Commit Graph

972 Commits

Author SHA1 Message Date
Miroslav Stampar
f287ff3767 Trivial comment update 2018-03-21 14:29:54 +01:00
Miroslav Stampar
7d5a0ed2dc Use false-positive checks in dummy mode 2018-03-21 14:22:59 +01:00
Miroslav Stampar
74de40b9c5 Minor patch of a previous commit 2018-03-16 15:21:19 +01:00
Miroslav Stampar
6c2b7cff80 Minor patch of UNION checking logic 2018-03-16 15:11:04 +01:00
Miroslav Stampar
01fb07f68c Minor patch (message for --check-internet) 2018-03-16 14:28:37 +01:00
Miroslav Stampar
3c5e9e7559 Fixes #2982 2018-03-14 01:02:26 +01:00
Miroslav Stampar
fa4c1c5251 Some more PEPing (I hope that I haven't broke anything) 2018-03-13 13:45:42 +01:00
Miroslav Stampar
5380e8174b Safer WAF heuristics in case of URI injections 2018-03-11 03:20:33 +01:00
Miroslav Stampar
4cefff7e98 Bug fix (misencoding inside check waf payload) 2018-03-11 03:13:33 +01:00
Miroslav Stampar
d99151ce5a Minor update for --wizard mode 2018-02-27 12:37:45 +01:00
Miroslav Stampar
a16663f9a1 Minor refactoring 2018-02-07 16:05:41 +01:00
Miroslav Stampar
9e75bb7f68 Minor patch 2018-01-31 11:43:17 +01:00
Miroslav Stampar
8a122401aa Update of copyright years 2018-01-02 00:48:10 +01:00
Miroslav Stampar
66c1f72a16 Minor optimization 2017-12-29 13:04:52 +01:00
Miroslav Stampar
5326df1071 Minor grammar fix 2017-12-13 13:49:55 +01:00
Miroslav Stampar
8cef17b583 Minor just in case patch (error set in case of --string) 2017-12-12 11:18:17 +01:00
Miroslav Stampar
220dffbcfa Couple of wording updates 2017-12-04 13:59:35 +01:00
Miroslav Stampar
7c5b051d60 Fixes #2808 2017-11-29 15:59:00 +01:00
Miroslav Stampar
132a72c9bd Minor update of logging messages 2017-11-24 12:20:57 +01:00
Miroslav Stampar
26b81f58bb Fixes #2772 2017-11-13 11:19:25 +01:00
Miroslav Stampar
67b470245e Minor cleanup of NULL connection 2017-11-09 13:45:52 +01:00
Miroslav Stampar
58b87e4b6b Some more refactoring 2017-11-08 15:58:23 +01:00
Miroslav Stampar
496075ef20 Trivial refactoring 2017-10-31 10:10:22 +01:00
Miroslav Stampar
1f60dfc835 Minor patch for WAF mechanism 2017-10-16 11:42:11 +02:00
Miroslav Stampar
8c6b761044 Replacing doc/COPYING to LICENSE 2017-10-11 14:50:46 +02:00
Miroslav Stampar
12f802c70f Minor text update 2017-09-11 10:41:50 +02:00
Miroslav Stampar
96ffb4b911 Fixes #2693 2017-09-11 10:38:19 +02:00
Miroslav Stampar
cb2258fea4 Fixes #2603 2017-08-28 13:02:08 +02:00
Miroslav Stampar
c871cedae4 Adding hidden option '--force-dbms' to skip fingerprinting 2017-08-28 12:30:42 +02:00
Miroslav Stampar
8b0c50f25d Update related to the #2663 2017-08-23 13:17:37 +02:00
Miroslav Stampar
62ae149464 Minor patch 2017-07-29 03:35:05 +02:00
Miroslav Stampar
5745d650f8 Fixes #2635 2017-07-29 02:42:20 +02:00
Miroslav Stampar
0f9c81965b Implementation on request 2017-07-26 00:24:13 +02:00
Miroslav Stampar
d12b65d38c Fixes #2624 2017-07-25 23:32:30 +02:00
Louis-Philippe Huberdeau
e38267a61e Include tracking properties in the HAR to identify which test the requests were associated to 2017-07-18 15:46:52 -04:00
Miroslav Stampar
1678b606a2 Update for #2597 2017-07-03 16:55:24 +02:00
