Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							651349e229 
							
						 
					 
					
						
						
							
							More verbose critical message  
						
						
						
					 
					
						2011-07-08 13:12:53 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c517e97a44 
							
						 
					 
					
						
						
							
							few fixes and minor cosmetics  
						
						
						
					 
					
						2011-07-08 06:02:31 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							aedcf8c8d7 
							
						 
					 
					
						
						
							
							Changed homepage address  
						
						
						
					 
					
						2011-07-07 20:10:03 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							23b4efdcaf 
							
						 
					 
					
						
						
							
							Revamp of tamper scripts, now supporting dependencies() function as well. Improved a lot the docstring and retested all. Added a new one from Ahmad too.  
						
						
						
					 
					
						2011-07-06 21:04:45 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							93b296e02c 
							
						 
					 
					
						
						
							
							few bug fixes (NTLM credential parsing was wrong), some switch reordering (few Misc to General), implemented --check-waf switch (irony is that this will also be called highly experimental/unstable while other things will be called "major/turbo/super bug fix/implementation")  
						
						
						
					 
					
						2011-07-06 05:44:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b8ffcf9495 
							
						 
					 
					
						
						
							
							few fixes here and there and multi-core processing for dictionary based hash attack  
						
						
						
					 
					
						2011-07-04 19:58:41 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							36c96ef796 
							
						 
					 
					
						
						
							
							Added DB2 support - patch provided by Sebastian Bittig  
						
						
						
					 
					
						2011-06-25 09:44:24 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							aa83fe5c66 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-06-24 18:19:33 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							96190cf594 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-06-24 17:15:15 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							eaa2a4202f 
							
						 
					 
					
						
						
							
							changing to: --crawl=CRAWLDEPTH  
						
						
						
					 
					
						2011-06-24 05:40:03 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5190440ea2 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2011-06-22 15:36:59 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							97d8729d71 
							
						 
					 
					
						
						
							
							probable fix for a bug reported by m4l1c3 (RuntimeError: maximum recursion depth exceeded)  
						
						
						
					 
					
						2011-06-22 15:28:49 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							84bc8c3a37 
							
						 
					 
					
						
						
							
							update  
						
						
						
					 
					
						2011-06-22 14:39:31 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							938db1b513 
							
						 
					 
					
						
						
							
							replacing xmlobject logic with our own  
						
						
						
					 
					
						2011-06-22 14:33:52 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f09340fc89 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-06-20 12:40:14 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4d1fa5596b 
							
						 
					 
					
						
						
							
							added support for --scope in --crawl mode  
						
						
						
					 
					
						2011-06-20 12:37:51 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b1426b5131 
							
						 
					 
					
						
						
							
							bug fix  
						
						
						
					 
					
						2011-06-20 12:11:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							cda39ca350 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-06-20 11:46:23 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							07e2c72943 
							
						 
					 
					
						
						
							
							adding Beautifulsoup (BSD) into extras; adding --crawl to options  
						
						
						
					 
					
						2011-06-20 11:32:30 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							cd07139919 
							
						 
					 
					
						
						
							
							Layout adjustments  
						
						
						
					 
					
						2011-06-18 11:58:14 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							905fef0eae 
							
						 
					 
					
						
						
							
							now user can explicitly state number of UNION affected columns via --union-cols (e.g. --union-cols=5)  
						
						
						
					 
					
						2011-06-18 10:51:14 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f3ee2c09fb 
							
						 
					 
					
						
						
							
							cleaner fix  
						
						
						
					 
					
						2011-06-17 15:32:23 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							bb987ec98f 
							
						 
					 
					
						
						
							
							fix for DNS leakage  
						
						
						
					 
					
						2011-06-17 15:23:58 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6f681b45ad 
							
						 
					 
					
						
						
							
							cleaning up a bit for a configuration mess  
						
						
						
					 
					
						2011-06-16 11:42:13 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							63d98d8ce6 
							
						 
					 
					
						
						
							
							fix for a bug reported by rdsears@mtu.edu (ignored config file items)  
						
						
						
					 
					
						2011-06-16 08:08:49 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4d51fa8155 
							
						 
					 
					
						
						
							
							minor update planned for a long time (in case of heuristic test was positive warn the user properly at the end if program fails)  
						
						
						
					 
					
						2011-06-15 17:37:28 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d55a242908 
							
						 
					 
					
						
						
							
							minor improvement. messages are now warnings (not errors because lots of them are not causing problems for a normal usage) and most of all it's being checked only if the --dependencies is used (until now this switch has been ignored and turned on by default - always)  
						
						
						
					 
					
						2011-06-14 19:38:35 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8978fded03 
							
						 
					 
					
						
						
							
							typo fix  
						
						
						
					 
					
						2011-06-13 19:00:27 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							7152a1ed3b 
							
						 
					 
					
						
						
							
							Added --dependences to show which sqlmap dependences are not available  
						
						
						
					 
					
						2011-06-13 18:44:02 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							9331abb96f 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-06-11 08:33:36 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							9202fedf7b 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2011-06-09 08:14:54 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							0d8d6a4ace 
							
						 
					 
					
						
						
							
							Cosmetics  
						
						
						
					 
					
						2011-06-08 16:08:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4eeeb3655e 
							
						 
					 
					
						
						
							
							asking and skipping to the next google result page if no usable links found  
						
						
						
					 
					
						2011-06-07 23:24:17 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7a3cc38e3c 
							
						 
					 
					
						
						
							
							refactoring and stabilization of multithreading  
						
						
						
					 
					
						2011-06-07 09:50:00 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8aa5625cd0 
							
						 
					 
					
						
						
							
							proper fix related to the last commit  
						
						
						
					 
					
						2011-06-01 23:00:18 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							20988e58ed 
							
						 
					 
					
						
						
							
							warp 5 mr spock :)  
						
						
						
					 
					
						2011-05-30 09:46:32 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							86455ceb9c 
							
						 
					 
					
						
						
							
							implementation of multithreading for UNION and ERROR techniques  
						
						
						
					 
					
						2011-05-29 23:17:50 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c11ea35d53 
							
						 
					 
					
						
						
							
							adding some user input for "refreshing" cases (like redirect ones)  
						
						
						
					 
					
						2011-05-27 22:42:23 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4f46a5ab63 
							
						 
					 
					
						
						
							
							minor usability enhancement regarding warning for --text-only switch  
						
						
						
					 
					
						2011-05-26 20:48:18 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ff030e4d24 
							
						 
					 
					
						
						
							
							minor cleanup of the leftover  
						
						
						
					 
					
						2011-05-26 17:37:24 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b6fe5b12a4 
							
						 
					 
					
						
						
							
							adding --schema to the wizard/Basic as it looks like a cool thingy to put there  
						
						
						
					 
					
						2011-05-26 14:30:05 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2f456bee75 
							
						 
					 
					
						
						
							
							minor beautification  
						
						
						
					 
					
						2011-05-25 08:14:39 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8b7a3c5a6b 
							
						 
					 
					
						
						
							
							making it easier for totally dummy users  
						
						
						
					 
					
						2011-05-24 17:24:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							bec2c04671 
							
						 
					 
					
						
						
							
							helping dummy users  
						
						
						
					 
					
						2011-05-24 17:15:25 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f774d8fea0 
							
						 
					 
					
						
						
							
							proper Tor settings (reverted r3915 and implemented it the right way)  
						
						
						
					 
					
						2011-05-24 11:06:58 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a536bf210f 
							
						 
					 
					
						
						
							
							improved redirection mechanism  
						
						
						
					 
					
						2011-05-23 23:20:03 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2ea613b170 
							
						 
					 
					
						
						
							
							type correction and adding global flag kb.ignoreTimeout which could be useful  
						
						
						
					 
					
						2011-05-22 08:24:13 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							25fff8c135 
							
						 
					 
					
						
						
							
							changes in handling --tor (using SOCKS instead of HTTP for handling Tor - more standard way; doesn't require proxy bundle; fixes problems with default proxy ports on Win/Linux)  
						
						
						
					 
					
						2011-05-21 11:46:57 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							9832fc42d4 
							
						 
					 
					
						
						
							
							minor improvement for --tamper (now standard tamper scripts can be used like --tamper=randomcase)  
						
