sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-03 05:04:11 +03:00
Code Issues Packages Projects Releases Wiki Activity

Implementing --skip-heuristics (#4414)

Browse Source
This commit is contained in:
Miroslav Stampar 2020-11-09 22:11:11 +01:00
parent a35fc713a2
commit c243c5fe0d
5 changed files with 16 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
lib/controller/checks.py
View File

@ -876,8 +876,12 @@ def heuristicCheckDbms(injection):
to identify with a simple DBMS specific boolean-based test what the DBMS to identify with a simple DBMS specific boolean-based test what the DBMS
may be may be
""" """
retVal = False retVal = False
if conf.skipHeuristics:
return retVal
pushValue(kb.injection) pushValue(kb.injection)
kb.injection = injection kb.injection = injection
@ -1031,6 +1035,9 @@ def checkFilteredChars(injection):
kb.injection = popValue() kb.injection = popValue()
def heuristicCheckSqlInjection(place, parameter): def heuristicCheckSqlInjection(place, parameter):
if conf.skipHeuristics:
return None
if kb.heavilyDynamic: if kb.heavilyDynamic:
debugMsg = "heuristic check skipped because of heavy dynamicity" debugMsg = "heuristic check skipped because of heavy dynamicity"
logger.debug(debugMsg) logger.debug(debugMsg)

1
lib/core/optiondict.py
View File

@ -228,6 +228,7 @@ optDict = {
"repair": "boolean", "repair": "boolean",
"saveConfig": "string", "saveConfig": "string",
"scope": "string", "scope": "string",
"skipHeuristics": "boolean",
"skipWaf": "boolean", "skipWaf": "boolean",
"testFilter": "string", "testFilter": "string",
"testSkip": "string", "testSkip": "string",

2
lib/core/settings.py
View File

@ -18,7 +18,7 @@ from lib.core.enums import OS
from thirdparty.six import unichr as _unichr from thirdparty.six import unichr as _unichr
# sqlmap version (<major>.<minor>.<month>.<monthly commit>) # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.4.11.3" VERSION = "1.4.11.4"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

3
lib/parse/cmdline.py
View File

@ -700,6 +700,9 @@ def cmdLineParser(argv=None):
general.add_argument("--scope", dest="scope", general.add_argument("--scope", dest="scope",
help="Regexp for filtering targets") help="Regexp for filtering targets")
general.add_argument("--skip-heuristics", dest="skipHeuristics", action="store_true",
help="Skip heuristic detection of SQLi/XSS vulnerabilities")
general.add_argument("--skip-waf", dest="skipWaf", action="store_true", general.add_argument("--skip-waf", dest="skipWaf", action="store_true",
help="Skip heuristic detection of WAF/IPS protection") help="Skip heuristic detection of WAF/IPS protection")

4
sqlmap.conf
View File

@ -787,6 +787,10 @@ repair = False
# Example: (google|yahoo) # Example: (google|yahoo)
scope = scope =
# Skip heuristic detection of SQLi/XSS vulnerabilities.
# Valid: True or False
skipHeuristics = False
# Skip heuristic detection of WAF/IPS protection. # Skip heuristic detection of WAF/IPS protection.
# Valid: True or False # Valid: True or False
skipWaf = False skipWaf = False