS -from lib.core.exception import sqlmapDataException -from lib.core.exception import sqlmapFilePathException -from lib.core.settings import IS_WIN -from lib.core.settings import UNICODE_ENCODING -from lib.core.subprocessng import blockingReadFromFD -from lib.core.subprocessng import blockingWriteToFD -from lib.core.subprocessng import pollProcess -from lib.core.subprocessng import setNonBlocking +from lib.core.common import dataToStdout, Backend, getLocalIP, getRemoteIP, getUnicode, normalizePath,\ + ntToPosixSlashes, randomRange, randomStr, readInput +from lib.core.data import conf, logger, paths +from lib.core.enums import DBMS, OS +from lib.core.exception import sqlmapDataException, sqlmapFilePathException +from lib.core.settings import IS_WIN, UNICODE_ENCODING +from lib.core.subprocessng import blockingReadFromFD, blockingWriteToFD, pollProcess, setNonBlocking -class Metasploit: +class Metasploit(object): """ This class defines methods to call Metasploit for plugins. """ @@ -66,60 +49,64 @@ class Metasploit: self.__msfPayload = "%s & ruby %s" % (_, self.__msfPayload) self.__msfPayloadsList = { - "windows": { - 1: ( "Meterpreter (default)", "windows/meterpreter" ), - 2: ( "Shell", "windows/shell" ), - 3: ( "VNC", "windows/vncinject" ), - }, - "linux": { - 1: ( "Shell (default)", "linux/x86/shell" ), - 2: ( "Meterpreter (beta)", "linux/x86/meterpreter" ), - } - } + "windows": { + 1: ( "Meterpreter (default)", "windows/meterpreter" ), + 2: ( "Shell", "windows/shell" ), + 3: ( "VNC", "windows/vncinject" ), + }, + "linux": { + 1: ( "Shell (default)", "linux/x86/shell" ), + 2: ( "Meterpreter (beta)", "linux/x86/meterpreter" ), + } + } self.__msfConnectionsList = { - "windows": { - 1: ( "Reverse TCP: Connect back from the database host to this machine (default)", "reverse_tcp" ), - 2: ( "Reverse TCP: Try to connect back from the database host to this machine, on all ports between the specified and 65535", "reverse_tcp_allports" ), - 3: ( "Reverse HTTP: Connect back from the database host to this machine tunnelling traffic over HTTP", "reverse_http" ), - 4: ( "Reverse HTTPS: Connect back from the database host to this machine tunnelling traffic over HTTPS", "reverse_https" ), - 5: ( "Bind TCP: Listen on the database host for a connection", "bind_tcp" ) - }, - "linux": { - 1: ( "Reverse TCP: Connect back from the database host to this machine (default)", "reverse_tcp" ), - 2: ( "Bind TCP: Listen on the database host for a connection", "bind_tcp" ), - } - } + "windows": { + 1: ( "Reverse TCP: Connect back from the database host to this machine (default)", "reverse_tcp" ), + 2: ( + "Reverse TCP: Try to connect back from the database host to this machine, on all ports between the specified and 65535", + "reverse_tcp_allports" ), + 3: ("Reverse HTTP: Connect back from the database host to this machine tunnelling traffic over HTTP", + "reverse_http" ), + 4: ("Reverse HTTPS: Connect back from the database host to this machine tunnelling traffic over HTTPS", + "reverse_https" ), + 5: ( "Bind TCP: Listen on the database host for a connection", "bind_tcp" ) + }, + "linux": { + 1: ( "Reverse TCP: Connect back from the database host to this machine (default)", "reverse_tcp" ), + 2: ( "Bind TCP: Listen on the database host for a connection", "bind_tcp" ), + } + } self.__msfEncodersList = { - "windows": { - 1: ( "No Encoder", "generic/none" ), - 2: ( "Alpha2 Alphanumeric Mixedcase Encoder", "x86/alpha_mixed" ), - 3: ( "Alpha2 Alphanumeric Uppercase Encoder", "x86/alpha_upper" ), - 4: ( "Avoid UTF8/tolower", "x86/avoid_utf8_tolower" ), - 5: ( "Call+4 Dword XOR Encoder", "x86/call4_dword_xor" ), - 6: ( "Single-byte XOR Countdown Encoder", "x86/countdown" ), - 7: ( "Variable-length Fnstenv/mov Dword XOR Encoder", "x86/fnstenv_mov" ), - 8: ( "Polymorphic Jump/Call XOR Additive Feedback Encoder", "x86/jmp_call_additive" ), - 9: ( "Non-Alpha Encoder", "x86/nonalpha" ), - 10: ( "Non-Upper Encoder", "x86/nonupper" ), - 11: ( "Polymorphic XOR Additive Feedback Encoder (default)", "x86/shikata_ga_nai" ), - 12: ( "Alpha2 Alphanumeric Unicode Mixedcase Encoder", "x86/unicode_mixed" ), - 13: ( "Alpha2 Alphanumeric Unicode Uppercase Encoder", "x86/unicode_upper" ), - } - } + "windows": { + 1: ( "No Encoder", "generic/none" ), + 2: ( "Alpha2 Alphanumeric Mixedcase Encoder", "x86/alpha_mixed" ), + 3: ( "Alpha2 Alphanumeric Uppercase Encoder", "x86/alpha_upper" ), + 4: ( "Avoid UTF8/tolower", "x86/avoid_utf8_tolower" ), + 5: ( "Call+4 Dword XOR Encoder", "x86/call4_dword_xor" ), + 6: ( "Single-byte XOR Countdown Encoder", "x86/countdown" ), + 7: ( "Variable-length Fnstenv/mov Dword XOR Encoder", "x86/fnstenv_mov" ), + 8: ( "Polymorphic Jump/Call XOR Additive Feedback Encoder", "x86/jmp_call_additive" ), + 9: ( "Non-Alpha Encoder", "x86/nonalpha" ), + 10: ( "Non-Upper Encoder", "x86/nonupper" ), + 11: ( "Polymorphic XOR Additive Feedback Encoder (default)", "x86/shikata_ga_nai" ), + 12: ( "Alpha2 Alphanumeric Unicode Mixedcase Encoder", "x86/unicode_mixed" ), + 13: ( "Alpha2 Alphanumeric Unicode Uppercase Encoder", "x86/unicode_upper" ), + } + } self.__msfSMBPortsList = { - "windows": { - 1: ( "139/TCP", "139" ), - 2: ( "445/TCP (default)", "445" ), - } - } + "windows": { + 1: ( "139/TCP", "139" ), + 2: ( "445/TCP (default)", "445" ), + } + } self.__portData = { - "bind": "remote port number", - "reverse": "local port number", - } + "bind": "remote port number", + "reverse": "local port number", + } def __skeletonSelection(self, msg, lst=None, maxValue=1, default=1): if Backend.isOs(OS.WINDOWS): @@ -360,7 +347,8 @@ class Metasploit: self.__payloadCmd += " PrependChrootBreak=true PrependSetuid=true" if extra == "BufferRegister=EAX": - self.__payloadCmd += " R | %s -a x86 -e %s -o \"%s\" -t %s" % (self.__msfEncode, self.encoderStr, outFile, format) + self.__payloadCmd += " R | %s -a x86 -e %s -o \"%s\" -t %s" % ( + self.__msfEncode, self.encoderStr, outFile, format) if extra is not None: self.__payloadCmd += " %s" % extra diff --git a/lib/takeover/registry.py b/lib/takeover/registry.py index f8a1a9823..8bda2500b 100644 --- a/lib/takeover/registry.py +++ b/lib/takeover/registry.py @@ -32,19 +32,19 @@ class Registry: readParse = "REG QUERY \"" + self.__regKey + "\" /v \"" + self.__regValue + "\"" self.__batRead = ( - "@ECHO OFF\r\n", - readParse - ) + "@ECHO OFF\r\n", + readParse + ) self.__batAdd = ( - "@ECHO OFF\r\n", - "REG ADD \"%s\" /v \"%s\" /t %s /d %s /f" % (self.__regKey, self.__regValue, self.__regType, self.__regData) - ) + "@ECHO OFF\r\n", + "REG ADD \"%s\" /v \"%s\" /t %s /d %s /f" % (self.__regKey, self.__regValue, self.__regType, self.__regData) + ) self.__batDel = ( - "@ECHO OFF\r\n", - "REG DELETE \"%s\" /v \"%s\" /f" % (self.__regKey, self.__regValue) - ) + "@ECHO OFF\r\n", + "REG DELETE \"%s\" /v \"%s\" /f" % (self.__regKey, self.__regValue) + ) def __createLocalBatchFile(self): self.__batPathFp = open(self.__batPathLocal, "w") diff --git a/lib/takeover/udf.py b/lib/takeover/udf.py index 875ffc52c..8d91c2c9e 100644 --- a/lib/takeover/udf.py +++ b/lib/takeover/udf.py @@ -8,28 +8,16 @@ See the file 'doc/COPYING' for copying permission import os from lib.core.agent import agent -from lib.core.common import dataToStdout -from lib.core.common import Backend -from lib.core.common import isTechniqueAvailable -from lib.core.common import readInput -from lib.core.data import conf -from lib.core.data import kb -from lib.core.data import logger -from lib.core.data import queries -from lib.core.enums import DBMS -from lib.core.enums import CHARSET_TYPE -from lib.core.enums import EXPECTED -from lib.core.enums import OS -from lib.core.enums import PAYLOAD +from lib.core.common import dataToStdout, Backend, isTechniqueAvailable, readInput +from lib.core.data import conf, logger, queries +from lib.core.enums import DBMS, CHARSET_TYPE, EXPECTED, OS, PAYLOAD from lib.core.common import unArrayizeValue -from lib.core.exception import sqlmapFilePathException -from lib.core.exception import sqlmapMissingMandatoryOptionException -from lib.core.exception import sqlmapUnsupportedFeatureException -from lib.core.exception import sqlmapUserQuitException +from lib.core.exception import sqlmapFilePathException, sqlmapMissingMandatoryOptionException, \ + sqlmapUnsupportedFeatureException, sqlmapUserQuitException from lib.core.unescaper import unescaper from lib.request import inject -class UDF: +class UDF(object): """ This class defines methods to deal with User-Defined Functions for plugins. diff --git a/lib/takeover/web.py b/lib/takeover/web.py index 7963eae39..420c3b0cb 100644 --- a/lib/takeover/web.py +++ b/lib/takeover/web.py @@ -14,42 +14,19 @@ from tempfile import mkstemp from extra.cloak.cloak import decloak from lib.core.agent import agent -from lib.core.common import arrayizeValue -from lib.core.common import Backend -from lib.core.common import decloakToNamedStream -from lib.core.common import extractRegexResult -from lib.core.common import getDirs -from lib.core.common import getDocRoot -from lib.core.common import getPublicTypeMembers -from lib.core.common import getSQLSnippet -from lib.core.common import getUnicode -from lib.core.common import ntToPosixSlashes -from lib.core.common import isTechniqueAvailable -from lib.core.common import isWindowsDriveLetterPath -from lib.core.common import normalizePath -from lib.core.common import posixToNtSlashes -from lib.core.common import randomInt -from lib.core.common import randomStr -from lib.core.common import readInput -from lib.core.common import singleTimeWarnMessage -from lib.core.convert import hexencode -from lib.core.convert import utf8encode -from lib.core.data import conf -from lib.core.data import kb -from lib.core.data import logger -from lib.core.data import paths -from lib.core.enums import DBMS -from lib.core.enums import OS -from lib.core.enums import PAYLOAD -from lib.core.enums import WEB_API -from lib.core.settings import EVENTVALIDATION_REGEX -from lib.core.settings import VIEWSTATE_REGEX +from lib.core.common import arrayizeValue, Backend, decloakToNamedStream, extractRegexResult, getDirs, getDocRoot, \ + getPublicTypeMembers, getSQLSnippet, getUnicode, ntToPosixSlashes, isTechniqueAvailable, isWindowsDriveLetterPath,\ + normalizePath, posixToNtSlashes, randomInt, randomStr, readInput, singleTimeWarnMessage +from lib.core.convert import hexencode, utf8encode +from lib.core.data import conf, kb, logger, paths +from lib.core.enums import DBMS, OS, PAYLOAD, WEB_API +from lib.core.settings import EVENTVALIDATION_REGEX, VIEWSTATE_REGEX from lib.request.connect import Connect as Request -class Web: +class Web(object): """ - This class defines web-oriented OS takeover functionalities for + This class defines web-oriented OS takeover functionality for plugins. """ diff --git a/lib/takeover/xp_cmdshell.py b/lib/takeover/xp_cmdshell.py index d7b024b66..75391ecce 100644 --- a/lib/takeover/xp_cmdshell.py +++ b/lib/takeover/xp_cmdshell.py @@ -6,34 +6,16 @@ See the file 'doc/COPYING' for copying permission """ from lib.core.agent import agent -from lib.core.common import Backend -from lib.core.common import getLimitRange -from lib.core.common import getSQLSnippet -from lib.core.common import hashDBWrite -from lib.core.common import isListLike -from lib.core.common import isNoneValue -from lib.core.common import isNumPosStrValue -from lib.core.common import isTechniqueAvailable -from lib.core.common import pushValue -from lib.core.common import popValue -from lib.core.common import randomStr -from lib.core.common import readInput -from lib.core.common import wasLastRequestDelayed +from lib.core.common import Backend, getLimitRange, getSQLSnippet, hashDBWrite, isListLike, isNoneValue, \ + isNumPosStrValue, isTechniqueAvailable, pushValue, popValue, randomStr, readInput, wasLastRequestDelayed from lib.core.convert import hexencode -from lib.core.data import conf -from lib.core.data import kb -from lib.core.data import logger -from lib.core.enums import CHARSET_TYPE -from lib.core.enums import DBMS -from lib.core.enums import EXPECTED -from lib.core.enums import HASHDB_KEYS -from lib.core.enums import PAYLOAD +from lib.core.data import