From a711c9ed3603e82f2a8e84475f2c2b048ec7b4fa Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 9 Aug 2013 14:13:48 +0200 Subject: [PATCH] Minor cleanup and initial work for #58 --- lib/core/common.py | 2 +- lib/core/option.py | 24 ++++++++++++------------ lib/core/optiondict.py | 9 +++++---- lib/parse/cmdline.py | 11 +++++++---- lib/request/connect.py | 2 +- sqlmap.conf | 14 ++++++++++---- xml/livetests.xml | 8 ++++---- 7 files changed, 40 insertions(+), 30 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index 5825f0a59..ca7ea5431 100755 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -2768,7 +2768,7 @@ def maskSensitiveData(msg): retVal = msg - for item in filter(None, map(lambda x: conf.get(x), ("hostname", "googleDork", "aCred", "pCred", "tbl", "db", "col", "user", "cookie", "proxy"))): + for item in filter(None, map(lambda x: conf.get(x), ("hostname", "googleDork", "authCred", "proxyCred", "tbl", "db", "col", "user", "cookie", "proxy"))): regex = SENSITIVE_DATA_REGEX % re.sub("(\W)", r"\\\1", item) while extractRegexResult(regex, retVal): value = extractRegexResult(regex, retVal) diff --git a/lib/core/option.py b/lib/core/option.py index 32c5d9f9f..a105296df 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -180,7 +180,7 @@ def _urllib2Opener(): if conf.proxy: warnMsg += "with HTTP(s) proxy" logger.warn(warnMsg) - elif conf.aType: + elif conf.authType: warnMsg += "with authentication methods" logger.warn(warnMsg) else: @@ -1011,8 +1011,8 @@ def _setHTTPProxy(): errMsg = "proxy value must be in format '(%s)://url:port'" % "|".join(_[0].lower() for _ in getPublicTypeMembers(PROXY_TYPE)) raise SqlmapSyntaxException(errMsg) - if conf.pCred: - _ = re.search("^(.*?):(.*?)$", conf.pCred) + if conf.proxyCred: + _ = re.search("^(.*?):(.*?)$", conf.proxyCred) if not _: errMsg = "Proxy authentication credentials " errMsg += "value must be in format username:password" @@ -1025,9 +1025,9 @@ def _setHTTPProxy(): socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5 if scheme == PROXY_TYPE.SOCKS5 else socks.PROXY_TYPE_SOCKS4, hostname, port, username=username, password=password) socks.wrapmodule(urllib2) else: - if conf.pCred: + if conf.proxyCred: # Reference: http://stackoverflow.com/questions/34079/how-to-specify-an-authenticated-proxy-for-a-python-http-connection - proxyString = "%s@" % conf.pCred + proxyString = "%s@" % conf.proxyCred else: proxyString = "" @@ -1097,24 +1097,24 @@ def _setHTTPAuthentication(): global authHandler - if not conf.aType and not conf.aCred and not conf.aCert: + if not conf.authType and not conf.authCred and not conf.authCert: return - elif conf.aType and not conf.aCred and not conf.aCert: + elif conf.authType and not conf.authCred and not conf.authCert: errMsg = "you specified the HTTP authentication type, but " errMsg += "did not provide the credentials" raise SqlmapSyntaxException(errMsg) - elif not conf.aType and conf.aCred: + elif not conf.authType and conf.authCred: errMsg = "you specified the HTTP authentication credentials, " errMsg += "but did not provide the type" raise SqlmapSyntaxException(errMsg) - if not conf.aCert: + if not conf.authCert: debugMsg = "setting the HTTP authentication type and credentials" logger.debug(debugMsg) - aTypeLower = conf.aType.lower() + aTypeLower = conf.authType.lower() if aTypeLower not in (AUTH_TYPE.BASIC, AUTH_TYPE.DIGEST, AUTH_TYPE.NTLM, AUTH_TYPE.CERT): errMsg = "HTTP authentication type value must be " @@ -1133,7 +1133,7 @@ def _setHTTPAuthentication(): errMsg += "usage of option `--auth-cert`" raise SqlmapSyntaxException(errMsg) - aCredRegExp = re.search(regExp, conf.aCred) + aCredRegExp = re.search(regExp, conf.authCred) if not aCredRegExp: raise SqlmapSyntaxException(errMsg) @@ -1165,7 +1165,7 @@ def _setHTTPAuthentication(): debugMsg = "setting the HTTP(s) authentication certificate" logger.debug(debugMsg) - aCertRegExp = re.search("^(.+?),\s*(.+?)$", conf.aCert) + aCertRegExp = re.search("^(.+?),\s*(.+?)