Updated site, documentation (dev and user) and packaging scripts for 0.6.1

2025-06-15 02:23:07 +03:00 · 2008-10-20 13:43:18 +00:00 · 2008-10-20 13:43:18 +00:00 · fcc16b2346
commit fcc16b2346
parent 6ddb5afef9
6 changed files with 292 additions and 102 deletions
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@ -2,7 +2,7 @@ sqlmap (0.6.1-1) stable; urgency=low
  * Major bug fix to blind SQL injection bisection algorithm to handle an
    exception;
-  * Added a Metasploit 3 auxiliary module to run sqlmap;
+  * Added a Metasploit Framework 3 auxiliary module to run sqlmap;
  * Implemented possibility to test for and inject also on LIKE
    statements;
  * Implemented --start and --stop options to set the first and the last
@ -12,6 +12,9 @@ sqlmap (0.6.1-1) stable; urgency=low
  * Minor enhancement to save also the length of query output in the
    session file when retrieving the query output length for ETA or for
    resume purposes;
  * Changed the order sqlmap dump table entries from column by column to
    row by row. Now it also dumps entries as they are stored in the tables,
    not forcing the entries' order alphabetically anymore;
  * Minor bug fix to correctly handle parameters' value with % character.
 -- Bernardo Damele A. G. <bernardo.damele@gmail.com>  Fri,  10 Oct 2008 10:00:00 +0100
--- a/doc/README.html
+++ b/doc/README.html
@ -245,8 +245,8 @@ those that vary the HTTP response page content.
 On the dynamic ones sqlmap automatically tests and detects the ones
 affected by SQL injection. Each dynamic parameter is tested for
 <EM>numeric</EM>, <EM>single quoted string</EM>, <EM>double quoted
-string</EM> and all of these three datatypes with zero, one and two
+string</EM> and all of these three datatypes with zero to two parenthesis
-parenthesis to correctly detect which is the <CODE>SELECT</CODE> statement syntax to
+to correctly detect which is the <CODE>SELECT</CODE> statement syntax to
 perform further injections with. It is also possible to specify the
 parameter(s) that you want to perform tests and use for injection on.</LI>
 <LI>Option to specify the <B>maximum number of concurrent HTTP
@ -277,6 +277,9 @@ and <B>resume the injection from this file in a second time</B>.</LI>
 <LI>Support to read options from a configuration INI file rather than
 specify each time all of the options on the command line. Support also to
 save command line options on a configuration INI file.</LI>
 <LI>Integration with other IT security related open source projects,
 <A HREF="http://metasploit.com/framework/">Metasploit</A> and 
 <A HREF="http://w3af.sourceforge.net/">w3af</A>.</LI>
 <LI><B>PHP setting <CODE>magic_quotes_gpc</CODE> bypass</B> by encoding
 every query string, between single quotes, with <CODE>CHAR</CODE>, or similar,
 database management system function.</LI>
@ -292,19 +295,19 @@ It is available in various formats:</P>
 <P>
 <UL>
 <LI>
-<A HREF="http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.1.1.tar.gz">Source gzip compressed</A> operating system independent.</LI>
+<A HREF="http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.1.tar.gz">Source gzip compressed</A> operating system independent.</LI>
 <LI>
-<A HREF="http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.1.1.tar.bz2">Source bzip2 compressed</A> operating system independent.</LI>
+<A HREF="http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.1.tar.bz2">Source bzip2 compressed</A> operating system independent.</LI>
 <LI>
-<A HREF="http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.1.1.zip">Source zip compressed</A> operating system independent.</LI>
+<A HREF="http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.1.zip">Source zip compressed</A> operating system independent.</LI>
 <LI>
-<A HREF="http://downloads.sourceforge.net/sqlmap/sqlmap_0.6.1.1-1_all.deb">DEB binary package</A> architecture independent for Debian and any
+<A HREF="http://downloads.sourceforge.net/sqlmap/sqlmap_0.6.1-1_all.deb">DEB binary package</A> architecture independent for Debian and any
 other Debian derivated GNU/Linux distribution.</LI>
 <LI>
-<A HREF="http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.1.1-1.noarch.rpm">RPM binary package</A> architecture independent for Fedora and any
+<A HREF="http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.1-1.noarch.rpm">RPM binary package</A> architecture independent for Fedora and any
 other operating system that can install RPM packages.</LI>
 <LI>
