From ef7d4bb404b9bfe9b799a1491626cc7aab3fec91 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 24 May 2019 12:01:39 +0200 Subject: [PATCH] Some refactoring (data) --- {procs => data/procs}/README.txt | 0 .../mssqlserver/activate_sp_oacreate.sql | 0 .../mssqlserver/configure_openrowset.sql | 0 .../mssqlserver/configure_xp_cmdshell.sql | 0 .../mssqlserver/create_new_xp_cmdshell.sql | 0 .../mssqlserver/disable_xp_cmdshell_2000.sql | 0 .../procs}/mssqlserver/dns_request.sql | 0 .../mssqlserver/enable_xp_cmdshell_2000.sql | 0 .../mssqlserver/run_statement_as_user.sql | 0 {procs => data/procs}/mysql/dns_request.sql | 0 .../procs}/mysql/write_file_limit.sql | 0 {procs => data/procs}/oracle/dns_request.sql | 0 .../procs}/postgresql/dns_request.sql | 0 {shell => data/shell}/README.txt | 0 {shell => data/shell}/backdoors/backdoor.asp_ | Bin .../shell}/backdoors/backdoor.aspx_ | Bin {shell => data/shell}/backdoors/backdoor.jsp_ | Bin {shell => data/shell}/backdoors/backdoor.php_ | Bin {shell => data/shell}/stagers/stager.asp_ | Bin {shell => data/shell}/stagers/stager.aspx_ | Bin {shell => data/shell}/stagers/stager.jsp_ | Bin {shell => data/shell}/stagers/stager.php_ | Bin {txt => data/txt}/common-columns.txt | 0 {txt => data/txt}/common-outputs.txt | 0 {txt => data/txt}/common-tables.txt | 0 {txt => data/txt}/keywords.txt | 0 {txt => data/txt}/smalldict.txt | 0 {txt => data/txt}/user-agents.txt | 0 txt/wordlist.zip => data/txt/wordlist.tx_ | Bin {udf => data/udf}/README.txt | 0 .../udf}/mysql/linux/32/lib_mysqludf_sys.so_ | Bin .../udf}/mysql/linux/64/lib_mysqludf_sys.so_ | Bin .../mysql/windows/32/lib_mysqludf_sys.dll_ | Bin .../mysql/windows/64/lib_mysqludf_sys.dll_ | Bin .../linux/32/8.2/lib_postgresqludf_sys.so_ | Bin .../linux/32/8.3/lib_postgresqludf_sys.so_ | Bin .../linux/32/8.4/lib_postgresqludf_sys.so_ | Bin .../linux/32/9.0/lib_postgresqludf_sys.so_ | Bin .../linux/32/9.1/lib_postgresqludf_sys.so_ | Bin .../linux/32/9.2/lib_postgresqludf_sys.so_ | Bin .../linux/32/9.3/lib_postgresqludf_sys.so_ | Bin .../linux/32/9.4/lib_postgresqludf_sys.so_ | Bin .../linux/64/8.2/lib_postgresqludf_sys.so_ | Bin .../linux/64/8.3/lib_postgresqludf_sys.so_ | Bin .../linux/64/8.4/lib_postgresqludf_sys.so_ | Bin .../linux/64/9.0/lib_postgresqludf_sys.so_ | Bin .../linux/64/9.1/lib_postgresqludf_sys.so_ | Bin .../linux/64/9.2/lib_postgresqludf_sys.so_ | Bin .../linux/64/9.3/lib_postgresqludf_sys.so_ | Bin .../linux/64/9.4/lib_postgresqludf_sys.so_ | Bin .../windows/32/8.2/lib_postgresqludf_sys.dll_ | Bin .../windows/32/8.3/lib_postgresqludf_sys.dll_ | Bin .../windows/32/8.4/lib_postgresqludf_sys.dll_ | Bin .../windows/32/9.0/lib_postgresqludf_sys.dll_ | Bin {xml => data/xml}/banner/generic.xml | 0 {xml => data/xml}/banner/mssql.xml | 0 {xml => data/xml}/banner/mysql.xml | 0 {xml => data/xml}/banner/oracle.xml | 0 {xml => data/xml}/banner/postgresql.xml | 0 {xml => data/xml}/banner/server.xml | 0 {xml => data/xml}/banner/servlet-engine.xml | 0 {xml => data/xml}/banner/set-cookie.xml | 0 {xml => data/xml}/banner/sharepoint.xml | 0 {xml => data/xml}/banner/x-aspnet-version.xml | 0 {xml => data/xml}/banner/x-powered-by.xml | 0 {xml => data/xml}/boundaries.xml | 0 {xml => data/xml}/errors.xml | 0 {xml => data/xml}/livetests.xml | 0 {xml => data/xml}/payloads/boolean_blind.xml | 0 {xml => data/xml}/payloads/error_based.xml | 0 {xml => data/xml}/payloads/inline_query.xml | 0 .../xml}/payloads/stacked_queries.xml | 0 {xml => data/xml}/payloads/time_blind.xml | 0 {xml => data/xml}/payloads/union_query.xml | 0 {xml => data/xml}/queries.xml | 0 lib/core/common.py | 69 +++++++++++------- lib/core/settings.py | 5 +- lib/core/wordlist.py | 3 +- lib/utils/hash.py | 3 +- 79 files changed, 50 insertions(+), 30 deletions(-) rename {procs => data/procs}/README.txt (100%) rename {procs => data/procs}/mssqlserver/activate_sp_oacreate.sql (100%) rename {procs => data/procs}/mssqlserver/configure_openrowset.sql (100%) rename {procs => data/procs}/mssqlserver/configure_xp_cmdshell.sql (100%) rename {procs => data/procs}/mssqlserver/create_new_xp_cmdshell.sql (100%) rename {procs => data/procs}/mssqlserver/disable_xp_cmdshell_2000.sql (100%) rename {procs => data/procs}/mssqlserver/dns_request.sql (100%) rename {procs => data/procs}/mssqlserver/enable_xp_cmdshell_2000.sql (100%) rename {procs => data/procs}/mssqlserver/run_statement_as_user.sql (100%) rename {procs => data/procs}/mysql/dns_request.sql (100%) rename {procs => data/procs}/mysql/write_file_limit.sql (100%) rename {procs => data/procs}/oracle/dns_request.sql (100%) rename {procs => data/procs}/postgresql/dns_request.sql (100%) rename {shell => data/shell}/README.txt (100%) rename {shell => data/shell}/backdoors/backdoor.asp_ (100%) rename {shell => data/shell}/backdoors/backdoor.aspx_ (100%) rename {shell => data/shell}/backdoors/backdoor.jsp_ (100%) rename {shell => data/shell}/backdoors/backdoor.php_ (100%) rename {shell => data/shell}/stagers/stager.asp_ (100%) rename {shell => data/shell}/stagers/stager.aspx_ (100%) rename {shell => data/shell}/stagers/stager.jsp_ (100%) rename {shell => data/shell}/stagers/stager.php_ (100%) rename {txt => data/txt}/common-columns.txt (100%) rename {txt => data/txt}/common-outputs.txt (100%) rename {txt => data/txt}/common-tables.txt (100%) rename {txt => data/txt}/keywords.txt (100%) rename {txt => data/txt}/smalldict.txt (100%) rename {txt => data/txt}/user-agents.txt (100%) rename txt/wordlist.zip => data/txt/wordlist.tx_ (100%) rename {udf => data/udf}/README.txt (100%) rename {udf => data/udf}/mysql/linux/32/lib_mysqludf_sys.so_ (100%) rename {udf => data/udf}/mysql/linux/64/lib_mysqludf_sys.so_ (100%) rename {udf => data/udf}/mysql/windows/32/lib_mysqludf_sys.dll_ (100%) rename {udf => data/udf}/mysql/windows/64/lib_mysqludf_sys.dll_ (100%) rename {udf => data/udf}/postgresql/linux/32/8.2/lib_postgresqludf_sys.so_ (100%) rename {udf => data/udf}/postgresql/linux/32/8.3/lib_postgresqludf_sys.so_ (100%) rename {udf => data/udf}/postgresql/linux/32/8.4/lib_postgresqludf_sys.so_ (100%) rename {udf => data/udf}/postgresql/linux/32/9.0/lib_postgresqludf_sys.so_ (100%) rename {udf => data/udf}/postgresql/linux/32/9.1/lib_postgresqludf_sys.so_ (100%) rename {udf => data/udf}/postgresql/linux/32/9.2/lib_postgresqludf_sys.so_ (100%) rename {udf => data/udf}/postgresql/linux/32/9.3/lib_postgresqludf_sys.so_ (100%) rename {udf => data/udf}/postgresql/linux/32/9.4/lib_postgresqludf_sys.so_ (100%) rename {udf => data/udf}/postgresql/linux/64/8.2/lib_postgresqludf_sys.so_ (100%) rename {udf => data/udf}/postgresql/linux/64/8.3/lib_postgresqludf_sys.so_ (100%) rename {udf => data/udf}/postgresql/linux/64/8.4/lib_postgresqludf_sys.so_ (100%) rename {udf => data/udf}/postgresql/linux/64/9.0/lib_postgresqludf_sys.so_ (100%) rename {udf => data/udf}/postgresql/linux/64/9.1/lib_postgresqludf_sys.so_ (100%) rename {udf => data/udf}/postgresql/linux/64/9.2/lib_postgresqludf_sys.so_ (100%) rename {udf => data/udf}/postgresql/linux/64/9.3/lib_postgresqludf_sys.so_ (100%) rename {udf => data/udf}/postgresql/linux/64/9.4/lib_postgresqludf_sys.so_ (100%) rename {udf => data/udf}/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll_ (100%) rename {udf => data/udf}/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll_ (100%) rename {udf => data/udf}/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll_ (100%) rename {udf => data/udf}/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll_ (100%) rename {xml => data/xml}/banner/generic.xml (100%) rename {xml => data/xml}/banner/mssql.xml (100%) rename {xml => data/xml}/banner/mysql.xml (100%) rename {xml => data/xml}/banner/oracle.xml (100%) rename {xml => data/xml}/banner/postgresql.xml (100%) rename {xml => data/xml}/banner/server.xml (100%) rename {xml => data/xml}/banner/servlet-engine.xml (100%) rename {xml => data/xml}/banner/set-cookie.xml (100%) rename {xml => data/xml}/banner/sharepoint.xml (100%) rename {xml => data/xml}/banner/x-aspnet-version.xml (100%) rename {xml => data/xml}/banner/x-powered-by.xml (100%) rename {xml => data/xml}/boundaries.xml (100%) rename {xml => data/xml}/errors.xml (100%) rename {xml => data/xml}/livetests.xml (100%) rename {xml => data/xml}/payloads/boolean_blind.xml (100%) rename {xml => data/xml}/payloads/error_based.xml (100%) rename {xml => data/xml}/payloads/inline_query.xml (100%) rename {xml => data/xml}/payloads/stacked_queries.xml (100%) rename {xml => data/xml}/payloads/time_blind.xml (100%) rename {xml => data/xml}/payloads/union_query.xml (100%) rename {xml => data/xml}/queries.xml (100%) diff --git a/procs/README.txt b/data/procs/README.txt similarity index 100% rename from procs/README.txt rename to data/procs/README.txt diff --git a/procs/mssqlserver/activate_sp_oacreate.sql b/data/procs/mssqlserver/activate_sp_oacreate.sql similarity index 100% rename from procs/mssqlserver/activate_sp_oacreate.sql rename to data/procs/mssqlserver/activate_sp_oacreate.sql diff --git a/procs/mssqlserver/configure_openrowset.sql b/data/procs/mssqlserver/configure_openrowset.sql similarity index 100% rename from procs/mssqlserver/configure_openrowset.sql rename to data/procs/mssqlserver/configure_openrowset.sql diff --git a/procs/mssqlserver/configure_xp_cmdshell.sql b/data/procs/mssqlserver/configure_xp_cmdshell.sql similarity index 100% rename from procs/mssqlserver/configure_xp_cmdshell.sql rename to data/procs/mssqlserver/configure_xp_cmdshell.sql diff --git a/procs/mssqlserver/create_new_xp_cmdshell.sql b/data/procs/mssqlserver/create_new_xp_cmdshell.sql similarity index 100% rename from procs/mssqlserver/create_new_xp_cmdshell.sql rename to data/procs/mssqlserver/create_new_xp_cmdshell.sql diff --git a/procs/mssqlserver/disable_xp_cmdshell_2000.sql b/data/procs/mssqlserver/disable_xp_cmdshell_2000.sql similarity index 100% rename from procs/mssqlserver/disable_xp_cmdshell_2000.sql rename to data/procs/mssqlserver/disable_xp_cmdshell_2000.sql diff --git a/procs/mssqlserver/dns_request.sql b/data/procs/mssqlserver/dns_request.sql similarity index 100% rename from procs/mssqlserver/dns_request.sql rename to data/procs/mssqlserver/dns_request.sql diff --git a/procs/mssqlserver/enable_xp_cmdshell_2000.sql b/data/procs/mssqlserver/enable_xp_cmdshell_2000.sql similarity index 100% rename from procs/mssqlserver/enable_xp_cmdshell_2000.sql rename to data/procs/mssqlserver/enable_xp_cmdshell_2000.sql diff --git a/procs/mssqlserver/run_statement_as_user.sql b/data/procs/mssqlserver/run_statement_as_user.sql similarity index 100% rename from procs/mssqlserver/run_statement_as_user.sql rename to data/procs/mssqlserver/run_statement_as_user.sql diff --git a/procs/mysql/dns_request.sql b/data/procs/mysql/dns_request.sql similarity index 100% rename from procs/mysql/dns_request.sql rename to data/procs/mysql/dns_request.sql diff --git a/procs/mysql/write_file_limit.sql b/data/procs/mysql/write_file_limit.sql similarity index 100% rename from procs/mysql/write_file_limit.sql rename to data/procs/mysql/write_file_limit.sql diff --git a/procs/oracle/dns_request.sql b/data/procs/oracle/dns_request.sql similarity index 100% rename from procs/oracle/dns_request.sql rename to data/procs/oracle/dns_request.sql diff --git a/procs/postgresql/dns_request.sql b/data/procs/postgresql/dns_request.sql similarity index 100% rename from procs/postgresql/dns_request.sql rename to data/procs/postgresql/dns_request.sql diff --git a/shell/README.txt b/data/shell/README.txt similarity index 100% rename from shell/README.txt rename to data/shell/README.txt diff --git a/shell/backdoors/backdoor.asp_ b/data/shell/backdoors/backdoor.asp_ similarity index 100% rename from shell/backdoors/backdoor.asp_ rename to data/shell/backdoors/backdoor.asp_ diff --git a/shell/backdoors/backdoor.aspx_ b/data/shell/backdoors/backdoor.aspx_ similarity index 100% rename from shell/backdoors/backdoor.aspx_ rename to data/shell/backdoors/backdoor.aspx_ diff --git a/shell/backdoors/backdoor.jsp_ b/data/shell/backdoors/backdoor.jsp_ similarity index 100% rename from shell/backdoors/backdoor.jsp_ rename to data/shell/backdoors/backdoor.jsp_ diff --git a/shell/backdoors/backdoor.php_ b/data/shell/backdoors/backdoor.php_ similarity index 100% rename from shell/backdoors/backdoor.php_ rename to data/shell/backdoors/backdoor.php_ diff --git a/shell/stagers/stager.asp_ b/data/shell/stagers/stager.asp_ similarity index 100% rename from shell/stagers/stager.asp_ rename to data/shell/stagers/stager.asp_ diff --git a/shell/stagers/stager.aspx_ b/data/shell/stagers/stager.aspx_ similarity index 100% rename from shell/stagers/stager.aspx_ rename to data/shell/stagers/stager.aspx_ diff --git a/shell/stagers/stager.jsp_ b/data/shell/stagers/stager.jsp_ similarity index 100% rename from shell/stagers/stager.jsp_ rename to data/shell/stagers/stager.jsp_ diff --git a/shell/stagers/stager.php_ b/data/shell/stagers/stager.php_ similarity index 100% rename from shell/stagers/stager.php_ rename to data/shell/stagers/stager.php_ diff --git a/txt/common-columns.txt b/data/txt/common-columns.txt similarity index 100% rename from txt/common-columns.txt rename to data/txt/common-columns.txt diff --git a/txt/common-outputs.txt b/data/txt/common-outputs.txt similarity index 100% rename from txt/common-outputs.txt rename to data/txt/common-outputs.txt diff --git a/txt/common-tables.txt b/data/txt/common-tables.txt similarity index 100% rename from txt/common-tables.txt rename to data/txt/common-tables.txt diff --git a/txt/keywords.txt b/data/txt/keywords.txt similarity index 100% rename from txt/keywords.txt rename to data/txt/keywords.txt diff --git a/txt/smalldict.txt b/data/txt/smalldict.txt similarity index 100% rename from txt/smalldict.txt rename to data/txt/smalldict.txt diff --git a/txt/user-agents.txt b/data/txt/user-agents.txt similarity index 100% rename from txt/user-agents.txt rename to data/txt/user-agents.txt diff --git a/txt/wordlist.zip b/data/txt/wordlist.tx_ similarity index 100% rename from txt/wordlist.zip rename to data/txt/wordlist.tx_ diff --git a/udf/README.txt b/data/udf/README.txt similarity index 100% rename from udf/README.txt rename to data/udf/README.txt diff --git a/udf/mysql/linux/32/lib_mysqludf_sys.so_ b/data/udf/mysql/linux/32/lib_mysqludf_sys.so_ similarity index 100% rename from udf/mysql/linux/32/lib_mysqludf_sys.so_ rename to data/udf/mysql/linux/32/lib_mysqludf_sys.so_ diff --git a/udf/mysql/linux/64/lib_mysqludf_sys.so_ b/data/udf/mysql/linux/64/lib_mysqludf_sys.so_ similarity index 100% rename from udf/mysql/linux/64/lib_mysqludf_sys.so_ rename to data/udf/mysql/linux/64/lib_mysqludf_sys.so_ diff --git a/udf/mysql/windows/32/lib_mysqludf_sys.dll_ b/data/udf/mysql/windows/32/lib_mysqludf_sys.dll_ similarity index 100% rename from udf/mysql/windows/32/lib_mysqludf_sys.dll_ rename to data/udf/mysql/windows/32/lib_mysqludf_sys.dll_ diff --git a/udf/mysql/windows/64/lib_mysqludf_sys.dll_ b/data/udf/mysql/windows/64/lib_mysqludf_sys.dll_ similarity index 100% rename from udf/mysql/windows/64/lib_mysqludf_sys.dll_ rename to data/udf/mysql/windows/64/lib_mysqludf_sys.dll_ diff --git a/udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so_ similarity index 100% rename from udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so_ rename to data/udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so_ diff --git a/udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so_ similarity index 100% rename from udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so_ rename to data/udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so_ diff --git a/udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so_ similarity index 100% rename from udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so_ rename to data/udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so_ diff --git a/udf/postgresql/linux/32/9.0/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/32/9.0/lib_postgresqludf_sys.so_ similarity index 100% rename from udf/postgresql/linux/32/9.0/lib_postgresqludf_sys.so_ rename to data/udf/postgresql/linux/32/9.0/lib_postgresqludf_sys.so_ diff --git a/udf/postgresql/linux/32/9.1/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/32/9.1/lib_postgresqludf_sys.so_ similarity index 100% rename from udf/postgresql/linux/32/9.1/lib_postgresqludf_sys.so_ rename to data/udf/postgresql/linux/32/9.1/lib_postgresqludf_sys.so_ diff --git a/udf/postgresql/linux/32/9.2/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/32/9.2/lib_postgresqludf_sys.so_ similarity index 100% rename from udf/postgresql/linux/32/9.2/lib_postgresqludf_sys.so_ rename to data/udf/postgresql/linux/32/9.2/lib_postgresqludf_sys.so_ diff --git a/udf/postgresql/linux/32/9.3/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/32/9.3/lib_postgresqludf_sys.so_ similarity index 100% rename from udf/postgresql/linux/32/9.3/lib_postgresqludf_sys.so_ rename to data/udf/postgresql/linux/32/9.3/lib_postgresqludf_sys.so_ diff --git a/udf/postgresql/linux/32/9.4/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/32/9.4/lib_postgresqludf_sys.so_ similarity index 100% rename from udf/postgresql/linux/32/9.4/lib_postgresqludf_sys.so_ rename to data/udf/postgresql/linux/32/9.4/lib_postgresqludf_sys.so_ diff --git a/udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so_ similarity index 100% rename from udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so_ rename to data/udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so_ diff --git a/udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so_ similarity index 100% rename from udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so_ rename to data/udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so_ diff --git a/udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so_ similarity index 100% rename from udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so_ rename to data/udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so_ diff --git a/udf/postgresql/linux/64/9.0/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/64/9.0/lib_postgresqludf_sys.so_ similarity index 100% rename from udf/postgresql/linux/64/9.0/lib_postgresqludf_sys.so_ rename to data/udf/postgresql/linux/64/9.0/lib_postgresqludf_sys.so_ diff --git a/udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so_ similarity index 100% rename from udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so_ rename to data/udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so_ diff --git a/udf/postgresql/linux/64/9.2/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/64/9.2/lib_postgresqludf_sys.so_ similarity index 100% rename from udf/postgresql/linux/64/9.2/lib_postgresqludf_sys.so_ rename to data/udf/postgresql/linux/64/9.2/lib_postgresqludf_sys.so_ diff --git a/udf/postgresql/linux/64/9.3/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/64/9.3/lib_postgresqludf_sys.so_ similarity index 100% rename from udf/postgresql/linux/64/9.3/lib_postgresqludf_sys.so_ rename to data/udf/postgresql/linux/64/9.3/lib_postgresqludf_sys.so_ diff --git a/udf/postgresql/linux/64/9.4/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/64/9.4/lib_postgresqludf_sys.so_ similarity index 100% rename from udf/postgresql/linux/64/9.4/lib_postgresqludf_sys.so_ rename to data/udf/postgresql/linux/64/9.4/lib_postgresqludf_sys.so_ diff --git a/udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll_ b/data/udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll_ similarity index 100% rename from udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll_ rename to data/udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll_ diff --git a/udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll_ b/data/udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll_ similarity