From dd8fcaeb438fd87758b4fbb148d0068d24aa4bb2 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 29 Dec 2015 14:32:13 +0100 Subject: [PATCH 01/79] Minor refactoring of some revisited code --- lib/parse/cmdline.py | 8 ++++---- lib/utils/pivotdumptable.py | 24 ++++++++++++------------ 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index 131421903..81af9daa3 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -801,10 +801,10 @@ def cmdLineParser(argv=None): # Dirty hack to display longer options without breaking into two lines def _(self, *args): - _ = parser.formatter._format_option_strings(*args) - if len(_) > MAX_HELP_OPTION_LENGTH: - _ = ("%%.%ds.." % (MAX_HELP_OPTION_LENGTH - parser.formatter.indent_increment)) % _ - return _ + retVal = parser.formatter._format_option_strings(*args) + if len(retVal) > MAX_HELP_OPTION_LENGTH: + retVal = ("%%.%ds.." % (MAX_HELP_OPTION_LENGTH - parser.formatter.indent_increment)) % retVal + return retVal parser.formatter._format_option_strings = parser.formatter.format_option_strings parser.formatter.format_option_strings = type(parser.formatter.format_option_strings)(_, parser, type(parser)) diff --git a/lib/utils/pivotdumptable.py b/lib/utils/pivotdumptable.py index 6703e5dc7..705edc9ea 100644 --- a/lib/utils/pivotdumptable.py +++ b/lib/utils/pivotdumptable.py @@ -116,29 +116,29 @@ def pivotDumpTable(table, colList, count=None, blind=True): pivotValue = " " breakRetrieval = False + def _(column, pivotValue): + if column == colList[0]: + query = dumpNode.query.replace("'%s'", "%s") % (agent.preprocessField(table, column), table, agent.preprocessField(table, column), unescaper.escape(pivotValue, False)) + else: + query = dumpNode.query2.replace("'%s'", "%s") % (agent.preprocessField(table, column), table, agent.preprocessField(table, colList[0]), unescaper.escape(pivotValue, False)) + + query = whereQuery(query) + return unArrayizeValue(inject.getValue(query, blind=blind, time=blind, union=not blind, error=not blind)) + try: for i in xrange(count): if breakRetrieval: break for column in colList: - def _(pivotValue): - if column == colList[0]: - query = dumpNode.query.replace("'%s'", "%s") % (agent.preprocessField(table, column), table, agent.preprocessField(table, column), unescaper.escape(pivotValue, False)) - else: - query = dumpNode.query2.replace("'%s'", "%s") % (agent.preprocessField(table, column), table, agent.preprocessField(table, colList[0]), unescaper.escape(pivotValue, False)) - - query = whereQuery(query) - - return unArrayizeValue(inject.getValue(query, blind=blind, time=blind, union=not blind, error=not blind)) - - value = _(pivotValue) + value = _(column, pivotValue) if column == colList[0]: if isNoneValue(value): for pivotValue in filter(None, (" " if pivotValue == " " else None, "%s%s" % (pivotValue[0], unichr(ord(pivotValue[1]) + 1)) if len(pivotValue) > 1 else None, unichr(ord(pivotValue[0]) + 1))): - value = _(pivotValue) + value = _(column, pivotValue) if not isNoneValue(value): break + if isNoneValue(value): breakRetrieval = True break From 42066cfb3ddbd4a1ea6c244782ae83139fafc0f9 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 30 Dec 2015 12:41:56 +0100 Subject: [PATCH 02/79] Minor refactoring --- lib/core/enums.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/lib/core/enums.py b/lib/core/enums.py index 64e074ca2..32bd25d9e 100644 --- a/lib/core/enums.py +++ b/lib/core/enums.py @@ -164,8 +164,10 @@ class HTTP_HEADER: CONTENT_RANGE = "Content-Range" CONTENT_TYPE = "Content-Type" COOKIE = "Cookie" - SET_COOKIE = "Set-Cookie" + EXPIRES = "Expires" HOST = "Host" + IF_MODIFIED_SINCE = "If-Modified-Since" + LAST_MODIFIED = "Last-Modified" LOCATION = "Location" PRAGMA = "Pragma" PROXY_AUTHORIZATION = "Proxy-Authorization" @@ -173,9 +175,10 @@ class HTTP_HEADER: RANGE = "Range" REFERER = "Referer" SERVER = "Server" - USER_AGENT = "User-Agent" + SET_COOKIE = "Set-Cookie" TRANSFER_ENCODING = "Transfer-Encoding" URI = "URI" + USER_AGENT = "User-Agent" VIA = "Via" X_POWERED_BY = "X-Powered-By" From 03160d99eb1ec2bdab5c75151f9816156f835c58 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 30 Dec 2015 13:39:08 +0100 Subject: [PATCH 03/79] Fixes #1630 --- lib/utils/hashdb.py | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/utils/hashdb.py b/lib/utils/hashdb.py index 9b7ea8de3..617bd203a 100644 --- a/lib/utils/hashdb.py +++ b/lib/utils/hashdb.py @@ -38,6 +38,7 @@ class HashDB(object): connection = sqlite3.connect(self.filepath, timeout=3, isolation_level=None) threadData.hashDBCursor = connection.cursor() threadData.hashDBCursor.execute("CREATE TABLE IF NOT EXISTS storage (id INTEGER PRIMARY KEY, value TEXT)") + connection.commit() except Exception, ex: errMsg = "error occurred while opening a session " errMsg += "file '%s' ('%s')" % (self.filepath, ex) From 7d334cca480c5f2c1487573afa3adc06c2b29fa8 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 4 Jan 2016 12:08:56 +0100 Subject: [PATCH 04/79] Minor style patch --- plugins/generic/misc.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/generic/misc.py b/plugins/generic/misc.py index 108c55943..ea52987d2 100644 --- a/plugins/generic/misc.py +++ b/plugins/generic/misc.py @@ -70,7 +70,7 @@ class Miscellaneous: conf.tmpPath = normalizePath(conf.tmpPath) conf.tmpPath = ntToPosixSlashes(conf.tmpPath) - singleTimeDebugMessage("going to use %s as temporary files directory" % conf.tmpPath) + singleTimeDebugMessage("going to use '%s' as temporary files directory" % conf.tmpPath) hashDBWrite(HASHDB_KEYS.CONF_TMP_PATH, conf.tmpPath) From 59ff8114ffa7d40457e7082eea814f54e8f9ed53 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 4 Jan 2016 12:09:08 +0100 Subject: [PATCH 05/79] Fixes #1635 --- lib/utils/hash.py | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/lib/utils/hash.py b/lib/utils/hash.py index 271485550..e90a39926 100644 --- a/lib/utils/hash.py +++ b/lib/utils/hash.py @@ -123,6 +123,13 @@ def postgres_passwd(password, username, uppercase=False): 'md599e5ea7a6f7c3269995cba3927fd0093' """ + + if isinstance(username, unicode): + username = unicode.encode(username, UNICODE_ENCODING) + + if isinstance(password, unicode): + password = unicode.encode(password, UNICODE_ENCODING) + retVal = "md5%s" % md5(password + username).hexdigest() return retVal.upper() if uppercase else retVal.lower() @@ -207,7 +214,7 @@ def oracle_old_passwd(password, username, uppercase=True): # prior to version ' IV, pad = "\0" * 8, "\0" if isinstance(username, unicode): - username = unicode.encode(username, UNICODE_ENCODING) # pyDes has issues with unicode strings + username = unicode.encode(username, UNICODE_ENCODING) if isinstance(password, unicode): password = unicode.encode(password, UNICODE_ENCODING) From d0d676ccce8255f2424f079bcaf0a7dfb1d42802 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 6 Jan 2016 00:06:12 +0100 Subject: [PATCH 06/79] Update of copyright string --- extra/__init__.py | 2 +- extra/beep/__init__.py | 2 +- extra/beep/beep.py | 2 +- extra/cloak/__init__.py | 2 +- extra/cloak/cloak.py | 2 +- extra/dbgtool/__init__.py | 2 +- extra/dbgtool/dbgtool.py | 2 +- extra/mssqlsig/update.py | 2 +- extra/safe2bin/__init__.py | 2 +- extra/safe2bin/safe2bin.py | 2 +- extra/shutils/duplicates.py | 2 +- extra/shutils/regressiontest.py | 2 +- extra/sqlharvest/__init__.py | 2 +- extra/sqlharvest/sqlharvest.py | 2 +- lib/__init__.py | 2 +- lib/controller/__init__.py | 2 +- lib/controller/action.py | 2 +- lib/controller/checks.py | 2 +- lib/controller/controller.py | 2 +- lib/controller/handler.py | 2 +- lib/core/__init__.py | 2 +- lib/core/agent.py | 2 +- lib/core/bigarray.py | 2 +- lib/core/common.py | 2 +- lib/core/convert.py | 2 +- lib/core/data.py | 2 +- lib/core/datatype.py | 2 +- lib/core/decorators.py | 2 +- lib/core/defaults.py | 2 +- lib/core/dicts.py | 2 +- lib/core/dump.py | 2 +- lib/core/enums.py | 2 +- lib/core/exception.py | 2 +- lib/core/log.py | 2 +- lib/core/option.py | 2 +- lib/core/optiondict.py | 2 +- lib/core/profiling.py | 2 +- lib/core/readlineng.py | 2 +- lib/core/replication.py | 2 +- lib/core/revision.py | 2 +- lib/core/session.py | 2 +- lib/core/settings.py | 2 +- lib/core/shell.py | 2 +- lib/core/subprocessng.py | 2 +- lib/core/target.py | 2 +- lib/core/testing.py | 2 +- lib/core/threads.py | 2 +- lib/core/unescaper.py | 2 +- lib/core/update.py | 2 +- lib/core/wordlist.py | 2 +- lib/parse/__init__.py | 2 +- lib/parse/banner.py | 2 +- lib/parse/cmdline.py | 2 +- lib/parse/configfile.py | 2 +- lib/parse/handler.py | 2 +- lib/parse/headers.py | 2 +- lib/parse/html.py | 2 +- lib/parse/payloads.py | 2 +- lib/parse/sitemap.py | 2 +- lib/request/__init__.py | 2 +- lib/request/basic.py | 2 +- lib/request/basicauthhandler.py | 2 +- lib/request/comparison.py | 2 +- lib/request/connect.py | 2 +- lib/request/direct.py | 2 +- lib/request/dns.py | 2 +- lib/request/httpshandler.py | 2 +- lib/request/inject.py | 2 +- lib/request/methodrequest.py | 2 +- lib/request/pkihandler.py | 2 +- lib/request/rangehandler.py | 2 +- lib/request/redirecthandler.py | 2 +- lib/request/templates.py | 2 +- lib/takeover/__init__.py | 2 +- lib/takeover/abstraction.py | 2 +- lib/takeover/icmpsh.py | 2 +- lib/takeover/metasploit.py | 2 +- lib/takeover/registry.py | 2 +- lib/takeover/udf.py | 2 +- lib/takeover/web.py | 2 +- lib/takeover/xp_cmdshell.py | 2 +- lib/techniques/__init__.py | 2 +- lib/techniques/blind/__init__.py | 2 +- lib/techniques/blind/inference.py | 2 +- lib/techniques/brute/__init__.py | 2 +- lib/techniques/brute/use.py | 2 +- lib/techniques/dns/__init__.py | 2 +- lib/techniques/dns/test.py | 2 +- lib/techniques/dns/use.py | 2 +- lib/techniques/error/__init__.py | 2 +- lib/techniques/error/use.py | 2 +- lib/techniques/union/__init__.py | 2 +- lib/techniques/union/test.py | 2 +- lib/techniques/union/use.py | 2 +- lib/utils/__init__.py | 2 +- lib/utils/api.py | 2 +- lib/utils/crawler.py | 2 +- lib/utils/deps.py | 2 +- lib/utils/getch.py | 2 +- lib/utils/hash.py | 2 +- lib/utils/hashdb.py | 2 +- lib/utils/htmlentities.py | 2 +- lib/utils/pivotdumptable.py | 2 +- lib/utils/progress.py | 2 +- lib/utils/purge.py | 2 +- lib/utils/search.py | 2 +- lib/utils/sqlalchemy.py | 2 +- lib/utils/timeout.py | 2 +- lib/utils/versioncheck.py | 2 +- lib/utils/xrange.py | 2 +- plugins/__init__.py | 2 +- plugins/dbms/__init__.py | 2 +- plugins/dbms/access/__init__.py | 2 +- plugins/dbms/access/connector.py | 2 +- plugins/dbms/access/enumeration.py | 2 +- plugins/dbms/access/filesystem.py | 2 +- plugins/dbms/access/fingerprint.py | 2 +- plugins/dbms/access/syntax.py | 2 +- plugins/dbms/access/takeover.py | 2 +- plugins/dbms/db2/__init__.py | 2 +- plugins/dbms/db2/connector.py | 2 +- plugins/dbms/db2/enumeration.py | 2 +- plugins/dbms/db2/filesystem.py | 2 +- plugins/dbms/db2/fingerprint.py | 2 +- plugins/dbms/db2/syntax.py | 2 +- plugins/dbms/db2/takeover.py | 2 +- plugins/dbms/firebird/__init__.py | 2 +- plugins/dbms/firebird/connector.py | 2 +- plugins/dbms/firebird/enumeration.py | 2 +- plugins/dbms/firebird/filesystem.py | 2 +- plugins/dbms/firebird/fingerprint.py | 2 +- plugins/dbms/firebird/syntax.py | 2 +- plugins/dbms/firebird/takeover.py | 2 +- plugins/dbms/hsqldb/__init__.py | 2 +- plugins/dbms/hsqldb/connector.py | 2 +- plugins/dbms/hsqldb/enumeration.py | 2 +- plugins/dbms/hsqldb/filesystem.py | 2 +- plugins/dbms/hsqldb/fingerprint.py | 2 +- plugins/dbms/hsqldb/syntax.py | 2 +- plugins/dbms/hsqldb/takeover.py | 2 +- plugins/dbms/maxdb/__init__.py | 2 +- plugins/dbms/maxdb/connector.py | 2 +- plugins/dbms/maxdb/enumeration.py | 2 +- plugins/dbms/maxdb/filesystem.py | 2 +- plugins/dbms/maxdb/fingerprint.py | 2 +- plugins/dbms/maxdb/syntax.py | 2 +- plugins/dbms/maxdb/takeover.py | 2 +- plugins/dbms/mssqlserver/__init__.py | 2 +- plugins/dbms/mssqlserver/connector.py | 2 +- plugins/dbms/mssqlserver/enumeration.py | 2 +- plugins/dbms/mssqlserver/filesystem.py | 2 +- plugins/dbms/mssqlserver/fingerprint.py | 2 +- plugins/dbms/mssqlserver/syntax.py | 2 +- plugins/dbms/mssqlserver/takeover.py | 2 +- plugins/dbms/mysql/__init__.py | 2 +- plugins/dbms/mysql/connector.py | 2 +- plugins/dbms/mysql/enumeration.py | 2 +- plugins/dbms/mysql/filesystem.py | 2 +- plugins/dbms/mysql/fingerprint.py | 2 +- plugins/dbms/mysql/syntax.py | 2 +- plugins/dbms/mysql/takeover.py | 2 +- plugins/dbms/oracle/__init__.py | 2 +- plugins/dbms/oracle/connector.py | 2 +- plugins/dbms/oracle/enumeration.py | 2 +- plugins/dbms/oracle/filesystem.py | 2 +- plugins/dbms/oracle/fingerprint.py | 2 +- plugins/dbms/oracle/syntax.py | 2 +- plugins/dbms/oracle/takeover.py | 2 +- plugins/dbms/postgresql/__init__.py | 2 +- plugins/dbms/postgresql/connector.py | 2 +- plugins/dbms/postgresql/enumeration.py | 2 +- plugins/dbms/postgresql/filesystem.py | 2 +- plugins/dbms/postgresql/fingerprint.py | 2 +- plugins/dbms/postgresql/syntax.py | 2 +- plugins/dbms/postgresql/takeover.py | 2 +- plugins/dbms/sqlite/__init__.py | 2 +- plugins/dbms/sqlite/connector.py | 2 +- plugins/dbms/sqlite/enumeration.py | 2 +- plugins/dbms/sqlite/filesystem.py | 2 +- plugins/dbms/sqlite/fingerprint.py | 2 +- plugins/dbms/sqlite/syntax.py | 2 +- plugins/dbms/sqlite/takeover.py | 2 +- plugins/dbms/sybase/__init__.py | 2 +- plugins/dbms/sybase/connector.py | 2 +- plugins/dbms/sybase/enumeration.py | 2 +- plugins/dbms/sybase/filesystem.py | 2 +- plugins/dbms/sybase/fingerprint.py | 2 +- plugins/dbms/sybase/syntax.py | 2 +- plugins/dbms/sybase/takeover.py | 2 +- plugins/generic/__init__.py | 2 +- plugins/generic/connector.py | 2 +- plugins/generic/custom.py | 2 +- plugins/generic/databases.py | 2 +- plugins/generic/entries.py | 2 +- plugins/generic/enumeration.py | 2 +- plugins/generic/filesystem.py | 2 +- plugins/generic/fingerprint.py | 2 +- plugins/generic/misc.py | 2 +- plugins/generic/search.py | 2 +- plugins/generic/syntax.py | 2 +- plugins/generic/takeover.py | 2 +- plugins/generic/users.py | 2 +- sqlmap.py | 2 +- sqlmapapi.py | 2 +- tamper/__init__.py | 2 +- tamper/apostrophemask.py | 2 +- tamper/apostrophenullencode.py | 2 +- tamper/appendnullbyte.py | 2 +- tamper/base64encode.py | 2 +- tamper/between.py | 2 +- tamper/bluecoat.py | 2 +- tamper/chardoubleencode.py | 2 +- tamper/charencode.py | 2 +- tamper/charunicodeencode.py | 2 +- tamper/commalessmid.py | 2 +- tamper/concat2concatws.py | 2 +- tamper/equaltolike.py | 2 +- tamper/greatest.py | 2 +- tamper/halfversionedmorekeywords.py | 2 +- tamper/ifnull2ifisnull.py | 2 +- tamper/informationschemacomment.py | 2 +- tamper/lowercase.py | 2 +- tamper/modsecurityversioned.py | 2 +- tamper/modsecurityzeroversioned.py | 2 +- tamper/multiplespaces.py | 2 +- tamper/nonrecursivereplacement.py | 2 +- tamper/overlongutf8.py | 2 +- tamper/percentage.py | 2 +- tamper/randomcase.py | 2 +- tamper/randomcomments.py | 2 +- tamper/securesphere.py | 2 +- tamper/sp_password.py | 2 +- tamper/space2comment.py | 2 +- tamper/space2dash.py | 2 +- tamper/space2hash.py | 2 +- tamper/space2morehash.py | 2 +- tamper/space2mssqlblank.py | 2 +- tamper/space2mssqlhash.py | 2 +- tamper/space2mysqlblank.py | 2 +- tamper/space2mysqldash.py | 2 +- tamper/space2plus.py | 2 +- tamper/space2randomblank.py | 2 +- tamper/symboliclogical.py | 2 +- tamper/unionalltounion.py | 2 +- tamper/unmagicquotes.py | 2 +- tamper/uppercase.py | 2 +- tamper/varnish.py | 2 +- tamper/versionedkeywords.py | 2 +- tamper/versionedmorekeywords.py | 2 +- tamper/xforwardedfor.py | 2 +- waf/360.py | 2 +- waf/Newdefend.py | 2 +- waf/__init__.py | 2 +- waf/airlock.py | 2 +- waf/anquanbao.py | 2 +- waf/baidu.py | 2 +- waf/barracuda.py | 2 +- waf/bigip.py | 2 +- waf/binarysec.py | 2 +- waf/blockdos.py | 2 +- waf/ciscoacexml.py | 2 +- waf/cloudflare.py | 2 +- waf/datapower.py | 2 +- waf/denyall.py | 2 +- waf/dotdefender.py | 2 +- waf/edgecast.py | 2 +- waf/expressionengine.py | 2 +- waf/fortiweb.py | 2 +- waf/hyperguard.py | 2 +- waf/incapsula.py | 2 +- waf/isaserver.py | 2 +- waf/jiasule.py | 2 +- waf/knownsec.py | 2 +- waf/kona.py | 2 +- waf/modsecurity.py | 2 +- waf/netcontinuum.py | 2 +- waf/netscaler.py | 2 +- waf/paloalto.py | 2 +- waf/profense.py | 2 +- waf/proventia.py | 2 +- waf/radware.py | 2 +- waf/requestvalidationmode.py | 2 +- waf/safe3.py | 2 +- waf/safedog.py | 2 +- waf/secureiis.py | 2 +- waf/senginx.py | 2 +- waf/sucuri.py | 2 +- waf/teros.py | 2 +- waf/trafficshield.py | 2 +- waf/urlscan.py | 2 +- waf/uspses.py | 2 +- waf/varnish.py | 2 +- waf/webappsecure.py | 2 +- waf/webknight.py | 2 +- 294 files changed, 294 insertions(+), 294 deletions(-) diff --git a/extra/__init__.py b/extra/__init__.py index 8d7bcd8f0..c2e45792f 100644 --- a/extra/__init__.py +++ b/extra/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/extra/beep/__init__.py b/extra/beep/__init__.py index 8d7bcd8f0..c2e45792f 100644 --- a/extra/beep/__init__.py +++ b/extra/beep/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/extra/beep/beep.py b/extra/beep/beep.py index cd8ef9be5..48ba43526 100644 --- a/extra/beep/beep.py +++ b/extra/beep/beep.py @@ -3,7 +3,7 @@ """ beep.py - Make a beep sound -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/extra/cloak/__init__.py b/extra/cloak/__init__.py index 8d7bcd8f0..c2e45792f 100644 --- a/extra/cloak/__init__.py +++ b/extra/cloak/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/extra/cloak/cloak.py b/extra/cloak/cloak.py index 5e7d3c6c6..3137fe9bf 100755 --- a/extra/cloak/cloak.py +++ b/extra/cloak/cloak.py @@ -3,7 +3,7 @@ """ cloak.py - Simple file encryption/compression utility -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/extra/dbgtool/__init__.py b/extra/dbgtool/__init__.py index 8d7bcd8f0..c2e45792f 100644 --- a/extra/dbgtool/__init__.py +++ b/extra/dbgtool/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/extra/dbgtool/dbgtool.py b/extra/dbgtool/dbgtool.py index 4d3dc8c5e..fd697e817 100644 --- a/extra/dbgtool/dbgtool.py +++ b/extra/dbgtool/dbgtool.py @@ -3,7 +3,7 @@ """ dbgtool.py - Portable executable to ASCII debug script converter -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/extra/mssqlsig/update.py b/extra/mssqlsig/update.py index 67d7ee6aa..730a986c5 100644 --- a/extra/mssqlsig/update.py +++ b/extra/mssqlsig/update.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/extra/safe2bin/__init__.py b/extra/safe2bin/__init__.py index 8d7bcd8f0..c2e45792f 100644 --- a/extra/safe2bin/__init__.py +++ b/extra/safe2bin/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/extra/safe2bin/safe2bin.py b/extra/safe2bin/safe2bin.py index ff3f7d8d8..f5a14725d 100644 --- a/extra/safe2bin/safe2bin.py +++ b/extra/safe2bin/safe2bin.py @@ -3,7 +3,7 @@ """ safe2bin.py - Simple safe(hex) to binary format converter -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/extra/shutils/duplicates.py b/extra/shutils/duplicates.py index eac95ccf8..a5562cec1 100644 --- a/extra/shutils/duplicates.py +++ b/extra/shutils/duplicates.py @@ -1,6 +1,6 @@ #!/usr/bin/env python -# Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +# Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) # See the file 'doc/COPYING' for copying permission # Removes duplicate entries in wordlist like files diff --git a/extra/shutils/regressiontest.py b/extra/shutils/regressiontest.py index 415714430..d5379405e 100755 --- a/extra/shutils/regressiontest.py +++ b/extra/shutils/regressiontest.py @@ -1,6 +1,6 @@ #!/usr/bin/env python -# Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +# Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) # See the file 'doc/COPYING' for copying permission import codecs diff --git a/extra/sqlharvest/__init__.py b/extra/sqlharvest/__init__.py index 8d7bcd8f0..c2e45792f 100644 --- a/extra/sqlharvest/__init__.py +++ b/extra/sqlharvest/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/extra/sqlharvest/sqlharvest.py b/extra/sqlharvest/sqlharvest.py index 75dae5093..9391af1a5 100644 --- a/extra/sqlharvest/sqlharvest.py +++ b/extra/sqlharvest/sqlharvest.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/__init__.py b/lib/__init__.py index 8d7bcd8f0..c2e45792f 100644 --- a/lib/__init__.py +++ b/lib/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/controller/__init__.py b/lib/controller/__init__.py index 8d7bcd8f0..c2e45792f 100644 --- a/lib/controller/__init__.py +++ b/lib/controller/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/controller/action.py b/lib/controller/action.py index b134cef15..df6145f80 100644 --- a/lib/controller/action.py +++ b/lib/controller/action.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 276a3379e..a62d61e03 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/controller/controller.py b/lib/controller/controller.py index a4531b071..3c8726e22 100644 --- a/lib/controller/controller.py +++ b/lib/controller/controller.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/controller/handler.py b/lib/controller/handler.py index 471070b1b..a65f2eec2 100644 --- a/lib/controller/handler.py +++ b/lib/controller/handler.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/core/__init__.py b/lib/core/__init__.py index 8d7bcd8f0..c2e45792f 100644 --- a/lib/core/__init__.py +++ b/lib/core/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/core/agent.py b/lib/core/agent.py index 6327aeeb8..c6bcf89ef 100644 --- a/lib/core/agent.py +++ b/lib/core/agent.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/core/bigarray.py b/lib/core/bigarray.py index f31b93eea..f1d5dda8d 100644 --- a/lib/core/bigarray.py +++ b/lib/core/bigarray.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/core/common.py b/lib/core/common.py index ff981fc77..1cc38df59 100755 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/core/convert.py b/lib/core/convert.py index 26b3a49af..8af9371d0 100644 --- a/lib/core/convert.py +++ b/lib/core/convert.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/core/data.py b/lib/core/data.py index bb45072ff..6197d6b73 100644 --- a/lib/core/data.py +++ b/lib/core/data.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/core/datatype.py b/lib/core/datatype.py index 29295727b..182abe31c 100644 --- a/lib/core/datatype.py +++ b/lib/core/datatype.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/core/decorators.py b/lib/core/decorators.py index 8fa7b03b1..93019ad89 100644 --- a/lib/core/decorators.py +++ b/lib/core/decorators.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/core/defaults.py b/lib/core/defaults.py index 6adecbe25..99674aa1e 100644 --- a/lib/core/defaults.py +++ b/lib/core/defaults.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/core/dicts.py b/lib/core/dicts.py index 47e316e87..730b8d1ad 100644 --- a/lib/core/dicts.py +++ b/lib/core/dicts.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/core/dump.py b/lib/core/dump.py index 15c0c14e9..c59854e1c 100644 --- a/lib/core/dump.py +++ b/lib/core/dump.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/core/enums.py b/lib/core/enums.py index 32bd25d9e..78b6f62fd 100644 --- a/lib/core/enums.py +++ b/lib/core/enums.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/core/exception.py b/lib/core/exception.py index faeff7c41..2b09271c6 100644 --- a/lib/core/exception.py +++ b/lib/core/exception.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/core/log.py b/lib/core/log.py index 3d3328545..55386e042 100644 --- a/lib/core/log.py +++ b/lib/core/log.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/core/option.py b/lib/core/option.py index a2804d1f5..1e79761d2 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py index 5f1bd1fea..dd08bd744 100644 --- a/lib/core/optiondict.py +++ b/lib/core/optiondict.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/core/profiling.py b/lib/core/profiling.py index e93f6b80b..b581a3955 100644 --- a/lib/core/profiling.py +++ b/lib/core/profiling.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/core/readlineng.py b/lib/core/readlineng.py index 2dc0467c4..fe52ee1c1 100644 --- a/lib/core/readlineng.py +++ b/lib/core/readlineng.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/core/replication.py b/lib/core/replication.py index 476604598..92c591aa0 100644 --- a/lib/core/replication.py +++ b/lib/core/replication.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/core/revision.py b/lib/core/revision.py index 5319f1aa3..9f53f4bd3 100644 --- a/lib/core/revision.py +++ b/lib/core/revision.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/core/session.py b/lib/core/session.py index 68b4e13a4..4aa4cb49f 100644 --- a/lib/core/session.py +++ b/lib/core/session.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/core/settings.py b/lib/core/settings.py index 654049134..aa194119d 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/core/shell.py b/lib/core/shell.py index 74ae4e452..65d096d36 100644 --- a/lib/core/shell.py +++ b/lib/core/shell.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/core/subprocessng.py b/lib/core/subprocessng.py index eee73afdd..236469a1a 100644 --- a/lib/core/subprocessng.py +++ b/lib/core/subprocessng.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/core/target.py b/lib/core/target.py index 64aeef12f..487b08351 100644 --- a/lib/core/target.py +++ b/lib/core/target.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/core/testing.py b/lib/core/testing.py index 8339cbc32..bef223513 100644 --- a/lib/core/testing.py +++ b/lib/core/testing.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/core/threads.py b/lib/core/threads.py index ec43ecd0d..4fa68bfb0 100644 --- a/lib/core/threads.py +++ b/lib/core/threads.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/core/unescaper.py b/lib/core/unescaper.py index 205b77a94..3af78f922 100644 --- a/lib/core/unescaper.py +++ b/lib/core/unescaper.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/core/update.py b/lib/core/update.py index 3636ba40a..9be92a530 100644 --- a/lib/core/update.py +++ b/lib/core/update.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/core/wordlist.py b/lib/core/wordlist.py index 30f2c277d..06faba0ad 100644 --- a/lib/core/wordlist.py +++ b/lib/core/wordlist.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/parse/__init__.py b/lib/parse/__init__.py index 8d7bcd8f0..c2e45792f 100644 --- a/lib/parse/__init__.py +++ b/lib/parse/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/parse/banner.py b/lib/parse/banner.py index c83c42aa0..422378e0e 100644 --- a/lib/parse/banner.py +++ b/lib/parse/banner.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index 81af9daa3..9ac22d3ef 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/parse/configfile.py b/lib/parse/configfile.py index d18f87454..9a3e3e311 100644 --- a/lib/parse/configfile.py +++ b/lib/parse/configfile.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/parse/handler.py b/lib/parse/handler.py index 04950ecbd..f79704652 100644 --- a/lib/parse/handler.py +++ b/lib/parse/handler.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/parse/headers.py b/lib/parse/headers.py index 4ca97779c..efc551560 100644 --- a/lib/parse/headers.py +++ b/lib/parse/headers.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/parse/html.py b/lib/parse/html.py index 3c40920e6..92dad38bf 100644 --- a/lib/parse/html.py +++ b/lib/parse/html.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/parse/payloads.py b/lib/parse/payloads.py index 24e481b12..a453d7d6d 100644 --- a/lib/parse/payloads.py +++ b/lib/parse/payloads.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/parse/sitemap.py b/lib/parse/sitemap.py index 009a63450..237d28f26 100644 --- a/lib/parse/sitemap.py +++ b/lib/parse/sitemap.