-<A HREF="http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.1.1_exe.zip">Portable executable for Windows</A> that <B>does not require the Python
+<A HREF="http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.1_exe.zip">Portable executable for Windows</A> that <B>does not require the Python
 interpreter</B> to be installed on the operating system.</LI>
 </UL>
 </P>
@ -331,7 +334,7 @@ and
 <PRE>
 $ python sqlmap.py -h
-    sqlmap/0.6.1.1 coded by Bernardo Damele A. G. &lt;bernardo.damele@gmail.com>
+    sqlmap/0.6.1 coded by Bernardo Damele A. G. &lt;bernardo.damele@gmail.com>
                        and Daniele Bellucci &lt;daniele.bellucci@gmail.com>
 Usage: sqlmap.py [options] {-u &lt;URL> | -g &lt;google dork> | -c &lt;config file>}
@ -379,13 +382,16 @@ Options:
    --dbs               Enumerate DBMS databases
    --tables            Enumerate DBMS database tables (opt: -D)
    --columns           Enumerate DBMS database table columns (req: -T, -D)
-    --dump              Dump DBMS database table entries (req: -T, -D opt: -C)
+    --dump              Dump DBMS database table entries (req: -T, -D opt: -C,
                        --start, --stop)
    --dump-all          Dump all DBMS databases tables entries
    -D DB               DBMS database to enumerate
    -T TBL              DBMS database table to enumerate
    -C COL              DBMS database table column to enumerate
    -U USER             DBMS user to enumerate
    --exclude-sysdbs    Exclude DBMS system databases when enumerating tables
    --start=LIMITSTART  First table entry to dump
    --stop=LIMITSTOP    Last table entry to dump
    --sql-query=QUERY   SQL SELECT query to be executed
    --sql-shell         Prompt for an interactive SQL shell
@ -417,6 +423,7 @@ Options:
    -s SESSIONFILE      Save and resume all data retrieved on a session file
    -c CONFIGFILE       Load options from a configuration INI file
    --save              Save options on a configuration INI file
    --batch             Never ask for user input, use the default behaviour
 </PRE>
 </CODE></BLOCKQUOTE>
 </P>
@ -528,7 +535,7 @@ $ python sqlmap.py -u http://192.168.1.121/sqlmap/mysql/get_int.php?id=1&amp;cat
 [hh:mm:28] [TRAFFIC OUT] HTTP request:
 GET /sqlmap/mysql/get_int.php?id=1&amp;cat=2 HTTP/1.1
 Host: 192.168.1.121:80
-User-agent: sqlmap/0.6.1.1 (http://sqlmap.sourceforge.net)
+User-agent: sqlmap/0.6.1 (http://sqlmap.sourceforge.net)
 Connection: close
 [...]
 [hh:mm:29] [INFO] testing MySQL
@ -537,7 +544,7 @@ Connection: close
 GET /sqlmap/mysql/get_int.php?id=1%20AND%20ORD%28MID%28%28CONCAT%28CHAR%2852%29%2C%20
 CHAR%2852%29%29%29%2C%201%2C%201%29%29%20%3E%2063%20AND%207994=7994&amp;cat=2 HTTP/1.1
 Host: 192.168.1.121:80
-User-agent: sqlmap/0.6.1.1 (http://sqlmap.sourceforge.net)
+User-agent: sqlmap/0.6.1 (http://sqlmap.sourceforge.net)
 Connection: close
 [...]
 </PRE>
@ -555,7 +562,7 @@ $ python sqlmap.py -u http://192.168.1.121/sqlmap/mysql/get_int.php?id=1&amp;cat
 [hh:mm:32] [TRAFFIC OUT] HTTP request:
 GET /sqlmap/mysql/get_int.php?id=1&amp;cat=2 HTTP/1.1
 Host: 192.168.1.121:80
-User-agent: sqlmap/0.6.1.1 (http://sqlmap.sourceforge.net)
+User-agent: sqlmap/0.6.1 (http://sqlmap.sourceforge.net)
 Connection: close
 [hh:mm:32] [TRAFFIC IN] HTTP response (OK - 200):
@ -573,7 +580,7 @@ Content-Type: text/html
 GET /sqlmap/mysql/get_int.php?id=1%20AND%20ORD%28MID%28%28CONCAT%28CHAR%2852%29%2C%20
 CHAR%2852%29%29%29%2C%201%2C%201%29%29%20%3E%2063%20AND%204435=4435&amp;cat=2 HTTP/1.1
 Host: 192.168.1.121:80
-User-agent: sqlmap/0.6.1.1 (http://sqlmap.sourceforge.net)
+User-agent: sqlmap/0.6.1 (http://sqlmap.sourceforge.net)
 Connection: close
 [hh:mm:33] [TRAFFIC IN] HTTP response (OK - 200):
@ -600,7 +607,7 @@ $ python sqlmap.py -u http://192.168.1.121/sqlmap/mysql/get_int.php?id=1&amp;cat
 [hh:mm:23] [TRAFFIC OUT] HTTP request:
 GET /sqlmap/mysql/get_int.php?id=1&amp;cat=2 HTTP/1.1
 Host: 192.168.1.121:80
-User-agent: sqlmap/0.6.1.1 (http://sqlmap.sourceforge.net)
+User-agent: sqlmap/0.6.1 (http://sqlmap.sourceforge.net)
 Connection: close
 [hh:mm:23] [TRAFFIC IN] HTTP response (OK - 200):
@ -2042,7 +2049,8 @@ is connected to, which is always <CODE>public</CODE>.</P>
 <H3>Dump database tables entries</H3>
-<P>Options: <CODE>--dump</CODE>, <CODE>-C</CODE>, <CODE>-T</CODE> and <CODE>-D</CODE></P>
+<P>Options: <CODE>--dump</CODE>, <CODE>-C</CODE>, <CODE>-T</CODE>, <CODE>-D</CODE>,
 <CODE>--start</CODE> and <CODE>--stop</CODE></P>
 <P>It is possible to dump the entries for a specific database table.