						
						
					 
					
						2011-05-18 21:47:40 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3048e9f710 
							
						 
					 
					
						
						
							
							minor refactoring  
						
						
						
					 
					
						2011-05-17 23:03:31 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							cc07e5dc97 
							
						 
					 
					
						
						
							
							added --charset option to force charset encoding of the retrieved data (e.g. when the backend collation is different than the current web page charset) as requested by devon.mitchell1988@yahoo.com  
						
						
						
					 
					
						2011-05-17 22:55:22 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							faa74cd2bc 
							
						 
					 
					
						
						
							
							introducing results file for multiple target mode  
						
						
						
					 
					
						2011-05-15 22:21:38 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a7d7be5ce0 
							
						 
					 
					
						
						
							
							bug fix ('Host' header was being set to the conf.hostname for all getPages causing problems in some cases when retrieved page was not coming from that same Host)  
						
						
						
					 
					
						2011-05-13 01:01:53 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0b2da2f9f5 
							
						 
					 
					
						
						
							
							minor beautification for --tor switch  
						
						
						
					 
					
						2011-05-12 05:46:17 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e05a9c0554 
							
						 
					 
					
						
						
							
							i was probably very tired or very stupid to do this  
						
						
						
					 
					
						2011-05-11 13:13:46 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							53065ee1fb 
							
						 
					 
					
						
						
							
							adding ordered set for kb.targetUrls (now the order of appereance in multiple targets mode will be respected)  
						
						
						
					 
					
						2011-05-11 08:55:48 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5ee07b90b9 
							
						 
					 
					
						
						
							
							added -m switch for bulk loading multiple targets  
						
						
						
					 
					
						2011-05-11 08:46:40 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							192c685bc8 
							
						 
					 
					
						
						
							
							changing conf attribute to a more proper name  
						
						
						
					 
					
						2011-05-10 20:48:34 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							deae534ee7 
							
						 
					 
					
						
						
							
							minor refactoring  
						
						
						
					 
					
						2011-05-10 20:44:36 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							97bc816aeb 
							
						 
					 
					
						
						
							
							layout  
						
						
						
					 
					
						2011-05-10 16:24:09 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							3a8309c4b0 
							
						 
					 
					
						
						
							
							Major bug fix to detect UNION query technique and various improvements to parsing and using of --union-char and --union-cols switches  
						
						
						
					 
					
						2011-05-10 15:34:54 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							707edc7b1a 
							
						 
					 
					
						
						
							
							fix for a bug (previously --dbms="mysql 4" was ignored and abruptly terminated while the mechanism was here all along)  
						
						
						
					 
					
						2011-05-10 13:28:07 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a64407d9db 
							
						 
					 
					
						
						
							
							minor bug fix for multithreading and lots of connection retries  
						
						
						
					 
					
						2011-05-10 12:40:01 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							6653907700 
							
						 
					 
					
						
						
							
							forgot in last commit  
						
						
						
					 
					
						2011-05-07 21:13:56 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							aae140080e 
							
						 
					 
					
						
						
							
							SVN roll back, DB2 patch will be recommitted after testing:  
						
						... 
						
						
						
						$ svn merge https://svn.sqlmap.org/sqlmap/trunk/sqlmap@HEAD  https://svn.sqlmap.org/sqlmap/trunk/sqlmap@3847  . 
						
					 
					
						2011-05-06 10:27:43 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6e392b6054 
							
						 
					 
					
						
						
							
							applying contributed patch for DB2  
						
						
						
					 
					
						2011-05-06 09:30:39 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5e9620198c 
							
						 
					 
					
						
						
							
							fix for a privately reported bug ("AttributeError: item is disabled")  
						
						
						
					 
					
						2011-05-02 18:18:04 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							93dee30895 
							
						 
					 
					
						
						
							
							better fix for the previous commit  
						
						
						
					 
					
						2011-05-02 13:34:55 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							20ad1c1f2f 
							
						 
					 
					
						
						
							
							minor update to not confuse users when using -o  
						
						
						
					 
					
						2011-05-02 13:24:35 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							955dbc85e7 
							
						 
					 
					
						
						
							
							Minor variable rename  
						
						
						
					 
					
						2011-04-30 15:29:59 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							f56d135438 
							
						 
					 
					
						
						
							
							Minor code restyling  
						
						
						
					 
					
						2011-04-30 13:20:05 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							983546d6bf 
							
						 
					 
					
						
						
							
							proper fix  
						
						
						
					 
					
						2011-04-30 07:01:21 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							956e75e2b5 
							
						 
					 
					
						
						
							
							Minor adjustment to --mobile.  
						
						... 
						
						
						
						Bug fix to --random-agent. 
						
					 
					
						2011-04-29 21:50:48 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							11124b21f9 
							
						 
					 
					
						
						
							
							implemented --mobile switch  
						
						
						
					 
					
						2011-04-29 19:27:23 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							e35f25b2cb 
							
						 
					 
					
						
						
							
							Major recode of --os-pwn functionality. Now the Metasploit shellcode can not be run as a Metasploit generated payload stager anymore. Instead it can be run on the target system either via sys_bineval() (as it was before, anti-forensics mode, all the same) or via shellcodeexec executable. Advantages are that:  
						
						... 
						
						
						
						* It is stealthier as the shellcode itself does not touch the filesystem, it's an argument passed to shellcodeexec at runtime.
* shellcodeexec is not (yet) recognized as malicious by any (Avast excluded) AV product.
* shellcodeexec binary size is significantly smaller than a Metasploit payload stager (even when packed with UPX).
* UPX now is not needed anymore, so sqlmap package is also way smaller and less likely to be detected itself as malicious by your AV software.
shellcodeexec source code, compilation files and binaries are in extra/shellcodeexec/ folder now - copied over from https://github.com/inquisb/shellcodeexec .
Minor code refactoring. 
						
					 
					
						2011-04-24 23:01:21 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							d0dff82ce0 
							
						 
					 
					
						
						
							
							Minor code refactoring relating set/get back-end DBMS operating system and minor bug fix to properly enforce OS value with --os switch  
						
						
						
					 
					
						2011-04-23 16:25:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f88aa4b165 
							
						 
					 
					
						
						
							
							implemented suppressResumeInfo mechanism (huge slowdown on large tables)  
						
						
						
					 
					
						2011-04-22 19:58:10 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							b667c50588 
							
						 
					 
					
						
						
							
							store/resume info on xp_cmd available in session file  
						
						
						
					 
					
						2011-04-21 14:25:04 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							11ecd16099 
							
						 
					 
					
						
						
							
							cosmetics  
						
						
						
					 
					
						2011-04-21 10:08:38 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3b133303bf 
							
						 
					 
					
						
						
							
							refactoring  
						
						
						
					 
					
						2011-04-19 22:54:13 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							44bbef42f8 
							
						 
					 
					
						
						
							
							minor cosmetics  
						
						
						
					 
					
						2011-04-19 20:23:08 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a7c26366b4 
							
						 
					 
					
						
						
							
							doing that auto default value for --time-sec only for --tor  
						
						
						
					 
					
						2011-04-19 08:43:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4d48ac54dc 
							
						 
					 
					
						
						
							
							automatically increasing default --time-sec value when --tor/--proxy used (not touching anything if explicit --time-sec set)  
						
						
						
					 
					
						2011-04-19 08:34:21 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b79d4f70f3 
							
						 
					 
					
						
						
							
							cleaner solution for the problem solved with last commit  
						
						
						
					 
					
						2011-04-18 14:51:48 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f5cff067c6 
							
						 
					 
					
						
						
							
							little hack for --time-sec  
						
						
						
					 
					
						2011-04-18 14:46:18 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							354a2ce249 
							
						 
					 
					
						
						
							
							'chardet' heuristic engine added to the project  
						
						
						
					 
					
						2011-04-18 13:38:46 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							76d1f09b0a 
							
						 
					 
					
						
						
							
							minor cosmetics  
						
						
						
					 
					
						2011-04-17 22:25:25 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c7ff5dcbeb 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-04-17 08:48:13 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ee88ccf0ac 
							
						 
					 
					
						
						
							
							well, this could be important :)  
						
						
						
					 
					
						2011-04-17 08:33:46 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0387654166 
							
