Proper reference to Metasploit Framework as now it's version 4, not 3 anymore

2024-11-22 09:36:35 +03:00 · 2011-09-12 17:26:22 +00:00 · 2011-09-12 17:26:22 +00:00 · f890b29f81
commit f890b29f81
parent 4fb6dab1a2
10 changed files with 106 additions and 105 deletions
--- a/doc/FAQ.pdf
+++ b/doc/FAQ.pdf
--- a/doc/README.html
+++ b/doc/README.html
@ -11,7 +11,7 @@
 <A HREF="mailto:bernardo@sqlmap.org">Bernardo Damele A. G.</A>, 
 <A HREF="mailto:miroslav@sqlmap.org">Miroslav Stampar</A></H2>version 1.0-dev, XXX XX, 2011
 <HR>
-<EM>This document is the user's manual to use 
+<EM>This document is the user's manual for 
 <A HREF="http://www.sqlmap.org">sqlmap</A>.</EM>
 <HR>
 <P>
@ -93,26 +93,23 @@ on the operating system via out-of-band connections.</P>
 <P>sqlmap is developed in 
 <A HREF="http://www.python.org">Python</A>,
-a dynamic object-oriented interpreted programming language.
+a dynamic, object-oriented, interpreted programming language freely available from 
-This makes the tool independent from the operating system. It only
+<A HREF="http://python.org/download/">http://python.org/download/</A>.
-requires the Python interpreter version <B>2</B> equal or higher than
+This makes sqlmap a cross-platform application which is independant of the 
-<B>2.6</B>.
+operating system. sqlmap requires Python version <B>2.6</B> or above.
 The interpreter is freely downloadable from its
 <A HREF="http://python.org/download/">official site</A>.
 To make it even easier, many GNU/Linux distributions come out of the box
-with Python interpreter installed and other Unices and Mac OSX too provide
+with Python installed. Other Unixes and Mac OSX also provide Python packaged
-it packaged in their formats and ready to be installed.
+and ready to be installed.
-Windows users can download and install the Python setup-ready installer
+Windows users can download and install the Python installer for x86, AMD64 and Itanium.</P>
 for x86, AMD64 and Itanium too.</P>
 <P>sqlmap relies on the 
 <A HREF="http://metasploit.com">Metasploit Framework</A> for some of its post-exploitation takeover
-features. You need to grab a copy of it from the
+features. You need to grab a copy of the framework from the
 <A HREF="http://metasploit.com/download/">download</A>
 page - the required version is <B>3.5</B> or higher.
-For the ICMP tunneling out-of-band takeover technique, sqlmap requires
+For the ICMP tunneling out-of-band takeover technique, sqlmap requires the
 <A HREF="http://corelabs.coresecurity.com/index.php?module=Wiki&amp;action=view&amp;type=tool&amp;name=Impacket">Impacket</A> library too.</P>
 <P>If you are willing to connect directly to a database server (<CODE>-d</CODE> switch),
-without passing via a web application, you need to install Python bindings
+without passing through the web application, you need to install Python bindings
 for the database management system that you are going to attack:</P>
 <P>
 <UL>
@ -138,15 +135,15 @@ for the database management system that you are going to attack:</P>
 the sqlmap update functionality (<CODE>-</CODE><CODE>-update</CODE> switch) you need to
 install respectively 
 <A HREF="http://code.google.com/p/python-ntlm/">python-ntlm</A> and 
-<A HREF="http://pysvn.tigris.org/">python-svn</A> libraries.</P>
+<A HREF="http://pysvn.tigris.org/">python-svn</A> libraries respectively.</P>
-<P>Optionally, if you are running sqlmap on Windows, you may wish to install
+<P>Optionally, if you are running sqlmap on Windows, you may wish to install the
 <A HREF="http://ipython.scipy.org/moin/PyReadline/Intro">PyReadline</A>
-library to be able to take advantage of the sqlmap TAB completion and
+library in order to take advantage of the sqlmap TAB completion and
 history support features in the SQL shell and OS shell.