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/request/__init__.py b/lib/request/__init__.py index 8d7bcd8f0..c2e45792f 100644 --- a/lib/request/__init__.py +++ b/lib/request/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/request/basic.py b/lib/request/basic.py index d5bcc96d4..78e793603 100755 --- a/lib/request/basic.py +++ b/lib/request/basic.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/request/basicauthhandler.py b/lib/request/basicauthhandler.py index 487dac387..89ec252bd 100644 --- a/lib/request/basicauthhandler.py +++ b/lib/request/basicauthhandler.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/request/comparison.py b/lib/request/comparison.py index 61f503a68..baba2249a 100644 --- a/lib/request/comparison.py +++ b/lib/request/comparison.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/request/connect.py b/lib/request/connect.py index ccb3588d1..cffc9da60 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/request/direct.py b/lib/request/direct.py index 937d6c5a4..8e2889f81 100644 --- a/lib/request/direct.py +++ b/lib/request/direct.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/request/dns.py b/lib/request/dns.py index 8f10a605a..38099ebfa 100644 --- a/lib/request/dns.py +++ b/lib/request/dns.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/request/httpshandler.py b/lib/request/httpshandler.py index 9ada558d2..952f7fc09 100644 --- a/lib/request/httpshandler.py +++ b/lib/request/httpshandler.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/request/inject.py b/lib/request/inject.py index 64c5a534c..4a3594115 100644 --- a/lib/request/inject.py +++ b/lib/request/inject.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/request/methodrequest.py b/lib/request/methodrequest.py index 5fd203561..8e9d17d12 100644 --- a/lib/request/methodrequest.py +++ b/lib/request/methodrequest.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/request/pkihandler.py b/lib/request/pkihandler.py index 2f0c31dba..eeaa862b5 100644 --- a/lib/request/pkihandler.py +++ b/lib/request/pkihandler.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/request/rangehandler.py b/lib/request/rangehandler.py index 8288be55e..e41710317 100644 --- a/lib/request/rangehandler.py +++ b/lib/request/rangehandler.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/request/redirecthandler.py b/lib/request/redirecthandler.py index f75cffed5..3eba5260c 100644 --- a/lib/request/redirecthandler.py +++ b/lib/request/redirecthandler.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/request/templates.py b/lib/request/templates.py index b95173ff9..2cda182fe 100644 --- a/lib/request/templates.py +++ b/lib/request/templates.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/takeover/__init__.py b/lib/takeover/__init__.py index 8d7bcd8f0..c2e45792f 100644 --- a/lib/takeover/__init__.py +++ b/lib/takeover/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/takeover/abstraction.py b/lib/takeover/abstraction.py index 20ff60fc5..fcfd1f340 100644 --- a/lib/takeover/abstraction.py +++ b/lib/takeover/abstraction.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/takeover/icmpsh.py b/lib/takeover/icmpsh.py index fc742b04a..babfcc1a4 100644 --- a/lib/takeover/icmpsh.py +++ b/lib/takeover/icmpsh.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/takeover/metasploit.py b/lib/takeover/metasploit.py index 10d3a3022..845405836 100644 --- a/lib/takeover/metasploit.py +++ b/lib/takeover/metasploit.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/takeover/registry.py b/lib/takeover/registry.py index fbeff3490..904ca730d 100644 --- a/lib/takeover/registry.py +++ b/lib/takeover/registry.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/takeover/udf.py b/lib/takeover/udf.py index d5f951383..13c0c9dee 100644 --- a/lib/takeover/udf.py +++ b/lib/takeover/udf.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/takeover/web.py b/lib/takeover/web.py index 9da5bcbcb..8fe7757d8 100644 --- a/lib/takeover/web.py +++ b/lib/takeover/web.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/takeover/xp_cmdshell.py b/lib/takeover/xp_cmdshell.py index f9c5f0b8f..accd6d134 100644 --- a/lib/takeover/xp_cmdshell.py +++ b/lib/takeover/xp_cmdshell.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/techniques/__init__.py b/lib/techniques/__init__.py index 8d7bcd8f0..c2e45792f 100644 --- a/lib/techniques/__init__.py +++ b/lib/techniques/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/techniques/blind/__init__.py b/lib/techniques/blind/__init__.py index 8d7bcd8f0..c2e45792f 100644 --- a/lib/techniques/blind/__init__.py +++ b/lib/techniques/blind/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/techniques/blind/inference.py b/lib/techniques/blind/inference.py index db6df84a1..cf8e2dad5 100644 --- a/lib/techniques/blind/inference.py +++ b/lib/techniques/blind/inference.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/techniques/brute/__init__.py b/lib/techniques/brute/__init__.py index 8d7bcd8f0..c2e45792f 100644 --- a/lib/techniques/brute/__init__.py +++ b/lib/techniques/brute/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/techniques/brute/use.py b/lib/techniques/brute/use.py index 5c25cdf7d..12e6a13d9 100644 --- a/lib/techniques/brute/use.py +++ b/lib/techniques/brute/use.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/techniques/dns/__init__.py b/lib/techniques/dns/__init__.py index 8d7bcd8f0..c2e45792f 100644 --- a/lib/techniques/dns/__init__.py +++ b/lib/techniques/dns/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/techniques/dns/test.py b/lib/techniques/dns/test.py index 1d8b8c569..6ef664829 100644 --- a/lib/techniques/dns/test.py +++ b/lib/techniques/dns/test.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/techniques/dns/use.py b/lib/techniques/dns/use.py index 8b09335bd..b3f81adc1 100644 --- a/lib/techniques/dns/use.py +++ b/lib/techniques/dns/use.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/techniques/error/__init__.py b/lib/techniques/error/__init__.py index 8d7bcd8f0..c2e45792f 100644 --- a/lib/techniques/error/__init__.py +++ b/lib/techniques/error/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/techniques/error/use.py b/lib/techniques/error/use.py index e394b5b58..1d3e51034 100644 --- a/lib/techniques/error/use.py +++ b/lib/techniques/error/use.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/techniques/union/__init__.py b/lib/techniques/union/__init__.py index 8d7bcd8f0..c2e45792f 100644 --- a/lib/techniques/union/__init__.py +++ b/lib/techniques/union/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/techniques/union/test.py b/lib/techniques/union/test.py index fd61975fa..2374d2d2e 100644 --- a/lib/techniques/union/test.py +++ b/lib/techniques/union/test.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/techniques/union/use.py b/lib/techniques/union/use.py index a85e01d12..f942200ad 100644 --- a/lib/techniques/union/use.py +++ b/lib/techniques/union/use.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/utils/__init__.py b/lib/utils/__init__.py index 8d7bcd8f0..c2e45792f 100644 --- a/lib/utils/__init__.py +++ b/lib/utils/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/utils/api.py b/lib/utils/api.py index 7fd1a9dd3..0be752d2d 100644 --- a/lib/utils/api.py +++ b/lib/utils/api.py @@ -2,7 +2,7 @@ # -*- coding: utf-8 -*- """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/utils/crawler.py b/lib/utils/crawler.py index c47b31964..7241be724 100644 --- a/lib/utils/crawler.py +++ b/lib/utils/crawler.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/utils/deps.py b/lib/utils/deps.py index efca6e1c3..cbb9787a1 100644 --- a/lib/utils/deps.py +++ b/lib/utils/deps.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/utils/getch.py b/lib/utils/getch.py index af9a56160..e42fc18ba 100644 --- a/lib/utils/getch.py +++ b/lib/utils/getch.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/utils/hash.py b/lib/utils/hash.py index e90a39926..8ee43253b 100644 --- a/lib/utils/hash.py +++ b/lib/utils/hash.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/utils/hashdb.py b/lib/utils/hashdb.py index 617bd203a..1a455470e 100644 --- a/lib/utils/hashdb.py +++ b/lib/utils/hashdb.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/utils/htmlentities.py b/lib/utils/htmlentities.py index 951c5c4a2..44c280449 100644 --- a/lib/utils/htmlentities.py +++ b/lib/utils/htmlentities.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/utils/pivotdumptable.py b/lib/utils/pivotdumptable.py index 705edc9ea..a511000e5 100644 --- a/lib/utils/pivotdumptable.py +++ b/lib/utils/pivotdumptable.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/utils/progress.py b/lib/utils/progress.py index 98397d81e..06fe30f01 100644 --- a/lib/utils/progress.py +++ b/lib/utils/progress.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/utils/purge.py b/lib/utils/purge.py index a27e7f926..ee244ee65 100644 --- a/lib/utils/purge.py +++ b/lib/utils/purge.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/utils/search.py b/lib/utils/search.py index 3e72d96b6..116b3cb01 100644 --- a/lib/utils/search.py +++ b/lib/utils/search.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/utils/sqlalchemy.py b/lib/utils/sqlalchemy.py index 1b654ef2f..66c4eaa46 100644 --- a/lib/utils/sqlalchemy.py +++ b/lib/utils/sqlalchemy.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/utils/timeout.py b/lib/utils/timeout.py index 950caa717..0e0a4f03b 100644 --- a/lib/utils/timeout.py +++ b/lib/utils/timeout.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/utils/versioncheck.py b/lib/utils/versioncheck.py index a1cd1175a..99764ff89 100644 --- a/lib/utils/versioncheck.py +++ b/lib/utils/versioncheck.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/lib/utils/xrange.py b/lib/utils/xrange.py index c5931b5d4..ea05df1dd 100644 --- a/lib/utils/xrange.py +++ b/lib/utils/xrange.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/__init__.py b/plugins/__init__.py index 8d7bcd8f0..c2e45792f 100644 --- a/plugins/__init__.py +++ b/plugins/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/__init__.py b/plugins/dbms/__init__.py index 8d7bcd8f0..c2e45792f 100644 --- a/plugins/dbms/__init__.py +++ b/plugins/dbms/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/access/__init__.py b/plugins/dbms/access/__init__.py index bfb66e57e..4e8da68f7 100644 --- a/plugins/dbms/access/__init__.py +++ b/plugins/dbms/access/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/access/connector.py b/plugins/dbms/access/connector.py index 03bcce91e..ce4e4016d 100644 --- a/plugins/dbms/access/connector.py +++ b/plugins/dbms/access/connector.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/access/enumeration.py b/plugins/dbms/access/enumeration.py index 1dc5bd991..9c7f54119 100644 --- a/plugins/dbms/access/enumeration.py +++ b/plugins/dbms/access/enumeration.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/access/filesystem.py b/plugins/dbms/access/filesystem.py index ee471df2f..45f92b037 100644 --- a/plugins/dbms/access/filesystem.py +++ b/plugins/dbms/access/filesystem.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/access/fingerprint.py b/plugins/dbms/access/fingerprint.py index 2cbe12835..9ac4fd59f 100644 --- a/plugins/dbms/access/fingerprint.py +++ b/plugins/dbms/access/fingerprint.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/access/syntax.py b/plugins/dbms/access/syntax.py index b43500e15..54433982e 100644 --- a/plugins/dbms/access/syntax.py +++ b/plugins/dbms/access/syntax.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/access/takeover.py b/plugins/dbms/access/takeover.py index f36dd0b7f..cf36259a1 100644 --- a/plugins/dbms/access/takeover.py +++ b/plugins/dbms/access/takeover.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/db2/__init__.py b/plugins/dbms/db2/__init__.py index 0a5ea5718..59fdfd362 100644 --- a/plugins/dbms/db2/__init__.py +++ b/plugins/dbms/db2/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/db2/connector.py b/plugins/dbms/db2/connector.py index feeb9b046..5c08561b9 100644 --- a/plugins/dbms/db2/connector.py +++ b/plugins/dbms/db2/connector.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/db2/enumeration.py b/plugins/dbms/db2/enumeration.py index ba4fdef9c..19ba22bcb 100644 --- a/plugins/dbms/db2/enumeration.py +++ b/plugins/dbms/db2/enumeration.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/db2/filesystem.py b/plugins/dbms/db2/filesystem.py index 616958820..9cfc18626 100644 --- a/plugins/dbms/db2/filesystem.py +++ b/plugins/dbms/db2/filesystem.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/db2/fingerprint.py b/plugins/dbms/db2/fingerprint.py index bc3f299ac..15a8b8c40 100644 --- a/plugins/dbms/db2/fingerprint.py +++ b/plugins/dbms/db2/fingerprint.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/db2/syntax.py b/plugins/dbms/db2/syntax.py index 3a46c4d3b..ffd9141cb 100644 --- a/plugins/dbms/db2/syntax.py +++ b/plugins/dbms/db2/syntax.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/db2/takeover.py b/plugins/dbms/db2/takeover.py index a505781cc..d1504b06f 100644 --- a/plugins/dbms/db2/takeover.py +++ b/plugins/dbms/db2/takeover.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/firebird/__init__.py b/plugins/dbms/firebird/__init__.py index 2c63d088d..d0ec59a35 100644 --- a/plugins/dbms/firebird/__init__.py +++ b/plugins/dbms/firebird/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/firebird/connector.py b/plugins/dbms/firebird/connector.py index 0f9beb088..ab7c52756 100644 --- a/plugins/dbms/firebird/connector.py +++ b/plugins/dbms/firebird/connector.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/firebird/enumeration.py b/plugins/dbms/firebird/enumeration.py index 1945860a0..6e6e93bef 100644 --- a/plugins/dbms/firebird/enumeration.py +++ b/plugins/dbms/firebird/enumeration.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/firebird/filesystem.py b/plugins/dbms/firebird/filesystem.py index ed033c2b5..7711fc53d 100644 --- a/plugins/dbms/firebird/filesystem.py +++ b/plugins/dbms/firebird/filesystem.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/firebird/fingerprint.py b/plugins/dbms/firebird/fingerprint.py index 8a8de5c70..f32ff494d 100644 --- a/plugins/dbms/firebird/fingerprint.py +++ b/plugins/dbms/firebird/fingerprint.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/firebird/syntax.py b/plugins/dbms/firebird/syntax.py index c59666ade..e8d340bda 100644 --- a/plugins/dbms/firebird/syntax.py +++ b/plugins/dbms/firebird/syntax.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/firebird/takeover.py b/plugins/dbms/firebird/takeover.py index 78589f5a4..79e87dc83 100644 --- a/plugins/dbms/firebird/takeover.py +++ b/plugins/dbms/firebird/takeover.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/hsqldb/__init__.py b/plugins/dbms/hsqldb/__init__.py index 128704f61..6e73f59f1 100644 --- a/plugins/dbms/hsqldb/__init__.py +++ b/plugins/dbms/hsqldb/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/hsqldb/connector.py b/plugins/dbms/hsqldb/connector.py index 0496badb4..48fc5aef7 100644 --- a/plugins/dbms/hsqldb/connector.py +++ b/plugins/dbms/hsqldb/connector.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/hsqldb/enumeration.py b/plugins/dbms/hsqldb/enumeration.py index 67744d4b5..869774081 100644 --- a/plugins/dbms/hsqldb/enumeration.py +++ b/plugins/dbms/hsqldb/enumeration.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/hsqldb/filesystem.py b/plugins/dbms/hsqldb/filesystem.py index 3e9dd9026..e3dedad98 100644 --- a/plugins/dbms/hsqldb/filesystem.py +++ b/plugins/dbms/hsqldb/filesystem.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/hsqldb/fingerprint.py b/plugins/dbms/hsqldb/fingerprint.py index 9f527a601..4198d299d 100644 --- a/plugins/dbms/hsqldb/fingerprint.py +++ b/plugins/dbms/hsqldb/fingerprint.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/hsqldb/syntax.py b/plugins/dbms/hsqldb/syntax.py index c2927406b..0b8864be7 100644 --- a/plugins/dbms/hsqldb/syntax.py +++ b/plugins/dbms/hsqldb/syntax.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/hsqldb/takeover.py b/plugins/dbms/hsqldb/takeover.py index 6d007a6b2..ad241da0e 100644 --- a/plugins/dbms/hsqldb/takeover.py +++ b/plugins/dbms/hsqldb/takeover.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/maxdb/__init__.py b/plugins/dbms/maxdb/__init__.py index 9370a87c6..dca580564 100644 --- a/plugins/dbms/maxdb/__init__.py +++ b/plugins/dbms/maxdb/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/maxdb/connector.py b/plugins/dbms/maxdb/connector.py index 1f9feca61..06aef635d 100644 --- a/plugins/dbms/maxdb/connector.py +++ b/plugins/dbms/maxdb/connector.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/maxdb/enumeration.py b/plugins/dbms/maxdb/enumeration.py index 7b9d1d20a..1c3399630 100644 --- a/plugins/dbms/maxdb/enumeration.py +++ b/plugins/dbms/maxdb/enumeration.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/maxdb/filesystem.py b/plugins/dbms/maxdb/filesystem.py index 00d14a7f0..27f543b2f 100644 --- a/plugins/dbms/maxdb/filesystem.py +++ b/plugins/dbms/maxdb/filesystem.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/maxdb/fingerprint.py b/plugins/dbms/maxdb/fingerprint.py index 57f24fb88..457f95e8b 100644 --- a/plugins/dbms/maxdb/fingerprint.py +++ b/plugins/dbms/maxdb/fingerprint.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/maxdb/syntax.py b/plugins/dbms/maxdb/syntax.py index b8612b3a1..e5a5351a5 100644 --- a/plugins/dbms/maxdb/syntax.py +++ b/plugins/dbms/maxdb/syntax.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/maxdb/takeover.py b/plugins/dbms/maxdb/takeover.py index 32d3a0969..46cbcf16c 100644 --- a/plugins/dbms/maxdb/takeover.py +++ b/plugins/dbms/maxdb/takeover.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/mssqlserver/__init__.py b/plugins/dbms/mssqlserver/__init__.py index c701c0f9f..948a81936 100644 --- a/plugins/dbms/mssqlserver/__init__.py +++ b/plugins/dbms/mssqlserver/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/mssqlserver/connector.py b/plugins/dbms/mssqlserver/connector.py index 657d796fd..b7ec8041f 100644 --- a/plugins/dbms/mssqlserver/connector.py +++ b/plugins/dbms/mssqlserver/connector.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/mssqlserver/enumeration.py b/plugins/dbms/mssqlserver/enumeration.py index a653b964b..cd1a13b32 100644 --- a/plugins/dbms/mssqlserver/enumeration.py +++ b/plugins/dbms/mssqlserver/enumeration.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/mssqlserver/filesystem.py b/plugins/dbms/mssqlserver/filesystem.py index 53e197a0d..8ba15451d 100644 --- a/plugins/dbms/mssqlserver/filesystem.py +++ b/plugins/dbms/mssqlserver/filesystem.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/mssqlserver/fingerprint.py b/plugins/dbms/mssqlserver/fingerprint.py index 8483b6429..891f3f058 100644 --- a/plugins/dbms/mssqlserver/fingerprint.py +++ b/plugins/dbms/mssqlserver/fingerprint.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/mssqlserver/syntax.py b/plugins/dbms/mssqlserver/syntax.py index 314ba5c8d..bfb026760 100644 --- a/plugins/dbms/mssqlserver/syntax.py +++ b/plugins/dbms/mssqlserver/syntax.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/mssqlserver/takeover.py b/plugins/dbms/mssqlserver/takeover.py index e387d4095..3d9ff14e7 100644 --- a/plugins/dbms/mssqlserver/takeover.py +++ b/plugins/dbms/mssqlserver/takeover.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/mysql/__init__.py b/plugins/dbms/mysql/__init__.py index 7baec6ce9..bd0d9e204 100644 --- a/plugins/dbms/mysql/__init__.py +++ b/plugins/dbms/mysql/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/mysql/connector.py b/plugins/dbms/mysql/connector.py index 62e073425..fd8406b36 100644 --- a/plugins/dbms/mysql/connector.py +++ b/plugins/dbms/mysql/connector.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/mysql/enumeration.py b/plugins/dbms/mysql/enumeration.py index 6480d9c7b..60e7cd147 100644 --- a/plugins/dbms/mysql/enumeration.py +++ b/plugins/dbms/mysql/enumeration.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/mysql/filesystem.py b/plugins/dbms/mysql/filesystem.py index 1bfd8f621..344c467e0 100644 --- a/plugins/dbms/mysql/filesystem.py +++ b/plugins/dbms/mysql/filesystem.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/mysql/fingerprint.py b/plugins/dbms/mysql/fingerprint.py index dbeedfa29..5cd9a5c47 100644 --- a/plugins/dbms/mysql/fingerprint.py +++ b/plugins/dbms/mysql/fingerprint.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/mysql/syntax.py b/plugins/dbms/mysql/syntax.py index e593a51fb..77c3a73e3 100644 --- a/plugins/dbms/mysql/syntax.py +++ b/plugins/dbms/mysql/syntax.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/mysql/takeover.py b/plugins/dbms/mysql/takeover.py index 9c02c7a68..f3c26d1e9 100644 --- a/plugins/dbms/mysql/takeover.py +++ b/plugins/dbms/mysql/takeover.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/oracle/__init__.py b/plugins/dbms/oracle/__init__.py index 165f92702..05e1872a6 100644 --- a/plugins/dbms/oracle/__init__.py +++ b/plugins/dbms/oracle/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/oracle/connector.py b/plugins/dbms/oracle/connector.py index 3777689f4..8b821ba80 100644 --- a/plugins/dbms/oracle/connector.py +++ b/plugins/dbms/oracle/connector.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/oracle/enumeration.py b/plugins/dbms/oracle/enumeration.py index b9318d17f..030d46fb6 100644 --- a/plugins/dbms/oracle/enumeration.py +++ b/plugins/dbms/oracle/enumeration.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/oracle/filesystem.py b/plugins/dbms/oracle/filesystem.py index 0428e3fdb..6d0543298 100644 --- a/plugins/dbms/oracle/filesystem.py +++ b/plugins/dbms/oracle/filesystem.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/oracle/fingerprint.py b/plugins/dbms/oracle/fingerprint.py index 4b56b3122..a5321dbcf 100644 --- a/plugins/dbms/oracle/fingerprint.py +++ b/plugins/dbms/oracle/fingerprint.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/oracle/syntax.py b/plugins/dbms/oracle/syntax.py index 41d2e9df5..c30e68ea2 100644 --- a/plugins/dbms/oracle/syntax.py +++ b/plugins/dbms/oracle/syntax.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/oracle/takeover.py b/plugins/dbms/oracle/takeover.py index 1781cd9e0..41aceb10a 100644 --- a/plugins/dbms/oracle/takeover.py +++ b/plugins/dbms/oracle/takeover.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/postgresql/__init__.py b/plugins/dbms/postgresql/__init__.py index 561b13572..ac082e053 100644 --- a/plugins/dbms/postgresql/__init__.py +++ b/plugins/dbms/postgresql/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/postgresql/connector.py b/plugins/dbms/postgresql/connector.py index e60e7777a..4f4c218e3 100644 --- a/plugins/dbms/postgresql/connector.py +++ b/plugins/dbms/postgresql/connector.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/postgresql/enumeration.py b/plugins/dbms/postgresql/enumeration.py index d379c2512..b8cb078ad 100644 --- a/plugins/dbms/postgresql/enumeration.py +++ b/plugins/dbms/postgresql/enumeration.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/postgresql/filesystem.py b/plugins/dbms/postgresql/filesystem.py index bfa285091..2a04da9d2 100644 --- a/plugins/dbms/postgresql/filesystem.py +++ b/plugins/dbms/postgresql/filesystem.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/postgresql/fingerprint.py b/plugins/dbms/postgresql/fingerprint.py index 3391f711e..6b371e19e 100644 --- a/plugins/dbms/postgresql/fingerprint.py +++ b/plugins/dbms/postgresql/fingerprint.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/postgresql/syntax.py b/plugins/dbms/postgresql/syntax.py index 7bb904625..5aeb83d22 100644 --- a/plugins/dbms/postgresql/syntax.py +++ b/plugins/dbms/postgresql/syntax.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/postgresql/takeover.py b/plugins/dbms/postgresql/takeover.py index 0e4794acd..696258b40 100644 --- a/plugins/dbms/postgresql/takeover.py +++ b/plugins/dbms/postgresql/takeover.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/sqlite/__init__.py b/plugins/dbms/sqlite/__init__.py index 0f7dcab83..bccf2c4b6 100644 --- a/plugins/dbms/sqlite/__init__.py +++ b/plugins/dbms/sqlite/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/sqlite/connector.py b/plugins/dbms/sqlite/connector.py index dae2a3e78..a3ced69b8 100644 --- a/plugins/dbms/sqlite/connector.py +++ b/plugins/dbms/sqlite/connector.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/sqlite/enumeration.py b/plugins/dbms/sqlite/enumeration.py index db1d3c954..865662bd7 100644 --- a/plugins/dbms/sqlite/enumeration.py +++ b/plugins/dbms/sqlite/enumeration.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/sqlite/filesystem.py b/plugins/dbms/sqlite/filesystem.py index ed1e5c152..7c4048167 100644 --- a/plugins/dbms/sqlite/filesystem.py +++ b/plugins/dbms/sqlite/filesystem.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/sqlite/fingerprint.py b/plugins/dbms/sqlite/fingerprint.py index 6c42a6374..e03f97336 100644 --- a/plugins/dbms/sqlite/fingerprint.py +++ b/plugins/dbms/sqlite/fingerprint.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/sqlite/syntax.py b/plugins/dbms/sqlite/syntax.py index 53c54f9f6..9c6d86aaa 100644 --- a/plugins/dbms/sqlite/syntax.py +++ b/plugins/dbms/sqlite/syntax.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/sqlite/takeover.py b/plugins/dbms/sqlite/takeover.py index 65fe09792..49e3fb09f 100644 --- a/plugins/dbms/sqlite/takeover.py +++ b/plugins/dbms/sqlite/takeover.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/sybase/__init__.py b/plugins/dbms/sybase/__init__.py index b2df16926..9b8de285a 100644 --- a/plugins/dbms/sybase/__init__.py +++ b/plugins/dbms/sybase/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/sybase/connector.py b/plugins/dbms/sybase/connector.py index 3b1c7be75..fe639306b 100644 --- a/plugins/dbms/sybase/connector.py +++ b/plugins/dbms/sybase/connector.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/sybase/enumeration.py b/plugins/dbms/sybase/enumeration.py index e0707d9b4..24d1cb15d 100644 --- a/plugins/dbms/sybase/enumeration.py +++ b/plugins/dbms/sybase/enumeration.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/sybase/filesystem.py b/plugins/dbms/sybase/filesystem.py index c5dbc6943..924c5f16d 100644 --- a/plugins/dbms/sybase/filesystem.py +++ b/plugins/dbms/sybase/filesystem.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/sybase/fingerprint.py b/plugins/dbms/sybase/fingerprint.py index 762ab95eb..f5e8f23e2 100644 --- a/plugins/dbms/sybase/fingerprint.py +++ b/plugins/dbms/sybase/fingerprint.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/sybase/syntax.py b/plugins/dbms/sybase/syntax.py index a0f1775d4..bbccdf91a 100644 --- a/plugins/dbms/sybase/syntax.py +++ b/plugins/dbms/sybase/syntax.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/dbms/sybase/takeover.py b/plugins/dbms/sybase/takeover.py index 9a9dfd7c4..a57ee63e3 100644 --- a/plugins/dbms/sybase/takeover.py +++ b/plugins/dbms/sybase/takeover.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/generic/__init__.py b/plugins/generic/__init__.py index 8d7bcd8f0..c2e45792f 100644 --- a/plugins/generic/__init__.py +++ b/plugins/generic/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/generic/connector.py b/plugins/generic/connector.py index 7bce4748c..3e717a00e 100644 --- a/plugins/generic/connector.py +++ b/plugins/generic/connector.