 This functionality depends on both <CODE>-T</CODE> to specify the table name
@ -2058,15 +2066,15 @@ $ python sqlmap.py -u "http://192.168.1.121/sqlmap/mysql/get_int.php?id=1&amp;ca
 Database: test
 Table: users
 [5 entries]
-+----+--------------------------------------------+-------------------+
+----+----------------------------------------------+-------------------+
 | id | name                                         | surname           |
-+----+--------------------------------------------+-------------------+
+----+----------------------------------------------+-------------------+
 | 1  | luther                                       | blissett          |
 | 2  | fluffy                                       | bunny             |
 | 3  | wu                                           | ming              |
 | 4  | sqlmap/0.6.1 (http://sqlmap.sourceforge.net) | user agent header |
 | 5  | NULL                                         | nameisnull        |
-+----+--------------------------------------------+-------------------+
+----+----------------------------------------------+-------------------+
 </PRE>
 </CODE></BLOCKQUOTE>
 </P>
@ -2112,15 +2120,15 @@ $ python sqlmap.py -u "http://192.168.1.121/sqlmap/pgsql/get_int.php?id=1&amp;ca
 Database: public
 Table: users
 [5 entries]
-+----+--------------------------------------------+-------------------+
+----+----------------------------------------------+-------------------+
 | id | name                                         | surname           |
-+----+--------------------------------------------+-------------------+
+----+----------------------------------------------+-------------------+
 | 1  | luther                                       | blissett          |
 | 2  | fluffy                                       | bunny             |
 | 3  | wu                                           | ming              |
 | 4  | sqlmap/0.6.1 (http://sqlmap.sourceforge.net) | user agent header |
 | 5  |                                              | nameisnull        |
-+----+--------------------------------------------+-------------------+
+----+----------------------------------------------+-------------------+
 [hh:mm:59] [INFO] Table 'public.users' dumped to CSV file '/software/sqlmap/output/
 192.168.1.121/dump/public/users.csv'
@ -2138,6 +2146,40 @@ $ cat /software/sqlmap/output/192.168.1.121/dump/public/users.csv
 </CODE></BLOCKQUOTE>
 </P>
 <P>You can also provide the <CODE>--start</CODE> and/or the <CODE>--stop</CODE> option
 to limit the dump to a range of entries.</P>
 <P>
 <UL>
 <LI><CODE>--start</CODE> specifies the first entry to enumerate</LI>
 <LI><CODE>--stop</CODE> specifies the last entry to enumerate</LI>
 </UL>
 </P>
 <P>Example on a <B>MySQL 5.0.51</B> target:</P>
 <P>
 <BLOCKQUOTE><CODE>
 <PRE>
 $ python sqlmap.py -u "http://192.168.1.121/sqlmap/mysql/get_int.php?id=1&amp;cat=2" --dump \
  -T users -D test --start 2 --stop 4
 Database: test
 Table: users
 [3 entries]
 +----+----------------------------------------------+-------------------+
 | id | name                                         | surname           |
 +----+----------------------------------------------+-------------------+
 | 2  | fluffy                                       | bunny             |
 | 3  | wu                                           | ming              |
 | 4  | sqlmap/0.6.1 (http://sqlmap.sourceforge.net) | user agent header |
 +----+----------------------------------------------+-------------------+
 </PRE>
 </CODE></BLOCKQUOTE>
 </P>
 <P>As you can see, sqlmap is very flexible: you can leave it automatically
 enumerate the whole database table up to a single column of a specific
 table entry.</P>
 <H3>Dump all databases tables entries</H3>
@ -2153,15 +2195,15 @@ $ python sqlmap.py -u "http://192.168.1.121/sqlmap/mysql/get_int.php?id=1&amp;ca
 Database: test
 Table: users
 [5 entries]
-+----+--------------------------------------------+-------------------+
+----+----------------------------------------------+-------------------+
 | id | name                                         | surname           |
-+----+--------------------------------------------+-------------------+
+----+----------------------------------------------+-------------------+
 | 1  | luther                                       | blissett          |
