Miroslav Stampar
|
bf3fbb0ae0
|
Ignore Google analytics cookies
|
2013-12-04 09:56:37 +01:00 |
|
Moshe Kaplan
|
8cd641a2a6
|
minor typos corrected
"choosen" -> "chosen"
|
2013-10-15 13:26:24 -04:00 |
|
Miroslav Stampar
|
38ee95e2c9
|
Minor language update
|
2013-08-13 18:58:24 +02:00 |
|
Miroslav Stampar
|
52a71546d0
|
Implementation for an Issue #507
|
2013-08-13 18:55:23 +02:00 |
|
Miroslav Stampar
|
b921ff0729
|
Fix for an Issue #495
|
2013-07-27 11:20:43 +02:00 |
|
stamparm
|
690645f6c7
|
Cosmetic fix
|
2013-06-19 10:50:00 +02:00 |
|
Miroslav Stampar
|
034e123b0c
|
Minor fix (to accept -p cookie without need for raising --level / as it's already done for referer and user_agent)
|
2013-05-12 16:24:13 +02:00 |
|
stamparm
|
661b44135d
|
Minor bug fix
|
2013-04-10 11:59:07 +02:00 |
|
stamparm
|
8c9da95343
|
Style and consistency update (url -> URL)
|
2013-04-09 11:48:42 +02:00 |
|
Miroslav Stampar
|
153aa10b77
|
Minor cosmetic update
|
2013-04-03 19:00:54 +02:00 |
|
stamparm
|
6b2981ef4e
|
Update for an Issue #290 (adding tamper-like scripts into (new) directory waf)
|
2013-02-21 11:14:57 +01:00 |
|
Bernardo Damele
|
4b9d8ed673
|
reverted a previous commit as not all distributions create a link file /usr/bin/python2 to the Python interpreter
|
2013-02-14 11:32:17 +00:00 |
|
Bernardo Damele
|
a67ef4117f
|
make sure to use Python 2 interpreter when default system Python is version 3
|
2013-02-14 11:25:04 +00:00 |
|
Bernardo Damele
|
103045d284
|
variable renamed
|
2013-01-30 15:30:34 +00:00 |
|
Bernardo Damele
|
a56f4ec15c
|
techniques has to go too to the API (issue #297)
|
2013-01-29 15:34:53 +00:00 |
|
Bernardo Damele
|
a43202f3c0
|
updated copyright
|
2013-01-18 14:07:51 +00:00 |
|
Bernardo Damele
|
8125fe90a7
|
code refactoring
|
2013-01-14 10:22:38 +00:00 |
|
Miroslav Stampar
|
03dd958d96
|
Implementation for an Issue #48
|
2013-01-13 16:22:43 +01:00 |
|
Miroslav Stampar
|
934d41dac2
|
Minor style update (PEP8)
|
2013-01-10 15:02:28 +01:00 |
|
Miroslav Stampar
|
ca3d35a878
|
Some PEP8 related style cleaning
|
2013-01-10 13:18:44 +01:00 |
|
Miroslav Stampar
|
25f01a419f
|
Minor style update (for the sake of consistency over the code and our PEP8 adaptation)
|
2013-01-09 15:38:41 +01:00 |
|
Miroslav Stampar
|
87e923613f
|
Minor adjustment (URI (marked with custom injection char) has precedence over GET/POST)
|
2013-01-05 21:16:47 +01:00 |
|
Miroslav Stampar
|
5b77b20e2e
|
Removing trailing whitespaces (PEP8)
|
2013-01-03 23:57:07 +01:00 |
|
Miroslav Stampar
|
e4a3c015e5
|
Replacing old and deprecated raise Exception style (PEP8)
|
2013-01-03 23:20:55 +01:00 |
|
Miroslav Stampar
|
3d01890147
|
Patch for an Issue #56 (full target url is now being written to a output .CSV file in multi target mode)
|
2012-12-27 21:15:44 +01:00 |
|
Bernardo Damele
|
ac44cf3ec0
|
minor fix: add also back-end DBMS and web app fingerprint output to log file
|
2012-12-17 13:02:09 +00:00 |
|
Bernardo Damele
|
2442a58884
|
minor leftover of deprecated XMLRPC service
|
2012-12-17 11:26:31 +00:00 |
|
Miroslav Stampar
|
c3f20a136f
|
Minor update for an Issue #287
|
2012-12-12 14:03:03 +01:00 |
|
Miroslav Stampar
|
760519dbe9
|
Removing redundant piece of code
|
2012-12-11 15:21:27 +01:00 |
|
Miroslav Stampar
|
5677db02b7
|
Minor update
|