-Note that these functionalities are available natively by Python standard
+Note that these functionalities are available natively via the standard Python
 <A HREF="http://docs.python.org/library/readline.html">readline</A>
 library on other operating systems.</P>
-<P>You can also choose to install 
+<P>You can also choose to install the 
 <A HREF="http://psyco.sourceforge.net/">Psyco</A> library to eventually speed up the sqlmap algorithmic
 operations.</P>
@ -157,13 +154,13 @@ operations.</P>
 <H3>Detect and exploit a SQL injection</H3>
 <P>Let's say that you are auditing a web application and found a web page
-that accepts dynamic user-provided values on <CODE>GET</CODE> or <CODE>POST</CODE>
+that accepts dynamic user-provided values via <CODE>GET</CODE>, <CODE>POST</CODE>
-parameters or HTTP <CODE>Cookie</CODE> values or HTTP <CODE>User-Agent</CODE>
+or <CODE>Cookie</CODE> parameters or via the HTTP <CODE>User-Agent</CODE>
-header value.
+request header.
 You now want to test if these are affected by a SQL injection
 vulnerability, and if so, exploit them to retrieve as much information as
-possible out of the web application's back-end database management system
+possible from the back-end database management system, or even be able to
-or even be able to access the underlying file system and operating system.</P>
+access the underlying file system and operating system.</P>
 <P>In a simple world, consider that the target url is:</P>
 <P>
 <BLOCKQUOTE><CODE>
@ -176,57 +173,53 @@ or even be able to access the underlying file system and operating system.</P>
 <CODE>http://192.168.136.131/sqlmap/mysql/get_int.php?id=1+AND+1=1</CODE>
 </CODE></BLOCKQUOTE>
 </P>
-<P>is the same page as the original one and:</P>
+<P>is the same page as the original one and (the condition evaluates to <B>True</B>):</P>
 <P>
 <BLOCKQUOTE><CODE>
 <CODE>http://192.168.136.131/sqlmap/mysql/get_int.php?id=1+AND+1=2</CODE>
 </CODE></BLOCKQUOTE>
 </P>
-<P>differs from the original one, it means that you are in front of a SQL
+<P>differs from the original one (the condition evaluates to <B>False</B>).
 This likely means that you are in front of a SQL
 injection vulnerability in the <CODE>id</CODE> <CODE>GET</CODE> parameter of the
-<CODE>index.php</CODE> web application page which means that potentially no
+<CODE>index.php</CODE> page. Additionally, no sanitisation of user's supplied
-IDS/IPS, no web application firewall, no parameters' value sanitization is
+input is taking place before the SQL statement is sent to the
-performed on the server-side before sending the SQL statement to the
+back-end database management system.</P>
-back-end database management system the web application relies on.</P>
+<P>This is quite a common flaw in dynamic content web applications and it
 <P>This is a quite common flaw in dynamic content web applications and it
 does not depend upon the back-end database management system nor on the web
-application programming language: it is a programmer code's security flaw.
+application programming language; it is a flaw within the application code.
 The 
 <A HREF="http://www.owasp.org">Open Web Application Security Project</A>
-rated on 2010 in their 
+rated this class of vulnerability as the 
-<A HREF="http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project">OWASP Top Ten</A> survey this vulnerability as the 
+<A HREF="http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010.pdf">most common</A> and serious web application vulnerability in their
-<A HREF="http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010.pdf">most common</A> and important web application vulnerability along with other
+<A HREF="http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project">Top Ten</A> list from 2010.</P>
-injection flaws.</P>
+<P>Now that you have found the vulnerable parameter, you can exploit it by
-<P>Back to the scenario, probably the SQL <CODE>SELECT</CODE> statement into
+manipulating the <CODE>id</CODE> parameter value in the HTTP request.</P>
-<CODE>get_int.php</CODE> has a syntax similar to the following SQL query, in
+<P>Back to the scenario, we can make an educated guess about the probable
-pseudo PHP code:</P>
+syntax of the SQL <CODE>SELECT</CODE> statement where the user supplied value is
 being used in the <CODE>get_int.php</CODE> web page. In pseudo PHP code:</P>
 <P>
 <BLOCKQUOTE><CODE>
 <CODE>$query = "SELECT [column(s) name] FROM [table name] WHERE id=" . $_REQUEST['id'];</CODE>
 </CODE></BLOCKQUOTE>
 </P>
-<P>As you can see, appending any other syntatically valid SQL condition after
+<P>As you can see, appending a syntactically valid SQL statement that will
-a value for <CODE>id</CODE> such condition will take place when the web
+evaluate to a <EM>True</EM> condition after the value for the <CODE>id</CODE>
-application passes the query to the back-end database management system
+parameter (such as <CODE>id=1 AND 1=1</CODE>) will result in the web application
-that executes it, that is why the condition <CODE>id=1 AND 1=1</CODE> is valid
+returning the same web page as in the original request (where no SQL
-(<EM>True</EM>) and returns the same page as the original one, with the
+statement is added).
