add --detect-all option to use sqlmap for detect all sqli in targets

lib/controller/checks.py

@@ -72,11 +72,12 @@ from lib.request.templates import getPageTemplate
 from lib.techniques.union.test import unionTest
 from lib.techniques.union.use import configUnion
 
-def checkSqlInjection(place, parameter, value):
+def checkSqlInjection(place, parameter, value, targetUrl):
     # Store here the details about boundaries and payload used to
     # successfully inject
     injection = InjectionDict()
 
+    injection.target = targetUrl
     # Localized thread data needed for some methods
     threadData = getCurrentThreadData()
 

lib/controller/controller.py

@@ -124,7 +124,15 @@ def _selectInjection():
         kb.injection = kb.injections[index]
 
 def _formatInjection(inj):
-    data = "Place: %s\n" % inj.place
+    if conf.detectAll:
+        data = 'Url: ' + inj.target + '\n'
+    else:
+        data = ""
+    if conf.detectAll:
+        data += "    "
+    data += "Place: %s\n" % inj.place
+    if conf.detectAll:
+        data += "    "
     data += "Parameter: %s\n" % inj.parameter
 
     for stype, sdata in inj.data.items():
@@ -142,9 +150,17 @@ def _formatInjection(inj):
                 title = title.replace("columns", "column")
         elif comment:
             vector = "%s%s" % (vector, comment)
+        if conf.detectAll:
+            data += "    "
         data += "    Type: %s\n" % PAYLOAD.SQLINJECTION[stype]
+        if conf.detectAll:
+            data += "    "
         data += "    Title: %s\n" % title
+        if conf.detectAll:
+            data += "    "
         data += "    Payload: %s\n" % urldecode(payload, unsafe="&", plusspace=(inj.place == PLACE.POST and kb.postSpaceToPlus))
+        if conf.detectAll:
+            data += "   "
         data += "    Vector: %s\n\n" % vector if conf.verbose > 1 else "\n"
 
     return data
@@ -289,7 +305,7 @@ def start():
 
             testSqlInj &= conf.hostname not in kb.vulnHosts
 
-            if not testSqlInj:
+            if not conf.detectAll and not testSqlInj:
                 infoMsg = "skipping '%s'" % targetUrl
                 logger.info(infoMsg)
                 continue
@@ -424,7 +440,7 @@ def start():
                         testSqlInj = True
                         paramKey = (conf.hostname, conf.path, place, parameter)
 
-                        if paramKey in kb.testedParams:
+                        if paramKey in kb.testedParams and not conf.detectAll:
                             testSqlInj = False
 
                             infoMsg = "skipping previously processed %s parameter '%s'" % (place, parameter)
@@ -478,7 +494,7 @@ def start():
                             infoMsg += "parameter '%s'" % parameter
                             logger.info(infoMsg)
 
-                            injection = checkSqlInjection(place, parameter, value)
+                            injection = checkSqlInjection(place, parameter, value, targetUrl)
                             proceed = not kb.endDetection
 
                             if injection is not None and injection.place is not None:

lib/core/datatype.py

@@ -93,6 +93,7 @@ class InjectionDict(AttribDict):
         self.prefix = None
         self.suffix = None
         self.clause = None
+        self.target = None
 
         # data is a dict with various stype, each which is a dict with
         # all the information specific for that stype

lib/parse/cmdline.py

@@ -287,6 +287,11 @@ def cmdLineParser():
                              action="store_true",
                              help="Compare pages based only on their titles")
 
+
+        detection.add_option("--detect-all", dest="detectAll",
+                             action="store_true",
+                             help="Test all targets and all parameters even if a SQL injection was discovered")
+
         # Techniques options
         techniques = OptionGroup(parser, "Techniques", "These options can be "
                                  "used to tweak testing of specific SQL "