Louis-Philippe Huberdeau
0d756a8823 Parse request data and convert to HAR, include in injection data 2017-06-23 11:50:21 -04:00
Miroslav Stampar
864711b434 Minor improvement 2017-06-05 16:48:14 +02:00
Miroslav Stampar
996ad59126 Minor patch 2017-06-05 16:28:19 +02:00
Miroslav Stampar
359bfb2704 Minor adjustment 2017-05-26 14:14:35 +02:00
Miroslav Stampar
644ea2e3aa Minor patch 2017-05-26 14:08:08 +02:00
Miroslav Stampar
4ce08dcfa3 Patch for an Issue #2536 2017-05-17 00:22:18 +02:00
Miroslav Stampar
d3a08a2d22 Implementation for an Issue #2505 2017-05-07 23:12:42 +02:00
Miroslav Stampar
fc8eede952 Minor cleanup and one bug fix 2017-04-19 14:46:27 +02:00
Miroslav Stampar
c8a0c525fc Fixes #2489 2017-04-19 14:19:39 +02:00
Miroslav Stampar
5f2bb88037 Some code refactoring 2017-04-18 15:48:05 +02:00
Miroslav Stampar
7ebba5614a Moving brute from techniques to utils 2017-04-18 13:53:41 +02:00
Miroslav Stampar
d9a931f77a Minor cleanup 2017-04-14 13:14:53 +02:00
Miroslav Stampar
0e206da7c0 Minor patches (pydiatra) 2017-04-14 13:08:51 +02:00
Miroslav Stampar
9b3d229294 Fixes #2471 2017-04-10 19:21:22 +02:00
Miroslav Stampar
60e8c725f9 Fixes #2437 2017-03-12 23:24:13 +01:00
Miroslav Stampar
7960045cf9 Fixes #2277 and #2300 2017-02-27 13:58:07 +01:00
Miroslav Stampar
4b420e7579 Removing Google PageRank as it is dead now 2017-02-23 11:33:39 +01:00
Miroslav Stampar
38f16decef Update for an Issue #2384 2017-02-06 13:28:33 +01:00
Miroslav Stampar
03bbf552ef Patch for an Issue #2382 2017-02-06 11:14:45 +01:00
Miroslav Stampar
55272f7a3b New version preparation 2017-01-02 14:19:18 +01:00
Francisco Blas Izquierdo Riera (klondike)
025e9ac5b4
Fix the logic used for --param-exclude
The current logic will skip all existing parameters if no param-exclude is defined.
This breaks previous behaviour, makes it harder to use the tool and is quite confusing.

The new logic will always check the parameter is set before running any other checks instead of shortcircuit an empoty(always true) regexp.
2016-12-28 12:25:05 +01:00
Miroslav Stampar
89bbf5284c Adding new option --param-exclude on private request 2016-12-25 23:16:44 +01:00
Miroslav Stampar
edc6f47758 Some refactoring 2016-12-19 23:47:39 +01:00
Hanno Heinrichs
2cc604e356 Fix several typos 2016-10-26 21:41:57 +02:00
Miroslav Stampar
24eaf55dc8 Removing bad decision for -d (user should be able to choose) 2016-10-17 22:32:23 +02:00
Miroslav Stampar
6130185ac6 Minor consistency update with the wiki 2016-10-11 00:35:39 +02:00
Miroslav Stampar
171cf6f54d Minor fine tuning for SQLi heuristic check 2016-10-04 11:32:06 +02:00
Miroslav Stampar
dc8301689e Implementation for an Issue #2204 2016-10-02 11:13:40 +02:00
Miroslav Stampar
332726356c Minor language update 2016-09-29 14:03:46 +02:00
Miroslav Stampar
381deb68ff Implementation for an Issue #2137 2016-09-27 13:26:11 +02:00
Miroslav Stampar
7151df16f6 Adding extra validation step in case of boolean-based blind (e.g. if unexpected 500 occurs) 2016-09-27 11:21:12 +02:00
Miroslav Stampar
8994bf2dba Further dealing with time-based SQLi (Issue #1973) 2016-09-27 10:32:22 +02:00
