diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt index e2f5a4855..78619757d 100644 --- a/data/txt/sha256sums.txt +++ b/data/txt/sha256sums.txt @@ -146,7 +146,6 @@ cb43de49a549ae5524f3066b99d6bc3b0b684c6e68c2e75602e87b2ac5718716 extra/shellcod f3d8033f8c451ae28ca4b8f65cf2ceb77fadba21f11f19229f08398cbf523bc6 extra/shutils/drei.sh 2462efbca0d1572d2e6d380c8be48caa9e6d481b3b42ebe5705de4ba93e6c9fe extra/shutils/duplicates.py 336aebaff9a9a9339c71a03b794ec52429c4024a9ebfd7e5a60c196fad21326e extra/shutils/junk.sh -8779e1a56165327e49bbfd6cb2a461ab18cd8a83e9bfc139c9bdfc8e44f2a23f extra/shutils/modernize.sh 74fe683e94702bef6b8ea8eebb7fc47040e3ef5a03dec756e3cf4504a00c7839 extra/shutils/newlines.py fed05c468af662ba6ca6885baf8bf85fec1e58f438b3208f3819ad730a75a803 extra/shutils/postcommit-hook.sh ca86d61d3349ed2d94a6b164d4648cff9701199b5e32378c3f40fca0f517b128 extra/shutils/precommit-hook.sh @@ -159,13 +158,13 @@ df768bcb9838dc6c46dab9b4a877056cb4742bd6cfaaf438c4a3712c5cc0d264 extra/shutils/ 1d6e741e19e467650dce2ca84aa824d6df68ff74aedbe4afa8dbdb0193d94918 extra/vulnserver/__init__.py 9fb22b629ffb69d9643230f7bea50b0ad25836058647a3b2e88a1e254aa3ce74 extra/vulnserver/vulnserver.py 66d14fc303b061ccf983bf3ff84b5e1345c4fe643b662fbc5ec1a924d6415aee lib/controller/action.py -f0a3c3a555920b7e9321c234b54718e3d70f8ca33a8560a389c3b981e98c1585 lib/controller/checks.py +6b6140f5b16625037130383466f92ef8f14a2093794211ffacbb6a8b53ed9929 lib/controller/checks.py d7b1d29dfa0e4818553259984602410b14c60803cae9c9bb7b249ed7ad71a3f6 lib/controller/controller.py de2b0220db1c79d8720b636d267b11e117151f5f99740567096e9b4cbb7cc9d5 lib/controller/handler.py 1d6e741e19e467650dce2ca84aa824d6df68ff74aedbe4afa8dbdb0193d94918 lib/controller/__init__.py 9296a1ffc92d839802ac9da4fcfd8e9d3f325f72a65805e774649f435ca5549e lib/core/agent.py f848dcfdacb5143f803f4e9474cf3eef939039c26c522ca09777c425661300f0 lib/core/bigarray.py -afecad4b14e8008f6f97a6ec653fc930dfd8dc65f9d24a51274f8b5c3f63a4e2 lib/core/common.py +4d0beec02be7492a0fd10757c11de2756eed2ad3272380feb0f2e350e4b4067d lib/core/common.py 88fbbe7c41511b17d7ef449d675a84eaa80cac6ebf457a18577eadd62f6f1330 lib/core/compat.py 5ce8f2292f99d17d69bfc40ded206bfdfd06e2e3660ff9d1b3c56163793f8d1c lib/core/convert.py f561310b3cea570cc13d9f0aff16cce8b097d51275f8b947e7fff4876ac65c32 lib/core/data.py @@ -180,17 +179,17 @@ bdd1b5b3eb42cffdc1be78b8fe4e1bb2ec17cd86440a7aeb08fc599205089e94 lib/core/decor 1d6e741e19e467650dce2ca84aa824d6df68ff74aedbe4afa8dbdb0193d94918 lib/core/__init__.py 53499dc202a036289e3b2b9699d19568e794d077e16fd3a5c91771983de45451 lib/core/log.py 79c6b0332efa7cdf752f5caad6bd81a78a0369f2c33c107d9aaeaf52edc7e6e7 lib/core/optiondict.py -2f007b088aad979f75c4d864603dfc685da5be219ae116f2bb0d6445d2db4f83 lib/core/option.py +ade52dd8b09d14b69088409ad1cd39c7d97d5ce8e7eb80546d1a0371ce0043ee lib/core/option.py 81275fdbd463d89a2bfd8c00417a17a872aad74f34c18e44be79c0503e67dfa5 lib/core/patch.py e79df3790f16f67988e46f94b0a516d7ee725967f7698c8e17f210e4052203a7 lib/core/profiling.py c6a182f6b7d3b0ad6f0888ea2a4de4148f0770549038d7de8bc3267b4c6635f7 lib/core/readlineng.py 63ae69713c6ea9abfa10e71dfab8f2dcf42432177a38d2c1e98785bf1468674c lib/core/replication.py 5bad5bc7115051cef7b84efa73fbafbf5e1db46eef32a445056b56cda750b66f lib/core/revision.py 0dcb52c9c76a4b0acf2e9038f7d8f08c14543cef3cf7032831c6c0a99376ad24 