Minor cleanup and initial work for #58

lib/core/common.py

@@ -2768,7 +2768,7 @@ def maskSensitiveData(msg):
 
     retVal = msg
 
-    for item in filter(None, map(lambda x: conf.get(x), ("hostname", "googleDork", "aCred", "pCred", "tbl", "db", "col", "user", "cookie", "proxy"))):
+    for item in filter(None, map(lambda x: conf.get(x), ("hostname", "googleDork", "authCred", "proxyCred", "tbl", "db", "col", "user", "cookie", "proxy"))):
         regex = SENSITIVE_DATA_REGEX % re.sub("(\W)", r"\\\1", item)
         while extractRegexResult(regex, retVal):
             value = extractRegexResult(regex, retVal)

lib/core/option.py

@@ -180,7 +180,7 @@ def _urllib2Opener():
         if conf.proxy:
             warnMsg += "with HTTP(s) proxy"
             logger.warn(warnMsg)
-        elif conf.aType:
+        elif conf.authType:
             warnMsg += "with authentication methods"
             logger.warn(warnMsg)
         else:
@@ -1011,8 +1011,8 @@ def _setHTTPProxy():
         errMsg = "proxy value must be in format '(%s)://url:port'" % "|".join(_[0].lower() for _ in getPublicTypeMembers(PROXY_TYPE))
         raise SqlmapSyntaxException(errMsg)
 
-    if conf.pCred:
+    if conf.proxyCred:
-        _ = re.search("^(.*?):(.*?)$", conf.pCred)
+        _ = re.search("^(.*?):(.*?)$", conf.proxyCred)
         if not _:
             errMsg = "Proxy authentication credentials "
             errMsg += "value must be in format username:password"
@@ -1025,9 +1025,9 @@ def _setHTTPProxy():
         socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5 if scheme == PROXY_TYPE.SOCKS5 else socks.PROXY_TYPE_SOCKS4, hostname, port, username=username, password=password)
         socks.wrapmodule(urllib2)
     else:
-        if conf.pCred:
+        if conf.proxyCred:
             # Reference: http://stackoverflow.com/questions/34079/how-to-specify-an-authenticated-proxy-for-a-python-http-connection
-            proxyString = "%s@" % conf.pCred
+            proxyString = "%s@" % conf.proxyCred
         else:
             proxyString = ""
 
@@ -1097,24 +1097,24 @@ def _setHTTPAuthentication():
 
     global authHandler
 
-    if not conf.aType and not conf.aCred and not conf.aCert:
+    if not conf.authType and not conf.authCred and not conf.authCert:
         return
 
-    elif conf.aType and not conf.aCred and not conf.aCert:
+    elif conf.authType and not conf.authCred and not conf.authCert:
         errMsg = "you specified the HTTP authentication type, but "
         errMsg += "did not provide the credentials"
         raise SqlmapSyntaxException(errMsg)
 
-    elif not conf.aType and conf.aCred:
+    elif not conf.authType and conf.authCred:
         errMsg = "you specified the HTTP authentication credentials, "
         errMsg += "but did not provide the type"
         raise SqlmapSyntaxException(errMsg)
 
-    if not conf.aCert:
+    if not conf.authCert:
         debugMsg = "setting the HTTP authentication type and credentials"
         logger.debug(debugMsg)
 
-        aTypeLower = conf.aType.lower()
+        aTypeLower = conf.authType.lower()
 
         if aTypeLower not in (AUTH_TYPE.BASIC, AUTH_TYPE.DIGEST, AUTH_TYPE.NTLM, AUTH_TYPE.CERT):
             errMsg = "HTTP authentication type value must be "
@@ -1133,7 +1133,7 @@ def _setHTTPAuthentication():
             errMsg += "usage of option `--auth-cert`"
             raise SqlmapSyntaxException(errMsg)
 
-        aCredRegExp = re.search(regExp, conf.aCred)
+        aCredRegExp = re.search(regExp, conf.authCred)
 
         if not aCredRegExp:
             raise SqlmapSyntaxException(errMsg)
@@ -1165,7 +1165,7 @@ def _setHTTPAuthentication():
         debugMsg = "setting the HTTP(s) authentication certificate"
         logger.debug(debugMsg)
 