-same content. This is the case of a boolean-based blind SQL injection
+This is because the back-end database management system has evaluated the
-vulnerability. However, sqlmap is able to detect any type of SQL injection
+injected SQL statement.
-and adapt its work-flow accordingly. Read below for further details.</P>
+The previous example describes a simple boolean-based blind SQL injection
-<P>Moreover, in this simple and easy to inject scenario it would be also
+vulnerability. 
-possible to append, not just one or more valid SQL condition(s), but also
+However, sqlmap is able to detect any type of SQL injection flaw and adapt
-stacked SQL queries, for instance something like <CODE>[...]&amp;id=1;
+its work-flow accordingly. </P>
-ANOTHER SQL QUERY#</CODE> if the web application technology supports
+<P>In this simple scenario it would also be possible to append, not just one or
-<EM>stacked queries</EM>, also known as <EM>multiple statements</EM>.</P>
+more valid SQL conditions, but also (depending on the DBMS) stacked SQL
-<P>Now that you found this SQL injection vulnerable parameter, you can
+queries. For instance:  <CODE>[...]&amp;id=1;ANOTHER SQL QUERY#</CODE>.</P>
-exploit it by manipulating the <CODE>id</CODE> parameter value in the HTTP
+<P>sqlmap can automate the process of identifying and exploiting this type of
-request.</P>
+vulnerability. 
-<P>There exist many 
+Passing the original address, <CODE>http://192.168.136.131/sqlmap/mysql/get_int.php?id=1</CODE>
 <A HREF="http://delicious.com/inquis/sqlinjection">resources</A>
 on the Net explaining in depth how to prevent, detect and exploit SQL
 injection vulnerabilities in web application and it is recommended to read
 them if you are not familiar with the issue before going ahead with sqlmap.</P>
 <P>Passing the original address, <CODE>http://192.168.136.131/sqlmap/mysql/get_int.php?id=1</CODE>
 to sqlmap, the tool will automatically:</P>
 <P>
 <UL>
@ -237,7 +230,14 @@ vulnerable parameter(s);</LI>
 <LI>Depending on the user's options, it will extensively fingerprint,
 enumerate data or takeover the database server as a whole.</LI>
 </UL>
-</P>
+
 ...and depending on supplied options, it will enumerate data or takeover the
 database server entirely.</P>
 <P>There exist many 
 <A HREF="http://delicious.com/inquis/sqlinjection">resources</A>
 on the web explaining in depth how to detect, exploit and prevent SQL
 injection vulnerabilities in web applications. It is recommendeded that you read
 them before going much further with sqlmap.</P>
 <H3>Direct connection to the database management system</H3>
@ -280,30 +280,30 @@ For each HTTP response, by making a comparison between the HTTP response
 time with the original request, the tool inference the output of
 the injected statement character by character. Like for boolean-based
 technique, the bisection algorithm is applied.</LI>
-<LI><B>Error-based SQL injection</B>: sqlmap replaces or append to the
+<LI><B>Error-based SQL injection</B>: sqlmap replaces or appends to 
-affected parameter a database-specific syntatically wrong statement and
+the affected parameter a database-specific error message provoking statement 
-parses the HTTP response headers and body in search of DBMS error messages
+and parses the HTTP response headers and body in search of DBMS error messages 
-containing the injected pre-defined chain of characters and the statement
+containing the injected pre-defined chain of characters and the subquery 
-output within. This technique works when the web application has been
+statement output within. This technique works only when the web application 
-configured to disclose back-end database management system error messages
+has been configured to disclose back-end database management system error 
-only.</LI>
+messages.</LI>
 <LI><B>UNION query SQL injection</B>, also known as <B>inband SQL
 injection</B>: sqlmap appends to the affected parameter a syntatically
-valid SQL statement string starting with a <CODE>UNION ALL SELECT</CODE>.
+valid SQL statement starting with an <CODE>UNION ALL SELECT</CODE>.
-This techique works when the web application page passes the output of the
+This techique works when the web application page passes directly the output 
-<CODE>SELECT</CODE> statement within a <CODE>for</CODE> cycle, or similar, so that
+of the <CODE>SELECT</CODE> statement within a <CODE>for</CODE> loop, or similar, so 
-each line of the query output is printed on the page content.