2012-12-10 12:40:28 +01:00 |
|
Miroslav Stampar
|
974407396e
|
Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods)
|
2012-12-06 14:14:19 +01:00 |
|
Miroslav Stampar
|
ab67344448
|
Removed unused imports and variables (pyflake-ing)
|
2012-12-06 11:15:05 +01:00 |
|
Miroslav Stampar
|
775e0df04b
|
Update for an Issue #278
|
2012-12-05 10:45:17 +01:00 |
|
Miroslav Stampar
|
949fcb77cf
|
Minor style update
|
2012-12-05 10:22:16 +01:00 |
|
Miroslav Stampar
|
a52dbc575b
|
Patch for an Issue #246
|
2012-11-13 10:21:11 +01:00 |
|
Miroslav Stampar
|
2de52927f3
|
Code refactoring (epecially Google search code)
|
2012-10-30 18:38:10 +01:00 |
|
Miroslav Stampar
|
c1b8226329
|
Massive renaming (proper naming is inband = union & error techniques! - query naming stays as they are/in code things like forgeInbandQuery are renamed to forgeUnionQuery)
|
2012-10-28 00:36:09 +02:00 |
|
Miroslav Stampar
|
d65d9e25cd
|
Implementation for an Issue #2
|
2012-10-19 11:02:14 +02:00 |
|
Miroslav Stampar
|
dee6d2f9ff
|
Minor language update
|
2012-10-04 11:34:14 +02:00 |
|
Miroslav Stampar
|
6eae7013b6
|
Minor cosmetics
|
2012-09-26 15:03:12 +02:00 |
|
Miroslav Stampar
|
687f3991de
|
Cleaning/refactoring of bunch of stacked/suffix/comment stuff (e.g.
|
2012-09-26 11:27:43 +02:00 |
|
Miroslav Stampar
|
c3d191e626
|
Minor update for an Issue #2
|
2012-09-06 14:13:54 +02:00 |
|
Miroslav Stampar
|
e9ae44c6fc
|
Implementation for an #162
|
2012-08-22 16:50:01 +02:00 |
|
Miroslav Stampar
|
25ee333e66
|
Minor language update
|
2012-08-22 12:00:17 +02:00 |
|
Miroslav Stampar
|
8a5042b6a4
|
Update for an #161 (preventing further skipping of non-heuristic parameters in ignore casted case)
|
2012-08-22 11:56:30 +02:00 |
|
Miroslav Stampar
|
61151447fe
|
Implementation of an Issue #161
|
2012-08-22 11:27:58 +02:00 |
|
Miroslav Stampar
|
6f450ac8bf
|
Implementation for an Issue #155
|
2012-08-20 12:14:01 +02:00 |
|
Miroslav Stampar
|
823dde73ab
|
Minor cleanup
|
2012-08-20 11:40:49 +02:00 |
|
Miroslav Stampar
|
2b6123c4f8
|
Minor style update
|
2012-08-20 11:29:23 +02:00 |
|
Miroslav Stampar
|
e0d9fa8666
|
Minor style update
|
2012-08-20 11:28:41 +02:00 |
|
Miroslav Stampar
|
f358ab2e73
|
Implementation of an Issue #147
|
2012-08-15 16:37:18 +02:00 |
|
Miroslav Stampar
|
142fc887f1
|
Fix for an Issue #129
|
2012-07-31 11:03:44 +02:00 |
|
Miroslav Stampar
|
b3552494c4
|
Minor preparation for an Issue #48
|
2012-07-26 12:26:57 +02:00 |
|
Miroslav Stampar
|
30f8d09651
|
Implementation for an Issue #70
|
2012-07-26 12:06:02 +02:00 |
|
Miroslav Stampar
|
3279ce53a8
|
Minor style update
|
2012-07-23 13:57:38 +02:00 |
|
Miroslav Stampar
|
87ecf205cb
|
More work for Issue #66
|
2012-07-14 17:01:04 +02:00 |
|
Miroslav Stampar
|
805120ac52
|
Minor refactoring
|
2012-07-14 11:01:30 +02:00 |
|
Bernardo Damele
|
162da75a04
|
modified homepage address
|
2012-07-12 18:38:03 +01:00 |
|
jekil
|
c39e5a85ba
|
Removed $id$ tags
|
2012-06-27 20:56:43 +02:00 |
|
Miroslav Stampar
|
302d782a0f
|
minor style update
|
2012-06-19 08:33:51 +00:00 |
|
Miroslav Stampar
|
2538e2d5b4
|
fixing an issue with --file-read and ROW() MySQL payload (it's internal caching mechanism prevents error message if FROM part is not unique enough dumping only partial file content); minor refactoring
|
