Miroslav Stampar
6629233de5
Minor update
2013-02-14 10:18:40 +01:00
Miroslav Stampar
0a4605644e
Minor fix for previous commit
2013-02-13 16:31:03 +01:00
Miroslav Stampar
2b121c938b
Minor fix
2013-02-13 16:24:21 +01:00
Miroslav Stampar
c6d29e093e
Fixing issue with newlines after the data in -r mode
2013-02-13 12:36:01 +01:00
Miroslav Stampar
965fa04a33
Trivial update
2013-02-13 12:28:51 +01:00
Miroslav Stampar
d78a3e977b
Update (allowing regular char * to be inside SOAP/JSON/XML)
2013-02-13 12:24:42 +01:00
Miroslav Stampar
6314d64a70
Renaming --binary to --binary-fields
2013-02-13 11:27:03 +01:00
Miroslav Stampar
7c802ed8cc
Minor fix
2013-02-13 11:14:45 +01:00
Miroslav Stampar
dc41484b3f
Refactoring of funcionality for finding out if stacking is available
2013-02-13 09:57:16 +01:00
Miroslav Stampar
8b4f72322a
Adding (for now hidden) option --binary (works like -C but deliberately retrieves data in hex format and displays in hex format)
2013-02-13 09:56:44 +01:00
Miroslav Stampar
c34f6e25b2
Minor fix for --eval (urldecoded values should be used inside evaluation)
2013-02-12 17:01:47 +01:00
Miroslav Stampar
212e92ea01
Minor update regarding --load-cookies (warning about expired ones)
2013-02-12 14:29:56 +01:00
Miroslav Stampar
c67b39d14d
Update for a last update
2013-02-12 12:58:15 +01:00
Miroslav Stampar
72984a578d
Update for --load-cookies
2013-02-12 12:42:12 +01:00
Miroslav Stampar
c2672e78fc
Support for multiple injection marks inside the same header value (Issue #48 )
2013-02-12 12:06:13 +01:00
Miroslav Stampar
c75560ba69
Minor bug fix (getting ? in < 0xf char cases)
2013-02-11 21:16:35 +01:00
Miroslav Stampar
c0e59d94a9
Better naming
2013-02-08 16:28:58 +01:00
Miroslav Stampar
cdfe43560b
Update for an Issue #207 (and a potential patch for regression tests)
2013-02-08 16:20:48 +01:00
Bernardo Damele
d015bf98fc
renamed variable to avoid confusion
2013-02-07 14:19:07 +00:00
Bernardo Damele
07fe6d44fb
unnecessary condition here
2013-02-07 14:18:52 +00:00
Bernardo Damele
b477c56b52
first steps to allow multiple scans on the same taskid - issue #297
2013-02-07 00:05:26 +00:00
Bernardo Damele
5c8335876f
minor bug fix to make --disable-coloring work on log messages too
2013-02-06 21:04:54 +00:00
Bernardo Damele
477c66ac4b
minor refactoring and trivial bug fix
2013-02-06 17:45:25 +00:00
Bernardo Damele
f7d826fee1
first case where partial output is retrievable via RESTful API - issue #297
2013-02-05 14:43:03 +00:00
Miroslav Stampar
e836629215
Bug fixes for search (safeStringFormat should not replace all if given scalar values)
2013-02-05 11:37:49 +01:00
Bernardo Damele
9d04ae5db5
minor improvement to temporary folder name
2013-02-05 09:11:38 +00:00
Miroslav Stampar
6cab3d4759
Minor update
2013-02-04 16:46:08 +01:00
Miroslav Stampar
f4b8a3c1d8
Bug fix for boolean (multithreaded Ctrl+C) resumed values
2013-02-04 15:49:29 +01:00
Miroslav Stampar
5e4e863986
Bug fix (introduced with f1ab887c55
)
2013-02-04 15:31:28 +01:00
Miroslav Stampar
235153ab39
Removal of unused imports
2013-02-04 15:29:13 +01:00
Miroslav Stampar
7e1ff1bb8e
Same refactoring as the last commit
2013-02-04 15:26:44 +01:00
Bernardo Damele
9370f96a67
step by step getting there to partial output presentation to restful API (issue #297 ), not quite yet though..
2013-02-03 22:09:33 +00:00
Bernardo Damele
df3cc38cd9
minor improvements
2013-02-03 15:39:07 +00:00
Bernardo Damele
bd1ea13b8d
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-02-03 11:31:12 +00:00
Bernardo Damele
f8bc74758c
improvement to restful API to store to IPC database partial entries, not yet functional (issue #297 )
2013-02-03 11:31:05 +00:00
Miroslav Stampar
e7b93b5b66
Implementation for an Issue #363
2013-02-01 17:24:04 +01:00
Miroslav Stampar
6d942f92b5
Removing --check-payload (PHPIDS doesn't update rules lately; also, WAF/IDS/IPS is more than just regexes (unencoding, removing junk, etc.))
2013-02-01 10:03:06 +01:00
Miroslav Stampar
8d51b4b63a
Minor bug fix
2013-01-31 16:24:44 +01:00
Miroslav Stampar
d6606a8f31
Patch to prevent problems like Issue #381
2013-01-31 13:58:39 +01:00
Miroslav Stampar
cfcf8a3abb
Another update for an Issue #380 (--common-... switches)
2013-01-31 13:49:19 +01:00
Miroslav Stampar
2420a4b626
Update for an Issue #342 and #372
2013-01-31 10:01:52 +01:00
Miroslav Stampar
9b4eaa9272
Minor fix
2013-01-30 18:21:15 +01:00
Miroslav Stampar
fdea8ddea6
Starting to clean up a mess in Oracle's world of DISTINCT (part of Issue #342 and #372 )
2013-01-30 16:55:09 +01:00
Bernardo Damele
103045d284
variable renamed
2013-01-30 15:30:34 +00:00
Miroslav Stampar
f33bf06c88
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-30 11:38:20 +01:00
Bernardo Damele
6dfe91165d
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-30 10:34:51 +00:00
Bernardo Damele
8519717f25
minor fixes to --live-test
2013-01-30 10:32:56 +00:00
Miroslav Stampar
f391937083
Minor refactoring
2013-01-30 10:43:46 +01:00
Miroslav Stampar
d6fb0e8545
Update for an Issue #352
2013-01-30 10:38:11 +01:00
Miroslav Stampar
bd08ede117
Minor fine tuning
2013-01-29 21:06:02 +01:00
Miroslav Stampar
f41460f8d8
Better naming
2013-01-29 20:53:11 +01:00
Bernardo Damele
e8bd3c9c9f
cosmetics
2013-01-29 17:00:28 +00:00
Bernardo Damele
8f36f92dd3
minor fix
2013-01-29 16:23:30 +00:00
Bernardo Damele
c47b44e93f
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-29 15:38:16 +00:00
Bernardo Damele
9677e0f910
more data content types for API (issue #297 )
2013-01-29 15:36:19 +00:00
Bernardo Damele
92ae8145df
ignore any non-relevant string: avoid storing to the API, careful this can introduce bugs but it is necessary at this stage of development (issue #297 )
2013-01-29 15:35:51 +00:00
Bernardo Damele
bfce7210e6
improvements to the dump library to output to the API data fetched properly formatted (issue #297 )
2013-01-29 15:34:20 +00:00
Bernardo Damele
eeecb3fe2c
split init() into two separate functions for API purposes (issue #297 )
2013-01-29 15:33:16 +00:00
Miroslav Stampar
f4b7b3fd35
Minor cosmetics
2013-01-29 16:04:20 +01:00
Miroslav Stampar
9eca41bae2
Minor fix
2013-01-29 15:55:50 +01:00
Miroslav Stampar
a104de01d7
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-29 15:35:01 +01:00
Miroslav Stampar
7e73825ece
Minor cosmetics
2013-01-29 15:34:41 +01:00
Bernardo Damele
085495024f
minor adjustment
2013-01-29 01:44:57 +00:00
Bernardo Damele
f1ab887c55
major enhancement, code refactoring for issue #297
2013-01-29 01:39:27 +00:00
Bernardo Damele
cd4075f6a3
no raise, just pass at ctrl-c
2013-01-26 15:33:09 +00:00
Bernardo Damele
a0b9e0f1c5
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-25 17:11:38 +00:00
Bernardo Damele
195d17449e
first test of stdout/stderr redirect to a database when sqlmap is executed from restful API ( #297 )
2013-01-25 17:11:31 +00:00
Miroslav Stampar
c06f94e2c8
Fix for an Issue #378
2013-01-25 16:38:41 +01:00
Miroslav Stampar
8c84a16cb7
Minor style update for an Issue #377
2013-01-25 12:52:31 +01:00
Miroslav Stampar
194a9e7b88
Implementation for an Issue #377
2013-01-25 12:34:57 +01:00
Bernardo Damele
5b3c8d8991
first implementation of asynchronous inter-protocol communication between the sqlmap RESTful API and the sqlmap engine with SQLite
2013-01-24 12:57:24 +00:00
Miroslav Stampar
232f8d3585
Fix for an Issue #368
2013-01-23 13:36:17 +01:00
Bernardo Damele
5635776173
proper SQLite 2 library
2013-01-22 18:56:25 +00:00
Miroslav Stampar
719c7f622b
Probable fix for --technique=Q --dbms=Firebird (but also other potential issues with splitting of fields in expressions)
2013-01-22 15:51:06 +01:00
Miroslav Stampar
2ec828f1cb
Fix for an Issue #367
2013-01-22 14:27:17 +01:00
Miroslav Stampar
09c02c6c72
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-22 14:08:31 +01:00
Miroslav Stampar
15b0ab1b44
Fix for a 'no parameter found' problem when user says N on 'custom injection mark found in POST...'
2013-01-22 14:08:19 +01:00
Bernardo Damele
061aef57ba
missing import
2013-01-22 11:25:01 +00:00
Bernardo Damele
e558040810
minor fix to previous commit
2013-01-21 17:10:56 +00:00
Bernardo Damele
d43b04c582
better detection if vulnerable of not for regression test
2013-01-21 17:09:35 +00:00
Miroslav Stampar
b35a0810ef
Fix for an Issue #364
2013-01-21 17:01:52 +01:00
Miroslav Stampar
1e3f68c7ff
Rewriting some query crafting parts (especially those .find(' FROM '))
2013-01-21 16:15:38 +01:00
Miroslav Stampar
832d95984c
IFNULL-like mechanism now works on SQLite 2 too
2013-01-21 15:04:27 +01:00
Miroslav Stampar
c55a002f95
Language fix
2013-01-21 13:19:08 +01:00
Miroslav Stampar
80255433b0
Trivial style update
2013-01-21 13:18:34 +01:00
Miroslav Stampar
0e86175342
Adding new common function for further refactoring
2013-01-21 11:50:47 +01:00
Miroslav Stampar
3200134b3b
Fix for a regression test #30 test case fail (Firebird inline)
2013-01-21 10:12:54 +01:00
Bernardo Damele
3373e30808
minor fix for a bug introduced with commit 1ad9e26a21
2013-01-20 02:40:40 +00:00
Bernardo Damele
115be9d7b5
minor fixes
2013-01-20 01:26:46 +00:00
Miroslav Stampar
0a4f5d2e51
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-19 19:08:18 +01:00
Miroslav Stampar
e9641e30db
This last commit was in haste :)
2013-01-19 19:07:38 +01:00
Miroslav Stampar
6a87dd9225
Minor update (just for consistency with the rest of code)
2013-01-19 19:07:06 +01:00
Miroslav Stampar
979e108c87
Minor update (just for consistency with the rest of code)
2013-01-19 19:06:51 +01:00
Bernardo Damele
f89b25fdb6
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-19 18:04:38 +00:00
Bernardo Damele
adf97e630f
add possibility to provide a list of web server document root possible directories for web shell upload in --os-cmd and --os-shell for MySQL
2013-01-19 18:04:33 +00:00
Miroslav Stampar
9ce2395405
Minor refactoring
2013-01-19 18:40:44 +01:00
Miroslav Stampar
3f4c010370
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-19 18:28:52 +01:00
Miroslav Stampar
efe26ac3f8
In case that content-length header was not in a desired case ('Content-length') POST request file would fail badly (repeating original content-length header value)
2013-01-19 18:28:37 +01:00
Bernardo Damele
6a62292a3f
layout adjustment
2013-01-19 17:11:16 +00:00
Miroslav Stampar
bb6b89fe93
Patch for an Issue #360
2013-01-19 18:06:36 +01:00
Bernardo Damele
dcf2dcd03d
all we need to debug failed test cases while regression test run..
2013-01-19 17:04:57 +00:00
Bernardo Damele
f22fd396ef
write the test case name before it is run so if the test case crashes badly, we can trace back what test case it was at a later stage
2013-01-19 16:41:19 +00:00
Bernardo Damele
1923ef691e
just in case, add also the test case name inside the temp folder for debug purposes
2013-01-19 16:06:46 +00:00
Bernardo Damele
0e78fbef56
correctly format SQLi payload for inline query technique
2013-01-19 00:28:03 +00:00
Bernardo Damele
6be7eee8d6
more fixes
2013-01-18 23:35:16 +00:00
Bernardo Damele
56eaa073ce
fixed test cases for Firebird - #312
2013-01-18 23:32:39 +00:00
Bernardo Damele
1f4c6a8371
avoid blank line if password hashes have not been fetched
2013-01-18 22:10:36 +00:00
Bernardo Damele
1ad9e26a21
bug fix for ORDER BY users provided statements (issue #354 )
2013-01-18 21:40:50 +00:00
Miroslav Stampar
ac7709204a
Better fix for that page/headers/comparison --string candidate problem
2013-01-18 17:00:11 +01:00
Miroslav Stampar
8141d17985
Revert of previous commit (more care has to be done regarding headers dynamicity)
2013-01-18 16:49:35 +01:00
Miroslav Stampar
33094a118c
Fix for an Issue where '--string' is being automatically picked not looking properly in headers too
2013-01-18 16:35:09 +01:00
Miroslav Stampar
601eb1e49a
Unescaping is renamed to escaping
2013-01-18 15:40:37 +01:00
Bernardo Damele
a43202f3c0
updated copyright
2013-01-18 14:07:51 +00:00
Bernardo Damele
1bb061f68c
improvements to --live-test
2013-01-18 13:02:35 +00:00
Bernardo Damele
738ccb643d
minor output adjustment
2013-01-18 11:41:09 +00:00
Miroslav Stampar
33ea811c6c
Removing some unused stuff (mainly imports)
2013-01-18 11:50:02 +01:00
Miroslav Stampar
aa467cb54c
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-18 11:31:25 +01:00
Miroslav Stampar
17d36684b5
Removing obsolete proxy handling code (Python < 2.6)
2013-01-18 11:30:52 +01:00
Miroslav Stampar
4d5bae7131
Removing some obsolete functions
2013-01-18 11:18:56 +01:00
Miroslav Stampar
bcc907ce09
Minor update
2013-01-18 11:00:21 +01:00
Miroslav Stampar
d1008b45b5
Minor removal of unused function
2013-01-18 10:46:06 +01:00
Miroslav Stampar
caae773b2d
Minor removal of redundant code
2013-01-18 10:44:57 +01:00
Bernardo Damele
d66f7e22b1
more fixes to test cases
2013-01-18 09:32:05 +00:00
Miroslav Stampar
e941e60b20
Minor just in place update for an Issue #348
2013-01-17 22:44:55 +01:00
Bernardo Damele
1d6e642d41
fixed url
2013-01-17 21:29:00 +00:00
Miroslav Stampar
507f185b69
Revert of patch for an Issue #347
2013-01-17 18:38:37 +01:00
Miroslav Stampar
f7eda07d92
Patch for an Issue #347
2013-01-17 15:30:14 +01:00
Miroslav Stampar
a38b3e397c
Patch for an Issue #286
2013-01-17 14:17:39 +01:00
Miroslav Stampar
65273295e3
Implementing a check for an Issue #25
2013-01-17 13:56:04 +01:00
Miroslav Stampar
9428d1819e
Fix for an Issue #346
2013-01-17 12:03:02 +01:00
Miroslav Stampar
3ab4a5e36d
Fix for an Issue #345
2013-01-17 11:50:12 +01:00
Miroslav Stampar
51a77d1fe2
Minor update for an Issue #8
2013-01-17 11:37:45 +01:00
Miroslav Stampar
14b7e655a9
Minor refactoring
2013-01-16 16:33:04 +01:00
Miroslav Stampar
053b7d12b4
Minor language update
2013-01-16 16:07:12 +01:00
Miroslav Stampar
fb7243c237
Cleaning a mess where multi-threaded HTTP requests (in log) had sometimes same UIDs
2013-01-16 16:04:00 +01:00
Miroslav Stampar
c0a6e1c3a7
Finishing first usable prototype for an Issue #8
2013-01-16 14:54:37 +01:00
Miroslav Stampar
ff5ec48abd
Minor update for an Issue #8
2013-01-16 14:16:22 +01:00
Bernardo Damele
3464a70ac2
bug fix: without this generic concatenation of strings in concatQuery(), detection of UNION query SQLi only (--technique U) when the page did not disclose any DBMS error message and it was not MySQL (for which there are UNION SQLi specific payloads) was not detected
2013-01-16 01:53:33 +00:00
Bernardo Damele
542f6de72e
typo fix
2013-01-16 01:31:03 +00:00
Bernardo Damele
2a751e075d
more work on #342
2013-01-15 17:14:44 +00:00
Bernardo Damele
ec076f5f8a
write console output to temporary folder in any case the test case fails, even if no traceback is raised
2013-01-15 15:51:03 +00:00
Miroslav Stampar
7a1d484115
Implementation for an Issue #340
2013-01-15 16:05:33 +01:00
Bernardo Damele
c51358953a
add more Oracle system dbs
2013-01-15 14:51:29 +00:00
Bernardo Damele
3e2c3851f3
Make --live-test Metasploit integration cases work, added more test cases for PostgreSQL and code refactoring (issue #312 )
2013-01-14 13:42:50 +00:00
Bernardo Damele
515c1c6205
removed leftover
2013-01-14 10:26:22 +00:00
Bernardo Damele
83000de9e1
improved handling and storing of exceptions with --live-test ( #312 )
2013-01-14 10:23:40 +00:00
Bernardo Damele
8125fe90a7
code refactoring
2013-01-14 10:22:38 +00:00
Bernardo Damele
036b612bcb
bug fix to be able to write unicode chars to debug file
2013-01-14 01:11:42 +00:00
Miroslav Stampar
fc560f2b75
Minor revert and proper fix
2013-01-14 00:47:29 +01:00
Bernardo Damele
b74cfbf336
minor enhancements for debug purposes (issue #312 )
2013-01-13 23:15:56 +00:00
Bernardo Damele
fdd6075859
temporary patch to fix UNION query enumeration
2013-01-13 23:08:23 +00:00
Miroslav Stampar
92ea8841f8
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-13 16:23:09 +01:00
Miroslav Stampar
03dd958d96
Implementation for an Issue #48
2013-01-13 16:22:43 +01:00
Bernardo Damele
675e4a026b
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-11 13:31:49 +00:00
Bernardo Damele
41834e7a5b
working on #8 - still not usable though
2013-01-11 13:31:44 +00:00
Miroslav Stampar
bc4d8d3e02
Implementation for an Issue #332
2013-01-11 11:17:41 +01:00
Miroslav Stampar
5571d09354
Minor revert
2013-01-11 11:13:55 +01:00
Miroslav Stampar
ec4e49d771
Minor refactoring
2013-01-10 16:09:28 +01:00
Miroslav Stampar
1363f26367
Minor refactoring
2013-01-10 15:59:02 +01:00
Miroslav Stampar
834be1eddc
Restyling redundant 'except Exception' form
2013-01-10 15:54:28 +01:00
Miroslav Stampar
acfeeb4f51
Restyling old form of urlparse
2013-01-10 15:41:07 +01:00
Miroslav Stampar
8686c20fa5
Removing one obsolete instantiation line
2013-01-10 15:27:35 +01:00
Miroslav Stampar
934d41dac2
Minor style update (PEP8)
2013-01-10 15:02:28 +01:00
Miroslav Stampar
ca3d35a878
Some PEP8 related style cleaning
2013-01-10 13:18:44 +01:00
Miroslav Stampar
6cfa9cb0b3
Removing unused imports
2013-01-10 12:15:12 +01:00
Miroslav Stampar
05705857a9
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-10 12:09:48 +01:00
Miroslav Stampar
ca1c0c2a1d
Minor style update
2013-01-10 11:54:07 +01:00
Bernardo Damele
ca337159f5
added reminder TODO
2013-01-10 01:11:22 +00:00
Bernardo Damele
10f1099944
remove logging handler that shows logging messages to stdout - issue #297
2013-01-10 00:51:56 +00:00
Bernardo Damele
ccc3c3d1a3
minor fix to distinguish stdout from stderr
2013-01-10 00:51:05 +00:00
Bernardo Damele
2126a5ba12
minor index fix
2013-01-10 00:00:00 +00:00
Bernardo Damele
794700eb37
preparing to handle logging calls by a separate file descriptor when sqlmap is executed by the REST API - issue #297
2013-01-09 22:08:50 +00:00
Bernardo Damele
d120dc18d1
cleanup
2013-01-09 22:06:27 +00:00
Bernardo Damele
58a60562ac
avoid exiting with a traceback for missing dependency, handle properly at some point
2013-01-09 16:05:55 +00:00
Bernardo Damele
7f4ce4afbb
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-09 16:04:29 +00:00
Bernardo Damele
510ceb6e19
first attempt to have --os-pwn and other takeover switches work across Windows and Linux - issue #28
2013-01-09 16:04:23 +00:00
Miroslav Stampar
bf5544903b
Minor style update
2013-01-09 16:10:26 +01:00
Miroslav Stampar
9bdcb1176d
Update for an Issue #169
2013-01-09 15:58:13 +01:00
Miroslav Stampar
25f01a419f
Minor style update (for the sake of consistency over the code and our PEP8 adaptation)
2013-01-09 15:38:41 +01:00
Miroslav Stampar
bdd2592848
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-09 15:22:30 +01:00
Miroslav Stampar
3d4f381ab5
Patch for an Issue #169
2013-01-09 15:22:21 +01:00
Bernardo Damele
c44a829b9b
pass a pickled options object to sqlmap engine when called from API
2013-01-09 12:34:45 +00:00
Bernardo Damele
8457cff278
added variable to store the live test traceback if any
2013-01-09 12:33:18 +00:00
Bernardo Damele
f11747732e
added missing command line options
2013-01-09 12:30:13 +00:00
Miroslav Stampar
55a552ddc4
Update for an Issue #24
2013-01-08 10:55:25 +01:00
Miroslav Stampar
ad85c4c964
Minor refactoring for an Issue #295
2013-01-08 10:23:02 +01:00
Bernardo Damele
1e35b3c8c9
proper link
2013-01-07 16:59:59 +00:00
Miroslav Stampar
74552bea87
Cleaning some garbage (hard coded paths with linux native slashes)
2013-01-07 16:51:00 +01:00
Bernardo Damele
7fa75792dd
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-07 11:10:08 +00:00
Bernardo Damele
a30d7014b9
removed unused var
2013-01-07 11:05:33 +00:00
Miroslav Stampar
5b77b20e2e
Removing trailing whitespaces (PEP8)
2013-01-03 23:57:07 +01:00
Miroslav Stampar
82b468211d
Minor update
2013-01-03 23:38:29 +01:00
Miroslav Stampar
f340ce8b4b
Minor style update
2013-01-03 23:35:29 +01:00
Miroslav Stampar
1712603dce
Replacing deprecated has_key() with operator in (PEP8)
2013-01-03 23:28:07 +01:00
Miroslav Stampar
e4a3c015e5
Replacing old and deprecated raise Exception style (PEP8)
2013-01-03 23:20:55 +01:00
Miroslav Stampar
304e52cb4d
Minor language update
2013-01-02 22:11:59 +01:00
Miroslav Stampar
09f1cdd8e1
Minor style update
2013-01-02 21:52:50 +01:00
Miroslav Stampar
0795760255
Minor fix
2012-12-30 11:22:23 +01:00
Miroslav Stampar
648d91d790
Distinguishing invalid unicode from safe encoded characters (for proper potential decoding)
2012-12-27 22:43:39 +01:00
Miroslav Stampar
3d01890147
Patch for an Issue #56 (full target url is now being written to a output .CSV file in multi target mode)
2012-12-27 21:15:44 +01:00
Miroslav Stampar
6ae4590edc
Removing problematic per-MySQL LIMIT prefix
2012-12-26 19:48:01 +01:00
Miroslav Stampar
77625e5af7
Minor revert
2012-12-21 19:31:05 +01:00
Miroslav Stampar
00e55828e4
Minor style update
2012-12-21 15:06:03 +01:00
Miroslav Stampar
8b3e17ed4d
Minor update (better approach for those old NOT IN cases in MsSQL - instead of standard pivot dump table)
2012-12-21 14:52:47 +01:00
Miroslav Stampar
35728fa443
Fix (and some hidden bug fixes/improvements) regarding an Issue #317
2012-12-21 10:51:35 +01:00
Miroslav Stampar
b94a5d42d4
Removing a leftover
2012-12-21 09:49:09 +01:00
Miroslav Stampar
0a122ccce4
Related to an Issue #319
2012-12-21 09:47:58 +01:00
Miroslav Stampar
1073ebc697
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2012-12-20 20:51:41 +01:00
Bernardo Damele
912323c12d
minor bug fix ( #297 )
2012-12-20 17:05:44 +00:00
Bernardo Damele
7adaffa71b
fixed options initiation
2012-12-20 16:53:43 +00:00
Miroslav Stampar
8efe056671
Minor refactoring
2012-12-20 15:51:03 +01:00
Bernardo Damele
e9ab33e9dd
standalone REST API, code cleanup ( #297 )
2012-12-20 14:35:02 +00:00
Miroslav Stampar
63d9b7a1f8
No character shall be left forgotten (no more ? in case that character was not properly being decoded by used charset)
2012-12-20 12:23:37 +01:00
Miroslav Stampar
c2c4601d6e
Minor restyling
2012-12-20 11:06:52 +01:00
Bernardo Damele
076b4063e6
these edits got overwritten from last commits
2012-12-20 09:42:44 +00:00
Miroslav Stampar
3cbe60b586
Proper fix
2012-12-20 10:37:20 +01:00
Miroslav Stampar
0d1ea7f05a
Merge branch 'master' of github.com:sqlmapproject/sqlmap
...