 | 2  | fluffy                                       | bunny             |
 | 3  | wu                                           | ming              |
 | 4  | sqlmap/0.6.1 (http://sqlmap.sourceforge.net) | user agent header |
 | 5  | NULL                                         | nameisnull        |
-+----+--------------------------------------------+-------------------+
+----+----------------------------------------------+-------------------+
 Database: information_schema
 Table: CHARACTER_SETS
@ -2246,15 +2288,15 @@ Table: spt_datatype_info_ext
 Database: master
 Table: users
 [5 entries]
-+----+--------------------------------------------+-------------------+
+----+----------------------------------------------+-------------------+
 | id | name                                         | surname           |
-+----+--------------------------------------------+-------------------+
+----+----------------------------------------------+-------------------+
 | 4  | sqlmap/0.6.1 (http://sqlmap.sourceforge.net) | user agent header |
 | 2  | fluffy                                       | bunny             |
 | 1  | luther                                       | blisset           |
 | 3  | wu                                           | ming              |
 | 5  | NULL                                         | nameisnull        |
-+----+--------------------------------------------+-------------------+
+----+----------------------------------------------+-------------------+
 [...]
 </PRE>
@ -3123,7 +3165,8 @@ back-end DBMS:  MySQL >= 5.0.0
 <P>Option: <CODE>--save</CODE></P>
-
+<P>It is possible to save the command line options to a configuration INI
 file.</P>
 <P>Example on a <B>PostgreSQL 8.2.7</B> target:</P>
 <P>
@ -3231,6 +3274,53 @@ banner:    'PostgreSQL 8.2.7 on i486-pc-linux-gnu, compiled by GCC cc (GCC) 4.2.
 </P>
 <H3>Act in non-interactive mode</H3>
 <P>Option: <CODE>--batch</CODE></P>
 <P>If you want sqlmap to run as a batch tool, without interacting with you in
 case of a choice has to be done, you can force it by using <CODE>--batch</CODE>
 option than letting sqlmap go for a default behaviour.</P>
 <P>Example on a <B>MySQL 5.0.51</B> target:</P>
 <P>
 <BLOCKQUOTE><CODE>
 <PRE>
 $ python sqlmap.py -u "http://192.168.1.121/sqlmap/mysql/get_int_str.php?id=1&amp;name=luther" -v 1 \
  --batch
 [hh:mm:22] [INFO] testing if GET parameter 'id' is dynamic
 [hh:mm:22] [INFO] confirming that GET parameter 'id' is dynamic
 [hh:mm:22] [INFO] GET parameter 'id' is dynamic
 [hh:mm:22] [INFO] testing sql injection on GET parameter 'id' with 0 parenthesis
 [hh:mm:22] [INFO] testing unescaped numeric injection on GET parameter 'id'
 [hh:mm:22] [INFO] confirming unescaped numeric injection on GET parameter 'id'
 [hh:mm:22] [INFO] GET parameter 'id' is unescaped numeric injectable with 0 parenthesis
 [hh:mm:22] [INFO] testing if GET parameter 'name' is dynamic
 [hh:mm:22] [INFO] confirming that GET parameter 'name' is dynamic
 [hh:mm:22] [INFO] GET parameter 'name' is dynamic
 [hh:mm:22] [INFO] testing sql injection on GET parameter 'name' with 0 parenthesis
 [hh:mm:22] [INFO] testing unescaped numeric injection on GET parameter 'name'
 [hh:mm:22] [INFO] GET parameter 'name' is not unescaped numeric injectable
 [hh:mm:22] [INFO] testing single quoted string injection on GET parameter 'name'
 [hh:mm:22] [INFO] confirming single quoted string injection on GET parameter 'name'
 [hh:mm:22] [INFO] GET parameter 'name' is single quoted string injectable with 0 parenthesis
 [hh:mm:22] [INFO] there were multiple injection points, please select the one to use to go ahead:
 [0] place: GET, parameter: id, type: numeric (default)
 [1] place: GET, parameter: name, type: stringsingle
 [q] Quit
 Choice: 0
 [hh:mm:22] [DEBUG] used the default behaviour, running in batch mode
 [...]
 back-end DBMS:  MySQL >= 5.0.0
 </PRE>
 </CODE></BLOCKQUOTE>
 </P>
 <P>As you can see, sqlmap choosed automatically to injection on the first
 vulnerable parameter which is the default behaviour.</P>
 <H2><A NAME="s6">6.</A> <A HREF="#toc6">Disclaimer</A></H2>
 <P>sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
--- a/doc/README.pdf
+++ b/doc/README.pdf
--- a/doc/README.sgml
+++ b/doc/README.sgml
@ -207,8 +207,8 @@ those that vary the HTTP response page content.