						 
					 
					
						
						
							
							update of copyright string (until year)  
						
						
						
					 
					
						2011-04-15 12:33:18 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8c6f7c7d5f 
							
						 
					 
					
						
						
							
							explicit usage of --time-sec will implicitly turn off auto-adjustment of time delay  
						
						
						
					 
					
						2011-04-15 08:52:53 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8426d48e2e 
							
						 
					 
					
						
						
							
							minor refactoring  
						
						
						
					 
					
						2011-04-14 10:14:46 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							930262f573 
							
						 
					 
					
						
						
							
							minor update related to the last commit  
						
						
						
					 
					
						2011-04-14 10:12:07 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1c5427baf8 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2011-04-14 09:54:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							940c225d7c 
							
						 
					 
					
						
						
							
							few fixes  
						
						
						
					 
					
						2011-04-10 20:53:27 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							d324704844 
							
						 
					 
					
						
						
							
							Removed unused code  
						
						
						
					 
					
						2011-04-10 20:39:15 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c4c40308c6 
							
						 
					 
					
						
						
							
							no more annoying "no metasploit found" for case when msfpath provided with root directory of Metasploit (not the bin one)  
						
						
						
					 
					
						2011-04-08 22:42:07 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							228cc68747 
							
						 
					 
					
						
						
							
							fix for those ugly DEBUG messages in brute mode  
						
						
						
					 
					
						2011-04-08 11:02:21 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b288e5ef57 
							
						 
					 
					
						
						
							
							implemented DNS caching mechanism  
						
						
						
					 
					
						2011-04-07 21:39:18 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ae4ea0af45 
							
						 
					 
					
						
						
							
							fix for a bug reported by m4l1c3 (AttributeError: 'NoneType' object has no attribute 'replace')  
						
						
						
					 
					
						2011-04-07 13:57:07 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6a8a5db9aa 
							
						 
					 
					
						
						
							
							minor code restyling  
						
						
						
					 
					
						2011-04-07 13:27:29 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							9e8c933333 
							
						 
					 
					
						
						
							
							cosmetics  
						
						
						
					 
					
						2011-04-07 10:40:58 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							68828d68a5 
							
						 
					 
					
						
						
							
							removed integers from --technique  
						
						
						
					 
					
						2011-04-07 10:37:48 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fced81b6be 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-04-07 10:32:39 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							845533e92f 
							
						 
					 
					
						
						
							
							minor refactoring  
						
						
						
					 
					
						2011-04-07 10:27:22 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							1880f18367 
							
						 
					 
					
						
						
							
							Minor layout adjustments  
						
						
						
					 
					
						2011-04-07 10:07:52 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							17844eb87c 
							
						 
					 
					
						
						
							
							Refactoring to --technique  
						
						
						
					 
					
						2011-04-07 10:00:47 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							05d12790f1 
							
						 
					 
					
						
						
							
							closes   #219  - unhidden switch --technique and adapted code accordingly (renamed conf.technique to conf.tech to fit properly in the -h help message)  
						
						
						
					 
					
						2011-04-06 14:41:44 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a379463213 
							
						 
					 
					
						
						
							
							cosmeticado  
						
						
						
					 
					
						2011-04-06 08:40:06 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b327bbcd9b 
							
						 
					 
					
						
						
							
							minor fix (it was quite ... to have this check at the later stage)  
						
						
						
					 
					
						2011-04-06 08:39:24 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							81034140c0 
							
						 
					 
					
						
						
							
							Reduced number of threads to 3 when -o is provided  
						
						
						
					 
					
						2011-04-06 08:15:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2c01fc56e6 
							
						 
					 
					
						
						
							
							minor update regarding misusage of --proxy and --ignore-proxy switches  
						
						
						
					 
					
						2011-04-04 09:19:43 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							bbd4c128b0 
							
						 
					 
					
						
						
							
							minor update related to the last commit  
						
						
						
					 
					
						2011-04-01 22:19:42 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							cd7e4f5afc 
							
						 
					 
					
						
						
							
							improvement for lots of multiple-selection forms (now by default the first one is selected - till now it was left unchecked which lead to blank get/post data for the whole form)  
						
						
						
					 
					
						2011-04-01 22:12:24 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							eb99f68a7a 
							
						 
					 
					
						
						
							
							Minor improvement to --wizard. This does not mean I like the kiddie feature though ;)  
						
						
						
					 
					
						2011-04-01 14:55:39 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							de4e0c7346 
							
						 
					 
					
						
						
							
							minor update related to the problem with request files reported by jorge_a_santos@hotmail.com  
						
						
						
					 
					
						2011-04-01 12:09:11 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b6af80bab3 
							
						 
					 
					
						
						
							
							refactoring, cleanup and improvement  
						
						
						
					 
					
						2011-03-29 21:54:15 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							adfbfef8c1 
							
						 
					 
					
						
						
							
							minor refactoring  
						
						
						
					 
					
						2011-03-29 21:01:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d0861a00e2 
							
						 
					 
					
						
						
							
							minor improvement  
						
						
						
					 
					
						2011-03-29 15:37:57 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5560196648 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2011-03-29 11:50:12 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e20d460809 
							
						 
					 
					
						
						
							
							Bernardo will kill me (added --wizard for total beginners)  
						
						
						
					 
					
						2011-03-29 11:42:55 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							47924fb92e 
							
						 
					 
					
						
						
							
							fix for a bug reported by malice.anon@gmail.com (AttributeError: 'unicode' object has no attribute 'geturl')  
						
						
						
					 
					
						2011-03-27 13:41:54 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							76b7e3517d 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-03-27 07:58:15 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c5b6d377fb 
							
						 
					 
					
						
						
							
							fix for a bug reported by Kirill Morozov (we haven't expected mixed case/copied results in partial union pages)  
						
						
						
					 
					
						2011-03-25 12:14:19 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2b15ad57c2 
							
						 
					 
					
						
						
							
							basic live tests against 3 major DBMSes  
						
						
						
					 
					
						2011-03-24 11:47:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0bb08d09d2 
							
						 
					 
					
						
						
							
							fix for a bug reported by Kirill (value is None in attack table phase) and minor fix for loading request file  
						
						
						
					 
					
						2011-03-24 08:43:40 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b5c9ccb755 
							
						 
					 
					
						
						
							
							Oracle XML based error payload has problems with char $ as with space  
						
						
						
					 
					
						2011-03-21 13:13:12 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2cc91b8470 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2011-03-19 17:44:34 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7c2b3afafb 
							
						 
					 
					
						
						
							
							minor fix (-r required Content-Length which is a part of Burp log and as we share the parsing logic this was a headache for -r)  
						
						
						
					 
					
						2011-03-19 17:37:26 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							139448eeb9 
							
						 
					 
					
						
						
							
							little stabilization regarding POST url(de/en)coding  
						
						
						
					 
					
						2011-03-19 16:53:14 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							00b9d85ffc 
							
						 
					 
					
						
						
							
							fix regarding bug report from andyroyalbattle@yahoo.it  
						
						
						
					 
					
						2011-03-18 16:26:39 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							75c0e09f43 
							
						 
					 
					
						
						
							
							little refactoring  
						
						
						
					 
					
						2011-03-18 13:46:51 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c301b245a9 
							
						 
					 
					
						
						
							
							adding default value for referer in case --referer was not defined and --level>=3 used (so it could be tested with default value)  
						
						
						
					 
					
						2011-03-18 13:39:51 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							f00aff5303 
							
						 
					 
					
						
						
							
							-v 0 shows both error, critical and raw_input messages  
						
						
						
					 
					
						2011-03-11 22:02:38 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8edc3b3302 
							
						 
					 
					
						
						
							
							further update regarding last commit  
						
						
						
					 
					
						2011-03-03 10:39:04 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							bc50387a17 
							
						 
					 
					
						
						
							
							possible fix for a bug reported by Black Zero (UnicodeDecodeError for --forms)  
						
						
						
					 
					
						2011-03-03 09:42:50 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							38dc82e13e 
							
						 
					 
					
						
						
							
							If no Accept header field is present, then it is assumed that the client accepts all media types.  
						