conf, kb, logger +from lib.core.enums import CHARSET_TYPE, DBMS, EXPECTED, HASHDB_KEYS, PAYLOAD from lib.core.exception import sqlmapUnsupportedFeatureException from lib.core.threads import getCurrentThreadData -from lib.core.unescaper import unescaper from lib.request import inject -class xp_cmdshell: +class xp_cmdshell(object): """ This class defines methods to deal with Microsoft SQL Server xp_cmdshell extended procedure for plugins. diff --git a/lib/techniques/__init__.py b/lib/techniques/__init__.py index 72630d2e8..b04606ac5 100644 --- a/lib/techniques/__init__.py +++ b/lib/techniques/__init__.py @@ -5,4 +5,3 @@ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ -pass diff --git a/lib/techniques/blind/__init__.py b/lib/techniques/blind/__init__.py index 72630d2e8..b04606ac5 100644 --- a/lib/techniques/blind/__init__.py +++ b/lib/techniques/blind/__init__.py @@ -5,4 +5,3 @@ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ -pass diff --git a/lib/techniques/blind/inference.py b/lib/techniques/blind/inference.py index 028749c29..58d211340 100644 --- a/lib/techniques/blind/inference.py +++ b/lib/techniques/blind/inference.py @@ -5,49 +5,22 @@ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ -import re import threading import time from extra.safe2bin.safe2bin import safecharencode from lib.core.agent import agent -from lib.core.common import Backend -from lib.core.common import calculateDeltaSeconds -from lib.core.common import dataToStdout -from lib.core.common import decodeHexValue -from lib.core.common import decodeIntToUnicode -from lib.core.common import filterControlChars -from lib.core.common import getCharset -from lib.core.common import getCounter -from lib.core.common import goGoodSamaritan -from lib.core.common import getPartRun -from lib.core.common import hashDBRetrieve -from lib.core.common import hashDBWrite -from lib.core.common import incrementCounter -from lib.core.common import randomStr -from lib.core.common import safeStringFormat -from lib.core.common import singleTimeWarnMessage -from lib.core.data import conf -from lib.core.data import kb -from lib.core.data import logger -from lib.core.data import queries -from lib.core.enums import ADJUST_TIME_DELAY -from lib.core.enums import CHARSET_TYPE -from lib.core.enums import DBMS -from lib.core.enums import PAYLOAD +from lib.core.common import Backend, calculateDeltaSeconds, dataToStdout, decodeHexValue, decodeIntToUnicode,\ + filterControlChars, getCharset, getCounter, goGoodSamaritan, getPartRun, hashDBRetrieve, hashDBWrite,\ + incrementCounter, safeStringFormat, singleTimeWarnMessage +from lib.core.data import conf, kb, logger, queries +from lib.core.enums import ADJUST_TIME_DELAY, CHARSET_TYPE, DBMS, PAYLOAD from lib.core.exception import sqlmapThreadException from lib.core.progress import ProgressBar -from lib.core.settings import CHAR_INFERENCE_MARK -from lib.core.settings import INFERENCE_BLANK_BREAK -from lib.core.settings import INFERENCE_UNKNOWN_CHAR -from lib.core.settings import INFERENCE_GREATER_CHAR -from lib.core.settings import INFERENCE_EQUALS_CHAR -from lib.core.settings import INFERENCE_NOT_EQUALS_CHAR -from lib.core.settings import MAX_TIME_REVALIDATION_STEPS -from lib.core.settings import PARTIAL_VALUE_MARKER -from lib.core.settings import VALID_TIME_CHARS_RUN_THRESHOLD -from lib.core.threads import getCurrentThreadData -from lib.core.threads import runThreads +from lib.core.settings import CHAR_INFERENCE_MARK, INFERENCE_BLANK_BREAK, INFERENCE_UNKNOWN_CHAR,\ + INFERENCE_GREATER_CHAR, INFERENCE_EQUALS_CHAR, INFERENCE_NOT_EQUALS_CHAR, MAX_TIME_REVALIDATION_STEPS,\ + PARTIAL_VALUE_MARKER, VALID_TIME_CHARS_RUN_THRESHOLD +from lib.core.threads import getCurrentThreadData, runThreads from lib.core.unescaper import unescaper from lib.request.connect import Connect as Request diff --git a/lib/techniques/brute/__init__.py b/lib/techniques/brute/__init__.py index 72630d2e8..b04606ac5 100644 --- a/lib/techniques/brute/__init__.py +++ b/lib/techniques/brute/__init__.py @@ -5,4 +5,3 @@ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ -pass diff --git a/lib/techniques/brute/use.py b/lib/techniques/brute/use.py index 564165da6..06af51c73 100644 --- a/lib/techniques/brute/use.py +++ b/lib/techniques/brute/use.py @@ -7,37 +7,19 @@ See the file 'doc/COPYING' for copying permission import time -from lib.core.common import clearConsoleLine -from lib.core.common import dataToStdout -from lib.core.common import filterListValue -from lib.core.common import getFileItems -from lib.core.common import Backend -from lib.core.common import getPageWordSet -from lib.core.common import hashDBRetrieve -from lib.core.common import hashDBWrite -from lib.core.common import randomInt -from lib.core.common import randomStr -from lib.core.common import safeStringFormat -from lib.core.common import safeSQLIdentificatorNaming -from lib.core.data import conf -from lib.core.data import kb -from lib.core.data import logger -from lib.core.enums import DBMS -from lib.core.enums import HASHDB_KEYS -from lib.core.exception import sqlmapDataException -from lib.core.exception import sqlmapMissingMandatoryOptionException -from lib.core.settings import METADB_SUFFIX -from lib.core.settings import BRUTE_COLUMN_EXISTS_TEMPLATE -from lib.core.settings import BRUTE_TABLE_EXISTS_TEMPLATE -from lib.core.threads import getCurrentThreadData -from lib.core.threads import runThreads +from lib.core.common import clearConsoleLine, dataToStdout, filterListValue, getFileItems, Backend, \ + getPageWordSet, hashDBWrite, randomInt, randomStr, safeStringFormat, safeSQLIdentificatorNaming +from lib.core.data import conf, kb, logger +from lib.core.enums import DBMS, HASHDB_KEYS +from lib.core.exception import sqlmapDataException, sqlmapMissingMandatoryOptionException +from lib.core.settings import METADB_SUFFIX, BRUTE_COLUMN_EXISTS_TEMPLATE, BRUTE_TABLE_EXISTS_TEMPLATE +from lib.core.threads import getCurrentThreadData, runThreads from lib.request import inject def __addPageTextWords(): wordsList = [] - infoMsg = "adding words used on web page to the check list" - logger.info(infoMsg) + logger.info("adding words used on web page to the check list") pageWords = getPageWordSet(kb.originalPage) for word in pageWords: @@ -58,8 +40,7 @@ def tableExists(tableFile, regex=None): tables = getFileItems(tableFile, lowercase=Backend.getIdentifiedDbms() in (DBMS.ACCESS,), unique=True) - infoMsg = "checking table existence using items from '%s'" % tableFile - logger.info(infoMsg) + logger.info("checking table existence using items from '%s'" % tableFile) tables.extend(__addPageTextWords()) tables = filterListValue(tables, regex) diff --git a/lib/techniques/dns/__init__.py b/lib/techniques/dns/__init__.py index 72630d2e8..b04606ac5 100644 --- a/lib/techniques/dns/__init__.py +++ b/lib/techniques/dns/__init__.py @@ -5,4 +5,3 @@ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ -pass diff --git a/lib/techniques/dns/test.py b/lib/techniques/dns/test.py index 9b5d19557..e5fbc4246 100644 --- a/lib/techniques/dns/test.py +++ b/lib/techniques/dns/test.py @@ -7,9 +7,7 @@ See the file 'doc/COPYING' for copying permission from lib.core.common import Backend from lib.core.common import randomInt -from lib.core.data import conf -from lib.core.data import kb -from lib.core.data import logger +from lib.core.data import conf, kb, logger from lib.core.dicts import FROM_DUMMY_TABLE from lib.core.exception import sqlmapNotVulnerableException from lib.techniques.dns.use import dnsUse @@ -19,7 +17,8 @@ def dnsTest(payload): logger.info("testing for data retrieval through DNS channel") randInt = randomInt() - kb.dnsTest = dnsUse(payload, "SELECT %d%s" % (randInt, FROM_DUMMY_TABLE.get(Backend.getIdentifiedDbms(), ""))) == str(randInt) + kb.dnsTest = dnsUse(payload, + "SELECT %d%s" % (randInt, FROM_DUMMY_TABLE.get(Backend.getIdentifiedDbms(), ""))) == str(randInt) if not kb.dnsTest: errMsg = "data retrieval through DNS channel failed" diff --git a/lib/techniques/dns/use.py b/lib/techniques/dns/use.py index 150e40aa8..ed03a1392 100644 --- a/lib/techniques/dns/use.py +++ b/lib/techniques/dns/use.py @@ -7,23 +7,11 @@ See the file 'doc/COPYING' for copying permission import re import time -import string from extra.safe2bin.safe2bin import safecharencode from lib.core.agent import agent -from lib.core.common import Backend -from lib.core.common import calculateDeltaSeconds -from lib.core.common import dataToStdout -from lib.core.common import decodeHexValue -from lib.core.common import extractRegexResult -from lib.core.common import getSQLSnippet -from lib.core.common import hashDBRetrieve -from lib.core.common import hashDBWrite -from lib.core.common import randomInt -from lib.core.common import randomStr -from lib.core.common import safecharencode -from lib.core.common import safeStringFormat -from lib.core.common import singleTimeWarnMessage +from lib.core.common import Backend, calculateDeltaSeconds, dataToStdout, decodeHexValue, extractRegexResult,\ + getSQLSnippet, hashDBRetrieve, hashDBWrite, randomInt, randomStr, safeStringFormat, singleTimeWarnMessage from lib.core.data import conf from lib.core.data import kb from lib.core.data import logger diff --git a/lib/techniques/error/__init__.py b/lib/techniques/error/__init__.py index 72630d2e8..b04606ac5 100644 --- a/lib/techniques/error/__init__.py +++ b/lib/techniques/error/__init__.py @@ -5,4 +5,3 @@ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ -pass diff --git a/lib/techniques/error/use.py b/lib/techniques/error/use.py index 8a7cd61a1..ffa63c969 100644 --- a/lib/techniques/error/use.py +++ b/lib/techniques/error/use.py @@ -11,38 +11,16 @@ import time from extra.safe2bin.safe2bin import safecharencode from lib.core.agent import agent from lib.core.bigarray import BigArray -from lib.core.common import Backend -from lib.core.common import calculateDeltaSeconds -from lib.core.common import dataToStdout -from lib.core.common import decodeHexValue -from lib.core.common import extractRegexResult -from lib.core.common import getUnicode -from lib.core.common import hashDBRetrieve -from lib.core.common import hashDBWrite -from lib.core.common import incrementCounter -from lib.core.common import initTechnique -from lib.core.common import isListLike -from lib.core.common import isNumPosStrValue -from lib.core.common import listToStrValue -from lib.core.common import readInput +from lib.core.common import Backend, calculateDeltaSeconds, dataToStdout, decodeHexValue, extractRegexResult,\ + getUnicode, hashDBRetrieve, hashDBWrite, incrementCounter, initTechnique, isListLike, isNumPosStrValue,\ + listToStrValue, readInput from lib.core.convert import htmlunescape -from lib.core.data import conf -from lib.core.data import kb -from lib.core.data import logger -from lib.core.data import queries +from lib.core.data import conf, kb, logger, queries from lib.core.dicts import FROM_DUMMY_TABLE from lib.core.enums import DBMS -from lib.core.enums import PAYLOAD -from lib.core.settings import CHECK_ZERO_COLUMNS_THRESHOLD -from lib.core.settings import MYSQL_ERROR_CHUNK_LENGTH -from lib.core.settings import MSSQL_ERROR_CHUNK_LENGTH -from lib.core.settings import NULL -from lib.core.settings import PARTIAL_VALUE_MARKER -from lib.core.settings import SLOW_ORDER_COUNT_THRESHOLD -from lib.core.settings import SQL_SCALAR_REGEX -from lib.core.settings import TURN_OFF_RESUME_INFO_LIMIT -from lib.core.threads import getCurrentThreadData -from lib.core.threads import runThreads +from lib.core.settings import CHECK_ZERO_COLUMNS_THRESHOLD, MYSQL_ERROR_CHUNK_LENGTH, MSSQL_ERROR_CHUNK_LENGTH, \ + NULL, PARTIAL_VALUE_MARKER, SLOW_ORDER_COUNT_THRESHOLD, SQL_SCALAR_REGEX, TURN_OFF_RESUME_INFO_LIMIT +from lib.core.threads import getCurrentThreadData, runThreads from lib.core.unescaper import unescaper from lib.request.connect import Connect as Request diff --git a/lib/techniques/union/use.py b/lib/techniques/union/use.py index 6d85decec..3d0d4690d 100644 --- a/lib/techniques/union/use.py +++ b/lib/techniques/union/use.py @@ -11,39 +11,17 @@ import time from extra.safe2bin.safe2bin import safecharencode from lib.core.agent import agent