lib/core/session.py -0a93452bb00bf38464c27f0f65dd1da0f7b718a8af52055193bb180ae45c2c67 lib/core/settings.py +8c697de92344bc70e2facf998d497a734b6ac22804684c17a33d099c8aaee3dd lib/core/settings.py a1e4f2860bffc73bbf2e5db293fa49dcb600ea35f950cda43dc953b3160ab3db lib/core/shell.py 841716e87b90a3b598515910841f7cf8d33bb87c24a27fba1a80e36a831cbcd7 lib/core/subprocessng.py -9731092f195e346716929323ea3c93247b23b9b92b0f32d3fd0acc3adf9876cc lib/core/target.py +32d0752f1a88c52b049cbe1aedff6e0afb794544ff689f54cb72e159b8d5177c lib/core/target.py b1071f449a66b4ceacd4b84b33a73d9e0a3197d271d72daaa406ba473a8bb625 lib/core/testing.py 3b47307b044c07389eec05d856403a94c9b8bd0d36aeaab11ef702b33ae499d0 lib/core/threads.py 69b86b483368864639b9d41ff70ab0f2c4a28d4ad66b590f95ccba0566605c69 lib/core/unescaper.py @@ -210,7 +209,7 @@ cbabdde72df4bd8d6961d589f1721dd938d8f653aa6af8900a31af6e2586405d lib/parse/site 89417568d7f19e48d39a8a9a4227d3d2b71d1c9f61139a41b1835fb5266fcab8 lib/request/basic.py 6139b926a3462d14ddd50acdb8575ae442b8fab089db222721535092b9af3ea1 lib/request/chunkedhandler.py 6be5719f3c922682931779830a4571a13d5612a69e2423fd60a254e8dbceaf5c lib/request/comparison.py -b27dd003eba5ac4697b6a1d5a6712e6aca380436a5a379bd5f2e831d6dca19bd lib/request/connect.py +3a59db656c7000c3e2b554569638a87c167e5c152629c17f0f12eda6c1a06cb2 lib/request/connect.py 0649a39c5cc2fc0f4c062b100ced17e3e6934a7e578247dfc65b650edc29825e lib/request/direct.py 5283754cf387ce4e645ee50834ee387cde29a768aaada1a6a07c338da216c94d lib/request/dns.py 844fae318d6b3141bfc817aac7a29868497b5e7b4b3fdd7c751ad1d4a485324f lib/request/httpshandler.py @@ -229,7 +228,7 @@ a80176c3bab60af1f45483b1121f2c5a8d0c269eebe0415f78d058302b646aea lib/takeover/r 244ccb3044707e0f2380540b8b2bbaeafa98dc2a0f18619c99a7949375132ffc lib/takeover/udf.py ec77bee2f221157aff16ec518ca2f3f8359952cd0835f70dd6a5cd8d57caf5bc lib/takeover/web.py 21f2ccd7363b1da8f4f0b1e5050ed2a6806914d2d13e280d7a6635ce127823c3 lib/takeover/xp_cmdshell.py -8a09c54f9020ca170ddc6f41005c8b03533d6f5961a2bb9af02337b8d787fe3e lib/techniques/blind/inference.py +179a8b5b930bfc77490be4e51c2b5677a160c5143187a483c7900536836b40a8 lib/techniques/blind/inference.py 1d6e741e19e467650dce2ca84aa824d6df68ff74aedbe4afa8dbdb0193d94918 lib/techniques/blind/__init__.py 1d6e741e19e467650dce2ca84aa824d6df68ff74aedbe4afa8dbdb0193d94918 lib/techniques/dns/__init__.py 1b8b4fe2088247f99b96ccab078a8bd72dc934d7bd155498eec2a77b67c55daf lib/techniques/dns/test.py @@ -240,11 +239,11 @@ ec77bee2f221157aff16ec518ca2f3f8359952cd0835f70dd6a5cd8d57caf5bc lib/takeover/w 1d6e741e19e467650dce2ca84aa824d6df68ff74aedbe4afa8dbdb0193d94918 lib/techniques/union/__init__.py 3349573564c035ef7c3dbca7da3aecde139f31621395a1a6a7d2eef1dccbb9b0 lib/techniques/union/test.py eb564696a2e0c8e8844c1593c77f7bb41e47ce89f213afe93cbba7f1190e91f0 lib/techniques/union/use.py -c09927bccdbdb9714865c9a72d2a739da745375702a935349ddb9edc1d50de70 lib/utils/api.py +05df07c99a37942b0e41abbf77fd1ee874c2ceaa6b4a81bae110560976b3cde6 lib/utils/api.py 1d72a586358c5f6f0b44b48135229742d2e598d40cefbeeabcb40a1c2e0b70b2 lib/utils/brute.py dd0b67fc2bdf65a4c22a029b056698672a6409eff9a9e55da6250907e8995728 lib/utils/crawler.py -eac125d270256eff54e39736a423dde866bac3b2bb4c76d3cbc32fc53b3bbb99 lib/utils/deps.py -0b83cc8657d5bea117c02facde2b1426c8fe35d9372d996c644d67575d8b755f