2012-05-22 09:33:22 +00:00 |
|
Miroslav Stampar
|
b0a8238774
|
minor fixes
|
2012-05-09 14:58:16 +00:00 |
|
Miroslav Stampar
|
6ebb621228
|
adding support for (custom) POST injection (marking injection point with '*' in conf.data)
|
2012-04-17 14:23:00 +00:00 |
|
Miroslav Stampar
|
052d9455fe
|
warning user in cases of "User xyz already has more than 'max_user_connections' active connections"
|
2012-04-12 09:44:54 +00:00 |
|
Miroslav Stampar
|
f142c0f782
|
minor update
|
2012-02-28 14:04:13 +00:00 |
|
Miroslav Stampar
|
22b3fa0749
|
minor update
|
2012-02-27 15:28:36 +00:00 |
|
Miroslav Stampar
|
a9bf0297f6
|
moving injection data to HashDB
|
2012-02-27 13:44:07 +00:00 |
|
Miroslav Stampar
|
f94b91ad87
|
added helper function for HashDB data storing/retrieval
|
2012-02-24 13:07:20 +00:00 |
|
Miroslav Stampar
|
386e98a0e3
|
using UNION SELECT for where=..NEGATIVE
|
2012-02-22 09:41:58 +00:00 |
|
Miroslav Stampar
|
23cc8b6974
|
minor fix for special cases when parameter value contains html encoded characters
|
2012-02-14 14:08:10 +00:00 |
|
Miroslav Stampar
|
2604e73d88
|
minor change in workflow
|
2012-02-13 11:18:47 +00:00 |
|
Miroslav Stampar
|
96f589fc89
|
minor fix
|
2012-02-12 19:22:33 +00:00 |
|
Miroslav Stampar
|
249cb48b0b
|
minor fix
|
2012-02-10 15:59:11 +00:00 |
|
Miroslav Stampar
|
6be95194a7
|
matter of concision
|
2012-02-10 15:37:43 +00:00 |
|
Miroslav Stampar
|
eab7a54e03
|
cosmetics
|
2012-02-10 15:34:04 +00:00 |
|
Miroslav Stampar
|
92590d0d59
|
minor fix
|
2012-02-10 15:26:55 +00:00 |
|
Miroslav Stampar
|
e36e9de57e
|
minor update by request
|
2012-02-10 15:12:23 +00:00 |
|
Miroslav Stampar
|
8405ef59ac
|
some estetic updates
|
2012-02-01 14:49:42 +00:00 |
|
Miroslav Stampar
|
95f89ab63a
|
updating copyright date
|
2012-01-11 14:59:46 +00:00 |
|
Miroslav Stampar
|
1d0b43b1a2
|
implemented mechanism for merging cookies by request
|
2012-01-11 14:28:08 +00:00 |
|
Miroslav Stampar
|
1f085a0241
|
now [SLEEPTIME] is changeable properly in vivo
|
2012-01-05 14:45:05 +00:00 |
|
Miroslav Stampar
|
22c3fe49bb
|
some refactoring
|
2011-12-28 13:50:03 +00:00 |
|
Miroslav Stampar
|
f622995a29
|
compatibility with partial union and error technique resumed data
|
2011-12-22 12:20:21 +00:00 |
|
Miroslav Stampar
|
95cd9e2af3
|
adding support for scanning Host header values (-p host)
|
2011-12-20 12:52:41 +00:00 |
|
Miroslav Stampar
|
563c0c1066
|
adding switch --tor-type
|
2011-12-15 23:19:55 +00:00 |
|
Miroslav Stampar
|
872a73f631
|
minor refactoring
|
2011-11-29 19:17:07 +00:00 |
|
Miroslav Stampar
|
2ed3efba12
|
speed optimization and bug fix (kb.absFilePaths were not stored previously; also, they are now extracted only in heuristic phase)
|
2011-11-22 08:39:13 +00:00 |
|
Miroslav Stampar
|
eee03871d7
|
minor refactoring
|
2011-11-21 21:31:08 +00:00 |
|
Miroslav Stampar
|
7314de3490
|
language update
|
2011-11-15 11:17:39 +00:00 |
|
Miroslav Stampar
|
eb240243ea
|
minor update
|
2011-10-21 22:21:41 +00:00 |
|
Miroslav Stampar
|
05b9951a8b
|
minor beautification
|
2011-10-21 09:19:31 +00:00 |
|
Miroslav Stampar
|
a31a0aa8d4
|
minor update
|
2011-10-06 22:29:49 +00:00 |
|
Miroslav Stampar
|
d95ff4350d
|
bug fix
|
2011-09-20 13:08:35 +00:00 |
|
Miroslav Stampar
|
08e0eb9b61
|
minor lower/upper case fix
|
2011-08-29 13:47:32 +00:00 |