from lib.core.bigarray import BigArray -from lib.core.common import arrayizeValue -from lib.core.common import Backend -from lib.core.common import calculateDeltaSeconds -from lib.core.common import clearConsoleLine -from lib.core.common import dataToStdout -from lib.core.common import extractRegexResult -from lib.core.common import flattenValue -from lib.core.common import getConsoleWidth -from lib.core.common import getUnicode -from lib.core.common import hashDBRetrieve -from lib.core.common import hashDBWrite -from lib.core.common import incrementCounter -from lib.core.common import initTechnique -from lib.core.common import isNoneValue -from lib.core.common import isNumPosStrValue -from lib.core.common import listToStrValue -from lib.core.common import parseUnionPage -from lib.core.common import removeReflectiveValues -from lib.core.common import singleTimeWarnMessage -from lib.core.common import wasLastRequestDBMSError +from lib.core.common import arrayizeValue, Backend, calculateDeltaSeconds, clearConsoleLine, dataToStdout, \ + extractRegexResult, flattenValue, getConsoleWidth, getUnicode, hashDBRetrieve, hashDBWrite, incrementCounter, \ + initTechnique, isNoneValue, isNumPosStrValue, listToStrValue, parseUnionPage, removeReflectiveValues,\ + singleTimeWarnMessage, wasLastRequestDBMSError from lib.core.convert import htmlunescape -from lib.core.data import conf -from lib.core.data import kb -from lib.core.data import logger -from lib.core.data import queries +from lib.core.data import conf,kb, logger, queries from lib.core.dicts import FROM_DUMMY_TABLE -from lib.core.enums import DBMS -from lib.core.enums import PAYLOAD +from lib.core.enums import DBMS, PAYLOAD from lib.core.exception import sqlmapSyntaxException -from lib.core.settings import SQL_SCALAR_REGEX -from lib.core.settings import TURN_OFF_RESUME_INFO_LIMIT -from lib.core.threads import getCurrentThreadData -from lib.core.threads import runThreads +from lib.core.settings import SQL_SCALAR_REGEX, TURN_OFF_RESUME_INFO_LIMIT +from lib.core.threads import getCurrentThreadData, runThreads from lib.core.unescaper import unescaper from lib.request.connect import Connect as Request diff --git a/lib/utils/checkpayload.py b/lib/utils/checkpayload.py index f685c2d91..c95f7c1f0 100644 --- a/lib/utils/checkpayload.py +++ b/lib/utils/checkpayload.py @@ -5,21 +5,19 @@ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ -import re +from re import sub, search -from lib.core.common import readXmlFile -from lib.core.common import urldecode -from lib.core.data import paths -from lib.core.data import logger +from lib.core.common import readXmlFile, urldecode +from lib.core.data import paths, logger rules = None def __adjustGrammar(string): - string = re.sub('\ADetects', 'Detected', string) - string = re.sub('\Afinds', 'Found', string) - string = re.sub('attempts\Z', 'attempt', string) - string = re.sub('injections\Z', 'injection', string) - string = re.sub('attacks\Z', 'attack', string) + string = sub('\ADetects', 'Detected', string) + string = sub('\Afinds', 'Found', string) + string = sub('attempts\Z', 'attempt', string) + string = sub('injections\Z', 'injection', string) + string = sub('attacks\Z', 'attack', string) return string @@ -48,7 +46,7 @@ def checkPayload(payload): if payload: for rule, desc in rules: - if re.search(rule, payload): + if search(rule, payload): detected = True logger.warn("highly probable IDS/IPS detection: '%s: %s'" % (desc, payload)) diff --git a/lib/utils/crawler.py b/lib/utils/crawler.py index 784b17022..c7f27d4a6 100644 --- a/lib/utils/crawler.py +++ b/lib/utils/crawler.py @@ -10,17 +10,11 @@ import re import urlparse import time -from lib.core.common import clearConsoleLine -from lib.core.common import dataToStdout -from lib.core.common import findPageForms -from lib.core.common import singleTimeWarnMessage -from lib.core.data import conf -from lib.core.data import kb -from lib.core.data import logger +from lib.core.common import clearConsoleLine, dataToStdout, findPageForms, singleTimeWarnMessage +from lib.core.data import conf, kb, logger from lib.core.exception import sqlmapConnectionException from lib.core.settings import CRAWL_EXCLUDE_EXTENSIONS -from lib.core.threads import getCurrentThreadData -from lib.core.threads import runThreads +from lib.core.threads import getCurrentThreadData, runThreads from lib.request.connect import Connect as Request from thirdparty.beautifulsoup.beautifulsoup import BeautifulSoup from thirdparty.oset.pyoset import oset diff --git a/lib/utils/google.py b/lib/utils/google.py index a95b458c9..cb7a00a0f 100644 --- a/lib/utils/google.py +++ b/lib/utils/google.py @@ -12,21 +12,12 @@ import socket import urllib import urllib2 -from lib.core.common import getUnicode -from lib.core.common import readInput -from lib.core.common import urldecode -from lib.core.common import urlencode -from lib.core.data import conf -from lib.core.data import kb -from lib.core.data import logger -from lib.core.exception import sqlmapConnectionException -from lib.core.exception import sqlmapGenericException -from lib.core.settings import GOOGLE_REGEX -from lib.core.settings import UNICODE_ENCODING -from lib.core.settings import URI_INJECTABLE_REGEX -from lib.request.basic import decodePage +from lib.core.common import getUnicode, urlencode +from lib.core.data import conf, logger +from lib.core.exception import sqlmapConnectionException, sqlmapGenericException +from lib.core.settings import GOOGLE_REGEX, UNICODE_ENCODING, decodePage -class Google: +class Google(object): """ This class defines methods used to perform Google dorking (command line option '-g ' diff --git a/lib/utils/hash.py b/lib/utils/hash.py index f925c5e1a..17d1d5e9b 100644 --- a/lib/utils/hash.py +++ b/lib/utils/hash.py @@ -30,43 +30,16 @@ from hashlib import md5 from hashlib import sha1 from Queue import Queue -from lib.core.common import Backend -from lib.core.common import checkFile -from lib.core.common import clearConsoleLine -from lib.core.common import dataToStdout -from lib.core.common import getFileItems -from lib.core.common import getPublicTypeMembers -from lib.core.common import hashDBRetrieve -from lib.core.common import hashDBWrite -from lib.core.common import normalizeUnicode -from lib.core.common import paths -from lib.core.common import readInput -from lib.core.common import singleTimeLogMessage -from lib.core.common import singleTimeWarnMessage -from lib.core.convert import hexdecode -from lib.core.convert import hexencode -from lib.core.convert import utf8encode -from lib.core.data import conf -from lib.core.data import kb -from lib.core.data import logger -from lib.core.enums import DBMS -from lib.core.enums import HASH -from lib.core.exception import sqlmapFilePathException -from lib.core.exception import sqlmapUserQuitException -from lib.core.settings import COMMON_PASSWORD_SUFFIXES -from lib.core.settings import COMMON_USER_COLUMNS -from lib.core.settings import DUMMY_USER_PREFIX -from lib.core.settings import HASH_MOD_ITEM_DISPLAY -from lib.core.settings import HASH_RECOGNITION_QUIT_THRESHOLD -from lib.core.settings import IS_WIN -from lib.core.settings import ITOA64 -from lib.core.settings import ML -from lib.core.settings import NULL -from lib.core.settings import UNICODE_ENCODING -from lib.core.settings import ROTATING_CHARS +from lib.core.common import Backend, checkFile, clearConsoleLine, dataToStdout, getFileItems, getPublicTypeMembers,\ + hashDBRetrieve, hashDBWrite, normalizeUnicode, paths, readInput, singleTimeLogMessage, singleTimeWarnMessage +from lib.core.convert import hexdecode, hexencode, utf8encode +from lib.core.data import conf, kb, logger +from lib.core.enums import DBMS, HASH +from lib.core.exception import sqlmapFilePathException, sqlmapUserQuitException +from lib.core.settings import COMMON_PASSWORD_SUFFIXES, COMMON_USER_COLUMNS, DUMMY_USER_PREFIX, HASH_MOD_ITEM_DISPLAY,\ + HASH_RECOGNITION_QUIT_THRESHOLD, IS_WIN, ITOA64, ML, NULL, UNICODE_ENCODING, ROTATING_CHARS from lib.core.wordlist import Wordlist -from thirdparty.pydes.pyDes import des -from thirdparty.pydes.pyDes import CBC +from thirdparty.pydes.pyDes import des, CBC def mysql_passwd(password, uppercase=True): """ diff --git a/lib/utils/hashdb.py b/lib/utils/hashdb.py index 544eefe2a..c2bf5546c 100644 --- a/lib/utils/hashdb.py +++ b/lib/utils/hashdb.py @@ -11,16 +11,11 @@ import sqlite3 import threading import time -from lib.core.common import getUnicode -from lib.core.common import serializeObject -from lib.core.common import unserializeObject +from lib.core.common import getUnicode, serializeObject, unserializeObject from lib.core.data import logger from lib.core.exception import sqlmapDataException -from lib.core.settings import HASHDB_FLUSH_RETRIES -from lib.core.settings import HASHDB_FLUSH_THRESHOLD -from lib.core.settings import UNICODE_ENCODING -from lib.core.threads import getCurrentThreadData -from lib.core.threads import getCurrentThreadName +from lib.core.settings import HASHDB_FLUSH_RETRIES, HASHDB_FLUSH_THRESHOLD, UNICODE_ENCODING +from lib.core.threads import getCurrentThreadData, getCurrentThreadName class HashDB(object): def __init__(self, filepath): diff --git a/lib/utils/pivotdumptable.py b/lib/utils/pivotdumptable.py index 01305cc84..bbdb7f928 100644 --- a/lib/utils/pivotdumptable.py +++ b/lib/utils/pivotdumptable.py @@ -7,21 +7,11 @@ See the file 'doc/COPYING' for copying permission from extra.safe2bin.safe2bin import safechardecode from lib.core.bigarray import BigArray -from lib.core.common import Backend -from lib.core.common import decodeIntToUnicode -from lib.core.common import isNoneValue -from lib.core.common import isNumPosStrValue -from lib.core.common import singleTimeWarnMessage -from lib.core.common import unArrayizeValue -from lib.core.common import unsafeSQLIdentificatorNaming -from lib.core.data import conf -from lib.core.data import logger -from lib.core.data import queries -from lib.core.enums import CHARSET_TYPE -from lib.core.enums import EXPECTED -from lib.core.exception import sqlmapConnectionException -from lib.core.exception import sqlmapNoneDataException -from lib.core.settings import INFERENCE_UNKNOWN_CHAR +from lib.core.common import Backend, isNoneValue, isNumPosStrValue, singleTimeWarnMessage, unArrayizeValue, \ + unsafeSQLIdentificatorNaming +from lib.core.data import conf, logger, queries +from lib.core.enums import CHARSET_TYPE, EXPECTED +from lib.core.exception import sqlmapConnectionException, sqlmapNoneDataException from lib.core.settings import MAX_INT from lib.core.unescaper import unescaper from lib.request import inject diff --git a/plugins/__init__.py b/plugins/__init__.py index 72630d2e8..203dd12d1 100644 --- a/plugins/__init__.py +++ b/plugins/__init__.py @@ -4,5 +4,3 @@ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ - -pass diff --git a/plugins/dbms/__init__.py b/plugins/dbms/__init__.py index 72630d2e8..b04606ac5 100644 --- a/plugins/dbms/__init__.py +++ b/plugins/dbms/__init__.py @@ -5,4 +5,3 @@ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ -pass diff --git a/plugins/dbms/access/connector.py b/plugins/dbms/access/connector.py index 0910b63a5..8fd84f780 100644 --- a/plugins/dbms/access/connector.py +++ b/plugins/dbms/access/connector.py @@ -7,7 +7,7 @@ See the file 'doc/COPYING' for copying permission try: import pyodbc -except ImportError, _: +except ImportError: pass import logging diff --git a/plugins/dbms/access/fingerprint.py b/plugins/dbms/access/fingerprint.py index 798f37e2d..585705017 100644 --- a/plugins/dbms/access/fingerprint.py +++ b/plugins/dbms/access/fingerprint.py @@ -7,15 +7,8 @@ See the file 'doc/COPYING' for copying permission import re -from lib.core.common import Backend -from lib.core.common import Format -from lib.core.common import getCurrentThreadData -from lib.core.common import randomInt -from lib.core.common import randomStr -from lib.core.common import wasLastRequestDBMSError -from lib.core.data import conf -from lib.core.data import kb -from lib.core.data import logger +from lib.core.common import Backend, Format, getCurrentThreadData, randomInt, randomStr, wasLastRequestDBMSError +from lib.core.data import conf, kb, logger from lib.core.enums import DBMS from lib.core.session import setDbms from lib.core.settings import ACCESS_ALIASES @@ -49,11 +42,11 @@ class Fingerprint(GenericFingerprint): # Microsoft Access table reference updated on 01/2010 sysTables = { - "97": ("MSysModules2", "MSysAccessObjects"), - "2000" : ("!MSysModules2", "MSysAccessObjects"), - "2002-2003" : ("MSysAccessStorage", "!MSysNavPaneObjectIDs"), - "2007" : ("MSysAccessStorage", "MSysNavPaneObjectIDs") - } + "97": ("MSysModules2", "MSysAccessObjects"), + "2000": ("!MSysModules2", "MSysAccessObjects"), + "2002-2003": ("MSysAccessStorage", "!MSysNavPaneObjectIDs"), + "2007": ("MSysAccessStorage", "MSysNavPaneObjectIDs") + } # MSysAccessXML is not a reliable system table because it doesn't always exist # ("Access through Access", p6, should be "normally doesn't exist" instead of "is normally empty") @@ -68,7 +61,8 @@ class Fingerprint(GenericFingerprint): table = table[1:] randInt = randomInt() - result = inject.checkBooleanExpression("EXISTS(SELECT * FROM %s WHERE %d=%d)" % (table, randInt, randInt)) + result = inject.checkBooleanExpression( + "EXISTS(SELECT * FROM %s WHERE %d=%d)" % (table, randInt, randInt)) if result is None: result = False @@ -93,7 +87,8 @@ class Fingerprint(GenericFingerprint): randInt = randomInt() randStr = randomStr() - _ = inject.checkBooleanExpression("EXISTS(SELECT * FROM %s.