 On the dynamic ones sqlmap automatically tests and detects the ones
 affected by SQL injection. Each dynamic parameter is tested for
 <em>numeric</em>, <em>single quoted string</em>, <em>double quoted
-string</em> and all of these three datatypes with zero, one and two
+string</em> and all of these three datatypes with zero to two parenthesis
-parenthesis to correctly detect which is the <tt>SELECT</tt> statement syntax to
+to correctly detect which is the <tt>SELECT</tt> statement syntax to
 perform further injections with. It is also possible to specify the
 parameter(s) that you want to perform tests and use for injection on.
 <item>Option to specify the <bf>maximum number of concurrent HTTP
@ -239,6 +239,9 @@ and <bf>resume the injection from this file in a second time</bf>.
 <item>Support to read options from a configuration INI file rather than
 specify each time all of the options on the command line. Support also to
 save command line options on a configuration INI file.
 <item>Integration with other IT security related open source projects,
 <htmlurl url="http://metasploit.com/framework/" name="Metasploit"> and <htmlurl
 url="http://w3af.sourceforge.net/" name="w3af">.
 <item><bf>PHP setting <tt>magic_quotes_gpc</tt> bypass</bf> by encoding
 every query string, between single quotes, with <tt>CHAR</tt>, or similar,
 database management system function.
@ -254,19 +257,19 @@ name="SourceForge File List page">.
 It is available in various formats:
 <itemize>
-<item><htmlurl url="http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.1.1.tar.gz"
+<item><htmlurl url="http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.1.tar.gz"
 name="Source gzip compressed"> operating system independent.
-<item><htmlurl url="http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.1.1.tar.bz2"
+<item><htmlurl url="http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.1.tar.bz2"
 name="Source bzip2 compressed"> operating system independent.
-<item><htmlurl url="http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.1.1.zip"
+<item><htmlurl url="http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.1.zip"
 name="Source zip compressed"> operating system independent.
-<item><htmlurl url="http://downloads.sourceforge.net/sqlmap/sqlmap_0.6.1.1-1_all.deb"
+<item><htmlurl url="http://downloads.sourceforge.net/sqlmap/sqlmap_0.6.1-1_all.deb"
 name="DEB binary package"> architecture independent for Debian and any
 other Debian derivated GNU/Linux distribution.
-<item><htmlurl url="http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.1.1-1.noarch.rpm"
+<item><htmlurl url="http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.1-1.noarch.rpm"
 name="RPM binary package"> architecture independent for Fedora and any
 other operating system that can install RPM packages.
-<item><htmlurl url="http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.1.1_exe.zip"
+<item><htmlurl url="http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.1_exe.zip"
 name="Portable executable for Windows"> that <bf>does not require the Python
 interpreter</bf> to be installed on the operating system.
 </itemize>
@ -294,7 +297,7 @@ and <htmlurl url="mailto:daniele.bellucci@gmail.com" name="Daniele Bellucci">.
