Minor cleanup and initial work for #58

2024-11-25 02:53:46 +03:00 · 2013-08-09 14:13:48 +02:00 · 2013-08-09 14:13:48 +02:00 · a711c9ed36
commit a711c9ed36
parent 4beef0900d
7 changed files with 40 additions and 30 deletions
--- a/lib/core/common.py
+++ b/lib/core/common.py
@ -2768,7 +2768,7 @@ def maskSensitiveData(msg):

    retVal = msg

-    for item in filter(None, map(lambda x: conf.get(x), ("hostname", "googleDork", "aCred", "pCred", "tbl", "db", "col", "user", "cookie", "proxy"))):
+    for item in filter(None, map(lambda x: conf.get(x), ("hostname", "googleDork", "authCred", "proxyCred", "tbl", "db", "col", "user", "cookie", "proxy"))):
        regex = SENSITIVE_DATA_REGEX % re.sub("(\W)", r"\\\1", item)
        while extractRegexResult(regex, retVal):
            value = extractRegexResult(regex, retVal)
--- a/lib/core/option.py
+++ b/lib/core/option.py
@ -180,7 +180,7 @@ def _urllib2Opener():
        if conf.proxy:
            warnMsg += "with HTTP(s) proxy"
            logger.warn(warnMsg)
-        elif conf.aType:
+        elif conf.authType:
            warnMsg += "with authentication methods"
            logger.warn(warnMsg)
        else:
@ -1011,8 +1011,8 @@ def _setHTTPProxy():
        errMsg = "proxy value must be in format '(%s)://url:port'" % "|".join(_[0].lower() for _ in getPublicTypeMembers(PROXY_TYPE))
        raise SqlmapSyntaxException(errMsg)

-    if conf.pCred:
-        _ = re.search("^(.*?):(.*?)$", conf.pCred)
+    if conf.proxyCred:
+        _ = re.search("^(.*?):(.*?)$", conf.proxyCred)
        if not _:
            errMsg = "Proxy authentication credentials "
            errMsg += "value must be in format username:password"
@ -1025,9 +1025,9 @@ def _setHTTPProxy():
        socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5 if scheme == PROXY_TYPE.SOCKS5 else socks.PROXY_TYPE_SOCKS4, hostname, port, username=username, password=password)
        socks.wrapmodule(urllib2)
    else:
-        if conf.pCred:
+        if conf.proxyCred:
            # Reference: http://stackoverflow.com/questions/34079/how-to-specify-an-authenticated-proxy-for-a-python-http-connection
-            proxyString = "%s@" % conf.pCred
+            proxyString = "%s@" % conf.proxyCred
        else:
            proxyString = ""

@ -1097,24 +1097,24 @@ def _setHTTPAuthentication():

    global authHandler

-    if not conf.aType and not conf.aCred and not conf.aCert:
+    if not conf.authType and not conf.authCred and not conf.authCert:
        return

-    elif conf.aType and not conf.aCred and not conf.aCert:
+    elif conf.authType and not conf.authCred and not conf.authCert:
        errMsg = "you specified the HTTP authentication type, but "
        errMsg += "did not provide the credentials"
        raise SqlmapSyntaxException(errMsg)

-    elif not conf.aType and conf.aCred:
+    elif not conf.authType and conf.authCred:
        errMsg = "you specified the HTTP authentication credentials, "
        errMsg += "but did not provide the type"
        raise SqlmapSyntaxException(errMsg)

-    if not conf.aCert:
+    if not conf.authCert:
        debugMsg = "setting the HTTP authentication type and credentials"
        logger.debug(debugMsg)

-        aTypeLower = conf.aType.lower()
+        aTypeLower = conf.authType.lower()

        if aTypeLower not in (AUTH_TYPE.BASIC, AUTH_TYPE.DIGEST, AUTH_TYPE.NTLM, AUTH_TYPE.CERT):
            errMsg = "HTTP authentication type value must be "
@ -1133,7 +1133,7 @@ def _setHTTPAuthentication():
            errMsg += "usage of option `--auth-cert`"
            raise SqlmapSyntaxException(errMsg)

-        aCredRegExp = re.search(regExp, conf.aCred)
+        aCredRegExp = re.search(regExp, conf.authCred)

        if not aCredRegExp:
            raise SqlmapSyntaxException(errMsg)
@ -1165,7 +1165,7 @@ def _setHTTPAuthentication():
        debugMsg = "setting the HTTP(s) authentication certificate"
        logger.debug(debugMsg)