%s WHERE %d=%d)" % (randStr, randStr, randInt, randInt)) + _ = inject.checkBooleanExpression( + "EXISTS(SELECT * FROM %s.%s WHERE %d=%d)" % (randStr, randStr, randInt, randInt)) if wasLastRequestDBMSError(): threadData = getCurrentThreadData() diff --git a/plugins/dbms/db2/connector.py b/plugins/dbms/db2/connector.py index e486ce088..629d35f76 100644 --- a/plugins/dbms/db2/connector.py +++ b/plugins/dbms/db2/connector.py @@ -12,8 +12,7 @@ except ImportError, _: import logging -from lib.core.data import conf -from lib.core.data import logger +from lib.core.data import conf, logger from lib.core.exception import sqlmapConnectionException from plugins.generic.connector import Connector as GenericConnector diff --git a/plugins/dbms/db2/enumeration.py b/plugins/dbms/db2/enumeration.py index d195d3a32..ccf88f71a 100644 --- a/plugins/dbms/db2/enumeration.py +++ b/plugins/dbms/db2/enumeration.py @@ -1,20 +1,19 @@ #!/usr/bin/env python """ -$Id$ +$Id$ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ - from lib.core.data import logger from plugins.generic.enumeration import Enumeration as GenericEnumeration class Enumeration(GenericEnumeration): def __init__(self): - GenericEnumeration.__init__(self) - + GenericEnumeration.__init__(self) + def getPasswordHashes(self): warnMsg = "on DB2 it is not possible to list password hashes" logger.warn(warnMsg) diff --git a/plugins/dbms/db2/fingerprint.py b/plugins/dbms/db2/fingerprint.py index 63a2f8683..812d7ce0b 100644 --- a/plugins/dbms/db2/fingerprint.py +++ b/plugins/dbms/db2/fingerprint.py @@ -6,14 +6,9 @@ See the file 'doc/COPYING' for copying permission """ -from lib.core.common import Backend -from lib.core.common import Format -from lib.core.common import randomInt -from lib.core.data import conf -from lib.core.data import kb -from lib.core.data import logger -from lib.core.enums import DBMS -from lib.core.enums import OS +from lib.core.common import Backend, Format, randomInt +from lib.core.data import conf, kb, logger +from lib.core.enums import DBMS, OS from lib.core.session import setDbms from lib.core.settings import DB2_ALIASES from lib.request import inject diff --git a/plugins/dbms/firebird/fingerprint.py b/plugins/dbms/firebird/fingerprint.py index 903b2e866..7b5fb75b4 100644 --- a/plugins/dbms/firebird/fingerprint.py +++ b/plugins/dbms/firebird/fingerprint.py @@ -7,19 +7,11 @@ See the file 'doc/COPYING' for copying permission import re -from lib.core.common import Backend -from lib.core.common import Format -from lib.core.common import getUnicode -from lib.core.common import randomInt -from lib.core.common import randomRange -from lib.core.data import conf -from lib.core.data import kb -from lib.core.data import logger +from lib.core.common import Backend, Format, getUnicode, randomInt, randomRange +from lib.core.data import conf, kb, logger from lib.core.enums import DBMS from lib.core.session import setDbms -from lib.core.settings import FIREBIRD_ALIASES -from lib.core.settings import METADB_SUFFIX -from lib.core.settings import UNKNOWN_DBMS_VERSION +from lib.core.settings import FIREBIRD_ALIASES, METADB_SUFFIX, UNKNOWN_DBMS_VERSION from lib.request import inject from plugins.generic.fingerprint import Fingerprint as GenericFingerprint diff --git a/plugins/dbms/maxdb/fingerprint.py b/plugins/dbms/maxdb/fingerprint.py index 5ff9fca86..968f196c8 100644 --- a/plugins/dbms/maxdb/fingerprint.py +++ b/plugins/dbms/maxdb/fingerprint.py @@ -8,9 +8,7 @@ See the file 'doc/COPYING' for copying permission from lib.core.agent import agent from lib.core.common import Backend from lib.core.common import Format -from lib.core.data import conf -from lib.core.data import kb -from lib.core.data import logger +from lib.core.data import conf, kb, logger from lib.core.enums import DBMS from lib.core.session import setDbms from lib.core.settings import MAXDB_ALIASES diff --git a/plugins/dbms/mssqlserver/enumeration.py b/plugins/dbms/mssqlserver/enumeration.py index 5d5e2e96c..1825a09c4 100644 --- a/plugins/dbms/mssqlserver/enumeration.py +++ b/plugins/dbms/mssqlserver/enumeration.py @@ -6,22 +6,10 @@ See the file 'doc/COPYING' for copying permission """ from lib.core.agent import agent -from lib.core.common import arrayizeValue -from lib.core.common import Backend -from lib.core.common import getLimitRange -from lib.core.common import isInferenceAvailable -from lib.core.common import isNoneValue -from lib.core.common import isNumPosStrValue -from lib.core.common import isTechniqueAvailable -from lib.core.common import safeSQLIdentificatorNaming -from lib.core.common import unsafeSQLIdentificatorNaming -from lib.core.data import conf -from lib.core.data import kb -from lib.core.data import logger -from lib.core.data import queries -from lib.core.enums import CHARSET_TYPE -from lib.core.enums import EXPECTED -from lib.core.enums import PAYLOAD +from lib.core.common import arrayizeValue, Backend, getLimitRange, isInferenceAvailable, isNoneValue,\ + isNumPosStrValue, isTechniqueAvailable, safeSQLIdentificatorNaming, unsafeSQLIdentificatorNaming +from lib.core.data import conf, kb, logger, queries +from lib.core.enums import CHARSET_TYPE, EXPECTED, PAYLOAD from lib.core.exception import sqlmapNoneDataException from lib.core.settings import CURRENT_DB from lib.request import inject diff --git a/plugins/dbms/mssqlserver/filesystem.py b/plugins/dbms/mssqlserver/filesystem.py index 8ebfd5f17..f61bef12a 100644 --- a/plugins/dbms/mssqlserver/filesystem.py +++ b/plugins/dbms/mssqlserver/filesystem.py @@ -9,20 +9,12 @@ import codecs import ntpath import os -from lib.core.common import getLimitRange -from lib.core.common import isNumPosStrValue -from lib.core.common import isTechniqueAvailable -from lib.core.common import posixToNtSlashes -from lib.core.common import randomStr -from lib.core.common import readInput +from lib.core.common import getLimitRange, isNumPosStrValue, isTechniqueAvailable, posixToNtSlashes, \ + randomStr, readInput from lib.core.convert import hexencode -from lib.core.data import conf -from lib.core.data import logger -from lib.core.enums import CHARSET_TYPE -from lib.core.enums import EXPECTED -from lib.core.enums import PAYLOAD -from lib.core.exception import sqlmapNoneDataException -from lib.core.exception import sqlmapUnsupportedFeatureException +from lib.core.data import conf, logger +from lib.core.enums import CHARSET_TYPE, EXPECTED, PAYLOAD +from lib.core.exception import sqlmapNoneDataException, sqlmapUnsupportedFeatureException from lib.request import inject from plugins.generic.filesystem import Filesystem as GenericFilesystem diff --git a/plugins/dbms/mssqlserver/fingerprint.py b/plugins/dbms/mssqlserver/fingerprint.py index 182704f47..fa36e83f0 100644 --- a/plugins/dbms/mssqlserver/fingerprint.py +++ b/plugins/dbms/mssqlserver/fingerprint.py @@ -5,15 +5,9 @@ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ -from lib.core.common import Backend -from lib.core.common import Format -from lib.core.common import getUnicode -from lib.core.common import randomInt -from lib.core.data import conf -from lib.core.data import kb -from lib.core.data import logger -from lib.core.enums import DBMS -from lib.core.enums import OS +from lib.core.common import Backend, Format, getUnicode, randomInt +from lib.core.data import conf, kb, logger +from lib.core.enums import DBMS, OS from lib.core.session import setDbms from lib.core.settings import MSSQL_ALIASES from lib.request import inject diff --git a/plugins/dbms/mysql/__init__.py b/plugins/dbms/mysql/__init__.py index c7d7c86c5..626c827e5 100644 --- a/plugins/dbms/mysql/__init__.py +++ b/plugins/dbms/mysql/__init__.py @@ -23,11 +23,11 @@ class MySQLMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Take def __init__(self): self.excludeDbsList = MYSQL_SYSTEM_DBS self.sysUdfs = { - # UDF name: UDF return data-type - "sys_exec": { "return": "int" }, - "sys_eval": { "return": "string" }, - "sys_bineval": { "return": "int" } - } + # UDF name: UDF return data-type + "sys_exec": {"return": "int"}, + "sys_eval": {"return": "string"}, + "sys_bineval": {"return": "int"} + } Syntax.__init__(self) Fingerprint.__init__(self) diff --git a/plugins/dbms/mysql/connector.py b/plugins/dbms/mysql/connector.py index ce19ce79b..0e922ab18 100644 --- a/plugins/dbms/mysql/connector.py +++ b/plugins/dbms/mysql/connector.py @@ -7,13 +7,12 @@ See the file 'doc/COPYING' for copying permission try: import pymysql -except ImportError, _: +except ImportError: pass import logging -from lib.core.data import conf -from lib.core.data import logger +from lib.core.data import conf, logger from lib.core.exception import sqlmapConnectionException from plugins.generic.connector import Connector as GenericConnector diff --git a/plugins/dbms/mysql/filesystem.py b/plugins/dbms/mysql/filesystem.py index aec8d7292..3891c4315 100644 --- a/plugins/dbms/mysql/filesystem.py +++ b/plugins/dbms/mysql/filesystem.py @@ -5,17 +5,9 @@ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ -from lib.core.common import isNumPosStrValue -from lib.core.common import isTechniqueAvailable -from lib.core.common import randomStr -from lib.core.common import singleTimeWarnMessage -from lib.core.data import conf -from lib.core.data import kb -from lib.core.data import logger -from lib.core.enums import CHARSET_TYPE -from lib.core.enums import EXPECTED -from lib.core.enums import PAYLOAD -from lib.core.enums import PLACE +from lib.core.common import isNumPosStrValue, isTechniqueAvailable, randomStr, singleTimeWarnMessage +from lib.core.data import conf, kb, logger +from lib.core.enums import CHARSET_TYPE, EXPECTED, PAYLOAD, PLACE from lib.core.exception import sqlmapNoneDataException from lib.request import inject from lib.techniques.union.use import unionUse diff --git a/plugins/dbms/mysql/fingerprint.py b/plugins/dbms/mysql/fingerprint.py index e93723f3a..dcd701e07 100644 --- a/plugins/dbms/mysql/fingerprint.py +++ b/plugins/dbms/mysql/fingerprint.py @@ -7,15 +7,9 @@ See the file 'doc/COPYING' for copying permission import re -from lib.core.common import Backend -from lib.core.common import Format -from lib.core.common import getUnicode -from lib.core.common import randomInt -from lib.core.data import conf -from lib.core.data import kb -from lib.core.data import logger -from lib.core.enums import DBMS -from lib.core.enums import OS +from lib.core.common import Backend, Format, getUnicode, randomInt +from lib.core.data import conf, kb, logger +from lib.core.enums import DBMS, OS from lib.core.session import setDbms from lib.core.settings import MYSQL_ALIASES from lib.core.settings import UNKNOWN_DBMS_VERSION @@ -41,17 +35,17 @@ class Fingerprint(GenericFingerprint): # MySQL valid versions updated on 04/2011 versions = ( - (32200, 32235), # MySQL 