lib/utils/getch.py +19c267b8d7326dd22d5b23511519fc66c77d3a89b706c2e93b15c5d0ce2815e3 lib/utils/deps.py +d6e8ffaca834424fe8833ef10a9e9cbc20a76217bf5b26895e1e510aac389801 lib/utils/getch.py c2a2fa68d2c575ab35f472d50b8d52dd6fc5e1b4d6c86a06ac06365650fec321 lib/utils/har.py e6376fb0c3d001b6be0ef0f23e99a47734cfe3a3d271521dbe6d624d32f19953 lib/utils/hashdb.py c746c4dcc976137d6e5eff858146dcf29f01637587d3bdb8e2f8a419fc64b885 lib/utils/hash.py @@ -473,7 +472,7 @@ e55aaf385c5c77963d9aa6ff4aa64a5f23e7c3122b763b02a7c97a6846d8a58f plugins/generi b3d9d0644197ecb864e899c04ee9c7cd63891ecf2a0d3c333aad563eef735294 plugins/generic/users.py 1d6e741e19e467650dce2ca84aa824d6df68ff74aedbe4afa8dbdb0193d94918 plugins/__init__.py 5a473c60853f54f1a4b14d79b8237f659278fe8a6b42e935ed573bf22b6d5b2c README.md -8c4fd81d84598535643cf0ef1b2d350cd92977cb55287e23993b76eaa2215c30 sqlmapapi.py +ea26a250120cfaac03dd8d9a65dd236afe9ea99978bdaa4c73a0588a27f55291 sqlmapapi.py 168309215af7dd5b0b71070e1770e72f1cbb29a3d8025143fb8aa0b88cd56b62 sqlmapapi.yaml 4121621b1accd6099eed095e9aa48d6db6a4fdfa3bbc5eb569d54c050132cbbf sqlmap.conf f84846b8493d809d697a75b3d13d904013bbb03e0edd82b724f4753801609057 sqlmap.py @@ -516,7 +515,7 @@ c390d072ed48431ab5848d51b9ca5c4ff323964a770f0597bdde943ed12377f8 tamper/luangin b262da8d38dbb4be64d42e0ab07e25611da11c5d07aa11b09497b344a4c76b8d tamper/modsecurityversioned.py fbb4ea2c764a1402293b71064183a6e929d5278afa09c7799747c53c3d3a9df3 tamper/modsecurityzeroversioned.py 91c7f96f3d0a3da9858e6ebebb337d6e3773961ff8e85af8b9e8458f782e75c0 tamper/multiplespaces.py -e0d800cfefa04fefed744956d4f3c17ccaeb1b59cb7a19c2796da4b1ebff6a3f tamper/ord2ascii.py +f4d87befddbc0474f61aee79a119ca0e77595bf8635a6b715c9d397e65a41a79 tamper/ord2ascii.py 50ebd172e152ed9154ff75acc45b95b3c406be2d2985fe1190bfb2f6a4077763 tamper/overlongutf8more.py a1e7d8907e7b4b25b1a418e8d5221e909096f719dcb611d15b5e91c83454ccdc tamper/overlongutf8.py 639b9cc83d94f536998b4efed8a88bed6ff8e9c67ea8381e87d1454cdea80293 tamper/percentage.py diff --git a/extra/shutils/modernize.sh b/extra/shutils/modernize.sh deleted file mode 100755 index de96e5dbf..000000000 --- a/extra/shutils/modernize.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash - -# Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org/) -# See the file 'LICENSE' for copying permission - -# sudo pip install modernize - -for i in $(find . -iname "*.py" | grep -v __init__); do python-modernize $i 2>&1 | grep -E '^[+-]' | grep -v range | grep -v absolute_import; done diff --git a/lib/controller/checks.py b/lib/controller/checks.py index f62cca5e9..18560b918 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -277,7 +277,7 @@ def checkSqlInjection(place, parameter, value): logger.debug(debugMsg) continue - elif kb.reduceTests == False: + elif kb.reduceTests is False: pass # Skip DBMS-specific test if it does not match the @@ -529,7 +529,7 @@ def checkSqlInjection(place, parameter, value): truePage, trueHeaders, trueCode = threadData.lastComparisonPage or "", threadData.lastComparisonHeaders, threadData.lastComparisonCode trueRawResponse = "%s%s" % (trueHeaders, truePage) - if trueResult and not(truePage == falsePage and not any((kb.nullConnection, conf.code))): + if trueResult and not (truePage == falsePage and not any((kb.nullConnection, conf.code))): # Perform the test's False request falseResult = Request.queryPage(genCmpPayload(), place, raise404=False) diff --git a/lib/core/common.py b/lib/core/common.py index 8fc73e956..7aa8570a5 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -5301,7 +5301,7 @@ def parseRequestFile(reqFile, checkParams=True): logger.warning(warnMsg) continue - if not(conf.scope and not re.search(conf.scope, url, re.I)): + if not (conf.scope and not re.search(conf.scope, url, re.I)): yield (url, method, None, cookie, tuple()) def _parseBurpLog(content): @@ -5451,7 +5451,7 @@ def parseRequestFile(reqFile, checkParams=True): scheme = None port = None - if not(conf.scope and not re.search(conf.scope, url, re.I)): + if not (conf.scope and not re.search(conf.scope, url, re.I)): yield (url, conf.method or method, data, cookie, tuple(headers)) content = readCachedFileContent(reqFile) diff --git a/lib/core/option.py b/lib/core/option.py index a530bd158..87b7d36d2 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -2699,7 +2699,6 @@ def _basicOptionValidation(): warnMsg += "option '--retry-on' was provided" logger.warning(warnMsg) - if conf.cookieDel and len(conf.cookieDel) != 1: errMsg = "option '--cookie-del' should contain a single character (e.g. ';')" raise SqlmapSyntaxException(errMsg) diff --git a/lib/core/settings.py b/lib/core/settings.py index bf0b899c6..7a3294bd9 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS from thirdparty import six # sqlmap version (...) -VERSION = "1.9.5.10" +VERSION = "1.9.5.11" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/target.py b/lib/core/target.py index bcae39cbb..543817e15 100644 --- a/lib/core/target.py +++ b/lib/core/target.py @@ -227,7 +227,7 @@ def _setRequestParams(): conf.data = getattr(conf.data, UNENCODED_ORIGINAL_VALUE, conf.data) conf.data = conf.data.replace(kb.customInjectionMark, ASTERISK_MARKER) conf.data = re.sub(r"(?si)(Content-Disposition:[^\n]+\s+name=\"(?P[^\"]+)\"(?:[^f|^b]|f(?!ilename=)|b(?!oundary=))*?)((%s)--)" % ("\r\n" if "\r\n" in conf.data else '\n'), - functools.partial(process, repl=r"\g<1>%s\g<3>" % kb.customInjectionMark), conf.data) + functools.partial(process, repl=r"\g<1>%s\g<3>" % kb.customInjectionMark), conf.data) if not kb.postHint: if kb.customInjectionMark in conf.data: # later processed diff --git a/lib/request/connect.py b/lib/request/connect.py index cdbbabca0..c9d97ed27 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -624,7 +624,7 @@ class Connect(object): raise SqlmapMissingDependence("outdated version of httpx detected (%s<%s)" % (httpx.__version__, MIN_HTTPX_VERSION)) try: - proxy_mounts = dict(("%s://" % key, httpx.HTTPTransport(proxy="%s%s" % ("http://" if not "://" in kb.proxies[key] else "", kb.proxies[key]))) for key in kb.proxies) if kb.proxies else None + proxy_mounts = dict(("%s://" % key, httpx.HTTPTransport(proxy="%s%s" % ("http://" if "://" not in kb.proxies[key] else "", kb.proxies[key]))) for key in kb.proxies) if kb.proxies else None with httpx.Client(verify=False, http2=True, timeout=timeout, follow_redirects=True, cookies=conf.cj, mounts=proxy_mounts) as client: conn = client.request(method or (HTTPMETHOD.POST if post is not None else HTTPMETHOD.GET), url, headers=headers, data=post) except (httpx.HTTPError, httpx.InvalidURL, httpx.CookieConflict, httpx.StreamError) as ex: diff --git a/lib/techniques/blind/inference.py