Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ac00014c4a 
							
						 
					 
					
						
						
							
							implemented --randomize switch by request  
						
						
						
					 
					
						2011-08-29 12:50:52 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							702ed73a65 
							
						 
					 
					
						
						
							
							Added --code switch to match in boolean-based tests against the HTTP response code  
						
						
						
					 
					
						2011-08-12 16:48:11 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0d6afca7db 
							
						 
					 
					
						
						
							
							adding new switch '--smart' by request  
						
						
						
					 
					
						2011-07-10 15:16:58 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c517e97a44 
							
						 
					 
					
						
						
							
							few fixes and minor cosmetics  
						
						
						
					 
					
						2011-07-08 06:02:31 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							aedcf8c8d7 
							
						 
					 
					
						
						
							
							Changed homepage address  
						
						
						
					 
					
						2011-07-07 20:10:03 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							93b296e02c 
							
						 
					 
					
						
						
							
							few bug fixes (NTLM credential parsing was wrong), some switch reordering (few Misc to General), implemented --check-waf switch (irony is that this will also be called highly experimental/unstable while other things will be called "major/turbo/super bug fix/implementation")  
						
						
						
					 
					
						2011-07-06 05:44:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d72db1bf91 
							
						 
					 
					
						
						
							
							minor update (all misc options are alphabetically ordered)  
						
						
						
					 
					
						2011-06-27 08:21:33 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							eaa2a4202f 
							
						 
					 
					
						
						
							
							changing to: --crawl=CRAWLDEPTH  
						
						
						
					 
					
						2011-06-24 05:40:03 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							07e2c72943 
							
						 
					 
					
						
						
							
							adding Beautifulsoup (BSD) into extras; adding --crawl to options  
						
						
						
					 
					
						2011-06-20 11:32:30 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6f681b45ad 
							
						 
					 
					
						
						
							
							cleaning up a bit for a configuration mess  
						
						
						
					 
					
						2011-06-16 11:42:13 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1d93a03eeb 
							
						 
					 
					
						
						
							
							introducing mnemonics  
						
						
						
					 
					
						2011-06-15 11:58:50 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d55a242908 
							
						 
					 
					
						
						
							
							minor improvement. messages are now warnings (not errors because lots of them are not causing problems for a normal usage) and most of all it's being checked only if the --dependencies is used (until now this switch has been ignored and turned on by default - always)  
						
						
						
					 
					
						2011-06-14 19:38:35 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a4328e914b 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-06-14 19:29:42 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8978fded03 
							
						 
					 
					
						
						
							
							typo fix  
						
						
						
					 
					
						2011-06-13 19:00:27 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							7152a1ed3b 
							
						 
					 
					
						
						
							
							Added --dependences to show which sqlmap dependences are not available  
						
						
						
					 
					
						2011-06-13 18:44:02 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f8dde2c23b 
							
						 
					 
					
						
						
							
							adding --titles switch (killer switch for pages with lots of dynamicity and/or international ones)  
						
						
						
					 
					
						2011-06-10 23:18:43 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							0d8d6a4ace 
							
						 
					 
					
						
						
							
							Cosmetics  
						
						
						
					 
					
						2011-06-08 16:08:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f65abdaae3 
							
						 
					 
					
						
						
							
							added switch --cookie-del by request  
						
						
						
					 
					
						2011-06-08 08:27:24 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4eeeb3655e 
							
						 
					 
					
						
						
							
							asking and skipping to the next google result page if no usable links found  
						
						
						
					 
					
						2011-06-07 23:24:17 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							faf7814869 
							
						 
					 
					
						
						
							
							fix for a fuzz "bug" reported by daniele.rivetti@yahoo.com  
						
						
						
					 
					
						2011-06-03 11:01:26 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fb23beef6f 
							
						 
					 
					
						
						
							
							most elegant way i could think of to deal with "collation incompatibilities" issue on some MySQL/UNION cases (affected about 5% of all targets tested)  
						
						
						
					 
					
						2011-05-22 19:14:36 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							cc07e5dc97 
							
						 
					 
					
						
						
							
							added --charset option to force charset encoding of the retrieved data (e.g. when the backend collation is different than the current web page charset) as requested by devon.mitchell1988@yahoo.com  
						
						
						
					 
					
						2011-05-17 22:55:22 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5ee07b90b9 
							
						 
					 
					
						
						
							
							added -m switch for bulk loading multiple targets  
						
						
						
					 
					
						2011-05-11 08:46:40 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6b66fce72c 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2011-05-10 20:52:43 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							192c685bc8 
							
						 
					 
					
						
						
							
							changing conf attribute to a more proper name  
						
						
						
					 
					
						2011-05-10 20:48:34 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							9a4ae7d9e2 
							
						 
					 
					
						
						
							
							More code refactoring of Backend class methods used  
						
						
						