+that each line of the query output is printed on the page content.
 sqlmap is also able to exploit <B>partial (single entry) UNION query SQL
 injection</B> vulnerabilities which occur when the output of the
-statement is not cycled in a <CODE>for</CODE> construct whereas only the first
+statement is not cycled in a <CODE>for</CODE> construct, whereas only the first
 entry of the query output is displayed.</LI>
 <LI><B>Stacked queries SQL injection</B>, also known as <B>multiple
 statements SQL injection</B>: sqlmap tests if the web application supports
-stacked queries then, in case it does support, it appends to the affected
+stacked queries and then, in case it does support, it appends to the affected
 parameter in the HTTP request, a semi-colon (<CODE>;</CODE>) followed by the
 SQL statement to be executed. This technique is useful to run SQL
-statements other than <CODE>SELECT</CODE> like, for instance, <EM>data
+statements other than <CODE>SELECT</CODE>, like for instance, <EM>data
-definition</EM> or <EM>data manipulation</EM> statements possibly leading
+definition</EM> or <EM>data manipulation</EM> statements, possibly leading
 to file system read and write access and operating system command
 execution depending on the underlying back-end database management system
 and the session user privileges.</LI>
@ -1008,7 +1008,7 @@ Options:
    --os-smbrelay       One click prompt for an OOB shell, meterpreter or VNC
    --os-bof            Stored procedure buffer overflow exploitation
    --priv-esc          Database process' user privilege escalation
-    --msf-path=MSFPATH  Local path where Metasploit Framework 3 is installed
+    --msf-path=MSFPATH  Local path where Metasploit Framework is installed
    --tmp-path=TMPPATH  Remote absolute path of temporary files directory
  Windows registry access:
@ -2764,7 +2764,7 @@ operating system?
 [1] Via UDF 'sys_bineval' (in-memory way, anti-forensics, default)
 [2] Stand-alone payload stager (file system way)
 > 
-[hh:mm:35] [INFO] creating Metasploit Framework 3 multi-stage shellcode 
+[hh:mm:35] [INFO] creating Metasploit Framework multi-stage shellcode 
 which connection type do you want to use?
 [1] Reverse TCP: Connect back from the database host to this machine (default)
 [2] Reverse TCP: Try to connect back from the database host to this machine, on all ports 
@ -2779,7 +2779,7 @@ which payload do you want to use?
 [3] VNC
 > 
 [hh:mm:40] [INFO] creation in progress ... done
-[hh:mm:43] [INFO] running Metasploit Framework 3 command line interface locally, please wait..
+[hh:mm:43] [INFO] running Metasploit Framework command line interface locally, please wait..
                                  _
                                 | |      o
@ -2801,7 +2801,7 @@ LPORT => 60641
 LHOST => 192.168.136.1
 [*] Started reverse handler on 192.168.136.1:60641 
 [*] Starting the payload handler...
-[hh:mm:48] [INFO] running Metasploit Framework 3 shellcode remotely via UDF 'sys_bineval', 
+[hh:mm:48] [INFO] running Metasploit Framework shellcode remotely via UDF 'sys_bineval', 
 please wait..
 [*] Sending stage (749056 bytes) to 192.168.136.129
 [*] Meterpreter session 1 opened (192.168.136.1:60641 -> 192.168.136.129:1689) at Mon Apr 11 
--- a/doc/README.pdf
+++ b/doc/README.pdf
--- a/doc/README.sgml
+++ b/doc/README.sgml
@ -101,7 +101,7 @@ Assume that:
 <tscreen><tt>http://192.168.136.131/sqlmap/mysql/get_int.php?id=1+AND+1=1</tt></tscreen>
-is the same page as the original one and (the condition evaluates to <bf>True<bf>):
+is the same page as the original one and (the condition evaluates to <bf>True</bf>):
 <tscreen><tt>http://192.168.136.131/sqlmap/mysql/get_int.php?id=1+AND+1=2</tt></tscreen>
@ -923,7 +923,7 @@ Options:
    --os-smbrelay       One click prompt for an OOB shell, meterpreter or VNC
    --os-bof            Stored procedure buffer overflow exploitation
    --priv-esc          Database process' user privilege escalation
-    --msf-path=MSFPATH  Local path where Metasploit Framework 3 is installed
+    --msf-path=MSFPATH  Local path where Metasploit Framework is installed
    --tmp-path=TMPPATH  Remote absolute path of temporary files directory
  Windows registry access:
@ -2854,7 +2854,7 @@ operating system?