-        aCertRegExp = re.search("^(.+?),\s*(.+?)$", conf.aCert)
+        aCertRegExp = re.search("^(.+?),\s*(.+?)$", conf.authCert)
 
         if not aCertRegExp:
             errMsg = "HTTP authentication certificate option "

lib/core/optiondict.py

@@ -33,11 +33,12 @@ optDict = {
                                "host":              "string",
                                "referer":           "string",
                                "headers":           "string",
-                               "aType":             "string",
+                               "authType":          "string",
-                               "aCred":             "string",
+                               "authCred":          "string",
-                               "aCert":             "string",
+                               "authCert":          "string",
                                "proxy":             "string",
-                               "pCred":             "string",
+                               "proxyCred":         "string",
+                               "proxyFile":         "string",
                                "ignoreProxy":       "boolean",
                                "tor":               "boolean",
                                "torPort":           "integer",

lib/parse/cmdline.py

@@ -108,25 +108,28 @@ def cmdLineParser():
         request.add_option("--headers", dest="headers",
                            help="Extra headers (e.g. \"Accept-Language: fr\\nETag: 123\")")
 
-        request.add_option("--auth-type", dest="aType",
+        request.add_option("--auth-type", dest="authType",
                            help="HTTP authentication type "
                                 "(Basic, Digest, NTLM or Cert)")
 
-        request.add_option("--auth-cred", dest="aCred",
+        request.add_option("--auth-cred", dest="authCred",
                            help="HTTP authentication credentials "
                                 "(name:password)")
 
-        request.add_option("--auth-cert", dest="aCert",
+        request.add_option("--auth-cert", dest="authCert",
                            help="HTTP authentication certificate ("
                                 "key_file,cert_file)")
 
         request.add_option("--proxy", dest="proxy",
                            help="Use a proxy to connect to the target URL")
 
-        request.add_option("--proxy-cred", dest="pCred",
+        request.add_option("--proxy-cred", dest="proxyCred",
                            help="Proxy authentication credentials "
                                 "(name:password)")
 
+        request.add_option("--proxy-file", dest="proxyFile",
+                           help="Load proxy list from a file")
+
         request.add_option("--ignore-proxy", dest="ignoreProxy", action="store_true",
                            help="Ignore system default proxy settings")
 

lib/request/connect.py

@@ -372,7 +372,7 @@ class Connect(object):
 
             conn = urllib2.urlopen(req)
 
-            if not kb.authHeader and getRequestHeader(req, HTTP_HEADER.AUTHORIZATION) and conf.aType == AUTH_TYPE.BASIC:
+            if not kb.authHeader and getRequestHeader(req, HTTP_HEADER.AUTHORIZATION) and conf.authType == AUTH_TYPE.BASIC:
                 kb.authHeader = getRequestHeader(req, HTTP_HEADER.AUTHORIZATION)
 
             if not kb.proxyAuthHeader and getRequestHeader(req, HTTP_HEADER.PROXY_AUTHORIZATION):

sqlmap.conf

@@ -18,6 +18,9 @@ url =
 # 'conversations/' folder path
 logFile = 
 
+# Scan multiple targets enlisted in a given textual file
+bulkFile =
+
 # Load HTTP request from a file
 # Example (file content): POST /login.jsp HTTP/1.1\nHost: example.com\nUser-Agent: Mozilla/4.0\n\nuserid=joe&password=guessme
 requestFile = 
@@ -76,17 +79,17 @@ headers = Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9
 # HTTP Authentication type. Useful only if the target URL requires
 # HTTP Basic, Digest or NTLM authentication and you have such data.
 # Valid: Basic, Digest, NTLM or Cert
-aType = 
+authType = 
 
 # HTTP authentication credentials. Useful only if the target URL requires
 # HTTP Basic, Digest or NTLM authentication and you have such data.
 # Syntax: username:password
-aCred = 
+authCred = 
 
 # HTTP Authentication certificate. Useful only if the target URL requires
 # logon certificate and you have such data.
 # Syntax: key_file,cert_file
-aCert = 
+authCert = 
 
 # Use a proxy to connect to the target URL.
 # Syntax: http://address:port
@@ -95,7 +98,10 @@ proxy =
 # Proxy authentication credentials. Useful only if the proxy requires
 # Basic or Digest authentication and you have such data.
 # Syntax: username:password
-pCred =
+proxyCred =
+
+# Load proxy list from a file
+proxyFile =
 
 # Ignore system default proxy settings.
 # Valid: True or False

xml/livetests.xml

@@ -3423,8 +3423,8 @@
         <switches>
             <url value="http://debiandev/sqlmap/mysql/basic/get_int.php?id=1"/>
             <tech value="E"/>
-            <aType value="Basic"/>
+            <authType value="Basic"/>
-            <aCred value="testuser:testpass"/>
+            <authCred value="testuser:testpass"/>
             <getBanner value="True"/>
         </switches>
         <parse>
@@ -3435,8 +3435,8 @@
         <switches>
             <url value="http://debiandev/sqlmap/mysql/digest/get_int.php?id=1"/>
             <tech value="E"/>
-            <aType value="Digest"/>
+            <authType value="Digest"/>
-            <aCred value="testuser:testpass"/>
+            <authCred value="testuser:testpass"/>
             <getBanner value="True"/>
         </switches>
         <parse>