sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-25 02:53:46 +03:00
Code Issues Packages Projects Releases Wiki Activity

added --scope feature regarding Feature #105

Browse Source
This commit is contained in:
Miroslav Stampar 2010-01-09 20:44:50 +00:00
parent f316e722c1
commit d58ba7ee6d
4 changed files with 16 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/core/option.py
View File

@ -162,7 +162,10 @@ def __feedTargetsDict(reqFile, addedTargetUrls):
elif method is not None and method == "POST" and "=" in line: elif method is not None and method == "POST" and "=" in line:
data = line data = line
params = True params = True
if conf.scope:
getPostReq &= re.search(conf.scope, host) is not None
if getPostReq and params: if getPostReq and params:
if not url.startswith("http"): if not url.startswith("http"):
url = "%s://%s:%s%s" % (scheme or "http", host, port or "80", url) url = "%s://%s:%s%s" % (scheme or "http", host, port or "80", url)

5
lib/core/optiondict.py
View File

@ -45,7 +45,9 @@ optDict = {
"proxy": "string", "proxy": "string",
"threads": "integer", "threads": "integer",
"delay": "float", "delay": "float",
"timeout": "float" "timeout": "float",
"retries": "integer",
"scope": "string"
}, },
"Injection": { "Injection": {
@ -63,6 +65,7 @@ optDict = {
"Techniques": { "Techniques": {
"stackedTest": "boolean", "stackedTest": "boolean",
"timeTest": "boolean", "timeTest": "boolean",
"timesec": "integer",
"unionTest": "boolean", "unionTest": "boolean",
"uTech": "string", "uTech": "string",
"unionUse": "boolean" "unionUse": "boolean"

3
lib/parse/cmdline.py
View File

@ -117,6 +117,9 @@ def cmdLineParser():
request.add_option("--retries", dest="retries", type="int", default=3, request.add_option("--retries", dest="retries", type="int", default=3,
help="Retries when the connection timeouts " help="Retries when the connection timeouts "
"(default 3)") "(default 3)")
request.add_option("--scope", dest="scope",
help="Regex expression for filtering targets "
"from provided Burp or WebScarab log")
# Injection options # Injection options
injection = OptionGroup(parser, "Injection", "These options can be " injection = OptionGroup(parser, "Injection", "These options can be "

6
sqlmap.conf
View File

@ -95,6 +95,10 @@ timeout = 30
# Default: 3 # Default: 3
retries = 3 retries = 3
# Regex expression for filtering targets
# from provided Burp or WebScarab log (e.g. (google|yahoo))
scope = None
[Injection] [Injection]
@ -415,4 +419,4 @@ cleanup = False
# 4: Show also HTTP responses headers # 4: Show also HTTP responses headers
# 5: Show also HTTP responses page content # 5: Show also HTTP responses page content
# Default: 1 # Default: 1
verbose = 1 verbose = 1