 [1] Via UDF 'sys_bineval' (in-memory way, anti-forensics, default)
 [2] Stand-alone payload stager (file system way)
 > 
-[hh:mm:35] [INFO] creating Metasploit Framework 3 multi-stage shellcode 
+[hh:mm:35] [INFO] creating Metasploit Framework multi-stage shellcode 
 which connection type do you want to use?
 [1] Reverse TCP: Connect back from the database host to this machine (default)
 [2] Reverse TCP: Try to connect back from the database host to this machine, on all ports 
@ -2869,7 +2869,7 @@ which payload do you want to use?
 [3] VNC
 > 
 [hh:mm:40] [INFO] creation in progress ... done
-[hh:mm:43] [INFO] running Metasploit Framework 3 command line interface locally, please wait..
+[hh:mm:43] [INFO] running Metasploit Framework command line interface locally, please wait..
                                  _
                                 | |      o
@ -2891,7 +2891,7 @@ LPORT => 60641
 LHOST => 192.168.136.1
 [*] Started reverse handler on 192.168.136.1:60641 
 [*] Starting the payload handler...
-[hh:mm:48] [INFO] running Metasploit Framework 3 shellcode remotely via UDF 'sys_bineval', 
+[hh:mm:48] [INFO] running Metasploit Framework shellcode remotely via UDF 'sys_bineval', 
 please wait..
 [*] Sending stage (749056 bytes) to 192.168.136.129
 [*] Meterpreter session 1 opened (192.168.136.1:60641 -> 192.168.136.129:1689) at Mon Apr 11 
--- a/doc/THANKS
+++ b/doc/THANKS
@ -504,7 +504,7 @@ Kazim Bugra Tombul <mhackmail@gmail.com>
    for reporting a minor bug
 Efrain Torres <et@metasploit.com>
-    for helping me out to improve the Metasploit Framework 3 sqlmap
+    for helping me out to improve the Metasploit Framework sqlmap
    auxiliary module and for commiting it on the Metasploit official
    subversion repository
    for his great Metasploit WMAP Framework
@ -694,7 +694,7 @@ AthCon Conference team <cfp@athcon.org>
    Slides: http://goo.gl/QMfjO
 Metasploit Framework development team <msfdev@metasploit.com>
-    for their powerful tool Metasploit Framework 3, used by sqlmap, among
+    for their powerful tool Metasploit Framework, used by sqlmap, among
    others things, to create the shellcode and establish an out-of-band
    connection between sqlmap and the database server
    Homepage: http://www.metasploit.com
--- a/lib/core/option.py
+++ b/lib/core/option.py
@ -608,13 +608,13 @@ def __setMetasploit():
                break
        if condition:
-            debugMsg = "provided Metasploit Framework 3 path "
+            debugMsg = "provided Metasploit Framework path "
            debugMsg += "'%s' is valid" % conf.msfPath
            logger.debug(debugMsg)
            msfEnvPathExists = True
        else:
-            warnMsg = "the provided Metasploit Framework 3 path "
+            warnMsg = "the provided Metasploit Framework path "
            warnMsg += "'%s' is not valid. The cause could " % conf.msfPath
            warnMsg += "be that the path does not exists or that one "
            warnMsg += "or more of the needed Metasploit executables "
@ -623,11 +623,11 @@ def __setMetasploit():
            logger.warn(warnMsg)
    else:
        warnMsg = "you did not provide the local path where Metasploit "
-        warnMsg += "Framework 3 is installed"
+        warnMsg += "Framework is installed"
        logger.warn(warnMsg)
    if not msfEnvPathExists:
-        warnMsg = "sqlmap is going to look for Metasploit Framework 3 "
+        warnMsg = "sqlmap is going to look for Metasploit Framework "
        warnMsg += "installation into the environment paths"
        logger.warn(warnMsg)
@ -647,7 +647,7 @@ def __setMetasploit():
            condition &= os.path.exists(normalizePath(os.path.join(envPath, "msfpayload")))
            if condition:
-                infoMsg = "Metasploit Framework 3 has been found "
+                infoMsg = "Metasploit Framework has been found "
                infoMsg += "installed in the '%s' path" % envPath
                logger.info(infoMsg)
@ -657,7 +657,7 @@ def __setMetasploit():
                break
    if not msfEnvPathExists:
-        errMsg = "unable to locate Metasploit Framework 3 installation. "
+        errMsg = "unable to locate Metasploit Framework installation. "
        errMsg += "Get it from http://metasploit.com/framework/download/"
        raise sqlmapFilePathException, errMsg
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@ -421,7 +421,7 @@ def cmdLineParser():
                            help="Database process' user privilege escalation")
        takeover.add_option("--msf-path", dest="msfPath",
-                            help="Local path where Metasploit Framework 3 "
+                            help="Local path where Metasploit Framework "
                                 "is installed")
        takeover.add_option("--tmp-path", dest="tmpPath",
--- a/lib/takeover/metasploit.py
+++ b/lib/takeover/metasploit.py
@ -368,7 +368,7 @@ class Metasploit:
    def __runMsfCliSmbrelay(self):
        self.__forgeMsfCliCmdForSmbrelay()
-        infoMsg = "running Metasploit Framework 3 command line "
+        infoMsg = "running Metasploit Framework command line "
        infoMsg += "interface locally, please wait.."