Conflicts:
lib/core/testing.py
2012-12-20 10:37:11 +01:00
Miroslav Stampar
da93e77eb2
Proper fix
2012-12-20 10:34:51 +01:00
Bernardo Damele
ac77724970
attempt to handle standard input from --live-test
2012-12-20 09:30:48 +00:00
Bernardo Damele
2b6ee06de0
minor bug fix to correctly parse unicode chars
2012-12-20 09:30:13 +00:00
Miroslav Stampar
69310e47ce
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2012-12-20 09:54:39 +01:00
Miroslav Stampar
06d8213ffd
minor fix (reading of unicode xml files)
2012-12-20 09:53:08 +01:00
Bernardo Damele
86872956d5
minor bug fix (for PostgreSQL)
2012-12-19 22:55:31 +00:00
Bernardo Damele
77843f44fb
minor bug fix (issue #314 )
2012-12-19 22:49:02 +00:00
Bernardo Damele
357da43cea
slight improvement of live test engine and added misc test cases to xml
2012-12-19 17:28:41 +00:00
Bernardo Damele
85fcd27e2d
added support for random global variables
2012-12-19 15:58:06 +00:00
Bernardo Damele
12d34587cc
minor restyling
2012-12-19 14:34:34 +00:00
Bernardo Damele
326ff404fc
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2012-12-19 14:25:35 +00:00
Bernardo Damele
12eed58485
pointless restyling
2012-12-19 14:25:29 +00:00
Miroslav Stampar
37346fe8a3
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2012-12-19 15:23:57 +01:00
Miroslav Stampar
7ee98c7bff
Just for one girl out there waiting for this patch ;)
2012-12-19 15:23:38 +01:00
Bernardo Damele
3be90c97aa
forgot these
2012-12-19 14:12:45 +00:00
Bernardo Damele
cefb03c835
fixed bug related to issue #223
2012-12-19 14:12:09 +00:00
Bernardo Damele
27a12ae85b
restyling
2012-12-19 13:47:17 +00:00
Bernardo Damele
4b3b4eb374
commented out partial work
2012-12-19 13:47:04 +00:00
Bernardo Damele
3655d1f12a
revert change of name for now
2012-12-19 13:45:52 +00:00
Bernardo Damele
874e2176c6
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2012-12-19 13:43:00 +00:00
Bernardo Damele
4f0f729982
be more specific in standard output message as to whether or not the read file is same as remote file
2012-12-19 13:42:56 +00:00
Miroslav Stampar
23153e8088
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2012-12-19 14:29:08 +01:00
Miroslav Stampar
244901eda0
During --flush-session log file should be cleaned too (especially because of --live-tests)
2012-12-19 14:28:54 +01:00
Bernardo Damele
282aeb734f
ORDER BY does not play well with UNION query SQLi (related to issue #313 )
2012-12-19 13:21:16 +00:00
Bernardo Damele
128597ee7e
--run-case is now case insensitive
2012-12-19 12:45:46 +00:00
Bernardo Damele
b91c829103
minor bug fix (issue #310 )
2012-12-19 12:42:31 +00:00
Bernardo Damele
2bc2c0431c
fixed test cases
2012-12-19 12:33:37 +00:00
Bernardo Damele
9149d77cc8
removed duplicate code - fixes issue #310
2012-12-19 12:17:56 +00:00
Bernardo Damele
f5450e9f0e
layout adjustment
2012-12-19 11:39:38 +00:00
Miroslav Stampar
92e338251a
Finally working inference against MySQL/international letters (even chinese)
2012-12-19 10:44:02 +01:00
Miroslav Stampar
c9b8b51c9c
Update lib/core/common.py
...
Revert of last commit and try 2
2012-12-19 01:48:53 +01:00
Bernardo Damele
318fcee49c
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2012-12-19 00:30:26 +00:00
Bernardo Damele
3c7007097a
minor refactoring
2012-12-19 00:30:22 +00:00
Miroslav Stampar
50b846b5af
Update lib/core/common.py
...
Fixing wrong assumption in case of MySQL inference international character retrieval
2012-12-19 01:26:12 +01:00
Miroslav Stampar
9e2f0131b9
Update lib/core/agent.py
2012-12-18 20:25:00 +01:00
Bernardo Damele
326ed33f31
added support for comma separated list of files for --file-read - fixes issue #223
2012-12-18 17:55:21 +00:00
Bernardo Damele
58656bbeb5
minor bug fix, union query has to be limited 0, 0
2012-12-18 16:36:30 +00:00
Bernardo Damele
61a838bb35
added more test cases
2012-12-18 15:59:48 +00:00
Miroslav Stampar
88d8494b5a
Implementation for an Issue #307
2012-12-18 16:03:35 +01:00
Bernardo Damele
3c1b696bd6
removed more print statements
2012-12-17 13:35:32 +00:00
Bernardo Damele
9f47eb0a59
cleaner
2012-12-17 13:29:37 +00:00
Bernardo Damele
0500712a03
removed unuseful prints
2012-12-17 13:29:19 +00:00
Bernardo Damele
ac44cf3ec0
minor fix: add also back-end DBMS and web app fingerprint output to log file
2012-12-17 13:02:09 +00:00
Bernardo Damele
bbd2adb5fb
improvements to --live-test and added --stop-fail switch
2012-12-17 11:41:43 +00:00
Bernardo Damele
2926c815bf
improved test switch --live-test and minor refactoring
2012-12-17 11:29:33 +00:00
Bernardo Damele
0c3da5c7eb
code refactoring and first time logger is handled by a separate file descriptor (issue #297 )
2012-12-15 00:12:22 +00:00
Bernardo Damele
a2a71bb37b
cleanup from XML-RPC related stuff
2012-12-14 13:37:36 +00:00
Bernardo Damele
6e31e87de1
added initial support (hidden from -hh and not yet usable) for REST-JSON API
2012-12-14 02:49:25 +00:00
Miroslav Stampar
df0f08bc6a
Cleaning some (web upload based) garbage
2012-12-13 13:19:47 +01:00
Miroslav Stampar
5150172178
Minor update
2012-12-13 10:03:21 +01:00
Miroslav Stampar
fc4be0a77c
Minor fix
2012-12-12 16:45:29 +01:00
Miroslav Stampar
921000bd87
Another update for an Issue #287
2012-12-12 14:22:24 +01:00
Miroslav Stampar
c3f20a136f
Minor update for an Issue #287
2012-12-12 14:03:03 +01:00
Miroslav Stampar
a6448e8768
Update for an Issue #287
2012-12-12 11:54:59 +01:00
Miroslav Stampar
b9f6fc5f4e
First commit (and working one) for an Issue #287 (XML-RPC server)
2012-12-11 16:02:06 +01:00
Miroslav Stampar
b5884c7eda
Minor language update
2012-12-11 15:24:02 +01:00
Miroslav Stampar
760519dbe9
Removing redundant piece of code
2012-12-11 15:21:27 +01:00
Miroslav Stampar
a54c261496
Minor update for Issues #292 & #293 (only single alert per target)
2012-12-11 14:44:43 +01:00
Miroslav Stampar
5c2451d83c
Implementation for an Issue #293
2012-12-11 12:48:58 +01:00
Miroslav Stampar
562044577b
Implementation for an Issue #292
2012-12-11 12:02:06 +01:00
Miroslav Stampar
6433be8b3d
Style update
2012-12-10 17:20:04 +01:00
Miroslav Stampar
a024884ca7
Support for a HTTP parameter pollution (Issue #267 )
2012-12-10 11:55:31 +01:00
Miroslav Stampar
1f7644a691
Minor fix when user doesn't want custom injection char marker to be processed
2012-12-08 21:23:30 +01:00
Miroslav Stampar
0cbdaaecfa
Revert of 99e9412f74
(because of an Issue #289 )
2012-12-08 08:53:25 +01:00
Miroslav Stampar
1028afce37
Removal of leftovers
2012-12-06 14:15:44 +01:00
Miroslav Stampar
974407396e
Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods)
2012-12-06 14:14:19 +01:00
Miroslav Stampar
baccbd6f48
Implementation for an Issue #283
2012-12-06 11:57:57 +01:00
Miroslav Stampar
ab67344448
Removed unused imports and variables (pyflake-ing)
2012-12-06 11:15:05 +01:00
Miroslav Stampar
b6650add46
Introducing 'new style classes' (idea from Pull request #284 )
2012-12-06 10:42:53 +01:00
Miroslav Stampar
0f191f624c
Taking some goodies from Pull request #284
2012-12-06 10:21:53 +01:00
Miroslav Stampar
6b39e661a7
Fix for an issue #279
2012-12-05 12:15:14 +01:00
Miroslav Stampar
775e0df04b
Update for an Issue #278
2012-12-05 10:45:17 +01:00
Miroslav Stampar
6b007ab188
Minor patch for an Issue #274 (just in case to avoid this kind of problems)
2012-12-04 16:14:14 +01:00
Miroslav Stampar
e2aa695655
Minor update
2012-12-03 17:20:18 +01:00
Miroslav Stampar
42a8234c6f
Update for an Issue #12
2012-12-03 14:27:01 +01:00
Miroslav Stampar
79fca8e9d5
Fix for an Issue #268
2012-12-03 12:13:59 +01:00
Miroslav Stampar
8410fc5a9d
Minor update
2012-12-02 08:00:55 +01:00
redshark1802
1675386093
fixed typo that created an invalid configuration file with the option '--save'
2012-11-30 23:00:03 +01:00
Miroslav Stampar
5b61e9ce12
Minor update for an Issue #254
2012-11-30 11:43:50 +01:00
Miroslav Stampar
7e2db762d6
Minor update
2012-11-29 15:45:04 +01:00
Miroslav Stampar
8f10023523
Fix for an Issue #266
2012-11-29 15:44:14 +01:00
Miroslav Stampar
3b961c2550
Update for an Issue #254
2012-11-29 15:36:38 +01:00
Miroslav Stampar
a7e1e856d4
Fix for an Issue #260
2012-11-28 17:00:26 +01:00
Miroslav Stampar
35d1146fd1
Minor update for an (Issue #254 )
2012-11-28 12:53:11 +01:00
Miroslav Stampar
753d0f18bf
First CSS style added for a HTML table dump format (Issue #254 )
2012-11-28 12:46:43 +01:00
Miroslav Stampar
b6ea337937
First style-less prototype for an HTML dump output (Issue #254 )
2012-11-28 12:28:42 +01:00
Miroslav Stampar
e2d8b53e97
Minor update for an Issue #264
2012-11-28 11:45:33 +01:00
Miroslav Stampar
cff0c59630
Implementation for an Issue #264
2012-11-28 11:41:39 +01:00
Miroslav Stampar
5bf5b95588
More refactoring for an Issue #254
2012-11-28 11:16:00 +01:00
Miroslav Stampar
87a92ab330
Deprecating --replicate (Issue #254 )
2012-11-28 11:10:57 +01:00
Miroslav Stampar
f08eb0fd9f
Minor style update
2012-11-28 10:59:15 +01:00
Miroslav Stampar
d95dd2d16e
Preparation for an Issue #254
2012-11-28 10:58:18 +01:00
Miroslav Stampar
d490ffb163
Fix for an Issue #259
2012-11-27 11:45:22 +01:00
Miroslav Stampar
bd33128085
Fix for an Issue #262
2012-11-27 10:08:22 +01:00
Miroslav Stampar
38c96a366b
Patch for an Issue #260
2012-11-26 11:16:59 +01:00
Miroslav Stampar
ef2038f1c8
Implementation for an Issue #253
2012-11-21 10:16:13 +01:00
Miroslav Stampar
93e071fc33
Fix for an Issue #251
2012-11-20 11:19:23 +01:00
Miroslav Stampar
302348b0cd
Minor update
2012-11-19 11:59:28 +01:00
Miroslav Stampar
d37be5f97b
Fix for an Issue #248
2012-11-14 15:54:24 +01:00
Miroslav Stampar
9a54a911a8
Patch for an Issue #231
2012-11-14 11:30:29 +01:00
Miroslav Stampar
6f7f9dd8eb
Patch for an Issue #242
2012-11-13 10:41:13 +01:00
Miroslav Stampar
a52dbc575b
Patch for an Issue #246
2012-11-13 10:21:11 +01:00
Miroslav Stampar
f305dde413
Patch for an Issue #235
2012-11-10 11:01:29 +01:00
Miroslav Stampar
181c3534f0
Patch for an Issue #237
2012-11-08 19:16:37 +01:00
Miroslav Stampar
e7e83defaa
Minor update
2012-11-08 11:09:34 +01:00
Miroslav Stampar
1ee0d9ce5e
Fix for an Issue #229
2012-11-05 15:58:54 +01:00
Miroslav Stampar
2de52927f3
Code refactoring (epecially Google search code)
2012-10-30 18:38:10 +01:00
Miroslav Stampar
5cfc066ac4
Minor update
2012-10-30 10:30:22 +01:00
Miroslav Stampar
7c7aff12c6
Update for an Issue #225
2012-10-30 01:26:19 +01:00
Miroslav Stampar
b0f5b4f9bc
Update for an Issue #225
2012-10-30 00:59:31 +01:00
Miroslav Stampar
a9094a35fe
Fix for an Issue #227
2012-10-30 00:20:49 +01:00
Miroslav Stampar
1d07b93730
Bug fix for --os-shell on MySQL (it was not working for a long time because of this)
2012-10-29 15:45:30 +01:00
Miroslav Stampar
5358d85d37
Important refactoring for web-based functionality
2012-10-29 15:09:05 +01:00
Miroslav Stampar
81ccf28785
Minor refactoring
2012-10-29 14:08:48 +01:00
Miroslav Stampar
359e734954
Minor refactoring
2012-10-29 10:48:49 +01:00
Miroslav Stampar
c1eb803ef5
Bug fix for MsSQL --hex --technique=E (NOT IN based queries were not working properly)
2012-10-28 21:16:51 +01:00
Miroslav Stampar
25a5073281
Bug fix for --hex/--technique=B (especially MsSQL)
2012-10-28 12:22:33 +01:00
Miroslav Stampar
8617fe0d65
Bug fix for international letters decoded with --hex on MsSQL
2012-10-28 11:50:16 +01:00
Miroslav Stampar
ca427af8b3
Minor refactoring/improvement
2012-10-28 01:42:08 +02:00
Miroslav Stampar
43ddf39bea
Minor refactoring
2012-10-28 01:16:02 +02:00
Miroslav Stampar
bcdba7b7bb
Dealing with rare cases when getIdentifiedDbms is needed prior to DBMS isfingerprinted and there are multiples of dbmses inside details
2012-10-28 01:11:50 +02:00
Miroslav Stampar
c1b8226329
Massive renaming (proper naming is inband = union & error techniques! - query naming stays as they are/in code things like forgeInbandQuery are renamed to forgeUnionQuery)
2012-10-28 00:36:09 +02:00
Miroslav Stampar
965d7eee17
Minor bug fix for a reflection removal mechanism
2012-10-26 00:06:15 +02:00
Miroslav Stampar
8a5844a364
Implementation for an Issue #222
2012-10-25 13:21:32 +02:00
Miroslav Stampar
12fc9442b9
Tamper function(s) refactoring (really no need for returning headers as they are passed by reference)
2012-10-25 10:10:23 +02:00
Miroslav Stampar
65ec715828
Fix for an Issue #218
2012-10-25 00:03:00 +02:00
Miroslav Stampar
5477c9f7ba
Fix for an Issue #216
2012-10-24 22:59:46 +02:00
Miroslav Stampar
056be32ac1
Fix for Issue #213
2012-10-23 17:06:31 +02:00
Miroslav Stampar
4365c48e83
Minor style update
2012-10-23 14:38:24 +02:00
Miroslav Stampar
06f226c494
Fix for an Issue #211
2012-10-23 14:37:45 +02:00
Miroslav Stampar
b82eb3a1ae
Fix for an Issue #210
2012-10-23 13:58:25 +02:00
Miroslav Stampar
f2bbf1ead9
Fix for raw_input raising EOFError and KeyboardInterrupt on Ctrl-C (Windows platform)
2012-10-23 11:05:00 +02:00
Miroslav Stampar
5ff2e33c43
Minor fix
2012-10-23 10:54:26 +02:00
Miroslav Stampar
68d5faa287
Minor update
2012-10-23 10:46:17 +02:00
Miroslav Stampar
f11a640e99
Undo of a previous commit (pdb left inside)
2012-10-22 14:39:35 +02:00
Miroslav Stampar
b913e2123d
Displaying hex-decoded resulting output in --hex mode
2012-10-22 14:39:11 +02:00
Miroslav Stampar
39f565533a
In case on --no-cast DUMP_REPLACEMENTS should not be used
2012-10-22 14:13:30 +02:00
Miroslav Stampar
d65d9e25cd
Implementation for an Issue #2
2012-10-19 11:02:14 +02:00
Miroslav Stampar
64b4586883
Minor update
2012-10-18 11:36:12 +02:00
Miroslav Stampar
ea49fa2db2
Fix for an Issue #206
2012-10-18 11:11:20 +02:00
Miroslav Stampar
1cb2ca4195
Minor update
2012-10-18 10:55:27 +02:00
Miroslav Stampar
2cb1b054bb
Implementation for an Issue #79
2012-10-16 12:32:58 +02:00
Miroslav Stampar
3e64ab214e
Minor update
2012-10-16 10:28:59 +02:00
Miroslav Stampar
8b57e1fce6
Minor update for an Issue #203
2012-10-15 23:15:52 +02:00
Miroslav Stampar
048e720f69
Minor refactoring for an Issue #203
2012-10-15 17:55:57 +02:00
Miroslav Stampar
9aba690a60
Patch for an Issue #203
2012-10-15 16:23:41 +02:00
Miroslav Stampar
e440b096c5
Fix for an Issue #202
2012-10-15 12:24:30 +02:00
Miroslav Stampar
56832fe9c4
Better adjustTimeDelay() candidate algorithm
2012-10-11 14:23:53 +02:00
Miroslav Stampar
e61c4c22c9
Implementation for an Issue #200
2012-10-09 15:19:47 +02:00
Miroslav Stampar
cd9a47835b
Minor consistency update
2012-10-09 14:48:26 +02:00
Miroslav Stampar
8c5fb1b064
Minor update
2012-10-09 14:46:45 +02:00
Miroslav Stampar
ea12ccec77
Minor refactoring
2012-10-09 11:33:19 +02:00
Miroslav Stampar
10b0fd21dc
Fix for an Issue #198
2012-10-09 11:27:19 +02:00
Miroslav Stampar
8e7449ccd5
Minor update
2012-10-07 20:28:24 +02:00
Miroslav Stampar
ebc7088f94
Implementation for an Issue #128
2012-10-05 10:24:09 +02:00
Miroslav Stampar
098e446ca4
Adding support for generic XML POST data
2012-10-04 18:44:12 +02:00
Miroslav Stampar
8865fe69d7
Minor cleanup
2012-10-04 18:26:07 +02:00
Miroslav Stampar
d464678e10
Minor update for an Issue #49
2012-10-04 18:01:42 +02:00
Miroslav Stampar
84b05e2d18
Better treating of numeric values (Issue #49 )
2012-10-04 16:08:37 +02:00
Miroslav Stampar
31aa9be1c7
Minor update
2012-10-04 15:40:11 +02:00
Miroslav Stampar
9129dac77b
Minor fix for an Issue #134
2012-10-04 15:33:26 +02:00
Miroslav Stampar
5d2b534908
Minor update (Issue #49 )
2012-10-04 15:23:01 +02:00
Miroslav Stampar
5b59b6feb4
Removing junk part
2012-10-04 12:09:09 +02:00
Miroslav Stampar
d570e25b1b
Minor workflow update
2012-10-04 12:05:59 +02:00
Miroslav Stampar
eddc634ceb
Minor improvement (custom injection marks are now processed in order of appearance)
2012-10-04 11:52:40 +02:00
Miroslav Stampar
3764d230be
Minor fix for Issue #197 and Issue #49
2012-10-04 11:43:37 +02:00
Miroslav Stampar
461e5ebc5f
Work for Issue #197 and Issue #49
2012-10-04 11:25:44 +02:00
Miroslav Stampar
bcbf0571a5
Implementation for an Issue #49
2012-10-02 14:23:58 +02:00
Miroslav Stampar
763dc98311
Minor refactoring
2012-10-02 13:36:15 +02:00
Miroslav Stampar
687f3991de
Cleaning/refactoring of bunch of stacked/suffix/comment stuff (e.g.
