diff --git a/lib/core/option.py b/lib/core/option.py index b8d784cf5..e3ace6ec6 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -1785,8 +1785,8 @@ def _cleanupOptions(): if conf.col: conf.col = re.sub(r"\s*,\s*", ',', conf.col) - if conf.excludeCol: - conf.excludeCol = re.sub(r"\s*,\s*", ',', conf.excludeCol) + if conf.exclude: + conf.exclude = re.sub(r"\s*,\s*", ',', conf.exclude) if conf.binaryFields: conf.binaryFields = re.sub(r"\s*,\s*", ',', conf.binaryFields) diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py index ba79baa91..e71e4b3f1 100644 --- a/lib/core/optiondict.py +++ b/lib/core/optiondict.py @@ -139,7 +139,7 @@ optDict = { "db": "string", "tbl": "string", "col": "string", - "excludeCol": "string", + "exclude": "string", "pivotColumn": "string", "dumpWhere": "string", "user": "string", diff --git a/lib/core/settings.py b/lib/core/settings.py index 05ed12b95..e4dad087f 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.2.10" +VERSION = "1.2.2.11" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index 776ed35fe..83161b686 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -464,8 +464,8 @@ def cmdLineParser(argv=None): enumeration.add_option("-C", dest="col", help="DBMS database table column(s) to enumerate") - enumeration.add_option("-X", dest="excludeCol", - help="DBMS database table column(s) to not enumerate") + enumeration.add_option("-X", dest="exclude", + help="DBMS database identifier(s) to not enumerate") enumeration.add_option("-U", dest="user", help="DBMS user to enumerate") diff --git a/plugins/dbms/maxdb/enumeration.py b/plugins/dbms/maxdb/enumeration.py index 3ab5770a7..79a2c9587 100644 --- a/plugins/dbms/maxdb/enumeration.py +++ b/plugins/dbms/maxdb/enumeration.py @@ -120,8 +120,8 @@ class Enumeration(GenericEnumeration): else: colList = [] - if conf.excludeCol: - colList = [_ for _ in colList if _ not in conf.excludeCol.split(',')] + if conf.exclude: + colList = [_ for _ in colList if _ not in conf.exclude.split(',')] for col in colList: colList[colList.index(col)] = safeSQLIdentificatorNaming(col) diff --git a/plugins/dbms/mssqlserver/enumeration.py b/plugins/dbms/mssqlserver/enumeration.py index 83b1a4ff4..c0eec311b 100644 --- a/plugins/dbms/mssqlserver/enumeration.py +++ b/plugins/dbms/mssqlserver/enumeration.py @@ -14,6 +14,7 @@ from lib.core.common import isNumPosStrValue from lib.core.common import isTechniqueAvailable from lib.core.common import safeSQLIdentificatorNaming from lib.core.common import safeStringFormat +from lib.core.common import singleTimeLogMessage from lib.core.common import unArrayizeValue from lib.core.common import unsafeSQLIdentificatorNaming from lib.core.data import conf @@ -94,8 +95,12 @@ class Enumeration(GenericEnumeration): for db in dbs: if conf.excludeSysDbs and db in self.excludeDbsList: infoMsg = "skipping system database '%s'" % db - logger.info(infoMsg) + singleTimeLogMessage(infoMsg) + continue + if conf.exclude and db in conf.exclude.split(','): + infoMsg = "skipping database '%s'" % db + singleTimeLogMessage(infoMsg) continue for query in (rootQuery.inband.query, rootQuery.inband.query2, rootQuery.inband.query3): @@ -113,8 +118,12 @@ class Enumeration(GenericEnumeration): for db in dbs: if conf.excludeSysDbs and db in self.excludeDbsList: infoMsg = "skipping system database '%s'" % db - logger.info(infoMsg) + singleTimeLogMessage(infoMsg) + continue + if conf.exclude and db in conf.exclude.split(','): + infoMsg = "skipping database '%s'" % db + singleTimeLogMessage(infoMsg) continue infoMsg = "fetching number of tables for " @@ -199,8 +208,12 @@ class Enumeration(GenericEnumeration): if conf.excludeSysDbs and db in self.excludeDbsList: infoMsg = "skipping system database '%s'" % db - logger.info(infoMsg) + singleTimeLogMessage(infoMsg) + continue + if conf.exclude and db in conf.exclude.split(','): + infoMsg = "skipping database '%s'" % db + singleTimeLogMessage(infoMsg) continue if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct: @@ -271,8 +284,8 @@ class Enumeration(GenericEnumeration): infoMsgDb = "" colList = conf.col.split(',') - if conf.excludeCol: - colList = [_ for _ in colList if _ not in conf.excludeCol.split(',')] + if conf.exclude: + colList = [_ for _ in colList if _ not in conf.exclude.split(',')] origTbl = conf.tbl origDb = conf.db @@ -318,8 +331,7 @@ class Enumeration(GenericEnumeration): _ = conf.db.split(',') infoMsgDb = " in database%s '%s'" % ("s" if len(_) > 1 else "", ", ".join(db for db in _)) elif conf.excludeSysDbs: - msg = "skipping system database%s '%s'" % ("s" if len(self.excludeDbsList) > 1 else "", ", ".join(db for db in self.excludeDbsList)) - logger.info(msg) + infoMsgDb = " not in system database%s '%s'" % ("s" if len(self.excludeDbsList) > 1 else "", ", ".join(db for db in self.excludeDbsList)) else: infoMsgDb = " across all databases" @@ -334,6 +346,9 @@ class Enumeration(GenericEnumeration): if conf.excludeSysDbs and db in self.excludeDbsList: continue + if conf.exclude and db in conf.exclude.split(','): + continue + if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct: query = rootQuery.inband.query % (db, db, db, db, db, db) query += " AND %s" % colQuery.replace("[DB]", db) diff --git a/plugins/dbms/sybase/enumeration.py b/plugins/dbms/sybase/enumeration.py index a55d31a2e..2b5f2d6f3 100644 --- a/plugins/dbms/sybase/enumeration.py +++ b/plugins/dbms/sybase/enumeration.py @@ -188,8 +188,8 @@ class Enumeration(GenericEnumeration): else: colList = [] - if conf.excludeCol: - colList = [_ for _ in colList if _ not in conf.excludeCol.split(',')] + if conf.exclude: + colList = [_ for _ in colList if _ not in conf.exclude.split(',')] for col in colList: colList[colList.index(col)] = safeSQLIdentificatorNaming(col) diff --git a/plugins/generic/databases.py b/plugins/generic/databases.py index 36c00b4f2..02fce6b7a 100644 --- a/plugins/generic/databases.py +++ b/plugins/generic/databases.py @@ -23,6 +23,7 @@ from lib.core.common import pushValue from lib.core.common import randomStr from lib.core.common import readInput from lib.core.common import safeSQLIdentificatorNaming +from lib.core.common import singleTimeLogMessage from lib.core.common import singleTimeWarnMessage from lib.core.common import unArrayizeValue from lib.core.common import unsafeSQLIdentificatorNaming @@ -298,7 +299,11 @@ class Databases: if conf.excludeSysDbs and db in self.excludeDbsList: infoMsg = "skipping system database '%s'" % unsafeSQLIdentificatorNaming(db) logger.info(infoMsg) + continue + if conf.exclude and db in conf.exclude.split(','): + infoMsg = "skipping database '%s'" % unsafeSQLIdentificatorNaming(db) + singleTimeLogMessage(infoMsg) continue infoMsg = "fetching number of tables for " @@ -410,8 +415,8 @@ class Databases: else: colList = [] - if conf.excludeCol: - colList = [_ for _ in colList if _ not in conf.excludeCol.split(',')] + if conf.exclude: + colList = [_ for _ in colList if _ not in conf.exclude.split(',')] for col in colList: colList[colList.index(col)] = safeSQLIdentificatorNaming(col) diff --git a/plugins/generic/entries.py b/plugins/generic/entries.py index 66a2eb2b5..0fab15af1 100644 --- a/plugins/generic/entries.py +++ b/plugins/generic/entries.py @@ -22,6 +22,7 @@ from lib.core.common import isTechniqueAvailable from lib.core.common import prioritySortColumns from lib.core.common import readInput from lib.core.common import