						
						
					 
					
						2011-02-22 22:26:22 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d05bd75068 
							
						 
					 
					
						
						
							
							adding experimental for --group-concat  
						
						
						
					 
					
						2011-02-22 14:35:38 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8e60acae5d 
							
						 
					 
					
						
						
							
							Added support for --scope also in WebScarab logs (-l)  
						
						
						
					 
					
						2011-02-19 21:03:55 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							df58bcaf95 
							
						 
					 
					
						
						
							
							minor improvement  
						
						
						
					 
					
						2011-02-18 14:27:02 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							22cd49a217 
							
						 
					 
					
						
						
							
							--technique can now be something like 123 which includes both techniques 1, 2 and 3  
						
						
						
					 
					
						2011-02-17 21:39:16 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							199f14df46 
							
						 
					 
					
						
						
							
							implementation of MySQL GROUP_CONCAT technique  
						
						
						
					 
					
						2011-02-15 00:28:27 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							9f7d666451 
							
						 
					 
					
						
						
							
							removing --method per request of buawig  
						
						
						
					 
					
						2011-02-12 19:50:27 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4295a78c5f 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-02-10 19:51:34 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b56a77e573 
							
						 
					 
					
						
						
							
							removing obsolete switches (--threshold, --excl-reg, --excl-str)  
						
						
						
					 
					
						2011-02-03 15:55:19 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5f49e20cc8 
							
						 
					 
					
						
						
							
							adding --random-agent and removing -a  
						
						
						
					 
					
						2011-02-02 14:51:12 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e73a147fb5 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-02-02 11:49:59 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							99aa38b58f 
							
						 
					 
					
						
						
							
							minor refactoring  
						
						
						
					 
					
						2011-02-02 10:10:28 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							23c95107ed 
							
						 
					 
					
						
						
							
							we must do this because people tend to use ignorantly huge number threads resulting in lots of CRITICAL (timeout) connection messages (also, avoiding DoS)  
						
						
						
					 
					
						2011-02-02 09:24:37 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							ec9ebb3479 
							
						 
					 
					
						
						
							
							Set threads to 4 when optimization switch is provided, -o  
						
						
						
					 
					
						2011-01-31 21:21:13 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ddf23ba7cc 
							
						 
					 
					
						
						
							
							refactoring  
						
						
						
					 
					
						2011-01-30 11:36:03 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							367d0639f0 
							
						 
					 
					
						
						
							
							refactoring (class names should always be Capital cased)  
						
						
						
					 
					
						2011-01-28 16:36:09 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							e1db2700f0 
							
						 
					 
					
						
						
							
							Minor bug fix to properly deal --prefix and --suffix and parameter replace payloads  
						
						
						
					 
					
						2011-01-24 12:25:45 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4441e11f68 
							
						 
					 
					
						
						
							
							fix for case -r with no params and cookie available  
						
						
						
					 
					
						2011-01-24 11:26:51 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							4128b2c87f 
							
						 
					 
					
						
						
							
							Enforce that when --prefix is provided, --suffix is too and viceversa.  
						
						
						
					 
					
						2011-01-20 21:57:54 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ad12242151 
							
						 
					 
					
						
						
							
							LoL (removing those checks because we use same "logic" for parsing Burp log files and request files)  
						
						
						
					 
					
						2011-01-20 16:27:59 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e8c037de1a 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-20 16:17:38 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4e5f0da1ae 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-20 16:07:08 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2fa066f892 
							
						 
					 
					
						
						
							
							added support for WebScarab logs  
						
						
						
					 
					
						2011-01-20 15:55:50 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f6f4b5e9dd 
							
						 
					 
					
						
						
							
							bug fix for charset used in inference for pages retrieved with --null-connection  
						
						
						
					 
					
						2011-01-20 11:01:01 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							bade0e3124 
							
						 
					 
					
						
						
							
							Major code refactoring - centralized all kb.dbms* info for both retrieval and set.  
						
						
						
					 
					
						2011-01-19 23:06:15 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c106dc829a 
							
						 
					 
					
						
						
							
							more proper way to deal with this because without it warn message is just fast scrolled while leaving users confused (why it doesn't run)  
						
						
						
					 
					
						2011-01-19 22:08:56 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							47565f9459 
							
						 
					 
					
						
						
							
							Minor code refactoring  
						
						
						
					 
					
						2011-01-17 21:13:59 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							30d6791968 
							
						 
					 
					
						
						
							
							update regarding time based data retrieval  
						
						
						
					 
					
						2011-01-16 17:52:42 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							71391874eb 
							
						 
					 
					
						
						
							
							slightly faster and thread safer inference  
						
						
						
					 
					
						2011-01-16 10:52:42 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fb9d7cdfaa 
							
						 
					 
					
						
						
							
							refactoring, code clearing and removal of obsolete switch --longest-common  
						
						
						
					 
					
						2011-01-14 14:37:03 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							3c95d71ea5 
							
						 
					 
					
						
						
							
							Minor bug fix - restored of so called kb.misc.testedDbms (now kb.misc.fpDbms) to force the DBMS (only) during the fingerprint phase  
						
						
						
					 
					
						2011-01-14 11:55:20 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							2ac8debea0 
							
						 
					 
					
						
						
							
							Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS.  
						
						... 
						
						
						
						Minor bug fixes thanks to previous refactoring too. 
						
					 
					
						2011-01-13 17:36:54 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							af9725214a 
							
						 
					 
					
						
						
							
							Properly deal with partial (single entry) UNION injections.  
						
						... 
						
						
						
						Got rid of kb.union*, now it's all stored/used from kb.injection.
Minor bug fix with where=2 detection phase. 
						
					 
					
						2011-01-12 12:01:32 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8a67aea754 
							
						 
					 
					
						
						
							
							One more step to fully working UNION exploitation after merge into detection phase  
						
						
						
					 
					
						2011-01-12 01:13:32 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							5c7c3c76c3 
							
						 
					 
					
						
						
							
							Fixed previous bug in getErrorParsedDBMSes() call in detection phase.  
						
						... 
						
						
						
						Added minor support to escape quotes in UNION payloads during detection phase. 
						
					 
					
						2011-01-11 23:47:32 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							06230e4d92 
							
						 
					 
					
						
						
							
							Minor code refactoring and cosmetics  
						
						
						
					 
					
						2011-01-11 21:46:21 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							394b6bc029 
							
						 
					 
					
						
						
							
							reverting some changes  
						
						
						
					 
					
						2011-01-11 12:11:33 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							690281dce1 
							
						 
					 
					
						
						
							
							didn't know this to be honest  
						
						
						
					 
					
						2011-01-11 10:17:22 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							77b51dae57 
							
						 
					 
					
						
						
							
							adding openFile method with an exception block around file opening part  
						
						
						
					 
					
						2011-01-08 09:30:10 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c17714c423 
							
						 
					 
					
						
						
							
							suppress session in case of brute methods  
						
						
						
					 
					
						2011-01-07 16:47:46 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b313a20a3f 
							
						 
					 
					
						
						
							
							some fixes  
						
						
						
					 
					
						2011-01-07 16:39:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a8d660db54 
							
						 
					 
					
						
						
							
							fixes for bugs reported by pragmatk@gmail.com  
						
						
						
					 
					
						2011-01-06 16:59:58 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0eabca9fd4 
							
						 
					 
					
						
						
							
							update for a previous update (putting conf.dataEncoding in getUnicode wherever we know that data won't be 'touched' or 'used' in anyway related to the current web page - if not sure, just leave it as it is)  
						
						
						
					 
					
						2011-01-03 22:31:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							08ccbf2c1e 
							
						 
					 
					
						
						
							
							important fix for a bug reported by x <deep_freeze@mail.ru> (along with normal fixes, getUnicode now uses kb.pageEncoding)  
						
						
						
					 
					
						2011-01-03 22:02:58 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							da138c46c1 
							
						 
					 
					
						
						
							
							added support for displaying HTTP error codes (particularly interesting ones are 403 and 406 which screw up data retrieval and DBMS fingerprinting badly)  
						
						
						
					 
					
						2011-01-02 07:37:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							212035e64d 
							
						 
					 
					
						
						
							
							user can now choose if he wants to skip non-heuristic based DBMS tests  
						
						
						
					 
					
						2011-01-01 23:38:11 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							9fb0e0fc85 
							