					 
					
						2011-04-30 14:54:29 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							f56d135438 
							
						 
					 
					
						
						
							
							Minor code restyling  
						
						
						
					 
					
						2011-04-30 13:20:05 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							a5968fff3e 
							
						 
					 
					
						
						
							
							Added --count switch to count the number of entries for a specific table (when -T is provided), all database's tables (when only -D is provided) or all databases' tables when neither -D nor -T are provided  
						
						
						
					 
					
						2011-04-30 00:22:22 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							11124b21f9 
							
						 
					 
					
						
						
							
							implemented --mobile switch  
						
						
						
					 
					
						2011-04-29 19:27:23 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							edac0b2558 
							
						 
					 
					
						
						
							
							Added switch --schema to enumerate DBMS schema and now --columns does not require a mandatory table (-T) anymore, instead it will act as an alias for --schema  
						
						
						
					 
					
						2011-04-28 23:59:00 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8d8fc2bbd8 
							
						 
					 
					
						
						
							
							cosmetics  
						
						
						
					 
					
						2011-04-21 10:17:41 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b7efa255d6 
							
						 
					 
					
						
						
							
							minor update of usage string  
						
						
						
					 
					
						2011-04-19 20:14:56 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b79d4f70f3 
							
						 
					 
					
						
						
							
							cleaner solution for the problem solved with last commit  
						
						
						
					 
					
						2011-04-18 14:51:48 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f5cff067c6 
							
						 
					 
					
						
						
							
							little hack for --time-sec  
						
						
						
					 
					
						2011-04-18 14:46:18 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0387654166 
							
						 
					 
					
						
						
							
							update of copyright string (until year)  
						
						
						
					 
					
						2011-04-15 12:33:18 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							d324704844 
							
						 
					 
					
						
						
							
							Removed unused code  
						
						
						
					 
					
						2011-04-10 20:39:15 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							17844eb87c 
							
						 
					 
					
						
						
							
							Refactoring to --technique  
						
						
						
					 
					
						2011-04-07 10:00:47 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							05d12790f1 
							
						 
					 
					
						
						
							
							closes   #219  - unhidden switch --technique and adapted code accordingly (renamed conf.technique to conf.tech to fit properly in the -h help message)  
						
						
						
					 
					
						2011-04-06 14:41:44 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							adfbfef8c1 
							
						 
					 
					
						
						
							
							minor refactoring  
						
						
						
					 
					
						2011-03-29 21:01:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e20d460809 
							
						 
					 
					
						
						
							
							Bernardo will kill me (added --wizard for total beginners)  
						
						
						
					 
					
						2011-03-29 11:42:55 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a2d5358b08 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2011-03-28 23:40:46 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							9e900ccbac 
							
						 
					 
					
						
						
							
							minor comment update  
						
						
						
					 
					
						2011-03-28 23:12:04 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a61e287d23 
							
						 
					 
					
						
						
							
							making updates for dummy Windows users  
						
						
						
					 
					
						2011-03-28 23:09:19 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e42cdfd138 
							
						 
					 
					
						
						
							
							adding possibility to run only one live test (e.g. --run-case=8)  
						
						
						
					 
					
						2011-03-24 12:07:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ecbbfeba6e 
							
						 
					 
					
						
						
							
							introduction of --fresh-queries  
						
						
						
					 
					
						2011-03-24 10:08:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							bd75fd26e9 
							
						 
					 
					
						
						
							
							implementing a --page-rank switch as requested by l0rda@l0rda.biz  
						
						
						
					 
					
						2011-03-23 11:57:57 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1abcd507b8 
							
						 
					 
					
						
						
							
							hidding --group-concat switch  
						
						
						
					 
					
						2011-03-21 12:13:21 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							19e2ed9803 
							
						 
					 
					
						
						
							
							Layout fix  
						
						
						
					 
					
						2011-03-21 00:40:25 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							088c815567 
							
						 
					 
					
						
						
							
							minor update (exposing --tor switch)  
						
						
						
					 
					
						2011-03-19 18:28:51 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							00b9d85ffc 
							
						 
					 
					
						
						
							
							fix regarding bug report from andyroyalbattle@yahoo.it  
						
						
						
					 
					
						2011-03-18 16:26:39 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							99adbbeaa3 
							
						 
					 
					
						
						
							
							los cosmeticados  
						
						
						
					 
					
						2011-03-07 22:04:17 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							6e8ebd35f4 
							
						 
					 
					
						
						
							
							Hide switch -x (XML output format) as it is incomplete and bugged and won't make it for 0.9 stable  
						
						
						
					 
					
						2011-02-27 12:17:41 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d05bd75068 
							
						 
					 
					
						
						
							
							adding experimental for --group-concat  
						
						
						
					 
					
						2011-02-22 14:35:38 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							023a80c31c 
							