2012-09-26 11:27:43 +02:00
Miroslav Stampar
6bc5f44b20
Minor just in case update for an Issue #195 (safer behavior on forced charsets)
2012-09-25 15:09:07 +02:00
Miroslav Stampar
efe4c13ed1
Update regarding suffixQuery (user supplied --suffix should nullify any eventual payload comments)
2012-09-25 14:36:15 +02:00
Miroslav Stampar
fccdb824bb
Patch for an Issue #193
2012-09-25 11:21:39 +02:00
Miroslav Stampar
c9e7e71ea2
Implementation for an Issue #195
2012-09-25 10:17:25 +02:00
Miroslav Stampar
9ca7b3e20e
Implementation for an Issue #194
2012-09-25 09:25:35 +02:00
Miroslav Stampar
d175decdfc
Fix for an Issue #190
2012-09-22 20:59:40 +02:00
Miroslav Stampar
9a1fbb8941
Fix for an Issue #185
2012-09-13 14:22:26 +02:00
Miroslav Stampar
a64438fb5c
Minor language update
2012-09-11 19:45:40 +02:00
Miroslav Stampar
05dced5418
Minor language update
2012-09-11 19:43:03 +02:00
Miroslav Stampar
511c3b8dcc
Update and fix for an Issue #182
2012-09-11 14:58:52 +02:00
Miroslav Stampar
f26ea04e38
Fix for an Issue #175
2012-09-07 17:06:38 +02:00
Miroslav Stampar
e4bc471f81
Fix for an Issue #173
2012-09-07 10:09:19 +02:00
Miroslav Stampar
a3baf94e9b
Minor style update
2012-09-07 10:09:00 +02:00
Miroslav Stampar
cea5127ffd
Update for an Issue #6
2012-09-06 15:51:38 +02:00
Miroslav Stampar
c3d191e626
Minor update for an Issue #2
2012-09-06 14:13:54 +02:00
Miroslav Stampar
1e238b5a5a
Minor update
2012-09-06 13:36:34 +02:00
Miroslav Stampar
f6716cf7c0
Fix for an Issue #170
2012-09-01 23:52:00 +02:00
Miroslav Stampar
2170e64ca5
Minor bug fix
2012-08-31 19:48:45 +02:00
Miroslav Stampar
33980adaef
Another update for an Issue #79
2012-08-31 12:46:38 +02:00
Miroslav Stampar
7286d89cb6
Few fixes for an Issue #79 (problem with case sensitivity of request get_header)
2012-08-31 12:15:09 +02:00
Miroslav Stampar
2806185989
Minor refactoring
2012-08-31 10:43:06 +02:00
Miroslav Stampar
74a5d41272
Minor update for an Issue #79
2012-08-31 10:24:47 +02:00
Miroslav Stampar
a89d61415a
'Patch' for an Issue #167
2012-08-29 21:29:27 +02:00
Miroslav Stampar
9674b174ee
One more minor update related to last commit
2012-08-23 15:37:17 +02:00
Miroslav Stampar
b79247c197
Minor update
2012-08-23 15:22:14 +02:00
Miroslav Stampar
e9ae44c6fc
Implementation for an #162
2012-08-22 16:50:01 +02:00
Miroslav Stampar
a62a874d59
Update for an Issue #161 (changing default readInput value regarding the conf.multipleTargets)
2012-08-22 16:06:09 +02:00
Miroslav Stampar
52351e5d81
Update for an Issue #161 (now detecting format error messages too)
2012-08-22 15:51:47 +02:00
Miroslav Stampar
a6d743ec4c
Minor console output fix (redundant newline has been displayed in case of rawInput)
2012-08-22 14:43:57 +02:00
Miroslav Stampar
8a5042b6a4
Update for an #161 (preventing further skipping of non-heuristic parameters in ignore casted case)
2012-08-22 11:56:30 +02:00
Miroslav Stampar
61151447fe
Implementation of an Issue #161
2012-08-22 11:27:58 +02:00
Miroslav Stampar
2c66ca39f1
Wrong limit number has been used (MySQL LIMIT/OFFSET starts with 0)
2012-08-22 09:53:53 +02:00
Miroslav Stampar
ad59abe018
Cleaning leftover
2012-08-21 14:37:09 +02:00
Miroslav Stampar
1b86fffc6d
Fix for an Issue #157
2012-08-21 14:36:04 +02:00
Miroslav Stampar
d421f9a618
Fix for an Issue #157
2012-08-21 14:34:19 +02:00
Miroslav Stampar
1bcf5a6b88
Some more dict refactorings
2012-08-21 11:30:01 +02:00
Miroslav Stampar
01f481c332
Minor refactoring of dictionaries
2012-08-21 11:19:15 +02:00
Miroslav Stampar
b7415d36df
Minor refactoring
2012-08-21 10:28:25 +02:00
Miroslav Stampar
8ee9feafb9
Making payloads a bit shorter (removing redundant space after comma character - e.g. in inband queries)
2012-08-20 21:57:25 +02:00
Miroslav Stampar
823dde73ab
Minor cleanup
2012-08-20 11:40:49 +02:00
Miroslav Stampar
e0d9fa8666
Minor style update
2012-08-20 11:28:41 +02:00
Miroslav Stampar
59078bb1b8
Fix for an Issue #154
2012-08-20 10:05:13 +02:00
Miroslav Stampar
4649450603
Fix for an Issue #137
2012-08-16 22:20:24 +02:00
Miroslav Stampar
0d8fca30c9
Fix for an Issue #59
2012-08-16 11:31:43 +02:00
Miroslav Stampar
1af81c0de4
Implementation of an Issue #149
2012-08-15 22:31:25 +02:00
Miroslav Stampar
f358ab2e73
Implementation of an Issue #147
2012-08-15 16:37:18 +02:00
Miroslav Stampar
36b55cf209
Proper fix for an Issue #145
2012-08-14 22:28:42 +02:00
Miroslav Stampar
ab35ab4e2a
Fix for an Issue #145
2012-08-14 18:52:45 +02:00
Miroslav Stampar
432b567584
Fix for an Issue #141
2012-08-08 00:03:58 +02:00
Miroslav Stampar
31ceb0cb6c
Fix for an Issue #140
2012-08-07 10:57:29 +02:00
Miroslav Stampar
fec8a5cc9d
Fix for an Issue #139
2012-08-07 00:50:58 +02:00
Miroslav Stampar
f797a6d813
Fix for an Issue #125
2012-07-31 13:06:45 +02:00
Miroslav Stampar
6f529542e3
Making those --string tips (containing escaped characters) decodable by sqlmap
2012-07-31 11:32:53 +02:00
Miroslav Stampar
142fc887f1
Fix for an Issue #129
2012-07-31 11:03:44 +02:00
Miroslav Stampar
bdbe8ff9d9
Fix for an Issue #132
2012-07-30 22:39:45 +02:00
Miroslav Stampar
b9ac50faef
Minor bug fix
2012-07-30 12:09:20 +02:00
Miroslav Stampar
a86f9798b2
Minor refactoring together with a wider support for html entities
2012-07-30 11:21:32 +02:00
Miroslav Stampar
20a66567a3
Minor refactoring
2012-07-30 10:06:14 +02:00
Miroslav Stampar
1669c6bdb4
Another update for an Issue #28
2012-07-27 17:05:21 +02:00
Miroslav Stampar
6ffc5665d0
Update for Issue #28
2012-07-27 16:29:33 +02:00
Bernardo Damele
92c2b3bd4c
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2012-07-26 23:11:11 +01:00
Bernardo Damele
d492291744
working on issue #12
2012-07-26 23:11:07 +01:00
Miroslav Stampar
efa99c4519
Implementation for an Issue #4
2012-07-26 14:07:05 +02:00
Miroslav Stampar
b3552494c4
Minor preparation for an Issue #48
2012-07-26 12:26:57 +02:00
Miroslav Stampar
3e9f1fe410
Minor style update
2012-07-26 12:13:16 +02:00
Miroslav Stampar
30f8d09651
Implementation for an Issue #70
2012-07-26 12:06:02 +02:00
Miroslav Stampar
231f0f76b5
Fix for an Issue #119
2012-07-26 00:49:51 +02:00
Miroslav Stampar
cba77410a9
Minor style update
2012-07-26 00:08:49 +02:00
Miroslav Stampar
18b1d1efd6
Fix for an Issue #121
2012-07-26 00:02:38 +02:00
Miroslav Stampar
922ea9d1f4
Update for Issue #118
2012-07-24 15:43:29 +02:00
Miroslav Stampar
f8c9868cb6
Implementation for an Issue #118
2012-07-24 15:34:50 +02:00
Miroslav Stampar
42f518b2d6
Minor update for letting unhandledExceptionMessage() do it's job if kb has not yet been initialized
2012-07-24 14:44:44 +02:00
Miroslav Stampar
b820975217
Improvement of decodeIntToUnicode()
2012-07-23 19:31:06 +02:00
Miroslav Stampar
ab9cb80602
Implementing Issue #111
2012-07-23 15:14:52 +02:00
Miroslav Stampar
6809449e31
Minor style update
2012-07-23 15:06:49 +02:00
Miroslav Stampar
a7d1a0c250
Implementation for an Issue #117
2012-07-23 14:14:22 +02:00
Miroslav Stampar
1b6cb9442f
Fix for an Issue #114
2012-07-21 23:31:36 +02:00
Miroslav Stampar
95e0d46e3e
Fix for an Issue #110
2012-07-21 09:15:54 +02:00
Miroslav Stampar
dcf8a27f12
Implementation for an Issue #67
2012-07-18 14:24:10 +02:00
Miroslav Stampar
4fc462c4d9
Minor update for an Issue #105
2012-07-18 14:09:04 +02:00
Miroslav Stampar
655dd55a6f
Implementation of an Issue #105
2012-07-18 13:32:34 +02:00
Miroslav Stampar
08244c7ebf
Fix for an Issue #104
2012-07-17 15:05:50 +02:00
Miroslav Stampar
e30646a54f
Fix for an Issue #103
2012-07-17 10:36:22 +02:00
Miroslav Stampar
d6ceb7af5e
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2012-07-17 00:19:52 +02:00
Miroslav Stampar
81d15e5051
Fix for an Issue #101
2012-07-17 00:19:33 +02:00
Bernardo Damele
5f876bdbbe
minor adjustments
2012-07-16 22:50:29 +01:00
Miroslav Stampar
c96e44b30c
Fix for an Issue #100
2012-07-16 23:28:01 +02:00
Miroslav Stampar
ffbbb10abb
Support for dotted identificator names
2012-07-16 23:13:21 +02:00
Miroslav Stampar
0eff977c63
Refactoring for Issue #91
2012-07-16 12:24:54 +02:00
Miroslav Stampar
4d759984b2
Implementation for Issue #91
2012-07-16 12:12:52 +02:00
Miroslav Stampar
c1a14257a4
Removing --disable... switches and making changes in default choice(s) for respectable sections
2012-07-16 11:31:51 +02:00
Miroslav Stampar
07a85874fe
Implementation for Issue #92
2012-07-16 11:07:47 +02:00
Miroslav Stampar
87ecf205cb
More work for Issue #66
2012-07-14 17:01:04 +02:00
Miroslav Stampar
38d82771be
Minor style update
2012-07-14 11:23:22 +02:00
Miroslav Stampar
805120ac52
Minor refactoring
2012-07-14 11:01:30 +02:00
Miroslav Stampar
9a7fc24ec2
Minor style update
2012-07-13 15:22:08 +02:00
Miroslav Stampar
32b700f130
Minor style update
2012-07-13 15:02:11 +02:00
Miroslav Stampar
fbb5db00ba
Minor style update
2012-07-13 15:00:39 +02:00
Miroslav Stampar
786686da60
Minor language update
2012-07-13 14:53:42 +02:00
Miroslav Stampar
3c81f74823
Minor style update
2012-07-13 12:22:37 +02:00
Miroslav Stampar
6ade007aec
Minor update of language
2012-07-13 12:13:04 +02:00
Miroslav Stampar
c5ecc8b8db
Closing work on Issue #83
2012-07-13 11:23:21 +02:00
Miroslav Stampar
48f68bd076
First commit for Issue #83
2012-07-13 10:35:22 +02:00
Miroslav Stampar
d834e8debf
Minor update
2012-07-13 10:28:03 +02:00
Miroslav Stampar
b11fd8b9f7
Fix for an Issue #87
2012-07-13 10:11:16 +02:00
Bernardo Damele
162da75a04
modified homepage address
2012-07-12 18:38:03 +01:00
Miroslav Stampar
a49d685eb8
Hidding --beep (Issue #84 )
2012-07-12 17:03:24 +02:00
Miroslav Stampar
569c9214bf
Adding support for boldifying important logging messages
2012-07-12 16:30:35 +02:00
Miroslav Stampar
b2fe1c30f8
Minority report
2012-07-12 16:04:01 +02:00
Miroslav Stampar
8e18514e56
Minor refactoring for all that stickyness
2012-07-12 15:58:45 +02:00
Miroslav Stampar
fe61bdce75
Minor update
2012-07-12 15:25:26 +02:00
Miroslav Stampar
dbbca16c69
Minor renaming
2012-07-12 15:24:40 +02:00
Miroslav Stampar
9bc24cea6b
Dealing with kb.currentMessage issue
2012-07-12 15:23:35 +02:00
Miroslav Stampar
b320dc118d
Minor fix (recognizing if it's colorizing handler or not)
2012-07-12 14:55:54 +02:00
Miroslav Stampar
65639cdda6
First update for Issue #75 (error-based dumping)
2012-07-12 14:31:28 +02:00
Miroslav Stampar
3fd5119f3f
Redesigning for Issue #75
2012-07-12 13:42:22 +02:00
Bernardo Damele
3d66e2dfb1
minor bug fix
2012-07-12 10:47:51 +01:00
Bernardo Damele
ee3aeb8dcf
actual implementation of issue #75 , still some work to do
2012-07-12 01:16:00 +01:00
Bernardo Damele
a5924739f6
minor code refactoring in preparation of ticket #75
2012-07-12 01:12:30 +01:00
Bernardo Damele
53c0336b48
added --hostname switch to retrieve DBMS server hostname - closes issue #69
2012-07-12 00:01:57 +01:00
Bernardo Damele
4e64c1126d
restored bold on questions to users (calls from readInput()) - issue #77
2012-07-11 22:56:11 +01:00
Bernardo Damele
247f95e051
restored kb.currentMessage - needed in cases where we send to dataToStdout() strings like "." (e.g. "creation in progres ..... done")
2012-07-11 22:48:27 +01:00
Bernardo Damele
2b3ea3e3b7
fixed colouring for PAYLOAD (-v 3) - issue #77
2012-07-11 22:40:52 +01:00
Miroslav Stampar
15ee5310d9
Adding traffic in and out to color_map
2012-07-11 20:42:18 +02:00
Miroslav Stampar
43cac2212b
Fix for a case when ColorizingStreamHandler is not used
2012-07-11 20:36:32 +02:00
Miroslav Stampar
72378d4f61
Some more refactoring
2012-07-11 20:29:48 +02:00
Miroslav Stampar
c6464b44be
Some more refactoring
2012-07-11 20:13:23 +02:00
Miroslav Stampar
d7926b8aac
Minor refactoring
2012-07-11 19:54:21 +02:00
Bernardo Damele
53ccd09ca4
now also readInput() uses colouring
2012-07-11 17:53:32 +01:00
Bernardo Damele
02ec25b4b8
code refactoring
2012-07-11 17:44:23 +01:00
Bernardo Damele
77b275f1a6
conf->kb
2012-07-11 17:32:12 +01:00
Bernardo Damele
1d2c87e24e
leftover
2012-07-11 17:22:01 +01:00
Bernardo Damele
105ac8ea77
deleted unnecessary hg file
2012-07-11 17:06:56 +01:00
Bernardo Damele
fa2f6f9a39
colourize manually crafter "logging" messages
2012-07-11 16:48:30 +01:00
Bernardo Damele
f219b39980
minor fix in case ctypes is not installed on Windows
2012-07-10 13:08:37 +01:00
Miroslav Stampar
8caffac4bc
conf.unescape->kb.unescape
2012-07-10 10:55:04 +02:00
Miroslav Stampar
e7f78bf04f
Fix for an issue where False value was displayed for --is.. switches
2012-07-10 10:31:14 +02:00
Bernardo Damele
ea77e7d9d1
added missing file - issue #77
2012-07-10 03:00:21 +01:00
Bernardo Damele
eb7ffb8f91
setup for implementing logging colouring - issue #77
2012-07-10 02:54:37 +01:00
Bernardo Damele
0a3899858d
missed in previous commit
2012-07-10 01:37:53 +01:00
Bernardo Damele
a27f50ed1d
added conf.unescape global variable to control whether or not the injected statements should be unescaped
2012-07-10 01:37:16 +01:00
Bernardo Damele
f645ac6040
dealing with variables in SQL procs - issue #33
2012-07-10 01:05:03 +01:00
Bernardo Damele
2527554f8e
more work on #33
2012-07-10 00:53:07 +01:00
Bernardo Damele
c4af7b9aa0
initial work for issue #33
2012-07-10 00:27:08 +01:00
Bernardo Damele
d3da3f5c52
refactoring for issue #51
2012-07-10 00:19:32 +01:00
Bernardo Damele
99c5ea54f7
cleanup for #34
2012-07-09 12:39:43 +01:00
Miroslav Stampar
3ff28e58b4
Update regarding Issue #52
2012-07-08 19:24:25 +02:00
Miroslav Stampar
0d539a876d
Minor fix (subversion->github)
2012-07-07 23:49:34 +02:00
Miroslav Stampar
a525dd4336
Fix for Issue #72
2012-07-07 19:02:46 +02:00
Miroslav Stampar
f00a776d8d
Minor fix for BigArray (now accepting negative indexes)
2012-07-07 10:35:29 +02:00
Miroslav Stampar
8c871476ee
Some more refactoring
2012-07-06 17:34:40 +02:00
Miroslav Stampar
6bc0b34031
Some more refactoring
2012-07-06 17:28:01 +02:00
Miroslav Stampar
e948e4d45b
Some more refactoring
2012-07-06 17:18:22 +02:00
Miroslav Stampar
438a636973
Fix for issue Issue #60
2012-07-06 15:36:32 +02:00
Miroslav Stampar
6a05e3fd79
Fix for Issue #61
2012-07-06 14:24:44 +02:00
Miroslav Stampar
1ebff35b19
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2012-07-06 12:25:21 +02:00
Miroslav Stampar
982fcde1c0
Fix for Issue #62
2012-07-06 12:24:55 +02:00
Bernardo Damele
4fa6d51d93
improved issues link
2012-07-05 16:26:50 +01:00
Miroslav Stampar
c3c1b9e957
Minor restyling
2012-07-04 20:28:18 +02:00
Miroslav Stampar
23fb753759
Finishing work on Issue #52
2012-07-03 22:13:01 +02:00
Miroslav Stampar
40fc6488bf
Fix for Issue #56 (Google has changed few things for retrieving PR)
2012-07-03 21:00:18 +02:00
Miroslav Stampar
bbf41f6658
Removing debugging leftover
2012-07-03 16:50:05 +02:00
Miroslav Stampar
ada627a022
Another update for Issue #52
2012-07-03 16:49:34 +02:00
Miroslav Stampar
70f754f6c5
Making work on Issue #52
2012-07-03 16:34:11 +02:00
Bernardo Damele
793fa464e3
website url fix
2012-07-03 13:14:39 +01:00
Miroslav Stampar
481b46a004
Restyling output for Issue #52
2012-07-03 13:06:52 +02:00
Miroslav Stampar
3af1532700
Implementation for Issue #54
2012-07-03 12:09:18 +02:00
Miroslav Stampar
5af6ca58a0
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2012-07-03 00:50:45 +02:00
Miroslav Stampar
168aeadf76
Adding switch --output-dir (Issue #53 )
2012-07-03 00:50:23 +02:00
Bernardo Damele
04d803c7fd
more tweaking for issue #34 , it's totally not as trivial as it may look (OPENROWSET has many limitations on MSSQL >= 2005)
2012-07-02 15:02:00 +01:00
Miroslav Stampar
8eefe4b71f
Getting back revision number - displayed like in GitHub commits (Issue #52 )
2012-07-02 13:01:20 +02:00
Bernardo Damele
7b4ecd9df0
added skeleton code for issue #34 , still not usable
2012-07-02 00:22:34 +01:00
Bernardo Damele
4736d46677
just in case..