 <tscreen><verb>
 $ python sqlmap.py -h
-    sqlmap/0.6.1.1 coded by Bernardo Damele A. G. <bernardo.damele@gmail.com>
+    sqlmap/0.6.1 coded by Bernardo Damele A. G. <bernardo.damele@gmail.com>
                        and Daniele Bellucci <daniele.bellucci@gmail.com>
 Usage: sqlmap.py [options] {-u <URL> | -g <google dork> | -c <config file>}
@ -342,13 +345,16 @@ Options:
    --dbs               Enumerate DBMS databases
    --tables            Enumerate DBMS database tables (opt: -D)
    --columns           Enumerate DBMS database table columns (req: -T, -D)
-    --dump              Dump DBMS database table entries (req: -T, -D opt: -C)
+    --dump              Dump DBMS database table entries (req: -T, -D opt: -C,
                        --start, --stop)
    --dump-all          Dump all DBMS databases tables entries
    -D DB               DBMS database to enumerate
    -T TBL              DBMS database table to enumerate
    -C COL              DBMS database table column to enumerate
    -U USER             DBMS user to enumerate
    --exclude-sysdbs    Exclude DBMS system databases when enumerating tables
    --start=LIMITSTART  First table entry to dump
    --stop=LIMITSTOP    Last table entry to dump
    --sql-query=QUERY   SQL SELECT query to be executed
    --sql-shell         Prompt for an interactive SQL shell
@ -380,6 +386,7 @@ Options:
    -s SESSIONFILE      Save and resume all data retrieved on a session file
    -c CONFIGFILE       Load options from a configuration INI file
    --save              Save options on a configuration INI file
    --batch             Never ask for user input, use the default behaviour
 </verb></tscreen>
@ -486,7 +493,7 @@ $ python sqlmap.py -u http://192.168.1.121/sqlmap/mysql/get_int.php?id=1&amp;cat
 [hh:mm:28] [TRAFFIC OUT] HTTP request:
 GET /sqlmap/mysql/get_int.php?id=1&amp;cat=2 HTTP/1.1
 Host: 192.168.1.121:80
-User-agent: sqlmap/0.6.1.1 (http://sqlmap.sourceforge.net)
+User-agent: sqlmap/0.6.1 (http://sqlmap.sourceforge.net)
 Connection: close
 [...]
 [hh:mm:29] [INFO] testing MySQL
@ -495,7 +502,7 @@ Connection: close
 GET /sqlmap/mysql/get_int.php?id=1%20AND%20ORD%28MID%28%28CONCAT%28CHAR%2852%29%2C%20
 CHAR%2852%29%29%29%2C%201%2C%201%29%29%20%3E%2063%20AND%207994=7994&amp;cat=2 HTTP/1.1
 Host: 192.168.1.121:80
-User-agent: sqlmap/0.6.1.1 (http://sqlmap.sourceforge.net)
+User-agent: sqlmap/0.6.1 (http://sqlmap.sourceforge.net)
 Connection: close
 [...]
 </verb></tscreen>
@ -511,7 +518,7 @@ $ python sqlmap.py -u http://192.168.1.121/sqlmap/mysql/get_int.php?id=1&amp;cat
 [hh:mm:32] [TRAFFIC OUT] HTTP request:
 GET /sqlmap/mysql/get_int.php?id=1&amp;cat=2 HTTP/1.1
 Host: 192.168.1.121:80
-User-agent: sqlmap/0.6.1.1 (http://sqlmap.sourceforge.net)
+User-agent: sqlmap/0.6.1 (http://sqlmap.sourceforge.net)
 Connection: close
 [hh:mm:32] [TRAFFIC IN] HTTP response (OK - 200):
@ -529,7 +536,7 @@ Content-Type: text/html
 GET /sqlmap/mysql/get_int.php?id=1%20AND%20ORD%28MID%28%28CONCAT%28CHAR%2852%29%2C%20
 CHAR%2852%29%29%29%2C%201%2C%201%29%29%20%3E%2063%20AND%204435=4435&amp;cat=2 HTTP/1.1
 Host: 192.168.1.121:80
-User-agent: sqlmap/0.6.1.1 (http://sqlmap.sourceforge.net)
+User-agent: sqlmap/0.6.1 (http://sqlmap.sourceforge.net)
 Connection: close
 [hh:mm:33] [TRAFFIC IN] HTTP response (OK - 200):
@ -554,7 +561,7 @@ $ python sqlmap.py -u http://192.168.1.121/sqlmap/mysql/get_int.php?id=1&amp;cat
 [hh:mm:23] [TRAFFIC OUT] HTTP request:
 GET /sqlmap/mysql/get_int.php?id=1&amp;cat=2 HTTP/1.1
 Host: 192.168.1.121:80
-User-agent: sqlmap/0.6.1.1 (http://sqlmap.sourceforge.net)
+User-agent: sqlmap/0.6.1 (http://sqlmap.sourceforge.net)
 Connection: close
 [hh:mm:23] [TRAFFIC IN] HTTP response (OK - 200):
@ -1977,7 +1984,8 @@ is connected to, which is always <tt>public</tt>.
 <sect2>Dump database tables entries
 <p>
-Options: <tt>--dump</tt>, <tt>-C</tt>, <tt>-T</tt> and <tt>-D</tt>
+Options: <tt>--dump</tt>, <tt>-C</tt>, <tt>-T</tt>, <tt>-D</tt>,
 <tt>--start</tt> and <tt>--stop</tt>
 <p>
 It is possible to dump the entries for a specific database table.