						 
					 
					
						
						
							
							Section explanation change to reflect recent enhancements  
						
						
						
					 
					
						2011-02-19 21:06:24 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							199f14df46 
							
						 
					 
					
						
						
							
							implementation of MySQL GROUP_CONCAT technique  
						
						
						
					 
					
						2011-02-15 00:28:27 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							9f7d666451 
							
						 
					 
					
						
						
							
							removing --method per request of buawig  
						
						
						
					 
					
						2011-02-12 19:50:27 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5f2fcd1eea 
							
						 
					 
					
						
						
							
							minor adjustment regarding "file" switches  
						
						
						
					 
					
						2011-02-10 19:55:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4295a78c5f 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-02-10 19:51:34 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b56a77e573 
							
						 
					 
					
						
						
							
							removing obsolete switches (--threshold, --excl-reg, --excl-str)  
						
						
						
					 
					
						2011-02-03 15:55:19 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1b9850b73a 
							
						 
					 
					
						
						
							
							revert of last commit (conf dictionary has a method "update" which caused if conf.update to True always :) )  
						
						
						
					 
					
						2011-02-03 12:21:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5edba2ffbc 
							
						 
					 
					
						
						
							
							minor change (conf.updateAll to conf.update)  
						
						
						
					 
					
						2011-02-03 11:13:39 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5f49e20cc8 
							
						 
					 
					
						
						
							
							adding --random-agent and removing -a  
						
						
						
					 
					
						2011-02-02 14:51:12 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							5f0114a2a8 
							
						 
					 
					
						
						
							
							Minor bug fix  
						
						
						
					 
					
						2011-02-02 14:06:40 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a6f2cd56ff 
							
						 
					 
					
						
						
							
							removed junky import  
						
						
						
					 
					
						2011-01-31 11:59:58 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ddf23ba7cc 
							
						 
					 
					
						
						
							
							refactoring  
						
						
						
					 
					
						2011-01-30 11:36:03 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3060c369a5 
							
						 
					 
					
						
						
							
							minor fix for previous commit  
						
						
						
					 
					
						2011-01-30 07:44:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1abf354630 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-30 07:41:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d63339ca26 
							
						 
					 
					
						
						
							
							minor bug fix  
						
						
						
					 
					
						2011-01-30 07:34:07 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e8883de2c6 
							
						 
					 
					
						
						
							
							minor update regarding unicode decoding of supplied arguments  
						
						
						
					 
					
						2011-01-29 23:01:39 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							367d0639f0 
							
						 
					 
					
						
						
							
							refactoring (class names should always be Capital cased)  
						
						
						
					 
					
						2011-01-28 16:36:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							539168dcca 
							
						 
					 
					
						
						
							
							sanitizeStr screws html error parsing in some cases as new lines are removed (FALSE positives here and there)  
						
						
						
					 
					
						2011-01-27 13:40:42 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6cc69f5e16 
							
						 
					 
					
						
						
							
							now --technique is appliable also after the injections have been identified  
						
						
						
					 
					
						2011-01-24 16:47:24 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f5ff78d40c 
							
						 
					 
					
						
						
							
							revert  
						
						
						
					 
					
						2011-01-23 11:21:27 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3a5f0760f6 
							
						 
					 
					
						
						
							
							minor optimization (only way to prematurely stop SAX parser)  
						
						
						
					 
					
						2011-01-23 10:12:01 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							bade0e3124 
							
						 
					 
					
						
						
							
							Major code refactoring - centralized all kb.dbms* info for both retrieval and set.  
						
						
						
					 
					
						2011-01-19 23:06:15 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							30d6791968 
							
						 
					 
					
						
						
							
							update regarding time based data retrieval  
						
						
						
					 
					
						2011-01-16 17:52:42 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1fa8f0cba7 
							
						 
					 
					
						
						
							
							code reviewing part 2  
						
						
						
					 
					
						2011-01-15 12:53:40 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fb9d7cdfaa 
							
						 
					 
					
						
						
							
							refactoring, code clearing and removal of obsolete switch --longest-common  
						
						
						
					 
					
						2011-01-14 14:37:03 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							2ac8debea0 
							
						 
					 
					
						
						
							
							Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS.  
						
						... 
						
						
						
						Minor bug fixes thanks to previous refactoring too. 
						
					 
					
						2011-01-13 17:36:54 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							2f5995a7eb 
							
						 
					 
					
						
						
							
							Added generic and mysql UNION tests from 1 to 25 columns.  
						
						... 
						
						
						
						Adapted config file and command line removing now outdated --union-test switch.
Minor bug fix.
Minor code refactoring.
Got rid of some debug messages, standardized logging of UNION tests. 
						