-        aCertRegExp = re.search("^(.+?),\s*(.+?)$", conf.aCert)
+        aCertRegExp = re.search("^(.+?),\s*(.+?)$", conf.authCert)

        if not aCertRegExp:
            errMsg = "HTTP authentication certificate option "
--- a/lib/core/optiondict.py
+++ b/lib/core/optiondict.py
@ -33,11 +33,12 @@ optDict = {
                               "host":              "string",
                               "referer":           "string",
                               "headers":           "string",
-                               "aType":             "string",
-                               "aCred":             "string",
-                               "aCert":             "string",
+                               "authType":          "string",
+                               "authCred":          "string",
+                               "authCert":          "string",
                               "proxy":             "string",
-                               "pCred":             "string",
+                               "proxyCred":         "string",
+                               "proxyFile":         "string",
                               "ignoreProxy":       "boolean",
                               "tor":               "boolean",
                               "torPort":           "integer",
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@ -108,25 +108,28 @@ def cmdLineParser():
        request.add_option("--headers", dest="headers",
                           help="Extra headers (e.g. \"Accept-Language: fr\\nETag: 123\")")

-        request.add_option("--auth-type", dest="aType",
+        request.add_option("--auth-type", dest="authType",
                           help="HTTP authentication type "
                                "(Basic, Digest, NTLM or Cert)")

-        request.add_option("--auth-cred", dest="aCred",
+        request.add_option("--auth-cred", dest="authCred",
                           help="HTTP authentication credentials "
                                "(name:password)")

-        request.add_option("--auth-cert", dest="aCert",
+        request.add_option("--auth-cert", dest="authCert",
                           help="HTTP authentication certificate ("
                                "key_file,cert_file)")

        request.add_option("--proxy", dest="proxy",
                           help="Use a proxy to connect to the target URL")

-        request.add_option("--proxy-cred", dest="pCred",
+        request.add_option("--proxy-cred", dest="proxyCred",
                           help="Proxy authentication credentials "
                                "(name:password)")

+        request.add_option("--proxy-file", dest="proxyFile",
+                           help="Load proxy list from a file")
+
        request.add_option("--ignore-proxy", dest="ignoreProxy", action="store_true",
                           help="Ignore system default proxy settings")

--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@ -372,7 +372,7 @@ class Connect(object):

            conn = urllib2.urlopen(req)

-            if not kb.authHeader and getRequestHeader(req, HTTP_HEADER.AUTHORIZATION) and conf.aType == AUTH_TYPE.BASIC:
+            if not kb.authHeader and getRequestHeader(req, HTTP_HEADER.AUTHORIZATION) and conf.authType == AUTH_TYPE.BASIC:
                kb.authHeader = getRequestHeader(req, HTTP_HEADER.AUTHORIZATION)

            if not kb.proxyAuthHeader and getRequestHeader(req, HTTP_HEADER.PROXY_AUTHORIZATION):
--- a/sqlmap.conf
+++ b/sqlmap.conf
@ -18,6 +18,9 @@ url =
 # 'conversations/' folder path
 logFile = 

+# Scan multiple targets enlisted in a given textual file
+bulkFile =
+
 # Load HTTP request from a file
 # Example (file content): POST /login.jsp HTTP/1.1\nHost: example.com\nUser-Agent: Mozilla/4.0\n\nuserid=joe&password=guessme
 requestFile = 
@ -76,17 +79,17 @@ headers = Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9
 # HTTP Authentication type. Useful only if the target URL requires
 # HTTP Basic, Digest or NTLM authentication and you have such data.
 # Valid: Basic, Digest, NTLM or Cert
-aType = 
+authType = 

 # HTTP authentication credentials. Useful only if the target URL requires
 # HTTP Basic, Digest or NTLM authentication and you have such data.
 # Syntax: username:password
-aCred = 
+authCred = 

 # HTTP Authentication certificate. Useful only if the target URL requires
 # logon certificate and you have such data.
 # Syntax: key_file,cert_file
-aCert = 
+authCert = 

 # Use a proxy to connect to the target URL.
 # Syntax: http://address:port
@ -95,7 +98,10 @@ proxy =
 # Proxy authentication credentials. Useful only if the proxy requires
 # Basic or Digest authentication and you have such data.
 # Syntax: username:password
-pCred =
+proxyCred =
+
+# Load proxy list from a file
+proxyFile =

 # Ignore system default proxy settings.
 # Valid: True or False
--- a/xml/livetests.xml
+++ b/xml/livetests.xml
@ -3423,8 +3423,8 @@
        <switches>
            <url value="http://debiandev/sqlmap/mysql/basic/get_int.php?id=1"/>
            <tech value="E"/>
-            <aType value="Basic"/>
-            <aCred value="testuser:testpass"/>
+            <authType value="Basic"/>
+            <authCred value="testuser:testpass"/>
            <getBanner value="True"/>
        </switches>
        <parse>
@ -3435,8 +3435,8 @@
        <switches>
            <url value="http://debiandev/sqlmap/mysql/digest/get_int.php?id=1"/>
            <tech value="E"/>
-            <aType value="Digest"/>
-            <aCred value="testuser:testpass"/>
+            <authType value="Digest"/>
+            <authCred value="testuser:testpass"/>
            <getBanner value="True"/>
        </switches>
        <parse>