@ -1994,15 +2002,15 @@ $ python sqlmap.py -u "http://192.168.1.121/sqlmap/mysql/get_int.php?id=1&amp;ca
 Database: test
 Table: users
 [5 entries]
-+----+--------------------------------------------+-------------------+
+----+----------------------------------------------+-------------------+
 | id | name                                         | surname           |
-+----+--------------------------------------------+-------------------+
+----+----------------------------------------------+-------------------+
 | 1  | luther                                       | blissett          |
 | 2  | fluffy                                       | bunny             |
 | 3  | wu                                           | ming              |
 | 4  | sqlmap/0.6.1 (http://sqlmap.sourceforge.net) | user agent header |
 | 5  | NULL                                         | nameisnull        |
-+----+--------------------------------------------+-------------------+
+----+----------------------------------------------+-------------------+
 </verb></tscreen>
 <p>
@ -2046,15 +2054,15 @@ $ python sqlmap.py -u "http://192.168.1.121/sqlmap/pgsql/get_int.php?id=1&amp;ca
 Database: public
 Table: users
 [5 entries]
-+----+--------------------------------------------+-------------------+
+----+----------------------------------------------+-------------------+
 | id | name                                         | surname           |
-+----+--------------------------------------------+-------------------+
+----+----------------------------------------------+-------------------+
 | 1  | luther                                       | blissett          |
 | 2  | fluffy                                       | bunny             |
 | 3  | wu                                           | ming              |
 | 4  | sqlmap/0.6.1 (http://sqlmap.sourceforge.net) | user agent header |
 | 5  |                                              | nameisnull        |
-+----+--------------------------------------------+-------------------+
+----+----------------------------------------------+-------------------+
 [hh:mm:59] [INFO] Table 'public.users' dumped to CSV file '/software/sqlmap/output/
 192.168.1.121/dump/public/users.csv'
@ -2070,6 +2078,39 @@ $ cat /software/sqlmap/output/192.168.1.121/dump/public/users.csv
 "5","","nameisnull"
 </verb></tscreen>
 <p>
 You can also provide the <tt>--start</tt> and/or the <tt>--stop</tt> option
 to limit the dump to a range of entries.
 <itemize>
 <item><tt>--start</tt> specifies the first entry to enumerate
 <item><tt>--stop</tt> specifies the last entry to enumerate
 </itemize>
 <p>
 Example on a <bf>MySQL 5.0.51</bf> target:
 <tscreen><verb>
 $ python sqlmap.py -u "http://192.168.1.121/sqlmap/mysql/get_int.php?id=1&amp;cat=2" --dump \
  -T users -D test --start 2 --stop 4
 Database: test
 Table: users
 [3 entries]
 +----+----------------------------------------------+-------------------+
 | id | name                                         | surname           |
 +----+----------------------------------------------+-------------------+
 | 2  | fluffy                                       | bunny             |
 | 3  | wu                                           | ming              |
 | 4  | sqlmap/0.6.1 (http://sqlmap.sourceforge.net) | user agent header |
 +----+----------------------------------------------+-------------------+
 </verb></tscreen>
 <p>
 As you can see, sqlmap is very flexible: you can leave it automatically
 enumerate the whole database table up to a single column of a specific
 table entry.
 <sect2>Dump all databases tables entries
@ -2087,15 +2128,15 @@ $ python sqlmap.py -u "http://192.168.1.121/sqlmap/mysql/get_int.php?id=1&amp;ca
 Database: test
 Table: users
 [5 entries]
-+----+--------------------------------------------+-------------------+
+----+----------------------------------------------+-------------------+
 | id | name                                         | surname           |
-+----+--------------------------------------------+-------------------+
+----+----------------------------------------------+-------------------+
 | 1  | luther                                       | blissett          |
 | 2  | fluffy                                       | bunny             |
 | 3  | wu                                           | ming              |
 | 4  | sqlmap/0.6.1 (http://sqlmap.sourceforge.net) | user agent header |
 | 5  | NULL                                         | nameisnull        |
-+----+--------------------------------------------+-------------------+
+----+----------------------------------------------+-------------------+
 Database: information_schema
 Table: CHARACTER_SETS
@ -2179,15 +2220,15 @@ Table: spt_datatype_info_ext
 Database: master
 Table: users
 [5 entries]
-+----+--------------------------------------------+-------------------+
+----+----------------------------------------------+-------------------+
 | id | name                                         | surname           |
-+----+--------------------------------------------+-------------------+
+----+----------------------------------------------+-------------------+
 | 4  | sqlmap/0.6.1 (http://sqlmap.sourceforge.net) | user agent header |
 | 2  | fluffy                                       | bunny             |
 | 1  | luther                                       | blisset           |
 | 3  | wu                                           | ming              |
 | 5  | NULL                                         | nameisnull        |
-+----+--------------------------------------------+-------------------+
+----+----------------------------------------------+-------------------+
 [...]