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/generic/custom.py b/plugins/generic/custom.py index 65a0b93ed..86825cea2 100644 --- a/plugins/generic/custom.py +++ b/plugins/generic/custom.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/generic/databases.py b/plugins/generic/databases.py index 23e0b4cf6..1fa53bdbb 100644 --- a/plugins/generic/databases.py +++ b/plugins/generic/databases.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/generic/entries.py b/plugins/generic/entries.py index ec1dc8640..6289555c6 100644 --- a/plugins/generic/entries.py +++ b/plugins/generic/entries.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/generic/enumeration.py b/plugins/generic/enumeration.py index 4332ea4c4..651285b93 100644 --- a/plugins/generic/enumeration.py +++ b/plugins/generic/enumeration.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/generic/filesystem.py b/plugins/generic/filesystem.py index 3e36be0ae..d90a8fdfc 100644 --- a/plugins/generic/filesystem.py +++ b/plugins/generic/filesystem.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/generic/fingerprint.py b/plugins/generic/fingerprint.py index 87bfc655c..d8f744c51 100644 --- a/plugins/generic/fingerprint.py +++ b/plugins/generic/fingerprint.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/generic/misc.py b/plugins/generic/misc.py index ea52987d2..143cc18a5 100644 --- a/plugins/generic/misc.py +++ b/plugins/generic/misc.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/generic/search.py b/plugins/generic/search.py index 0069a1af3..8686f9877 100644 --- a/plugins/generic/search.py +++ b/plugins/generic/search.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/generic/syntax.py b/plugins/generic/syntax.py index 42a67bd9d..390ce92fc 100644 --- a/plugins/generic/syntax.py +++ b/plugins/generic/syntax.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/generic/takeover.py b/plugins/generic/takeover.py index d3a782fcb..1e35307a6 100644 --- a/plugins/generic/takeover.py +++ b/plugins/generic/takeover.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/plugins/generic/users.py b/plugins/generic/users.py index 41081dac1..bb2db4cd4 100644 --- a/plugins/generic/users.py +++ b/plugins/generic/users.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/sqlmap.py b/sqlmap.py index af95008e9..845af2607 100755 --- a/sqlmap.py +++ b/sqlmap.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/sqlmapapi.py b/sqlmapapi.py index 4c76af708..974e22b44 100755 --- a/sqlmapapi.py +++ b/sqlmapapi.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/tamper/__init__.py b/tamper/__init__.py index 8d7bcd8f0..c2e45792f 100644 --- a/tamper/__init__.py +++ b/tamper/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/tamper/apostrophemask.py b/tamper/apostrophemask.py index 78c17f328..1fa664572 100644 --- a/tamper/apostrophemask.py +++ b/tamper/apostrophemask.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/tamper/apostrophenullencode.py b/tamper/apostrophenullencode.py index 6b0930679..5d01f8241 100644 --- a/tamper/apostrophenullencode.py +++ b/tamper/apostrophenullencode.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/tamper/appendnullbyte.py b/tamper/appendnullbyte.py index faae3a2e4..2694b98b1 100644 --- a/tamper/appendnullbyte.py +++ b/tamper/appendnullbyte.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/tamper/base64encode.py b/tamper/base64encode.py index cda5619dd..6dbdc9c70 100644 --- a/tamper/base64encode.py +++ b/tamper/base64encode.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/tamper/between.py b/tamper/between.py index f7331bd9f..620ba4352 100644 --- a/tamper/between.py +++ b/tamper/between.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/tamper/bluecoat.py b/tamper/bluecoat.py index a26cdadf7..92d4eea41 100644 --- a/tamper/bluecoat.py +++ b/tamper/bluecoat.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/tamper/chardoubleencode.py b/tamper/chardoubleencode.py index 3b6a5301f..f7d6b31c9 100644 --- a/tamper/chardoubleencode.py +++ b/tamper/chardoubleencode.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/tamper/charencode.py b/tamper/charencode.py index 9df3e9624..4345eb35d 100644 --- a/tamper/charencode.py +++ b/tamper/charencode.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/tamper/charunicodeencode.py b/tamper/charunicodeencode.py index 09e602957..f811578d2 100644 --- a/tamper/charunicodeencode.py +++ b/tamper/charunicodeencode.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/tamper/commalessmid.py b/tamper/commalessmid.py index 9cd859747..6bc771a2c 100644 --- a/tamper/commalessmid.py +++ b/tamper/commalessmid.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/tamper/concat2concatws.py b/tamper/concat2concatws.py index 5182bd8d5..d46321f95 100644 --- a/tamper/concat2concatws.py +++ b/tamper/concat2concatws.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/tamper/equaltolike.py b/tamper/equaltolike.py index 05615355b..49f191001 100644 --- a/tamper/equaltolike.py +++ b/tamper/equaltolike.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/tamper/greatest.py b/tamper/greatest.py index a1c3f8df3..50138315c 100644 --- a/tamper/greatest.py +++ b/tamper/greatest.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/tamper/halfversionedmorekeywords.py b/tamper/halfversionedmorekeywords.py index c0d0eea5c..430103fb8 100644 --- a/tamper/halfversionedmorekeywords.py +++ b/tamper/halfversionedmorekeywords.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/tamper/ifnull2ifisnull.py b/tamper/ifnull2ifisnull.py index 499cc6218..03d422aba 100644 --- a/tamper/ifnull2ifisnull.py +++ b/tamper/ifnull2ifisnull.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/tamper/informationschemacomment.py b/tamper/informationschemacomment.py index 7c146a30e..58ed73185 100644 --- a/tamper/informationschemacomment.py +++ b/tamper/informationschemacomment.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/tamper/lowercase.py b/tamper/lowercase.py index e06706af5..93ed21509 100644 --- a/tamper/lowercase.py +++ b/tamper/lowercase.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/tamper/modsecurityversioned.py b/tamper/modsecurityversioned.py index 1d38e5344..a904d51e5 100644 --- a/tamper/modsecurityversioned.py +++ b/tamper/modsecurityversioned.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/tamper/modsecurityzeroversioned.py b/tamper/modsecurityzeroversioned.py index ac13da0b8..7de6e4408 100644 --- a/tamper/modsecurityzeroversioned.py +++ b/tamper/modsecurityzeroversioned.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/tamper/multiplespaces.py b/tamper/multiplespaces.py index c08607512..e44758d6e 100644 --- a/tamper/multiplespaces.py +++ b/tamper/multiplespaces.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/tamper/nonrecursivereplacement.py b/tamper/nonrecursivereplacement.py index 5feb443cc..7b46a35dc 100644 --- a/tamper/nonrecursivereplacement.py +++ b/tamper/nonrecursivereplacement.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/tamper/overlongutf8.py b/tamper/overlongutf8.py index ac2885d7a..03b9f1930 100644 --- a/tamper/overlongutf8.py +++ b/tamper/overlongutf8.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/tamper/percentage.py b/tamper/percentage.py index e54495739..dfce2b39b 100644 --- a/tamper/percentage.py +++ b/tamper/percentage.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/tamper/randomcase.py b/tamper/randomcase.py index a188ff0cc..c4a353f1c 100644 --- a/tamper/randomcase.py +++ b/tamper/randomcase.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/tamper/randomcomments.py b/tamper/randomcomments.py index 6c0894eb1..03d6710ed 100644 --- a/tamper/randomcomments.py +++ b/tamper/randomcomments.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/tamper/securesphere.py b/tamper/securesphere.py index ab83f46fc..4eec056ff 100644 --- a/tamper/securesphere.py +++ b/tamper/securesphere.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/tamper/sp_password.py b/tamper/sp_password.py index 959e50257..466dc2212 100644 --- a/tamper/sp_password.py +++ b/tamper/sp_password.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/tamper/space2comment.py b/tamper/space2comment.py index 399a2c0ee..fbc035d4d 100644 --- a/tamper/space2comment.py +++ b/tamper/space2comment.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/tamper/space2dash.py b/tamper/space2dash.py index cdd828d56..b0d0305a0 100644 --- a/tamper/space2dash.py +++ b/tamper/space2dash.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/tamper/space2hash.py b/tamper/space2hash.py index a50a3a7c2..89a17da8b 100644 --- a/tamper/space2hash.py +++ b/tamper/space2hash.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/tamper/space2morehash.py b/tamper/space2morehash.py index 0dbaf5c2a..f55ea596d 100644 --- a/tamper/space2morehash.py +++ b/tamper/space2morehash.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/tamper/space2mssqlblank.py b/tamper/space2mssqlblank.py index fc0542f53..acc0881b3 100644 --- a/tamper/space2mssqlblank.py +++ b/tamper/space2mssqlblank.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/tamper/space2mssqlhash.py b/tamper/space2mssqlhash.py index cddfd6179..2ea1e5378 100644 --- a/tamper/space2mssqlhash.py +++ b/tamper/space2mssqlhash.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/tamper/space2mysqlblank.py b/tamper/space2mysqlblank.py index a0ac1da68..65c2ef182 100644 --- a/tamper/space2mysqlblank.py +++ b/tamper/space2mysqlblank.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/tamper/space2mysqldash.py b/tamper/space2mysqldash.py index 4a4f9821c..bebe92a86 100644 --- a/tamper/space2mysqldash.py +++ b/tamper/space2mysqldash.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/tamper/space2plus.py b/tamper/space2plus.py index 38211026a..2f627cade 100644 --- a/tamper/space2plus.py +++ b/tamper/space2plus.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/tamper/space2randomblank.py b/tamper/space2randomblank.py index 98612534a..e046501a6 100644 --- a/tamper/space2randomblank.py +++ b/tamper/space2randomblank.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/tamper/symboliclogical.py b/tamper/symboliclogical.py index 152e028ce..e0c6af278 100644 --- a/tamper/symboliclogical.py +++ b/tamper/symboliclogical.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/tamper/unionalltounion.py b/tamper/unionalltounion.py index 3bb234141..670621771 100644 --- a/tamper/unionalltounion.py +++ b/tamper/unionalltounion.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/tamper/unmagicquotes.py b/tamper/unmagicquotes.py index c2bcca8da..af4887725 100644 --- a/tamper/unmagicquotes.py +++ b/tamper/unmagicquotes.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/tamper/uppercase.py b/tamper/uppercase.py index 1a1af3a35..5169488ff 100644 --- a/tamper/uppercase.py +++ b/tamper/uppercase.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/tamper/varnish.py b/tamper/varnish.py index 00d54bb43..5a3d4e833 100644 --- a/tamper/varnish.py +++ b/tamper/varnish.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/tamper/versionedkeywords.py b/tamper/versionedkeywords.py index 7c5c5db32..a624b306c 100644 --- a/tamper/versionedkeywords.py +++ b/tamper/versionedkeywords.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/tamper/versionedmorekeywords.py b/tamper/versionedmorekeywords.py index d5fc44db1..95f0c2d02 100644 --- a/tamper/versionedmorekeywords.py +++ b/tamper/versionedmorekeywords.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/tamper/xforwardedfor.py b/tamper/xforwardedfor.py index e2bcdbca9..47a99cd5e 100644 --- a/tamper/xforwardedfor.py +++ b/tamper/xforwardedfor.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/waf/360.py b/waf/360.py index 86c251c20..a8ddd08d6 100644 --- a/waf/360.py +++ b/waf/360.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/waf/Newdefend.py b/waf/Newdefend.py index 5cadd8485..dd18b5b80 100644 --- a/waf/Newdefend.py +++ b/waf/Newdefend.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/waf/__init__.py b/waf/__init__.py index 8d7bcd8f0..c2e45792f 100644 --- a/waf/__init__.py +++ b/waf/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/waf/airlock.py b/waf/airlock.py index 6a5b433b7..33a56cbc6 100644 --- a/waf/airlock.py +++ b/waf/airlock.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/waf/anquanbao.py b/waf/anquanbao.py index 6842c8a35..e8733f469 100644 --- a/waf/anquanbao.py +++ b/waf/anquanbao.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/waf/baidu.py b/waf/baidu.py index 81f928bd2..8c7fcac1e 100644 --- a/waf/baidu.py +++ b/waf/baidu.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/waf/barracuda.py b/waf/barracuda.py index 41866a8ad..194bacc45 100644 --- a/waf/barracuda.py +++ b/waf/barracuda.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/waf/bigip.py b/waf/bigip.py index 4023d0395..5ea449fb2 100644 --- a/waf/bigip.py +++ b/waf/bigip.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/waf/binarysec.py b/waf/binarysec.py index 268a8a2e2..0eeb681d7 100644 --- a/waf/binarysec.py +++ b/waf/binarysec.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/waf/blockdos.py b/waf/blockdos.py index adcc902e3..44a8bc6ab 100644 --- a/waf/blockdos.py +++ b/waf/blockdos.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/waf/ciscoacexml.py b/waf/ciscoacexml.py index 89834a64e..7900c0c06 100644 --- a/waf/ciscoacexml.py +++ b/waf/ciscoacexml.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/waf/cloudflare.py b/waf/cloudflare.py index cdae41bb4..0f1323f34 100644 --- a/waf/cloudflare.py +++ b/waf/cloudflare.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/waf/datapower.py b/waf/datapower.py index 1dd60df25..11972cbd8 100644 --- a/waf/datapower.py +++ b/waf/datapower.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/waf/denyall.py b/waf/denyall.py index 46189389b..a371d44bf 100644 --- a/waf/denyall.py +++ b/waf/denyall.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/waf/dotdefender.py b/waf/dotdefender.py index 4cf42822c..648ff321b 100644 --- a/waf/dotdefender.py +++ b/waf/dotdefender.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/waf/edgecast.py b/waf/edgecast.py index ec2227055..40b6a8b71 100644 --- a/waf/edgecast.py +++ b/waf/edgecast.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/waf/expressionengine.py b/waf/expressionengine.py index 3db06cb21..c5ca7a892 100644 --- a/waf/expressionengine.py +++ b/waf/expressionengine.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/waf/fortiweb.py b/waf/fortiweb.py index a5200ab9e..3a0bd4a5a 100644 --- a/waf/fortiweb.py +++ b/waf/fortiweb.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/waf/hyperguard.py b/waf/hyperguard.py index 677789f24..a73f07102 100644 --- a/waf/hyperguard.py +++ b/waf/hyperguard.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/waf/incapsula.py b/waf/incapsula.py index 1b2196e55..c70b71a0d 100644 --- a/waf/incapsula.py +++ b/waf/incapsula.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/waf/isaserver.py b/waf/isaserver.py index c88cf4370..1923756cd 100644 --- a/waf/isaserver.py +++ b/waf/isaserver.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/waf/jiasule.py b/waf/jiasule.py index 3d088f74c..8944160dd 100644 --- a/waf/jiasule.py +++ b/waf/jiasule.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/waf/knownsec.py b/waf/knownsec.py index 95fcae433..682fa37cb 100644 --- a/waf/knownsec.py +++ b/waf/knownsec.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/waf/kona.py b/waf/kona.py index db651e970..a6b2ae703 100644 --- a/waf/kona.py +++ b/waf/kona.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/waf/modsecurity.py b/waf/modsecurity.py index 673438f80..f2685fdf3 100644 --- a/waf/modsecurity.py +++ b/waf/modsecurity.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/waf/netcontinuum.py b/waf/netcontinuum.py index c8a29774b..19d1131cc 100644 --- a/waf/netcontinuum.py +++ b/waf/netcontinuum.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/waf/netscaler.py b/waf/netscaler.py index fe6b817a2..4a2945915 100644 --- a/waf/netscaler.py +++ b/waf/netscaler.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/waf/paloalto.py b/waf/paloalto.py index 6c281e575..29101b7be 100644 --- a/waf/paloalto.py +++ b/waf/paloalto.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/waf/profense.py b/waf/profense.py index 2bd00b0e7..3a492e2c8 100644 --- a/waf/profense.py +++ b/waf/profense.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/waf/proventia.py b/waf/proventia.py index 7630b3b54..4cba7bda5 100644 --- a/waf/proventia.py +++ b/waf/proventia.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/waf/radware.py b/waf/radware.py index 72deba64c..f7c27f4fd 100644 --- a/waf/radware.py +++ b/waf/radware.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/waf/requestvalidationmode.py b/waf/requestvalidationmode.py index ad0abc9db..95f676d48 100644 --- a/waf/requestvalidationmode.py +++ b/waf/requestvalidationmode.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/waf/safe3.py b/waf/safe3.py index 70db14140..8a80d8d4e 100644 --- a/waf/safe3.py +++ b/waf/safe3.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/waf/safedog.py b/waf/safedog.py index 8d11c511c..e287045bf 100644 --- a/waf/safedog.py +++ b/waf/safedog.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/waf/secureiis.py b/waf/secureiis.py index 425ebdfe5..3f1592b31 100644 --- a/waf/secureiis.py +++ b/waf/secureiis.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/waf/senginx.py b/waf/senginx.py index 15a4223f2..ad81754a7 100644 --- a/waf/senginx.py +++ b/waf/senginx.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/waf/sucuri.py b/waf/sucuri.py index ba25802c7..3aca84296 100644 --- a/waf/sucuri.py +++ b/waf/sucuri.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/waf/teros.py b/waf/teros.py index 99afbd8c3..ff4808397 100644 --- a/waf/teros.py +++ b/waf/teros.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/waf/trafficshield.py b/waf/trafficshield.py index e90c6671e..7ac3f6533 100644 --- a/waf/trafficshield.py +++ b/waf/trafficshield.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/waf/urlscan.py b/waf/urlscan.py index 7d094482c..2574e25a2 100644 --- a/waf/urlscan.py +++ b/waf/urlscan.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/waf/uspses.py b/waf/uspses.py index e3192298f..70ecf5f2c 100644 --- a/waf/uspses.py +++ b/waf/uspses.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/waf/varnish.py b/waf/varnish.py index a6f672fd0..f630ccd96 100644 --- a/waf/varnish.py +++ b/waf/varnish.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/waf/webappsecure.py b/waf/webappsecure.py index 5faf88ebf..0f22aef51 100644 --- a/waf/webappsecure.py +++ b/waf/webappsecure.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/waf/webknight.py b/waf/webknight.py index 11f82ee60..9a8a6ef36 100644 --- a/waf/webknight.py +++ b/waf/webknight.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ From d565740b8a8b80d9be35cd8076f8dd0205142682 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 6 Jan 2016 00:07:49 +0100 Subject: [PATCH 07/79] Update of copyright string --- doc/COPYING | 2 +- txt/common-columns.txt | 2 +- txt/common-outputs.txt | 2 +- txt/common-tables.txt | 2 +- txt/keywords.txt | 2 +- txt/user-agents.txt | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/doc/COPYING b/doc/COPYING index 880d8774b..5fea2b3ba 100644 --- a/doc/COPYING +++ b/doc/COPYING @@ -1,7 +1,7 @@ COPYING -- Describes the terms under which sqlmap is distributed. A copy of the GNU General Public License (GPL) is appended to this file. -sqlmap is (C) 2006-2015 Bernardo Damele Assumpcao Guimaraes, Miroslav Stampar. +sqlmap is (C) 2006-2016 Bernardo Damele Assumpcao Guimaraes, Miroslav Stampar. This program is free software; you may redistribute and/or modify it under the terms of the GNU General Public License as published by the Free diff --git a/txt/common-columns.txt b/txt/common-columns.txt index 6eab10cab..2928fa962 100644 --- a/txt/common-columns.txt +++ b/txt/common-columns.txt @@ -1,4 +1,4 @@ -# Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +# Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) # See the file 'doc/COPYING' for copying permission id diff --git a/txt/common-outputs.txt b/txt/common-outputs.txt index 623c07554..b597aa916 100644 --- a/txt/common-outputs.txt +++ b/txt/common-outputs.txt @@ -1,4 +1,4 @@ -# Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +# Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) # See the file 'doc/COPYING' for copying permission [Banners] diff --git a/txt/common-tables.txt b/txt/common-tables.txt index e9a488a2d..fbc6e3cd1 100644 --- a/txt/common-tables.txt +++ b/txt/common-tables.txt @@ -1,4 +1,4 @@ -# Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +# Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) # See the file 'doc/COPYING' for copying permission users diff --git a/txt/keywords.txt b/txt/keywords.txt index 240c47429..31bbe4d2c 100644 --- a/txt/keywords.txt +++ b/txt/keywords.txt @@ -1,4 +1,4 @@ -# Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +# Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) # See the file 'doc/COPYING' for copying permission # SQL-92 keywords (reference: http://developer.mimer.com/validator/sql-reserved-words.tml) diff --git a/txt/user-agents.txt b/txt/user-agents.txt index c8dea4c1c..c0aa57ae1 100644 --- a/txt/user-agents.txt +++ b/txt/user-agents.txt @@ -1,4 +1,4 @@ -# Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) +# Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) # See the file 'doc/COPYING' for copying permission Mozilla/4.0 (Mozilla/4.0; MSIE 7.0; Windows NT 5.1; FDM; SV1) From 9b7072844168a184ebadc274fb2224f177040bb8 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 6 Jan 2016 00:12:24 +0100 Subject: [PATCH 08/79] Minor update --- thirdparty/bottle/__init__.py | 7 ------- 1 file changed, 7 deletions(-) diff --git a/thirdparty/bottle/__init__.py b/thirdparty/bottle/__init__.py index 8d7bcd8f0..2ae28399f 100644 --- a/thirdparty/bottle/__init__.py +++ b/thirdparty/bottle/__init__.py @@ -1,8 +1 @@ -#!/usr/bin/env python - -""" -Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) -See the file 'doc/COPYING' for copying permission -""" - pass From b84d787f4aa817d8fa275c5b6e36d72b6f951482 Mon Sep 17 00:00:00 2001 From: Andrew Smith Date: Thu, 7 Jan 2016 10:15:09 -0500 Subject: [PATCH 09/79] Addition of IBM DB2 Error Codes --- xml/errors.xml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/xml/errors.xml b/xml/errors.xml index a06f67a79..15c7a1c02 100644 --- a/xml/errors.xml +++ b/xml/errors.xml @@ -54,6 +54,8 @@ + + From 777e4a3db266674f74b14cc57458bcbe7823f36e Mon Sep 17 00:00:00 2001 From: Andrew Smith Date: Thu, 7 Jan 2016 15:42:22 -0500 Subject: [PATCH 10/79] Update for false positives Attempt to eliminate false positives using more specific regex --- xml/errors.xml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/xml/errors.xml b/xml/errors.xml index 15c7a1c02..4617309cb 100644 --- a/xml/errors.xml +++ b/xml/errors.xml @@ -54,8 +54,7 @@ - - + From c5d3198101db7d983f993874f1805ca1566a0292 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 7 Jan 2016 21:46:20 +0100 Subject: [PATCH 11/79] Minor refactoring --- sqlmapapi.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/sqlmapapi.py b/sqlmapapi.py index 974e22b44..a4baa6ef3 100755 --- a/sqlmapapi.py +++ b/sqlmapapi.py @@ -19,10 +19,11 @@ from lib.core.settings import RESTAPI_DEFAULT_PORT from lib.utils.api import client from lib.utils.api import server -if __name__ == "__main__": +def main(): """ REST-JSON API main function """ + # Set default logging level to debug logger.setLevel(logging.DEBUG) @@ -45,3 +46,6 @@ if __name__ == "__main__": client(args.host, args.port) else: apiparser.print_help() + +if __name__ == "__main__": + main() From b43c1747e08bf25b1efab241a71b2ae4b9196f72 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 7 Jan 2016 21:58:10 +0100 Subject: [PATCH 12/79] Minor refactoring --- waf/360.py | 2 +- waf/airlock.py | 2 +- waf/anquanbao.py | 2 +- waf/baidu.py | 2 +- waf/barracuda.py | 2 +- waf/bigip.py | 2 +- waf/binarysec.py | 2 +- waf/blockdos.py | 2 +- waf/ciscoacexml.py | 2 +- waf/cloudflare.py | 2 +- waf/datapower.py | 2 +- waf/dotdefender.py | 2 +- waf/edgecast.py | 2 +- waf/expressionengine.py | 2 +- waf/fortiweb.py | 2 +- waf/hyperguard.py | 2 +- waf/incapsula.py | 2 +- waf/isaserver.py | 2 +- waf/jiasule.py | 2 +- waf/knownsec.py | 2 +- waf/kona.py | 2 +- waf/netcontinuum.py | 2 +- waf/netscaler.py | 2 +- waf/{Newdefend.py => newdefend.py} | 2 +- waf/paloalto.py | 2 +- waf/profense.py | 2 +- waf/proventia.py | 4 ++-- waf/radware.py | 2 +- waf/requestvalidationmode.py | 2 +- waf/safe3.py | 2 +- waf/safedog.py | 2 +- waf/secureiis.py | 4 ++-- waf/senginx.py | 2 +- waf/sucuri.py | 2 +- waf/teros.py | 2 +- waf/trafficshield.py | 2 +- waf/urlscan.py | 2 +- waf/uspses.py | 2 +- waf/varnish.py | 2 +- waf/webappsecure.py | 4 ++-- waf/webknight.py | 2 +- 41 files changed, 44 insertions(+), 44 deletions(-) rename waf/{Newdefend.py => newdefend.py} (91%) diff --git a/waf/360.py b/waf/360.py index a8ddd08d6..f14814b9b 100644 --- a/waf/360.py +++ b/waf/360.py @@ -15,7 +15,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + _, headers, _ = get_page(get=vector) retval = re.search(r"wangzhan\.360\.cn", headers.get("X-Powered-By-360wzb", ""), re.I) is not None if retval: break diff --git a/waf/airlock.py b/waf/airlock.py index 33a56cbc6..481a89ca3 100644 --- a/waf/airlock.py +++ b/waf/airlock.py @@ -16,7 +16,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + _, headers, _ = get_page(get=vector) retval = re.search(r"\AAL[_-]?