Miroslav Stampar
09617c8243 Introducing extra validation property in case of time-based SQLi (HTTP code) - Issue #1973 2016-09-27 10:20:36 +02:00
Miroslav Stampar
556b4d289e Minor cosmetic patch (removing multiple same content '...appears...' messages) 2016-09-26 17:02:40 +02:00
Miroslav Stampar
1b48ff223d Adding initial support for Informix (Issue #552) 2016-09-23 12:33:27 +02:00
Miroslav Stampar
56a918c408 Minor refactoring 2016-09-20 10:03:00 +02:00
Miroslav Stampar
bcd62ecc5b Minor optimization (avoiding unnecessary deepcopies) 2016-09-20 09:56:08 +02:00
Miroslav Stampar
32dd4a938c Minor patch of message 2016-09-09 11:37:16 +02:00
Miroslav Stampar
6b91b7b7fa Minor cosmetics 2016-09-02 16:10:11 +02:00
Miroslav Stampar
cb43c03712 Definite patch for MemoryError(s) (fixes #1991) 2016-06-30 14:57:56 +02:00
Miroslav Stampar
8b4367d354 Revert of last commit 2016-06-26 01:42:21 +02:00
Miroslav Stampar
0a9d69a7d0 Minor patch 2016-06-26 01:10:47 +02:00
Miroslav Stampar
0175acd028 Bug fix (in some cases lack of warning message for SQLi appearing) 2016-06-23 17:52:37 +02:00
Miroslav Stampar
78fdb27a0b More improvements 2016-06-03 15:51:52 +02:00
Miroslav Stampar
350baf0a0a Minor update 2016-06-03 14:29:32 +02:00
Miroslav Stampar
9886b646eb Proper update regarding the last commit 2016-06-03 14:18:28 +02:00
Miroslav Stampar
c5197b99a0 Minor patch and minor improvement 2016-06-03 13:59:32 +02:00
Miroslav Stampar
0e65043c84 Minor adjustment 2016-06-03 09:48:49 +02:00
Miroslav Stampar
229d3a7dd0 Patch for cases when error page looks more like original, than the False one does 2016-05-30 16:46:23 +02:00
Miroslav Stampar
b965e5bf1c Minor refactoring 2016-05-30 16:06:39 +02:00
Miroslav Stampar
3bd74c5351 Minor patch 2016-05-30 15:20:21 +02:00
Miroslav Stampar
55624ec1a2 Minor message update 2016-05-30 14:40:22 +02:00
Miroslav Stampar
83b82a5e98 Bug fix (wrong handler used in case of DBMS resolution) 2016-05-30 10:32:49 +02:00
Miroslav Stampar
69fd900108 Adding waf script for detection of generic/unknown 2016-05-27 16:34:41 +02:00
Miroslav Stampar
de9f23939f Major bug fix in WAF/IDS/IPS detection (question 'do you want..to try to detect backend WAF/IPS/IDS' never worked) 2016-05-27 13:41:03 +02:00
Miroslav Stampar
7a2ac23f0b Adding new waf script (sitelock) 2016-05-27 02:13:01 +02:00
Miroslav Stampar
a5f8cae599 Fixes #1892 2016-05-24 17:58:35 +02:00
Miroslav Stampar
c395958dff Fixes #1888 2016-05-24 14:55:19 +02:00
Miroslav Stampar
798b539eec Minor update 2016-05-24 14:50:56 +02:00
Miroslav Stampar
f7cae68378 More formal language 2016-05-22 21:44:17 +02:00
Miroslav Stampar
f6ff1a115a Better (automatic) picking of a --string candidate (especially in case of international pages) 2016-05-22 21:29:08 +02:00
Miroslav Stampar
32ee586e2a Minor language update 2016-05-22 14:30:32 +02:00
Miroslav Stampar
6623c3f877 Pesky bug fix (nobody noticed :) 2016-05-22 14:22:31 +02:00
Miroslav Stampar
30a4173249 I like users which don't know the difference between detection and identification 2016-05-22 12:40:23 +02:00