safeSQLIdentificatorNaming +from lib.core.common import singleTimeLogMessage from lib.core.common import unArrayizeValue from lib.core.common import unsafeSQLIdentificatorNaming from lib.core.data import conf @@ -68,11 +69,16 @@ class Entries: if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.HSQLDB): conf.db = conf.db.upper() - if ',' in conf.db: + if ',' in conf.db: errMsg = "only one database name is allowed when enumerating " errMsg += "the tables' columns" raise SqlmapMissingMandatoryOptionException(errMsg) + if conf.exclude and conf.db in conf.exclude.split(','): + infoMsg = "skipping database '%s'" % unsafeSQLIdentificatorNaming(conf.db) + singleTimeLogMessage(infoMsg) + return + conf.db = safeSQLIdentificatorNaming(conf.db) if conf.tbl: @@ -99,6 +105,11 @@ class Entries: tblList[tblList.index(tbl)] = safeSQLIdentificatorNaming(tbl, True) for tbl in tblList: + if conf.exclude and tbl in conf.exclude.split(','): + infoMsg = "skipping table '%s'" % unsafeSQLIdentificatorNaming(tbl) + singleTimeLogMessage(infoMsg) + continue + conf.tbl = tbl kb.data.dumpedTable = {} @@ -129,8 +140,8 @@ class Entries: columns = kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)][safeSQLIdentificatorNaming(tbl, True)] colList = sorted(filter(None, columns.keys())) - if conf.excludeCol: - colList = [_ for _ in colList if _ not in conf.excludeCol.split(',')] + if conf.exclude: + colList = [_ for _ in colList if _ not in conf.exclude.split(',')] if not colList: warnMsg = "skipping table '%s'" % unsafeSQLIdentificatorNaming(tbl) @@ -465,6 +476,11 @@ class Entries: conf.db = db for table in tables: + if conf.exclude and table in conf.exclude.split(','): + infoMsg = "skipping table '%s'" % unsafeSQLIdentificatorNaming(table) + logger.info(infoMsg) + continue + try: conf.tbl = table kb.data.cachedColumns = {} @@ -530,8 +546,8 @@ class Entries: conf.tbl = table colList = filter(None, sorted(columns)) - if conf.excludeCol: - colList = [_ for _ in colList if _ not in conf.excludeCol.split(',')] + if conf.exclude: + colList = [_ for _ in colList if _ not in conf.exclude.split(',')] conf.col = ','.join(colList) kb.data.cachedColumns = {} diff --git a/plugins/generic/search.py b/plugins/generic/search.py index b5d860423..e07e98bf6 100644 --- a/plugins/generic/search.py +++ b/plugins/generic/search.py @@ -371,8 +371,8 @@ class Search: infoMsgDb = "" colList = conf.col.split(',') - if conf.excludeCol: - colList = [_ for _ in colList if _ not in conf.excludeCol.split(',')] + if conf.exclude: + colList = [_ for _ in colList if _ not in conf.exclude.split(',')] origTbl = conf.tbl origDb = conf.db diff --git a/sqlmap.conf b/sqlmap.conf index 77849ce71..522e02df0 100644 --- a/sqlmap.conf +++ b/sqlmap.conf @@ -494,8 +494,8 @@ tbl = # Back-end database management system database table column(s) to enumerate. col = -# Back-end database management system database table column(s) to not enumerate. -excludeCol = +# Back-end database management system identifiers (database(s), table(s) and column(s)) to not enumerate. +exclude = # Pivot column name. pivotColumn = diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 8c0dd8ba8..2d513f00e 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -39,14 +39,14 @@ c8551f7696a76450e6d139409e4f06cd lib/core/enums.py cada93357a7321655927fc9625b3bfec lib/core/exception.py 1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py 458a194764805cd8312c14ecd4be4d1e lib/core/log.py -9eed2d4d370f375bda5e0c0488740e7f lib/core/optiondict.py -02c846bf9fddbcb75afed72c0d6b9bdc lib/core/option.py +63ac6631d75e4f7c20b946a0c06bad33 lib/core/optiondict.py +785746cab318fe550d98c37296a0a888 lib/core/option.py 7dadbb9a301d40cc8cd9c7491e99b43d