						 
					 
					
						
						
							
							resume of brute forced data is now available  
						
						
						
					 
					
						2010-12-27 14:17:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							51a492e17d 
							
						 
					 
					
						
						
							
							pretty important commit (now dumped tables are prone to dictionary attack)  
						
						
						
					 
					
						2010-12-27 10:56:28 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							269d6bde24 
							
						 
					 
					
						
						
							
							this one is pretty complicated (authentication handler tries to call keep alive module, while keep alive module tries to call authentication handler, leading to an infinite recursion)  
						
						
						
					 
					
						2010-12-27 00:14:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							562a6440d1 
							
						 
					 
					
						
						
							
							fix for a bug reported by nightman (same as  http://bugs.python.org/issue8797 )  
						
						
						
					 
					
						2010-12-26 09:33:04 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2c23a59ba5 
							
						 
					 
					
						
						
							
							fix for one of those more complex bugs (comparison was returning None while original page and/or page template were already had already DBMS error inside)  
						
						
						
					 
					
						2010-12-24 12:13:48 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							aab14fa2d3 
							
						 
					 
					
						
						
							
							minor refactoring/cosmetics  
						
						
						
					 
					
						2010-12-24 11:06:57 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d9f08e4aa3 
							
						 
					 
					
						
						
							
							randomization of user agents  
						
						
						
					 
					
						2010-12-24 10:04:27 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							017ea9e686 
							
						 
					 
					
						
						
							
							update  
						
						
						
					 
					
						2010-12-23 14:06:22 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							73f33c1999 
							
						 
					 
					
						
						
							
							bug fix of re-introduced bug (in multiple target mode sites with similar URI weren't skipped)  
						
						
						
					 
					
						2010-12-23 11:28:13 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d974a966b8 
							
						 
					 
					
						
						
							
							minor fix for end phase (Ctrl+C)  
						
						
						
					 
					
						2010-12-21 23:55:55 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fb75d0636b 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-21 23:42:59 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							385e208f38 
							
						 
					 
					
						
						
							
							code refactoring regarding standard output suppression and some threading issues  
						
						
						
					 
					
						2010-12-21 14:21:24 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8fd3e7ba1f 
							
						 
					 
					
						
						
							
							thread based data added  
						
						
						
					 
					
						2010-12-20 22:45:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5852bad963 
							
						 
					 
					
						
						
							
							some refactoring  
						
						
						
					 
					
						2010-12-20 18:56:06 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							19d8733e9a 
							
						 
					 
					
						
						
							
							this is strictly for educational purposes  
						
						
						
					 
					
						2010-12-20 17:30:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							13d5b2c0ff 
							
						 
					 
					
						
						
							
							code refactoring  
						
						
						
					 
					
						2010-12-20 09:44:21 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							36862e2efa 
							
						 
					 
					
						
						
							
							update  
						
						
						
					 
					
						2010-12-18 15:57:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e355f92f22 
							
						 
					 
					
						
						
							
							bug fix  
						
						
						
					 
					
						2010-12-18 10:02:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fe67d3827c 
							
						 
					 
					
						
						
							
							code refactoring and some fixes  
						
						
						
					 
					
						2010-12-18 09:51:34 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a19cb2c13a 
							
						 
					 
					
						
						
							
							code refactoring (added UNKNOWN_DBMS_VERSION instead of "Unknown")  
						
						
						
					 
					
						2010-12-17 21:29:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							de54219571 
							
						 
					 
					
						
						
							
							code refactoring  
						
						
						
					 
					
						2010-12-15 12:50:56 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c1c525aaea 
							
						 
					 
					
						
						
							
							quick fix of a fix  
						
						
						
					 
					
						2010-12-15 12:10:33 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7cfeb5447b 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-15 11:46:28 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4dec24d056 
							
						 
					 
					
						
						
							
							quick fix for a bug reported by Andreas Constantinides (KeyError: 5)  
						
						
						
					 
					
						2010-12-15 11:30:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c3d0295d21 
							
						 
					 
					
						
						
							
							minor update (checking for --time-sec value)  
						
						
						
					 
					
						2010-12-14 12:37:21 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b75d7fa348 
							
						 
					 
					
						
						
							
							minor cache based optimization  
						
						
						
					 
					
						2010-12-14 12:22:17 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							4b79227b5a 
							
						 
					 
					
						
						
							
							Minor bug fix to properly merge options from .conf file (-c) with command line switches  
						
						
						
					 
					
						2010-12-13 21:36:23 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							5fb04515d3 
							
						 
					 
					
						
						
							
							Added hidden (for the moment) switch --technique  
						
						
						
					 
					
						2010-12-09 13:47:17 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							293ce18fed 
							
						 
					 
					
						
						
							
							two major bug fixes regarding time calculation (previously comparison was also a part of "delta", which screwed results in cases with large pages; other was a standard distribution based one)  
						
						
						
					 
					
						2010-12-07 23:32:33 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							dc651d59ec 
							
						 
					 
					
						
						
							
							little mathematics here and there (used "Rules for normally distributed data")  
						
						
						
					 
					
						2010-12-07 19:19:12 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ecd4a5a532 
							
						 
					 
					
						
						
							
							added standard deviation check in time based tests  
						
						
						
					 
					
						2010-12-07 16:39:31 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							294119d2ec 
							
						 
					 
					
						
						
							
							more advanced time technique(s)  
						
						
						
					 
					
						2010-12-07 16:04:53 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							add6235b16 
							
						 
					 
					
						
						
							
							removed pageTemplate from injection(s), it's not longer stored in session, and it's reloaded when resuming from session  
						
						
						
					 
					
						2010-12-07 14:06:54 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0dc630203f 
							
						 
					 
					
						
						
							
							code refactoring  
						
						
						
					 
					
						2010-12-07 13:34:06 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8e78057ac8 
							
						 
					 
					
						
						
							
							Added counter of total HTTP(s) requests done during detection phase  
						
						
						
					 
					
						2010-12-07 12:33:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d77ddbee47 
							
						 
					 
					
						
						
							
							OR based inference works for the first time in history and fingerprint of 4 major DBMSes is now injection based (instead of AND)  
						
						
						
					 
					
						2010-12-06 18:20:57 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							17449754fe 
							
						 
					 
					
						
						
							
							Got rid of UNION false cond  
						
						
						
					 
					
						2010-12-05 16:16:15 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							9e5f933ace 
							
						 
					 
					
						
						
							
							some updates  
						
						
						
					 
					
						2010-12-04 15:47:02 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1f795622b3 
							
						 
					 
					
						
						
							
							some fine tuning of dynamicity removing engine  
						
						
						
					 
					
						2010-12-04 13:39:35 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							04714374f9 
							
						 
					 
					
						
						
							
							now you can use kb.pageTemplate to set a page which will be used as a template in comparison process (at least in '-[RANDNUM] OR' cases we'll need to use different template(s))  
						
						
						
					 
					
						2010-12-04 10:05:18 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							5d37df6104 
							
						 
					 
					
						
						
							
							Ugly code to set the cookies when got them from a 302 redirect too  
						
						
						
					 
					
						2010-12-03 17:41:10 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							612ee08a0b 
							
						 
					 
					
						
						
							
							added response time kb attribute  
						
						
						
					 
					
						2010-12-03 13:19:34 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							22de82634a 
							
						 
					 
					
						
						
							
							Important update to parse correctly the <where> tag during exploitation phase.  
						
						... 
						
						
						
						Minor code cleanup. 
						
					 
					
						2010-12-03 10:44:16 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							09b265a1ea 
							
						 
					 
					
						
						
							
							Got rid of conf.logic for the moment, haven't decided yet what to do with parenthesis check  
						
						
						
					 
					
						2010-12-01 23:32:02 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8b9706656e 
							
						 
					 
					
						
						
							
							Got rid of unreliable 'ORDER BY' technique to detect UNION query SQL injection, consequently switch --union-tech has gone now.  
						
						... 
						
						
						
						Minor code refactoring too. 
						