2012-07-02 00:00:46 +01:00
Bernardo Damele
03d2c9c818
placeholder message when --update is provided, remove when the function is updated to pull changes from git
2012-07-01 23:59:44 +01:00
Miroslav Stampar
d7cd55fb28
Fix for Issue #47
2012-07-01 11:05:04 +02:00
Miroslav Stampar
21d9ae0a2c
some more refactoring
2012-07-01 01:19:54 +02:00
Miroslav Stampar
f6509db31a
minor refactoring
2012-07-01 00:33:19 +02:00
Miroslav Stampar
e51d3a02f1
Update for Issue #43 (renamed --disable-cracking to --disable-hash)
2012-06-28 18:53:47 +02:00
Miroslav Stampar
18b596ea75
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2012-06-28 18:48:18 +02:00
Miroslav Stampar
c8bac658f3
Fix for Issue #43
2012-06-28 18:47:55 +02:00
Miroslav Stampar
2a72fcce2b
Fix for Issue #42
2012-06-28 13:55:30 +02:00
jekil
c39e5a85ba
Removed $id$ tags
2012-06-27 20:56:43 +02:00
Miroslav Stampar
ea5d483c86
session file no more
2012-06-21 11:19:30 +00:00
Miroslav Stampar
ec44e88db8
lots of refactoring regarding removal of already obsolete session file mechanism
2012-06-21 10:09:10 +00:00
Miroslav Stampar
1e67b4f0b9
minor fix
2012-06-20 14:16:26 +00:00
Miroslav Stampar
302d782a0f
minor style update
2012-06-19 08:33:51 +00:00
Miroslav Stampar
452ef202ae
minor fixes
2012-06-17 22:48:23 +00:00
Miroslav Stampar
b9f6943a42
minor update
2012-06-17 21:23:12 +00:00
Miroslav Stampar
06be7bbb18
few just in case fixes (unarrayizeValue in dumpTable entries) and and some refactoring (unique is now not done for every union case but only if detected that there are duplicates in union test)
2012-06-15 20:41:53 +00:00
Miroslav Stampar
76c873a222
minor fix
2012-06-15 06:22:44 +00:00
Miroslav Stampar
76584ff0fa
unhidding --test-filter
2012-06-14 14:36:53 +00:00
Miroslav Stampar
d2dd47fb23
some more refactoring
2012-06-14 13:52:56 +00:00
Miroslav Stampar
3a90105fbb
minor refactoring
2012-06-14 13:38:53 +00:00
Miroslav Stampar
1204eb00b2
minor fix
2012-06-14 12:46:32 +00:00
Miroslav Stampar
19c0efec59
just a minor refactoring
2012-06-14 09:10:28 +00:00
Miroslav Stampar
a51d8c4c79
replacing identifier safe char " with [] enclosing for MsSQL
2012-06-13 15:27:42 +00:00
Miroslav Stampar
367de838c1
minor update
2012-06-13 14:08:32 +00:00
Miroslav Stampar
d7f698fa14
minor update
2012-06-11 22:01:13 +00:00
Miroslav Stampar
058a9c59a2
fix for a bug noticed in a multi target run (log files weren't saved properly - removed buffering as it didn't produce any noticeable results)
2012-06-05 22:40:55 +00:00
Miroslav Stampar
f94ebe3107
minor fix (credentials were only set for the first target)
2012-06-04 22:30:12 +00:00
Miroslav Stampar
7b282b1d6c
adding support for newer SSL protocols
2012-06-04 19:46:28 +00:00
Miroslav Stampar
10b0639a96
making a "--exact" switch on demand (choosing exact identifier names by default instead of LIKE)
2012-06-04 09:24:46 +00:00
Miroslav Stampar
b1d82422a0
changing conf.dnsDomain to conf.dName just because of long text problems in help listing
2012-05-28 14:15:04 +00:00
Miroslav Stampar
76eeba10e2
unhiding --dns-domain switch
2012-05-27 18:41:06 +00:00
Miroslav Stampar
71ff081fde
minor update
2012-05-27 09:11:19 +00:00
Miroslav Stampar
d335ec0c34
turning back on time auto-adjustment mechanism (if turned off) after a threshold run of valid chars
2012-05-26 07:00:26 +00:00
Miroslav Stampar
db526bdbc0
minor update (tainted values are not checked any more in multipleTargets mode)
2012-05-25 09:52:17 +00:00
Miroslav Stampar
c394610740
adding switch --skip-urlencode to skip URL encoding of POST data
2012-05-24 23:30:33 +00:00
Miroslav Stampar
86fdad2bfa
minor update
2012-05-24 22:07:50 +00:00
Miroslav Stampar
eed8d7eb5d
finalizing support for IPv6
2012-05-24 21:55:57 +00:00
Miroslav Stampar
b6d37d766a
minor update regarding IPv6 support
2012-05-24 21:49:20 +00:00
Miroslav Stampar
92286104e3
minor just in case update
2012-05-24 21:39:10 +00:00
Miroslav Stampar
3e9c57d177
minor fix
2012-05-24 21:36:35 +00:00
Miroslav Stampar
be76928293
minor fix
2012-05-24 20:53:01 +00:00
Miroslav Stampar
2538e2d5b4
fixing an issue with --file-read and ROW() MySQL payload (it's internal caching mechanism prevents error message if FROM part is not unique enough dumping only partial file content); minor refactoring
2012-05-22 09:33:22 +00:00
Miroslav Stampar
2c057d5b3d
minor style update
2012-05-21 22:40:52 +00:00
Miroslav Stampar
bbfa4b6d5d
minor update
2012-05-14 14:38:16 +00:00
Miroslav Stampar
333f8057a5
minor fix (when redirected path has non-ASCII char and conf.url is unicode) and bits along with pieces
2012-05-14 14:06:43 +00:00
Miroslav Stampar
595f69fa2c
minor language update
2012-05-10 18:30:25 +00:00
Miroslav Stampar
35f400b45b
minor language upgrade
2012-05-10 18:25:12 +00:00
Miroslav Stampar
80aedbe284
adding a warning about --tor switch
2012-05-10 18:17:32 +00:00
Miroslav Stampar
b81fe42d4b
turning off null connection on -o when --tor used (not compatible)
2012-05-10 17:50:54 +00:00
Miroslav Stampar
efdd86ddcc
minor just in case patch
2012-05-10 14:22:34 +00:00
Miroslav Stampar
6367f59b98
minor code refactoring
2012-05-10 14:15:17 +00:00
Miroslav Stampar
1418ae9767
little refactoring of parseUnionPage together with a patch for some special case
2012-05-09 18:47:40 +00:00
Miroslav Stampar
37f2709197
making a generic solution for all "Generic comment"/MsAccess cases (it's the only DBMS which doesn't accept --, hence replacing generic comment with %00 for it)
2012-05-09 09:08:23 +00:00
Miroslav Stampar
64c241fe92
limiting original UNION query results to only 1 result (potentially speeding things up in some cases)
2012-05-08 13:45:53 +00:00
Miroslav Stampar
a121339395
automatically writing uncracked hashes to a file for eventual further processing
2012-05-08 10:46:05 +00:00
Miroslav Stampar
96299d3d5d
minor refactoring
2012-05-03 22:34:18 +00:00
Miroslav Stampar
cc28f6db6b
minor update
2012-05-01 20:43:16 +00:00
Miroslav Stampar
17efeaae7f
causing too much confusion among dummy users
2012-05-01 09:04:11 +00:00
Miroslav Stampar
694b14111f
skipping suffix if comment is used in agent.suffixQuery (and --suffix not explicitly set)
2012-04-27 13:16:51 +00:00
Miroslav Stampar
6f67dc85ee
adding --invalid-bignum (Havij like bignum style for invalidating/negating values); renaming --logical-negate to --invalid-logical
2012-04-25 20:29:07 +00:00
Miroslav Stampar
cec432f94d
minor update
2012-04-23 14:43:59 +00:00
Miroslav Stampar
697768c01a
adding --purge-output to be one of mandatory switches
2012-04-23 14:42:24 +00:00
Miroslav Stampar
d57d5e4b2c
minor update
2012-04-23 14:33:36 +00:00
Miroslav Stampar
1eecfb3dce
adding new file related to the last commit
2012-04-23 14:25:16 +00:00
Miroslav Stampar
095b25e1d1
adding option '--purge'
2012-04-23 14:24:23 +00:00
Miroslav Stampar
be2da77bf8
minor update
2012-04-23 10:15:04 +00:00
Miroslav Stampar
21c6b52198
minor fix
2012-04-23 10:11:00 +00:00
Miroslav Stampar
2b1b4c0742
minor fix
2012-04-18 10:01:04 +00:00
Miroslav Stampar
6ebb621228
adding support for (custom) POST injection (marking injection point with '*' in conf.data)
2012-04-17 14:23:00 +00:00
Miroslav Stampar
efd27d7ade
minor renaming
2012-04-17 08:41:19 +00:00
Miroslav Stampar
601d118c68
reverting back to UNION ALL scheme (UNION is doing another DISTINCT on data causing problems on some column types)
2012-04-15 16:59:03 +00:00
Miroslav Stampar
052d9455fe
warning user in cases of "User xyz already has more than 'max_user_connections' active connections"
2012-04-12 09:44:54 +00:00
Miroslav Stampar
c7422546e1
tiny update
2012-04-11 23:01:38 +00:00
Miroslav Stampar
2bad73a981
minor update
2012-04-11 21:48:44 +00:00
Miroslav Stampar
e195de2093
correcting comment on reflective removal function
2012-04-11 21:41:48 +00:00
Miroslav Stampar
b45ae10da4
minor fixes
2012-04-11 21:36:37 +00:00
Miroslav Stampar
627bfc589f
some more updates in reflective removal mechanism
2012-04-11 21:26:00 +00:00
Miroslav Stampar
8b130f6497
minor improvement for reflective values (when missing first part of payload like in error reports)
2012-04-11 15:01:28 +00:00
Miroslav Stampar
01bd5d0ab2
some more updates for reflective mechanism
2012-04-11 10:41:33 +00:00
Miroslav Stampar
2e92d8636e
improvement of reflective mechanism
2012-04-11 08:58:03 +00:00
Miroslav Stampar
60ca44e0cf
minor adjustment
2012-04-11 08:35:09 +00:00
Miroslav Stampar
8541222080
minor update
2012-04-10 22:26:42 +00:00
Miroslav Stampar
9c2f244d47
minor fix
2012-04-10 22:20:53 +00:00
Miroslav Stampar
119eec3598
improving "boolean detection" by automatic recognition of convenient --string candidate
2012-04-10 21:48:34 +00:00
Miroslav Stampar
8c6eb4faa9
adding support for PgSQL DNS data exfiltration
2012-04-07 14:06:11 +00:00
Miroslav Stampar
b2afa87e48
reading page responses in chunks, trimming unnecessary content (especially for large table dumps in full inband cases)
2012-04-06 08:42:36 +00:00
Miroslav Stampar
2223c884e5
minor refactoring
2012-04-05 12:55:26 +00:00
Miroslav Stampar
02924eb345
minor update
2012-04-04 23:47:06 +00:00
Bernardo Damele
d106fb5184
layout adjustments
2012-04-04 12:27:24 +00:00
Miroslav Stampar
1b2cd44255
proper fix
2012-04-04 10:35:52 +00:00
Miroslav Stampar
7031ef8e00
removing default values for referer and host from higher level/risk options
2012-04-04 10:34:27 +00:00
Miroslav Stampar
b0787f193c
getting rid of obsolete getCompiledRegex (in newer versions of Python regexes are already cached)
2012-04-03 14:34:15 +00:00
Miroslav Stampar
33bb9c5f19
much cleaner approach in that "flat" representation of retrieved items in union technique
2012-04-03 13:56:11 +00:00
Miroslav Stampar
e05109812f
minor improvements regarding data retrieval through DNS channel
2012-04-03 09:18:30 +00:00
Miroslav Stampar
2c28423cb8
minor update
2012-04-02 14:57:15 +00:00
Miroslav Stampar
1cd3c3f7af
further update of DNS data retrieval mechanism through SQLi
2012-04-02 14:05:30 +00:00
Miroslav Stampar
1e01203562
few just in case "patches"
2012-04-02 12:58:10 +00:00
Miroslav Stampar
d908d078dd
minor fix
2012-04-02 12:27:30 +00:00
Miroslav Stampar
abffc39929
minor update regarding DNS data retrieval task
2012-04-02 12:22:40 +00:00
Miroslav Stampar
f7a664b120
enablind DNS server for DNS data exfiltration
2012-03-31 12:08:27 +00:00
Miroslav Stampar
8be9cd4ac4
bug fix (on Linux machine when os.geteuid() returns an integer value !=0 it was then returned and interpreted as TRUE value)
2012-03-31 10:22:50 +00:00
Miroslav Stampar
56638f9e95
making --no-cast unhidden and renaming --negative-logic to --logical-negate to prevent confusion with stuff used in OR boolean based injection
2012-03-30 10:50:01 +00:00
Miroslav Stampar
79c3d6f2aa
minor update
2012-03-30 10:37:46 +00:00
Miroslav Stampar
637a8d8273
improvement toward proper implementation of OR-based injection by usage of "negative logic" mechanism
2012-03-29 14:33:27 +00:00
Miroslav Stampar
772ead8d03
fixed support for error-based injection on MySQL 4.1 (help table a needs more than 2 items inside); also, fixed some border issues with reflective values
2012-03-29 12:44:20 +00:00
Miroslav Stampar
60146481af
bug fix(es) (flags were used in place of count parameter in re.sub() calls)
2012-03-28 19:33:00 +00:00
Miroslav Stampar
9433bbe26d
memory optimization for reflective removal mechanism (there was no need for \n\r in the first place as there was no re.S flag used - also, one re.sub "flags <-> count" bug fixed)
2012-03-28 19:27:12 +00:00
Miroslav Stampar
7fd64df167
minor code cleaning
2012-03-28 13:31:07 +00:00
Miroslav Stampar
11132ba993
fix for a bug in reflection removal mechanism
2012-03-19 14:28:18 +00:00
Miroslav Stampar
0fc4288a7c
modifying redirection code for only two choices
2012-03-18 17:27:08 +00:00
Miroslav Stampar
cbdcbdd786
minor minor update
2012-03-16 11:18:18 +00:00
Miroslav Stampar
adb5fff6b2
one more update related to the redirection mechanism
2012-03-15 20:17:40 +00:00
Miroslav Stampar
19beb912fa
first step toward negative logic support
2012-03-15 15:52:12 +00:00
Miroslav Stampar
3d9b1599d1
minor update
2012-03-15 11:45:32 +00:00
Miroslav Stampar
a8c9a47092
redirect logic rewritten from scratch
2012-03-15 11:10:58 +00:00
Bernardo Damele
890bf708bc
Minor fixes to make --os-* switch work again against MySQL/Windows/ASP.NET (where stacked queries are supported)
2012-03-15 00:19:57 +00:00
Miroslav Stampar
ca0d068575
distinguishing NULL from BLANK
2012-03-14 13:52:23 +00:00
Miroslav Stampar
61ad3b999a
fix for a crash with partial union and --hex
2012-03-14 10:31:24 +00:00
Miroslav Stampar
a7fbc55748
grammar fix
2012-03-13 22:03:23 +00:00
Miroslav Stampar
e827f41cdb
using pickle HIGHEST_PROTOCOL just in case
2012-03-13 09:35:37 +00:00
Miroslav Stampar
cda8815634
introducing safe deprecation mechanism for HashDB versioning
2012-03-12 22:55:57 +00:00
Miroslav Stampar
6ed1b04bbe
minor update
2012-03-12 13:27:07 +00:00
Bernardo Damele
c79807f5fb
Minor layout adjustments
2012-03-08 15:11:24 +00:00
Miroslav Stampar
775e424bf2
bug fix for using --no-cast and --hex switches together
2012-03-08 15:04:52 +00:00
Miroslav Stampar
11c7cc5224
minor temporary fix
2012-03-08 11:08:43 +00:00
Miroslav Stampar
98a3e43f53
bug fix for writing raw pickled data into SQLite HashDB
2012-03-08 10:57:47 +00:00
Miroslav Stampar
cd28eb6544
minor update regarding --load-cookies
2012-03-08 10:19:34 +00:00
Miroslav Stampar
2c87d061e9
minor update
2012-03-08 10:03:59 +00:00
Miroslav Stampar
b4cf8b05b3
added switch --load-cookies
2012-03-07 14:48:45 +00:00
Miroslav Stampar
4cfea96471
minor update
2012-03-05 09:56:48 +00:00
Miroslav Stampar
ac5a752b12
Oracle's XMLType doesn't like '#' char too
2012-03-01 11:59:37 +00:00
Miroslav Stampar
37db27b720
turning back on automatic adjusting of delays in time based queries
2012-02-29 15:51:23 +00:00
Miroslav Stampar
0205d96d7b
minor fix
2012-02-29 15:38:01 +00:00
Miroslav Stampar
8b9c5c66cc
code refactoring regarding charsetType inside inference/bisection
2012-02-29 14:36:23 +00:00
Miroslav Stampar
f6f98f1b41
minor improvement
2012-02-29 14:19:59 +00:00
Miroslav Stampar
d06182347f
fixing few potential problems
2012-02-29 13:56:40 +00:00
Miroslav Stampar
f142c0f782
minor update
2012-02-28 14:04:13 +00:00
Miroslav Stampar
22b3fa0749
minor update
2012-02-27 15:28:36 +00:00
Miroslav Stampar
a9bf0297f6
moving injection data to HashDB
2012-02-27 13:44:07 +00:00
Miroslav Stampar
68e08d2749
minor fix for not displaying 'None' but None in enumeration when data unavailable
2012-02-27 13:15:10 +00:00
Miroslav Stampar
3909658fc2
few minor just in case updates
2012-02-27 11:15:53 +00:00
Miroslav Stampar
85125018a1
minor bug fix
2012-02-25 22:54:32 +00:00
Miroslav Stampar
5d307cf886
minor update
2012-02-25 10:54:39 +00:00
Miroslav Stampar
06ab3fa134
minor update
2012-02-25 10:53:38 +00:00
Miroslav Stampar
74b19a0386
minor update
2012-02-25 10:43:10 +00:00
Miroslav Stampar
5b67af3b20
minor update
2012-02-24 15:03:39 +00:00
Miroslav Stampar
8a203ef79d
making session data strictly dependent on url through HashDB helper functions
2012-02-24 14:58:24 +00:00
Miroslav Stampar
c36cbbb3ae
minor fix
2012-02-24 14:54:10 +00:00
Miroslav Stampar
9d6fd2e507
bug fix for --schema --technique=BST
2012-02-24 14:12:19 +00:00
Miroslav Stampar
f94b91ad87
added helper function for HashDB data storing/retrieval
2012-02-24 13:07:20 +00:00
Miroslav Stampar
b481c0352f
minor update
2012-02-24 11:25:56 +00:00
Miroslav Stampar
1f6ce265b9
minor fix
2012-02-24 11:05:04 +00:00
Miroslav Stampar
5afbd52b61
more update related to last commits
2012-02-24 10:57:23 +00:00
Miroslav Stampar
570d3a19c2
more general fix
2012-02-24 10:53:28 +00:00
Miroslav Stampar
e8352e504f
fixing problems with chars deletition by logging messages in inference mode
2012-02-24 10:48:19 +00:00
Miroslav Stampar
71028a81f5
fix for proper retrieval of columns in SQLite
2012-02-24 09:55:13 +00:00
Miroslav Stampar
7941504c3a
minor update
2012-02-23 15:32:36 +00:00
Miroslav Stampar
0478e4166a
minor justin case fix
2012-02-23 15:19:20 +00:00
Miroslav Stampar
6e54cb171f
minor code restyling
2012-02-22 15:53:36 +00:00
Miroslav Stampar
61a25418a9
minor update
2012-02-22 10:45:10 +00:00
Miroslav Stampar
b3bd4144f5
removing of unused imports together with some general code refactoring
2012-02-22 10:40:11 +00:00
Miroslav Stampar
386e98a0e3
using UNION SELECT for where=..NEGATIVE
2012-02-22 09:41:58 +00:00
Miroslav Stampar
686eacda9a
minor update regarding --hex
2012-02-21 13:38:18 +00:00
Miroslav Stampar
bcf3255fe1
implementation of switch --hex for 4 major DBMSes
2012-02-21 11:44:48 +00:00
Miroslav Stampar
3e4db6d140
minor fix for Python v2.6
2012-02-20 19:35:57 +00:00
Miroslav Stampar
bc4dd7c0dd
fix for -g
2012-02-20 10:02:19 +00:00
Miroslav Stampar
aee269cc14
gazillion changes, nothing will work, muhahaha
2012-02-17 14:22:48 +00:00
Miroslav Stampar
dcf7277a0f
some more refactorings
2012-02-16 14:42:28 +00:00
Miroslav Stampar
6632aa7308
some more refactoring
2012-02-16 13:46:01 +00:00
Miroslav Stampar
844fc8addb
minor cleanup
2012-02-16 10:19:36 +00:00
Miroslav Stampar
0e23521adc
some more refactoring
2012-02-16 09:54:29 +00:00
Miroslav Stampar
e1f86c97c4
minor refactoring
2012-02-16 09:46:41 +00:00
Miroslav Stampar
bcf9fc6c6f
minor refactoring
2012-02-16 09:32:47 +00:00
Miroslav Stampar
8d7912ad34
minor update and refactoring
2012-02-15 14:05:50 +00:00
Miroslav Stampar
bf923a97df
minor update
2012-02-15 13:45:10 +00:00
Miroslav Stampar
122db6e164
minor update
2012-02-15 13:24:02 +00:00
Miroslav Stampar
9059d30312
adding first code example for SPL snippets
2012-02-15 13:17:01 +00:00
Miroslav Stampar
23cc8b6974
minor fix for special cases when parameter value contains html encoded characters
2012-02-14 14:08:10 +00:00
Miroslav Stampar
bb5113980b
minor update
2012-02-14 10:27:56 +00:00
Miroslav Stampar
3f15c52188
minor change in workflow for "tainted" parameter values
2012-02-14 09:26:52 +00:00
Miroslav Stampar
b140ef4a14
minor update (preparing for switching to HashDB from old sessionFile)
2012-02-10 10:24:48 +00:00
Miroslav Stampar
980367b7b2
minor update
2012-02-09 09:48:47 +00:00
Miroslav Stampar
7e9e582eca
minor update
2012-02-08 14:23:57 +00:00
Miroslav Stampar
2662fe84f7
minor update
2012-02-08 12:02:50 +00:00
Miroslav Stampar
93d7d6c355
minor patch
2012-02-08 10:38:58 +00:00
Miroslav Stampar
6bedb80ffa
adding --force-ssl switch (most useful in combination with -r)
2012-02-08 09:11:57 +00:00
Miroslav Stampar
e50d64546f
minor fix
2012-02-07 14:57:48 +00:00
Miroslav Stampar
2b05ded9c3
just a makeup
2012-02-07 12:05:23 +00:00
Miroslav Stampar
b4f4a982e4
minor update
2012-02-07 11:37:54 +00:00
Miroslav Stampar
11af0b1bbc
minor fix
2012-02-07 11:16:03 +00:00
Miroslav Stampar
f7bf1fbe94
upgrade/fixes for direct DBMS access
2012-02-07 10:46:55 +00:00
Miroslav Stampar
8c45ff0d57
bug fix
2012-02-03 10:38:04 +00:00
Bernardo Damele
c0f4b4632d
Minor fix
2012-02-02 12:55:39 +00:00
Miroslav Stampar
8405ef59ac
some estetic updates
2012-02-01 14:49:42 +00:00
Miroslav Stampar
f4e7bf1d51
minor update regarding support for Unicode characters in Oracle
2012-02-01 14:17:27 +00:00
Miroslav Stampar
2589521ecf
fix of a wrong assumption (e.g. decodeIntToUnicode(12345) has been returning a "09" instead of a single unicode character)
2012-02-01 10:38:43 +00:00
Miroslav Stampar
f2857e38ba
minor update
2012-01-30 10:19:03 +00:00
Miroslav Stampar
9eee6c252d
minor update for --scope
2012-01-16 10:28:21 +00:00
Miroslav Stampar
b2dad63000
some more refactoring
2012-01-13 22:00:34 +00:00
Miroslav Stampar
23117e72ca
minor improvement
2012-01-13 20:56:06 +00:00
Bernardo Damele
0043336620
Minor fix and removed leftover debug message
2012-01-13 17:04:59 +00:00
Bernardo Damele
b03f91437b