3.22 - (32300, 32359), # MySQL 3.23 - (40000, 40032), # MySQL 4.0 - (40100, 40131), # MySQL 4.1 - (50000, 50092), # MySQL 5.0 - (50100, 50156), # MySQL 5.1 - (50400, 50404), # MySQL 5.4 - (50500, 50521), # MySQL 5.5 - (50600, 50604), # MySQL 5.6 - (60000, 60014), # MySQL 6.0 - ) + (32200, 32235), # MySQL 3.22 + (32300, 32359), # MySQL 3.23 + (40000, 40032), # MySQL 4.0 + (40100, 40131), # MySQL 4.1 + (50000, 50092), # MySQL 5.0 + (50100, 50156), # MySQL 5.1 + (50400, 50404), # MySQL 5.4 + (50500, 50521), # MySQL 5.5 + (50600, 50604), # MySQL 5.6 + (60000, 60014), # MySQL 6.0 + ) index = -1 for i in xrange(len(versions)): diff --git a/plugins/dbms/mysql/takeover.py b/plugins/dbms/mysql/takeover.py index 1c4c4945a..c9d98642e 100644 --- a/plugins/dbms/mysql/takeover.py +++ b/plugins/dbms/mysql/takeover.py @@ -8,17 +8,9 @@ See the file 'doc/COPYING' for copying permission import re from lib.core.agent import agent -from lib.core.common import Backend -from lib.core.common import isTechniqueAvailable -from lib.core.common import normalizePath -from lib.core.common import ntToPosixSlashes -from lib.core.common import randomStr -from lib.core.common import unArrayizeValue -from lib.core.data import kb -from lib.core.data import logger -from lib.core.data import paths -from lib.core.enums import OS -from lib.core.enums import PAYLOAD +from lib.core.common import Backend, isTechniqueAvailable, normalizePath, ntToPosixSlashes, randomStr, unArrayizeValue +from lib.core.data import kb, logger, paths +from lib.core.enums import OS, PAYLOAD from lib.request import inject from lib.request.connect import Connect as Request from plugins.generic.takeover import Takeover as GenericTakeover @@ -93,7 +85,8 @@ class Takeover(GenericTakeover): # Reference: http://dev.mysql.com/doc/refman/5.1/en/create-function-udf.html inject.goStacked("DROP FUNCTION %s" % udf) - inject.goStacked("CREATE FUNCTION %s RETURNS %s SONAME '%s.%s'" % (udf, ret, self.udfSharedLibName, self.udfSharedLibExt)) + inject.goStacked("CREATE FUNCTION %s RETURNS %s SONAME '%s.%s'" % ( + udf, ret, self.udfSharedLibName, self.udfSharedLibExt)) self.createdUdf.add(udf) else: diff --git a/plugins/dbms/oracle/connector.py b/plugins/dbms/oracle/connector.py index 195b9aa34..57c49bb25 100644 --- a/plugins/dbms/oracle/connector.py +++ b/plugins/dbms/oracle/connector.py @@ -40,7 +40,8 @@ class Connector(GenericConnector): self.password = utf8encode(self.password) try: - self.connector = cx_Oracle.connect(dsn=self.__dsn, user=self.user, password=self.password, mode=cx_Oracle.SYSDBA) + self.connector = cx_Oracle.connect(dsn=self.__dsn, user=self.user, password=self.password, + mode=cx_Oracle.SYSDBA) logger.info("successfully connected as SYSDBA") except (cx_Oracle.OperationalError, cx_Oracle.DatabaseError), _: try: diff --git a/plugins/dbms/oracle/enumeration.py b/plugins/dbms/oracle/enumeration.py index da95f1828..7548c68fd 100644 --- a/plugins/dbms/oracle/enumeration.py +++ b/plugins/dbms/oracle/enumeration.py @@ -5,20 +5,10 @@ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ -from lib.core.common import Backend -from lib.core.common import getLimitRange -from lib.core.common import isAdminFromPrivileges -from lib.core.common import isInferenceAvailable -from lib.core.common import isNoneValue -from lib.core.common import isNumPosStrValue -from lib.core.common import isTechniqueAvailable -from lib.core.data import conf -from lib.core.data import kb -from lib.core.data import logger -from lib.core.data import queries -from lib.core.enums import CHARSET_TYPE -from lib.core.enums import EXPECTED -from lib.core.enums import PAYLOAD +from lib.core.common import Backend, getLimitRange, isAdminFromPrivileges, isInferenceAvailable, isNoneValue,\ + isNumPosStrValue, isTechniqueAvailable +from lib.core.data import conf, kb, logger, queries +from lib.core.enums import CHARSET_TYPE, EXPECTED, PAYLOAD from lib.core.exception import sqlmapNoneDataException from lib.request import inject from plugins.generic.enumeration import Enumeration as GenericEnumeration @@ -41,7 +31,8 @@ class Enumeration(GenericEnumeration): # Set containing the list of DBMS administrators areAdmins = set() - if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct: + if any(isTechniqueAvailable(_) for _ in ( + PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct: if query2: query = rootQuery.inband.query2 condition = rootQuery.inband.condition2 @@ -119,7 +110,8 @@ class Enumeration(GenericEnumeration): query = rootQuery.blind.count2 % queryUser else: query = rootQuery.blind.count % queryUser - count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) + count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, + charsetType=CHARSET_TYPE.DIGITS) if not isNumPosStrValue(count): if count != 0 and not query2: @@ -164,4 +156,4 @@ class Enumeration(GenericEnumeration): errMsg += "for the database users" raise sqlmapNoneDataException, errMsg - return ( kb.data.cachedUsersRoles, areAdmins ) + return kb.data.cachedUsersRoles, areAdmins diff --git a/plugins/dbms/oracle/fingerprint.py b/plugins/dbms/oracle/fingerprint.py index f1426f12d..4bdd05f9e 100644 --- a/plugins/dbms/oracle/fingerprint.py +++ b/plugins/dbms/oracle/fingerprint.py @@ -7,11 +7,8 @@ See the file 'doc/COPYING' for copying permission import re -from lib.core.common import Backend -from lib.core.common import Format -from lib.core.data import conf -from lib.core.data import kb -from lib.core.data import logger +from lib.core.common import Backend, Format +from lib.core.data import conf, kb, logger from lib.core.enums import DBMS from lib.core.session import setDbms from lib.core.settings import ORACLE_ALIASES diff --git a/plugins/dbms/postgresql/connector.py b/plugins/dbms/postgresql/connector.py index ebf3bebe4..f2f11d528 100644 --- a/plugins/dbms/postgresql/connector.py +++ b/plugins/dbms/postgresql/connector.py @@ -10,7 +10,7 @@ try: import psycopg2.extensions psycopg2.extensions.register_type(psycopg2.extensions.UNICODE) psycopg2.extensions.register_type(psycopg2.extensions.UNICODEARRAY) -except ImportError, _: +except ImportError: pass from lib.core.data import logger diff --git a/plugins/dbms/postgresql/filesystem.py b/plugins/dbms/postgresql/filesystem.py index 74b70c4e9..ff68c5a95 100644 --- a/plugins/dbms/postgresql/filesystem.py +++ b/plugins/dbms/postgresql/filesystem.py @@ -8,8 +8,7 @@ See the file 'doc/COPYING' for copying permission import os from lib.core.common import randomInt -from lib.core.data import kb -from lib.core.data import logger +from lib.core.data import kb, logger from lib.core.exception import sqlmapUnsupportedFeatureException from lib.request import inject from plugins.generic.filesystem import Filesystem as GenericFilesystem diff --git a/plugins/dbms/postgresql/fingerprint.py b/plugins/dbms/postgresql/fingerprint.py index a32ebdca2..bee9a6984 100644 --- a/plugins/dbms/postgresql/fingerprint.py +++ b/plugins/dbms/postgresql/fingerprint.py @@ -5,18 +5,11 @@ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ -from lib.core.common import Backend -from lib.core.common import Format -from lib.core.common import getUnicode -from lib.core.common import randomInt -from lib.core.data import conf -from lib.core.data import kb -from lib.core.data import logger -from lib.core.enums import DBMS -from lib.core.enums import OS +from lib.core.common import Backend, Format, getUnicode, randomInt +from lib.core.data import conf, kb, logger +from lib.core.enums import DBMS, OS from lib.core.session import setDbms -from lib.core.settings import PGSQL_ALIASES -from lib.core.settings import PGSQL_SYSTEM_DBS +from lib.core.settings import PGSQL_ALIASES, PGSQL_SYSTEM_DBS from lib.request import inject from plugins.generic.fingerprint import Fingerprint as GenericFingerprint diff --git a/plugins/dbms/postgresql/takeover.py b/plugins/dbms/postgresql/takeover.py index c636f991b..ae7280d1d 100644 --- a/plugins/dbms/postgresql/takeover.py +++ b/plugins/dbms/postgresql/takeover.py @@ -7,9 +7,7 @@ See the file 'doc/COPYING' for copying permission from lib.core.common import Backend from lib.core.common import randomStr -from lib.core.data import kb -from lib.core.data import logger -from lib.core.data import paths +from lib.core.data import kb, logger, paths from lib.core.enums import OS from lib.core.exception import sqlmapUnsupportedFeatureException from lib.request import inject diff --git a/plugins/dbms/sqlite/connector.py b/plugins/dbms/sqlite/connector.py index 298d4e295..cefc47de4 100644 --- a/plugins/dbms/sqlite/connector.py +++ b/plugins/dbms/sqlite/connector.py @@ -7,16 +7,14 @@ See the file 'doc/COPYING' for copying permission try: import sqlite3 -except ImportError, _: +except ImportError: pass import logging from lib.core.convert import utf8encode -from lib.core.data import conf -from lib.core.data import logger -from lib.core.exception import sqlmapConnectionException -from lib.core.exception import sqlmapMissingDependence +from lib.core.data import conf, logger +from lib.core.exception import sqlmapConnectionException, sqlmapMissingDependence from plugins.generic.connector import Connector as GenericConnector diff --git a/plugins/dbms/sqlite/fingerprint.py b/plugins/dbms/sqlite/fingerprint.py index 4b8bc5757..8cca30027 100644 --- a/plugins/dbms/sqlite/fingerprint.py +++ b/plugins/dbms/sqlite/fingerprint.py @@ -5,15 +5,11 @@ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ -from lib.core.common import Backend -from lib.core.common import Format -from lib.core.data import conf -from lib.core.data import kb -from lib.core.data import logger +from lib.core.common import Backend, Format +from lib.core.data import conf, kb, logger from lib.core.enums import DBMS from lib.core.session import setDbms -from lib.core.settings import METADB_SUFFIX -from lib.core.settings import SQLITE_ALIASES +from lib.core.settings import METADB_SUFFIX, SQLITE_ALIASES from lib.request import inject from plugins.generic.fingerprint import Fingerprint as GenericFingerprint diff --git a/plugins/dbms/sybase/connector.py b/plugins/dbms/sybase/connector.py index 81fa3ced9..734c19dc7 100644 --- a/plugins/dbms/sybase/connector.py +++ b/plugins/dbms/sybase/connector.py @@ -40,7 +40,8 @@ class Connector(GenericConnector): self.initConnection() try: - self.connector = pymssql.connect(host="%s:%d" % (self.hostname, self.port), user=self.user, password=self.password, database=self.db, login_timeout=conf.timeout, timeout=conf.timeout) + self.connector = pymssql.connect(host="%s:%d" % (self.hostname, self.port), user=self.user, + password=self.password, database=self.db, login_timeout=conf.timeout, timeout=conf.timeout) except pymssql.OperationalError, msg: raise sqlmapConnectionException, msg diff --git a/plugins/dbms/sybase/enumeration.py b/plugins/dbms/sybase/enumeration.py index b97c3b126..6dcfa27e6 100644 --- a/plugins/dbms/sybase/enumeration.py +++ b/plugins/dbms/sybase/enumeration.py @@ -5,20 +5,11 @@ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ -from lib.core.common import Backend -from lib.core.common import filterPairValues -from lib.core.common import isTechniqueAvailable -from lib.core.common import randomStr -from lib.core.common import safeSQLIdentificatorNaming -from lib.core.common import unsafeSQLIdentificatorNaming -from lib.core.data import conf -from lib.core.data import kb -from lib.core.data import logger -from lib.core.data import queries +from lib.core.common import Backend, filterPairValues, isTechniqueAvailable, randomStr, safeSQLIdentificatorNaming, unsafeSQLIdentificatorNaming +from lib.core.data import conf, kb, logger, queries from lib.core.dicts import SYBASE_TYPES from lib.core.enums import PAYLOAD -from lib.core.exception import sqlmapMissingMandatoryOptionException -from lib.core.exception import sqlmapNoneDataException +from lib.core.exception import sqlmapMissingMandatoryOptionException, sqlmapNoneDataException from lib.core.settings import CURRENT_DB from lib.utils.pivotdumptable import pivotDumpTable from plugins.generic.enumeration import Enumeration as GenericEnumeration diff --git a/plugins/dbms/sybase/fingerprint.py b/plugins/dbms/sybase/fingerprint.py