					 
					
						2011-01-11 22:56:21 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							300128042c 
							
						 
					 
					
						
						
							
							First big commit to move UNION query tests to detection phase - there are some improvements and tuning to do yet though.  
						
						... 
						
						
						
						Major refactoring to Agent.payload() method.
Minor bug fixes, some code refactoring and a lot of core adjustments here and there.
Added more checks for injection in GROUP BY and ORDER BY. 
						
					 
					
						2011-01-11 22:18:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2c23a59ba5 
							
						 
					 
					
						
						
							
							fix for one of those more complex bugs (comparison was returning None while original page and/or page template were already had already DBMS error inside)  
						
						
						
					 
					
						2010-12-24 12:13:48 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							017ea9e686 
							
						 
					 
					
						
						
							
							update  
						
						
						
					 
					
						2010-12-23 14:06:22 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8fd3e7ba1f 
							
						 
					 
					
						
						
							
							thread based data added  
						
						
						
					 
					
						2010-12-20 22:45:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							19d8733e9a 
							
						 
					 
					
						
						
							
							this is strictly for educational purposes  
						
						
						
					 
					
						2010-12-20 17:30:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							10a7a2dfb2 
							
						 
					 
					
						
						
							
							kids, don't use this at home  
						
						
						
					 
					
						2010-12-20 10:13:14 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							5fb04515d3 
							
						 
					 
					
						
						
							
							Added hidden (for the moment) switch --technique  
						
						
						
					 
					
						2010-12-09 13:47:17 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5764816891 
							
						 
					 
					
						
						
							
							minor cosmetics  
						
						
						
					 
					
						2010-12-03 22:28:09 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							a9d4b37987 
							
						 
					 
					
						
						
							
							Code cleanup and minor refactoring  
						
						
						
					 
					
						2010-12-03 10:51:27 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							089c16a1b8 
							
						 
					 
					
						
						
							
							Added tag <epayload> to the payloads.xml's <test> tag to define which payload to use when exploiting the test type.  
						
						... 
						
						
						
						Removed some useless tests.
Moved <error> from queries.xml to payloads.xml as it makes more sense.
Beeps at sql inj found only if --beep is provided.
Minor fix in order to be able to pickle advancedDict() objects.
Minor code refactoring.
Removed useless folders. 
						
					 
					
						2010-12-01 17:09:52 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							c8f943f5e4 
							
						 
					 
					
						
						
							
							Now, if the back-end dbms type has been identified by the detection engine, skips the fingerprint phase.  
						
						... 
						
						
						
						Major code refactoring and commenting to detection engine.
Ask user whether or not to proceed to test remaining parameters after an injection point has been identified.
Restore beep at SQL injection find.
Avoid reuse of same variable in DBMS handler code.
Minor adjustment of payloads XML file. 
						
					 
					
						2010-11-30 22:40:25 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8b9706656e 
							
						 
					 
					
						
						
							
							Got rid of unreliable 'ORDER BY' technique to detect UNION query SQL injection, consequently switch --union-tech has gone now.  
						
						... 
						
						
						
						Minor code refactoring too. 
						
					 
					
						2010-11-29 17:18:38 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							c22338ce90 
							
						 
					 
					
						
						
							
							Removed --error-test, --stacked-test and --time-test switches and adapted the code accordingly. This is due to the fact that the new XML based detection engine already supports all of those tests (and more).  
						
						
						
					 
					
						2010-11-29 11:47:58 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							7e3b24afe6 
							
						 
					 
					
						
						
							
							Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own.  
						
						... 
						
						
						
						All (hopefully) functionalities should still be working.
Added two switches, --level and --risk to specify which injection tests and boundaries to use.
The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work! 
						
					 
					
						2010-11-28 18:10:54 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							c23126547e 
							
						 
					 
					
						
						
							
							Improved --union-cols to accept a range to test for union SQL injection. By default it is 1-20.  
						
						
						
					 
					
						2010-11-19 15:48:24 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							ad17e9ed2a 
							
						 
					 
					
						
						
							
							Added new switch --union-char to be able to provide the character used in union-test and exploit (default is still NULL, but can be any)  
						
						
						
					 
					
						2010-11-19 14:56:20 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							17486e472a 
							
						 
					 
					
						
						
							
							Proper english (--postfix is now --suffix) and --string/--regexp does not necessarily need to match into the original response body, it might well be in the injected True condition only!  
						
						
						
					 
					
						2010-11-17 22:00:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							76c3f5768b 
							
						 
					 
					
						
						
							
							cosmetics  
						
						
						
					 
					
						2010-11-17 09:12:48 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							cccb565859 
							
						 
					 
					
						
						
							
							cosmetics  
						
						
						
					 
					
						2010-11-16 14:11:32 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b9d9f18939 
							
						 
					 
					
						
						
							
							added General cmdline group  
						
						
						
					 
					
						2010-11-16 14:09:09 +00:00