Minor code refactoring
2012-01-13 16:49:52 +00:00
Miroslav Stampar
337973df77
reverting last 2 commits (better solution was the original one)
2012-01-13 15:58:47 +00:00
Miroslav Stampar
1f53ff0633
minor update regarding last commit
2012-01-13 15:56:50 +00:00
Miroslav Stampar
ff96c537a9
minor update for multithreaded mode
2012-01-13 15:50:38 +00:00
Bernardo Damele
7e560eec1f
Minor fix
2012-01-13 12:54:45 +00:00
Miroslav Stampar
04686b83e3
minor update
2012-01-13 11:16:26 +00:00
Miroslav Stampar
305371b7a9
minor update
2012-01-12 14:58:23 +00:00
Miroslav Stampar
95f89ab63a
updating copyright date
2012-01-11 14:59:46 +00:00
Miroslav Stampar
1d0b43b1a2
implemented mechanism for merging cookies by request
2012-01-11 14:28:08 +00:00
Miroslav Stampar
ff52931140
some refactoring (skipping duplicate messages in case that UNION/ERROR techniques failed and BOOLEAN/TIMED/STACKED are not available)
2012-01-07 19:30:35 +00:00
Miroslav Stampar
2b5e429dc2
one more level of defense against user himself
2012-01-07 17:16:14 +00:00
Miroslav Stampar
a675c88894
minor check added for invalid urls (e.g. deliberately too long)
2012-01-07 16:06:18 +00:00
Miroslav Stampar
164c8a4020
better message in case of update error
2012-01-07 15:47:38 +00:00
Miroslav Stampar
5a8fc44119
minor update
2012-01-07 15:26:54 +00:00
Miroslav Stampar
3f4afdf251
minor fix (crashing if no : in value)
2012-01-07 14:54:56 +00:00
Miroslav Stampar
759465bde5
minor fix
2012-01-06 00:06:38 +00:00
Miroslav Stampar
1f085a0241
now [SLEEPTIME] is changeable properly in vivo
2012-01-05 14:45:05 +00:00
Miroslav Stampar
804629832d
minor fix
2012-01-05 10:24:27 +00:00
Miroslav Stampar
13f2afbbc9
minor fix
2012-01-03 17:28:50 +00:00
Miroslav Stampar
40991a5d52
minor fix
2011-12-31 01:03:54 +00:00
Miroslav Stampar
94d43a4135
minor bug fix
2011-12-30 14:20:06 +00:00
Miroslav Stampar
29f502fe29
some refactoring
2011-12-28 16:27:17 +00:00
Miroslav Stampar
37d78ffe01
minor optimization
2011-12-28 15:59:30 +00:00
Miroslav Stampar
22c3fe49bb
some refactoring
2011-12-28 13:50:03 +00:00
Miroslav Stampar
dda979a15a
minor refactoring
2011-12-27 12:31:29 +00:00
Miroslav Stampar
0a6334db22
minor speedup
2011-12-27 11:41:57 +00:00
Miroslav Stampar
b02363b1aa
minor update
2011-12-27 11:25:40 +00:00
Miroslav Stampar
068ff92dc4
optimizing a bit pyDes module used in Oracle hash cracking
2011-12-26 15:33:49 +00:00
Miroslav Stampar
08071f42d0
minor update
2011-12-26 14:31:59 +00:00
Miroslav Stampar
366e86c560
minor "patch"
2011-12-26 14:08:25 +00:00
Miroslav Stampar
c20546dcaa
minor refactoring
2011-12-26 12:24:39 +00:00
Miroslav Stampar
b71a81041d
implemented --tor-port by request
2011-12-23 10:57:09 +00:00
Miroslav Stampar
89d2c7c042
minor update
2011-12-22 20:54:20 +00:00
Miroslav Stampar
abb401879c
minor update
2011-12-22 20:42:57 +00:00
Miroslav Stampar
087e29d272
minor update
2011-12-22 20:14:56 +00:00
Miroslav Stampar
8a7b0406c8
minor optimization
2011-12-22 20:08:28 +00:00
Miroslav Stampar
094129a656
minor optimization
2011-12-22 15:42:21 +00:00
Miroslav Stampar
f622995a29
compatibility with partial union and error technique resumed data
2011-12-22 12:20:21 +00:00
Miroslav Stampar
58a4a02b7e
minor fix
2011-12-22 11:56:42 +00:00
Miroslav Stampar
6f8d8a15aa
minor update
2011-12-22 11:55:02 +00:00
Miroslav Stampar
9f68e54fff
minor cleanup
2011-12-22 10:59:28 +00:00
Miroslav Stampar
aaa29d1f24
minor fix
2011-12-22 10:51:41 +00:00
Miroslav Stampar
4a1a0773b7
speedup of UNION dumping
2011-12-22 10:44:14 +00:00
Miroslav Stampar
1ae413a206
some refactoring/speedup around UNION technique
2011-12-22 10:32:21 +00:00
Miroslav Stampar
b77e2042f2
some optimization
2011-12-21 23:23:00 +00:00
Miroslav Stampar
a6310c0b21
minor update
2011-12-21 23:04:36 +00:00
Miroslav Stampar
526aacb640
code cleanup
2011-12-21 22:59:23 +00:00
Miroslav Stampar
41ccf88990
some more refactoring
2011-12-21 22:09:21 +00:00
Miroslav Stampar
0a039d84e0
some more refactoring
2011-12-21 19:40:42 +00:00
Miroslav Stampar
41b60b26fc
minor refactoring
2011-12-21 14:25:39 +00:00
Miroslav Stampar
81bd9a201b
minor refactoring
2011-12-21 11:50:49 +00:00
Miroslav Stampar
113ebf5e9d
minor update
2011-12-20 16:08:17 +00:00
Miroslav Stampar
8bfff4a28e
minor update
2011-12-20 15:01:27 +00:00
Miroslav Stampar
d3a428c9c8
minor bug fix regarding dumping tables with safe quotes
2011-12-20 13:17:24 +00:00
Miroslav Stampar
95cd9e2af3
adding support for scanning Host header values (-p host)
2011-12-20 12:52:41 +00:00
Miroslav Stampar
dcf842692b
minor fix
2011-12-16 12:34:26 +00:00
Miroslav Stampar
563c0c1066
adding switch --tor-type
2011-12-15 23:19:55 +00:00
Miroslav Stampar
8793fbc9f5
minor update
2011-12-14 12:59:25 +00:00
Miroslav Stampar
1fd1ec22a1
minor fix
2011-12-14 12:03:21 +00:00
Miroslav Stampar
364113441b
adding (for now) hidden switch --tor-http (utilizing Tor proxy bundles)
2011-12-14 10:19:45 +00:00
Miroslav Stampar
73a500833d
minor bug fix
2011-12-12 14:38:06 +00:00
Miroslav Stampar
25cde9e2c7
minor fixes
2011-12-12 09:45:40 +00:00
Bernardo Damele
8fe72d87a8
minor bug fix for mysql -d --file-read
2011-12-06 10:57:23 +00:00
Miroslav Stampar
0f5d48ff20
minor update
2011-12-05 09:25:56 +00:00
Miroslav Stampar
9bc735963b
update of redirection mechanism (now 3-state - redirected, original and "ignored" (containing redirection message itself))
2011-12-04 22:42:19 +00:00
Miroslav Stampar
ec895c3d1a
revert of last commit
2011-12-04 16:37:18 +00:00
Miroslav Stampar
393843bf87
it seems that SOCKS4 is safer solution for TOR socks access
2011-12-04 16:23:08 +00:00
Miroslav Stampar
5f7dbec41f
minor patch
2011-12-03 12:11:46 +00:00
Miroslav Stampar
b9ae28dd5e
minor beautification
2011-12-02 14:11:43 +00:00
Miroslav Stampar
32ab7171ea
minor update
2011-12-01 10:07:39 +00:00
Miroslav Stampar
9975ff8d17
minor update
2011-11-30 19:26:03 +00:00
Miroslav Stampar
f1dfa5c860
minor update
2011-11-30 17:44:34 +00:00
Miroslav Stampar
71c46f50aa
adding option --csv-del
2011-11-30 17:39:41 +00:00
Miroslav Stampar
02bd9a54f3
minor update
2011-11-30 17:19:21 +00:00
Miroslav Stampar
872a73f631
minor refactoring
2011-11-29 19:17:07 +00:00
Miroslav Stampar
885b432808
minor update
2011-11-23 21:39:53 +00:00
Miroslav Stampar
ba4234dc42
switching from HTTP proxy to SOCKS proxy for --tor (sick and tired of Polipo/Privoxy bull; either Tor flag is overwritten every here and there or they are putting all kinds of filter warnings)
2011-11-23 21:17:08 +00:00
Miroslav Stampar
8ea9b19b66
minor update regarding dumping of table content in --forms mode
2011-11-23 20:56:22 +00:00
Miroslav Stampar
14e8ca6d41
minor fix
2011-11-23 14:26:40 +00:00
Miroslav Stampar
d5cddd40f6
minor fix
2011-11-23 03:03:31 +00:00
Miroslav Stampar
2e10de8921
minor update
2011-11-22 12:18:24 +00:00
Miroslav Stampar
ac041399f0
minor patch
2011-11-22 11:04:43 +00:00
Miroslav Stampar
9697e80013
some more optimizations
2011-11-22 10:54:29 +00:00
Miroslav Stampar
267d67b024
minor update
2011-11-22 10:41:56 +00:00
Miroslav Stampar
b117c40aa5
major improvement of HashDB speed in multi-threaded mode
2011-11-22 10:09:35 +00:00
Miroslav Stampar
e94efff187
some more optimization
2011-11-22 09:00:00 +00:00
Miroslav Stampar
2ed3efba12
speed optimization and bug fix (kb.absFilePaths were not stored previously; also, they are now extracted only in heuristic phase)
2011-11-22 08:39:13 +00:00
Miroslav Stampar
493e436e16
minor update
2011-11-22 07:32:39 +00:00
Miroslav Stampar
e905ea2a54
minor bug fix
2011-11-22 07:07:52 +00:00
Miroslav Stampar
eee03871d7
minor refactoring
2011-11-21 21:31:08 +00:00
Miroslav Stampar
65b2b0ad87
adding switch --eval
2011-11-21 16:41:02 +00:00
Miroslav Stampar
440b7efe55
minor optimization
2011-11-20 20:14:47 +00:00
Miroslav Stampar
7c1af97852
minor optimization
2011-11-20 19:38:56 +00:00
Miroslav Stampar
e1a92d59de
implementing WordPress phpass hash cracking routine
2011-11-20 19:10:46 +00:00
Miroslav Stampar
f1979936c8
minor update
2011-11-18 15:32:33 +00:00
Miroslav Stampar
7314de3490
language update
2011-11-15 11:17:39 +00:00
Miroslav Stampar
ad2762118d
minor update
2011-11-14 15:10:39 +00:00
Miroslav Stampar
367627c331
minor fix for Python 2.6
2011-11-13 19:09:13 +00:00
Miroslav Stampar
76fb6ba666
minor update
2011-11-13 10:38:27 +00:00
Miroslav Stampar
ccbd93cc2e
fix for redirect/HOST header bug
2011-11-11 11:28:27 +00:00
Miroslav Stampar
030c57a0c8
minor update
2011-11-06 11:18:16 +00:00
Miroslav Stampar
61e3621855
minor update
2011-11-02 14:33:23 +00:00
Miroslav Stampar
24bda96d9e
adding items from John the Ripper's word list to the dictionary for Oracle cracking
2011-11-02 11:21:49 +00:00
Miroslav Stampar
6ec522e14b
removal of minor obsolete thingy
2011-11-02 10:41:12 +00:00
Miroslav Stampar
d735582536
major speed improvement of hash cracking
2011-11-02 06:53:43 +00:00
Miroslav Stampar
43340a7ea5
language
2011-11-01 19:06:27 +00:00
Miroslav Stampar
c0cd29f01c
minor update
2011-10-31 15:20:40 +00:00
Miroslav Stampar
60cadf4747
better regex used
2011-10-29 10:31:52 +00:00
Miroslav Stampar
ef987c6954
adding compatibility support for using --crawl and --forms together
2011-10-29 09:32:20 +00:00
Miroslav Stampar
ddc4dfe5ff
minor refactoring for regarding --forms
2011-10-29 08:32:24 +00:00
Miroslav Stampar
d7866ac78d
added support for automatic filtering of badly formed HTML in --forms mode
2011-10-28 21:28:03 +00:00
Miroslav Stampar
666a7da12a
minor update
2011-10-28 11:28:21 +00:00
Miroslav Stampar
b83fe6113e
turning off time adjustment off (now is shown as a tip) because it seems that it never was actually used (payload always left the same)
2011-10-28 11:25:07 +00:00
Miroslav Stampar
7ce3af68fc
fixing support for parsing BURP logs
2011-10-27 17:31:34 +00:00
Miroslav Stampar
6b7920d89a
minor patch for --tor
2011-10-27 10:52:06 +00:00
Miroslav Stampar
3c31ccd16e
minor update
2011-10-26 22:37:04 +00:00
Miroslav Stampar
d64c0af461
minor update
2011-10-26 14:31:00 +00:00
Miroslav Stampar
64ca01ea0e
minor update
2011-10-25 22:06:47 +00:00
Miroslav Stampar
35c889a411
minor update
2011-10-25 18:07:33 +00:00
Miroslav Stampar
ee76fed56a
minor update
2011-10-25 17:48:20 +00:00
Miroslav Stampar
41ad7f9eab
minor update
2011-10-25 17:44:30 +00:00
Miroslav Stampar
86b4a3562f
added switch --check-tor
2011-10-25 17:37:43 +00:00
Miroslav Stampar
c1486ed4be
adding usage of non-encoded/decoded post data (if data is recognized to be already encoded) by user request
2011-10-25 09:53:44 +00:00
Miroslav Stampar
b07f165d60
quick fix
2011-10-24 18:11:34 +00:00
Miroslav Stampar
cd00c0d084
minor patch
2011-10-24 09:43:59 +00:00
Miroslav Stampar
20ae1c2187
added switch --logic-negative
2011-10-24 00:40:06 +00:00
Miroslav Stampar
8bd3cfdc8e
minor update
2011-10-24 00:17:38 +00:00
Miroslav Stampar
d39d36f7a7
minor language beautification
2011-10-23 23:27:56 +00:00
Miroslav Stampar
1dd3fae930
minor fix
2011-10-23 22:27:45 +00:00
Miroslav Stampar
0c29311eb2
minor update
2011-10-23 22:24:57 +00:00
Miroslav Stampar
5863429fc1
minor update
2011-10-23 21:17:45 +00:00
Miroslav Stampar
4a469c3258
minor update
2011-10-23 21:12:34 +00:00
Miroslav Stampar
3f0517d3f3
support for non-latin (e.g. cyrillic) URLs
2011-10-23 17:02:48 +00:00
Miroslav Stampar
25f0ec3597
some minor range to xrange conversion (where safe to do)
2011-10-21 22:34:27 +00:00
Miroslav Stampar
b4ce857f9b
added some comments
2011-10-21 21:29:24 +00:00
Miroslav Stampar
7a3096ce25
some refactoring
2011-10-21 21:12:48 +00:00
Miroslav Stampar
566d6e4974
minor fix
2011-10-21 20:21:29 +00:00
Miroslav Stampar
12a7fd4054
quick fix
2011-10-20 08:28:57 +00:00
Miroslav Stampar
0cbcbf159c
minor fix
2011-10-19 21:35:01 +00:00
Miroslav Stampar
e3a719e7d2
minor update
2011-10-11 22:40:00 +00:00
Miroslav Stampar
c204f2b221
minor optimization
2011-10-10 14:47:48 +00:00
Miroslav Stampar
323aa7bf2f
minor update
2011-10-09 21:21:41 +00:00
Miroslav Stampar
8720aad6dc
transformed cDel to pDel as a more generic option
2011-10-06 22:03:33 +00:00
Miroslav Stampar
dd0ed5f5da
adding redirect response to the traffic file
2011-09-28 08:13:46 +00:00
Miroslav Stampar
6d2536f217
minor update
2011-09-27 22:27:34 +00:00
Miroslav Stampar
c0910ca2c8
added one more warning message by request
2011-09-27 22:25:15 +00:00
Miroslav Stampar
88f1110c44
adding a new (for now) hidden switch --test-filter for filtering tests by their name
2011-09-27 14:09:25 +00:00
Miroslav Stampar
fd9acfd7d2
fix
2011-09-26 13:36:08 +00:00
Miroslav Stampar
b3b4459c72
minor fix
2011-09-26 13:01:43 +00:00
Miroslav Stampar
7e80274fac
refactoring
2011-09-25 21:10:45 +00:00
Miroslav Stampar
744636a8c1
switching to SQLite resume support (on error and union techniques this moment)
2011-09-25 20:36:32 +00:00
Miroslav Stampar
4a3580d10b
minor fix
2011-09-19 19:08:08 +00:00
Bernardo Damele
f890b29f81
Proper reference to Metasploit Framework as now it's version 4, not 3 anymore
2011-09-12 17:26:22 +00:00
Miroslav Stampar
4fb6dab1a2
minor bug fix
2011-09-12 14:15:57 +00:00
Miroslav Stampar
1bdde51d0e
minor just in case update
2011-09-11 16:41:07 +00:00
Miroslav Stampar
02f993583b
minor bug fix
2011-09-09 11:36:09 +00:00
Miroslav Stampar
2f4e34f5a0
minor improvement for URI injections
2011-09-08 11:13:12 +00:00
Miroslav Stampar
d434047482
minor bug fix
2011-09-05 09:28:40 +00:00
Miroslav Stampar
08e0eb9b61
minor lower/upper case fix
2011-08-29 13:47:32 +00:00
Miroslav Stampar
9be89422da
implemented parameter --skip
2011-08-29 13:29:42 +00:00
Miroslav Stampar
e0f521cf9d
minor update regarding --randomize
2011-08-29 13:08:25 +00:00
Miroslav Stampar
ac00014c4a
implemented --randomize switch by request
2011-08-29 12:50:52 +00:00
Miroslav Stampar
01014eca17
by request
2011-08-23 21:45:01 +00:00
Miroslav Stampar
8a174248dc
fix for a bug reported by blueBoy
2011-08-20 20:08:11 +00:00
Miroslav Stampar
54bcc35ba7
important bug fix (connection exception was causing losing of already retrieved data)
2011-08-17 22:31:33 +00:00
Bernardo Damele
9361e633f4
Minor bug fix - some applications do really set cookies like param="value" with double-quotes
2011-08-16 09:21:01 +00:00
Miroslav Stampar
7cc5743c5d
minor adjustment of a time based char retrievals (no more infinite increasing of timeSec value for problematic characters)
2011-08-16 06:50:20 +00:00
Miroslav Stampar
262996fc5b
bug fix
2011-08-16 06:14:40 +00:00
Miroslav Stampar
df4abf1af1
lowering constant value from 10 to 7 for da peace in da houz
2011-08-12 17:19:19 +00:00
Bernardo Damele
702ed73a65
Added --code switch to match in boolean-based tests against the HTTP response code
2011-08-12 16:48:11 +00:00
Miroslav Stampar
10bdd90e60
minor speed optimizations (as a result of profiling)
2011-08-12 13:40:37 +00:00
Bernardo Damele
36280b33fa
Ask the user wheather or not to adjust the time delay - there have been a case where the forcing of conf.timeSec screwed the result in an extremely lagged and unreliable site
2011-08-12 13:06:40 +00:00
Miroslav Stampar
41ae9bc7ff
minor bug fix
2011-08-09 14:20:25 +00:00
Miroslav Stampar
2ad267132a
minor update for empty normal responses (like AJAX requests)
2011-08-05 10:55:21 +00:00
Miroslav Stampar
9423d15fb3
ORDER BY technique used for finding proper UNION col count (dramatical improvement of speed and capabilities) and one minor bug fix
2011-08-03 09:08:16 +00:00
Miroslav Stampar
457f501bbd
proper fix
2011-08-01 23:48:38 +00:00
Bernardo Damele
cbd0ea0866
Possible fix for a minor bug
2011-08-01 23:24:39 +00:00
Miroslav Stampar
018d7ed646
improvement for limited queries (more stable to have TOP/LIMIT/OFFSET mechanisms as part of a subquery)
2011-07-31 23:40:09 +00:00
Miroslav Stampar
0627bb02cb
minor beautification
2011-07-31 10:21:47 +00:00
Miroslav Stampar
68ae8ea5b2
minor refactoring
2011-07-29 10:54:25 +00:00
Miroslav Stampar
e522263640
fix for a neverending data retrieval in large full inband cases
2011-07-29 10:45:09 +00:00
Miroslav Stampar
107089c00b
bug fix
2011-07-27 08:25:51 +00:00
Bernardo Damele
938716e361
Proper fix for --start and --stop consistency amongst different techniques
2011-07-26 10:06:28 +00:00
Bernardo Damele
e71f96afe7
Reverted dumb "fix"
2011-07-26 09:42:09 +00:00
Miroslav Stampar
6bbb8139a0
update (smaller memory footprint in postprocessing phase because of safecharencode part)
2011-07-25 20:40:31 +00:00
Miroslav Stampar
5770c08784
minor optimization and refactoring
2011-07-25 20:17:44 +00:00
Bernardo Damele
0a7a648694
Minor bug fix for --start, now all techniques return the same result (before blind techniques returned from one entry behind)
2011-07-25 11:15:18 +00:00
Bernardo Damele
6cbb927012
Partial fix for -o not resumed at following runs if missing from command line
2011-07-25 11:05:49 +00:00
Miroslav Stampar
2033a28ae7
minor update regarding last commit (cleaner code)
2011-07-24 20:44:17 +00:00
Miroslav Stampar
3a3561fdaa
doing proper big table support for partial union too
2011-07-24 20:36:44 +00:00
Miroslav Stampar
ec1bc0219c
hello big tables, this is sqlmap, sqlmap this is big tables
2011-07-24 09:19:33 +00:00
Miroslav Stampar
82e1e61554
minor speedup
2011-07-23 19:51:19 +00:00
Miroslav Stampar
094dc91e2d
minor update (prior to some changes regarding large content retrieval)
2011-07-23 19:04:59 +00:00
Miroslav Stampar
a89140e1ce
revisit of Oracle error-based payloads (added replace for '@' as a problematic char for XMLType function)
2011-07-23 06:07:00 +00:00
Miroslav Stampar
8a00ca83af
refactoring. nothing special changed
2011-07-21 10:18:11 +00:00
Miroslav Stampar
963f54e6d2
minor fix for parameters containing '=' inside values itself (remark: no parameter name will have '=' nor '%3d' inside; tested and it does a good job)
2011-07-21 10:06:52 +00:00
Miroslav Stampar
9cf33ec997
now status is no longer represented in percentage (impossible in cases where we need to support too small and too large dictionaries - technical issues regarding counting) but by the rotating char
2011-07-15 13:24:13 +00:00
Miroslav Stampar
ff8fc90ac7
bug fix
2011-07-13 06:44:15 +00:00
Miroslav Stampar
5c162efbd8
more optimization
2011-07-12 23:21:15 +00:00
Miroslav Stampar
9933edc718
optimization of reflective removal mechanism
2011-07-12 22:28:19 +00:00
Miroslav Stampar
3583d6dd1b
quick fixes, more work to do
2011-07-12 20:32:19 +00:00
Miroslav Stampar
f5e45bf113
quick fix for a bug reported by jovon.itwaru@gmail.com
2011-07-11 08:54:39 +00:00
Miroslav Stampar
0d6afca7db
adding new switch '--smart' by request
2011-07-10 15:16:58 +00:00
Miroslav Stampar
1e182e6c72
quick fix
2011-07-08 22:34:44 +00:00
Bernardo Damele
651349e229
More verbose critical message
2011-07-08 13:12:53 +00:00
Bernardo Damele
b5dd4d4a63
Minor bug fix for Microsoft Access case expressions (like --common-tables) in UNION query SQL injection
2011-07-08 10:19:01 +00:00
Miroslav Stampar
02bfd05b20
more general approach
2011-07-08 10:03:14 +00:00
Miroslav Stampar
5443e06430
cosmetics (in debug mode [0] is used)
2011-07-08 09:43:52 +00:00
Miroslav Stampar
c463c411b9
minor update
2011-07-08 09:32:58 +00:00
Miroslav Stampar
ba2c06c9dc
quick fix
2011-07-08 09:01:32 +00:00
Miroslav Stampar
c517e97a44
few fixes and minor cosmetics
2011-07-08 06:02:31 +00:00
Bernardo Damele
aedcf8c8d7
Changed homepage address
2011-07-07 20:10:03 +00:00
Bernardo Damele
067354b97f
Revert of last commit and proper fix to detect UNION query SQL injection against Microsoft Access
2011-07-07 13:20:40 +00:00
Bernardo Damele
fcd4e94c04
Higher chances to detect UNION query SQL injection against Microsoft Access
2011-07-06 23:52:44 +00:00
Bernardo Damele
23b4efdcaf
Revamp of tamper scripts, now supporting dependencies() function as well. Improved a lot the docstring and retested all. Added a new one from Ahmad too.
