diff --git a/lib/core/option.py b/lib/core/option.py index 28c4603d3..4967dbd2d 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -51,6 +51,7 @@ from lib.core.common import singleTimeWarnMessage from lib.core.common import UnicodeRawConfigParser from lib.core.common import urldecode from lib.core.common import urlencode +from lib.core.convert import base64unpickle from lib.core.data import conf from lib.core.data import kb from lib.core.data import logger @@ -1769,6 +1770,9 @@ def _mergeOptions(inputOptions, overrideOptions): @type inputOptions: C{instance} """ + if inputOptions.pickledOptions: + inputOptions = base64unpickle(inputOptions.pickledOptions) + if inputOptions.configFile: configFileParser(inputOptions.configFile) @@ -2054,9 +2058,9 @@ def init(inputOptions=AttribDict(), overrideOptions=False): if not inputOptions.disableColoring: coloramainit() - else: - if hasattr(LOGGER_HANDLER, "disable_coloring"): - LOGGER_HANDLER.disable_coloring = True + elif hasattr(LOGGER_HANDLER, "disable_coloring"): + LOGGER_HANDLER.disable_coloring = True + _setConfAttributes() _setKnowledgeBaseAttributes() _mergeOptions(inputOptions, overrideOptions) diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py index ba6b98c3e..4278c1214 100644 --- a/lib/core/optiondict.py +++ b/lib/core/optiondict.py @@ -196,6 +196,7 @@ optDict = { "answers": "string", "beep": "boolean", "checkPayload": "boolean", + "checkWaf": "boolean", "cleanup": "boolean", "dependencies": "boolean", "disableColoring": "boolean", diff --git a/lib/core/testing.py b/lib/core/testing.py index 774febcbe..68c45693e 100644 --- a/lib/core/testing.py +++ b/lib/core/testing.py @@ -14,6 +14,7 @@ import StringIO import sys import tempfile import time +import traceback from extra.beep.beep import beep from lib.controller.controller import start @@ -231,6 +232,7 @@ def runCase(switches=None, parse=None): if exception: logger.error("unhandled exception occurred ('%s')" % str(exception)) + tback = traceback.format_exc() retVal = False elif result is False: # if None, ignore logger.error("the test did not run") diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index fc96f4234..945fad0ad 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -664,6 +664,8 @@ def cmdLineParser(): help="Simple wizard interface for beginner users") # Hidden and/or experimental options + parser.add_option("--pickle", dest="pickledOptions", help=SUPPRESS_HELP) + parser.add_option("--profile", dest="profile", action="store_true", help=SUPPRESS_HELP) @@ -757,7 +759,7 @@ def cmdLineParser(): if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, \ args.requestFile, args.updateAll, args.smokeTest, args.liveTest, args.wizard, args.dependencies, \ - args.purgeOutput)): + args.purgeOutput, args.pickledOptions)): errMsg = "missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, --wizard, --update, --purge-output or --dependencies), " errMsg += "use -h for basic or -hh for advanced help" parser.error(errMsg) diff --git a/lib/utils/api.py b/lib/utils/api.py index e02757c49..7106814bc 100644 --- a/lib/utils/api.py +++ b/lib/utils/api.py @@ -18,6 +18,7 @@ from subprocess import Popen from lib.controller.controller import start from lib.core.common import unArrayizeValue +from lib.core.convert import base64pickle from lib.core.convert import hexencode from lib.core.convert import stdoutencode from lib.core.data import paths @@ -48,6 +49,7 @@ RESTAPI_SERVER_PORT = 8775 # Local global variables adminid = "" +procs = dict() tasks = AttribDict() # Generic functions @@ -251,6 +253,7 @@ def scan_start(taskid): Launch a scan """ global tasks + global procs if taskid not in tasks: abort(500, "Invalid task ID") @@ -266,8 +269,8 @@ def scan_start(taskid): # Launch sqlmap engine in a separate thread logger.debug("starting a scan for task ID %s" % taskid) - proc = Popen("python sqlmap.py -c %s" % config_file, shell=True, stdin=PIPE, stdout=PIPE, stderr=PIPE) - stdout, stderr = proc.communicate() + procs[taskid] = Popen("python sqlmap.py --pickle %s" % base64pickle(tasks[taskid]), shell=True, stdin=PIPE, stdout=PIPE, stderr=PIPE) + stdout, stderr = procs[taskid].communicate() return jsonize({"success": True})