sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-25 19:13:48 +03:00
Code Issues Packages Projects Releases Wiki Activity

Adapted the code to support a list of targets from a text file (Burp log file) or from a directory (WebScarab conversations folder) with command line option -l.

Browse Source
This commit is contained in:
Bernardo Damele 2008-11-20 17:56:09 +00:00
parent 80425c9ccd
commit 9be844cf3e
10 changed files with 94 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/controller/checks.py
View File

@ -308,7 +308,7 @@ def checkConnection():
try: try:
kb.defaultResult = Request.queryPage() kb.defaultResult = Request.queryPage()
except sqlmapConnectionException, exceptionMsg: except sqlmapConnectionException, exceptionMsg:
if conf.googleDork: if conf.multipleTargets:
exceptionMsg += ", skipping to next url" exceptionMsg += ", skipping to next url"
logger.warn(exceptionMsg) logger.warn(exceptionMsg)
return False return False

18
lib/controller/controller.py
View File

@ -92,11 +92,11 @@ def start():
""" """
if conf.url: if conf.url:
kb.targetUrls.add(conf.url) kb.targetUrls[conf.url] = None
if conf.configFile and not kb.targetUrls: if conf.configFile and not kb.targetUrls:
errMsg = "you did not edit the configuration file properly, set " errMsg = "you did not edit the configuration file properly, set "
errMsg += "the target url" errMsg += "the target url, list of targets or google dork"
logger.error(errMsg) logger.error(errMsg)
hostCount = 0 hostCount = 0
@ -105,15 +105,17 @@ def start():
cookieStr = "" cookieStr = ""
setCookieAsInjectable = True setCookieAsInjectable = True
for targetUrl in kb.targetUrls: for targetUrl, _ in kb.targetUrls.items():
if conf.googleDork: if conf.multipleTargets:
hostCount += 1 hostCount += 1
message = "url %d: %s, " % (hostCount, targetUrl) message = "url %d: %s, " % (hostCount, targetUrl)
message += "do you want to test this url? [Y/n/q] " message += "do you want to test this url? [Y/n/q] "
test = readInput(message, default="Y") test = readInput(message, default="Y")
if test[0] in ("n", "N"): if not test:
pass
elif test[0] in ("n", "N"):
continue continue
elif test[0] in ("q", "Q"): elif test[0] in ("q", "Q"):
break break
@ -166,7 +168,7 @@ def start():
errMsg += "to the user's manual paragraph 'String match' " errMsg += "to the user's manual paragraph 'String match' "
errMsg += "for details" errMsg += "for details"
if conf.googleDork: if conf.multipleTargets:
errMsg += ", skipping to next url" errMsg += ", skipping to next url"
logger.warn(errMsg) logger.warn(errMsg)
@ -219,12 +221,12 @@ def start():
kb.injPlace, kb.injParameter, kb.injType = injDataSelected kb.injPlace, kb.injParameter, kb.injType = injDataSelected
setInjection() setInjection()
if not conf.googleDork and ( not kb.injPlace or not kb.injParameter or not kb.injType ): if not conf.multipleTargets and ( not kb.injPlace or not kb.injParameter or not kb.injType ):
raise sqlmapNotVulnerableException, "all parameters are not injectable" raise sqlmapNotVulnerableException, "all parameters are not injectable"
elif kb.injPlace and kb.injParameter and kb.injType: elif kb.injPlace and kb.injParameter and kb.injType:
condition = False condition = False
if conf.googleDork: if conf.multipleTargets:
message = "do you want to exploit this SQL injection? [Y/n] " message = "do you want to exploit this SQL injection? [Y/n] "
exploit = readInput(message, default="Y") exploit = readInput(message, default="Y")

2
lib/core/common.py
View File

@ -97,7 +97,7 @@ def paramToDict(place, parameters=None):
warnMsg = "the testable parameter '%s' " % paramStr warnMsg = "the testable parameter '%s' " % paramStr
warnMsg += "you provided is not into the %s" % place warnMsg += "you provided is not into the %s" % place
if conf.googleDork: if conf.multipleTargets:
warnMsg += ", skipping to next url" warnMsg += ", skipping to next url"
logger.warn(warnMsg) logger.warn(warnMsg)