2011-07-06 21:04:45 +00:00
Bernardo Damele
6f6038b534
Quick fix (revert..)
2011-07-06 11:32:12 +00:00
Miroslav Stampar
93b296e02c
few bug fixes (NTLM credential parsing was wrong), some switch reordering (few Misc to General), implemented --check-waf switch (irony is that this will also be called highly experimental/unstable while other things will be called "major/turbo/super bug fix/implementation")
2011-07-06 05:44:47 +00:00
Miroslav Stampar
b8ffcf9495
few fixes here and there and multi-core processing for dictionary based hash attack
2011-07-04 19:58:41 +00:00
Miroslav Stampar
34d9a91af1
bulk of fixes
2011-07-02 22:48:56 +00:00
Bernardo Damele
861cdb1b14
cosmetics
2011-07-01 10:04:34 +00:00
Miroslav Stampar
4513ef409e
massive (like really massive) dictionary support
2011-06-30 23:44:49 +00:00
Miroslav Stampar
43db6b03a7
update with a feature request (file with list of wordlist files)
2011-06-30 08:42:43 +00:00
Miroslav Stampar
be9b8bca78
bug fix
2011-06-29 17:39:58 +00:00
Miroslav Stampar
4be55c811f
minor update
2011-06-27 21:48:26 +00:00
Miroslav Stampar
5b4eaf48d9
minor fix (for those blank suffixes out of nowhere at the end of payload - not related to "-- ")
2011-06-27 21:34:49 +00:00
Miroslav Stampar
8a8b94883b
minor update (that default quit in --batch was bothering me - my original idea and it was bad :)
2011-06-27 14:14:49 +00:00
Miroslav Stampar
d72db1bf91
minor update (all misc options are alphabetically ordered)
2011-06-27 08:21:33 +00:00
Bernardo Damele
36c96ef796
Added DB2 support - patch provided by Sebastian Bittig
2011-06-25 09:44:24 +00:00
Miroslav Stampar
aa83fe5c66
minor update
2011-06-24 18:19:33 +00:00
Miroslav Stampar
21010f702c
minor beautification
2011-06-24 17:46:54 +00:00
Miroslav Stampar
96190cf594
minor update
2011-06-24 17:15:15 +00:00
Bernardo Damele
406f2cda09
Got rid of useless TAB completion in --sql-shell
2011-06-24 13:05:13 +00:00
Bernardo Damele
35ce6dedcf
Got rid of useless imports
2011-06-24 09:59:11 +00:00
Bernardo Damele
a78f5b4eb3
Minor adjustment to avoid function and variables with same name
2011-06-24 09:29:11 +00:00
Miroslav Stampar
eaa2a4202f
changing to: --crawl=CRAWLDEPTH
2011-06-24 05:40:03 +00:00
Miroslav Stampar
3717b8423f
cleanest fix this moment (conf.dbms will for sure deal problems later in any form)
2011-06-22 15:48:44 +00:00
Miroslav Stampar
5190440ea2
minor fix
2011-06-22 15:36:59 +00:00
Miroslav Stampar
97d8729d71
probable fix for a bug reported by m4l1c3 (RuntimeError: maximum recursion depth exceeded)
2011-06-22 15:28:49 +00:00
Miroslav Stampar
52ba3c281e
minor update
2011-06-22 14:59:49 +00:00
Miroslav Stampar
4ca37901da
thread safe logging+stdout (no more overlapping of log messages and raw output)
2011-06-22 14:53:42 +00:00
Miroslav Stampar
84bc8c3a37
update
2011-06-22 14:39:31 +00:00
Miroslav Stampar
938db1b513
replacing xmlobject logic with our own
2011-06-22 14:33:52 +00:00
Bernardo Damele
1cb12ea659
replaced third-party library python-mysql with python pymysql, http://code.google.com/p/pymysql/ (MIT license)
2011-06-22 13:31:07 +00:00
Miroslav Stampar
2a4a284a29
crawler fix (skip binary files)
2011-06-20 22:41:38 +00:00
Miroslav Stampar
d6062e8fc9
minor fix for crawler and far less message overlaps in future
2011-06-20 21:18:12 +00:00
Miroslav Stampar
8968c708a0
minor update
2011-06-20 14:27:24 +00:00
Miroslav Stampar
f09340fc89
minor update
2011-06-20 12:40:14 +00:00
Miroslav Stampar
4d1fa5596b
added support for --scope in --crawl mode
2011-06-20 12:37:51 +00:00
Miroslav Stampar
67fab9f2e2
putting this to info messages (user needs to know at this place why is it waiting)
2011-06-20 12:17:19 +00:00
Miroslav Stampar
b1426b5131
bug fix
2011-06-20 12:11:09 +00:00
Miroslav Stampar
cda39ca350
minor update
2011-06-20 11:46:23 +00:00
Miroslav Stampar
07e2c72943
adding Beautifulsoup (BSD) into extras; adding --crawl to options
2011-06-20 11:32:30 +00:00
Miroslav Stampar
8c04aa871a
english typo
2011-06-20 11:00:23 +00:00
Miroslav Stampar
83af83da9e
minor beautification (WordsSet is considered as a bad english)
2011-06-18 15:47:19 +00:00
Bernardo Damele
6b2f44de14
Minor layout adjustment
2011-06-18 12:27:12 +00:00
Bernardo Damele
cd07139919
Layout adjustments
2011-06-18 11:58:14 +00:00
Miroslav Stampar
31ad0875b4
added by request
2011-06-18 11:34:51 +00:00
Miroslav Stampar
e4be141602
minor fix for --smoke-test
2011-06-18 11:26:17 +00:00
Bernardo Damele
c7e1aeeef2
layout
2011-06-18 11:02:48 +00:00
Miroslav Stampar
905fef0eae
now user can explicitly state number of UNION affected columns via --union-cols (e.g. --union-cols=5)
2011-06-18 10:51:14 +00:00
Miroslav Stampar
1440c9f2d4
minor update
2011-06-17 22:28:07 +00:00
Miroslav Stampar
87e9842371
better language
2011-06-17 22:13:45 +00:00
Miroslav Stampar
ce3170edef
minor update/better language
2011-06-17 22:11:40 +00:00
Miroslav Stampar
ec6fa384eb
update
2011-06-17 22:04:25 +00:00
Miroslav Stampar
f3ee2c09fb
cleaner fix
2011-06-17 15:32:23 +00:00
Miroslav Stampar
bb987ec98f
fix for DNS leakage
2011-06-17 15:23:58 +00:00
Miroslav Stampar
9498a3f259
little stabilization of multi threading
2011-06-17 12:50:28 +00:00
Miroslav Stampar
530c296519
minor fix
2011-06-16 13:56:17 +00:00
Miroslav Stampar
0eeb48f8f5
some fixes
2011-06-16 13:41:02 +00:00
Miroslav Stampar
7733e5866a
minor update regarding mnemonics (again)
2011-06-16 12:34:38 +00:00
Miroslav Stampar
17e4c6b564
minor update regarding mnemonics
2011-06-16 12:26:50 +00:00
Miroslav Stampar
25b923bbc3
minor fixes and minor updates
2011-06-16 12:12:30 +00:00
Miroslav Stampar
3995891ab4
new file containing default settings
2011-06-16 11:43:07 +00:00
Miroslav Stampar
6f681b45ad
cleaning up a bit for a configuration mess
2011-06-16 11:42:13 +00:00
Bernardo Damele
f515c9c9e0
Dealt with SVN update login traceback. Need to investigate further why it asks for credentials sometimes
2011-06-16 10:11:11 +00:00
Miroslav Stampar
63d98d8ce6
fix for a bug reported by rdsears@mtu.edu (ignored config file items)
2011-06-16 08:08:49 +00:00
Miroslav Stampar
4d51fa8155
minor update planned for a long time (in case of heuristic test was positive warn the user properly at the end if program fails)
2011-06-15 17:37:28 +00:00
Miroslav Stampar
e0ad72031f
minor update
2011-06-15 12:04:30 +00:00
Miroslav Stampar
1d93a03eeb
introducing mnemonics
2011-06-15 11:58:50 +00:00
Miroslav Stampar
d55a242908
minor improvement. messages are now warnings (not errors because lots of them are not causing problems for a normal usage) and most of all it's being checked only if the --dependencies is used (until now this switch has been ignored and turned on by default - always)
2011-06-14 19:38:35 +00:00
Bernardo Damele
8978fded03
typo fix
2011-06-13 19:00:27 +00:00
Bernardo Damele
7152a1ed3b
Added --dependences to show which sqlmap dependences are not available
2011-06-13 18:44:02 +00:00
Miroslav Stampar
2da56ea507
fix of a language bug
2011-06-11 21:17:30 +00:00
Miroslav Stampar
9331abb96f
minor update
2011-06-11 08:33:36 +00:00
Miroslav Stampar
f8dde2c23b
adding --titles switch (killer switch for pages with lots of dynamicity and/or international ones)
2011-06-10 23:18:43 +00:00
Miroslav Stampar
fae089646b
minor fix
2011-06-09 08:38:17 +00:00
Miroslav Stampar
9202fedf7b
minor fix
2011-06-09 08:14:54 +00:00
Miroslav Stampar
af5fe457bd
revert of the revert (it's a good idea to have it like this because of problems with e.g. --text-only and binary content)
2011-06-09 07:53:31 +00:00
Miroslav Stampar
8ec4bc9d9d
revert of the last commit. have to think about it
2011-06-09 06:32:53 +00:00
Miroslav Stampar
9c093d91f2
minor update
2011-06-09 06:14:35 +00:00
Bernardo Damele
0d8d6a4ace
Cosmetics
2011-06-08 16:08:20 +00:00
Bernardo Damele
70cac24909
Cosmetics
2011-06-08 15:31:27 +00:00
Bernardo Damele
64bef644c3
This was missing
2011-06-08 15:30:59 +00:00
Bernardo Damele
0d3e8a76d8
Cosmetics and a missing param
2011-06-08 14:40:42 +00:00
Miroslav Stampar
4a9640160e
more concise
2011-06-08 14:35:23 +00:00
Miroslav Stampar
6b81eef65a
refactoring
2011-06-08 14:30:12 +00:00
Bernardo Damele
7da3d8dbd1
minor layout adjustment
2011-06-08 13:01:33 +00:00
Miroslav Stampar
f65abdaae3
added switch --cookie-del by request
2011-06-08 08:27:24 +00:00
Miroslav Stampar
4eeeb3655e
asking and skipping to the next google result page if no usable links found
2011-06-07 23:24:17 +00:00
Miroslav Stampar
26062ec71e
minor update
2011-06-07 15:13:51 +00:00
Miroslav Stampar
50dde39e68
minor update
2011-06-07 10:32:18 +00:00
Miroslav Stampar
7a3cc38e3c
refactoring and stabilization of multithreading
2011-06-07 09:50:00 +00:00
Miroslav Stampar
03c3f83893
minor fix
2011-06-06 13:34:49 +00:00
Miroslav Stampar
24ed99e5a3
fix for a bug reported by aboynes@gmail.com
2011-06-06 08:50:48 +00:00
Miroslav Stampar
f27181c628
minor improvement for blind based injections with reflected values
2011-06-03 14:41:36 +00:00
Miroslav Stampar
e9eafc2e94
minor update
2011-06-03 14:13:22 +00:00
Miroslav Stampar
64a862ed58
minor usability update
2011-06-03 14:04:02 +00:00
Miroslav Stampar
faf7814869
fix for a fuzz "bug" reported by daniele.rivetti@yahoo.com
2011-06-03 11:01:26 +00:00
Miroslav Stampar
08d6bb4f23
minor fix
2011-06-02 22:13:31 +00:00
Miroslav Stampar
8aa5625cd0
proper fix related to the last commit
2011-06-01 23:00:18 +00:00
Miroslav Stampar
63145236b9
minor fix
2011-05-31 21:53:29 +00:00
Miroslav Stampar
3c12799ff0
minor improvement
2011-05-30 20:34:34 +00:00
Miroslav Stampar
89559d1b0a
better regex and now after we have that automatic switch off for reflective removal mechanism it's not so important to change it
2011-05-30 20:18:30 +00:00
Miroslav Stampar
20988e58ed
warp 5 mr spock :)
2011-05-30 09:46:32 +00:00
Miroslav Stampar
001cbff2a9
speed up of 2 times for partial union technique
2011-05-30 09:07:48 +00:00
Miroslav Stampar
97820949f5
minor update
2011-05-30 08:33:01 +00:00
Miroslav Stampar
23d7820de7
minor update
2011-05-29 23:56:41 +00:00
Miroslav Stampar
86455ceb9c
implementation of multithreading for UNION and ERROR techniques
2011-05-29 23:17:50 +00:00
Miroslav Stampar
d51efa679d
typo update
2011-05-29 06:26:28 +00:00
Miroslav Stampar
f848cc779e
adding legal disclaimer as latest situation (these days news headlines) seems out of control
2011-05-28 18:54:14 +00:00
Miroslav Stampar
eb9b84d1da
type correction
2011-05-28 17:53:05 +00:00
Miroslav Stampar
03ef53f00a
update regarding mysql function resolution and versionedkeywords
2011-05-28 17:34:43 +00:00
Miroslav Stampar
c11ea35d53
adding some user input for "refreshing" cases (like redirect ones)
2011-05-27 22:42:23 +00:00
Miroslav Stampar
8227298057
user friendliness uber 9000
2011-05-27 08:30:52 +00:00
Miroslav Stampar
45caadbd4a
important update - finally found what was causing headache for UNION payloads in noticeable number of cases
2011-05-26 21:54:19 +00:00
Miroslav Stampar
4f46a5ab63
minor usability enhancement regarding warning for --text-only switch
2011-05-26 20:48:18 +00:00
Miroslav Stampar
ff030e4d24
minor cleanup of the leftover
2011-05-26 17:37:24 +00:00
Miroslav Stampar
bf2b58ba82
minor update
2011-05-26 15:23:28 +00:00
Miroslav Stampar
b6fe5b12a4
adding --schema to the wizard/Basic as it looks like a cool thingy to put there
2011-05-26 14:30:05 +00:00
Miroslav Stampar
f3ed61af5f
bug fix when using inference and kb.pageEncoding is None (like in binary cases)
2011-05-25 21:12:12 +00:00
Miroslav Stampar
0e480a9921
adding SYS to the ORACLE_SYSTEM_DBS
2011-05-25 10:55:47 +00:00
Miroslav Stampar
2f456bee75
minor beautification
2011-05-25 08:14:39 +00:00
Miroslav Stampar
8b7a3c5a6b
making it easier for totally dummy users
2011-05-24 17:24:01 +00:00
Miroslav Stampar
bec2c04671
helping dummy users
2011-05-24 17:15:25 +00:00
Miroslav Stampar
a3466ff79c
serving everything for the users
2011-05-24 16:34:08 +00:00
Miroslav Stampar
69eb173eca
minor just in case patch
2011-05-24 15:07:37 +00:00
Miroslav Stampar
f774d8fea0
proper Tor settings (reverted r3915 and implemented it the right way)
2011-05-24 11:06:58 +00:00
Miroslav Stampar
a536bf210f
improved redirection mechanism
2011-05-23 23:20:03 +00:00
Miroslav Stampar
128a012121
this was causing that --suffix trouble
2011-05-23 19:59:07 +00:00
Miroslav Stampar
bfe8e51b7c
minor fix for retrieving stuff like "SELECT * FROM testdb..users"
2011-05-23 19:45:40 +00:00
Miroslav Stampar
4542d4535f
minor beautification
2011-05-23 14:28:05 +00:00
Miroslav Stampar
0ed03d474f
now supporting "blank tables" - schema of the table will be preserved, even if it's empty - especially nice feature for --replicate
2011-05-23 11:09:44 +00:00
Miroslav Stampar
fb23beef6f
most elegant way i could think of to deal with "collation incompatibilities" issue on some MySQL/UNION cases (affected about 5% of all targets tested)
2011-05-22 19:14:36 +00:00
Miroslav Stampar
9b2623514a
one bug fix for Host header (value should be without port number); one improvement for --tables - when no tables ask user if he wants to brute force them; one tweak - adding kb.ignoreTimeout for --tables
2011-05-22 09:48:46 +00:00
Miroslav Stampar
2ea613b170
type correction and adding global flag kb.ignoreTimeout which could be useful
2011-05-22 08:24:13 +00:00
Miroslav Stampar
a58aaf2e1a
better format for results file (easier for sorting when lots of files)
2011-05-22 07:02:36 +00:00
Miroslav Stampar
25fff8c135
changes in handling --tor (using SOCKS instead of HTTP for handling Tor - more standard way; doesn't require proxy bundle; fixes problems with default proxy ports on Win/Linux)
2011-05-21 11:46:57 +00:00
Miroslav Stampar
9e5856caf8
improvement for recognition of scalar vs multiple-row commands
2011-05-19 16:45:05 +00:00
Miroslav Stampar
db72428765
minor update
2011-05-19 15:57:29 +00:00
Miroslav Stampar
f40c6b2ce7
added --cookie for maskSensitiveData too
2011-05-19 15:42:59 +00:00
Miroslav Stampar
9832fc42d4
minor improvement for --tamper (now standard tamper scripts can be used like --tamper=randomcase)
2011-05-18 21:47:40 +00:00
Miroslav Stampar
3048e9f710
minor refactoring
2011-05-17 23:03:31 +00:00
Miroslav Stampar
cc07e5dc97
added --charset option to force charset encoding of the retrieved data (e.g. when the backend collation is different than the current web page charset) as requested by devon.mitchell1988@yahoo.com
2011-05-17 22:55:22 +00:00
Miroslav Stampar
dfe81cc66f
minor yielding
2011-05-16 20:14:10 +00:00
Miroslav Stampar
a5ad4621c9
minor refactoring
2011-05-16 20:09:12 +00:00
Miroslav Stampar
faa74cd2bc
introducing results file for multiple target mode
2011-05-15 22:21:38 +00:00
Miroslav Stampar
90e84c9a6d
removing xmlcharrefreplace error handler as it seems that it wasn't such a good idea at the end
2011-05-15 21:43:38 +00:00
Miroslav Stampar
c3bb5a03e1
minor improvement
2011-05-14 20:09:37 +00:00
Miroslav Stampar
3484a4426b
fix for a bug reported by itxx@qq.com (TypeError: encode() takes no keyword arguments)
2011-05-14 19:57:28 +00:00
Miroslav Stampar
a7d7be5ce0
bug fix ('Host' header was being set to the conf.hostname for all getPages causing problems in some cases when retrieved page was not coming from that same Host)
2011-05-13 01:01:53 +00:00
Miroslav Stampar
70688fb8b5
minor enhancement for dumping 'None' values (proper way should be empty string because None is too pythonic)
2011-05-12 12:00:17 +00:00
Miroslav Stampar
0b2da2f9f5
minor beautification for --tor switch
2011-05-12 05:46:17 +00:00
Miroslav Stampar
e05a9c0554
i was probably very tired or very stupid to do this
2011-05-11 13:13:46 +00:00
Miroslav Stampar
2ab9e30f7a
bug fix
2011-05-11 12:54:33 +00:00
Miroslav Stampar
53065ee1fb
adding ordered set for kb.targetUrls (now the order of appereance in multiple targets mode will be respected)
2011-05-11 08:55:48 +00:00
Miroslav Stampar
5ee07b90b9
added -m switch for bulk loading multiple targets
2011-05-11 08:46:40 +00:00
Miroslav Stampar
120b0d756e
unfix
2011-05-10 21:33:06 +00:00
Miroslav Stampar
192c685bc8
changing conf attribute to a more proper name
2011-05-10 20:48:34 +00:00
Miroslav Stampar
deae534ee7
minor refactoring
2011-05-10 20:44:36 +00:00
Bernardo Damele
97bc816aeb
layout
2011-05-10 16:24:09 +00:00
Bernardo Damele
3a8309c4b0
Major bug fix to detect UNION query technique and various improvements to parsing and using of --union-char and --union-cols switches
2011-05-10 15:34:54 +00:00
Miroslav Stampar
707edc7b1a
fix for a bug (previously --dbms="mysql 4" was ignored and abruptly terminated while the mechanism was here all along)
2011-05-10 13:28:07 +00:00
Miroslav Stampar
a64407d9db
minor bug fix for multithreading and lots of connection retries
2011-05-10 12:40:01 +00:00
Miroslav Stampar
22a1870c2c
adding some constraining to number of used threads on brute force switches together with a warning in case of connection exception(s) with --threads>1
2011-05-10 12:32:07 +00:00
Miroslav Stampar
ec4d9178f8
minor update related to the previous commit
2011-05-08 06:28:58 +00:00
Miroslav Stampar
4d6e7c738c
minor update
2011-05-08 06:17:43 +00:00
Bernardo Damele
6653907700
forgot in last commit
2011-05-07 21:13:56 +00:00
Bernardo Damele
1151af52bb
More fix for save/resume of --technique
2011-05-07 21:08:14 +00:00
Bernardo Damele
aae140080e
SVN roll back, DB2 patch will be recommitted after testing:
...