index ae4a38fde..b0afc99b6 100644 --- a/plugins/dbms/sybase/fingerprint.py +++ b/plugins/dbms/sybase/fingerprint.py @@ -5,13 +5,9 @@ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ -from lib.core.common import Backend -from lib.core.common import Format -from lib.core.data import conf -from lib.core.data import kb -from lib.core.data import logger -from lib.core.enums import DBMS -from lib.core.enums import OS +from lib.core.common import Backend, Format +from lib.core.data import conf, kb, logger +from lib.core.enums import DBMS, OS from lib.core.session import setDbms from lib.core.settings import SYBASE_ALIASES from lib.request import inject @@ -57,8 +53,8 @@ class Fingerprint(GenericFingerprint): return value def checkDbms(self): - if not conf.extensiveFp and (Backend.isDbmsWithin(SYBASE_ALIASES) \ - or conf.dbms in SYBASE_ALIASES) and Backend.getVersion() and \ + if not conf.extensiveFp and (Backend.isDbmsWithin(SYBASE_ALIASES)\ + or conf.dbms in SYBASE_ALIASES) and Backend.getVersion() and\ Backend.getVersion().isdigit(): setDbms("%s %s" % (DBMS.SYBASE, Backend.getVersion())) diff --git a/plugins/generic/__init__.py b/plugins/generic/__init__.py index 72630d2e8..203dd12d1 100644 --- a/plugins/generic/__init__.py +++ b/plugins/generic/__init__.py @@ -4,5 +4,3 @@ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ - -pass diff --git a/plugins/generic/connector.py b/plugins/generic/connector.py index d1cd12a6f..d9592479f 100644 --- a/plugins/generic/connector.py +++ b/plugins/generic/connector.py @@ -7,14 +7,12 @@ See the file 'doc/COPYING' for copying permission import os -from lib.core.data import conf -from lib.core.data import logger -from lib.core.exception import sqlmapFilePathException -from lib.core.exception import sqlmapUndefinedMethod +from lib.core.data import conf, logger +from lib.core.exception import sqlmapFilePathException, sqlmapUndefinedMethod -class Connector: +class Connector(object): """ - This class defines generic dbms protocol functionalities for plugins. + This class defines generic dbms protocol functionality for plugins. """ def __init__(self): diff --git a/plugins/generic/custom.py b/plugins/generic/custom.py index 89102a9ab..7b117f8d8 100644 --- a/plugins/generic/custom.py +++ b/plugins/generic/custom.py @@ -7,22 +7,16 @@ See the file 'doc/COPYING' for copying permission import re -from lib.core.common import Backend -from lib.core.common import dataToStdout -from lib.core.common import getSQLSnippet -from lib.core.common import isTechniqueAvailable +from lib.core.common import Backend, dataToStdout, getSQLSnippet, isTechniqueAvailable from lib.core.convert import utf8decode -from lib.core.data import conf -from lib.core.data import kb -from lib.core.data import logger -from lib.core.data import queries +from lib.core.data import conf, logger from lib.core.dicts import SQL_STATEMENTS from lib.core.enums import PAYLOAD from lib.core.settings import PARAMETER_SPLITTING_REGEX from lib.core.shell import autoCompletion from lib.request import inject -class Custom: +class Custom(object): """ This class defines custom enumeration functionalities for plugins. """ diff --git a/plugins/generic/databases.py b/plugins/generic/databases.py index b256ec182..3d0e3ea59 100644 --- a/plugins/generic/databases.py +++ b/plugins/generic/databases.py @@ -6,41 +6,18 @@ See the file 'doc/COPYING' for copying permission """ from lib.core.agent import agent -from lib.core.common import arrayizeValue -from lib.core.common import Backend -from lib.core.common import filterPairValues -from lib.core.common import getLimitRange -from lib.core.common import isInferenceAvailable -from lib.core.common import isListLike -from lib.core.common import isNoneValue -from lib.core.common import isNumPosStrValue -from lib.core.common import isTechniqueAvailable -from lib.core.common import parseSqliteTableSchema -from lib.core.common import popValue -from lib.core.common import pushValue -from lib.core.common import readInput -from lib.core.common import safeSQLIdentificatorNaming -from lib.core.common import unArrayizeValue -from lib.core.common import unsafeSQLIdentificatorNaming -from lib.core.data import conf -from lib.core.data import kb -from lib.core.data import logger -from lib.core.data import paths -from lib.core.data import queries +from lib.core.common import arrayizeValue, Backend, filterPairValues, getLimitRange,\ + isInferenceAvailable, isListLike, isNoneValue, isNumPosStrValue, isTechniqueAvailable, parseSqliteTableSchema,\ + popValue, pushValue, readInput, safeSQLIdentificatorNaming, unArrayizeValue, unsafeSQLIdentificatorNaming +from lib.core.data import conf, kb, paths, logger, queries from lib.core.dicts import FIREBIRD_TYPES -from lib.core.enums import CHARSET_TYPE -from lib.core.enums import DBMS -from lib.core.enums import EXPECTED -from lib.core.enums import PAYLOAD -from lib.core.exception import sqlmapMissingMandatoryOptionException -from lib.core.exception import sqlmapNoneDataException -from lib.core.exception import sqlmapUserQuitException +from lib.core.enums import CHARSET_TYPE, DBMS, EXPECTED, PAYLOAD +from lib.core.exception import sqlmapMissingMandatoryOptionException, sqlmapNoneDataException, sqlmapUserQuitException from lib.core.settings import CURRENT_DB from lib.request import inject -from lib.techniques.brute.use import columnExists -from lib.techniques.brute.use import tableExists +from lib.techniques.brute.use import columnExists, tableExists -class Databases: +class Databases(object): """ This class defines databases' enumeration functionalities for plugins. """ diff --git a/plugins/generic/entries.py b/plugins/generic/entries.py index 3869188cc..f40759897 100644 --- a/plugins/generic/entries.py +++ b/plugins/generic/entries.py @@ -5,41 +5,16 @@ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ -from extra.safe2bin.safe2bin import safechardecode from lib.core.bigarray import BigArray -from lib.core.common import Backend -from lib.core.common import clearConsoleLine -from lib.core.common import decodeIntToUnicode -from lib.core.common import getLimitRange -from lib.core.common import getUnicode -from lib.core.common import isInferenceAvailable -from lib.core.common import isListLike -from lib.core.common import isNoneValue -from lib.core.common import isNumPosStrValue -from lib.core.common import isTechniqueAvailable -from lib.core.common import prioritySortColumns -from lib.core.common import readInput -from lib.core.common import safeSQLIdentificatorNaming -from lib.core.common import singleTimeWarnMessage -from lib.core.common import unArrayizeValue -from lib.core.common import unsafeSQLIdentificatorNaming -from lib.core.data import conf -from lib.core.data import kb -from lib.core.data import logger -from lib.core.data import queries +from lib.core.common import Backend, clearConsoleLine, getLimitRange, getUnicode, isInferenceAvailable,\ + isListLike, isNoneValue, isNumPosStrValue, isTechniqueAvailable, prioritySortColumns, readInput,\ + safeSQLIdentificatorNaming, unArrayizeValue, unsafeSQLIdentificatorNaming +from lib.core.data import conf, kb, logger, queries from lib.core.dicts import DUMP_REPLACEMENTS -from lib.core.enums import CHARSET_TYPE -from lib.core.enums import DBMS -from lib.core.enums import EXPECTED -from lib.core.enums import PAYLOAD -from lib.core.exception import sqlmapConnectionException -from lib.core.exception import sqlmapMissingMandatoryOptionException -from lib.core.exception import sqlmapNoneDataException -from lib.core.exception import sqlmapUnsupportedFeatureException -from lib.core.settings import CHECK_ZERO_COLUMNS_THRESHOLD -from lib.core.settings import CURRENT_DB -from lib.core.settings import MAX_INT -from lib.core.settings import NULL +from lib.core.enums import CHARSET_TYPE, DBMS, EXPECTED, PAYLOAD +from lib.core.exception import sqlmapConnectionException, sqlmapMissingMandatoryOptionException, \ + sqlmapNoneDataException, sqlmapUnsupportedFeatureException +from lib.core.settings import CHECK_ZERO_COLUMNS_THRESHOLD, CURRENT_DB, NULL from lib.request import inject from lib.utils.hash import attackDumpedTable from lib.utils.pivotdumptable import pivotDumpTable diff --git a/plugins/generic/enumeration.py b/plugins/generic/enumeration.py index bd376d377..7812aa480 100644 --- a/plugins/generic/enumeration.py +++ b/plugins/generic/enumeration.py @@ -5,12 +5,8 @@ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ -from lib.core.common import Backend -from lib.core.common import unArrayizeValue -from lib.core.data import conf -from lib.core.data import kb -from lib.core.data import logger -from lib.core.data import queries +from lib.core.common import Backend, unArrayizeValue +from lib.core.data import conf, kb, logger, queries from lib.core.enums import DBMS from lib.core.session import setOs from lib.parse.banner import bannerParser diff --git a/plugins/generic/filesystem.py b/plugins/generic/filesystem.py index 0d15ceb34..29beae600 100644 --- a/plugins/generic/filesystem.py +++ b/plugins/generic/filesystem.py @@ -5,26 +5,15 @@ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ -import binascii import codecs import os from lib.core.agent import agent -from lib.core.common import dataToOutFile -from lib.core.common import Backend -from lib.core.common import isNumPosStrValue -from lib.core.common import isListLike -from lib.core.common import isTechniqueAvailable -from lib.core.common import randomStr -from lib.core.common import readInput +from lib.core.common import dataToOutFile, Backend, isNumPosStrValue, isListLike, isTechniqueAvailable, \ + randomStr, readInput from lib.core.convert import hexdecode -from lib.core.data import conf -from lib.core.data import kb -from lib.core.data import logger -from lib.core.enums import DBMS -from lib.core.enums import CHARSET_TYPE -from lib.core.enums import EXPECTED -from lib.core.enums import PAYLOAD +from lib.core.data import conf, kb, logger +from lib.core.enums import DBMS, CHARSET_TYPE, EXPECTED, PAYLOAD from lib.core.exception import sqlmapUndefinedMethod from lib.request import inject diff --git a/plugins/generic/misc.py b/plugins/generic/misc.py index 1abde80e3..748f20749 100644 --- a/plugins/generic/misc.py +++ b/plugins/generic/misc.py @@ -7,27 +7,14 @@ See the file 'doc/COPYING' for copying permission import re -from lib.core.common import Backend -from lib.core.common import hashDBWrite -from lib.core.common import isTechniqueAvailable -from lib.core.common import normalizePath -from lib.core.common import ntToPosixSlashes -from lib.core.common import posixToNtSlashes -from lib.core.common import readInput -from lib.core.common import unArrayizeValue -from lib.core.data import conf -from lib.core.data import kb -from lib.core.data import logger -from lib.core.data import queries -from lib.core.enums import DBMS -from lib.core.enums import HASHDB_KEYS -from lib.core.enums import OS -from lib.core.enums import PAYLOAD -from lib.core.exception import sqlmapNoneDataException -from lib.core.exception import sqlmapUnsupportedFeatureException +from lib.core.common import Backend, hashDBWrite, isTechniqueAvailable, normalizePath, ntToPosixSlashes,\ + posixToNtSlashes, readInput, unArrayizeValue +from lib.core.data import conf, kb, logger, queries +from lib.core.enums import DBMS, HASHDB_KEYS, OS, PAYLOAD +from lib.core.exception import sqlmapNoneDataException, sqlmapUnsupportedFeatureException from lib.request import inject -class Miscellaneous: +class Miscellaneous(object): """ This class defines miscellaneous functionalities for plugins. """ diff --git a/plugins/generic/search.py b/plugins/generic/search.py index 8e1fc2523..c175c5db1 100644 --- a/plugins/generic/search.py +++ b/plugins/generic/search.py @@ -6,31 +6,14 @@ See the file 'doc/COPYING' for copying permission """ from lib.core.agent import agent -from lib.core.common import arrayizeValue -from lib.core.common import Backend -from lib.core.common import filterPairValues -from lib.core.common import getLimitRange -from lib.core.common import isNoneValue -from lib.core.common import isNumPosStrValue -from lib.core.common import isTechniqueAvailable -from lib.core.common