        logger.info(infoMsg)
@ -378,7 +378,7 @@ class Metasploit:
    def __runMsfCli(self, exitfunc):
        self.__forgeMsfCliCmd(exitfunc)
-        infoMsg = "running Metasploit Framework 3 command line "
+        infoMsg = "running Metasploit Framework command line "
        infoMsg += "interface locally, please wait.."
        logger.info(infoMsg)
@ -386,14 +386,14 @@ class Metasploit:
        self.__msfCliProc = execute(self.__cliCmd, shell=True, stdin=PIPE, stdout=PIPE, stderr=PIPE)
    def __runMsfShellcodeRemote(self):
-        infoMsg = "running Metasploit Framework 3 shellcode "
+        infoMsg = "running Metasploit Framework shellcode "
        infoMsg += "remotely via UDF 'sys_bineval', please wait.."
        logger.info(infoMsg)
        self.udfExecCmd("'%s'" % self.shellcodeString, silent=True, udfName="sys_bineval")
    def __runMsfShellcodeRemoteViaSexec(self):
-        infoMsg = "running Metasploit Framework 3 shellcode remotely "
+        infoMsg = "running Metasploit Framework shellcode remotely "
        infoMsg += "via shellcodeexec, please wait.."
        logger.info(infoMsg)
@ -495,7 +495,7 @@ class Metasploit:
                return returncode
    def createMsfShellcode(self, exitfunc, format, extra, encode):
-        infoMsg = "creating Metasploit Framework 3 multi-stage shellcode "
+        infoMsg = "creating Metasploit Framework multi-stage shellcode "
        logger.info(infoMsg)
        self.__randStr = randomStr(lowercase=True)
@ -574,7 +574,7 @@ class Metasploit:
        if self.connectionStr.startswith("bind"):
            func()
-        debugMsg = "Metasploit Framework 3 command line interface exited "
+        debugMsg = "Metasploit Framework command line interface exited "
        debugMsg += "with return code %s" % self.__controlMsfCmd(self.__msfCliProc, func)
        logger.debug(debugMsg)
@ -593,7 +593,7 @@ class Metasploit:
        else:
            self.uncPath = "\\\\%s\\%s" % (self.lhostStr, self.__randFile)
-        debugMsg = "Metasploit Framework 3 console exited with return "
+        debugMsg = "Metasploit Framework console exited with return "
        debugMsg += "code %s" % self.__controlMsfCmd(self.__msfCliProc, self.uncPathRequest)
        logger.debug(debugMsg)
@ -603,6 +603,6 @@ class Metasploit:
        if self.connectionStr.startswith("bind"):
            self.spHeapOverflow()
-        debugMsg = "Metasploit Framework 3 command line interface exited "
+        debugMsg = "Metasploit Framework command line interface exited "
        debugMsg += "with return code %s" % self.__controlMsfCmd(self.__msfCliProc, self.spHeapOverflow)
        logger.debug(debugMsg)
--- a/sqlmap.conf
+++ b/sqlmap.conf
@ -471,7 +471,7 @@ osBof = False
 # payload to be Meterpreter.
 privEsc = False
-# Local path where Metasploit Framework 3 is installed.
+# Local path where Metasploit Framework is installed.
 # Valid: file system path
 msfPath = 
--- a/tamper/unmagicquotes.py
+++ b/tamper/unmagicquotes.py
@ -22,7 +22,8 @@ def dependencies():
 def tamper(payload):
    """
-    Replaces quote character (') with a multi-byte combo %bf%27 together with generic comment at the end (to make it work)
+    Replaces quote character (') with a multi-byte combo %bf%27 together with
    generic comment at the end (to make it work)
    Example:
        * Input: 1' AND 1=1