index 100% rename from udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll_ rename to data/udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll_ diff --git a/udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll_ b/data/udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll_ similarity index 100% rename from udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll_ rename to data/udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll_ diff --git a/udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll_ b/data/udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll_ similarity index 100% rename from udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll_ rename to data/udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll_ diff --git a/xml/banner/generic.xml b/data/xml/banner/generic.xml similarity index 100% rename from xml/banner/generic.xml rename to data/xml/banner/generic.xml diff --git a/xml/banner/mssql.xml b/data/xml/banner/mssql.xml similarity index 100% rename from xml/banner/mssql.xml rename to data/xml/banner/mssql.xml diff --git a/xml/banner/mysql.xml b/data/xml/banner/mysql.xml similarity index 100% rename from xml/banner/mysql.xml rename to data/xml/banner/mysql.xml diff --git a/xml/banner/oracle.xml b/data/xml/banner/oracle.xml similarity index 100% rename from xml/banner/oracle.xml rename to data/xml/banner/oracle.xml diff --git a/xml/banner/postgresql.xml b/data/xml/banner/postgresql.xml similarity index 100% rename from xml/banner/postgresql.xml rename to data/xml/banner/postgresql.xml diff --git a/xml/banner/server.xml b/data/xml/banner/server.xml similarity index 100% rename from xml/banner/server.xml rename to data/xml/banner/server.xml diff --git a/xml/banner/servlet-engine.xml b/data/xml/banner/servlet-engine.xml similarity index 100% rename from xml/banner/servlet-engine.xml rename to data/xml/banner/servlet-engine.xml diff --git a/xml/banner/set-cookie.xml b/data/xml/banner/set-cookie.xml similarity index 100% rename from xml/banner/set-cookie.xml rename to data/xml/banner/set-cookie.xml diff --git a/xml/banner/sharepoint.xml b/data/xml/banner/sharepoint.xml similarity index 100% rename from xml/banner/sharepoint.xml rename to data/xml/banner/sharepoint.xml diff --git a/xml/banner/x-aspnet-version.xml b/data/xml/banner/x-aspnet-version.xml similarity index 100% rename from xml/banner/x-aspnet-version.xml rename to data/xml/banner/x-aspnet-version.xml diff --git a/xml/banner/x-powered-by.xml b/data/xml/banner/x-powered-by.xml similarity index 100% rename from xml/banner/x-powered-by.xml rename to data/xml/banner/x-powered-by.xml diff --git a/xml/boundaries.xml b/data/xml/boundaries.xml similarity index 100% rename from xml/boundaries.xml rename to data/xml/boundaries.xml diff --git a/xml/errors.xml b/data/xml/errors.xml similarity index 100% rename from xml/errors.xml rename to data/xml/errors.xml diff --git a/xml/livetests.xml b/data/xml/livetests.xml similarity index 100% rename from xml/livetests.xml rename to data/xml/livetests.xml diff --git a/xml/payloads/boolean_blind.xml b/data/xml/payloads/boolean_blind.xml similarity index 100% rename from xml/payloads/boolean_blind.xml rename to data/xml/payloads/boolean_blind.xml diff --git a/xml/payloads/error_based.xml b/data/xml/payloads/error_based.xml similarity index 100% rename from xml/payloads/error_based.xml rename to data/xml/payloads/error_based.xml diff --git a/xml/payloads/inline_query.xml b/data/xml/payloads/inline_query.xml similarity index 100% rename from xml/payloads/inline_query.xml rename to data/xml/payloads/inline_query.xml diff --git a/xml/payloads/stacked_queries.xml b/data/xml/payloads/stacked_queries.xml similarity index 100% rename from xml/payloads/stacked_queries.xml rename to data/xml/payloads/stacked_queries.xml diff --git a/xml/payloads/time_blind.xml b/data/xml/payloads/time_blind.xml similarity index 100% rename from xml/payloads/time_blind.xml rename to