$ svn merge https://svn.sqlmap.org/sqlmap/trunk/sqlmap@HEAD https://svn.sqlmap.org/sqlmap/trunk/sqlmap@3847 .
2011-05-06 10:27:43 +00:00
Miroslav Stampar
42bca80968
removing blank lines and adding newline at the end of files
2011-05-06 09:35:53 +00:00
Miroslav Stampar
6e392b6054
applying contributed patch for DB2
2011-05-06 09:30:39 +00:00
Bernardo Damele
e96a533a04
Bug fix to resume of --technique
2011-05-05 15:18:33 +00:00
Bernardo Damele
c58dc4a6d8
isDbmsWithin() must stay like this, no getIdentifiedDbms() in there
2011-05-03 14:13:45 +00:00
Miroslav Stampar
742b0ef76e
major improvement of ERROR data retrieval on MSSQL
2011-05-03 13:25:20 +00:00
Miroslav Stampar
2a7838928e
minor fancier --replicate update
2011-05-03 11:48:04 +00:00
Miroslav Stampar
b202d73b46
bug fix for MSSQL identificators which were starting with d, b, o and . Thing is that .lstrip strips all occurances of the given chars :) (spotted ancidentally)
2011-05-03 11:09:30 +00:00
Miroslav Stampar
1840b0e43b
fix for a bug reported by k1971@live.co.uk (OperationalError: unknown database dbo)
2011-05-03 10:22:38 +00:00
Miroslav Stampar
1e6c2fea74
update regarding warning for --random-agent during connection timeout in connection test phase
2011-05-03 10:05:42 +00:00
Miroslav Stampar
5e9620198c
fix for a privately reported bug ("AttributeError: item is disabled")
2011-05-02 18:18:04 +00:00
Miroslav Stampar
93dee30895
better fix for the previous commit
2011-05-02 13:34:55 +00:00
Miroslav Stampar
20ad1c1f2f
minor update to not confuse users when using -o
2011-05-02 13:24:35 +00:00
Bernardo Damele
ac2550535c
Proper fix for --technique=U bug
2011-05-01 23:42:41 +00:00
Miroslav Stampar
900ee0ff93
fix for a major bug reported by k1971@live.co.uk (1..9 99..)
2011-05-01 15:47:00 +00:00
Miroslav Stampar
494503b334
proper way to deal with generic cases
2011-05-01 08:04:08 +00:00
Miroslav Stampar
fcd69ba9c7
fix for a --technique=U
2011-05-01 07:37:22 +00:00
Bernardo Damele
955dbc85e7
Minor variable rename
2011-04-30 15:29:59 +00:00
Bernardo Damele
00f14bec5f
layout adjustment
2011-04-30 15:22:33 +00:00
Bernardo Damele
9a4ae7d9e2
More code refactoring of Backend class methods used
2011-04-30 14:54:29 +00:00
Bernardo Damele
f56d135438
Minor code restyling
2011-04-30 13:20:05 +00:00
Miroslav Stampar
983546d6bf
proper fix
2011-04-30 07:01:21 +00:00
Bernardo Damele
a5968fff3e
Added --count switch to count the number of entries for a specific table (when -T is provided), all database's tables (when only -D is provided) or all databases' tables when neither -D nor -T are provided
2011-04-30 00:22:22 +00:00
Bernardo Damele
956e75e2b5
Minor adjustment to --mobile.
...
Bug fix to --random-agent.
2011-04-29 21:50:48 +00:00
Miroslav Stampar
46f96f3c4c
removing Kindle from list as it's not really a smartphone
2011-04-29 19:32:30 +00:00
Miroslav Stampar
11124b21f9
implemented --mobile switch
2011-04-29 19:27:23 +00:00
Miroslav Stampar
6bb4dce3aa
minor refactoring
2011-04-29 15:22:32 +00:00
Miroslav Stampar
a2bb0d72e8
fix for a bug reported by rdsears@mtu.edu (TypeError: expected string or buffer)
2011-04-29 14:40:28 +00:00
Bernardo Damele
edac0b2558
Added switch --schema to enumerate DBMS schema and now --columns does not require a mandatory table (-T) anymore, instead it will act as an alias for --schema
2011-04-28 23:59:00 +00:00
Bernardo Damele
e35f25b2cb
Major recode of --os-pwn functionality. Now the Metasploit shellcode can not be run as a Metasploit generated payload stager anymore. Instead it can be run on the target system either via sys_bineval() (as it was before, anti-forensics mode, all the same) or via shellcodeexec executable. Advantages are that:
...
* It is stealthier as the shellcode itself does not touch the filesystem, it's an argument passed to shellcodeexec at runtime.
* shellcodeexec is not (yet) recognized as malicious by any (Avast excluded) AV product.
* shellcodeexec binary size is significantly smaller than a Metasploit payload stager (even when packed with UPX).
* UPX now is not needed anymore, so sqlmap package is also way smaller and less likely to be detected itself as malicious by your AV software.
shellcodeexec source code, compilation files and binaries are in extra/shellcodeexec/ folder now - copied over from https://github.com/inquisb/shellcodeexec .
Minor code refactoring.
2011-04-24 23:01:21 +00:00
Bernardo Damele
d0dff82ce0
Minor code refactoring relating set/get back-end DBMS operating system and minor bug fix to properly enforce OS value with --os switch
2011-04-23 16:25:09 +00:00
Miroslav Stampar
f88aa4b165
implemented suppressResumeInfo mechanism (huge slowdown on large tables)
2011-04-22 19:58:10 +00:00
Bernardo Damele
06a00fe85e
For development version, print also the revision number in the banner
2011-04-21 21:34:57 +00:00
Bernardo Damele
edc2d75702
Cosmetics and major bug fix
2011-04-21 21:15:23 +00:00
Bernardo Damele
b667c50588
store/resume info on xp_cmd available in session file
2011-04-21 14:25:04 +00:00
Bernardo Damele
a313df4d37
Allow user to force temporary folder with --tmp-path even if it has been saved one in the session file
2011-04-21 14:05:37 +00:00
Miroslav Stampar
e1a8d268d8
fix for UPX linux/macos
2011-04-21 10:52:34 +00:00
Bernardo Damele
11ecd16099
cosmetics
2011-04-21 10:08:38 +00:00
Miroslav Stampar
9ccf720c05
removing funny remark
2011-04-21 10:06:13 +00:00
Bernardo Damele
a91e6a8440
layout
2011-04-21 10:03:18 +00:00
Miroslav Stampar
cbfe743bad
added a comment
2011-04-21 10:01:58 +00:00
Miroslav Stampar
3b133303bf
refactoring
2011-04-19 22:54:13 +00:00
Miroslav Stampar
de2479b864
dealing with http://bugs.python.org/issue1602
2011-04-19 22:33:03 +00:00
Miroslav Stampar
44bbef42f8
minor cosmetics
2011-04-19 20:23:08 +00:00
Miroslav Stampar
13f8c001a7
minor update
2011-04-19 11:13:53 +00:00
Miroslav Stampar
7a06af9a92
added "lagging" critical message
2011-04-19 10:37:20 +00:00
Miroslav Stampar
a7c26366b4
doing that auto default value for --time-sec only for --tor
2011-04-19 08:43:29 +00:00
Miroslav Stampar
4d48ac54dc
automatically increasing default --time-sec value when --tor/--proxy used (not touching anything if explicit --time-sec set)
2011-04-19 08:34:21 +00:00
Miroslav Stampar
b79d4f70f3
cleaner solution for the problem solved with last commit
2011-04-18 14:51:48 +00:00
Miroslav Stampar
f5cff067c6
little hack for --time-sec
2011-04-18 14:46:18 +00:00
Miroslav Stampar
354a2ce249
'chardet' heuristic engine added to the project
2011-04-18 13:38:46 +00:00
Miroslav Stampar
6fab44d635
minor refactoring and improving of used regex
2011-04-17 22:37:00 +00:00
Miroslav Stampar
76d1f09b0a
minor cosmetics
2011-04-17 22:25:25 +00:00
Miroslav Stampar
9aae447553
minor update for matching SOAP messages
2011-04-17 22:21:32 +00:00
Miroslav Stampar
a7366bf710
SOAP refactoring
2011-04-17 21:39:00 +00:00
Miroslav Stampar
c7ff5dcbeb
minor update
2011-04-17 08:48:13 +00:00
Miroslav Stampar
ee88ccf0ac
well, this could be important :)
2011-04-17 08:33:46 +00:00
Miroslav Stampar
29ee760021
improving time based data retrieval mechanism
2011-04-17 07:24:18 +00:00
Miroslav Stampar
c461fdca54
some refactoring
2011-04-15 13:51:06 +00:00
Miroslav Stampar
0387654166
update of copyright string (until year)
2011-04-15 12:33:18 +00:00
Miroslav Stampar
4d8a49a87c
more standard way to display hex encoded char (\xff instead of \ff) also compatible with python representation
2011-04-15 11:53:20 +00:00
Miroslav Stampar
467d1a50b3
removed debug message that could cause confusion
2011-04-15 11:28:01 +00:00
Miroslav Stampar
8c6f7c7d5f
explicit usage of --time-sec will implicitly turn off auto-adjustment of time delay
2011-04-15 08:52:53 +00:00
Miroslav Stampar
3efd9e3959
improved htmlunescape (great for localized html escape codes)
2011-04-14 21:36:13 +00:00
Miroslav Stampar
ded28442fb
minor fixes and refactoring regarding safecharencoding
2011-04-14 15:54:00 +00:00
Miroslav Stampar
866cdb4cf7
speed of --replicate is now vastly improved
2011-04-14 14:34:12 +00:00
Miroslav Stampar
eafab03d99
safe decoding values going into --replicate (as we should have a "replicate" and sqlite3 supports all chars)
2011-04-14 13:53:56 +00:00
Miroslav Stampar
30bfefd638
minor fix
2011-04-14 12:58:03 +00:00
Bernardo Damele
5cf38cd0d7
More cookies to ignore
2011-04-14 12:46:14 +00:00
Miroslav Stampar
8426d48e2e
minor refactoring
2011-04-14 10:14:46 +00:00
Miroslav Stampar
930262f573
minor update related to the last commit
2011-04-14 10:12:07 +00:00
Miroslav Stampar
1c5427baf8
minor fix
2011-04-14 09:54:29 +00:00
Miroslav Stampar
bb99bd2fbe
one more commit related to the issue with displaying of garbled characters
2011-04-14 09:43:36 +00:00
Miroslav Stampar
04986be4b9
update regarding safe character output together with a small fix for newlines
2011-04-14 09:31:45 +00:00
Miroslav Stampar
5dfb55effc
revert of the last commit because of this http://osvdb.org/show/osvdb/26582
2011-04-14 06:46:32 +00:00
Miroslav Stampar
786f305e1a
minor update
2011-04-14 06:43:08 +00:00
Miroslav Stampar
21114d1748
added IGNORE_PARAMETERS to skip testing of state/session web server parameters
2011-04-13 19:01:02 +00:00
Miroslav Stampar
58a93c5b1f
better beep for MacOSX
2011-04-13 18:32:47 +00:00
Miroslav Stampar
d06ae9cd47
implemented retrieved items info for partial union too
2011-04-13 14:33:15 +00:00
Miroslav Stampar
f5f2201bbc
minor cosmetics for partial inband retrieval
2011-04-13 11:25:42 +00:00
Miroslav Stampar
c193b896be
just in case update to prevent gibberish "retrieved: " outputs
2011-04-12 23:07:50 +00:00
Miroslav Stampar
5346ecbb56
fix for a "accept certificate first time for svn"
2011-04-12 14:25:17 +00:00
Miroslav Stampar
941daa1645
just in case to prevent "object of type 'NoneType' has no len()" error reports
2011-04-11 11:59:02 +00:00
Miroslav Stampar
08d14886fd
added new dev version string
2011-04-11 09:44:44 +00:00
Bernardo Damele
07d6b18c4e
cutting for 0.9 stable
2011-04-11 00:24:51 +00:00
Miroslav Stampar
8597409d9e
lowering the value
2011-04-10 22:57:17 +00:00
Bernardo Damele
14219a3dac
Minor bug fix
2011-04-10 22:44:08 +00:00
Miroslav Stampar
940c225d7c
few fixes
2011-04-10 20:53:27 +00:00
Bernardo Damele
d324704844
Removed unused code
2011-04-10 20:39:15 +00:00
Miroslav Stampar
decab6642d
fix for that @chunk bug
2011-04-10 16:46:33 +00:00
Miroslav Stampar
723a7447b2
minor refactoring
2011-04-10 07:16:19 +00:00
Miroslav Stampar
c714ac6421
added support for handling binary data values (no more garbish chars)
2011-04-09 23:13:16 +00:00
Miroslav Stampar
4ad73f9263
added two new valuable functions for dealing with binary data (e.g. binary representations of password hashes) and some cosmetics
2011-04-09 22:39:03 +00:00
Miroslav Stampar
c4c40308c6
no more annoying "no metasploit found" for case when msfpath provided with root directory of Metasploit (not the bin one)
2011-04-08 22:42:07 +00:00
Miroslav Stampar
83feb097ef
greater flexibility for --batch when default is None
2011-04-08 22:29:50 +00:00
Miroslav Stampar
228cc68747
fix for those ugly DEBUG messages in brute mode
2011-04-08 11:02:21 +00:00
Miroslav Stampar
be11e2535e
one more minor update
2011-04-08 00:05:44 +00:00
Miroslav Stampar
3435d549a9
minor update regarding the last commit
2011-04-07 23:35:51 +00:00
Miroslav Stampar
726155383d
higher compatibility with MSSQL 2000 ("ORDER BY items must appear in the select list if the statement contains a UNION operator.") as we always take the first field from the list as the one for referencing (field = expressionFieldsList[0])
2011-04-07 23:32:07 +00:00
Miroslav Stampar
b288e5ef57
implemented DNS caching mechanism
2011-04-07 21:39:18 +00:00
Miroslav Stampar
ae4ea0af45
fix for a bug reported by m4l1c3 (AttributeError: 'NoneType' object has no attribute 'replace')
2011-04-07 13:57:07 +00:00
Miroslav Stampar
6a8a5db9aa
minor code restyling
2011-04-07 13:27:29 +00:00
Bernardo Damele
9e8c933333
cosmetics
2011-04-07 10:40:58 +00:00
Miroslav Stampar
68828d68a5
removed integers from --technique
2011-04-07 10:37:48 +00:00
Miroslav Stampar
fced81b6be
minor update
2011-04-07 10:32:39 +00:00
Miroslav Stampar
845533e92f
minor refactoring
2011-04-07 10:27:22 +00:00
Bernardo Damele
1880f18367
Minor layout adjustments
2011-04-07 10:07:52 +00:00
Bernardo Damele
17844eb87c
Refactoring to --technique
2011-04-07 10:00:47 +00:00
Bernardo Damele
05d12790f1
closes #219 - unhidden switch --technique and adapted code accordingly (renamed conf.technique to conf.tech to fit properly in the -h help message)
2011-04-06 14:41:44 +00:00
Miroslav Stampar
a379463213
cosmeticado
2011-04-06 08:40:06 +00:00
Miroslav Stampar
b327bbcd9b
minor fix (it was quite ... to have this check at the later stage)
2011-04-06 08:39:24 +00:00
Bernardo Damele
81034140c0
Reduced number of threads to 3 when -o is provided
2011-04-06 08:15:20 +00:00
Miroslav Stampar
2c01fc56e6
minor update regarding misusage of --proxy and --ignore-proxy switches
2011-04-04 09:19:43 +00:00
Miroslav Stampar
305115a68b
important improvement of data handling (POST data and header values)
2011-04-03 15:02:52 +00:00
Miroslav Stampar
bbd4c128b0
minor update related to the last commit
2011-04-01 22:19:42 +00:00
Miroslav Stampar
cd7e4f5afc
improvement for lots of multiple-selection forms (now by default the first one is selected - till now it was left unchecked which lead to blank get/post data for the whole form)
2011-04-01 22:12:24 +00:00
Bernardo Damele
c3b54cc222
Cosmetics
2011-04-01 16:40:28 +00:00
Miroslav Stampar
e27afef6be
minor update regarding --current-db on Oracle
2011-04-01 15:56:11 +00:00
Bernardo Damele
eb99f68a7a
Minor improvement to --wizard. This does not mean I like the kiddie feature though ;)
2011-04-01 14:55:39 +00:00
Miroslav Stampar
de4e0c7346
minor update related to the problem with request files reported by jorge_a_santos@hotmail.com
2011-04-01 12:09:11 +00:00
Miroslav Stampar
ee15988878
another minor update related to previous commit
2011-03-31 17:34:07 +00:00
Miroslav Stampar
156d24203f
speed optimization
2011-03-31 17:16:26 +00:00
Miroslav Stampar
220366b6e8
minor update (ip addresses will not be confused any more for crypt_generic hashes)
2011-03-31 16:56:26 +00:00
Miroslav Stampar
c5de903eab
minor improvement ("quick defense against substr fields")
2011-03-31 09:35:09 +00:00
Miroslav Stampar
ce51326bff
quick fix
2011-03-31 08:43:17 +00:00
Miroslav Stampar
dd01d66f13
proper update regarding last commit
2011-03-29 22:10:08 +00:00
Miroslav Stampar
b6af80bab3
refactoring, cleanup and improvement
2011-03-29 21:54:15 +00:00
Miroslav Stampar
adfbfef8c1
minor refactoring
2011-03-29 21:01:47 +00:00
Miroslav Stampar
12f3024c8a
removing that boring message "reflective value found and filtered out" for headers case (we always include Uri header)
2011-03-29 20:45:21 +00:00
Miroslav Stampar
d0861a00e2
minor improvement
2011-03-29 15:37:57 +00:00
Miroslav Stampar
d28ca5809b
adding support for meta HTML header 'refresh' - popular one amongst login pages (stumbled when tested blind injections on Mutillidae login page)
2011-03-29 14:16:28 +00:00
Miroslav Stampar
7cf4ba83dc
minor refactoring and comment update
2011-03-29 12:08:07 +00:00
Miroslav Stampar
5560196648
minor fix
2011-03-29 11:50:12 +00:00
Miroslav Stampar
e20d460809
Bernardo will kill me (added --wizard for total beginners)
2011-03-29 11:42:55 +00:00
Miroslav Stampar
86f93713d3
fix for a bug reported by m4l1c3 (object of type 'NoneType' has no len()) and minor update
2011-03-29 06:25:17 +00:00
Miroslav Stampar
bf0e3c4662
improvement for --forms with empty fields
2011-03-28 22:48:00 +00:00
Miroslav Stampar
1e22ff45de
minor update regarding testing of GET parameters if --data and/or --forms is used
2011-03-28 16:14:08 +00:00
Miroslav Stampar
625f124263
little info message
2011-03-28 12:13:17 +00:00
Miroslav Stampar
47924fb92e
fix for a bug reported by malice.anon@gmail.com (AttributeError: 'unicode' object has no attribute 'geturl')
2011-03-27 13:41:54 +00:00
Miroslav Stampar
76b7e3517d
minor update
2011-03-27 07:58:15 +00:00
Miroslav Stampar
afe2be6a9f
implementation of Standard DES hashing (crypt)
2011-03-26 20:46:25 +00:00
Miroslav Stampar
c5b6d377fb
fix for a bug reported by Kirill Morozov (we haven't expected mixed case/copied results in partial union pages)
2011-03-25 12:14:19 +00:00
Miroslav Stampar
af5342c495
fix for partial inband queries on MSSQL
2011-03-25 11:19:15 +00:00
Miroslav Stampar
e80c9e08d8
minor update regarding --live-test
2011-03-25 09:03:08 +00:00
Miroslav Stampar
1f1c4c0e61
better update related to the last commit
2011-03-24 20:04:20 +00:00
Miroslav Stampar
c0cc5d1dad
minor update
2011-03-24 17:18:03 +00:00
Miroslav Stampar
f3858a5fcf
another fix related to the bug reported by Alone Shell
2011-03-24 17:08:14 +00:00
Miroslav Stampar
e42cdfd138
adding possibility to run only one live test (e.g. --run-case=8)
2011-03-24 12:07:47 +00:00
Miroslav Stampar
2b15ad57c2
basic live tests against 3 major DBMSes
2011-03-24 11:47:01 +00:00
Miroslav Stampar
ecbbfeba6e
introduction of --fresh-queries
2011-03-24 10:08:47 +00:00
Miroslav Stampar
d79fae724c
minor refactoring
2011-03-24 09:16:21 +00:00
Miroslav Stampar
0bb08d09d2
fix for a bug reported by Kirill (value is None in attack table phase) and minor fix for loading request file
2011-03-24 08:43:40 +00:00
Miroslav Stampar
bd75fd26e9
implementing a --page-rank switch as requested by l0rda@l0rda.biz
2011-03-23 11:57:57 +00:00
Miroslav Stampar
5a1aaecf16
minor fix so concatenated queries could be run in Oracle --sql-shell (e.g. select NAME||chr(58)||OWNER FROM ALL_SOURCE WHERE TYPE='FUNCTION')
2011-03-22 13:07:37 +00:00
Miroslav Stampar
b5c9ccb755
Oracle XML based error payload has problems with char $ as with space
2011-03-21 13:13:12 +00:00
Miroslav Stampar
3ca5cddca7
massive BUG FIX (if NULL is one of dumping values it will screw everything in corner cases because "SELECT 1 WHERE NULL IN (NULL)" and "SELECT 1 WHERE NULL NOT IN (NULL)" will always return nothing/nadda/zero/not even NULL)
2011-03-20 23:54:56 +00:00
Miroslav Stampar
088c815567
minor update (exposing --tor switch)
2011-03-19 18:28:51 +00:00
Miroslav Stampar
2cc91b8470
minor fix
2011-03-19 17:44:34 +00:00
Miroslav Stampar
7c2b3afafb
minor fix (-r required Content-Length which is a part of Burp log and as we share the parsing logic this was a headache for -r)
2011-03-19 17:37:26 +00:00
Miroslav Stampar
139448eeb9
little stabilization regarding POST url(de/en)coding
2011-03-19 16:53:14 +00:00
Miroslav Stampar
0fcd999e51
fix for a bug reported by malice
2011-03-18 16:52:46 +00:00
Miroslav Stampar
58e9a074d3
masking some more command line arguments
2011-03-18 16:47:18 +00:00
Miroslav Stampar
36233fac42
update regarding a feature request from andyroyalbattle@yahoo.it
2011-03-18 16:35:30 +00:00
Miroslav Stampar
00b9d85ffc
fix regarding bug report from andyroyalbattle@yahoo.it
2011-03-18 16:26:39 +00:00
Miroslav Stampar
4e300baaf2
minor cosmetics
2011-03-18 14:09:18 +00:00
Miroslav Stampar
3628887110
los cosmeticados
2011-03-18 14:08:36 +00:00
Miroslav Stampar
75c0e09f43
little refactoring
2011-03-18 13:46:51 +00:00
Miroslav Stampar
c301b245a9
adding default value for referer in case --referer was not defined and --level>=3 used (so it could be tested with default value)
2011-03-18 13:39:51 +00:00
Miroslav Stampar
b53c9a2599
minor fix and some refactoring
2011-03-18 00:24:02 +00:00
Miroslav Stampar
fbd0cfda29
minor update toward the implementation of request from Santiago
2011-03-17 06:39:05 +00:00
Bernardo Damele
f00aff5303
-v 0 shows both error, critical and raw_input messages
2011-03-11 22:02:38 +00:00
Bernardo Damele
d7d47b6257
Minor bug fix (revert)
2011-03-11 21:56:45 +00:00
Miroslav Stampar
e64f225e65
minor refactoring
2011-03-11 20:16:34 +00:00
Miroslav Stampar
6cc745f789
removal of deprecated piece of code (replaced later with that getCurrentThreadData().disableStdOut)
2011-03-11 20:04:15 +00:00
Miroslav Stampar
5eae525010
this was bothering me for some time (POST and/or GET payloads needs to be urlencoded throughly)
2011-03-11 19:57:44 +00:00
Bernardo Damele
3cb0ca4b63
Minor bug fix for --privileges on PgSQL with error-based SQL inj technique
2011-03-11 15:24:25 +00:00
Bernardo Damele
5af7410cb1
Another bug fix for --privileges on PgSQL with UNION query technique
2011-03-11 15:13:09 +00:00
Bernardo Damele
74ef1e53c7
Minor bug fixes to --privileges for PostgreSQL query (corner case)
2011-03-11 14:54:41 +00:00
Miroslav Stampar
eb1cda7065
minor refactoring (more consistent)
2011-03-09 12:06:32 +00:00
Miroslav Stampar
62e3510387
minor refactoring
2011-03-09 11:37:37 +00:00
Miroslav Stampar
5c97f9a496
improvement of url encoding technique (implemented failsafe routine for shortening too long GET queries)
2011-03-09 09:36:56 +00:00
Miroslav Stampar
9b2962ff1c
now when we don't urlencode whole URI using : and \ as safe chars is not a good idea
2011-03-09 08:56:29 +00:00
Miroslav Stampar
30619c599b
minor update regarding encoding (adding few safe chars for e.g. CHR(50)|...)