					 
					
						2010-11-29 17:18:38 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e735f2960a 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-11-29 15:25:45 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							2efb3b78ea 
							
						 
					 
					
						
						
							
							Consider also --dbms value during the detection phase  
						
						
						
					 
					
						2010-11-29 14:48:07 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							76ce9cc888 
							
						 
					 
					
						
						
							
							Minor bug fix for --forms  
						
						
						
					 
					
						2010-11-29 12:46:18 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							9d7087e2ff 
							
						 
					 
					
						
						
							
							Proper saving and resuming when more than a parameter are injectable.  
						
						... 
						
						
						
						Minor bug fix to --stacked-test
Minor code refactoring. 
						
					 
					
						2010-11-29 01:04:42 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							472f4465a6 
							
						 
					 
					
						
						
							
							Prioritize DBMS fingerprint based on DBMS (<dbms>) identified during the detection phase.  
						
						... 
						
						
						
						Minor bug fix to properly handle the case that no injections are found.
Nicer display of injection vulnerabilities detected.
Minor code refactoring. 
						
					 
					
						2010-11-28 21:27:47 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							7e3b24afe6 
							
						 
					 
					
						
						
							
							Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own.  
						
						... 
						
						
						
						All (hopefully) functionalities should still be working.
Added two switches, --level and --risk to specify which injection tests and boundaries to use.
The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work! 
						
					 
					
						2010-11-28 18:10:54 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c471b815cc 
							
						 
					 
					
						
						
							
							fix for a bug reported by BugTrace (IndexError: list index out of range)  
						
						
						
					 
					
						2010-11-22 10:58:08 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							99a23e23cf 
							
						 
					 
					
						
						
							
							Extra check on --union-cols value  
						
						
						
					 
					
						2010-11-19 16:39:26 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							c23126547e 
							
						 
					 
					
						
						
							
							Improved --union-cols to accept a range to test for union SQL injection. By default it is 1-20.  
						
						
						
					 
					
						2010-11-19 15:48:24 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							ad17e9ed2a 
							
						 
					 
					
						
						
							
							Added new switch --union-char to be able to provide the character used in union-test and exploit (default is still NULL, but can be any)  
						
						
						
					 
					
						2010-11-19 14:56:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ff310475c8 
							
						 
					 
					
						
						
							
							some reporting update for --forms  
						
						
						
					 
					
						2010-11-15 14:17:51 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							20d6b9a5c1 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2010-11-15 12:24:32 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							819085155e 
							
						 
					 
					
						
						
							
							minor update/fix  
						
						
						
					 
					
						2010-11-15 12:07:13 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c25c017c08 
							
						 
					 
					
						
						
							
							cosmetics regarding --forms  
						
						
						
					 
					
						2010-11-15 11:50:33 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							36c544f440 
							
						 
					 
					
						
						
							
							update (--forms acts now more like -g switch)  
						
						
						
					 
					
						2010-11-15 11:34:57 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							0a83a830d9 
							
						 
					 
					
						
						
							
							Properly handle both HTTPS and HTTP requests through proxy  
						
						
						
					 
					
						2010-11-12 14:21:46 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							e1ef27f592 
							
						 
					 
					
						
						
							
							work-around to be able to pass in the -r request file the Host header, the ending string ":443" and so sqlmap will go over https  
						
						
						
					 
					
						2010-11-12 12:25:02 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							45ec8c169a 
							
						 
					 
					
						
						
							
							Consistency between --*-test switches/output  
						
						
						
					 
					
						2010-11-08 16:46:25 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fda8752dca 
							
						 
					 
					
						
						
							
							revert of some HTTP headers handling  
						
						
						
					 
					
						2010-11-08 13:26:45 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							78d7b17483 
							
						 
					 
					
						
						
							
							More replacements for refactoring.  
						
						... 
						
						
						
						Minor layout adjustments.
Alignment of conffile/optiondict/cmdline parameters. 
						
					 
					
						2010-11-08 12:36:48 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							eb999de0f1 
							
						 
					 
					
						
						
							
							added Range handler (dealing with 206 HTTP messages)  
						
						
						
					 
					
						2010-11-08 12:26:13 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a3de10e3a2 
							
						 
					 
					
						
						
							
							new option -t  
						
						
						
					 
					
						2010-11-08 11:22:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d551423379 
							
						 
					 
					
						
						
							
							further enum refactoring  
						
						
						
					 
					
						2010-11-08 09:44:32 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							862395ced1 
							
						 
					 
					
						
						
							
							further refactoring (all enumerations are now put into enums.py)  
						
						
						
					 
					
						2010-11-08 09:20:02 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							b6da946883 
							
						 
					 
					
						
						
							
							Added one new verbose level, -v 3 now shows the full injected payload.  
						
						... 
						
						
						
						Fixed also -d verbose output. 
						
					 
					
						2010-11-07 22:34:29 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							73e85bfc75 
							
						 
					 
					
						
						
							
							Minor bug fix: the --tamper scripts have to be provided from the highest to the lowest priority, if not, sqlmap will reverse-sort them automatically as per user's choice. Tested, works now  
						
						
						
					 
					
						2010-11-07 16:24:44 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							afba26a53f 
							
						 
					 
					
						
						
							
							tiny winy update  
						
						
						
					 
					
						2010-11-07 09:00:45 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2b8c942b4a 
							
						 
					 
					
						
						
							
							more update  
						
						
						
					 
					
						2010-11-07 08:58:24 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							16f52ab7ba 
							
						 
					 
					
						
						
							
							cosmetic fix  
						
						
						
					 
					
						2010-11-07 08:13:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8d93bdfa4b 
							
						 
					 
					
						
						
							
							minor update (optimization) regarding -a switch  
						
						
						
					 
					
						2010-11-07 08:11:56 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e1cec8c02b 
							
						 
					 
					
						
						
							
							fix for all that stable, dynamic mambo jambo :)  
						
						
						
					 
					
						2010-11-04 16:44:34 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							18aea251b3 
							
						 
					 
					
						
						
							
							added concept of tamper script priority  
						
						
						
					 
					
						2010-11-04 10:29:40 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6adee3792a 
							
						 
					 
					
						
						
							
							removed all trailing spaces from blank lines  
						
						
						
					 
					
						2010-11-03 10:08:27 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5269cb8c08 
							
						 
					 
					
						
						
							
							some code refactoring and beautification  
						
						
						
					 
					
						2010-11-02 09:06:38 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							13e93f564a 
							
						 
					 
					
						
						
							
							one bug fix in dynamic content engine and some code refactoring  
						
						
						
					 
					
						2010-11-02 07:32:08 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							73b33ed765 
							
						 
					 
					
						
						
							
							fix for a bug reported by Ulisses Castro (Too many open files) - also, added an important caching mechanism with thread safe logic  
						
						
						
					 
					
						2010-11-01 20:56:13 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							f3cc41601c 
							
						 
					 
					
						
						
							
							Added check on --first and --last values  
						
						
						
					 
					
						2010-10-31 14:42:13 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5a38ac7ea9 
							
						 
					 
					
						
						
							
							important update regarding (Bug  #209 ) - probably more will be needed  
						
						
						
					 
					
						2010-10-29 16:11:50 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							43de8247ac 
							
						 
					 
					
						
						
							
							Code refactoring  
						
						
						
					 
					
						2010-10-27 20:39:50 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							24c5d7b313 
							
						 
					 
					
						
						
							
							code refactoring  
						
						
						
					 
					
						2010-10-25 14:06:56 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							9c94a233a1 
							
						 
					 
					
						
						
							
							conf.md5hash thrown out  
						
						
						
					 
					
						2010-10-25 13:52:21 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							9a3879feba 
							
						 
					 
					
						
						
							
							keeping things neat and tidy  
						
						
						
					 
					
						2010-10-25 12:33:49 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							71543092b7 
							
						 
					 
					
						
						
							
							update regarding comparison engine  
						
						
						
					 
					
						2010-10-25 12:00:59 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8df7c88174 
							
						 
					 
					
						
						
							
							implementation of a new dynamic content removal engine  
						
						
						
					 
					
						2010-10-25 10:41:37 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2194d47782 
							
						 
					 
					
						
						
							
							setting conf.threads when -o switch is used  
						
						
						
					 
					
						2010-10-22 19:10:45 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							1288def3b7 
							
						 
					 
					
						
						
							
							Cosmetics  
						
						
						
					 
					
						2010-10-22 14:23:14 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							bc79eec702 
							