import readInput -from lib.core.common import safeSQLIdentificatorNaming -from lib.core.common import unsafeSQLIdentificatorNaming -from lib.core.data import conf -from lib.core.data import kb -from lib.core.data import logger -from lib.core.data import paths -from lib.core.data import queries -from lib.core.enums import CHARSET_TYPE -from lib.core.enums import DBMS -from lib.core.enums import EXPECTED -from lib.core.enums import PAYLOAD -from lib.core.exception import sqlmapMissingMandatoryOptionException -from lib.core.exception import sqlmapUserQuitException +from lib.core.common import arrayizeValue, Backend, filterPairValues, getLimitRange, isNoneValue, \ + isNumPosStrValue, isTechniqueAvailable, readInput, safeSQLIdentificatorNaming, unsafeSQLIdentificatorNaming +from lib.core.data import conf, kb, logger, paths, queries +from lib.core.enums import CHARSET_TYPE, DBMS, EXPECTED, PAYLOAD +from lib.core.exception import sqlmapMissingMandatoryOptionException, sqlmapUserQuitException from lib.core.settings import CURRENT_DB from lib.request import inject -from lib.techniques.brute.use import columnExists -from lib.techniques.brute.use import tableExists +from lib.techniques.brute.use import columnExists, tableExists class Search: """ diff --git a/plugins/generic/takeover.py b/plugins/generic/takeover.py index 443f3fb97..983edab2d 100644 --- a/plugins/generic/takeover.py +++ b/plugins/generic/takeover.py @@ -7,21 +7,11 @@ See the file 'doc/COPYING' for copying permission import os -from lib.core.common import Backend -from lib.core.common import isTechniqueAvailable -from lib.core.common import readInput -from lib.core.common import runningAsAdmin -from lib.core.data import conf -from lib.core.data import logger -from lib.core.enums import DBMS -from lib.core.enums import OS -from lib.core.enums import PAYLOAD -from lib.core.exception import sqlmapMissingDependence -from lib.core.exception import sqlmapMissingMandatoryOptionException -from lib.core.exception import sqlmapMissingPrivileges -from lib.core.exception import sqlmapNotVulnerableException -from lib.core.exception import sqlmapUndefinedMethod -from lib.core.exception import sqlmapUnsupportedDBMSException +from lib.core.common import Backend, isTechniqueAvailable, readInput, runningAsAdmin +from lib.core.data import conf, logger +from lib.core.enums import DBMS, OS, PAYLOAD +from lib.core.exception import sqlmapMissingDependence, sqlmapMissingMandatoryOptionException,\ + sqlmapMissingPrivileges, sqlmapNotVulnerableException, sqlmapUndefinedMethod, sqlmapUnsupportedDBMSException from lib.takeover.abstraction import Abstraction from lib.takeover.icmpsh import ICMPsh from lib.takeover.metasploit import Metasploit diff --git a/plugins/generic/users.py b/plugins/generic/users.py index 3f1d109bb..1433335b1 100644 --- a/plugins/generic/users.py +++ b/plugins/generic/users.py @@ -8,39 +8,17 @@ See the file 'doc/COPYING' for copying permission import re from lib.core.agent import agent -from lib.core.common import arrayizeValue -from lib.core.common import Backend -from lib.core.common import filterPairValues -from lib.core.common import getLimitRange -from lib.core.common import getUnicode -from lib.core.common import isAdminFromPrivileges -from lib.core.common import isInferenceAvailable -from lib.core.common import isNoneValue -from lib.core.common import isNumPosStrValue -from lib.core.common import isTechniqueAvailable -from lib.core.common import parsePasswordHash -from lib.core.common import randomStr -from lib.core.common import readInput -from lib.core.common import strToHex -from lib.core.common import unArrayizeValue -from lib.core.data import conf -from lib.core.data import kb -from lib.core.data import logger -from lib.core.data import queries -from lib.core.dicts import MYSQL_PRIVS -from lib.core.dicts import PGSQL_PRIVS -from lib.core.dicts import FIREBIRD_PRIVS -from lib.core.dicts import DB2_PRIVS +from lib.core.common import arrayizeValue, Backend, filterPairValues, getLimitRange, \ + getUnicode, isAdminFromPrivileges, isInferenceAvailable, isNoneValue, isNumPosStrValue, isTechniqueAvailable,\ + parsePasswordHash, randomStr, readInput, strToHex, unArrayizeValue +from lib.core.data import conf, kb, logger, queries +from lib.core.dicts import MYSQL_PRIVS, PGSQL_PRIVS, FIREBIRD_PRIVS, DB2_PRIVS from lib.core.enums import CHARSET_TYPE -from lib.core.enums import DBMS -from lib.core.enums import EXPECTED -from lib.core.enums import PAYLOAD -from lib.core.exception import sqlmapNoneDataException -from lib.core.exception import sqlmapUserQuitException +from lib.core.enums import DBMS, EXPECTED, PAYLOAD +from lib.core.exception import sqlmapNoneDataException, sqlmapUserQuitException from lib.core.threads import getCurrentThreadData from lib.request import inject -from lib.utils.hash import attackCachedUsersPasswords -from lib.utils.hash import storeHashesToFile +from lib.utils.hash import attackCachedUsersPasswords, storeHashesToFile from lib.utils.pivotdumptable import pivotDumpTable class Users: diff --git a/tamper/__init__.py b/tamper/__init__.py index ee9da5b1d..b04606ac5 100644 --- a/tamper/__init__.py +++ b/tamper/__init__.py @@ -5,4 +5,3 @@ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ -pass \ No newline at end of file diff --git a/tamper/appendnullbyte.py b/tamper/appendnullbyte.py index cd5a2649b..319ed9a58 100644 --- a/tamper/appendnullbyte.py +++ b/tamper/appendnullbyte.py @@ -12,6 +12,7 @@ __priority__ = PRIORITY.LOWEST def dependencies(): pass + def tamper(payload, **kwargs): """ Appends encoded NULL byte character at the end of payload diff --git a/tamper/base64encode.py b/tamper/base64encode.py index 98c980c84..71a8d9461 100644 --- a/tamper/base64encode.py +++ b/tamper/base64encode.py @@ -14,6 +14,7 @@ __priority__ = PRIORITY.LOWEST def dependencies(): pass + def tamper(payload, **kwargs): """ Base64 all characters in a given payload diff --git a/tamper/between.py b/tamper/between.py index 18ef3e9f7..9505dca7f 100644 --- a/tamper/between.py +++ b/tamper/between.py @@ -14,6 +14,7 @@ __priority__ = PRIORITY.HIGHEST def dependencies(): pass + def tamper(payload, **kwargs): """ Replaces greater than operator ('>') with 'NOT BETWEEN 0 AND #' @@ -55,9 +56,9 @@ def tamper(payload, **kwargs): doublequote = not doublequote elif payload[i] == ">" and not doublequote and not quote: - retVal += " " if i > 0 and not payload[i-1].isspace() else "" - retVal += "NOT BETWEEN %s AND" % ('0' if re.search(r"\A[^\w]*\d", payload[i+1:]) else "NULL") - retVal += " " if i < len(payload) - 1 and not payload[i+1:i+2].isspace() else "" + retVal += " " if i > 0 and not payload[i - 1].isspace() else "" + retVal += "NOT BETWEEN %s AND" % ('0' if re.search(r"\A[^\w]*\d", payload[i + 1:]) else "NULL") + retVal += " " if i < len(payload) - 1 and not payload[i + 1:i + 2].isspace() else "" continue diff --git a/tamper/charunicodeencode.py b/tamper/charunicodeencode.py index 4f31f0e8c..137b3c798 100644 --- a/tamper/charunicodeencode.py +++ b/tamper/charunicodeencode.py @@ -14,7 +14,9 @@ from lib.core.common import singleTimeWarnMessage __priority__ = PRIORITY.LOWEST def dependencies(): - singleTimeWarnMessage("tamper script '%s' is only meant to be run against ASP or ASP.NET web applications" % os.path.basename(__file__).split(".")[0]) + singleTimeWarnMessage(u"tamper script '%s' is only meant to be run against ASP or ASP.NET web applications" % + os.path.basename(__file__).split(".")[0]) + def tamper(payload, **kwargs): """ @@ -48,8 +50,9 @@ def tamper(payload, **kwargs): i = 0 while i < len(payload): - if payload[i] == '%' and (i < len(payload) - 2) and payload[i+1:i+2] in string.hexdigits and payload[i+2:i+3] in string.hexdigits: - retVal += "%%u00%s" % payload[i+1:i+3] + if payload[i] == '%' and (i < len(payload) - 2) and payload[i + 1:i + 2] in string.hexdigits and \ + payload[i + 2:i + 3] in string.hexdigits: + retVal += "%%u00%s" % payload[i + 1:i + 3] i += 3 else: retVal += '%%u%.4X' % ord(payload[i]) diff --git a/tamper/equaltolike.py b/tamper/equaltolike.py index 85d9385d1..962b9eddf 100644 --- a/tamper/equaltolike.py +++ b/tamper/equaltolike.py @@ -9,13 +9,14 @@ import os import re from lib.core.common import singleTimeWarnMessage -from lib.core.enums import DBMS -from lib.core.enums import PRIORITY +from lib.core.enums import DBMS, PRIORITY __priority__ = PRIORITY.HIGHEST def dependencies(): - singleTimeWarnMessage("tamper script '%s' is unlikely to work against %s" % (os.path.basename(__file__).split(".")[0], DBMS.PGSQL)) + singleTimeWarnMessage( + u"tamper script '%s' is unlikely to work against %s" % (os.path.basename(__file__).split(".")[0], DBMS.PGSQL)) + def tamper(payload, **kwargs): """ diff --git a/tamper/halfversionedmorekeywords.py b/tamper/halfversionedmorekeywords.py index 381a35d49..70dd1a101 100644 --- a/tamper/halfversionedmorekeywords.py +++ b/tamper/halfversionedmorekeywords.py @@ -10,14 +10,15 @@ import re from lib.core.common import singleTimeWarnMessage from lib.core.data import kb -from lib.core.enums import DBMS -from lib.core.enums import PRIORITY +from lib.core.enums import DBMS, PRIORITY from lib.core.settings import IGNORE_SPACE_AFFECTED_KEYWORDS __priority__ = PRIORITY.HIGHER def dependencies(): - singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s < 5.1" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL)) + singleTimeWarnMessage(u"tamper script '%s' is only meant to be run against %s < 5.1" % ( + os.path.basename(__file__).split(".")[0], DBMS.MYSQL)) + def tamper(payload, **kwargs): """ diff --git a/tamper/modsecurityversioned.py b/tamper/modsecurityversioned.py index 8c5a1121e..659153798 100644 --- a/tamper/modsecurityversioned.py +++ b/tamper/modsecurityversioned.py @@ -13,6 +13,7 @@ __priority__ = PRIORITY.HIGHER def dependencies(): pass + def tamper(payload, **kwargs): """ Embraces complete query with versioned comment @@ -41,6 +42,7 @@ def tamper(payload, **kwargs): payload = payload[:payload.find(comment)] break if ' ' in payload: - retVal = "%s /*!30%s%s*/%s" % (payload[:payload.find(' ')], randomInt(3), payload[payload.find(' ') + 1:], postfix) + retVal = "%s /*!30%s%s*/%s" % ( + payload[:payload.find(' ')], randomInt(3), payload[payload.find(' ') + 1:], postfix) return retVal diff --git a/tamper/modsecurityzeroversioned.py b/tamper/modsecurityzeroversioned.py index d839736b5..5f40cada0 100644 --- a/tamper/modsecurityzeroversioned.py +++ b/tamper/modsecurityzeroversioned.py @@ -12,6 +12,7 @@ __priority__ = PRIORITY.HIGHER def dependencies(): pass + def tamper(payload, **kwargs): """ Embraces complete query with zero-versioned comment diff --git a/tamper/multiplespaces.py b/tamper/multiplespaces.py index 718762896..a938291a3 100644 --- a/tamper/multiplespaces.py +++ b/tamper/multiplespaces.py @@ -16,6 +16,7 @@ __priority__ = PRIORITY.NORMAL def dependencies(): pass + def tamper(payload, **kwargs): """ Adds multiple spaces around SQL keywords @@ -43,7 +44,8 @@ def tamper(payload, **kwargs): words.add(word) for word in words: - retVal = re.sub("(?<=\W)%s(?=[^A-Za-z_(]|\Z)" % word, "%s%s%s" % (' '*random.randrange(1,4), word, ' '*random.randrange(1,4)), retVal) - retVal = re.sub("(?<=\W)%s(?=[(])" % word, "%s%s" % (' '*random.randrange(1,4), word), retVal) + retVal = re.sub("(?<=\W)%s(?=[^A-Za-z_(]|\Z)" % word, + "%s%s%s" % (' ' * random.randrange(1, 4), word, ' ' * random.randrange(1, 4)), retVal) + retVal = re.sub("(?<=\W)%s(?=[(])" % word, "%s%s" % (' ' * random.randrange(1, 4), word), retVal) return retVal diff --git a/tamper/percentage.py b/tamper/percentage.py index 14235cf7e..a93486e46 100644 --- a/tamper/percentage.py +++ b/tamper/percentage.py @@ -14,7 +14,9 @@ from lib.core.common import singleTimeWarnMessage __priority__ = PRIORITY.LOW def dependencies(): - singleTimeWarnMessage("tamper script '%s' is only meant to be run against ASP web applications" % os.path.basename(__file__).split(".")[0]) + singleTimeWarnMessage(u"tamper script '%s' is only meant to be run against ASP web applications" % + os.path.basename(__file__).split(".")