(SESS|LB)=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None if retval: break diff --git a/waf/anquanbao.py b/waf/anquanbao.py index e8733f469..319460de8 100644 --- a/waf/anquanbao.py +++ b/waf/anquanbao.py @@ -15,7 +15,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + _, headers, _ = get_page(get=vector) retval = re.search(r"MISS", headers.get("X-Powered-By-Anquanbao", ""), re.I) is not None if retval: break diff --git a/waf/baidu.py b/waf/baidu.py index 8c7fcac1e..799d10de8 100644 --- a/waf/baidu.py +++ b/waf/baidu.py @@ -16,7 +16,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + _, headers, _ = get_page(get=vector) retval = re.search(r"fhl", headers.get("X-Server", ""), re.I) is not None retval |= re.search(r"yunjiasu-nginx", headers.get(HTTP_HEADER.SERVER), re.I) is not None if retval: diff --git a/waf/barracuda.py b/waf/barracuda.py index 194bacc45..619605837 100644 --- a/waf/barracuda.py +++ b/waf/barracuda.py @@ -16,7 +16,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + _, headers, _ = get_page(get=vector) retval = re.search(r"\Abarra_counter_session=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None retval |= re.search(r"(\A|\b)barracuda_", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None if retval: diff --git a/waf/bigip.py b/waf/bigip.py index 5ea449fb2..b34697130 100644 --- a/waf/bigip.py +++ b/waf/bigip.py @@ -16,7 +16,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + _, headers, _ = get_page(get=vector) retval = headers.get("X-Cnection", "").lower() == "close" retval |= re.search(r"\ATS[a-zA-Z0-9]{3,6}=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None retval |= re.search(r"BigIP|BIGipServer", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None diff --git a/waf/binarysec.py b/waf/binarysec.py index 0eeb681d7..152944cf8 100644 --- a/waf/binarysec.py +++ b/waf/binarysec.py @@ -16,7 +16,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + _, headers, _ = get_page(get=vector) retval = any(headers.get(_) for _ in ("x-binarysec-via", "x-binarysec-nocache")) retval |= re.search(r"BinarySec", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None if retval: diff --git a/waf/blockdos.py b/waf/blockdos.py index 44a8bc6ab..27c145125 100644 --- a/waf/blockdos.py +++ b/waf/blockdos.py @@ -16,7 +16,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + _, headers, _ = get_page(get=vector) retval = re.search(r"BlockDos\.net", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None if retval: break diff --git a/waf/ciscoacexml.py b/waf/ciscoacexml.py index 7900c0c06..0387089dd 100644 --- a/waf/ciscoacexml.py +++ b/waf/ciscoacexml.py @@ -16,7 +16,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + _, headers, _ = get_page(get=vector) retval = re.search(r"ACE XML Gateway", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None if retval: break diff --git a/waf/cloudflare.py b/waf/cloudflare.py index 0f1323f34..a0e595af4 100644 --- a/waf/cloudflare.py +++ b/waf/cloudflare.py @@ -16,7 +16,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + _, headers, _ = get_page(get=vector) retval = re.search(r"cloudflare-nginx", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None retval |= re.search(r"\A__cfduid=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None if retval: diff --git a/waf/datapower.py b/waf/datapower.py index 11972cbd8..a0ae18da3 100644 --- a/waf/datapower.py +++ b/waf/datapower.py @@ -15,7 +15,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + _, headers, _ = get_page(get=vector) retval = re.search(r"\A(OK|FAIL)", headers.get("X-Backside-Transport", ""), re.I) is not None if retval: break diff --git a/waf/dotdefender.py b/waf/dotdefender.py index 648ff321b..2bc0959ea 100644 --- a/waf/dotdefender.py +++ b/waf/dotdefender.py @@ -13,7 +13,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + _, headers, _ = get_page(get=vector) retVal = headers.get("X-dotDefender-denied", "") == "1" if retVal: break diff --git a/waf/edgecast.py b/waf/edgecast.py index 40b6a8b71..f30f1e996 100644 --- a/waf/edgecast.py +++ b/waf/edgecast.py @@ -16,7 +16,7 @@ def detect(get_page): retVal = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + _, headers, code = get_page(get=vector) retVal = code == 400 and re.search(r"\AECDF", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None if retVal: break diff --git a/waf/expressionengine.py b/waf/expressionengine.py index c5ca7a892..4a7e89791 100644 --- a/waf/expressionengine.py +++ b/waf/expressionengine.py @@ -13,7 +13,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + page, _, _ = get_page(get=vector) retval = "Invalid GET Data" in page if retval: break diff --git a/waf/fortiweb.py b/waf/fortiweb.py index 3a0bd4a5a..0500ed0a7 100644 --- a/waf/fortiweb.py +++ b/waf/fortiweb.py @@ -16,7 +16,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + _, headers, _ = get_page(get=vector) retval = re.search(r"\AFORTIWAFSID=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None if retval: break diff --git a/waf/hyperguard.py b/waf/hyperguard.py index a73f07102..8f14a69a3 100644 --- a/waf/hyperguard.py +++ b/waf/hyperguard.py @@ -16,7 +16,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + _, headers, _ = get_page(get=vector) retval = re.search(r"\AODSESSION=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None if retval: break diff --git a/waf/incapsula.py b/waf/incapsula.py index c70b71a0d..51aa320c6 100644 --- a/waf/incapsula.py +++ b/waf/incapsula.py @@ -16,7 +16,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + _, headers, _ = get_page(get=vector) retval = re.search(r"incap_ses|visid_incap", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None retval |= re.search(r"Incapsula", headers.get("X-CDN", ""), re.I) is not None if retval: diff --git a/waf/isaserver.py b/waf/isaserver.py index 1923756cd..b7fb5dc79 100644 --- a/waf/isaserver.py +++ b/waf/isaserver.py @@ -10,7 +10,7 @@ from lib.core.common import randomInt __product__ = "ISA Server (Microsoft)" def detect(get_page): - page, headers, code = get_page(host=randomInt(6)) + page, _, _ = get_page(host=randomInt(6)) retval = "The server denied the specified Uniform Resource Locator (URL). Contact the server administrator." in (page or "") retval |= "The ISA Server denied the specified Uniform Resource Locator (URL)" in (page or "") return retval diff --git a/waf/jiasule.py b/waf/jiasule.py index 8944160dd..ecafcc986 100644 --- a/waf/jiasule.py +++ b/waf/jiasule.py @@ -16,7 +16,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + page, headers, _ = get_page(get=vector) retval = re.search(r"jiasule-WAF", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None retval |= re.search(r"__jsluid=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None retval |= re.search(r"static\.jiasule\.com/static/js/http_error\.js", page, re.I) is not None diff --git a/waf/knownsec.py b/waf/knownsec.py index 682fa37cb..b21d79a29 100644 --- a/waf/knownsec.py +++ b/waf/knownsec.py @@ -15,7 +15,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + page, _, _ = get_page(get=vector) retval = re.search(r"url\('/ks-waf-error\.png'\)", page, re.I) is not None if retval: break diff --git a/waf/kona.py b/waf/kona.py index a6b2ae703..2636ce5b0 100644 --- a/waf/kona.py +++ b/waf/kona.py @@ -15,7 +15,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + page, _, code = get_page(get=vector) retval = code in (400, 501) and re.search(r"Reference #[0-9A-Fa-f.]+", page, re.I) is not None if retval: break diff --git a/waf/netcontinuum.py b/waf/netcontinuum.py index 19d1131cc..a2c7354af 100644 --- a/waf/netcontinuum.py +++ b/waf/netcontinuum.py @@ -16,7 +16,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + _, headers, _ = get_page(get=vector) retval = re.search(r"\ANCI__SessionId=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None if retval: break diff --git a/waf/netscaler.py b/waf/netscaler.py index 4a2945915..6ea470862 100644 --- a/waf/netscaler.py +++ b/waf/netscaler.py @@ -16,7 +16,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + _, headers, _ = get_page(get=vector) retval = re.search(r"\Aclose", headers.get("Cneonction", "") or headers.get("nnCoection", ""), re.I) is not None retval = re.search(r"\A(ns_af=|citrix_ns_id|NSC_)", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None retval |= re.search(r"\ANS-CACHE", headers.get(HTTP_HEADER.VIA, ""), re.I) is not None diff --git a/waf/Newdefend.py b/waf/newdefend.py similarity index 91% rename from waf/Newdefend.py rename to waf/newdefend.py index dd18b5b80..0aa596633 100644 --- a/waf/Newdefend.py +++ b/waf/newdefend.py @@ -16,7 +16,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + _, headers, _ = get_page(get=vector) retval = re.search(r"newdefend", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None if retval: break diff --git a/waf/paloalto.py b/waf/paloalto.py index 29101b7be..96355166a 100644 --- a/waf/paloalto.py +++ b/waf/paloalto.py @@ -15,7 +15,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + page, _, _ = get_page(get=vector) retval = re.search(r"Access[^<]+has been blocked in accordance with company policy", page, re.I) is not None if retval: break diff --git a/waf/profense.py b/waf/profense.py index 3a492e2c8..bb8ee92d1 100644 --- a/waf/profense.py +++ b/waf/profense.py @@ -16,7 +16,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + _, headers, _ = get_page(get=vector) retval = re.search(r"\APLBSID=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None retval |= re.search(r"Profense", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None if retval: diff --git a/waf/proventia.py b/waf/proventia.py index 4cba7bda5..6625f151c 100644 --- a/waf/proventia.py +++ b/waf/proventia.py @@ -8,8 +8,8 @@ See the file 'doc/COPYING' for copying permission __product__ = "Proventia Web Application Security (IBM)" def detect(get_page): - page, headers, code = get_page() + page, _, _ = get_page() if page is None: return False - page, headers, code = get_page(url="/Admin_Files/") + page, _, _ = get_page(url="/Admin_Files/") return page is None diff --git a/waf/radware.py b/waf/radware.py index f7c27f4fd..aa09658a5 100644 --- a/waf/radware.py +++ b/waf/radware.py @@ -15,7 +15,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + page, headers, _ = get_page(get=vector) retval = re.search(r"Unauthorized Activity Has Been Detected.+Case Number:", page, re.I | re.S) is not None retval |= headers.get("X-SL-CompState") is not None if retval: diff --git a/waf/requestvalidationmode.py b/waf/requestvalidationmode.py index 95f676d48..b0f8a9e74 100644 --- a/waf/requestvalidationmode.py +++ b/waf/requestvalidationmode.py @@ -13,7 +13,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + page, _, _ = get_page(get=vector) retval = "ASP.NET has detected data in the request that is potentially dangerous" in page retval |= "Request Validation has detected a potentially dangerous client input value" in page if retval: diff --git a/waf/safe3.py b/waf/safe3.py index 8a80d8d4e..c49b434b3 100644 --- a/waf/safe3.py +++ b/waf/safe3.py @@ -16,7 +16,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + _, headers, _ = get_page(get=vector) retval = re.search(r"Safe3WAF", headers.get(HTTP_HEADER.X_POWERED_BY, ""), re.I) is not None retval |= re.search(r"Safe3 Web Firewall", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None if retval: diff --git a/waf/safedog.py b/waf/safedog.py index e287045bf..0f77deffc 100644 --- a/waf/safedog.py +++ b/waf/safedog.py @@ -16,7 +16,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + _, headers, _ = get_page(get=vector) retval = re.search(r"WAF/2\.0", headers.get(HTTP_HEADER.X_POWERED_BY, ""), re.I) is not None retval |= re.search(r"Safedog", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None retval |= re.search(r"safedog", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None diff --git a/waf/secureiis.py b/waf/secureiis.py index 3f1592b31..77f467db3 100644 --- a/waf/secureiis.py +++ b/waf/secureiis.py @@ -10,8 +10,8 @@ from lib.core.enums import HTTP_HEADER __product__ = "SecureIIS Web Server Security (BeyondTrust)" def detect(get_page): - page, headers, code = get_page() + _, _, code = get_page() retval = code != 404 - page, headers, code = get_page(auxHeaders={HTTP_HEADER.TRANSFER_ENCODING: 'a' * 1025, HTTP_HEADER.ACCEPT_ENCODING: "identity"}) + _, _, code = get_page(auxHeaders={HTTP_HEADER.TRANSFER_ENCODING: 'a' * 1025, HTTP_HEADER.ACCEPT_ENCODING: "identity"}) retval = retval and code == 404 return retval diff --git a/waf/senginx.py b/waf/senginx.py index ad81754a7..1c59bd74c 100644 --- a/waf/senginx.py +++ b/waf/senginx.py @@ -13,7 +13,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + page, _, _ = get_page(get=vector) retval = "SENGINX-ROBOT-MITIGATION" in page if retval: break diff --git a/waf/sucuri.py b/waf/sucuri.py index 3aca84296..b2d6e51cd 100644 --- a/waf/sucuri.py +++ b/waf/sucuri.py @@ -16,7 +16,7 @@ def detect(get_page): retVal = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + _, headers, code = get_page(get=vector) retVal = code == 403 and re.search(r"Sucuri/Cloudproxy", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None if retVal: break diff --git a/waf/teros.py b/waf/teros.py index ff4808397..bef0313f3 100644 --- a/waf/teros.py +++ b/waf/teros.py @@ -16,7 +16,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + _, headers, _ = get_page(get=vector) retval = re.search(r"\Ast8(id|_wat|_wlf)", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None if retval: break diff --git a/waf/trafficshield.py b/waf/trafficshield.py index 7ac3f6533..fed2cadee 100644 --- a/waf/trafficshield.py +++ b/waf/trafficshield.py @@ -16,7 +16,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + _, headers, _ = get_page(get=vector) retval = re.search(r"F5-TrafficShield", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None retval |= re.search(r"\AASINFO=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None if retval: diff --git a/waf/urlscan.py b/waf/urlscan.py index 2574e25a2..e41db1cc7 100644 --- a/waf/urlscan.py +++ b/waf/urlscan.py @@ -16,7 +16,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + _, headers, _ = get_page(get=vector) retval = re.search(r"Rejected-By-UrlScan", headers.get(HTTP_HEADER.LOCATION, ""), re.I) is not None if retval: break diff --git a/waf/uspses.py b/waf/uspses.py index 70ecf5f2c..10dedd56e 100644 --- a/waf/uspses.py +++ b/waf/uspses.py @@ -16,7 +16,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + _, headers, _ = get_page(get=vector) retval = re.search(r"Secure Entry Server", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None if retval: break diff --git a/waf/varnish.py b/waf/varnish.py index f630ccd96..434874100 100644 --- a/waf/varnish.py +++ b/waf/varnish.py @@ -16,7 +16,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + _, headers, _ = get_page(get=vector) retval = headers.get("X-Varnish") is not None retval |= re.search(r"varnish\Z", headers.get(HTTP_HEADER.VIA, ""), re.I) is not None if retval: diff --git a/waf/webappsecure.py b/waf/webappsecure.py index 0f22aef51..060c1999d 100644 --- a/waf/webappsecure.py +++ b/waf/webappsecure.py @@ -8,8 +8,8 @@ See the file 'doc/COPYING' for copying permission __product__ = "webApp.secure (webScurity)" def detect(get_page): - page, headers, code = get_page() + _, _, code = get_page() if code == 403: return False - page, headers, code = get_page(get="nx=@@") + _, _, code = get_page(get="nx=@@") return code == 403 diff --git a/waf/webknight.py b/waf/webknight.py index 9a8a6ef36..048ea278c 100644 --- a/waf/webknight.py +++ b/waf/webknight.py @@ -16,7 +16,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + _, headers, code = get_page(get=vector) retVal = code == 999 retval |= re.search(r"WebKnight", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None if retVal: From 6f3511dcc3aac4e14572393b9993538f605dd731 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 8 Jan 2016 10:45:31 +0100 Subject: [PATCH 13/79] Error chunk length bug fix (reported privately) --- lib/techniques/error/use.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lib/techniques/error/use.py b/lib/techniques/error/use.py index 1d3e51034..3ddcf91c4 100644 --- a/lib/techniques/error/use.py +++ b/lib/techniques/error/use.py @@ -74,12 +74,15 @@ def _oneShotErrorUse(expression, field=None, chunkTest=False): testChar = str(current % 10) testQuery = "SELECT %s('%s',%d)" % ("REPEAT" if Backend.isDbms(DBMS.MYSQL) else "REPLICATE", testChar, current) result = unArrayizeValue(_oneShotErrorUse(testQuery, chunkTest=True)) + if result and testChar in result: if result == testChar * current: kb.errorChunkLength = current break else: - current = len(result) - len(kb.chars.stop) + result = re.search(r"\A\w+", result).group(0) + candidate = len(result) - len(kb.chars.stop) + current = candidate if candidate != current else current - 1 else: current = current / 2 From b427f6c03eaf85091eb137a915ce93d527cb1d0b Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 8 Jan 2016 10:52:02 +0100 Subject: [PATCH 14/79] Minor bug fix --- lib/techniques/error/use.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lib/techniques/error/use.py b/lib/techniques/error/use.py index 3ddcf91c4..cef689f21 100644 --- a/lib/techniques/error/use.py +++ b/lib/techniques/error/use.py @@ -197,6 +197,11 @@ def _oneShotErrorUse(expression, field=None, chunkTest=False): _ = "%s(?P.*?)%s" % (kb.chars.start, kb.chars.stop) retVal = extractRegexResult(_, retVal, re.DOTALL | re.IGNORECASE) or retVal + try: + retVal = re.sub(r"&#x([^;]+);", lambda match: chr(int(match.group(1), 16)), retVal) + except ValueError: + pass + return safecharencode(retVal) if kb.safeCharEncode else retVal def _errorFields(expression, expressionFields, expressionFieldsList, num=None, emptyFields=None, suppressOutput=False): From e3650342bd815526a2c1e560ba1ea48c4ba55440 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 8 Jan 2016 11:47:12 +0100 Subject: [PATCH 15/79] Fixes #1639 --- lib/core/convert.py | 2 ++ lib/techniques/error/use.py | 5 ----- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/lib/core/convert.py b/lib/core/convert.py index 8af9371d0..00db9fea1 100644 --- a/lib/core/convert.py +++ b/lib/core/convert.py @@ -8,6 +8,7 @@ See the file 'doc/COPYING' for copying permission import base64 import json import pickle +import re import StringIO import sys import types @@ -159,6 +160,7 @@ def htmlunescape(value): if value and isinstance(value, basestring): codes = (('<', '<'), ('>', '>'), ('"', '"'), (' ', ' '), ('&', '&')) retVal = reduce(lambda x, y: x.replace(y[0], y[1]), codes, retVal) + retVal = re.sub(r"&#x([^;]+);", lambda match: chr(int(match.group(1), 16)), retVal) return retVal def singleTimeWarnMessage(message): # Cross-linked function diff --git a/lib/techniques/error/use.py b/lib/techniques/error/use.py index cef689f21..3ddcf91c4 100644 --- a/lib/techniques/error/use.py +++ b/lib/techniques/error/use.py @@ -197,11 +197,6 @@ def _oneShotErrorUse(expression, field=None, chunkTest=False): _ = "%s(?P.*?)%s" % (kb.chars.start, kb.chars.stop) retVal = extractRegexResult(_, retVal, re.DOTALL | re.IGNORECASE) or retVal - try: - retVal = re.sub(r"&#x([^;]+);", lambda match: chr(int(match.group(1), 16)), retVal) - except ValueError: - pass - return safecharencode(retVal) if kb.safeCharEncode else retVal def _errorFields(expression, expressionFields, expressionFieldsList, num=None, emptyFields=None, suppressOutput=False): From c7ea3d65bea93f27af51a5bff360da988fc31db4 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 8 Jan 2016 15:33:14 +0100 Subject: [PATCH 16/79] Fixes #1644 --- lib/core/option.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/core/option.py b/lib/core/option.py index 1e79761d2..4fcebecc7 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -639,7 +639,7 @@ def _findPageForms(): except KeyboardInterrupt: break except Exception, ex: - errMsg = "problem occurred while searching for forms at '%s' ('%s')" % (target, ex) + errMsg = "problem occurred while searching for forms at '%s' ('%s')" % (target, getSafeExString(ex)) logger.error(errMsg) def _setDBMSAuthentication(): From de06ae68034a8343dbd8fd7d277eed63b8858e76 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 8 Jan 2016 23:10:32 +0100 Subject: [PATCH 17/79] Fixes #1647 --- lib/core/convert.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lib/core/convert.py b/lib/core/convert.py index 00db9fea1..dbcbb233b 100644 --- a/lib/core/convert.py +++ b/lib/core/convert.py @@ -160,7 +160,10 @@ def htmlunescape(value): if value and isinstance(value, basestring): codes = (('<', '<'), ('>', '>'), ('"', '"'), (' ', ' '), ('&', '&')) retVal = reduce(lambda x, y: x.replace(y[0], y[1]), codes, retVal) - retVal = re.sub(r"&#x([^;]+);", lambda match: chr(int(match.group(1), 16)), retVal) + try: + retVal = re.sub(r"&#x([^;]+);", lambda match: unichr(int(match.group(1), 16)), retVal) + except ValueError: + pass return retVal def singleTimeWarnMessage(message): # Cross-linked function From 48ac2101f2b83fe50ef50b62e44df77e1da7ab10 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 8 Jan 2016 23:23:41 +0100 Subject: [PATCH 18/79] Using only once the dummy checkWaf payload --- lib/controller/checks.py | 13 +++++++++++++ lib/core/enums.py | 1 + 2 files changed, 14 insertions(+) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index a62d61e03..5546b73b4 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -25,6 +25,8 @@ from lib.core.common import getPublicTypeMembers from lib.core.common import getSafeExString from lib.core.common import getSortedInjectionTests from lib.core.common import getUnicode +from lib.core.common import hashDBRetrieve +from lib.core.common import hashDBWrite from lib.core.common import intersect from lib.core.common import listToStrValue from lib.core.common import parseFilePaths @@ -48,6 +50,7 @@ from lib.core.datatype import InjectionDict from lib.core.decorators import cachedmethod from lib.core.dicts import FROM_DUMMY_TABLE from lib.core.enums import DBMS +from lib.core.enums import HASHDB_KEYS from lib.core.enums import HEURISTIC_TEST from lib.core.enums import HTTP_HEADER from lib.core.enums import HTTPMETHOD @@ -1155,6 +1158,14 @@ def checkWaf(): if any((conf.string, conf.notString, conf.regexp, conf.dummy, conf.offline, conf.skipWaf)): return None + _ = hashDBRetrieve(HASHDB_KEYS.CHECK_WAF_RESULT, True) + if _ is not None: + if _: + warnMsg = "previous heuristics detected that the target " + warnMsg += "is protected by some kind of WAF/IPS/IDS" + logger.critical(warnMsg) + return _ + infoMsg = "checking if the target is protected by " infoMsg += "some kind of WAF/IPS/IDS" logger.info(infoMsg) @@ -1193,6 +1204,8 @@ def checkWaf(): logger.warning("dropping timeout to %d seconds (i.e. '--timeout=%d')" % (IDS_WAF_CHECK_TIMEOUT, IDS_WAF_CHECK_TIMEOUT)) conf.timeout = IDS_WAF_CHECK_TIMEOUT + hashDBWrite(HASHDB_KEYS.CHECK_WAF_RESULT, retVal, True) + return retVal def identifyWaf(): diff --git a/lib/core/enums.py b/lib/core/enums.py index 78b6f62fd..1bb4fcbbf 100644 --- a/lib/core/enums.py +++ b/lib/core/enums.py @@ -194,6 +194,7 @@ class OPTION_TYPE: class HASHDB_KEYS: DBMS = "DBMS" + CHECK_WAF_RESULT = "CHECK_WAF_RESULT" CONF_TMP_PATH = "CONF_TMP_PATH" KB_ABS_FILE_PATHS = "KB_ABS_FILE_PATHS" KB_BRUTE_COLUMNS = "KB_BRUTE_COLUMNS" From 3c9be947c572876ef9a890929b77df5b9c817b2b Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sat, 9 Jan 2016 00:15:05 +0100 Subject: [PATCH 19/79] Fixes #1649 --- lib/core/common.py | 2 +- lib/core/option.py | 1 + plugins/generic/entries.py | 10 ++++++++++ 3 files changed, 12 insertions(+), 1 deletion(-) diff --git a/lib/core/common.py b/lib/core/common.py index 1cc38df59..a97d49649 100755 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -3852,7 +3852,7 @@ def hashDBRetrieve(key, unserialize=False, checkConf=False): _ = "%s%s%s" % (conf.url or "%s%s" % (conf.hostname, conf.port), key, HASHDB_MILESTONE_VALUE) retVal = conf.hashDB.retrieve(_, unserialize) if kb.resumeValues and not (checkConf and any((conf.flushSession, conf.freshQueries))) else None - if not kb.inferenceMode and not kb.fileReadMode and any(_ in (retVal or "") for _ in (PARTIAL_VALUE_MARKER, PARTIAL_HEX_VALUE_MARKER)): + if not kb.inferenceMode and not kb.fileReadMode and isinstance(retVal, basestring) and any(_ in retVal for _ in (PARTIAL_VALUE_MARKER, PARTIAL_HEX_VALUE_MARKER)): retVal = None return retVal diff --git a/lib/core/option.py b/lib/core/option.py index 4fcebecc7..38654ee8d 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -1915,6 +1915,7 @@ def _setKnowledgeBaseAttributes(flushAll=True): kb.timeValidCharsRun = 0 kb.uChar = NULL kb.unionDuplicates = False + kb.whereCollectTimes = False kb.xpCmdshellAvailable = False if flushAll: diff --git a/plugins/generic/entries.py b/plugins/generic/entries.py index 6289555c6..5c83de4a4 100644 --- a/plugins/generic/entries.py +++ b/plugins/generic/entries.py @@ -19,7 +19,9 @@ from lib.core.common import isListLike from lib.core.common import isNoneValue from lib.core.common import isNumPosStrValue from lib.core.common import isTechniqueAvailable +from lib.core.common import popValue from lib.core.common import prioritySortColumns +from lib.core.common import pushValue from lib.core.common import readInput from lib.core.common import safeSQLIdentificatorNaming from lib.core.common import unArrayizeValue @@ -234,6 +236,10 @@ class Entries: query = whereQuery(query) + if conf.dumpWhere: + kb.whereResponseTimes = True + pushValue(kb.responseTimes) + count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) lengths = {} @@ -322,6 +328,10 @@ class Entries: warnMsg = "Ctrl+C detected in dumping phase" logger.warn(warnMsg) + if conf.dumpWhere: + kb.responseTimes = popValue() + kb.whereResponseTimes = False + for column, columnEntries in entries.items(): length = max(lengths[column], len(column)) From 0f8a551227b764cd80ead916fbea5ef4299c1985 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sat, 9 Jan 2016 00:55:01 +0100 Subject: [PATCH 20/79] Potential patch for #1636 --- lib/techniques/blind/inference.py | 18 ++++++++++++++++++ plugins/generic/entries.py | 4 ++-- 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/lib/techniques/blind/inference.py b/lib/techniques/blind/inference.py index cf8e2dad5..aa04ceb9c 100644 --- a/lib/techniques/blind/inference.py +++ b/lib/techniques/blind/inference.py @@ -5,6 +5,7 @@ Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ +import re import threading import time @@ -25,6 +26,7 @@ from lib.core.common import getPartRun from lib.core.common import hashDBRetrieve from lib.core.common import hashDBWrite from lib.core.common import incrementCounter +from lib.core.common import randomInt from lib.core.common import safeStringFormat from lib.core.common import singleTimeWarnMessage from lib.core.data import conf @@ -42,6 +44,7 @@ from lib.core.settings import INFERENCE_UNKNOWN_CHAR from lib.core.settings import INFERENCE_GREATER_CHAR from lib.core.settings import INFERENCE_EQUALS_CHAR from lib.core.settings import INFERENCE_NOT_EQUALS_CHAR +from lib.core.settings import MIN_TIME_RESPONSES from lib.core.settings import MAX_BISECTION_LENGTH from lib.core.settings import MAX_TIME_REVALIDATION_STEPS from lib.core.settings import PARTIAL_HEX_VALUE_MARKER @@ -267,6 +270,21 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None unescapedCharValue = unescaper.escape("'%s'" % decodeIntToUnicode(posValue)) forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx)).replace(markingValue, unescapedCharValue) + if timeBasedCompare and kb.whereCollectTimes: + kb.responseTimes = [] + + warnMsg = "\n[%s] [WARNING] time-based comparison requires " % time.strftime("%X") + warnMsg += "larger statistical model, please wait" + dataToStdout(warnMsg) + + while len(kb.responseTimes) < MIN_TIME_RESPONSES: + falseWherePayload = re.sub(r"\b%s\b" % posValue, str(randomInt(6)), forgedPayload) + Request.queryPage(falseWherePayload, content=True, raise404=False) + dataToStdout('.') + + dataToStdout("\n") + kb.whereCollectTimes = False + result = Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare, raise404=False) incrementCounter(kb.technique) diff --git a/plugins/generic/entries.py b/plugins/generic/entries.py index 5c83de4a4..ceabe2eb8 100644 --- a/plugins/generic/entries.py +++ b/plugins/generic/entries.py @@ -237,7 +237,7 @@ class Entries: query = whereQuery(query) if conf.dumpWhere: - kb.whereResponseTimes = True + kb.whereCollectTimes = True pushValue(kb.responseTimes) count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) @@ -330,7 +330,7 @@ class Entries: if conf.dumpWhere: kb.responseTimes = popValue() - kb.whereResponseTimes = False + kb.whereCollectTimes = False for column, columnEntries in entries.items(): length = max(lengths[column], len(column)) From 5908964db4518ad3a372aa3d5ede3c171aa9cfd9 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sat, 9 Jan 2016 17:32:19 +0100 Subject: [PATCH 21/79] Another (better) patch for #1636 --- lib/core/common.py | 6 +++--- lib/core/option.py | 5 +++-- lib/core/settings.py | 3 +++ lib/request/connect.py | 24 +++++++++++++++--------- lib/request/inject.py | 4 +++- lib/techniques/blind/inference.py | 24 ++++++++++-------------- plugins/generic/entries.py | 8 -------- 7 files changed, 37 insertions(+), 37 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index a97d49649..8cf95a16a 100755 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -2222,16 +2222,16 @@ def wasLastResponseDelayed(): # response times should be inside +-7*stdev([normal response times]) # Math reference: http://www.answers.com/topic/standard-deviation - deviation = stdev(kb.responseTimes) + deviation = stdev(kb.responseTimes.get(kb.responseTimeMode, [])) threadData = getCurrentThreadData() if deviation and not conf.direct: - if len(kb.responseTimes) < MIN_TIME_RESPONSES: + if len(kb.responseTimes[kb.responseTimeMode]) < MIN_TIME_RESPONSES: warnMsg = "time-based standard deviation method used on a model " warnMsg += "with less than %d response times" % MIN_TIME_RESPONSES logger.warn(warnMsg) - lowerStdLimit = average(kb.responseTimes) + TIME_STDEV_COEFF * deviation + lowerStdLimit = average(kb.responseTimes[kb.responseTimeMode]) + TIME_STDEV_COEFF * deviation retVal = (threadData.lastQueryDuration >= max(MIN_VALID_DELAYED_RESPONSE, lowerStdLimit)) if not kb.testMode and retVal: diff --git a/lib/core/option.py b/lib/core/option.py index 38654ee8d..423871938 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -1891,7 +1891,9 @@ def _setKnowledgeBaseAttributes(flushAll=True): kb.reflectiveCounters = {REFLECTIVE_COUNTER.MISS: 0, REFLECTIVE_COUNTER.HIT: 0} kb.requestCounter = 0 kb.resendPostOnRedirect = None - kb.responseTimes = [] + kb.responseTimes = {} + kb.responseTimeMode = None + kb.responseTimePayload = None kb.resumeValues = True kb.safeCharEncode = False kb.safeReq = AttribDict() @@ -1915,7 +1917,6 @@ def _setKnowledgeBaseAttributes(flushAll=True): kb.timeValidCharsRun = 0 kb.uChar = NULL kb.unionDuplicates = False - kb.whereCollectTimes = False kb.xpCmdshellAvailable = False if flushAll: diff --git a/lib/core/settings.py b/lib/core/settings.py index aa194119d..510365054 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -61,6 +61,9 @@ URI_QUESTION_MARKER = "__QUESTION_MARK__" ASTERISK_MARKER = "__ASTERISK_MARK__" REPLACEMENT_MARKER = "__REPLACEMENT_MARK__" +RANDOM_INTEGER_MARKER = "[RANDINT]" +RANDOM_STRING_MARKER = "[RANDSTR]" + PAYLOAD_DELIMITER = "__PAYLOAD_DELIMITER__" CHAR_INFERENCE_MARK = "%c" PRINTABLE_CHAR_REGEX = r"[^\x00-\x1f\x7f-\xff]" diff --git a/lib/request/connect.py b/lib/request/connect.py index cffc9da60..eec80328d 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -97,6 +97,8 @@ from lib.core.settings import LARGE_CHUNK_TRIM_MARKER from lib.core.settings import PAYLOAD_DELIMITER from lib.core.settings import PERMISSION_DENIED_REGEX from lib.core.settings import PLAIN_TEXT_CONTENT_TYPE +from lib.core.settings import RANDOM_INTEGER_MARKER +from lib.core.settings import RANDOM_STRING_MARKER from lib.core.settings import REPLACEMENT_MARKER from lib.core.settings import TEXT_CONTENT_TYPE_REGEX from lib.core.settings import UNENCODED_ORIGINAL_VALUE @@ -1020,34 +1022,37 @@ class Connect(object): post = urlencode(post, spaceplus=kb.postSpaceToPlus) if timeBasedCompare: - if len(kb.responseTimes) < MIN_TIME_RESPONSES: + if len(kb.responseTimes.get(kb.responseTimeMode, [])) < MIN_TIME_RESPONSES: clearConsoleLine() + kb.responseTimes.setdefault(kb.responseTimeMode, []) + if conf.tor: warnMsg = "it's highly recommended to avoid usage of switch '--tor' for " warnMsg += "time-based injections because of its high latency time" singleTimeWarnMessage(warnMsg) - warnMsg = "[%s] [WARNING] time-based comparison requires " % time.strftime("%X") + warnMsg = "[%s] [WARNING] %stime-based comparison requires " % (time.strftime("%X"), "(case) " if kb.responseTimeMode else "") warnMsg += "larger statistical model, please wait" dataToStdout(warnMsg) - while len(kb.responseTimes) < MIN_TIME_RESPONSES: - Connect.queryPage(content=True) + while len(kb.responseTimes[kb.responseTimeMode]) < MIN_TIME_RESPONSES: + value = kb.responseTimePayload.replace(RANDOM_INTEGER_MARKER, str(randomInt(6))).replace(RANDOM_STRING_MARKER, randomStr()) if kb.responseTimePayload else kb.responseTimePayload + Connect.queryPage(value=value, content=True, raise404=False) dataToStdout('.') - dataToStdout("\n") + dataToStdout(" (done)\n") elif not kb.testMode: - warnMsg = "it is very important not to stress the network adapter " + warnMsg = "it is very important to not stress the network adapter " warnMsg += "during usage of time-based payloads to prevent potential " - warnMsg += "errors " + warnMsg += "disruptions " singleTimeWarnMessage(warnMsg) if not kb.laggingChecked: kb.laggingChecked = True - deviation = stdev(kb.responseTimes) + deviation = stdev(kb.responseTimes[kb.responseTimeMode]) if deviation > WARN_TIME_STDEV: kb.adjustTimeDelay = ADJUST_TIME_DELAY.DISABLE @@ -1115,7 +1120,8 @@ class Connect(object): if timeBasedCompare: return wasLastResponseDelayed() elif noteResponseTime: - kb.responseTimes.append(threadData.lastQueryDuration) + kb.responseTimes.setdefault(kb.responseTimeMode, []) + kb.responseTimes[kb.responseTimeMode].append(threadData.lastQueryDuration) if not response and removeReflection: page = removeReflectiveValues(page, payload) diff --git a/lib/request/inject.py b/lib/request/inject.py index 4a3594115..bd83287b9 100644 --- a/lib/request/inject.py +++ b/lib/request/inject.py @@ -432,6 +432,8 @@ def getValue(expression, blind=True, union=True, error=True, time=True, fromUser found = (value is not None) or (value is None and expectingNone) or count >= MAX_TECHNIQUES_PER_VALUE if time and (isTechniqueAvailable(PAYLOAD.TECHNIQUE.TIME) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED)) and not found: + kb.responseTimeMode = re.sub(r"(?i)[^a-z]", "", re.sub(r"'[^']+'", "", expression)) if re.search(r"(?i)SELECT.+FROM", expression) else None + if isTechniqueAvailable(PAYLOAD.TECHNIQUE.TIME): kb.technique = PAYLOAD.TECHNIQUE.TIME else: @@ -441,7 +443,6 @@ def getValue(expression, blind=True, union=True, error=True, time=True, fromUser value = _goBooleanProxy(booleanExpression) else: value = _goInferenceProxy(query, fromUser, batch, unpack, charsetType, firstChar, lastChar, dump) - else: errMsg = "none of the injection types identified can be " errMsg += "leveraged to retrieve queries output" @@ -449,6 +450,7 @@ def getValue(expression, blind=True, union=True, error=True, time=True, fromUser finally: kb.resumeValues = True + kb.responseTimeMode = None conf.tbl = popValue() conf.db = popValue() diff --git a/lib/techniques/blind/inference.py b/lib/techniques/blind/inference.py index aa04ceb9c..41b54d7ca 100644 --- a/lib/techniques/blind/inference.py +++ b/lib/techniques/blind/inference.py @@ -47,8 +47,10 @@ from lib.core.settings import INFERENCE_NOT_EQUALS_CHAR from lib.core.settings import MIN_TIME_RESPONSES from lib.core.settings import MAX_BISECTION_LENGTH from lib.core.settings import MAX_TIME_REVALIDATION_STEPS +from lib.core.settings import NULL from lib.core.settings import PARTIAL_HEX_VALUE_MARKER from lib.core.settings import PARTIAL_VALUE_MARKER +from lib.core.settings import RANDOM_INTEGER_MARKER from lib.core.settings import VALID_TIME_CHARS_RUN_THRESHOLD from lib.core.threads import getCurrentThreadData from lib.core.threads import runThreads @@ -261,29 +263,23 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None while len(charTbl) != 1: position = (len(charTbl) >> 1) posValue = charTbl[position] + falsePayload = None if "'%s'" % CHAR_INFERENCE_MARK not in payload: forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx, posValue)) + falsePayload = safeStringFormat(payload, (expressionUnescaped, idx, RANDOM_INTEGER_MARKER)) else: # e.g.: ... > '%c' -> ... > ORD(..) markingValue = "'%s'" % CHAR_INFERENCE_MARK unescapedCharValue = unescaper.escape("'%s'" % decodeIntToUnicode(posValue)) forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx)).replace(markingValue, unescapedCharValue) + falsePayload = safeStringFormat(payload, (expressionUnescaped, idx)).replace(markingValue, NULL) - if timeBasedCompare and kb.whereCollectTimes: - kb.responseTimes = [] - - warnMsg = "\n[%s] [WARNING] time-based comparison requires " % time.strftime("%X") - warnMsg += "larger statistical model, please wait" - dataToStdout(warnMsg) - - while len(kb.responseTimes) < MIN_TIME_RESPONSES: - falseWherePayload = re.sub(r"\b%s\b" % posValue, str(randomInt(6)), forgedPayload) - Request.queryPage(falseWherePayload, content=True, raise404=False) - dataToStdout('.') - - dataToStdout("\n") - kb.whereCollectTimes = False + if timeBasedCompare: + if kb.responseTimeMode: + kb.responseTimePayload = falsePayload + else: + kb.responseTimePayload = None result = Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare, raise404=False) incrementCounter(kb.technique) diff --git a/plugins/generic/entries.py b/plugins/generic/entries.py index ceabe2eb8..86e088ef3 100644 --- a/plugins/generic/entries.py +++ b/plugins/generic/entries.py @@ -236,10 +236,6 @@ class Entries: query = whereQuery(query) - if conf.dumpWhere: - kb.whereCollectTimes = True - pushValue(kb.responseTimes) - count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) lengths = {} @@ -328,10 +324,6 @@ class Entries: warnMsg = "Ctrl+C detected in dumping phase" logger.warn(warnMsg) - if conf.dumpWhere: - kb.responseTimes = popValue() - kb.whereCollectTimes = False - for column, columnEntries in entries.items(): length = max(lengths[column], len(column)) From 85b35f44a0683f3b859cde4f340721600ea756cd Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sat, 9 Jan 2016 17:39:53 +0100 Subject: [PATCH 22/79] Minor refactoring for #1637 --- xml/errors.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xml/errors.xml b/xml/errors.xml index 4617309cb..0f7ea9b0a 100644 --- a/xml/errors.xml +++ b/xml/errors.xml @@ -54,7 +54,7 @@ - + From 6b40e0aa8c691f1e93c6ec08dfad67b29b5b50ff Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sun, 10 Jan 2016 02:08:23 +0100 Subject: [PATCH 23/79] Minor style update (nongit-version) --- lib/core/settings.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 510365054..7508c6b33 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -22,7 +22,7 @@ from lib.core.revision import getRevisionNumber # sqlmap version and site VERSION = "1.0-dev" REVISION = getRevisionNumber() -VERSION_STRING = "sqlmap/%s%s" % (VERSION, "-%s" % REVISION if REVISION else "-nongit-%s%04x" % (time.strftime("%Y%m%d", time.gmtime(os.path.getmtime(__file__))), os.path.getsize(os.path.join(os.path.dirname(__file__), "common.py")) & 0xffff)) +VERSION_STRING = "sqlmap/%s%s" % (VERSION, "-%s" % REVISION if REVISION else "-nongit-%s-%04x" % (time.strftime("%Y%m%d", time.gmtime(os.path.getmtime(__file__))), os.path.getsize(os.path.join(os.path.dirname(__file__), "common.py")) & 0xffff)) DESCRIPTION = "automatic SQL injection and database takeover tool" SITE = "http://sqlmap.org" ISSUES_PAGE = "https://github.com/sqlmapproject/sqlmap/issues/new" From 8b01996adfff805e204394baabf66eaa49ea2502 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sun, 10 Jan 2016 22:59:40 +0100 Subject: [PATCH 24/79] Patch related to the #1655 --- lib/techniques/error/use.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/techniques/error/use.py b/lib/techniques/error/use.py index 3ddcf91c4..2c33d2334 100644 --- a/lib/techniques/error/use.py +++ b/lib/techniques/error/use.py @@ -95,7 +95,7 @@ def _oneShotErrorUse(expression, field=None, chunkTest=False): try: while True: check = "%s(?P.*?)%s" % (kb.chars.start, kb.chars.stop) - trimcheck = "%s(?P[^<]*)" % (kb.chars.start) + trimcheck = r"%s(?P[^<\n]*)" % (kb.chars.start) if field: nulledCastedField = agent.nullAndCastField(field) From e519ed2e1845894ed0fcbdd9af3555b249afc1c7 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sun, 10 Jan 2016 23:07:11 +0100 Subject: [PATCH 25/79] Another patch related to the #1655 --- lib/techniques/error/use.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/techniques/error/use.py b/lib/techniques/error/use.py index 2c33d2334..04ce9cca5 100644 --- a/lib/techniques/error/use.py +++ b/lib/techniques/error/use.py @@ -94,7 +94,7 @@ def _oneShotErrorUse(expression, field=None, chunkTest=False): if retVal is None or partialValue: try: while True: - check = "%s(?P.*?)%s" % (kb.chars.start, kb.chars.stop) + check = r"%s(?P.*?)%s" % (kb.chars.start, kb.chars.stop) trimcheck = r"%s(?P[^<\n]*)" % (kb.chars.start) if field: @@ -153,7 +153,7 @@ def _oneShotErrorUse(expression, field=None, chunkTest=False): logger.warn(warnMsg) if not kb.testMode: - check = "(?P.*?)%s" % kb.chars.stop[:2] + check = r"(?P[^<>\n]*?)%s" % kb.chars.stop[:2] output = extractRegexResult(check, trimmed, re.IGNORECASE) if not output: From e53e4dddf10ab45b924075ed1d3e4f03f43be650 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sun, 10 Jan 2016 23:12:46 +0100 Subject: [PATCH 26/79] Minor patch --- lib/core/option.py | 3 --- lib/techniques/error/use.py | 2 +- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/lib/core/option.py b/lib/core/option.py index 423871938..10e48022d 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -2254,9 +2254,6 @@ def _setTorSocksProxySettings(): socks.wrapmodule(urllib2) def _checkWebSocket(): - infoMsg = "checking for WebSocket" - logger.debug(infoMsg) - if conf.url and (conf.url.startswith("ws:/") or conf.url.startswith("wss:/")): try: from websocket import ABNF diff --git a/lib/techniques/error/use.py b/lib/techniques/error/use.py index 04ce9cca5..cb7fb7f02 100644 --- a/lib/techniques/error/use.py +++ b/lib/techniques/error/use.py @@ -75,7 +75,7 @@ def _oneShotErrorUse(expression, field=None, chunkTest=False): testQuery = "SELECT %s('%s',%d)" % ("REPEAT" if Backend.isDbms(DBMS.MYSQL) else "REPLICATE", testChar, current) result = unArrayizeValue(_oneShotErrorUse(testQuery, chunkTest=True)) - if result and testChar in result: + if (result or "").startswith(testChar): if result == testChar * current: kb.errorChunkLength = current break From 2280cd191ab9d5a4c36fbce1e00aa63d09f5df2d Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sun, 10 Jan 2016 23:15:43 +0100 Subject: [PATCH 27/79] Fixes #1654 --- lib/request/connect.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/request/connect.py b/lib/request/connect.py index eec80328d..d7305637b 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -984,7 +984,7 @@ class Connect(object): if name != "__builtins__" and originals.get(name, "") != value: if isinstance(value, (basestring, int)): found = False - value = unicode(value) + value = getUnicode(value) regex = r"((\A|%s)%s=).+?(%s|\Z)" % (re.escape(delimiter), re.escape(name), re.escape(delimiter)) if re.search(regex, (get or "")): From ab3ff0257ae94b951361070089d658d7a74b7268 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sun, 10 Jan 2016 23:27:32 +0100 Subject: [PATCH 28/79] Minor patch --- sqlmap.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sqlmap.py b/sqlmap.py index 845af2607..d5f6a0f99 100755 --- a/sqlmap.py +++ b/sqlmap.py @@ -191,12 +191,12 @@ def main(): if conf.get("showTime"): dataToStdout("\n[*] shutting down at %s\n\n" % time.strftime("%X"), forceOutput=True) - if kb.get("tempDir"): - shutil.rmtree(kb.tempDir, ignore_errors=True) - kb.threadContinue = False kb.threadException = True + if kb.get("tempDir"): + shutil.rmtree(kb.tempDir, ignore_errors=True) + if conf.get("hashDB"): try: conf.hashDB.flush(True) From 1f01d6022c752b8bbc0a94e82408c144101831a0 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sun, 10 Jan 2016 23:50:24 +0100 Subject: [PATCH 29/79] Minor style update --- lib/core/profiling.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/lib/core/profiling.py b/lib/core/profiling.py index b581a3955..a748d1ba0 100644 --- a/lib/core/profiling.py +++ b/lib/core/profiling.py @@ -26,9 +26,8 @@ def profile(profileOutputFile=None, dotOutputFile=None, imageOutputFile=None): import gtk import pydot except ImportError, e: - errMsg = "profiling requires third-party libraries (%s). " % getUnicode(e, UNICODE_ENCODING) - errMsg += "Quick steps:%s" % os.linesep - errMsg += "1) sudo apt-get install python-pydot python-pyparsing python-profiler graphviz" + errMsg = "profiling requires third-party libraries ('%s') " % getUnicode(e, UNICODE_ENCODING) + errMsg += "(Hint: 'sudo apt-get install python-pydot python-pyparsing python-profiler graphviz')" logger.error(errMsg) return From 78a512500d1061c858e53700f9f5cc9bcedb56a9 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 11 Jan 2016 00:03:22 +0100 Subject: [PATCH 30/79] Better place for setting flags --- sqlmap.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sqlmap.py b/sqlmap.py index d5f6a0f99..45d1199b4 100755 --- a/sqlmap.py +++ b/sqlmap.py @@ -188,12 +188,12 @@ def main(): pass finally: - if conf.get("showTime"): - dataToStdout("\n[*] shutting down at %s\n\n" % time.strftime("%X"), forceOutput=True) - kb.threadContinue = False kb.threadException = True + if conf.get("showTime"): + dataToStdout("\n[*] shutting down at %s\n\n" % time.strftime("%X"), forceOutput=True) + if kb.get("tempDir"): shutil.rmtree(kb.tempDir, ignore_errors=True) From 7e78554e9783f6711f7bb5f08728f23c98e31df5 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 11 Jan 2016 00:08:38 +0100 Subject: [PATCH 31/79] For frenzy Ctrl-C pressing --- lib/core/option.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/core/option.py b/lib/core/option.py index 10e48022d..aa2b7869d 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -1039,6 +1039,8 @@ def _setSocketPreConnect(): socket._ready[key].append(s._sock) except socket.error: pass + except KeyboardInterrupt: + break finally: time.sleep(0.01) From a0b67418c7e9e0831ea073d6bc79c51fbd6733ad Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 11 Jan 2016 00:34:03 +0100 Subject: [PATCH 32/79] Just in case update --- lib/core/option.py | 4 +++- lib/request/connect.py | 3 +++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/lib/core/option.py b/lib/core/option.py index aa2b7869d..a412f20d1 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -1028,7 +1028,7 @@ def _setSocketPreConnect(): return def _(): - while kb.threadContinue: + while kb.threadContinue and not conf.disablePrecon: try: for key in socket._ready: if len(socket._ready[key]) < SOCKET_PRE_CONNECT_QUEUE_SIZE: @@ -1046,6 +1046,7 @@ def _setSocketPreConnect(): def connect(self, address): found = False + key = (self.family, self.type, self.proto, address) with kb.locks.socket: if key not in socket._ready: @@ -1053,6 +1054,7 @@ def _setSocketPreConnect(): if len(socket._ready[key]) > 0: self._sock = socket._ready[key].pop(0) found = True + if not found: self._connect(address) diff --git a/lib/request/connect.py b/lib/request/connect.py index d7305637b..a3862298b 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -614,6 +614,9 @@ class Connect(object): elif "forcibly closed" in tbMsg or "Connection is already closed" in tbMsg: warnMsg = "connection was forcibly closed by the target URL" elif "timed out" in tbMsg: + singleTimeWarnMessage("turning off pre-connect mechanism because of connection time out(s)") + conf.disablePrecon = True + if kb.testMode and kb.testType not in (None, PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED): singleTimeWarnMessage("there is a possibility that the target (or WAF) is dropping 'suspicious' requests") warnMsg = "connection timed out to the target URL" From 9b716fcce95b01c310f39c7e37bfdc654b336302 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 12 Jan 2016 10:24:28 +0100 Subject: [PATCH 33/79] Patch related to the #1659 --- lib/core/dump.py | 47 +++++++++++++++++++++++++---------------------- 1 file changed, 25 insertions(+), 22 deletions(-) diff --git a/lib/core/dump.py b/lib/core/dump.py index c59854e1c..1c10d82ce 100644 --- a/lib/core/dump.py +++ b/lib/core/dump.py @@ -398,36 +398,39 @@ class Dump(object): self._write(tableValues, content_type=CONTENT_TYPE.DUMP_TABLE) return - _ = re.sub(r"[^\w]", "_", normalizeUnicode(unsafeSQLIdentificatorNaming(db))) - if len(_) < len(db) or IS_WIN and db.upper() in WINDOWS_RESERVED_NAMES: - _ = unicodeencode(re.sub(r"[^\w]", "_", unsafeSQLIdentificatorNaming(db))) - dumpDbPath = os.path.join(conf.dumpPath, "%s-%s" % (_, hashlib.md5(unicodeencode(db)).hexdigest()[:8])) - warnFile = True - else: - dumpDbPath = os.path.join(conf.dumpPath, _) - if conf.dumpFormat == DUMP_FORMAT.SQLITE: replication = Replication(os.path.join(conf.dumpPath, "%s.sqlite3" % unsafeSQLIdentificatorNaming(db))) elif conf.dumpFormat in (DUMP_FORMAT.CSV, DUMP_FORMAT.HTML): + dumpDbPath = os.path.join(conf.dumpPath, unsafeSQLIdentificatorNaming(db)) + if not os.path.isdir(dumpDbPath): try: os.makedirs(dumpDbPath, 0755) - except (OSError, IOError), ex: - try: - tempDir = tempfile.mkdtemp(prefix="sqlmapdb") - except IOError, _: - errMsg = "unable to write to the temporary directory ('%s'). " % _ - errMsg += "Please make sure that your disk is not full and " - errMsg += "that you have sufficient write permissions to " - errMsg += "create temporary files and/or directories" - raise SqlmapSystemException(errMsg) + except: + warnFile = True - warnMsg = "unable to create dump directory " - warnMsg += "'%s' (%s). " % (dumpDbPath, ex) - warnMsg += "Using temporary directory '%s' instead" % tempDir - logger.warn(warnMsg) + _ = unicodeencode(re.sub(r"[^\w]", "_", unsafeSQLIdentificatorNaming(db))) + dumpDbPath = os.path.join(conf.dumpPath, "%s-%s" % (_, hashlib.md5(unicodeencode(db)).hexdigest()[:8])) - dumpDbPath = tempDir + if not os.path.isdir(dumpDbPath): + try: + os.makedirs(dumpDbPath, 0755) + except Exception, ex: + try: + tempDir = tempfile.mkdtemp(prefix="sqlmapdb") + except IOError, _: + errMsg = "unable to write to the temporary directory ('%s'). " % _ + errMsg += "Please make sure that your disk is not full and " + errMsg += "that you have sufficient write permissions to " + errMsg += "create temporary files and/or directories" + raise SqlmapSystemException(errMsg) + + warnMsg = "unable to create dump directory " + warnMsg += "'%s' (%s). " % (dumpDbPath, getSafeExString(ex)) + warnMsg += "Using temporary directory '%s' instead" % tempDir + logger.warn(warnMsg) + + dumpDbPath = tempDir _ = re.sub(r"[^\w]", "_", normalizeUnicode(unsafeSQLIdentificatorNaming(table))) if len(_) < len(table) or IS_WIN and table.upper() in WINDOWS_RESERVED_NAMES: From eb989469f39e29c1473bccada7db3764d8c7b638 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 12 Jan 2016 10:27:04 +0100 Subject: [PATCH 34/79] Minor just in case update --- lib/controller/checks.py | 2 +- lib/core/common.py | 10 +++++----- lib/core/option.py | 14 +++++++------- lib/core/target.py | 3 ++- lib/core/wordlist.py | 5 +++-- lib/utils/hashdb.py | 4 ++-- 6 files changed, 20 insertions(+), 18 deletions(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 5546b73b4..abcb903e6 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -1243,7 +1243,7 @@ def identifyWaf(): found = function(_) except Exception, ex: errMsg = "exception occurred while running " - errMsg += "WAF script for '%s' ('%s')" % (product, ex) + errMsg += "WAF script for '%s' ('%s')" % (product, getSafeExString(ex)) logger.critical(errMsg) found = False diff --git a/lib/core/common.py b/lib/core/common.py index 8cf95a16a..d351fd5e8 100755 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -853,7 +853,7 @@ def dataToTrafficFile(data): conf.trafficFP.flush() except IOError, ex: errMsg = "something went wrong while trying " - errMsg += "to write to the traffic file '%s' ('%s')" % (conf.trafficFile, ex) + errMsg += "to write to the traffic file '%s' ('%s')" % (conf.trafficFile, getSafeExString(ex)) raise SqlmapSystemException(errMsg) def dataToDumpFile(dumpFile, data): @@ -1276,7 +1276,7 @@ def parseTargetUrl(): try: urlSplit = urlparse.urlsplit(conf.url) except ValueError, ex: - errMsg = "invalid URL '%s' has been given ('%s'). " % (conf.url, ex) + errMsg = "invalid URL '%s' has been given ('%s'). " % (conf.url, getSafeExString(ex)) errMsg += "Please be sure that you don't have any leftover characters (e.g. '[' or ']') " errMsg += "in the hostname part" raise SqlmapGenericException(errMsg) @@ -1824,7 +1824,7 @@ def parseXmlFile(xmlFile, handler): parse(stream, handler) except (SAXParseException, UnicodeError), ex: errMsg = "something seems to be wrong with " - errMsg += "the file '%s' ('%s'). Please make " % (xmlFile, ex) + errMsg += "the file '%s' ('%s'). Please make " % (xmlFile, getSafeExString(ex)) errMsg += "sure that you haven't made any changes to it" raise SqlmapInstallationException, errMsg @@ -1885,7 +1885,7 @@ def readCachedFileContent(filename, mode='rb'): kb.cache.content[filename] = f.read() except (IOError, OSError, MemoryError), ex: errMsg = "something went wrong while trying " - errMsg += "to read the content of file '%s' ('%s')" % (filename, ex) + errMsg += "to read the content of file '%s' ('%s')" % (filename, getSafeExString(ex)) raise SqlmapSystemException(errMsg) return kb.cache.content[filename] @@ -2004,7 +2004,7 @@ def getFileItems(filename, commentPrefix='#', unicode_=True, lowercase=False, un retVal.append(line) except (IOError, OSError, MemoryError), ex: errMsg = "something went wrong while trying " - errMsg += "to read the content of file '%s' ('%s')" % (filename, ex) + errMsg += "to read the content of file '%s' ('%s')" % (filename, getSafeExString(ex)) raise SqlmapSystemException(errMsg) return retVal if not unique else retVal.keys() diff --git a/lib/core/option.py b/lib/core/option.py index a412f20d1..eb5688585 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -341,7 +341,7 @@ def _feedTargetsDict(reqFile, addedTargetUrls): content = f.read() except (IOError, OSError, MemoryError), ex: errMsg = "something went wrong while trying " - errMsg += "to read the content of file '%s' ('%s')" % (reqFile, ex) + errMsg += "to read the content of file '%s' ('%s')" % (reqFile, getSafeExString(ex)) raise SqlmapSystemException(errMsg) if conf.scope: @@ -386,7 +386,7 @@ def _loadQueries(): tree.parse(paths.QUERIES_XML) except Exception, ex: errMsg = "something seems to be wrong with " - errMsg += "the file '%s' ('%s'). Please make " % (paths.QUERIES_XML, ex) + errMsg += "the file '%s' ('%s'). Please make " % (paths.QUERIES_XML, getSafeExString(ex)) errMsg += "sure that you haven't made any changes to it" raise SqlmapInstallationException, errMsg @@ -501,7 +501,7 @@ def _setCrawler(): status = "%d/%d links visited (%d%%)" % (i + 1, len(targets), round(100.0 * (i + 1) / len(targets))) dataToStdout("\r[%s] [INFO] %s" % (time.strftime("%X"), status), True) except Exception, ex: - errMsg = "problem occurred while crawling at '%s' ('%s')" % (target, ex) + errMsg = "problem occurred while crawling at '%s' ('%s')" % (target, getSafeExString(ex)) logger.error(errMsg) def _doSearch(): @@ -1098,7 +1098,7 @@ def _setHTTPHandlers(): try: _ = urlparse.urlsplit(conf.proxy) except Exception, ex: - errMsg = "invalid proxy address '%s' ('%s')" % (conf.proxy, ex) + errMsg = "invalid proxy address '%s' ('%s')" % (conf.proxy, getSafeExString(ex)) raise SqlmapSyntaxException, errMsg hostnamePort = _.netloc.split(":") @@ -2059,7 +2059,7 @@ def _saveConfig(): config.write(confFP) except IOError, ex: errMsg = "something went wrong while trying " - errMsg += "to write to the configuration file '%s' ('%s')" % (conf.saveConfig, ex) + errMsg += "to write to the configuration file '%s' ('%s')" % (conf.saveConfig, getSafeExString(ex)) raise SqlmapSystemException(errMsg) infoMsg = "saved command line options to the configuration file '%s'" % conf.saveConfig @@ -2368,14 +2368,14 @@ def _basicOptionValidation(): try: re.compile(conf.regexp) except re.error, ex: - errMsg = "invalid regular expression '%s' ('%s')" % (conf.regexp, ex) + errMsg = "invalid regular expression '%s' ('%s')" % (conf.regexp, getSafeExString(ex)) raise SqlmapSyntaxException(errMsg) if conf.crawlExclude: try: re.compile(conf.crawlExclude) except re.error, ex: - errMsg = "invalid regular expression '%s' ('%s')" % (conf.crawlExclude, ex) + errMsg = "invalid regular expression '%s' ('%s')" % (conf.crawlExclude, getSafeExString(ex)) raise SqlmapSyntaxException(errMsg) if conf.dumpTable and conf.dumpAll: diff --git a/lib/core/target.py b/lib/core/target.py index 487b08351..535d477ff 100644 --- a/lib/core/target.py +++ b/lib/core/target.py @@ -14,6 +14,7 @@ import time import urlparse from lib.core.common import Backend +from lib.core.common import getSafeExString from lib.core.common import getUnicode from lib.core.common import hashDBRetrieve from lib.core.common import intersect @@ -658,7 +659,7 @@ def _createTargetDirs(): errMsg = "you don't have enough permissions " else: errMsg = "something went wrong while trying " - errMsg += "to write to the output directory '%s' (%s)" % (paths.SQLMAP_OUTPUT_PATH, ex) + errMsg += "to write to the output directory '%s' (%s)" % (paths.SQLMAP_OUTPUT_PATH, getSafeExString(ex)) raise SqlmapMissingPrivileges(errMsg) diff --git a/lib/core/wordlist.py b/lib/core/wordlist.py index 06faba0ad..13e763b17 100644 --- a/lib/core/wordlist.py +++ b/lib/core/wordlist.py @@ -8,6 +8,7 @@ See the file 'doc/COPYING' for copying permission import os import zipfile +from lib.core.common import getSafeExString from lib.core.exception import SqlmapDataException from lib.core.exception import SqlmapInstallationException from lib.core.settings import UNICODE_ENCODING @@ -45,7 +46,7 @@ class Wordlist(object): _ = zipfile.ZipFile(self.current, 'r') except zipfile.error, ex: errMsg = "something seems to be wrong with " - errMsg += "the file '%s' ('%s'). Please make " % (self.current, ex) + errMsg += "the file '%s' ('%s'). Please make " % (self.current, getSafeExString(ex)) errMsg += "sure that you haven't made any changes to it" raise SqlmapInstallationException, errMsg if len(_.namelist()) == 0: @@ -71,7 +72,7 @@ class Wordlist(object): retVal = self.iter.next().rstrip() except zipfile.error, ex: errMsg = "something seems to be wrong with " - errMsg += "the file '%s' ('%s'). Please make " % (self.current, ex) + errMsg += "the file '%s' ('%s'). Please make " % (self.current, getSafeExString(ex)) errMsg += "sure that you haven't made any changes to it" raise SqlmapInstallationException, errMsg except StopIteration: diff --git a/lib/utils/hashdb.py b/lib/utils/hashdb.py index 1a455470e..8d1caa2bc 100644 --- a/lib/utils/hashdb.py +++ b/lib/utils/hashdb.py @@ -41,7 +41,7 @@ class HashDB(object): connection.commit() except Exception, ex: errMsg = "error occurred while opening a session " - errMsg += "file '%s' ('%s')" % (self.filepath, ex) + errMsg += "file '%s' ('%s')" % (self.filepath, getSafeExString(ex)) raise SqlmapDataException(errMsg) return threadData.hashDBCursor @@ -83,7 +83,7 @@ class HashDB(object): if not "locked" in getSafeExString(ex): raise except sqlite3.DatabaseError, ex: - errMsg = "error occurred while accessing session file '%s' ('%s'). " % (self.filepath, ex) + errMsg = "error occurred while accessing session file '%s' ('%s'). " % (self.filepath, getSafeExString(ex)) errMsg += "If the problem persists please rerun with `--flush-session`" raise SqlmapDataException, errMsg else: From c37f4855bb6126531064cdb8fa2fd1f03b74037a Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 12 Jan 2016 10:34:56 +0100 Subject: [PATCH 35/79] Another patch for Issue #1659 --- lib/core/dump.py | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/lib/core/dump.py b/lib/core/dump.py index 1c10d82ce..7b8ff5823 100644 --- a/lib/core/dump.py +++ b/lib/core/dump.py @@ -432,13 +432,21 @@ class Dump(object): dumpDbPath = tempDir - _ = re.sub(r"[^\w]", "_", normalizeUnicode(unsafeSQLIdentificatorNaming(table))) - if len(_) < len(table) or IS_WIN and table.upper() in WINDOWS_RESERVED_NAMES: - _ = unicodeencode(re.sub(r"[^\w]", "_", unsafeSQLIdentificatorNaming(table))) - dumpFileName = os.path.join(dumpDbPath, "%s-%s.%s" % (_, hashlib.md5(unicodeencode(table)).hexdigest()[:8], conf.dumpFormat.lower())) - warnFile = True - else: - dumpFileName = os.path.join(dumpDbPath, "%s.%s" % (_, conf.dumpFormat.lower())) + dumpFileName = os.path.join(dumpDbPath, "%s.%s" % (unsafeSQLIdentificatorNaming(table), conf.dumpFormat.lower())) + if not os.path.isfile(dumpFileName): + try: + openFile(dumpFileName, "w+b").close() + except SqlmapSystemException: + raise + except: + warnFile = True + + _ = re.sub(r"[^\w]", "_", normalizeUnicode(unsafeSQLIdentificatorNaming(table))) + if len(_) < len(table) or IS_WIN and table.upper() in WINDOWS_RESERVED_NAMES: + _ = unicodeencode(re.sub(r"[^\w]", "_", unsafeSQLIdentificatorNaming(table))) + dumpFileName = os.path.join(dumpDbPath, "%s-%s.%s" % (_, hashlib.md5(unicodeencode(table)).hexdigest()[:8], conf.dumpFormat.lower())) + else: + dumpFileName = os.path.join(dumpDbPath, "%s.%s" % (_, conf.dumpFormat.lower())) appendToFile = os.path.isfile(dumpFileName) and any((conf.limitStart, conf.limitStop)) dumpFP = openFile(dumpFileName, "wb" if not appendToFile else "ab") From 0c8c4fa0d9c33162ebff463fad355236a1130414 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 13 Jan 2016 14:38:59 +0100 Subject: [PATCH 36/79] Fixes #1663 --- lib/core/dump.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/core/dump.py b/lib/core/dump.py index 7b8ff5823..e5a6c08ea 100644 --- a/lib/core/dump.py +++ b/lib/core/dump.py @@ -398,11 +398,11 @@ class Dump(object): self._write(tableValues, content_type=CONTENT_TYPE.DUMP_TABLE) return + dumpDbPath = os.path.join(conf.dumpPath, unsafeSQLIdentificatorNaming(db)) + if conf.dumpFormat == DUMP_FORMAT.SQLITE: replication = Replication(os.path.join(conf.dumpPath, "%s.sqlite3" % unsafeSQLIdentificatorNaming(db))) elif conf.dumpFormat in (DUMP_FORMAT.CSV, DUMP_FORMAT.HTML): - dumpDbPath = os.path.join(conf.dumpPath, unsafeSQLIdentificatorNaming(db)) - if not os.path.isdir(dumpDbPath): try: os.makedirs(dumpDbPath, 0755) From e9745cc0be2b059b8fa329d98451a5275b9300b2 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 13 Jan 2016 22:47:42 +0100 Subject: [PATCH 37/79] Minor just in case patch --- thirdparty/ansistrm/ansistrm.py | 40 +++++++++++++++++---------------- 1 file changed, 21 insertions(+), 19 deletions(-) diff --git a/thirdparty/ansistrm/ansistrm.py b/thirdparty/ansistrm/ansistrm.py index 95d2b00be..9f3a6c5ec 100644 --- a/thirdparty/ansistrm/ansistrm.py +++ b/thirdparty/ansistrm/ansistrm.py @@ -4,9 +4,22 @@ import logging import os import re +import subprocess +import sys from lib.core.convert import stdoutencode +if subprocess.mswindows: + import ctypes + import ctypes.wintypes + + # Reference: https://gist.github.com/vsajip/758430 + # https://github.com/ipython/ipython/issues/4252 + # https://msdn.microsoft.com/en-us/library/windows/desktop/ms686047%28v=vs.85%29.aspx + ctypes.windll.kernel32.SetConsoleTextAttribute.argtypes = [ctypes.wintypes.HANDLE, ctypes.wintypes.WORD] + ctypes.windll.kernel32.SetConsoleTextAttribute.restype = ctypes.wintypes.BOOL + + class ColorizingStreamHandler(logging.StreamHandler): # color names to indices color_map = { @@ -21,22 +34,13 @@ class ColorizingStreamHandler(logging.StreamHandler): } # levels to (background, foreground, bold/intense) - if os.name == 'nt': - level_map = { - logging.DEBUG: (None, 'blue', False), - logging.INFO: (None, 'green', False), - logging.WARNING: (None, 'yellow', False), - logging.ERROR: (None, 'red', False), - logging.CRITICAL: ('red', 'white', False) - } - else: - level_map = { - logging.DEBUG: (None, 'blue', False), - logging.INFO: (None, 'green', False), - logging.WARNING: (None, 'yellow', False), - logging.ERROR: (None, 'red', False), - logging.CRITICAL: ('red', 'white', False) - } + level_map = { + logging.DEBUG: (None, 'blue', False), + logging.INFO: (None, 'green', False), + logging.WARNING: (None, 'yellow', False), + logging.ERROR: (None, 'red', False), + logging.CRITICAL: ('red', 'white', False) + } csi = '\x1b[' reset = '\x1b[0m' disable_coloring = False @@ -67,7 +71,7 @@ class ColorizingStreamHandler(logging.StreamHandler): except: self.handleError(record) - if os.name != 'nt': + if not subprocess.mswindows: def output_colorized(self, message): self.stream.write(message) else: @@ -85,8 +89,6 @@ class ColorizingStreamHandler(logging.StreamHandler): } def output_colorized(self, message): - import ctypes - parts = self.ansi_esc.split(message) write = self.stream.write h = None From c410f16f3fe4963eb7728ef4a84bbd6c6fcdc04c Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 13 Jan 2016 23:02:11 +0100 Subject: [PATCH 38/79] Fixes #1660 --- lib/core/option.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/core/option.py b/lib/core/option.py index eb5688585..274c3334a 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -1686,7 +1686,7 @@ def _cleanupOptions(): conf.torType = conf.torType.upper() if conf.outputDir: - paths.SQLMAP_OUTPUT_PATH = conf.outputDir + paths.SQLMAP_OUTPUT_PATH = os.path.abspath(os.path.expanduser(conf.outputDir)) setPaths() if conf.string: From 87676eb4bb67c9f17758c12c3902700791669c50 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 13 Jan 2016 23:05:28 +0100 Subject: [PATCH 39/79] Minor update for #1660 --- lib/core/option.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/core/option.py b/lib/core/option.py index 274c3334a..bd2895eb2 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -1686,7 +1686,7 @@ def _cleanupOptions(): conf.torType = conf.torType.upper() if conf.outputDir: - paths.SQLMAP_OUTPUT_PATH = os.path.abspath(os.path.expanduser(conf.outputDir)) + paths.SQLMAP_OUTPUT_PATH = os.path.realpath(os.path.expanduser(conf.outputDir)) setPaths() if conf.string: From 8362bdcf665c8f0840fab86e656c18b0fdb44e85 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 13 Jan 2016 23:16:27 +0100 Subject: [PATCH 40/79] Fix for screw up made by #52dd92748a50bcee4fb979ea49185840ff6743b9 --- lib/controller/checks.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index abcb903e6..2abb875f6 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -108,7 +108,7 @@ def checkSqlInjection(place, parameter, value): # then attempt to identify with a simple DBMS specific boolean-based # test what the DBMS may be if not injection.dbms and PAYLOAD.TECHNIQUE.BOOLEAN in injection.data: - if not Backend.getIdentifiedDbms() and kb.heuristicDbms is False: + if not Backend.getIdentifiedDbms() and kb.heuristicDbms is None: kb.heuristicDbms = heuristicCheckDbms(injection) # If the DBMS has already been fingerprinted (via DBMS-specific From 4e29e1b351f0afbc4c00a67a31ff8f0f1950ab47 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 13 Jan 2016 23:34:42 +0100 Subject: [PATCH 41/79] Fixing wrong commit #4f939b5719716dfe9bd085c4f67696bc11064edd --- lib/controller/checks.py | 3 --- 1 file changed, 3 deletions(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 2abb875f6..ffaf280c6 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -711,9 +711,6 @@ def heuristicCheckDbms(injection): kb.injection = injection for dbms in getPublicTypeMembers(DBMS, True): - if not FROM_DUMMY_TABLE.get(dbms, ""): - continue - randStr1, randStr2 = randomStr(), randomStr() Backend.forceDbms(dbms) From a8c6c6fca14f2f5bc9b1bae2fe10bf6cf286bed2 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 13 Jan 2016 23:47:34 +0100 Subject: [PATCH 42/79] Minor update related to the last one --- lib/controller/checks.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index ffaf280c6..ff5b9c002 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -714,6 +714,9 @@ def heuristicCheckDbms(injection): randStr1, randStr2 = randomStr(), randomStr() Backend.forceDbms(dbms) + if conf.noEscape and dbms not in FROM_DUMMY_TABLE: + continue + if checkBooleanExpression("(SELECT '%s'%s)='%s'" % (randStr1, FROM_DUMMY_TABLE.get(dbms, ""), randStr1)): if not checkBooleanExpression("(SELECT '%s'%s)='%s'" % (randStr1, FROM_DUMMY_TABLE.get(dbms, ""), randStr2)): retVal = dbms From 4c1fc095d82ad0ee7901512a5ed8a9c7908675e8 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 14 Jan 2016 09:59:13 +0100 Subject: [PATCH 43/79] Adding heuristic check for FI vulnerability --- lib/controller/checks.py | 12 +++++++++--- lib/core/settings.py | 4 ++-- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index ff5b9c002..b5d7d2d2a 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -63,7 +63,7 @@ from lib.core.exception import SqlmapNoneDataException from lib.core.exception import SqlmapSilentQuitException from lib.core.exception import SqlmapUserQuitException from lib.core.settings import DEFAULT_GET_POST_DELIMITER -from lib.core.settings import DUMMY_XSS_CHECK_APPENDIX +from lib.core.settings import DUMMY_NON_SQLI_CHECK_APPENDIX from lib.core.settings import FORMAT_EXCEPTION_STRINGS from lib.core.settings import HEURISTIC_CHECK_ALPHABET from lib.core.settings import SUHOSIN_MAX_VALUE_LENGTH @@ -919,7 +919,8 @@ def heuristicCheckSqlInjection(place, parameter): kb.heuristicMode = True - value = "%s%s%s" % (randomStr(), DUMMY_XSS_CHECK_APPENDIX, randomStr()) + randStr1, randStr2 = randomStr(), randomStr() + value = "%s%s%s" % (randStr1, DUMMY_NON_SQLI_CHECK_APPENDIX, randStr2) payload = "%s%s%s" % (prefix, "'%s" % value, suffix) payload = agent.payload(place, parameter, newValue=payload) page, _ = Request.queryPage(payload, place, content=True, raise404=False) @@ -928,7 +929,12 @@ def heuristicCheckSqlInjection(place, parameter): if value in (page or ""): infoMsg = "heuristic (XSS) test shows that %s parameter " % paramType - infoMsg += "'%s' might be vulnerable to XSS attacks" % parameter + infoMsg += "'%s' might be vulnerable to cross-site scripting attacks" % parameter + logger.info(infoMsg) + + if re.search(r"(?i)Failed opening[^\n]+%s" % randStr1, page or ""): + infoMsg = "heuristic (FI) test shows that %s parameter " % paramType + infoMsg += "'%s' might be vulnerable to file inclusion attacks" % parameter logger.info(infoMsg) kb.heuristicMode = False diff --git a/lib/core/settings.py b/lib/core/settings.py index 7508c6b33..52e2ba738 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -548,8 +548,8 @@ DNS_BOUNDARIES_ALPHABET = re.sub("[a-fA-F]", "", string.ascii_letters) # Alphabet used for heuristic checks HEURISTIC_CHECK_ALPHABET = ('"', '\'', ')', '(', ',', '.') -# String used for dummy XSS check of a tested parameter value -DUMMY_XSS_CHECK_APPENDIX = "<'\">" +# String used for dummy non-SQLi (e.g. XSS) check of a tested parameter value +DUMMY_NON_SQLI_CHECK_APPENDIX = "<'\">" # Connection chunk size (processing large responses in chunks to avoid MemoryError crashes - e.g. large table dump in full UNION injections) MAX_CONNECTION_CHUNK_SIZE = 10 * 1024 * 1024 From c78a9cd156c8b94b9f34174ce41924b565b40ab7 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 14 Jan 2016 12:14:00 +0100 Subject: [PATCH 44/79] Consistency patch --- lib/core/common.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index d351fd5e8..a73c24973 100755 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -916,8 +916,7 @@ def readInput(message, default=None, checkBatch=True): retVal = "%s,%s" % (retVal, getUnicode(item, UNICODE_ENCODING)) if retVal: - infoMsg = "%s%s" % (message, retVal) - logger.info(infoMsg) + dataToStdout("\r%s%s\n" % (message, retVal), forceOutput=True, bold=True) debugMsg = "used the given answer" logger.debug(debugMsg) From c7ef9429ae80d31bfe79b5ed9d49d08b77530049 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 14 Jan 2016 13:16:44 +0100 Subject: [PATCH 45/79] Minor check for problematic injections --- lib/controller/checks.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index b5d7d2d2a..e4c597f8f 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -782,6 +782,10 @@ def checkFalsePositives(injection): retVal = None break + elif checkBooleanExpression("%d %d" % (randInt3, randInt2)): + retVal = None + break + if retVal is None: warnMsg = "false positive or unexploitable injection point detected" logger.warn(warnMsg) From bdcf3fffbadfab196a6e563d28f6e70c5d2b2c09 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 14 Jan 2016 13:40:50 +0100 Subject: [PATCH 46/79] Minor update related to the last (error results in OR boolean-based blind should not be the same as True to be able to do proper comparison) --- lib/controller/checks.py | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index e4c597f8f..2476cd5ba 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -446,10 +446,19 @@ def checkSqlInjection(place, parameter, value): truePage = threadData.lastComparisonPage or "" if trueResult and not(truePage == falsePage and not kb.nullConnection): + # Perform the test's False request falseResult = Request.queryPage(genCmpPayload(), place, raise404=False) - # Perform the test's False request if not falseResult: + if kb.negativeLogic: + boundPayload = agent.prefixQuery(kb.data.randomStr, prefix, where, clause) + boundPayload = agent.suffixQuery(boundPayload, comment, suffix, where) + errorPayload = agent.payload(place, parameter, newValue=boundPayload, where=where) + + errorResult = Request.queryPage(errorPayload, place, raise404=False) + if errorResult: + continue + infoMsg = "%s parameter '%s' seems to be '%s' injectable " % (paramType, parameter, title) logger.info(infoMsg) From df8e4b504de07b6c83dd6790656e8faf3a5233fa Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 14 Jan 2016 13:51:30 +0100 Subject: [PATCH 47/79] Patch for special cases of OR boolean-based blind (covered with last two commits) --- xml/payloads/01_boolean_blind.xml | 53 +++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) diff --git a/xml/payloads/01_boolean_blind.xml b/xml/payloads/01_boolean_blind.xml index f10f65c9b..386e167f4 100644 --- a/xml/payloads/01_boolean_blind.xml +++ b/xml/payloads/01_boolean_blind.xml @@ -186,6 +186,22 @@ Tag: + + OR boolean-based blind - WHERE or HAVING clause (NOT) + 1 + 3 + 3 + 1 + 1 + OR NOT [INFERENCE] + + OR NOT [RANDNUM]=[RANDNUM] + + + OR NOT [RANDNUM]=[RANDNUM1] + + + AND boolean-based blind - WHERE or HAVING clause (Generic comment) 1 @@ -220,6 +236,23 @@ Tag: + + OR boolean-based blind - WHERE or HAVING clause (Generic comment) (NOT) + 1 + 4 + 3 + 1 + 1 + OR NOT [INFERENCE] + + OR NOT [RANDNUM]=[RANDNUM] + -- - + + + OR NOT [RANDNUM]=[RANDNUM1] + + + AND boolean-based blind - WHERE or HAVING clause (MySQL comment) 1 @@ -260,6 +293,26 @@ Tag: + + OR boolean-based blind - WHERE or HAVING clause (MySQL comment) (NOT) + 1 + 3 + 3 + 1 + 1 + OR NOT [INFERENCE] + + OR NOT [RANDNUM]=[RANDNUM] + # + + + OR NOT [RANDNUM]=[RANDNUM1] + +
+ MySQL +
+ + AND boolean-based blind - WHERE or HAVING clause (Microsoft Access comment) 1 From 8b90d146f6c03882007cb742a09a6ffa9016e0d0 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 14 Jan 2016 18:02:15 +0100 Subject: [PATCH 48/79] Update of file attributes --- extra/shutils/pyflakes.sh | 0 extra/shutils/regressiontest.py | 0 lib/core/common.py | 0 lib/request/basic.py | 0 4 files changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 extra/shutils/pyflakes.sh mode change 100755 => 100644 extra/shutils/regressiontest.py mode change 100755 => 100644 lib/core/common.py mode change 100755 => 100644 lib/request/basic.py diff --git a/extra/shutils/pyflakes.sh b/extra/shutils/pyflakes.sh old mode 100644 new mode 100755 diff --git a/extra/shutils/regressiontest.py b/extra/shutils/regressiontest.py old mode 100755 new mode 100644 diff --git a/lib/core/common.py b/lib/core/common.py old mode 100755 new mode 100644 diff --git a/lib/request/basic.py b/lib/request/basic.py old mode 100755 new mode 100644 From 59695af10116125f99dc55e47d3b70d1b001f899 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 14 Jan 2016 22:21:47 +0100 Subject: [PATCH 49/79] Minor improvement of heuristic checks --- lib/controller/checks.py | 21 ++++++++++++--------- lib/core/settings.py | 5 ++++- 2 files changed, 16 insertions(+), 10 deletions(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 2476cd5ba..f3167a41f 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -66,13 +66,14 @@ from lib.core.settings import DEFAULT_GET_POST_DELIMITER from lib.core.settings import DUMMY_NON_SQLI_CHECK_APPENDIX from lib.core.settings import FORMAT_EXCEPTION_STRINGS from lib.core.settings import HEURISTIC_CHECK_ALPHABET +from lib.core.settings import IDS_WAF_CHECK_PAYLOAD +from lib.core.settings import IDS_WAF_CHECK_RATIO +from lib.core.settings import IDS_WAF_CHECK_TIMEOUT +from lib.core.settings import NON_SQLI_CHECK_PREFIX_SUFFIX_LENGTH from lib.core.settings import SUHOSIN_MAX_VALUE_LENGTH from lib.core.settings import SUPPORTED_DBMS from lib.core.settings import URI_HTTP_HEADER from lib.core.settings import UPPER_RATIO_BOUND -from lib.core.settings import IDS_WAF_CHECK_PAYLOAD -from lib.core.settings import IDS_WAF_CHECK_RATIO -from lib.core.settings import IDS_WAF_CHECK_TIMEOUT from lib.core.threads import getCurrentThreadData from lib.request.connect import Connect as Request from lib.request.inject import checkBooleanExpression @@ -932,7 +933,7 @@ def heuristicCheckSqlInjection(place, parameter): kb.heuristicMode = True - randStr1, randStr2 = randomStr(), randomStr() + randStr1, randStr2 = randomStr(NON_SQLI_CHECK_PREFIX_SUFFIX_LENGTH), randomStr(NON_SQLI_CHECK_PREFIX_SUFFIX_LENGTH) value = "%s%s%s" % (randStr1, DUMMY_NON_SQLI_CHECK_APPENDIX, randStr2) payload = "%s%s%s" % (prefix, "'%s" % value, suffix) payload = agent.payload(place, parameter, newValue=payload) @@ -940,15 +941,17 @@ def heuristicCheckSqlInjection(place, parameter): paramType = conf.method if conf.method not in (None, HTTPMETHOD.GET, HTTPMETHOD.POST) else place - if value in (page or ""): + if value.lower() in (page or "").lower(): infoMsg = "heuristic (XSS) test shows that %s parameter " % paramType infoMsg += "'%s' might be vulnerable to cross-site scripting attacks" % parameter logger.info(infoMsg) - if re.search(r"(?i)Failed opening[^\n]+%s" % randStr1, page or ""): - infoMsg = "heuristic (FI) test shows that %s parameter " % paramType - infoMsg += "'%s' might be vulnerable to file inclusion attacks" % parameter - logger.info(infoMsg) + for match in re.finditer("(?i)[^\n]*(no such file|failed (to )?open)[^\n]*", page or ""): + if randStr1.lower() in match.group(0).lower(): + infoMsg = "heuristic (FI) test shows that %s parameter " % paramType + infoMsg += "'%s' might be vulnerable to file inclusion attacks" % parameter + logger.info(infoMsg) + break kb.heuristicMode = False diff --git a/lib/core/settings.py b/lib/core/settings.py index 52e2ba738..84a0c67e0 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -548,9 +548,12 @@ DNS_BOUNDARIES_ALPHABET = re.sub("[a-fA-F]", "", string.ascii_letters) # Alphabet used for heuristic checks HEURISTIC_CHECK_ALPHABET = ('"', '\'', ')', '(', ',', '.') -# String used for dummy non-SQLi (e.g. XSS) check of a tested parameter value +# String used for dummy non-SQLi (e.g. XSS) heuristic checks of a tested parameter value DUMMY_NON_SQLI_CHECK_APPENDIX = "<'\">" +# Length of prefix and suffix used in non-SQLI heuristic checks +NON_SQLI_CHECK_PREFIX_SUFFIX_LENGTH = 6 + # Connection chunk size (processing large responses in chunks to avoid MemoryError crashes - e.g. large table dump in full UNION injections) MAX_CONNECTION_CHUNK_SIZE = 10 * 1024 * 1024 From 66eaac862b7300985f09c40a5b5b0a35ad1f7fe7 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 14 Jan 2016 22:47:56 +0100 Subject: [PATCH 50/79] Minor consistency update --- lib/core/dicts.py | 56 +++++++++++++++--------------- plugins/dbms/sybase/enumeration.py | 2 +- 2 files changed, 29 insertions(+), 29 deletions(-) diff --git a/lib/core/dicts.py b/lib/core/dicts.py index 730b8d1ad..9993cab51 100644 --- a/lib/core/dicts.py +++ b/lib/core/dicts.py @@ -40,34 +40,34 @@ FIREBIRD_TYPES = { } SYBASE_TYPES = { - "14": "floatn", - "8": "float", - "15": "datetimn", - "12": "datetime", - "23": "real", - "28": "numericn", - "10": "numeric", - "27": "decimaln", - "26": "decimal", - "17": "moneyn", - "11": "money", - "21": "smallmoney", - "22": "smalldatetime", - "13": "intn", - "7": "int", - "6": "smallint", - "5": "tinyint", - "16": "bit", - "2": "varchar", - "18": "sysname", - "25": "nvarchar", - "1": "char", - "24": "nchar", - "4": "varbinary", - "80": "timestamp", - "3": "binary", - "19": "text", - "20": "image", + 14: "floatn", + 8: "float", + 15: "datetimn", + 12: "datetime", + 23: "real", + 28: "numericn", + 10: "numeric", + 27: "decimaln", + 26: "decimal", + 17: "moneyn", + 11: "money", + 21: "smallmoney", + 22: "smalldatetime", + 13: "intn", + 7: "int", + 6: "smallint", + 5: "tinyint", + 16: "bit", + 2: "varchar", + 18: "sysname", + 25: "nvarchar", + 1: "char", + 24: "nchar", + 4: "varbinary", + 80: "timestamp", + 3: "binary", + 19: "text", + 20: "image", } MYSQL_PRIVS = { diff --git a/plugins/dbms/sybase/enumeration.py b/plugins/dbms/sybase/enumeration.py index 24d1cb15d..28c6d0dce 100644 --- a/plugins/dbms/sybase/enumeration.py +++ b/plugins/dbms/sybase/enumeration.py @@ -287,7 +287,7 @@ class Enumeration(GenericEnumeration): columns = {} for name, type_ in filterPairValues(zip(retVal[0]["%s.name" % randStr], retVal[0]["%s.usertype" % randStr])): - columns[name] = SYBASE_TYPES.get(type_, type_) + columns[name] = SYBASE_TYPES.get(int(type_) if isinstance(type_, basestring) and type_.isdigit() else type_, type_) table[safeSQLIdentificatorNaming(tbl)] = columns kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)] = table From 6fef2948ff8b45e348931bac5233d85902573e04 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 14 Jan 2016 22:51:26 +0100 Subject: [PATCH 51/79] Minor consistency update --- lib/core/dicts.py | 28 ++++++++++++++-------------- plugins/generic/databases.py | 2 +- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/lib/core/dicts.py b/lib/core/dicts.py index 9993cab51..b896ed81d 100644 --- a/lib/core/dicts.py +++ b/lib/core/dicts.py @@ -23,20 +23,20 @@ from lib.core.settings import DB2_ALIASES from lib.core.settings import HSQLDB_ALIASES FIREBIRD_TYPES = { - "261": "BLOB", - "14": "CHAR", - "40": "CSTRING", - "11": "D_FLOAT", - "27": "DOUBLE", - "10": "FLOAT", - "16": "INT64", - "8": "INTEGER", - "9": "QUAD", - "7": "SMALLINT", - "12": "DATE", - "13": "TIME", - "35": "TIMESTAMP", - "37": "VARCHAR", + 261: "BLOB", + 14: "CHAR", + 40: "CSTRING", + 11: "D_FLOAT", + 27: "DOUBLE", + 10: "FLOAT", + 16: "INT64", + 8: "INTEGER", + 9: "QUAD", + 7: "SMALLINT", + 12: "DATE", + 13: "TIME", + 35: "TIMESTAMP", + 37: "VARCHAR", } SYBASE_TYPES = { diff --git a/plugins/generic/databases.py b/plugins/generic/databases.py index 1fa53bdbb..d35ff8b7a 100644 --- a/plugins/generic/databases.py +++ b/plugins/generic/databases.py @@ -582,7 +582,7 @@ class Databases: columns[name] = None else: if Backend.isDbms(DBMS.FIREBIRD): - columnData[1] = FIREBIRD_TYPES.get(columnData[1], columnData[1]) + columnData[1] = FIREBIRD_TYPES.get(int(columnData[1]) if isinstance(columnData[1], basestring) and columnData[1].isdigit() else columnData[1], columnData[1]) columns[name] = columnData[1] From 8d42a93fdcfd0ea7a1e08ae8dff14aa91ed3fb01 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sat, 16 Jan 2016 08:13:56 +0100 Subject: [PATCH 52/79] Fixes #1665 --- lib/core/settings.