						 
					 
					
						
						
							
							removed queriesfile.py, implemented XMLObject approach (still shell.py and udf.py TODO)  
						
						
						
					 
					
						2010-10-21 13:13:12 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4009ef385e 
							
						 
					 
					
						
						
							
							more update regarding error based injection support  
						
						
						
					 
					
						2010-10-19 18:17:34 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6b70dadfb2 
							
						 
					 
					
						
						
							
							minor cosmetics  
						
						
						
					 
					
						2010-10-18 09:09:22 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							149837ebf5 
							
						 
					 
					
						
						
							
							added the same for proxy authorization header  
						
						
						
					 
					
						2010-10-18 09:02:56 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							aaebb4336e 
							
						 
					 
					
						
						
							
							fix for Bug  #202  
						
						
						
					 
					
						2010-10-18 08:54:08 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							64b9f94fcf 
							
						 
					 
					
						
						
							
							Renamed --common-prediction switch to --predict-output  
						
						
						
					 
					
						2010-10-16 23:50:13 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							7b71262de6 
							
						 
					 
					
						
						
							
							Cosmetic fix  
						
						
						
					 
					
						2010-10-16 22:07:29 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							a2997a6dce 
							
						 
					 
					
						
						
							
							Minor bug fix to --tamper  
						
						
						
					 
					
						2010-10-16 21:55:34 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							2129935e06 
							
						 
					 
					
						
						
							
							Split character for tamper scripts (--tamper option) is now comma, not semi-colon.  
						
						... 
						
						
						
						Minor enhancement 
						
					 
					
						2010-10-16 21:52:16 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							2dae934a2b 
							
						 
					 
					
						
						
							
							Minor bug fixes, code refactoring and enhanced --tamper functionality  
						
						
						
					 
					
						2010-10-16 21:33:15 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d50684a057 
							
						 
					 
					
						
						
							
							added one more check  
						
						
						
					 
					
						2010-10-15 11:05:50 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2b476e078c 
							
						 
					 
					
						
						
							
							minor cosmetics  
						
						
						
					 
					
						2010-10-15 10:36:29 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							9fcab68700 
							
						 
					 
					
						
						
							
							Minor adjustments  
						
						
						
					 
					
						2010-10-15 10:28:06 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4f7f20b94f 
							
						 
					 
					
						
						
							
							sorry, cosmetics  
						
						
						
					 
					
						2010-10-14 23:18:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8b48833136 
							
						 
					 
					
						
						
							
							large commit with copyright header modifications  
						
						
						
					 
					
						2010-10-14 14:41:14 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f07608ef4d 
							
						 
					 
					
						
						
							
							show static words in a sorted manner  
						
						
						
					 
					
						2010-10-14 12:38:06 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							162d01abed 
							
						 
					 
					
						
						
							
							commit of all sorts (bug fix for heuristics and URI injections, fine tunning of tampering modules with SQL keywords,...)  
						
						
						
					 
					
						2010-10-14 11:06:28 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7e1f784eaa 
							
						 
					 
					
						
						
							
							cosmetic update  
						
						
						
					 
					
						2010-10-14 06:00:10 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							34580f56fc 
							
						 
					 
					
						
						
							
							added --tamper option  
						
						
						
					 
					
						2010-10-12 22:45:25 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d2ec132469 
							
						 
					 
					
						
						
							
							added --text-only switch  
						
						
						
					 
					
						2010-10-12 19:41:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							43892cddbb 
							
						 
					 
					
						
						
							
							some updates  
						
						
						
					 
					
						2010-10-11 12:26:35 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							18d27cabc5 
							
						 
					 
					
						
						
							
							more changes  
						
						
						
					 
					
						2010-10-07 15:34:17 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1e9ae40397 
							
						 
					 
					
						
						
							
							major refactoring  
						
						
						
					 
					
						2010-10-07 12:12:26 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							adf2231edb 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-10-06 13:38:03 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							56dbf0038f 
							
						 
					 
					
						
						
							
							minor update (for future implementation of more advanced error page logic)  
						
						
						
					 
					
						2010-10-06 12:10:00 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							cf8e92699c 
							
						 
					 
					
						
						
							
							changes regarding EXISTS feature  
						
						
						
					 
					
						2010-09-30 12:35:45 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							35f35605df 
							
						 
					 
					
						
						
							
							changes regarding Feature  #160  
						
						
						
					 
					
						2010-09-26 14:02:13 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b745331974 
							
						 
					 
					
						
						
							
							added null connection check  
						
						
						
					 
					
						2010-09-16 08:43:10 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							798ab4989b 
							
						 
					 
					
						
						
							
							fix for a Bug  #200  
						
						
						
					 
					
						2010-09-14 10:35:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							19fb2e3dcf 
							
						 
					 
					
						
						
							
							fix for Bug  #165  
						
						
						
					 
					
						2010-09-13 13:31:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8aa12db425 
							
						 
					 
					
						
						
							
							added option --proxy-cred for setting proxy credentials (Feature  #195 )  
						
						
						
					 
					
						2010-08-18 22:45:00 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							057ec8a6b2 
							
						 
					 
					
						
						
							
							added --ratio option for direct manipulation of conf.matchRatio parameter  
						
						
						
					 
					
						2010-08-10 19:53:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							28d9115373 
							
						 
					 
					
						
						
							
							fix for Feature  #187  (Skip duplicates parameters in -g)  
						
						
						
					 
					
						2010-07-29 20:01:04 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							49af0c43a5 
							
						 
					 
					
						
						
							
							Forgot  
						
						
						
					 
					
						2010-07-01 15:26:18 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							9d28ae23ca 
							
						 
					 
					
						
						
							
							fixup for situations with unexpected LENGTHs in multithreaded mode (e.g. UTF8 data retrieval)  
						
						
						
					 
					
						2010-07-01 14:11:45 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							24428c1a1b 
							
						 
					 
					
						
						
							
							Added warning message if both --proxy and --keep-alive are provided  
						
						
						
					 
					
						2010-06-30 11:41:42 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							c33f3ef844 
							
						 
					 
					
						
						
							
							Minor adjustment to HTTP headers handling  
						
						
						
					 
					
						2010-06-29 23:51:44 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							fb9f669544 
							
						 
					 
					
						
						
							
							More verbose comments  
						
						
						
					 
					
						2010-06-29 21:10:33 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							ea45d75f2d 
							
						 
					 
					
						
						
							
							Major bug fix to parse and store all HTTP headers from the request file (-r)  
						
						
						
					 
					
						2010-06-29 21:06:03 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							9bce22683b 
							
						 
					 
					
						
						
							
							Minor bug fix and adjustment to deal with Keep-Alive also against Google (-g)  
						
						
						
					 
					
						2010-06-11 10:08:19 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							c23ea4c749 
							
						 
					 
					
						
						
							
							--keep-alive is not compatible with --proxy  
						
						
						
					 
					
						2010-06-10 21:19:45 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							d3c8e461cf 
							
						 
					 
					
						
						
							
							Minor layout adjustments  
						
						
						
					 
					
						2010-06-10 14:14:56 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							eb94edc48c 
							
						 
					 
					
						
						
							
							added keepalive module  
						
						
						
					 
					
						2010-06-01 12:21:10 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							db7ede96fd 
							
						 
					 
					
						
						
							
							more updates/fixes  
						
						
						
					 
					
						2010-05-31 11:11:53 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0450df8a77 
							
						 
					 
					
						
						
							
							added kb.cache for storing cached results (e.g. kb.cache.regex for storing compiled regular expressions and kb.cache.md5 for storing precalculated MD5 values during '--users --common-prediction' session)  
						
						
						
					 
					
						2010-05-31 08:13:08 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							89c721a451 
							
						 
					 
					
						
						
							
							More replacements from open() to codecs.open(). conf.dataEncoding has to be used only for non-binary files.  
						