[0]) + def tamper(payload, **kwargs): """ @@ -41,8 +43,9 @@ def tamper(payload, **kwargs): i = 0 while i < len(payload): - if payload[i] == '%' and (i < len(payload) - 2) and payload[i+1:i+2] in string.hexdigits and payload[i+2:i+3] in string.hexdigits: - retVal += payload[i:i+3] + if payload[i] == '%' and (i < len(payload) - 2) and payload[i + 1:i + 2] in string.hexdigits and payload[ + i + 2:i + 3] in string.hexdigits: + retVal += payload[i:i + 3] i += 3 elif payload[i] != ' ': retVal += '%%%s' % payload[i] diff --git a/tamper/randomcase.py b/tamper/randomcase.py index de6e4cfbe..cee950b8b 100644 --- a/tamper/randomcase.py +++ b/tamper/randomcase.py @@ -5,7 +5,7 @@ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ -import re +from re import finditer from lib.core.common import randomRange from lib.core.data import kb @@ -16,6 +16,7 @@ __priority__ = PRIORITY.NORMAL def dependencies(): pass + def tamper(payload, **kwargs): """ Replaces each keyword character with random case value @@ -39,7 +40,7 @@ def tamper(payload, **kwargs): retVal = payload if payload: - for match in re.finditer(r"[A-Za-z_]+", retVal): + for match in finditer(r"[A-Za-z_]+", retVal): word = match.group() if word.upper() in kb.keywords: diff --git a/tamper/randomcomments.py b/tamper/randomcomments.py index 50e455a1e..ba7dde9b3 100644 --- a/tamper/randomcomments.py +++ b/tamper/randomcomments.py @@ -5,7 +5,7 @@ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ -import re +from re import finditer from lib.core.common import randomRange from lib.core.data import kb @@ -22,7 +22,7 @@ def tamper(payload, **kwargs): retVal = payload if payload: - for match in re.finditer(r"[A-Za-z_]+", payload): + for match in finditer(r"[A-Za-z_]+", payload): word = match.group() if len(word) < 2: diff --git a/tamper/securesphere.py b/tamper/securesphere.py index a6755a25a..7e33e799b 100644 --- a/tamper/securesphere.py +++ b/tamper/securesphere.py @@ -5,8 +5,6 @@ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ -from lib.core.common import randomRange -from lib.core.data import kb from lib.core.enums import PRIORITY __priority__ = PRIORITY.NORMAL @@ -14,6 +12,7 @@ __priority__ = PRIORITY.NORMAL def dependencies(): pass + def tamper(payload, **kwargs): """ Appends special crafted string diff --git a/tamper/sp_password.py b/tamper/sp_password.py index 00912ea31..b8bfc2987 100644 --- a/tamper/sp_password.py +++ b/tamper/sp_password.py @@ -28,6 +28,7 @@ def tamper(payload, **kwargs): retVal = "" if payload: - retVal = "%s%ssp_password" % (payload, "-- " if not any(_ if _ in payload else None for _ in ('#', "-- ")) else "") + retVal = "%s%ssp_password" % ( + payload, "-- " if not any(_ if _ in payload else None for _ in ('#', "-- ")) else "") return retVal diff --git a/tamper/space2comment.py b/tamper/space2comment.py index e3bb6fe46..167000573 100644 --- a/tamper/space2comment.py +++ b/tamper/space2comment.py @@ -12,6 +12,7 @@ __priority__ = PRIORITY.LOW def dependencies(): pass + def tamper(payload, **kwargs): """ Replaces space character (' ') with comments '/**/' @@ -49,7 +50,7 @@ def tamper(payload, **kwargs): elif payload[i] == '"': doublequote = not doublequote - elif payload[i]==" " and not doublequote and not quote: + elif payload[i] == " " and not doublequote and not quote: retVal += "/**/" continue diff --git a/tamper/space2dash.py b/tamper/space2dash.py index e70b62c61..99db2a05e 100644 --- a/tamper/space2dash.py +++ b/tamper/space2dash.py @@ -38,9 +38,10 @@ def tamper(payload, **kwargs): if payload: for i in xrange(len(payload)): if payload[i].isspace(): - randomStr = ''.join(random.choice(string.ascii_uppercase + string.lowercase) for _ in xrange(random.randint(6, 12))) + randomStr = ''.join( + random.choice(string.ascii_uppercase + string.lowercase) for _ in xrange(random.randint(6, 12))) retVal += "--%s%%0A" % randomStr - elif payload[i] == '#' or payload[i:i+3] == '-- ': + elif payload[i] == '#' or payload[i:i + 3] == '-- ': retVal += payload[i:] break else: diff --git a/tamper/space2hash.py b/tamper/space2hash.py index 3a423415c..b3d7a260c 100644 --- a/tamper/space2hash.py +++ b/tamper/space2hash.py @@ -16,7 +16,9 @@ from lib.core.enums import PRIORITY __priority__ = PRIORITY.LOW def dependencies(): - singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL)) + singleTimeWarnMessage(u"tamper script '%s' is only meant to be run against %s" % ( + os.path.basename(__file__).split(".")[0], DBMS.MYSQL)) + def tamper(payload, **kwargs): """ @@ -44,9 +46,10 @@ def tamper(payload, **kwargs): if payload: for i in xrange(len(payload)): if payload[i].isspace(): - randomStr = ''.join(random.choice(string.ascii_uppercase + string.lowercase) for _ in xrange(random.randint(6, 12))) + randomStr = ''.join( + random.choice(string.ascii_uppercase + string.lowercase) for _ in xrange(random.randint(6, 12))) retVal += "%%23%s%%0A" % randomStr - elif payload[i] == '#' or payload[i:i+3] == '-- ': + elif payload[i] == '#' or payload[i:i + 3] == '-- ': retVal += payload[i:] break else: diff --git a/tamper/space2morehash.py b/tamper/space2morehash.py index 99491516c..34bef45af 100644 --- a/tamper/space2morehash.py +++ b/tamper/space2morehash.py @@ -12,14 +12,15 @@ import string from lib.core.common import singleTimeWarnMessage from lib.core.data import kb -from lib.core.enums import DBMS -from lib.core.enums import PRIORITY +from lib.core.enums import DBMS, PRIORITY from lib.core.settings import IGNORE_SPACE_AFFECTED_KEYWORDS __priority__ = PRIORITY.LOW def dependencies(): - singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s > 5.1.13" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL)) + singleTimeWarnMessage(u"tamper script '%s' is only meant to be run against %s > 5.1.13" % ( + os.path.basename(__file__).split(".")[0], DBMS.MYSQL)) + def tamper(payload, **kwargs): """ @@ -44,23 +45,25 @@ def tamper(payload, **kwargs): def process(match): word = match.group('word') - randomStr = ''.join(random.choice(string.ascii_uppercase + string.lowercase) for _ in xrange(random.randint(6, 12))) + randomStr = ''.join( + random.choice(string.ascii_uppercase + string.lowercase) for _ in xrange(random.randint(6, 12))) if word.upper() in kb.keywords and word.upper() not in IGNORE_SPACE_AFFECTED_KEYWORDS: return match.group().replace(word, "%s%%23%s%%0A" % (word, randomStr)) else: return match.group() - retVal = "" + retVal = "" if payload: payload = re.sub(r"(?<=\W)(?P[A-Za-z_]+)(?=\W|\Z)", lambda match: process(match), payload) for i in xrange(len(payload)): if payload[i].isspace(): - randomStr = ''.join(random.choice(string.ascii_uppercase + string.lowercase) for _ in xrange(random.randint(6, 12))) + randomStr = ''.join( + random.choice(string.ascii_uppercase + string.lowercase) for _ in xrange(random.randint(6, 12))) retVal += "%%23%s%%0A" % randomStr - elif payload[i] == '#' or payload[i:i+3] == '-- ': + elif payload[i] == '#' or payload[i:i + 3] == '-- ': retVal += payload[i:] break else: diff --git a/tamper/space2mssqlblank.py b/tamper/space2mssqlblank.py index 67e15deaa..607e5e5a6 100644 --- a/tamper/space2mssqlblank.py +++ b/tamper/space2mssqlblank.py @@ -15,7 +15,9 @@ from lib.core.enums import PRIORITY __priority__ = PRIORITY.LOW def dependencies(): - singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MSSQL)) + singleTimeWarnMessage(u"tamper script '%s' is only meant to be run against %s" % ( + os.path.basename(__file__).split(".")[0], DBMS.MSSQL)) + def tamper(payload, **kwargs): """ @@ -73,7 +75,7 @@ def tamper(payload, **kwargs): elif payload[i] == '"': doublequote = not doublequote - elif payload[i] == '#' or payload[i:i+3] == '-- ': + elif payload[i] == '#' or payload[i:i + 3] == '-- ': end = True elif payload[i] == " " and not doublequote and not quote: @@ -82,8 +84,8 @@ def tamper(payload, **kwargs): else: retVal += random.choice(blanks) - continue - + continue + retVal += payload[i] return retVal diff --git a/tamper/space2mssqlhash.py b/tamper/space2mssqlhash.py index d9aa81149..3342e3f3d 100644 --- a/tamper/space2mssqlhash.py +++ b/tamper/space2mssqlhash.py @@ -32,7 +32,7 @@ def tamper(payload, **kwargs): for i in xrange(len(payload)): if payload[i].isspace(): retVal += "%23%0A" - elif payload[i] == '#' or payload[i:i+3] == '-- ': + elif payload[i] == '#' or payload[i:i + 3] == '-- ': retVal += payload[i:] break else: diff --git a/tamper/space2mysqlblank.py b/tamper/space2mysqlblank.py index f04eadb43..86249643b 100644 --- a/tamper/space2mysqlblank.py +++ b/tamper/space2mysqlblank.py @@ -9,13 +9,14 @@ import os import random from lib.core.common import singleTimeWarnMessage -from lib.core.enums import DBMS -from lib.core.enums import PRIORITY +from lib.core.enums import DBMS, PRIORITY __priority__ = PRIORITY.LOW def dependencies(): - singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL)) + singleTimeWarnMessage(u"tamper script '%s' is only meant to be run against %s" % ( + os.path.basename(__file__).split(".")[0], DBMS.MYSQL)) + def tamper(payload, **kwargs): """ diff --git a/tamper/space2mysqldash.py b/tamper/space2mysqldash.py index c2870f5fb..e09a1e43e 100644 --- a/tamper/space2mysqldash.py +++ b/tamper/space2mysqldash.py @@ -8,13 +8,14 @@ See the file 'doc/COPYING' for copying permission import os from lib.core.common import singleTimeWarnMessage -from lib.core.enums import DBMS -from lib.core.enums import PRIORITY +from lib.core.enums import DBMS, PRIORITY __priority__ = PRIORITY.LOW def dependencies(): - singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL)) + singleTimeWarnMessage(u"tamper script '%s' is only meant to be run against %s" % ( + os.path.basename(__file__).split(".")[0], DBMS.MYSQL)) + def tamper(payload, **kwargs): """ @@ -41,7 +42,7 @@ def tamper(payload, **kwargs): for i in xrange(len(payload)): if payload[i].isspace(): retVal += "--%0A" - elif payload[i] == '#' or payload[i:i+3] == '-- ': + elif payload[i] == '#' or payload[i:i + 3] == '-- ': retVal += payload[i:] break else: diff --git a/tamper/unionalltounion.py b/tamper/unionalltounion.py index 1f8b3c710..5e80233c2 100644 --- a/tamper/unionalltounion.py +++ b/tamper/unionalltounion.py @@ -5,8 +5,6 @@ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ -import re - from lib.core.enums import PRIORITY __priority__ = PRIORITY.HIGHEST @@ -14,6 +12,7 @@ __priority__ = PRIORITY.HIGHEST def dependencies(): pass + def tamper(payload, **kwargs): """ Replaces UNION ALL SELECT with UNION SELECT diff --git a/tamper/unmagicquotes.py b/tamper/unmagicquotes.py index 4d75e2a8d..55bef2669 100644 --- a/tamper/unmagicquotes.py +++ b/tamper/unmagicquotes.py @@ -14,6 +14,7 @@ __priority__ = PRIORITY.NORMAL def dependencies(): pass + def tamper(payload, **kwargs): """ Replaces quote character (') with a multi-byte combo %bf%27 together with diff --git a/tamper/versionedkeywords.py b/tamper/versionedkeywords.py index f5d9852de..66693ad66 100644 --- a/tamper/versionedkeywords.py +++ b/tamper/versionedkeywords.py @@ -10,13 +10,14 @@ import re from lib.core.common import singleTimeWarnMessage from lib.core.data import kb -from lib.core.enums import DBMS -from lib.core.enums import PRIORITY +from lib.core.enums import DBMS, PRIORITY __priority__ = PRIORITY.HIGHER def dependencies(): - singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL)) + singleTimeWarnMessage(u"tamper script '%s' is only meant to be run against %s" % ( + os.path.basename(__file__).split(".")[0], DBMS.MYSQL)) + def tamper(payload, **kwargs): """ diff --git a/tamper/versionedmorekeywords.py b/tamper/versionedmorekeywords.py index 956c5376d..3bc20bd46 100644 --- a/tamper/versionedmorekeywords.py +++ b/tamper/versionedmorekeywords.py @@ -10,14 +10,15 @@ import re from lib.core.common import singleTimeWarnMessage from lib.core.data import kb -from lib.core.enums import DBMS -from lib.core.enums import PRIORITY +from lib.core.enums import DBMS, PRIORITY from lib.core.settings import IGNORE_SPACE_AFFECTED_KEYWORDS __priority__ = PRIORITY.HIGHER def dependencies(): - singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s >= 5.1.13" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL)) + singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s >= 5.1.13" % ( + os.path.basename(__file__).split(".")[0], DBMS.MYSQL)) + def tamper(payload, **kwargs): """