2011-03-08 11:53:59 +00:00
Miroslav Stampar
cc0306044c
adding SVN revision number support for non SVN client platforms
2011-03-07 21:54:30 +00:00
Miroslav Stampar
16b286982d
fix for a bug reported by nightman (AttributeError: 'list' object has no attribute 'split')
2011-03-07 09:50:43 +00:00
Miroslav Stampar
8edc3b3302
further update regarding last commit
2011-03-03 10:39:04 +00:00
Miroslav Stampar
bc50387a17
possible fix for a bug reported by Black Zero (UnicodeDecodeError for --forms)
2011-03-03 09:42:50 +00:00
Miroslav Stampar
f27f05308a
minor update for masking sensitive data in error report (added aCred too)
2011-03-02 10:09:17 +00:00
Miroslav Stampar
ad2e4002ea
minor improvement
2011-03-01 10:38:27 +00:00
Miroslav Stampar
0f3cc153a3
fix for --technique
2011-03-01 09:54:06 +00:00
Miroslav Stampar
2bf212ffa9
minor minor update
2011-02-27 20:43:38 +00:00
Miroslav Stampar
7036190e8e
minor improvement of regular expression
2011-02-27 17:58:01 +00:00
Miroslav Stampar
21041f8b90
further reflective value handling improvement
2011-02-27 17:43:41 +00:00
Bernardo Damele
6e8ebd35f4
Hide switch -x (XML output format) as it is incomplete and bugged and won't make it for 0.9 stable
2011-02-27 12:17:41 +00:00
Miroslav Stampar
88faedc0fe
fix for a bug reported by -insane-
2011-02-26 17:48:19 +00:00
Miroslav Stampar
11996ce12e
bug fix for international encoded letters
2011-02-25 22:43:01 +00:00
Miroslav Stampar
2bbbc9a41e
few updates
2011-02-25 09:35:24 +00:00
Miroslav Stampar
aa88361ab1
incorporation of method for neutralization of reflective values
2011-02-25 09:22:44 +00:00
Miroslav Stampar
708ddf5608
added protection mechanism against reflected values
2011-02-24 16:52:46 +00:00
Miroslav Stampar
38dc82e13e
If no Accept header field is present, then it is assumed that the client accepts all media types.
2011-02-22 22:26:22 +00:00
Miroslav Stampar
d05bd75068
adding experimental for --group-concat
2011-02-22 14:35:38 +00:00
Miroslav Stampar
3f8eadf4fe
minor refactoring
2011-02-22 13:00:58 +00:00
Miroslav Stampar
dcad5410fe
minor refactoring
2011-02-22 12:54:22 +00:00
Bernardo Damele
3e8c204121
Major bug fix to properly prepare UNION technique statement for --os-pwn and --is-dba
2011-02-21 16:00:56 +00:00
Miroslav Stampar
aac817935a
further improvement of MaxDB support
2011-02-20 22:41:42 +00:00
Miroslav Stampar
70449eb01b
minor bug fix
2011-02-20 21:35:28 +00:00
Miroslav Stampar
345df5968d
minor update
2011-02-20 21:27:38 +00:00
Bernardo Damele
8e60acae5d
Added support for --scope also in WebScarab logs (-l)
2011-02-19 21:03:55 +00:00
Miroslav Stampar
b71bb321dd
some more Sybase updates
2011-02-19 18:04:27 +00:00
Miroslav Stampar
cec7694aac
some progress regarding SYBASE
2011-02-19 14:56:58 +00:00
Miroslav Stampar
e0efe453ab
minor update regarding Sybase support
2011-02-19 14:07:08 +00:00
Miroslav Stampar
df58bcaf95
minor improvement
2011-02-18 14:27:02 +00:00
Miroslav Stampar
6cdf08b81c
minor fix
2011-02-17 21:51:40 +00:00
Miroslav Stampar
22cd49a217
--technique can now be something like 123 which includes both techniques 1, 2 and 3
2011-02-17 21:39:16 +00:00
Miroslav Stampar
199f14df46
implementation of MySQL GROUP_CONCAT technique
2011-02-15 00:28:27 +00:00
Bernardo Damele
2ea828e416
Proper fix for r3307 (file-write on MySQL via UNION query tech)
2011-02-13 22:48:01 +00:00
Miroslav Stampar
417b311475
minor update
2011-02-13 22:02:47 +00:00
Miroslav Stampar
50d25c3b4d
update regarding explicit testing of ua and referer when using -p
2011-02-13 21:58:48 +00:00
Miroslav Stampar
5fb11fd173
update regarding multiple DBMS payloads
2011-02-13 21:20:21 +00:00
Miroslav Stampar
9f7d666451
removing --method per request of buawig
2011-02-12 19:50:27 +00:00
Bernardo Damele
7253362114
Minor bug fix so that --file-write on MySQL via UNION query now works again
2011-02-11 23:35:45 +00:00
Miroslav Stampar
535eb9f3eb
implementation of referer feature
2011-02-11 23:07:03 +00:00
Miroslav Stampar
4295a78c5f
minor update
2011-02-10 19:51:34 +00:00
Bernardo Damele
c078de894f
Added support for --privileges on MSSQL to test wheter or not the DBMS users are DBA
2011-02-10 14:24:04 +00:00
Bernardo Damele
864eade744
Fixed store and resume of brute-forced tables/columns for MSSQL/Sybase
2011-02-10 11:14:05 +00:00
Bernardo Damele
aa0fb276ba
More fixes for --common-columns to work against MSSQL too
2011-02-09 17:22:07 +00:00
Miroslav Stampar
7d9be18789
added one comment
2011-02-09 14:34:18 +00:00
Miroslav Stampar
bafc8a1b0f
another update
2011-02-09 13:29:52 +00:00
Miroslav Stampar
600f729139
fix for a bug reported by skysbsb@gmail.com (double ORDER BY)
2011-02-09 12:43:09 +00:00
Miroslav Stampar
5b57a69f3e
fix
2011-02-09 11:20:03 +00:00
Miroslav Stampar
37f7001143
first commit with mysql/error/substringing
2011-02-08 16:23:33 +00:00
Bernardo Damele
c3eb82e60b
Proper fix
2011-02-08 10:08:48 +00:00
Miroslav Stampar
dba2f74588
revert of r3274
2011-02-08 09:44:34 +00:00
Bernardo Damele
cfe2da0195
Minor fix
2011-02-08 00:13:39 +00:00
Bernardo Damele
0a81415f2f
Minor code cleanup
2011-02-08 00:02:54 +00:00
Miroslav Stampar
771020abd6
one more related commit
2011-02-07 16:32:08 +00:00
Miroslav Stampar
265e7ca272
fix for that MSSQL limit/top problem
2011-02-07 16:24:23 +00:00
Miroslav Stampar
99e9412f74
minor update
2011-02-07 12:34:23 +00:00
Miroslav Stampar
e023e0d233
proper fix
2011-02-07 12:32:08 +00:00
Bernardo Damele
39decebe85
Minor fixes to checking/re-enabling of xp_cmdshell procedure
2011-02-07 12:17:19 +00:00
Miroslav Stampar
096efea282
added BULK to EXCLUDE_UNESCAPE and preventing crashes when output=[]
2011-02-07 10:22:43 +00:00
Bernardo Damele
ba3a8a69d4
More statements to exclude from unescap'ing
2011-02-07 00:33:54 +00:00
Bernardo Damele
3719f085ae
Added back-end dbms' OS based methods to Backend object - will be used for refactoring
2011-02-07 00:21:17 +00:00
Bernardo Damele
2e00656235
Minor fix
2011-02-07 00:20:23 +00:00
Bernardo Damele
bf5ca4bd9a
No point in unescaping the expression also in suffixQuery() also 'cause it will exit sqlmap if the parameter value is a string hence injection payload starts with single quote (')
2011-02-06 23:30:43 +00:00
Bernardo Damele
061f56daf9
More adjustments related to unescape() and cleanupPayload().
...
Minor code cleanup related to error-based payload.
2011-02-06 23:27:56 +00:00
Bernardo Damele
6a71629575
Converted from DOS format (\n\r to \n only)
2011-02-06 23:25:55 +00:00
Bernardo Damele
0800d9e49b
Major bug fix for semi-centralize unescape() and cleanupPayload() into prefixQuery() and suffixQuery()
2011-02-06 22:58:12 +00:00
Bernardo Damele
f3d6be7868
Code cleanup
2011-02-06 22:32:44 +00:00
Miroslav Stampar
078a2207cc
few reverts
2011-02-06 22:10:28 +00:00
Miroslav Stampar
b9b2fe0e7c
little cleanup
2011-02-06 21:52:39 +00:00
Miroslav Stampar
c4c2cf1d58
can't stay as it is right now. temporary disabling.
2011-02-06 21:17:41 +00:00
Bernardo Damele
6191a7f26f
Major fix for a silent bug
2011-02-06 15:53:43 +00:00
Miroslav Stampar
4df8a03c04
using OrderedDict to store parameters in order of appearance
2011-02-04 18:07:21 +00:00
Miroslav Stampar
acb986ae80
minor refactoring
2011-02-04 17:40:55 +00:00
Bernardo Damele
fec88f6a6d
Minor fix
2011-02-04 15:57:53 +00:00
Miroslav Stampar
09e88cfb19
fix for a bug reported by zack.payton@executiveinstruments.com (object of type 'NoneType' has no len())
2011-02-04 14:05:47 +00:00
Miroslav Stampar
f83f1a1e06
minor just in case update
2011-02-04 13:08:54 +00:00
Miroslav Stampar
c69b76776e
minor refactoring
2011-02-04 13:04:19 +00:00
Miroslav Stampar
accf4e6ce0
one important fix (URI injection parameter '*' now can go anywhere)
2011-02-04 12:43:18 +00:00
Miroslav Stampar
c19d481bb1
little clean up
2011-02-04 12:25:14 +00:00
Miroslav Stampar
c229efba05
revert
2011-02-04 11:33:21 +00:00
Miroslav Stampar
d211def899
minor adjustment (accepting strange new looking uri formats)
2011-02-04 10:55:03 +00:00
Miroslav Stampar
e4933f0c92
refactoring
2011-02-03 23:25:56 +00:00
Miroslav Stampar
9a1a28c804
adding comments to filtering function
2011-02-03 23:09:08 +00:00
Miroslav Stampar
e5f54644f0
minor "statistical" update
2011-02-03 16:59:49 +00:00
Miroslav Stampar
b56a77e573
removing obsolete switches (--threshold, --excl-reg, --excl-str)
2011-02-03 15:55:19 +00:00
Miroslav Stampar
1b9850b73a
revert of last commit (conf dictionary has a method "update" which caused if conf.update to True always :) )
2011-02-03 12:21:29 +00:00
Miroslav Stampar
5edba2ffbc
minor change (conf.updateAll to conf.update)
2011-02-03 11:13:39 +00:00
Miroslav Stampar
5f49e20cc8
adding --random-agent and removing -a
2011-02-02 14:51:12 +00:00
Miroslav Stampar
2dae57a56d
cosmetics
2011-02-02 14:35:21 +00:00
Miroslav Stampar
6c87bd1c63
added maskSensitiveData function
2011-02-02 14:25:16 +00:00
Miroslav Stampar
8134c2154a
adding WHERE enum for payloads
2011-02-02 13:34:09 +00:00
Miroslav Stampar
d6c9515f78
minor update
2011-02-02 13:03:24 +00:00
Miroslav Stampar
e73a147fb5
minor update
2011-02-02 11:49:59 +00:00
Miroslav Stampar
e33428b833
adding __findUnionCharCount function
2011-02-02 11:22:35 +00:00
Miroslav Stampar
99aa38b58f
minor refactoring
2011-02-02 10:10:28 +00:00
Miroslav Stampar
23c95107ed
we must do this because people tend to use ignorantly huge number threads resulting in lots of CRITICAL (timeout) connection messages (also, avoiding DoS)
2011-02-02 09:24:37 +00:00
Miroslav Stampar
af99105c27
lol. sybase and maxdb were just ignored while fingerprinted because they weren't in dbmsDict screwing half of dbms related functions (most notably aliasToDbmsEnum)
2011-02-01 22:45:38 +00:00
Bernardo Damele
2619e4895f
Properly handle --technique at save/resume phase
2011-02-01 22:05:48 +00:00
Bernardo Damele
3d966bd569
You never know..
2011-02-01 22:05:12 +00:00
Miroslav Stampar
705d45f4db
minor cosmetics
2011-02-01 11:10:23 +00:00
Miroslav Stampar
196e2d35b2
maybe we could ask user "are you willing to import local data content into error report" and use this function respectably
2011-02-01 11:06:56 +00:00
Bernardo Damele
6761933f75
Just.. cosmetics ;)
2011-01-31 22:51:14 +00:00
Miroslav Stampar
25c175a9a5
minor bug fix
2011-01-31 22:34:57 +00:00
Bernardo Damele
b04e1a0313
More detailed message for unhandled exception
2011-01-31 21:23:40 +00:00
Bernardo Damele
ec9ebb3479
Set threads to 4 when optimization switch is provided, -o
2011-01-31 21:21:13 +00:00
Bernardo Damele
8397c526d8
Minor adjustment
2011-01-31 21:20:23 +00:00
Miroslav Stampar
fa58a9c86b
update (now URIs like www.site.com/id82 are automatically treated as possible URI injectable)
2011-01-31 20:36:01 +00:00
Miroslav Stampar
b1dc928e68
implemented validation for time-based inference
2011-01-31 16:07:23 +00:00
Miroslav Stampar
25463bc67c
fix for a bug (--predict-output) noticed by Bernardo
2011-01-31 15:00:41 +00:00
Miroslav Stampar
60a2364f2b
now union technique parses headers too
2011-01-31 12:41:39 +00:00
Miroslav Stampar
8ef47307db
added checking of header values for GREP (error); still UNION to do
2011-01-31 12:21:17 +00:00
Miroslav Stampar
fb3513650d
adding ID properties
2011-01-31 11:41:28 +00:00
Miroslav Stampar
f9eac97fe8
refactoring of MSSQL XML banner parsing
2011-01-31 11:38:00 +00:00
Miroslav Stampar
7175efcae1
another minor cosmetic update
2011-01-31 10:59:51 +00:00
Miroslav Stampar
97328c3104
minor fix
2011-01-31 10:54:13 +00:00
Miroslav Stampar
5e768be509
minor bug fix
2011-01-31 09:34:54 +00:00
Miroslav Stampar
f7feebe0df
fix for a bug reported by malice.anon@gmail.com (TypeError: encode() takes no keyword arguments)
2011-01-31 09:28:16 +00:00
Miroslav Stampar
fc9c626f9e
minor refactoring (removed URL_ENCODE_PAYLOAD)
2011-01-30 17:03:06 +00:00
Bernardo Damele
21e7223779
perhaps this is better english
2011-01-30 16:34:13 +00:00
Miroslav Stampar
ddf23ba7cc
refactoring
2011-01-30 11:36:03 +00:00
Miroslav Stampar
367d0639f0
refactoring (class names should always be Capital cased)
2011-01-28 16:36:09 +00:00
Miroslav Stampar
ddd296030d
added some more info to unhandled exception message(s)
2011-01-28 16:15:45 +00:00
Miroslav Stampar
8e74c571bc
centralization of urlencoding should be (only) in connect.py and we are from now on handling non-urlencoded data at other levels
2011-01-27 19:44:24 +00:00
Miroslav Stampar
81722b6881
major bug fix reported by Ahmed Shawky (there was a possibility of double url encoding of parameter values)
2011-01-27 18:36:28 +00:00
Miroslav Stampar
03413bd5e0
minor refactoring before a huge bug fix reported by Ahmed Shawky (we are falsely urlencoding ORIGINAL part of the injection payload)
2011-01-27 16:55:58 +00:00
Miroslav Stampar
bb6e36fb02
minor updates
2011-01-27 12:38:39 +00:00
Miroslav Stampar
6cc69f5e16
now --technique is appliable also after the injections have been identified
2011-01-24 16:47:24 +00:00
Miroslav Stampar
81011be0d7
minor update of parseTargetUrl method
2011-01-24 14:52:50 +00:00
Bernardo Damele
e1db2700f0
Minor bug fix to properly deal --prefix and --suffix and parameter replace payloads
2011-01-24 12:25:45 +00:00