10
lib/core/dump.py
View File

@ -219,7 +219,7 @@ class Dump:
db = "All" db = "All"
table = tableValues["__infos__"]["table"] table = tableValues["__infos__"]["table"]
if not conf.googleDork: if not conf.multipleTargets:
dumpDbPath = "%s%s%s" % (conf.dumpPath, os.sep, db) dumpDbPath = "%s%s%s" % (conf.dumpPath, os.sep, db)
if not os.path.isdir(dumpDbPath): if not os.path.isdir(dumpDbPath):
@ -259,7 +259,7 @@ class Dump:
blank = " " * (maxlength - len(column)) blank = " " * (maxlength - len(column))
self.__write("| %s%s" % (column, blank), n=False) self.__write("| %s%s" % (column, blank), n=False)
if not conf.googleDork and field == fields: if not conf.multipleTargets and field == fields:
dataToDumpFile(dumpFP, "\"%s\"" % column) dataToDumpFile(dumpFP, "\"%s\"" % column)
else: else:
dataToDumpFile(dumpFP, "\"%s\"," % column) dataToDumpFile(dumpFP, "\"%s\"," % column)
@ -267,7 +267,7 @@ class Dump:
field += 1 field += 1
self.__write("|\n%s" % separator) self.__write("|\n%s" % separator)
if not conf.googleDork: if not conf.multipleTargets:
dataToDumpFile(dumpFP, "\n") dataToDumpFile(dumpFP, "\n")
for i in range(count): for i in range(count):
@ -293,12 +293,12 @@ class Dump:
field += 1 field += 1
self.__write("|") self.__write("|")
if not conf.googleDork: if not conf.multipleTargets:
dataToDumpFile(dumpFP, "\n") dataToDumpFile(dumpFP, "\n")
self.__write("%s\n" % separator) self.__write("%s\n" % separator)
if not conf.googleDork: if not conf.multipleTargets:
dataToDumpFile(dumpFP, "\n") dataToDumpFile(dumpFP, "\n")
dumpFP.close() dumpFP.close()

46
lib/core/option.py
View File

@ -129,6 +129,48 @@ def __setGoogleDorking():
raise sqlmapGenericException, errMsg raise sqlmapGenericException, errMsg
def __feedTargetsDict(reqFile):
pass
#kb.targetUrls = googleObj.getTargetUrls()
#conf.data
#conf.cookie
def __setMultipleTargets():
"""
Define a configuration parameter if we are running in multiple target
mode.
"""
listType = None
if conf.googleDork or conf.list:
conf.multipleTargets = True
if not conf.list:
return
if not os.path.exists(conf.list):
errMsg = "the specified list of target urls does not exist"
raise sqlmapFilePathException, errMsg
if os.path.isfile(conf.list):
__feedTargetsDict(conf.list)
elif os.path.isdir(conf.list):
files = os.listdir(conf.list)
files.sort()
for reqFile in files:
if not re.search("([\d]+)\-request", reqFile):
continue
__feedTargetsDict(reqFile)
else:
errMsg = "the specified list of target urls is not a file "
errMsg += "nor a directory"
raise sqlmapFilePathException, errMsg
def __setRemoteDBMS(): def __setRemoteDBMS():
""" """
Checks and set the back-end DBMS option. Checks and set the back-end DBMS option.
@ -428,6 +470,7 @@ def __setConfAttributes():
conf.httpHeaders = [] conf.httpHeaders = []
conf.hostname = None conf.hostname = None
conf.loggedToOut = None conf.loggedToOut = None
conf.multipleTargets = False
conf.outputPath = None conf.outputPath = None
conf.paramDict = {} conf.paramDict = {}
conf.parameters = {} conf.parameters = {}
@ -462,7 +505,7 @@ def __setKnowledgeBaseAttributes():
kb.injType = None kb.injType = None
kb.parenthesis = None kb.parenthesis = None
kb.resumedQueries = {} kb.resumedQueries = {}
kb.targetUrls = set() kb.targetUrls = {}
kb.timeTest = None kb.timeTest = None
kb.unionComment = "" kb.unionComment = ""
kb.unionCount = None kb.unionCount = None
@ -582,6 +625,7 @@ def init(inputOptions=advancedDict()):
__setHTTPProxy() __setHTTPProxy()
__setThreads() __setThreads()
__setRemoteDBMS() __setRemoteDBMS()
__setMultipleTargets()
__setGoogleDorking() __setGoogleDorking()
__urllib2Opener() __urllib2Opener()

1
lib/core/optiondict.py
View File

@ -28,6 +28,7 @@ optDict = {
# Family: { "parameter_name": "parameter_datatype", # Family: { "parameter_name": "parameter_datatype",
"Request": { "Request": {
"url": "string", "url": "string",
"list": "string",
"googleDork": "string", "googleDork": "string",
"testParameter": "string", "testParameter": "string",
"method": "string", "method": "string",