 </verb></tscreen>
@ -3039,6 +3080,8 @@ back-end DBMS:  MySQL >= 5.0.0
 Option: <tt>--save</tt>
 <p>
 It is possible to save the command line options to a configuration INI
 file.
 <p>
 Example on a <bf>PostgreSQL 8.2.7</bf> target:
@ -3140,6 +3183,54 @@ banner:    'PostgreSQL 8.2.7 on i486-pc-linux-gnu, compiled by GCC cc (GCC) 4.2.
 </verb></tscreen>
 <sect2>Act in non-interactive mode
 <p>
 Option: <tt>--batch</tt>
 <p>
 If you want sqlmap to run as a batch tool, without interacting with you in
 case of a choice has to be done, you can force it by using <tt>--batch</tt>
 option than letting sqlmap go for a default behaviour.
 <p>
 Example on a <bf>MySQL 5.0.51</bf> target:
 <tscreen><verb>
 $ python sqlmap.py -u "http://192.168.1.121/sqlmap/mysql/get_int_str.php?id=1&amp;name=luther" -v 1 \
  --batch
 [hh:mm:22] [INFO] testing if GET parameter 'id' is dynamic
 [hh:mm:22] [INFO] confirming that GET parameter 'id' is dynamic
 [hh:mm:22] [INFO] GET parameter 'id' is dynamic
 [hh:mm:22] [INFO] testing sql injection on GET parameter 'id' with 0 parenthesis
 [hh:mm:22] [INFO] testing unescaped numeric injection on GET parameter 'id'
 [hh:mm:22] [INFO] confirming unescaped numeric injection on GET parameter 'id'
 [hh:mm:22] [INFO] GET parameter 'id' is unescaped numeric injectable with 0 parenthesis
 [hh:mm:22] [INFO] testing if GET parameter 'name' is dynamic
 [hh:mm:22] [INFO] confirming that GET parameter 'name' is dynamic
 [hh:mm:22] [INFO] GET parameter 'name' is dynamic
 [hh:mm:22] [INFO] testing sql injection on GET parameter 'name' with 0 parenthesis
 [hh:mm:22] [INFO] testing unescaped numeric injection on GET parameter 'name'
 [hh:mm:22] [INFO] GET parameter 'name' is not unescaped numeric injectable
 [hh:mm:22] [INFO] testing single quoted string injection on GET parameter 'name'
 [hh:mm:22] [INFO] confirming single quoted string injection on GET parameter 'name'
 [hh:mm:22] [INFO] GET parameter 'name' is single quoted string injectable with 0 parenthesis
 [hh:mm:22] [INFO] there were multiple injection points, please select the one to use to go ahead:
 [0] place: GET, parameter: id, type: numeric (default)
 [1] place: GET, parameter: name, type: stringsingle
 [q] Quit
 Choice: 0
 [hh:mm:22] [DEBUG] used the default behaviour, running in batch mode
 [...]
 back-end DBMS:	MySQL >= 5.0.0
 </verb></tscreen>
 <p>
 As you can see, sqlmap choosed automatically to injection on the first
 vulnerable parameter which is the default behaviour.
 <sect>Disclaimer
 <p>
--- a/doc/THANKS
+++ b/doc/THANKS
@ -87,12 +87,12 @@ M Simkin <mlsimkin@cox.net>
 Alessandro Tanasi <alessandro@tanasi.it>
    for extensively beta-testing sqlmap
-    for suggesting many features and reporting some minor bugs
+    for suggesting many features and reporting some bugs
 Efrain Torres <et@metasploit.com>
    for helping me out to improve the Metasploit Framework 3 sqlmap
-    auxiliary module and the integration with Metasploit WMAP framework
+    auxiliary module and the integration with Metasploit WMAP Framework
-    for his great Metasploit WMAP framework
+    for his great Metasploit WMAP Framework
 Sandro Tosi <matrixhasu@gmail.com>
    for helping to create sqlmap Debian package correctly
--- a/extra/msfauxmod/README.txt
+++ b/extra/msfauxmod/README.txt
@ -1,5 +1,11 @@
 To use Metasploit's sqlmap auxiliary module launch msfconsole and follow
-the example below:
+the example below.
 Note that if you are willing to run Metasploit's sqlmap auxiliary module on
 Metasploit Framework 3.0 or 3.1 you first need to copy wmap_sqlmap.rb to
 your <msf3 root path>/modules/auxiliary/scanner/http/ folder then launch
 msfconsole because this module has been officially integrated in Metasploit
 from the release 3.2.
 $ ./msfconsole