Minor code refactoring

This commit is contained in:
Bernardo Damele 2010-01-14 20:42:45 +00:00
parent 26c7b74e65
commit c4215ce8d2
6 changed files with 30 additions and 29 deletions

View File

@ -27,15 +27,16 @@ optDict = {
"Target": {
"url": "string",
"list": "string",
"requestFile": "string",
"googleDork": "string",
"configFile": "string",
"requestFile": "string"
"configFile": "string"
},
"Request": {
"method": "string",
"data": "string",
"cookie": "string",
"cookieUrlencode": "boolean",
"dropSetCookie": "boolean",
"referer": "string",
"agent": "string",
@ -62,7 +63,6 @@ optDict = {
"regexp": "string",
"eString": "string",
"eRegexp": "string",
"cookieUrlencode": "boolean"
},
"Techniques": {

View File

@ -27,7 +27,7 @@ import subprocess
import sys
# sqlmap version and site
VERSION = "0.8-rc4"
VERSION = "0.8-rc5"
VERSION_STRING = "sqlmap/%s" % VERSION
SITE = "http://sqlmap.sourceforge.net"

View File

@ -53,15 +53,15 @@ def cmdLineParser():
target.add_option("-l", dest="list", help="Parse targets from Burp "
"or WebScarab proxy logs")
target.add_option("-r", dest="requestFile",
help="Load HTTP request from a file")
target.add_option("-g", dest="googleDork",
help="Process Google dork results as target urls")
target.add_option("-c", dest="configFile",
help="Load options from a configuration INI file")
target.add_option("-r", dest="requestFile",
help="Load HTTP request from a file")
# Request options
request = OptionGroup(parser, "Request", "These options can be used "
"to specify how to connect to the target url.")
@ -75,7 +75,12 @@ def cmdLineParser():
request.add_option("--cookie", dest="cookie",
help="HTTP Cookie header")
request.add_option("--drop-set-cookie", dest="dropSetCookie", action="store_true",
request.add_option("--cookie-urlencode", dest="cookieUrlencode",
action="store_true",
help="URL-encode generated cookie injections")
request.add_option("--drop-set-cookie", dest="dropSetCookie",
action="store_true",
help="Ignore Set-Cookie header from response")
request.add_option("--user-agent", dest="agent",
@ -164,10 +169,6 @@ def cmdLineParser():
help="Matches to be excluded before "
"comparing page contents")
injection.add_option("--cookie-urlencode", dest="cookieUrlencode",
action="store_true",
help="URLEncode generated cookie injections")
# Techniques options
techniques = OptionGroup(parser, "Techniques", "These options can "
"be used to test for specific SQL injection "

View File

@ -636,15 +636,14 @@ class Metasploit:
def uploadMsfPayloadStager(self, web=False):
if web:
self.exeFilePathRemote = "./%s" % os.path.basename(self.exeFilePathLocal)
self.exeFilePathRemote = "%s/%s" % (self.webDirectory, os.path.basename(self.exeFilePathLocal))
else:
self.exeFilePathRemote = "%s/%s" % (conf.tmpPath, os.path.basename(self.exeFilePathLocal))
logger.info("uploading payload stager to '%s'" % self.exeFilePathRemote)
if web:
for directory in self.webDirectories:
self.webFileUpload(self.exeFilePathLocal, self.exeFilePathRemote, directory)
self.webFileUpload(self.exeFilePathLocal, self.exeFilePathRemote, self.webDirectory)
else:
self.writeFile(self.exeFilePathLocal, self.exeFilePathRemote, "binary", False)

View File

@ -51,7 +51,7 @@ class Web:
self.webBaseUrl = None
self.webBackdoorUrl = None
self.webUploaderUrl = None
self.webDirectories = set()
self.webDirectory = None
def webBackdoorRunCmd(self, cmd):
if self.webBackdoorUrl is None:
@ -114,9 +114,9 @@ class Web:
self.checkDbmsOs()
kb.docRoot = getDocRoot()
self.webDirectories = getDirs()
self.webDirectories = list(self.webDirectories)
self.webDirectories.sort()
directories = getDirs()
directories = list(directories)
directories.sort()
infoMsg = "trying to upload the uploader agent"
logger.info(infoMsg)
@ -154,7 +154,7 @@ class Web:
uploaderName = "uploader.%s" % self.webApi
uploaderStr = fileToStr(os.path.join(paths.SQLMAP_SHELL_PATH, uploaderName))
for directory in self.webDirectories:
for directory in directories:
# Upload the uploader agent
outFile = os.path.normpath("%s/%s" % (directory, uploaderName))
uplQuery = uploaderStr.replace("WRITABLE_DIR", directory)
@ -184,6 +184,7 @@ class Web:
self.webFileUpload(backdoorPath, backdoorName, directory)
self.webBackdoorUrl = "%s/%s" % (self.webBaseUrl, backdoorName)
self.webDirectory = directory
infoMsg = "the backdoor has probably been successfully "
infoMsg += "uploaded on '%s', go with your browser " % directory

View File

@ -10,6 +10,10 @@ url =
# 'conversations/' folder path
list =
# Load HTTP request from a file
# Example (file content): POST /login.jsp HTTP/1.1\nHost: example.com\nUser-Agent: Mozilla/4.0\n\nuserid=joe&password=guessme
requestFile =
# Rather than providing a target url, let Google return target
# hosts as result of your Google dork expression. For a list of Google
# dorks see Johnny Long Google Hacking Database at
@ -17,10 +21,6 @@ list =
# Example: +ext:php +inurl:"&id=" +intext:"powered by "
googleDork =
# Load HTTP request from a file
# Example (file content): POST /login.jsp HTTP/1.1\nHost: example.com\nUser-Agent: Mozilla/4.0\n\nuserid=joe&password=guessme
requestFile =
[Request]
# HTTP method to perform HTTP requests.
@ -35,6 +35,10 @@ data =
# HTTP Cookie header.
cookie =
# URL-encode generated cookie injections.
# Valid: True or False
cookieUrlencode = False
# Ignore Set-Cookie header from response
# Valid: True or False
dropSetCookie = False
@ -155,10 +159,6 @@ eString =
# (http://www.python.org/doc/2.5.2/lib/re-syntax.html)
eRegexp =
# URLEncode generated cookie injections.
# Valid: True or False
cookieUrlencode = False
[Techniques]
# Test for stacked queries (multiple statements) support.