4
lib/parse/cmdline.py
View File

@ -49,6 +49,8 @@ def cmdLineParser():
request.add_option("-u", "--url", dest="url", help="Target url") request.add_option("-u", "--url", dest="url", help="Target url")
request.add_option("-l", dest="list", help="List of target urls")
request.add_option("-g", dest="googleDork", request.add_option("-g", dest="googleDork",
help="Process Google dork results as target urls") help="Process Google dork results as target urls")
@ -271,7 +273,7 @@ def cmdLineParser():
(args, _) = parser.parse_args() (args, _) = parser.parse_args()
if not args.url and not args.googleDork and not args.configFile and not args.updateAll: if not args.url and not args.list and not args.googleDork and not args.configFile and not args.updateAll:
errMsg = "missing a mandatory parameter ('-u', '-g', '-c' or '--update'), " errMsg = "missing a mandatory parameter ('-u', '-g', '-c' or '--update'), "
errMsg += "-h for help" errMsg += "-h for help"
parser.error(errMsg) parser.error(errMsg)

6
lib/request/connect.py
View File

@ -162,7 +162,7 @@ class Connect:
except (urllib2.URLError, socket.error), _: except (urllib2.URLError, socket.error), _:
warnMsg = "unable to connect to the target url" warnMsg = "unable to connect to the target url"
if conf.googleDork: if conf.multipleTargets:
warnMsg += ", skipping to next url" warnMsg += ", skipping to next url"
logger.warn(warnMsg) logger.warn(warnMsg)
@ -174,7 +174,7 @@ class Connect:
except socket.timeout, _: except socket.timeout, _:
warnMsg = "connection timed out to the target url" warnMsg = "connection timed out to the target url"
if conf.googleDork: if conf.multipleTargets:
warnMsg += ", skipping to next url" warnMsg += ", skipping to next url"
logger.warn(warnMsg) logger.warn(warnMsg)
@ -188,7 +188,7 @@ class Connect:
warnMsg += "status code, try to force the HTTP User-Agent " warnMsg += "status code, try to force the HTTP User-Agent "
warnMsg += "header with option --user-agent or -a" warnMsg += "header with option --user-agent or -a"
if conf.googleDork: if conf.multipleTargets:
warnMsg += ", skipping to next url" warnMsg += ", skipping to next url"
logger.warn(warnMsg) logger.warn(warnMsg)

8
lib/utils/google.py
View File

@ -68,11 +68,15 @@ class Google:
your Google dork search results your Google dork search results
""" """
targetUrls = set() targetUrls = {}
targetUrlsSet = set()
for match in self.__matches: for match in self.__matches:
if re.search("(.*?)\?(.+)", match, re.I): if re.search("(.*?)\?(.+)", match, re.I):
targetUrls.add(match) targetUrlsSet.add(match)
for targetUrl in targetUrlsSet:
targetUrls[targetUrl] = None
return targetUrls return targetUrls

6
sqlmap.conf
View File

@ -3,7 +3,7 @@
# Target URL. # Target URL.
# Example: http://192.168.1.121/sqlmap/mysql/get_int.php?id=1&cat=2 # Example: http://192.168.1.121/sqlmap/mysql/get_int.php?id=1&cat=2
# PHP and MySQL (local) # PHP and MySQL (local)
#url = http://127.0.0.1/sqlmap/mysql/get_int.php?id=1 url = http://127.0.0.1/sqlmap/mysql/get_int.php?id=1
# PHP and Oracle (local) # PHP and Oracle (local)
#url = http://127.0.0.1/sqlmap/oracle/get_int.php?id=1 #url = http://127.0.0.1/sqlmap/oracle/get_int.php?id=1
# PHP and PostgreSQL (local) # PHP and PostgreSQL (local)
@ -18,6 +18,10 @@
#url = http://192.168.192.10/sqlmap/get_int.asp?id=1 #url = http://192.168.192.10/sqlmap/get_int.asp?id=1
# ASP.NET and MySQL (local) # ASP.NET and MySQL (local)
#url = http://192.168.192.10/sqlmap/get_int.aspx?id=1 #url = http://192.168.192.10/sqlmap/get_int.aspx?id=1
#url =
# List of targets
list =
# Rather than providing a target url, let Google return target # Rather than providing a target url, let Google return target
# hosts as result of your Google dork expression. For a list of Google # hosts as result of your Google dork expression. For a list of Google