|
Miroslav Stampar
|
9be89422da
|
implemented parameter --skip
|
2011-08-29 13:29:42 +00:00 |
|
Miroslav Stampar
|
ac00014c4a
|
implemented --randomize switch by request
|
2011-08-29 12:50:52 +00:00 |
|
Miroslav Stampar
|
f7562da754
|
from now on proper union column count should be displayed in injection info output
|
2011-08-03 10:34:50 +00:00 |
|
Miroslav Stampar
|
07c3d4fb18
|
minor adjustment
|
2011-08-02 17:35:43 +00:00 |
|
Miroslav Stampar
|
0d6afca7db
|
adding new switch '--smart' by request
|
2011-07-10 15:16:58 +00:00 |
|
Bernardo Damele
|
aedcf8c8d7
|
Changed homepage address
|
2011-07-07 20:10:03 +00:00 |
|
Miroslav Stampar
|
93b296e02c
|
few bug fixes (NTLM credential parsing was wrong), some switch reordering (few Misc to General), implemented --check-waf switch (irony is that this will also be called highly experimental/unstable while other things will be called "major/turbo/super bug fix/implementation")
|
2011-07-06 05:44:47 +00:00 |
|
Miroslav Stampar
|
b8ffcf9495
|
few fixes here and there and multi-core processing for dictionary based hash attack
|
2011-07-04 19:58:41 +00:00 |
|
Miroslav Stampar
|
eaa2a4202f
|
changing to: --crawl=CRAWLDEPTH
|
2011-06-24 05:40:03 +00:00 |
|
Miroslav Stampar
|
29314f425e
|
minor fix
|
2011-06-20 13:42:31 +00:00 |
|
Miroslav Stampar
|
07e2c72943
|
adding Beautifulsoup (BSD) into extras; adding --crawl to options
|
2011-06-20 11:32:30 +00:00 |
|
Miroslav Stampar
|
a0129dcbcb
|
this is confusing for normal users (i've just get a mail where dude thinks that he needs to use tamper script because of this :)
|
2011-06-17 16:52:39 +00:00 |
|
Miroslav Stampar
|
6b1d5a0ab8
|
minor fix
|
2011-06-16 14:11:30 +00:00 |
|
Miroslav Stampar
|
4d51fa8155
|
minor update planned for a long time (in case of heuristic test was positive warn the user properly at the end if program fails)
|
2011-06-15 17:37:28 +00:00 |
|
Miroslav Stampar
|
71093b1cad
|
adding one more user friendly message
|
2011-06-09 09:58:42 +00:00 |
|
Bernardo Damele
|
70cac24909
|
Cosmetics
|
2011-06-08 15:31:27 +00:00 |
|
Bernardo Damele
|
cce3208b35
|
Cleanup
|
2011-06-08 14:15:34 +00:00 |
|
Miroslav Stampar
|
b7088440c2
|
better sentence
|
2011-05-30 22:47:17 +00:00 |
|
Miroslav Stampar
|
a8b58afdb2
|
minor update
|
2011-05-27 08:21:02 +00:00 |
|
Miroslav Stampar
|
48f52d7697
|
minor beautification
|
2011-05-27 08:16:14 +00:00 |
|
Miroslav Stampar
|
5d56e89cf5
|
minor update
|
2011-05-26 21:08:46 +00:00 |
|
Miroslav Stampar
|
06108b6da6
|
minor update related to the last commit
|
2011-05-26 20:58:24 +00:00 |
|
Miroslav Stampar
|
4f46a5ab63
|
minor usability enhancement regarding warning for --text-only switch
|
2011-05-26 20:48:18 +00:00 |
|
Miroslav Stampar
|
a1fd2898a0
|
added friendly tip message for url encoding GET and POST payloads
|
2011-05-25 11:10:52 +00:00 |
|
Miroslav Stampar
|
bec2c04671
|
helping dummy users
|
2011-05-24 17:15:25 +00:00 |
|
Miroslav Stampar
|
faa74cd2bc
|
introducing results file for multiple target mode
|
2011-05-15 22:21:38 +00:00 |
|
Miroslav Stampar
|
120b0d756e
|
unfix
|
2011-05-10 21:33:06 +00:00 |
|
Miroslav Stampar
|
deae534ee7
|
minor refactoring
|
2011-05-10 20:44:36 +00:00 |
|
Bernardo Damele
|
8179fd63c0
|
Minor fix
|
2011-05-07 23:48:03 +00:00 |
|
Bernardo Damele
|
1151af52bb