$", conf.authCert) if not aCertRegExp: errMsg = "HTTP authentication certificate option " diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py index 8671c6f82..055fab75d 100644 --- a/lib/core/optiondict.py +++ b/lib/core/optiondict.py @@ -33,11 +33,12 @@ optDict = { "host": "string", "referer": "string", "headers": "string", - "aType": "string", - "aCred": "string", - "aCert": "string", + "authType": "string", + "authCred": "string", + "authCert": "string", "proxy": "string", - "pCred": "string", + "proxyCred": "string", + "proxyFile": "string", "ignoreProxy": "boolean", "tor": "boolean", "torPort": "integer", diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index 35d8a0d0a..b74d66189 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -108,25 +108,28 @@ def cmdLineParser(): request.add_option("--headers", dest="headers", help="Extra headers (e.g. \"Accept-Language: fr\\nETag: 123\")") - request.add_option("--auth-type", dest="aType", + request.add_option("--auth-type", dest="authType", help="HTTP authentication type " "(Basic, Digest, NTLM or Cert)") - request.add_option("--auth-cred", dest="aCred", + request.add_option("--auth-cred", dest="authCred", help="HTTP authentication credentials " "(name:password)") - request.add_option("--auth-cert", dest="aCert", + request.add_option("--auth-cert", dest="authCert", help="HTTP authentication certificate (" "key_file,cert_file)") request.add_option("--proxy", dest="proxy", help="Use a proxy to connect to the target URL") - request.add_option("--proxy-cred", dest="pCred", + request.add_option("--proxy-cred", dest="proxyCred", help="Proxy authentication credentials " "(name:password)") + request.add_option("--proxy-file", dest="proxyFile", + help="Load proxy list from a file") + request.add_option("--ignore-proxy", dest="ignoreProxy", action="store_true", help="Ignore system default proxy settings") diff --git a/lib/request/connect.py b/lib/request/connect.py index d7b135836..63602a83b 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -372,7 +372,7 @@ class Connect(object): conn = urllib2.urlopen(req) - if not kb.authHeader and getRequestHeader(req, HTTP_HEADER.AUTHORIZATION) and conf.aType == AUTH_TYPE.BASIC: + if not kb.authHeader and getRequestHeader(req, HTTP_HEADER.AUTHORIZATION) and conf.authType == AUTH_TYPE.BASIC: kb.authHeader = getRequestHeader(req, HTTP_HEADER.AUTHORIZATION) if not kb.proxyAuthHeader and getRequestHeader(req, HTTP_HEADER.PROXY_AUTHORIZATION): diff --git a/sqlmap.conf b/sqlmap.conf index 2617fdd72..9636e3af5 100644 --- a/sqlmap.conf +++ b/sqlmap.conf @@ -18,6 +18,9 @@ url = # 'conversations/' folder path logFile = +# Scan multiple targets enlisted in a given textual file +bulkFile = + # Load HTTP request from a file # Example (file content): POST /login.jsp HTTP/1.1\nHost: example.com\nUser-Agent: Mozilla/4.0\n\nuserid=joe&password=guessme requestFile = @@ -76,17 +79,17 @@ headers = Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9 # HTTP Authentication type. Useful only if the target URL requires # HTTP Basic, Digest or NTLM authentication and you have such data. # Valid: Basic, Digest, NTLM or Cert -aType = +authType = # HTTP authentication credentials. Useful only if the target URL requires # HTTP Basic, Digest or NTLM authentication and you have such data. # Syntax: username:password -aCred = +authCred = # HTTP Authentication certificate. Useful only if the target URL requires # logon certificate and you have such data. # Syntax: key_file,cert_file -aCert = +authCert = # Use a proxy to connect to the target URL. # Syntax: http://address:port @@ -95,7 +98,10 @@ proxy = # Proxy authentication credentials. Useful only if the proxy requires # Basic or Digest authentication and you have such data. # Syntax: username:password -pCred = +proxyCred = + +# Load proxy list from a file +proxyFile = # Ignore system default proxy settings. # Valid: True or False diff --git a/xml/livetests.xml b/xml/livetests.xml index 32d840e91..710fa95b9 100644 --- a/xml/livetests.xml +++ b/xml/livetests.xml @@ -3423,8 +3423,8 @@ - - + + @@ -3435,8 +3435,8 @@ - - + +