b/lib/techniques/blind/inference.py index bd089e40f..fdf07b93e 100644 --- a/lib/techniques/blind/inference.py +++ b/lib/techniques/blind/inference.py @@ -511,7 +511,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None currentCharIndex = threadData.shared.index[0] if kb.threadContinue: - val = getChar(currentCharIndex, asciiTbl, not(charsetType is None and conf.charset)) + val = getChar(currentCharIndex, asciiTbl, not (charsetType is None and conf.charset)) if val is None: val = INFERENCE_UNKNOWN_CHAR else: @@ -657,7 +657,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None if not val: val = getChar(index, otherCharset, otherCharset == asciiTbl) else: - val = getChar(index, asciiTbl, not(charsetType is None and conf.charset)) + val = getChar(index, asciiTbl, not (charsetType is None and conf.charset)) if val is None: finalValue = partialValue diff --git a/lib/utils/api.py b/lib/utils/api.py index 4105013a4..904ff10b9 100644 --- a/lib/utils/api.py +++ b/lib/utils/api.py @@ -787,7 +787,7 @@ def client(host=RESTAPI_DEFAULT_ADDRESS, port=RESTAPI_DEFAULT_PORT, username=Non return commands = ("help", "new", "use", "data", "log", "status", "option", "stop", "kill", "list", "flush", "version", "exit", "bye", "quit") - colors = ('red', 'green', 'yellow', 'blue', 'magenta', 'cyan', 'lightgrey', 'lightred', 'lightgreen', 'lightyellow', 'lightblue', 'lightmagenta', 'lightcyan') + colors = ('red', 'green', 'yellow', 'blue', 'magenta', 'cyan', 'lightgrey', 'lightred', 'lightgreen', 'lightyellow', 'lightblue', 'lightmagenta', 'lightcyan') autoCompletion(AUTOCOMPLETE_TYPE.API, commands=commands) taskid = None diff --git a/lib/utils/deps.py b/lib/utils/deps.py index 01184304d..6d13781f4 100644 --- a/lib/utils/deps.py +++ b/lib/utils/deps.py @@ -59,7 +59,7 @@ def checkDependencies(): elif dbmsName == DBMS.CUBRID: __import__("CUBRIDdb") elif dbmsName == DBMS.CLICKHOUSE: - __import__("clickhouse_connect") + __import__("clickhouse_connect") except: warnMsg = "sqlmap requires '%s' third-party library " % data[1] warnMsg += "in order to directly connect to the DBMS " diff --git a/lib/utils/getch.py b/lib/utils/getch.py index a19fb7389..62684d3d7 100644 --- a/lib/utils/getch.py +++ b/lib/utils/getch.py @@ -16,7 +16,7 @@ class _Getch(object): except ImportError: try: self.impl = _GetchMacCarbon() - except(AttributeError, ImportError): + except (AttributeError, ImportError): self.impl = _GetchUnix() def __call__(self): diff --git a/sqlmapapi.py b/sqlmapapi.py index bf1f11d5f..dff5fe849 100755 --- a/sqlmapapi.py +++ b/sqlmapapi.py @@ -105,7 +105,6 @@ def main(): apiparser.add_argument("--password", help="Basic authentication password (optional)") (args, _) = apiparser.parse_known_args() if hasattr(apiparser, "parse_known_args") else apiparser.parse_args() - # Start the client or the server if args.server: server(args.host, args.port, adapter=args.adapter, username=args.username, password=args.password, database=args.database) diff --git a/tamper/ord2ascii.py b/tamper/ord2ascii.py index 890a6eb34..4207e31bb 100644 --- a/tamper/ord2ascii.py +++ b/tamper/ord2ascii.py @@ -16,11 +16,9 @@ def dependencies(): def tamper(payload, **kwargs): """ - Replaces ORD() occurences with equivalent ASCII() calls - + Replaces ORD() occurences with equivalent ASCII() calls Requirement: * MySQL - >>> tamper("ORD('42')") "ASCII('42')" """