|
More fix for save/resume of --technique
|
2011-05-07 21:08:14 +00:00 |
|
Bernardo Damele
|
2d8408c885
|
More fix for --technique resume
|
2011-05-05 16:38:46 +00:00 |
|
Bernardo Damele
|
955dbc85e7
|
Minor variable rename
|
2011-04-30 15:29:59 +00:00 |
|
Bernardo Damele
|
f56d135438
|
Minor code restyling
|
2011-04-30 13:20:05 +00:00 |
|
Miroslav Stampar
|
7b3b9e6a87
|
it seems that this was indeed not meant to be here
|
2011-04-22 15:07:09 +00:00 |
|
Bernardo Damele
|
eabb5a2ba7
|
More adjustments to the error message when no sql injections are detected
|
2011-04-21 22:04:20 +00:00 |
|
Bernardo Damele
|
6d07dddf60
|
updated doc and minor layout adjustments
|
2011-04-21 21:53:35 +00:00 |
|
Bernardo Damele
|
770b1523ff
|
More verbose output when no SQL injections are detected
|
2011-04-21 21:31:16 +00:00 |
|
Bernardo Damele
|
edc2d75702
|
Cosmetics and major bug fix
|
2011-04-21 21:15:23 +00:00 |
|
Miroslav Stampar
|
0387654166
|
update of copyright string (until year)
|
2011-04-15 12:33:18 +00:00 |
|
Miroslav Stampar
|
21114d1748
|
added IGNORE_PARAMETERS to skip testing of state/session web server parameters
|
2011-04-13 19:01:02 +00:00 |
|
Miroslav Stampar
|
2db2e9b6a2
|
now GET forms are also prone to "do you want to fill with random values"
|
2011-04-11 11:38:41 +00:00 |
|
Bernardo Damele
|
5b21352656
|
cosmeticados ;)
|
2011-04-08 10:39:07 +00:00 |
|
Bernardo Damele
|
05d12790f1
|
closes #219 - unhidden switch --technique and adapted code accordingly (renamed conf.technique to conf.tech to fit properly in the -h help message)
|
2011-04-06 14:41:44 +00:00 |
|
Miroslav Stampar
|
bbd4c128b0
|
minor update related to the last commit
|
2011-04-01 22:19:42 +00:00 |
|
Miroslav Stampar
|
4d78eac938
|
revert of that thingy as requested by Bernardo
|
2011-03-29 10:06:35 +00:00 |
|
Miroslav Stampar
|
e8debbe724
|
minor cosmetics and one minor fix (|= is a nono with None)
|
2011-03-29 06:38:19 +00:00 |
|
Miroslav Stampar
|
86f93713d3
|
fix for a bug reported by m4l1c3 (object of type 'NoneType' has no len()) and minor update
|
2011-03-29 06:25:17 +00:00 |
|
Miroslav Stampar
|
bf0e3c4662
|
improvement for --forms with empty fields
|
2011-03-28 22:48:00 +00:00 |
|
Miroslav Stampar
|
1e22ff45de
|
minor update regarding testing of GET parameters if --data and/or --forms is used
|
2011-03-28 16:14:08 +00:00 |
|
Miroslav Stampar
|
bd75fd26e9
|
implementing a --page-rank switch as requested by l0rda@l0rda.biz
|
2011-03-23 11:57:57 +00:00 |
|
Miroslav Stampar
|
8edc3b3302
|
further update regarding last commit
|
2011-03-03 10:39:04 +00:00 |
|
Miroslav Stampar
|
50d25c3b4d
|
update regarding explicit testing of ua and referer when using -p
|
2011-02-13 21:58:48 +00:00 |
|
Bernardo Damele
|
45a005737d
|
Minor adjustment so that User-Agent and Referer headers are tests only when --level >= 3 and Cookie is tested only when --level >= 2
|
2011-02-13 21:08:42 +00:00 |
|
Miroslav Stampar
|
b56a77e573
|
removing obsolete switches (--threshold, --excl-reg, --excl-str)
|
2011-02-03 15:55:19 +00:00 |
|
Bernardo Damele
|
6761933f75
|
Just.. cosmetics ;)
|
2011-01-31 22:51:14 +00:00 |
|
Miroslav Stampar
|
fa58a9c86b
|
update (now URIs like www.site.com/id82 are automatically treated as possible URI injectable)
|
2011-01-31 20:36:01 +00:00 |
|