data/xml/payloads/time_blind.xml diff --git a/xml/payloads/union_query.xml b/data/xml/payloads/union_query.xml similarity index 100% rename from xml/payloads/union_query.xml rename to data/xml/payloads/union_query.xml diff --git a/xml/queries.xml b/data/xml/queries.xml similarity index 100% rename from xml/queries.xml rename to data/xml/queries.xml diff --git a/lib/core/common.py b/lib/core/common.py index c6da1478d..52081d149 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -173,6 +173,7 @@ from lib.core.settings import URLENCODE_CHAR_LIMIT from lib.core.settings import URLENCODE_FAILSAFE_CHARS from lib.core.settings import USER_AGENT_ALIASES from lib.core.settings import VERSION_STRING +from lib.core.settings import ZIP_HEADER from lib.core.settings import WEBSCARAB_SPLITTER from lib.core.threads import getCurrentThreadData from lib.utils.sqlalchemy import _sqlalchemy @@ -1215,6 +1216,18 @@ def checkPipedInput(): return not os.isatty(sys.stdin.fileno()) +def isZipFile(filename): + """ + Checks if file contains zip compressed content + + >>> isZipFile(paths.WORDLIST) + True + """ + + checkFile(filename) + + return openFile(filename, "rb", encoding=None).read(len(ZIP_HEADER)) == ZIP_HEADER + def checkFile(filename, raiseOnError=True): """ Checks for file existence and readability @@ -1314,18 +1327,42 @@ def setPaths(rootPath): paths.SQLMAP_ROOT_PATH = rootPath # sqlmap paths + paths.SQLMAP_DATA_PATH = os.path.join(paths.SQLMAP_ROOT_PATH, "data") paths.SQLMAP_EXTRAS_PATH = os.path.join(paths.SQLMAP_ROOT_PATH, "extra") - paths.SQLMAP_PROCS_PATH = os.path.join(paths.SQLMAP_ROOT_PATH, "procs") - paths.SQLMAP_SHELL_PATH = os.path.join(paths.SQLMAP_ROOT_PATH, "shell") paths.SQLMAP_SETTINGS_PATH = os.path.join(paths.SQLMAP_ROOT_PATH, "lib", "core", "settings.py") paths.SQLMAP_TAMPER_PATH = os.path.join(paths.SQLMAP_ROOT_PATH, "tamper") paths.SQLMAP_WAF_PATH = os.path.join(paths.SQLMAP_ROOT_PATH, "waf") - paths.SQLMAP_TXT_PATH = os.path.join(paths.SQLMAP_ROOT_PATH, "txt") - paths.SQLMAP_UDF_PATH = os.path.join(paths.SQLMAP_ROOT_PATH, "udf") - paths.SQLMAP_XML_PATH = os.path.join(paths.SQLMAP_ROOT_PATH, "xml") + + paths.SQLMAP_PROCS_PATH = os.path.join(paths.SQLMAP_DATA_PATH, "procs") + paths.SQLMAP_SHELL_PATH = os.path.join(paths.SQLMAP_DATA_PATH, "shell") + paths.SQLMAP_TXT_PATH = os.path.join(paths.SQLMAP_DATA_PATH, "txt") + paths.SQLMAP_UDF_PATH = os.path.join(paths.SQLMAP_DATA_PATH, "udf") + paths.SQLMAP_XML_PATH = os.path.join(paths.SQLMAP_DATA_PATH, "xml") paths.SQLMAP_XML_BANNER_PATH = os.path.join(paths.SQLMAP_XML_PATH, "banner") paths.SQLMAP_XML_PAYLOADS_PATH = os.path.join(paths.SQLMAP_XML_PATH, "payloads") + # sqlmap files + paths.COMMON_COLUMNS = os.path.join(paths.SQLMAP_TXT_PATH, "common-columns.txt") + paths.COMMON_TABLES = os.path.join(paths.SQLMAP_TXT_PATH, "common-tables.txt") + paths.COMMON_OUTPUTS = os.path.join(paths.SQLMAP_TXT_PATH, 'common-outputs.txt') + paths.SQL_KEYWORDS = os.path.join(paths.SQLMAP_TXT_PATH, "keywords.txt") + paths.SMALL_DICT = os.path.join(paths.SQLMAP_TXT_PATH, "smalldict.txt") + paths.USER_AGENTS = os.path.join(paths.SQLMAP_TXT_PATH, "user-agents.txt") + paths.WORDLIST = os.path.join(paths.SQLMAP_TXT_PATH, "wordlist.tx_") + paths.ERRORS_XML = os.path.join(paths.SQLMAP_XML_PATH, "errors.xml") + paths.BOUNDARIES_XML = os.path.join(paths.SQLMAP_XML_PATH, "boundaries.xml") + paths.LIVE_TESTS_XML = os.path.join(paths.SQLMAP_XML_PATH, "livetests.xml") + paths.QUERIES_XML = os.path.join(paths.SQLMAP_XML_PATH, "queries.xml") + paths.GENERIC_XML = os.path.join(paths.SQLMAP_XML_BANNER_PATH, "generic.xml") + paths.MSSQL_XML = os.path.join(paths.SQLMAP_XML_BANNER_PATH, "mssql.xml") + paths.MYSQL_XML = os.path.join(paths.SQLMAP_XML_BANNER_PATH, "mysql.xml") + paths.ORACLE_XML = os.path.join(paths.SQLMAP_XML_BANNER_PATH, "oracle.xml") + paths.PGSQL_XML = os.path.join(paths.SQLMAP_XML_BANNER_PATH, "postgresql.xml") + + for path in paths.values(): + if any(path.endswith(_) for _ in (".txt", ".xml", ".tx_")): + checkFile(path) + if IS_WIN: if os.getenv("LOCALAPPDATA"): paths.SQLMAP_HOME_PATH = os.path.expandvars("%LOCALAPPDATA%\\sqlmap") @@ -1348,28 +1385,6 @@ def setPaths(rootPath): paths.SQLMAP_SHELL_HISTORY = os.path.join(paths.SQLMAP_HISTORY_PATH, "sqlmap.hst") paths.GITHUB_HISTORY = os.path.join(paths.SQLMAP_HISTORY_PATH, "github.hst") - # sqlmap files - paths.COMMON_COLUMNS = os.path.join(paths.SQLMAP_TXT_PATH, "common-columns.txt") - paths.COMMON_TABLES = os.path.join(paths.SQLMAP_TXT_PATH, "common-tables.txt") - paths.COMMON_OUTPUTS = os.path.join(paths.SQLMAP_TXT_PATH, 'common-outputs.txt') - paths.SQL_KEYWORDS = os.path.join(paths.SQLMAP_TXT_PATH, "keywords.txt") - paths.SMALL_DICT = os.path.join(paths.SQLMAP_TXT_PATH, "smalldict.txt") - paths.USER_AGENTS = os.path.join(paths.SQLMAP_TXT_PATH, "user-agents.txt") - paths.WORDLIST = os.path.join(paths.SQLMAP_TXT_PATH, "wordlist.zip") - paths.ERRORS_XML = os.path.join(paths.SQLMAP_XML_PATH, "errors.xml") - paths.BOUNDARIES_XML = os.path.join(paths.SQLMAP_XML_PATH, "boundaries.xml") - paths.LIVE_TESTS_XML = os.path.join(paths.SQLMAP_XML_PATH, "livetests.xml") - paths.QUERIES_XML = os.path.join(paths.SQLMAP_XML_PATH, "queries.xml") - paths.GENERIC_XML = os.path.join(paths.SQLMAP_XML_BANNER_PATH, "generic.xml") - paths.MSSQL_XML = os.path.join(paths.SQLMAP_XML_BANNER_PATH, "mssql.xml") - paths.MYSQL_XML = os.path.join(paths.SQLMAP_XML_BANNER_PATH, "mysql.xml") - paths.ORACLE_XML = os.path.join(paths.SQLMAP_XML_BANNER_PATH, "oracle.xml") - paths.PGSQL_XML = os.path.join(paths.SQLMAP_XML_BANNER_PATH, "postgresql.xml") - - for path in paths.values(): - if any(path.endswith(_) for _ in (".txt", ".xml", ".zip")): - checkFile(path) - def weAreFrozen(): """ Returns whether we are frozen via py2exe. diff --git a/lib/core/settings.py b/lib/core/settings.py index 1744ef964..e300c10a6 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -18,7 +18,7 @@ from lib.core.enums import OS from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.3.5.129" +VERSION = "1.3.5.130" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) @@ -777,6 +777,9 @@ LOBLKSIZE = 2048 # Prefix used to mark special variables (e.g. keywords, having special chars, etc.) EVALCODE_ENCODED_PREFIX = "EVAL_" +# Reference: https://en.wikipedia.org/wiki/Zip_(file_format) +ZIP_HEADER = b"\x50\x4b\x03\x04" + # Reference: http://www.cookiecentral.com/faq/#3.5 NETSCAPE_FORMAT_HEADER_COOKIES = "# Netscape HTTP Cookie File." diff --git a/lib/core/wordlist.py b/lib/core/wordlist.py index fef136563..34da6358d 100644 --- a/lib/core/wordlist.py +++ b/lib/core/wordlist.py @@ -9,6 +9,7 @@ import os import zipfile from lib.core.common import getSafeExString +from lib.core.common import isZipFile from lib.core.exception import SqlmapDataException from lib.core.exception import SqlmapInstallationException from thirdparty import six @@ -45,7 +46,7 @@ class Wordlist(six.Iterator): self.iter = iter(self.custom) else: self.current = self.filenames[self.index] - if os.path.splitext(self.current)[1].lower() == ".zip": + if isZipFile(self.current): try: _ = zipfile.ZipFile(self.current, 'r') except zipfile.error as ex: diff --git a/lib/utils/hash.py b/lib/utils/hash.py index 3b92873b7..fe31589b5 100644 --- a/lib/utils/hash.py +++ b/lib/utils/hash.py @@ -55,6 +55,7 @@ from lib.core.common import getPublicTypeMembers from lib.core.common import getSafeExString from lib.core.common import hashDBRetrieve from lib.core.common import hashDBWrite +from lib.core.common import isZipFile from lib.core.common import normalizeUnicode from lib.core.common import openFile from lib.core.common import paths @@ -1003,7 +1004,7 @@ def dictionaryAttack(attack_dict): for dictPath in dictPaths: checkFile(dictPath) - if os.path.splitext(dictPath)[1].lower() == ".zip": + if isZipFile(dictPath): _ = zipfile.ZipFile(dictPath, 'r') if len(_.namelist()) == 0: errMsg = "no file(s) inside '%s'" % dictPath