lib/core/profiling.py ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -659fe726d16a8b4557d96d82181ace88 lib/core/settings.py +5c1731dff66559f45f9f6ab7d85335df lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 505aaa61e1bba3c3d4567c3e667699e3 lib/core/target.py @@ -57,7 +57,7 @@ c40758411bb0bd68764d78e0bb72bd0f lib/core/unescaper.py fc624104ddb36d41794b7a943fde5f21 lib/core/wordlist.py 1e5532ede194ac9c083891c2f02bca93 lib/__init__.py 7620f1f4b8791e13c7184c06b5421754 lib/parse/banner.py -a6912de35b7184e2e8b1fe2510c0c333 lib/parse/cmdline.py +27c4d3e568d199e01d1cffd37b370516 lib/parse/cmdline.py fb2e2f05dde98caeac6ccf3e67192177 lib/parse/configfile.py 3794ff139869f5ae8e81cfdbe5714f56 lib/parse/handler.py 263ee1cec41facd2a06d0dc887b207ad lib/parse/headers.py @@ -153,14 +153,14 @@ da9dccd1f9ec2cf1e53295125dd983a0 plugins/dbms/informix/filesystem.py 25f0fb28e9defcab48a2e946fbb7550a plugins/dbms/informix/takeover.py 1e5532ede194ac9c083891c2f02bca93 plugins/dbms/__init__.py 6917f9b045f6188b89e816dea9b46a3f plugins/dbms/maxdb/connector.py -b2df2dfaa44659ac02df396fb2174d23 plugins/dbms/maxdb/enumeration.py +615be11d750530211af244b6ca6aef14 plugins/dbms/maxdb/enumeration.py ffd26f64142226d0b1ed1d70f7f294c0 plugins/dbms/maxdb/filesystem.py 9f9f1c4c4c3150545c4b61d1cffc76a8 plugins/dbms/maxdb/fingerprint.py 4321d7018f5121343460ebfd83bb69be plugins/dbms/maxdb/__init__.py e7d44671ae26c0bcd5fe8448be070bbd plugins/dbms/maxdb/syntax.py bf7842bb291e2297c3c8d1023eb3e550 plugins/dbms/maxdb/takeover.py 6439d15c1e8cdb069056c4fa725326df plugins/dbms/mssqlserver/connector.py -fdc3cc66d0d35f6ebee0dd625a87f4e9 plugins/dbms/mssqlserver/enumeration.py +a833fbc30ab1133bc6ba293d97d0ef7c plugins/dbms/mssqlserver/enumeration.py 7e495d786fa8e1da96e73e2905bbd7dd plugins/dbms/mssqlserver/filesystem.py 03d463c15ebbfa4e49155b261b59db31 plugins/dbms/mssqlserver/fingerprint.py affef90b1442285da7e89e46603c502e plugins/dbms/mssqlserver/__init__.py @@ -195,7 +195,7 @@ f639120d42b33b6ca67930bddbf2ac1f plugins/dbms/sqlite/__init__.py 964e59d2eba619b068b0a15cea28efe0 plugins/dbms/sqlite/syntax.py 3364b2938d7040c507cd622c323557dc plugins/dbms/sqlite/takeover.py 6439d15c1e8cdb069056c4fa725326df plugins/dbms/sybase/connector.py -006b647e955d7638687d16e047e9c587 plugins/dbms/sybase/enumeration.py +31462dc5a1cd2a1b4eba6762d18fb48c plugins/dbms/sybase/enumeration.py 74de450dd6d6d006aa9c7eed56e6b09a plugins/dbms/sybase/filesystem.py c8ee0deaa2309e96d9a409ff1524f3ad plugins/dbms/sybase/fingerprint.py a3db8618eed5bb2807b6f77605cba9cc plugins/dbms/sybase/__init__.py @@ -203,14 +203,14 @@ a3db8618eed5bb2807b6f77605cba9cc plugins/dbms/sybase/__init__.py 79f6c7017db4ded8f74a0117188836ff plugins/dbms/sybase/takeover.py 34d181a7086d6dfc7e72ae5f8a4cfe0f plugins/generic/connector.py e6cd1c5a5244d83396b401f7db43d323 plugins/generic/custom.py -315a3ced9667065b24de040af296037a plugins/generic/databases.py -b1bd764e8f417222ebb1890232290679 plugins/generic/entries.py +554f925e0a66f62b8ba39dd6c95d1e7f plugins/generic/databases.py +764a8fd5a99224910885c6b94a592170 plugins/generic/entries.py d82f2c78c1d4d7c6487e94fd3a68a908 plugins/generic/enumeration.py ea0f3b9085061b272bfd98c13ad2d977 plugins/generic/filesystem.py f5d5419efddfe04648ea5e953c650793 plugins/generic/fingerprint.py 1e5532ede194ac9c083891c2f02bca93 plugins/generic/__init__.py f7874230e5661910d5fd21544c7d1022 plugins/generic/misc.py -8995e814cb8e854bd77534f687535014 plugins/generic/search.py +b1d2a7f3170f9b69e71335aa47f9b08b plugins/generic/search.py a70cc0ada4b0cc9e7df23cb6d48a4a0c plugins/generic/syntax.py e522c294676ede15bee751107e9bb449 plugins/generic/takeover.py 4419b13a4b78d7e9e4a2632302344a1a plugins/generic/users.py