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 84a0c67e0..a882893d7 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -567,7 +567,7 @@ MAX_BISECTION_LENGTH = 50 * 1024 * 1024 LARGE_CHUNK_TRIM_MARKER = "__TRIMMED_CONTENT__" # Generic SQL comment formation -GENERIC_SQL_COMMENT = "-- " +GENERIC_SQL_COMMENT = "-- -" # Threshold value for turning back on time auto-adjustment mechanism VALID_TIME_CHARS_RUN_THRESHOLD = 100 From f54b25ca2aae1fc415f0a78a755ec531f9400898 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sun, 17 Jan 2016 15:22:53 +0100 Subject: [PATCH 53/79] Adding one more regex for MsAccess error recognition --- xml/errors.xml | 1 + 1 file changed, 1 insertion(+) diff --git a/xml/errors.xml b/xml/errors.xml index 0f7ea9b0a..60d69bd75 100644 --- a/xml/errors.xml +++ b/xml/errors.xml @@ -38,6 +38,7 @@ + From 034de9676e0d98d370877b310e5a2ddf5984b46b Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 20 Jan 2016 09:33:05 +0100 Subject: [PATCH 54/79] Closes #1675 --- sqlmap.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/sqlmap.py b/sqlmap.py index 45d1199b4..6bbc682ad 100755 --- a/sqlmap.py +++ b/sqlmap.py @@ -163,6 +163,11 @@ def main(): logger.error(errMsg) raise SystemExit + elif all(_ in excMsg for _ in ("pymysql", "configparser")): + errMsg = "wrong initialization of pymsql detected (using Python3 dependencies)" + logger.error(errMsg) + raise SystemExit + elif "bad marshal data (unknown type code)" in excMsg: match = re.search(r"\s*(.+)\s+ValueError", excMsg) errMsg = "one of your .pyc files are corrupted%s" % (" ('%s')" % match.group(1) if match else "") From 574b3a79aa569f57d5a9e41fc7453213c71f5b64 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 21 Jan 2016 10:16:23 +0100 Subject: [PATCH 55/79] Adding support for detection of CloudFlare responses --- lib/controller/checks.py | 7 ++++++- lib/core/settings.py | 3 +++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index f3167a41f..52a980ba5 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -62,6 +62,7 @@ from lib.core.exception import SqlmapConnectionException from lib.core.exception import SqlmapNoneDataException from lib.core.exception import SqlmapSilentQuitException from lib.core.exception import SqlmapUserQuitException +from lib.core.settings import CLOUDFLARE_SERVER_HEADER from lib.core.settings import DEFAULT_GET_POST_DELIMITER from lib.core.settings import DUMMY_NON_SQLI_CHECK_APPENDIX from lib.core.settings import FORMAT_EXCEPTION_STRINGS @@ -1363,7 +1364,7 @@ def checkConnection(suppressOutput=False): try: kb.originalPageTime = time.time() - page, _ = Request.queryPage(content=True, noteResponseTime=False) + page, headers = Request.queryPage(content=True, noteResponseTime=False) kb.originalPage = kb.pageTemplate = page kb.errorIsNone = False @@ -1382,6 +1383,10 @@ def checkConnection(suppressOutput=False): else: kb.errorIsNone = True + if headers and headers.get("Server", "") == CLOUDFLARE_SERVER_HEADER: + warnMsg = "CloudFlare response detected" + logger.warn(warnMsg) + except SqlmapConnectionException, ex: if conf.ipv6: warnMsg = "check connection to a provided " diff --git a/lib/core/settings.py b/lib/core/settings.py index a882893d7..9dfd83c16 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -309,6 +309,9 @@ BURP_REQUEST_REGEX = r"={10,}\s+[^=]+={10,}\s(.+?)\s={10,}" # Regex used for parsing XML Burp saved history items BURP_XML_HISTORY_REGEX = r'(\d+).+? Date: Thu, 21 Jan 2016 10:17:17 +0100 Subject: [PATCH 56/79] Minor style update --- lib/core/settings.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 9dfd83c16..a53cd2e37 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -579,7 +579,7 @@ VALID_TIME_CHARS_RUN_THRESHOLD = 100 CHECK_ZERO_COLUMNS_THRESHOLD = 10 # Boldify all logger messages containing these "patterns" -BOLD_PATTERNS = ("' injectable", "provided empty", "leftover chars", "might be injectable", "' is vulnerable", "is not injectable", "test failed", "test passed", "live test final result", "test shows that", "the back-end DBMS is", "created Github", "blocked by the target server", "protection is involved") +BOLD_PATTERNS = ("' injectable", "provided empty", "leftover chars", "might be injectable", "' is vulnerable", "is not injectable", "test failed", "test passed", "live test final result", "test shows that", "the back-end DBMS is", "created Github", "blocked by the target server", "protection is involved", "CloudFlare") # Generic www root directory names GENERIC_DOC_ROOT_DIRECTORY_NAMES = ("htdocs", "httpdocs", "public", "wwwroot", "www") From f5ffd9fa02d024e9994cd683c8bd8fc66f6c3495 Mon Sep 17 00:00:00 2001 From: dozysun Date: Fri, 22 Jan 2016 11:33:12 +0800 Subject: [PATCH 57/79] add --servername option to support various of bottle server adapter --- lib/utils/api.py | 11 +++++++++-- sqlmapapi.py | 3 ++- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/lib/utils/api.py b/lib/utils/api.py index 0be752d2d..1d186a60d 100644 --- a/lib/utils/api.py +++ b/lib/utils/api.py @@ -637,7 +637,7 @@ def download(taskid, target, filename): return jsonize({"success": False, "message": "File does not exist"}) -def server(host=RESTAPI_DEFAULT_ADDRESS, port=RESTAPI_DEFAULT_PORT): +def server(host=RESTAPI_DEFAULT_ADDRESS, port=RESTAPI_DEFAULT_PORT, server_name='wsgiref'): """ REST-JSON API server """ @@ -655,7 +655,14 @@ def server(host=RESTAPI_DEFAULT_ADDRESS, port=RESTAPI_DEFAULT_PORT): # Run RESTful API try: - run(host=host, port=port, quiet=True, debug=False) + if server_name == 'gevent': + from gevent import monkey + monkey.patch_all() + elif server_name == 'eventlet': + import eventlet + eventlet.monkey_patch() + logger.debug('use {0} adapter run bottle'.format(server_name)) + run(host=host, port=port, quiet=True, debug=False, server=server_name) except socket.error, ex: if "already in use" in getSafeExString(ex): logger.error("Address already in use ('%s:%s')" % (host, port)) diff --git a/sqlmapapi.py b/sqlmapapi.py index a4baa6ef3..a1effcc17 100755 --- a/sqlmapapi.py +++ b/sqlmapapi.py @@ -37,11 +37,12 @@ def main(): apiparser.add_option("-c", "--client", help="Act as a REST-JSON API client", default=RESTAPI_DEFAULT_PORT, action="store_true") apiparser.add_option("-H", "--host", help="Host of the REST-JSON API server", default=RESTAPI_DEFAULT_ADDRESS, action="store") apiparser.add_option("-p", "--port", help="Port of the the REST-JSON API server", default=RESTAPI_DEFAULT_PORT, type="int", action="store") + apiparser.add_option("", "--servername", help="bottle Server adapter to use default is wsgiref, see bottle document ", default='wsgiref', action="store") (args, _) = apiparser.parse_args() # Start the client or the server if args.server is True: - server(args.host, args.port) + server(args.host, args.port, server_name=args.servername) elif args.client is True: client(args.host, args.port) else: From c34eaa1ce88375085ef7d645cdc6b43b6ae5245c Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sun, 24 Jan 2016 22:05:08 +0100 Subject: [PATCH 58/79] Minor patch --- lib/core/option.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/core/option.py b/lib/core/option.py index bd2895eb2..8d406cc90 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -1037,10 +1037,10 @@ def _setSocketPreConnect(): s._connect(address) with kb.locks.socket: socket._ready[key].append(s._sock) - except socket.error: - pass except KeyboardInterrupt: break + except: + pass finally: time.sleep(0.01) From f532ad3c9c82cecebcf444bb92689488a24bd32f Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 26 Jan 2016 07:32:47 +0100 Subject: [PATCH 59/79] Minor bug fix --- plugins/dbms/postgresql/takeover.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/plugins/dbms/postgresql/takeover.py b/plugins/dbms/postgresql/takeover.py index 696258b40..401f92a68 100644 --- a/plugins/dbms/postgresql/takeover.py +++ b/plugins/dbms/postgresql/takeover.py @@ -48,7 +48,13 @@ class Takeover(GenericTakeover): banVer = kb.bannerFp["dbmsVersion"] - if banVer >= "9.1": + if banVer >= "9.4": + majorVer = "9.4" + elif banVer >= "9.3": + majorVer = "9.3" + elif banVer >= "9.2": + majorVer = "9.2" + elif banVer >= "9.1": majorVer = "9.1" elif banVer >= "9.0": majorVer = "9.0" From 62f94f6587d2c051e88e8a005c798ec276382d32 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 26 Jan 2016 07:52:25 +0100 Subject: [PATCH 60/79] Adding comments (Issue #1681) --- lib/controller/checks.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 52a980ba5..fcb10818c 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -781,19 +781,19 @@ def checkFalsePositives(injection): if PAYLOAD.TECHNIQUE.BOOLEAN not in injection.data: checkBooleanExpression("%d=%d" % (randInt1, randInt2)) - if checkBooleanExpression("%d=%d" % (randInt1, randInt3)): + if checkBooleanExpression("%d=%d" % (randInt1, randInt3)): # this must not be evaluated to True retVal = None break - elif checkBooleanExpression("%d=%d" % (randInt3, randInt2)): + elif checkBooleanExpression("%d=%d" % (randInt3, randInt2)): # this must not be evaluated to True retVal = None break - elif not checkBooleanExpression("%d=%d" % (randInt2, randInt2)): + elif not checkBooleanExpression("%d=%d" % (randInt2, randInt2)): # this must be evaluated to True retVal = None break - elif checkBooleanExpression("%d %d" % (randInt3, randInt2)): + elif checkBooleanExpression("%d %d" % (randInt3, randInt2)): # this must not be evaluated to True (invalid statement) retVal = None break From 997362f61bee9ff528ba0f99cf764edd9ccc9e3b Mon Sep 17 00:00:00 2001 From: dozysun Date: Wed, 27 Jan 2016 10:35:18 +0800 Subject: [PATCH 61/79] change option name to adapter --- lib/utils/api.py | 10 +++++----- sqlmapapi.py | 4 ++-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/lib/utils/api.py b/lib/utils/api.py index 1d186a60d..9992979e0 100644 --- a/lib/utils/api.py +++ b/lib/utils/api.py @@ -637,7 +637,7 @@ def download(taskid, target, filename): return jsonize({"success": False, "message": "File does not exist"}) -def server(host=RESTAPI_DEFAULT_ADDRESS, port=RESTAPI_DEFAULT_PORT, server_name='wsgiref'): +def server(host=RESTAPI_DEFAULT_ADDRESS, port=RESTAPI_DEFAULT_PORT, adapter='wsgiref'): """ REST-JSON API server """ @@ -655,14 +655,14 @@ def server(host=RESTAPI_DEFAULT_ADDRESS, port=RESTAPI_DEFAULT_PORT, server_name= # Run RESTful API try: - if server_name == 'gevent': + if adapter == 'gevent': from gevent import monkey monkey.patch_all() - elif server_name == 'eventlet': + elif adapter == 'eventlet': import eventlet eventlet.monkey_patch() - logger.debug('use {0} adapter run bottle'.format(server_name)) - run(host=host, port=port, quiet=True, debug=False, server=server_name) + logger.debug('use {0} adapter run bottle'.format(adapter)) + run(host=host, port=port, quiet=True, debug=False, server=adapter) except socket.error, ex: if "already in use" in getSafeExString(ex): logger.error("Address already in use ('%s:%s')" % (host, port)) diff --git a/sqlmapapi.py b/sqlmapapi.py index a1effcc17..0c3562aa7 100755 --- a/sqlmapapi.py +++ b/sqlmapapi.py @@ -37,12 +37,12 @@ def main(): apiparser.add_option("-c", "--client", help="Act as a REST-JSON API client", default=RESTAPI_DEFAULT_PORT, action="store_true") apiparser.add_option("-H", "--host", help="Host of the REST-JSON API server", default=RESTAPI_DEFAULT_ADDRESS, action="store") apiparser.add_option("-p", "--port", help="Port of the the REST-JSON API server", default=RESTAPI_DEFAULT_PORT, type="int", action="store") - apiparser.add_option("", "--servername", help="bottle Server adapter to use default is wsgiref, see bottle document ", default='wsgiref', action="store") + apiparser.add_option("", "--adapter", help="bottle Server adapter to use default is wsgiref, see bottle document ", default='wsgiref', action="store") (args, _) = apiparser.parse_args() # Start the client or the server if args.server is True: - server(args.host, args.port, server_name=args.servername) + server(args.host, args.port, adapter=args.adapter) elif args.client is True: client(args.host, args.port) else: From ee0439cf1194d17849ad7afcfb61103e251d6682 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 27 Jan 2016 10:03:30 +0100 Subject: [PATCH 62/79] Update for #1678 --- lib/core/settings.py | 3 +++ lib/utils/api.py | 17 +++++++++++------ sqlmapapi.py | 3 ++- 3 files changed, 16 insertions(+), 7 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index a53cd2e37..71199f08e 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -602,6 +602,9 @@ EVENTVALIDATION_REGEX = r'(?i)(?P__EVENTVALIDATION[^"]*)[^>]+value="(?P Date: Wed, 27 Jan 2016 21:25:34 +0100 Subject: [PATCH 63/79] Fix for #1676 --- lib/utils/api.py | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/lib/utils/api.py b/lib/utils/api.py index 9513f31f4..b22fa6e09 100644 --- a/lib/utils/api.py +++ b/lib/utils/api.py @@ -177,10 +177,10 @@ class Task(object): def engine_kill(self): if self.process: - self.process.kill() - return self.process.wait() - else: - return None + try: + self.process.kill() + except: + pass def engine_get_id(self): if self.process: @@ -391,12 +391,11 @@ def task_flush(taskid): """ Flush task spool (delete all tasks) """ - if is_admin(taskid): - DataStore.tasks = dict() - else: - for key in list(DataStore.tasks): - if DataStore.tasks[key].remote_addr == request.remote_addr: - del DataStore.tasks[key] + + for key in list(DataStore.tasks): + if is_admin(taskid) or DataStore.tasks[key].remote_addr == request.remote_addr: + DataStore.tasks[key].engine_kill() + del DataStore.tasks[key] logger.debug("[%s] Flushed task pool (%s)" % (taskid, "admin" if is_admin(taskid) else request.remote_addr)) return jsonize({"success": True}) From 4916f1b2b247b355a1a7f0cd90bd32c840f8eda3 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 28 Jan 2016 09:10:04 +0100 Subject: [PATCH 64/79] Minor path related to the #1676 --- lib/utils/api.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/utils/api.py b/lib/utils/api.py index b22fa6e09..ea2d1cbab 100644 --- a/lib/utils/api.py +++ b/lib/utils/api.py @@ -179,8 +179,10 @@ class Task(object): if self.process: try: self.process.kill() + return self.process.wait() except: pass + return None def engine_get_id(self): if self.process: From b07685a386fb5e03304413d794be6caa2e252c04 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 3 Feb 2016 11:55:13 +0100 Subject: [PATCH 65/79] Added checking of localhost for another DNS service on *:53 --- lib/request/dns.py | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/lib/request/dns.py b/lib/request/dns.py index 38099ebfa..b619fbdfc 100644 --- a/lib/request/dns.py +++ b/lib/request/dns.py @@ -59,6 +59,7 @@ class DNSQuery(object): class DNSServer(object): def __init__(self): + self._check_localhost() self._requests = [] self._lock = threading.Lock() self._socket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) @@ -67,6 +68,19 @@ class DNSServer(object): self._running = False self._initialized = False + def _check_localhost(self): + response = "" + try: + s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) + s.connect(("", 53)) + s.send("6509012000010000000000010377777706676f6f676c6503636f6d00000100010000291000000000000000".decode("hex")) # A www.google.com + response = s.recv(512) + except: + pass + finally: + if response and "google" in response: + raise socket.error("another DNS service already running on *:53") + def pop(self, prefix=None, suffix=None): """ Returns received DNS resolution request (if any) that has given From 08aae2b7c57531afd7c9760e2fccb046475ff274 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 5 Feb 2016 11:53:24 +0100 Subject: [PATCH 66/79] Bug fix (--prefix should not fix the origValue in REPLACEMENT payloads) --- lib/core/agent.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/core/agent.py b/lib/core/agent.py index c6bcf89ef..195025053 100644 --- a/lib/core/agent.py +++ b/lib/core/agent.py @@ -125,7 +125,7 @@ class Agent(object): origValue = origValue.split(' ')[-1].split(':')[-1] if value is None: - if where == PAYLOAD.WHERE.ORIGINAL or conf.prefix: + if where == PAYLOAD.WHERE.ORIGINAL: value = origValue elif where == PAYLOAD.WHERE.NEGATIVE: if conf.invalidLogical: @@ -228,7 +228,7 @@ class Agent(object): # If we are replacing () the parameter original value with # our payload do not prepend with the prefix - if where == PAYLOAD.WHERE.REPLACE and not conf.prefix: + if where == PAYLOAD.WHERE.REPLACE: query = "" # If the technique is stacked queries () do not put a space From cedfdc78f4581e79bbe2759a4eeb126dca4d641c Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 5 Feb 2016 12:00:57 +0100 Subject: [PATCH 67/79] Adding escapequotes.py (utility tamper script) --- lib/request/connect.py | 3 ++- tamper/escapequotes.py | 26 ++++++++++++++++++++++++++ 2 files changed, 28 insertions(+), 1 deletion(-) create mode 100644 tamper/escapequotes.py diff --git a/lib/request/connect.py b/lib/request/connect.py index a3862298b..26ddaa5e6 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -80,6 +80,7 @@ from lib.core.exception import SqlmapSyntaxException from lib.core.exception import SqlmapTokenException from lib.core.exception import SqlmapValueException from lib.core.settings import ASTERISK_MARKER +from lib.core.settings import BOUNDARY_BACKSLASH_MARKER from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR from lib.core.settings import DEFAULT_CONTENT_TYPE from lib.core.settings import DEFAULT_COOKIE_DELIMITER @@ -765,7 +766,7 @@ class Connect(object): value = agent.replacePayload(value, payload) - logger.log(CUSTOM_LOGGING.PAYLOAD, safecharencode(payload)) + logger.log(CUSTOM_LOGGING.PAYLOAD, safecharencode(payload.replace('\\', BOUNDARY_BACKSLASH_MARKER)).replace(BOUNDARY_BACKSLASH_MARKER, '\\')) if place == PLACE.CUSTOM_POST and kb.postHint: if kb.postHint in (POST_HINT.SOAP, POST_HINT.XML): diff --git a/tamper/escapequotes.py b/tamper/escapequotes.py new file mode 100644 index 000000000..fc85cd9ab --- /dev/null +++ b/tamper/escapequotes.py @@ -0,0 +1,26 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) +See the file 'doc/COPYING' for copying permission +""" + +import base64 + +from lib.core.enums import PRIORITY +from lib.core.settings import UNICODE_ENCODING + +__priority__ = PRIORITY.LOWEST + +def dependencies(): + pass + +def tamper(payload, **kwargs): + """ + Slash escape quotes (' and ") + + >>> tamper("1' AND SLEEP(5)#") + '1\' AND SLEEP(5)#' + """ + + return payload.replace("'", "\\'").replace('"', '\\"') From d7cdb6cbd8e199a834c901da149ce76d073b336c Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sat, 6 Feb 2016 20:16:33 +0100 Subject: [PATCH 68/79] Minor update --- lib/controller/checks.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index fcb10818c..078e04e0d 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -1287,7 +1287,7 @@ def identifyWaf(): if output and output[0] not in ("Y", "y"): raise SqlmapUserQuitException else: - warnMsg = "no WAF/IDS/IPS product has been identified" + warnMsg = "no WAF/IDS/IPS product has been identified (this doesn't mean that there is none)" logger.warn(warnMsg) kb.testType = None From 410df455ab9edda29f31164a0ab7c647febe8dcb Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sat, 13 Feb 2016 21:03:05 +0100 Subject: [PATCH 69/79] Minor consistency patch --- lib/techniques/union/use.py | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/lib/techniques/union/use.py b/lib/techniques/union/use.py index f942200ad..381cd6584 100644 --- a/lib/techniques/union/use.py +++ b/lib/techniques/union/use.py @@ -56,7 +56,7 @@ from lib.utils.progress import ProgressBar from thirdparty.odict.odict import OrderedDict def _oneShotUnionUse(expression, unpack=True, limited=False): - retVal = hashDBRetrieve("%s%s" % (conf.hexConvert or False, expression), checkConf=True) # as union data is stored raw unconverted + retVal = hashDBRetrieve("%s%s" % (conf.hexConvert or False, expression), checkConf=True) # as UNION data is stored raw unconverted threadData = getCurrentThreadData() threadData.resumed = retVal is not None @@ -65,7 +65,7 @@ def _oneShotUnionUse(expression, unpack=True, limited=False): # Prepare expression with delimiters injExpression = unescaper.escape(agent.concatQuery(expression, unpack)) - # Forge the union SQL injection request + # Forge the UNION SQL injection request vector = kb.injection.data[PAYLOAD.TECHNIQUE.UNION].vector kb.unionDuplicates = vector[7] kb.forcePartialUnion = vector[8] @@ -78,7 +78,7 @@ def _oneShotUnionUse(expression, unpack=True, limited=False): incrementCounter(PAYLOAD.TECHNIQUE.UNION) - # Parse the returned page to get the exact union-based + # Parse the returned page to get the exact UNION-based # SQL injection output def _(regex): return reduce(lambda x, y: x if x is not None else y, (\ @@ -98,7 +98,7 @@ def _oneShotUnionUse(expression, unpack=True, limited=False): if retVal is not None: retVal = getUnicode(retVal, kb.pageEncoding) - # Special case when DBMS is Microsoft SQL Server and error message is used as a result of union injection + # Special case when DBMS is Microsoft SQL Server and error message is used as a result of UNION injection if Backend.isDbms(DBMS.MSSQL) and wasLastResponseDBMSError(): retVal = htmlunescape(retVal).replace("
", "\n") @@ -152,9 +152,9 @@ def configUnion(char=None, columns=None): def unionUse(expression, unpack=True, dump=False): """ - This function tests for an union SQL injection on the target + This function tests for an UNION SQL injection on the target URL then call its subsidiary function to effectively perform an - union SQL injection on the affected URL + UNION SQL injection on the affected URL """ initTechnique(PAYLOAD.TECHNIQUE.UNION) From 9d18d48a6eb285b1291312ce0cc9c6082d42cb48 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sat, 13 Feb 2016 21:18:56 +0100 Subject: [PATCH 70/79] Minor consistency patch --- doc/CHANGELOG.md | 104 +++++++++++++++++++++++------------------------ 1 file changed, 52 insertions(+), 52 deletions(-) diff --git a/doc/CHANGELOG.md b/doc/CHANGELOG.md index e656280cc..e48da114d 100644 --- a/doc/CHANGELOG.md +++ b/doc/CHANGELOG.md @@ -28,9 +28,9 @@ * Added switch `--check-waf` for checking of existence of WAF/IPS/IDS protection. * Added switch `--schema` to enumerate DBMS schema: shows all columns of all databases' tables. * Added switch `--count` to count the number of entries for a specific table or all database(s) tables. -* Major improvements to switches --tables and --columns. -* Takeover switch --os-pwn improved: stealthier, faster and AV-proof. -* Added switch --mobile to imitate a mobile device through HTTP User-Agent header. +* Major improvements to switches `--tables` and `--columns`. +* Takeover switch `--os-pwn` improved: stealthier, faster and AV-proof. +* Added switch `--mobile` to imitate a mobile device through HTTP User-Agent header. # Version 0.9 (2011-04-10) @@ -43,7 +43,7 @@ * Extended old `--dump -C` functionality to be able to search for specific database(s), table(s) and column(s), option `--search`. * Added support to tamper injection data with option `--tamper`. * Added automatic recognition of password hashes format and support to crack them with a dictionary-based attack. -* Added support to enumerate roles on Oracle, --roles switch. +* Added support to enumerate roles on Oracle, `--roles` switch. * Added support for SOAP based web services requests. * Added support to fetch unicode data. * Added support to use persistent HTTP(s) connection for speed improvement, switch `--keep-alive`. @@ -94,12 +94,12 @@ # Version 0.8 release candidate (2009-09-21) -* Major enhancement to the Microsoft SQL Server stored procedure heap-based buffer overflow exploit (--os-bof) to automatically bypass DEP memory protection. +* Major enhancement to the Microsoft SQL Server stored procedure heap-based buffer overflow exploit (`--os-bof`) to automatically bypass DEP memory protection. * Added support for MySQL and PostgreSQL to execute Metasploit shellcode via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an option instead of uploading the standalone payload stager executable. * Added options for MySQL, PostgreSQL and Microsoft SQL Server to read/add/delete Windows registry keys. * Added options for MySQL and PostgreSQL to inject custom user-defined functions. -* Added support for --first and --last so the user now has even more granularity in what to enumerate in the query output. -* Minor enhancement to save the session by default in 'output/hostname/session' file if -s option is not specified. +* Added support for `--first` and `--last` so the user now has even more granularity in what to enumerate in the query output. +* Minor enhancement to save the session by default in 'output/hostname/session' file if `-s` option is not specified. * Minor improvement to automatically remove sqlmap created temporary files from the DBMS underlying file system. * Minor bugs fixed. * Major code refactoring. @@ -108,13 +108,13 @@ * Adapted Metasploit wrapping functions to work with latest 3.3 development version too. * Adjusted code to make sqlmap 0.7 to work again on Mac OSX too. -* Reset takeover OOB features (if any of --os-pwn, --os-smbrelay or --os-bof is selected) when running under Windows because msfconsole and msfcli are not supported on the native Windows Ruby interpreter. This make sqlmap 0.7 to work again on Windows too. +* Reset takeover OOB features (if any of `--os-pwn`, `--os-smbrelay` or `--os-bof` is selected) when running under Windows because msfconsole and msfcli are not supported on the native Windows Ruby interpreter. This make sqlmap 0.7 to work again on Windows too. * Minor improvement so that sqlmap tests also all parameters with no value (eg. par=). * HTTPS requests over HTTP proxy now work on either Python 2.4, 2.5 and 2.6+. * Major bug fix to sql-query/sql-shell features. -* Major bug fix in --read-file option. +* Major bug fix in `--read-file` option. * Major silent bug fix to multi-threading functionality. -* Fixed the web backdoor functionality (for MySQL) when (usually) stacked queries are not supported and --os-shell is provided. +* Fixed the web backdoor functionality (for MySQL) when (usually) stacked queries are not supported and `--os-shell` is provided. * Fixed MySQL 'comment injection' version fingerprint. * Fixed basic Microsoft SQL Server 2000 fingerprint. * Many minor bug fixes and code refactoring. @@ -136,32 +136,32 @@ * Major enhancement to make the comparison algorithm work properly also on url not stables automatically by using the difflib Sequence Matcher object; * Major enhancement to support SQL data definition statements, SQL data manipulation statements, etc from user in SQL query and SQL shell if stacked queries are supported by the web application technology; * Major speed increase in DBMS basic fingerprint; -* Minor enhancement to support an option (--is-dba) to show if the current user is a database management system administrator; -* Minor enhancement to support an option (--union-tech) to specify the technique to use to detect the number of columns used in the web application SELECT statement: NULL bruteforcing (default) or ORDER BY clause bruteforcing; -* Added internal support to forge CASE statements, used only by --is-dba query at the moment; -* Minor layout adjustment to the --update output; +* Minor enhancement to support an option (`--is-dba`) to show if the current user is a database management system administrator; +* Minor enhancement to support an option (`--union-tech`) to specify the technique to use to detect the number of columns used in the web application SELECT statement: NULL bruteforcing (default) or ORDER BY clause bruteforcing; +* Added internal support to forge CASE statements, used only by `--is-dba` query at the moment; +* Minor layout adjustment to the `--update` output; * Increased default timeout to 30 seconds; * Major bug fix to correctly handle custom SQL "limited" queries on Microsoft SQL Server and Oracle; * Major bug fix to avoid tracebacks when multiple targets are specified and one of them is not reachable; * Minor bug fix to make the Partial UNION query SQL injection technique work properly also on Oracle and Microsoft SQL Server; -* Minor bug fix to make the --postfix work even if --prefix is not provided; +* Minor bug fix to make the `--postfix` work even if `--prefix` is not provided; * Updated documentation. # Version 0.6.3 (2008-12-18) * Major enhancement to get list of targets to test from Burp proxy (http://portswigger.net/suite/) requests log file path or WebScarab proxy (http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project) 'conversations/' folder path by providing option -l ; * Major enhancement to support Partial UNION query SQL injection technique too; -* Major enhancement to test if the web application technology supports stacked queries (multiple statements) by providing option --stacked-test which will be then used someday also by takeover functionality; -* Major enhancement to test if the injectable parameter is affected by a time based blind SQL injection technique by providing option --time-test; +* Major enhancement to test if the web application technology supports stacked queries (multiple statements) by providing option `--stacked-test` which will be then used someday also by takeover functionality; +* Major enhancement to test if the injectable parameter is affected by a time based blind SQL injection technique by providing option `--time-test`; * Minor enhancement to fingerprint the web server operating system and the web application technology by parsing some HTTP response headers; * Minor enhancement to fingerprint the back-end DBMS operating system by parsing the DBMS banner value when -b option is provided; -* Minor enhancement to be able to specify the number of seconds before timeout the connection by providing option --timeout #, default is set to 10 seconds and must be 3 or higher; -* Minor enhancement to be able to specify the number of seconds to wait between each HTTP request by providing option --delay #; -* Minor enhancement to be able to get the injection payload --prefix and --postfix from user; +* Minor enhancement to be able to specify the number of seconds before timeout the connection by providing option `--timeout #`, default is set to 10 seconds and must be 3 or higher; +* Minor enhancement to be able to specify the number of seconds to wait between each HTTP request by providing option `--delay #`; +* Minor enhancement to be able to get the injection payload `--prefix` and `--postfix` from user; * Minor enhancement to be able to enumerate table columns and dump table entries, also when the database name is not provided, by using the current database on MySQL and Microsoft SQL Server, the 'public' scheme on PostgreSQL and the 'USERS' TABLESPACE_NAME on Oracle; -* Minor enhancemet to support also --regexp, --excl-str and --excl-reg options rather than only --string when comparing HTTP responses page content; -* Minor enhancement to be able to specify extra HTTP headers by providing option --headers. By default Accept, Accept-Language and Accept-Charset headers are set; -* Minor improvement to be able to provide CU (as current user) as user value (-U) when enumerating users privileges or users passwords; +* Minor enhancemet to support also `--regexp`, `--excl-str` and `--excl-reg` options rather than only `--string` when comparing HTTP responses page content; +* Minor enhancement to be able to specify extra HTTP headers by providing option `--headers`. By default Accept, Accept-Language and Accept-Charset headers are set; +* Minor improvement to be able to provide CU (as current user) as user value (`-U`) when enumerating users privileges or users passwords; * Minor improvements to sqlmap Debian package files; * Minor improvement to use Python psyco (http://psyco.sourceforge.net/) library if available to speed up the sqlmap algorithmic operations; * Minor improvement to retry the HTTP request up to three times in case an exception is raised during the connection to the target url; @@ -175,10 +175,10 @@ # Version 0.6.2 (2008-11-02) -* Major bug fix to correctly dump tables entries when --stop is not specified; +* Major bug fix to correctly dump tables entries when `--stop` is not specified; * Major bug fix so that the users' privileges enumeration now works properly also on both MySQL < 5.0 and MySQL >= 5.0; * Major bug fix when the request is POST to also send the GET parameters if any have been provided; -* Major bug fix to correctly update sqlmap to the latest stable release with command line --update; +* Major bug fix to correctly update sqlmap to the latest stable release with command line `--update`; * Major bug fix so that when the expected value of a query (count variable) is an integer and, for some reasons, its resumed value from the session file is a string or a binary file, the query is executed again and its new output saved to the session file; * Minor bug fix in MySQL comment injection fingerprint technique; * Minor improvement to correctly enumerate tables, columns and dump tables entries on Oracle and on PostgreSQL when the database name is not 'public' schema or a system database; @@ -191,20 +191,20 @@ * Major bug fix to blind SQL injection bisection algorithm to handle an exception; * Added a Metasploit Framework 3 auxiliary module to run sqlmap; * Implemented possibility to test for and inject also on LIKE statements; -* Implemented --start and --stop options to set the first and the last table entry to dump; -* Added non-interactive/batch-mode (--batch) option to make it easy to wrap sqlmap in Metasploit and any other tool; +* Implemented `--start` and `--stop` options to set the first and the last table entry to dump; +* Added non-interactive/batch-mode (`--batch`) option to make it easy to wrap sqlmap in Metasploit and any other tool; * Minor enhancement to save also the length of query output in the session file when retrieving the query output length for ETA or for resume purposes; * Changed the order sqlmap dump table entries from column by column to row by row. Now it also dumps entries as they are stored in the tables, not forcing the entries' order alphabetically anymore; -* Minor bug fix to correctly handle parameters' value with % character. +* Minor bug fix to correctly handle parameters' value with `%` character. # Version 0.6 (2008-09-01) * Complete code refactor and many bugs fixed; * Added multithreading support to set the maximum number of concurrent HTTP requests; -* Implemented SQL shell (--sql-shell) functionality and fixed SQL query (--sql-query, before called -e) to be able to run whatever SELECT statement and get its output in both inband and blind SQL injection attack; -* Added an option (--privileges) to retrieve DBMS users privileges, it also notifies if the user is a DBMS administrator; -* Added support (-c) to read options from configuration file, an example of valid INI file is sqlmap.conf and support (--save) to save command line options on a configuration file; -* Created a function that updates the whole sqlmap to the latest stable version available by running sqlmap with --update option; +* Implemented SQL shell (`--sql-shell`) functionality and fixed SQL query (`--sql-query`, before called `-e`) to be able to run whatever SELECT statement and get its output in both inband and blind SQL injection attack; +* Added an option (`--privileges`) to retrieve DBMS users privileges, it also notifies if the user is a DBMS administrator; +* Added support (`-c`) to read options from configuration file, an example of valid INI file is sqlmap.conf and support (`--save`) to save command line options on a configuration file; +* Created a function that updates the whole sqlmap to the latest stable version available by running sqlmap with `--update` option; * Created sqlmap .deb (Debian, Ubuntu, etc.) and .rpm (Fedora, etc.) installation binary packages; * Created sqlmap .exe (Windows) portable executable; * Save a lot of more information to the session file, useful when resuming injection on the same target to not loose time on identifying injection, UNION fields and back-end DBMS twice or more times; @@ -216,8 +216,8 @@ * Improved XML files structure; * Implemented the possibility to change the HTTP Referer header; * Added support to resume from session file also when running with inband SQL injection attack; -* Added an option (--os-shell) to execute operating system commands if the back-end DBMS is MySQL, the web server has the PHP engine active and permits write access on a directory within the document root; -* Added a check to assure that the provided string to match (--string) is within the page content; +* Added an option (`--os-shell`) to execute operating system commands if the back-end DBMS is MySQL, the web server has the PHP engine active and permits write access on a directory within the document root; +* Added a check to assure that the provided string to match (`--string`) is within the page content; * Fixed various queries in XML file; * Added LIMIT, ORDER BY and COUNT queries to the XML file and adapted the library to parse it; * Fixed password fetching function, mainly for Microsoft SQL Server and reviewed the password hashes parsing function; @@ -225,7 +225,7 @@ * Enhanced logging system: added three more levels of verbosity to show also HTTP sent and received traffic; * Enhancement to handle Set-Cookie from target url and automatically re-establish the Session when it expires; * Added support to inject also on Set-Cookie parameters; -* Implemented TAB completion and command history on both --sql-shell and --os-shell; +* Implemented TAB completion and command history on both `--sql-shell` and `--os-shell`; * Renamed some command line options; * Added a conversion library; * Added code schema and reminders for future developments; @@ -237,19 +237,19 @@ # Version 0.5 (2007-11-04) * Added support for Oracle database management system -* Extended inband SQL injection functionality (--union-use) to all other possible queries since it only worked with -e and --file on all DMBS plugins; +* Extended inband SQL injection functionality (`--union-use`) to all other possible queries since it only worked with `-e` and `--file` on all DMBS plugins; * Added support to extract database users password hash on Microsoft SQL Server; * Added a fuzzer function with the aim to parse HTML page looking for standard database error messages consequently improving database fingerprinting; * Added support for SQL injection on HTTP Cookie and User-Agent headers; * Reviewed HTTP request library (lib/request.py) to support the extended inband SQL injection functionality. Splitted getValue() into getInband() and getBlind(); * Major enhancements in common library and added checkForBrackets() method to check if the bracket(s) are needed to perform a UNION query SQL injection attack; -* Implemented --dump-all functionality to dump entire DBMS data from all databases tables; -* Added support to exclude DBMS system databases' when enumeration tables and dumping their entries (--exclude-sysdbs); +* Implemented `--dump-all` functionality to dump entire DBMS data from all databases tables; +* Added support to exclude DBMS system databases' when enumeration tables and dumping their entries (`--exclude-sysdbs`); * Implemented in Dump.dbTableValues() method the CSV file dumped data automatic saving in csv/ folder by default; * Added DB2, Informix and Sybase DBMS error messages and minor improvements in xml/errors.xml; * Major improvement in all three DBMS plugins so now sqlmap does not get entire databases' tables structure when all of database/table/ column are specified to be dumped; * Important fixes in lib/option.py to make sqlmap properly work also with python 2.5 and handle the CSV dump files creation work also under Windows operating system, function __setCSVDir() and fixed also in lib/dump.py; -* Minor enhancement in lib/injection.py to randomize the number requested to test the presence of a SQL injection affected parameter and implemented the possibilities to break (q) the for cycle when using the google dork option (-g); +* Minor enhancement in lib/injection.py to randomize the number requested to test the presence of a SQL injection affected parameter and implemented the possibilities to break (q) the for cycle when using the google dork option (`-g`); * Minor fix in lib/request.py to properly encode the url to request in case the "fixed" part of the url has blank spaces; * More minor layout enhancements in some libraries; * Renamed DMBS plugins; @@ -260,18 +260,18 @@ * Added DBMS fingerprint based also upon HTML error messages parsing defined in lib/parser.py which reads an XML file defining default error messages for each supported DBMS; * Added Microsoft SQL Server extensive DBMS fingerprint checks based upon accurate '@@version' parsing matching on an XML file to get also the exact patching level of the DBMS; -* Added support for query ETA (Estimated Time of Arrival) real time calculation (--eta); -* Added support to extract database management system users password hash on MySQL and PostgreSQL (--passwords); +* Added support for query ETA (Estimated Time of Arrival) real time calculation (`--eta`); +* Added support to extract database management system users password hash on MySQL and PostgreSQL (`--passwords`); * Added docstrings to all functions, classes and methods, consequently released the sqlmap development documentation ; -* Implemented Google dorking feature (-g) to take advantage of Google results affected by SQL injection to perform other command line argument on their DBMS; +* Implemented Google dorking feature (`-g`) to take advantage of Google results affected by SQL injection to perform other command line argument on their DBMS; * Improved logging functionality: passed from banal 'print' to Python native logging library; -* Added support for more than one parameter in '-p' command line option; -* Added support for HTTP Basic and Digest authentication methods (--basic-auth and --digest-auth); -* Added the command line option '--remote-dbms' to manually specify the remote DBMS; -* Major improvements in union.UnionCheck() and union.UnionUse() functions to make it possible to exploit inband SQL injection also with database comment characters ('--' and '#') in UNION query statements; -* Added the possibility to save the output into a file while performing the queries (-o OUTPUTFILE) so it is possible to stop and resume the same query output retrieving in a second time (--resume); -* Added support to specify the database table column to enumerate (-C COL); -* Added inband SQL injection (UNION query) support (--union-use); +* Added support for more than one parameter in `-p` command line option; +* Added support for HTTP Basic and Digest authentication methods (`--basic-auth` and `--digest-auth`); +* Added the command line option `--remote-dbms` to manually specify the remote DBMS; +* Major improvements in union.UnionCheck() and union.UnionUse() functions to make it possible to exploit inband SQL injection also with database comment characters (`--` and `#`) in UNION query statements; +* Added the possibility to save the output into a file while performing the queries (`-o OUTPUTFILE`) so it is possible to stop and resume the same query output retrieving in a second time (`--resume`); +* Added support to specify the database table column to enumerate (`-C COL`); +* Added inband SQL injection (UNION query) support (`--union-use`); * Complete code refactoring, a lot of minor and some major fixes in libraries, many minor improvements; * Reviewed the directory tree structure; * Splitted lib/common.py: inband injection functionalities now are moved to lib/union.py; @@ -282,10 +282,10 @@ * Added module for MS SQL Server; * Strongly improved MySQL dbms active fingerprint and added MySQL comment injection check; * Added PostgreSQL dbms active fingerprint; -* Added support for string match (--string); -* Added support for UNION check (--union-check); +* Added support for string match (`--string`); +* Added support for UNION check (`--union-check`); * Removed duplicated code, delegated most of features to the engine in common.py and option.py; -* Added support for --data command line argument to pass the string for POST requests; +* Added support for `--data` command line argument to pass the string for POST requests; * Added encodeParams() method to encode url parameters before making http request; * Many bug fixes; * Rewritten documentation files; From 78e503d7b2f73ba820acdcfce969bdf0f70255e4 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sat, 13 Feb 2016 21:25:01 +0100 Subject: [PATCH 71/79] Minor patch related to the #1706 --- lib/utils/hashdb.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lib/utils/hashdb.py b/lib/utils/hashdb.py index 8d1caa2bc..972dc7c17 100644 --- a/lib/utils/hashdb.py +++ b/lib/utils/hashdb.py @@ -80,8 +80,11 @@ class HashDB(object): for row in self.cursor.execute("SELECT value FROM storage WHERE id=?", (hash_,)): retVal = row[0] except sqlite3.OperationalError, ex: - if not "locked" in getSafeExString(ex): + if not any(_ in getSafeExString(ex) for _ in ("locked", "no such table")): raise + else: + debugMsg = "problem occurred while accessing session file '%s' ('%s')" % (self.filepath, getSafeExString(ex)) + logger.debug(debugMsg) except sqlite3.DatabaseError, ex: errMsg = "error occurred while accessing session file '%s' ('%s'). " % (self.filepath, getSafeExString(ex)) errMsg += "If the problem persists please rerun with `--flush-session`" From 4237333dcae852f891f5df085b8b3704504bb344 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sat, 13 Feb 2016 21:28:02 +0100 Subject: [PATCH 72/79] Minor nuisance patch --- sqlmap.py | 2 ++ sqlmapapi.py | 3 +++ 2 files changed, 5 insertions(+) diff --git a/sqlmap.py b/sqlmap.py index 6bbc682ad..9d76134c3 100755 --- a/sqlmap.py +++ b/sqlmap.py @@ -16,6 +16,8 @@ import time import traceback import warnings +sys.dont_write_bytecode = True + warnings.filterwarnings(action="ignore", message=".*was already imported", category=UserWarning) warnings.filterwarnings(action="ignore", category=DeprecationWarning) diff --git a/sqlmapapi.py b/sqlmapapi.py index e31582b53..7aa369f53 100755 --- a/sqlmapapi.py +++ b/sqlmapapi.py @@ -7,6 +7,9 @@ See the file 'doc/COPYING' for copying permission import logging import optparse +import sys + +sys.dont_write_bytecode = True from lib.utils import versioncheck # this has to be the first non-standard import From 0514946efa93a5883d749f5527f90efb9e0fd864 Mon Sep 17 00:00:00 2001 From: Noelkd Date: Sun, 14 Feb 2016 15:57:55 +0000 Subject: [PATCH 73/79] Removed dead links. --- lib/core/option.py | 5 ----- 1 file changed, 5 deletions(-) diff --git a/lib/core/option.py b/lib/core/option.py index 8d406cc90..fb2fb572f 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -2234,11 +2234,6 @@ def _setTorHttpProxySettings(): errMsg += "Polipo bundle installed for you to be able to " errMsg += "successfully use switch '--tor' " - if IS_WIN: - errMsg += "(e.g. https://www.torproject.org/projects/vidalia.html.en)" - else: - errMsg += "(e.g. http://www.coresec.org/2011/04/24/sqlmap-with-tor/)" - raise SqlmapConnectionException(errMsg) if not conf.checkTor: From 08d733cf02414754cb995cd80203f8a6bd41ecad Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 15 Feb 2016 00:00:37 +0100 Subject: [PATCH 74/79] Fixes #1709 --- sqlmap.py | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/sqlmap.py b/sqlmap.py index 9d76134c3..a1a38d7ae 100755 --- a/sqlmap.py +++ b/sqlmap.py @@ -12,6 +12,7 @@ import os import re import shutil import sys +import thread import time import traceback import warnings @@ -109,7 +110,15 @@ def main(): elif conf.liveTest: liveTest() else: - start() + try: + start() + except thread.error as ex: + if "can't start new thread" in getSafeExString(ex): + errMsg = "unable to start new threads. Please check OS (u)limits" + logger.critical(errMsg) + raise SystemExit + else: + raise except SqlmapUserQuitException: errMsg = "user quit" @@ -130,7 +139,6 @@ def main(): logger.critical(errMsg) except KeyboardInterrupt: pass - raise SystemExit except KeyboardInterrupt: From cc06871075b6f4469f343f6dcc9330ed2f9bd607 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 16 Feb 2016 08:58:18 +0100 Subject: [PATCH 75/79] Adding some debug messages for future-self --- lib/utils/api.py | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/lib/utils/api.py b/lib/utils/api.py index ea2d1cbab..799d0379a 100644 --- a/lib/utils/api.py +++ b/lib/utils/api.py @@ -696,6 +696,14 @@ def client(host=RESTAPI_DEFAULT_ADDRESS, port=RESTAPI_DEFAULT_PORT): """ REST-JSON API client """ + + dbgMsg = "Example client access from command line:" + dbgMsg += "\n\t$ taskid=$(curl http://%s:%d/task/new 2>1 | grep -o -I '[a-f0-9]\{16\}') && echo $taskid" % (host, port) + dbgMsg += "\n\t$ curl -H \"Content-Type: application/json\" -X POST -d '{\"url\": \"http://testphp.vulnweb.com/artists.php?artist=1\"}' http://%s:%d/scan/$taskid/start" % (host, port) + dbgMsg += "\n\t$ curl http://%s:%d/scan/$taskid/data" % (host, port) + dbgMsg += "\n\t$ curl http://%s:%d/scan/$taskid/log" % (host, port) + logger.debug(dbgMsg) + addr = "http://%s:%d" % (host, port) logger.info("Starting REST-JSON API client to '%s'..." % addr) From 4cd3813f683a8903ab392122785bc512ada280ea Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 16 Feb 2016 09:15:57 +0100 Subject: [PATCH 76/79] Patch to include traceback into the sqlmapapi based unhandled exception messages --- sqlmap.py | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/sqlmap.py b/sqlmap.py index a1a38d7ae..6b474b038 100755 --- a/sqlmap.py +++ b/sqlmap.py @@ -195,10 +195,14 @@ def main(): errMsg = maskSensitiveData(errMsg) excMsg = maskSensitiveData(excMsg) - logger.critical(errMsg) - kb.stickyLevel = logging.CRITICAL - dataToStdout(excMsg) - createGithubIssue(errMsg, excMsg) + if hasattr(conf, "api"): + logger.critical("%s\n%s" % (errMsg, excMsg)) + else: + logger.critical(errMsg) + kb.stickyLevel = logging.CRITICAL + dataToStdout(excMsg) + createGithubIssue(errMsg, excMsg) + except KeyboardInterrupt: pass From 82abf1f7428d2f93c859cef9a429d8810cd0272c Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 16 Feb 2016 09:56:53 +0100 Subject: [PATCH 77/79] Fixes #1714 --- lib/core/option.py | 76 ++++++++++++++++++++++++++++++---------------- 1 file changed, 50 insertions(+), 26 deletions(-) diff --git a/lib/core/option.py b/lib/core/option.py index fb2fb572f..20705f764 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -2091,6 +2091,43 @@ def setVerbosity(): elif conf.verbose >= 5: logger.setLevel(CUSTOM_LOGGING.TRAFFIC_IN) +def _normalizeOptions(inputOptions): + """ + Sets proper option types + """ + + types_ = {} + for group in optDict.keys(): + types_.update(optDict[group]) + + for key in inputOptions: + if key in types_: + value = inputOptions[key] + if value is None: + continue + + type_ = types_[key] + if type_ and isinstance(type_, tuple): + type_ = type_[0] + + if type_ == OPTION_TYPE.BOOLEAN: + try: + value = bool(value) + except (TypeError, ValueError): + value = False + elif type_ == OPTION_TYPE.INTEGER: + try: + value = int(value) + except (TypeError, ValueError): + value = 0 + elif type_ == OPTION_TYPE.FLOAT: + try: + value = float(value) + except (TypeError, ValueError): + value = 0.0 + + inputOptions[key] = value + def _mergeOptions(inputOptions, overrideOptions): """ Merge command line options with configuration file and default options. @@ -2102,6 +2139,7 @@ def _mergeOptions(inputOptions, overrideOptions): if inputOptions.pickledOptions: try: inputOptions = base64unpickle(inputOptions.pickledOptions) + _normalizeOptions(inputOptions) except Exception, ex: errMsg = "provided invalid value '%s' for option '--pickled-options'" % inputOptions.pickledOptions errMsg += " ('%s')" % ex if ex.message else "" @@ -2127,35 +2165,21 @@ def _mergeOptions(inputOptions, overrideOptions): if hasattr(conf, key) and conf[key] is None: conf[key] = value - _ = {} + + lut = {} + for group in optDict.keys(): + lut.update((_.upper(), _) for _ in optDict[group]) + + envOptions = {} for key, value in os.environ.items(): if key.upper().startswith(SQLMAP_ENVIRONMENT_PREFIX): - _[key[len(SQLMAP_ENVIRONMENT_PREFIX):].upper()] = value - - types_ = {} - for group in optDict.keys(): - types_.update(optDict[group]) - - for key in conf: - if key.upper() in _ and key in types_: - value = _[key.upper()] - - if types_[key] == OPTION_TYPE.BOOLEAN: - try: - value = bool(value) - except ValueError: - value = False - elif types_[key] == OPTION_TYPE.INTEGER: - try: - value = int(value) - except ValueError: - value = 0 - elif types_[key] == OPTION_TYPE.FLOAT: - try: - value = float(value) - except ValueError: - value = 0.0 + _ = key[len(SQLMAP_ENVIRONMENT_PREFIX):].upper() + if _ in lut: + envOptions[lut[_]] = value + if envOptions: + _normalizeOptions(envOptions) + for key, value in envOptions.items(): conf[key] = value mergedOptions.update(conf) From d6bac363af77153373bfab43823372028299c141 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 18 Feb 2016 11:13:51 +0100 Subject: [PATCH 78/79] Minor patch for combo -r and --method --- lib/core/option.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/core/option.py b/lib/core/option.py index 20705f764..e50075e52 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -332,7 +332,7 @@ def _feedTargetsDict(reqFile, addedTargetUrls): if not(conf.scope and not re.search(conf.scope, url, re.I)): if not kb.targets or url not in addedTargetUrls: - kb.targets.add((url, method, data, cookie, tuple(headers))) + kb.targets.add((url, conf.method or method, data, cookie, tuple(headers))) addedTargetUrls.add(url) checkFile(reqFile) From 3a94435cce85fa1a17c1c4a2d4c13d75f663f6ed Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 18 Feb 2016 13:56:47 +0100 Subject: [PATCH 79/79] Minor update --- thirdparty/pagerank/pagerank.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/thirdparty/pagerank/pagerank.py b/thirdparty/pagerank/pagerank.py index 977a93744..fed4dcc84 100644 --- a/thirdparty/pagerank/pagerank.py +++ b/thirdparty/pagerank/pagerank.py @@ -12,6 +12,7 @@ # # Licensed under the MIT license: http://www.opensource.org/licenses/mit-license.php +import sys import urllib def get_pagerank(url): @@ -77,3 +78,9 @@ def check_hash(hash_int): check_byte >>= 1 return '7' + str(check_byte) + hash_str + +def main(): + print get_pagerank(sys.argv[1]) if len(sys.argv) > 1 else "[x] missing hostname" + +if __name__ == "__main__": + main()