						
						
					 
					
						2010-05-29 10:10:28 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							a138dbe5f6 
							
						 
					 
					
						
						
							
							Minor bug fixes and code refactoring  
						
						
						
					 
					
						2010-05-28 15:57:43 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							919a8345d6 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2010-05-28 15:30:02 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ad3c425a18 
							
						 
					 
					
						
						
							
							quick fix  
						
						
						
					 
					
						2010-05-28 15:26:55 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f36e093fa7 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-05-28 09:13:50 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							dc83f794ea 
							
						 
					 
					
						
						
							
							fix regarding proper string isinstance checking (including unicode)  
						
						
						
					 
					
						2010-05-25 10:09:35 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							a43eb64c5d 
							
						 
					 
					
						
						
							
							Minor refactoring  
						
						
						
					 
					
						2010-05-24 15:46:12 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0197f8db5c 
							
						 
					 
					
						
						
							
							code refactoring regarding issue  #184  
						
						
						
					 
					
						2010-05-24 11:12:40 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e9be60e1ac 
							
						 
					 
					
						
						
							
							added support for proper unicode session(s) storage/retrieval  
						
						
						
					 
					
						2010-05-24 11:00:49 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							64f2afe585 
							
						 
					 
					
						
						
							
							in a mood for more changes  
						
						
						
					 
					
						2010-05-21 12:44:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							78547bb79e 
							
						 
					 
					
						
						
							
							quick fix  
						
						
						
					 
					
						2010-05-21 12:19:20 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							a21a7fc56d 
							
						 
					 
					
						
						
							
							Minor code refactoring  
						
						
						
					 
					
						2010-05-21 12:09:31 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							68e13c3872 
							
						 
					 
					
						
						
							
							periodical commit  
						
						
						
					 
					
						2010-05-21 09:35:36 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							9c1d82c9f7 
							
						 
					 
					
						
						
							
							Minor bug fix to --proxy with HTTPS target on Python 2.6 -  fixes   #191 .  
						
						
						
					 
					
						2010-05-20 10:52:14 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5396f13bab 
							
						 
					 
					
						
						
							
							added CPU throttling for lowering sqlmap's CPU intensivity  
						
						
						
					 
					
						2010-05-13 15:19:28 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							fa48d26f95 
							
						 
					 
					
						
						
							
							Minor cosmetic fix  
						
						
						
					 
					
						2010-04-26 12:34:21 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7eef76f1b0 
							
						 
					 
					
						
						
							
							added basic option validation for start/stop values regarding David Guimaraes mail  
						
						
						
					 
					
						2010-04-26 11:23:12 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							a1b1f960cc 
							
						 
					 
					
						
						
							
							Finally fixed and adapted all code around to the new isWindowsDriveLetterPath() function  
						
						
						
					 
					
						2010-04-23 16:34:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							938a3ab0b9 
							
						 
					 
					
						
						
							
							fix for Bug  #183  (--threads dot output)  
						
						
						
					 
					
						2010-04-16 13:40:02 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1aeaa5db47 
							
						 
					 
					
						
						
							
							implementation of Feature  #176  (Safe URL: avoid being kicked out after N unsuccessful requests)  
						
						
						
					 
					
						2010-04-16 12:44:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							17554759b7 
							
						 
					 
					
						
						
							
							implemented feature request from Ole Rasmussen regarding table name retrieval speedup  
						
						
						
					 
					
						2010-04-15 09:36:13 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							effc7dc41c 
							
						 
					 
					
						
						
							
							Minor adjustment to notify the user that the --auth-cred format for NTLM authentication is "DOMAIN\user:password"  
						
						
						
					 
					
						2010-04-07 09:47:14 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							2d55ec19a3 
							
						 
					 
					
						
						
							
							Minor code restyling  
						
						
						
					 
					
						2010-04-06 10:15:19 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e29e8f82f9 
							
						 
					 
					
						
						
							
							fix for "Problem with --dbms set" reported by David Guimaraes  
						
						
						
					 
					
						2010-04-05 23:09:35 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							1416cd0d86 
							
						 
					 
					
						
						
							
							Major enhancement to directly connect to the dbms without passing via a sql injection: adapted code accordingly - see  #158 . This feature relies on python third-party libraries to be able to connect to the database. For the moment it has been implemented for MySQL (with python-mysqldb module) and PostgreSQL (with python-psycopg2 module).  
						
						... 
						
						
						
						Minor layout adjustments. 
						
					 
					
						2010-03-26 23:23:25 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							f4f68218bc 
							
						 
					 
					
						
						
							
							Minor layout adjustment for --threads and --eta output  
						
						
						
					 
					
						2010-03-25 11:47:18 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							d13ad8b2d7 
							
						 
					 
					
						
						
							
							fixes   #181  - proper save/resume information about single entry UNION SQL injection  
						
						
						
					 
					
						2010-03-22 15:39:29 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							d00e4a458a 
							
						 
					 
					
						
						
							
							Code cleanup  
						
						
						
					 
					
						2010-03-21 00:39:44 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							d2f86fb0a5 
							
						 
					 
					
						
						
							
							Fixes   #172  - also cookies are parsed from burp/webscarab logs (-l) and request file (-r) now  
						
						
						
					 
					
						2010-03-16 15:21:42 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							466df89c4a 
							
						 
					 
					
						
						
							
							Fixes   #178  and  #179  - proper handling of custom redirects  
						
						
						
					 
					
						2010-03-16 14:30:57 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							3b3353e05b 
							
						 
					 
					
						
						
							
							Revert last commit  
						
						
						
					 
					
						2010-03-16 13:56:36 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1dfe558d3d 
							
						 
					 
					
						
						
							
							Fix for Issue  #177  
						
						
						
					 
					
						2010-03-16 13:11:44 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							6d0ea86414 
							
						 
					 
					
						
						
							
							Fixes   #59  - proper customizable redirect (302 and 301)  
						
						
						
					 
					
						2010-03-15 14:24:43 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7ec04281dd 
							
						 
					 
					
						
						
							
							minor adjustments  
						
						
						
					 
					
						2010-03-12 12:46:26 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2c053d5cfb 
							
						 
					 
					
						
						
							
							fix for Bug  #166  (Keyboard interrupt in Python threading)  
						
						
						
					 
					
						2010-03-11 11:14:20 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							fdf417f57e 
							
						 
					 
					
						
						
							
							Minor adjustment and bug fix  
						
						
						
					 
					
						2010-03-10 22:08:11 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							91dd609e26 
							
						 
					 
					
						
						
							
							fixed threading bug (difflib :)  
						
						
						
					 
					
						2010-03-10 14:14:27 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							7136c17f19 
							
						 
					 
					
						
						
							
							Minor log adjustments  
						
						
						
					 
					
						2010-03-05 14:59:33 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6fd1f7f77c 
							
						 
					 
					
						
						
							
							update  
						
						
						
					 
					
						2010-03-05 14:06:03 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							156fdd96ef 
							
						 
					 
					
						
						
							
							Updated copyright  
						
						
						
					 
					
						2010-03-03 15:26:27 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5d792feffd 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-03-03 10:57:54 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							89e919f07a 
							
						 
					 
					
						
						
							
							fixing my mistake  
						
						
						
					 
					
						2010-02-26 10:01:23 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5ebf572cae 
							
						 
					 
					
						
						
							
							added option --ignore-proxy  
						
						
						
					 
					
						2010-02-25 20:55:10 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							cef248a5ea 
							
						 
					 
					
						
						
							
							update for that invalid target url Otavio Augusto reported  
						
						
						
					 
					
						2010-02-10 12:06:23 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d291464cd4 
							
						 
					 
					
						
						
							
							code refactoring regarding path normalization  
						
						
						
					 
					
						2010-02-04 14:50:54 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ec63fc4036 
							
						 
					 
					
						
						
							
							code refactoring - added functions posixToNtSlashes and ntToPosixSlashes  
						
						
						
					 
					
						2010-02-04 14:37:00 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							97840535c6 
							
						 
					 
					
						
						
							
							fix for situations where proxy is set in environment, but the user tries to test something on localhost  
						
						
						
					 
					
						2010-01-19 13:47:35 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							26c7b74e65 
							
						 
					 
					
						
						
							
							changes regarding Data (GET/POST/Cookie) encoding (Bug  #129 )  
						
						
						
					 
					
						2010-01-14 18:05:03 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3434a22872 
							
						 
					 
					
						
						
							
							HTTP header HOST is now mandatory in a HTTP request file  
						
						
						
					 
					
						2010-01-12 14:07:58 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8817b2884f 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-01-12 13:16:30 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a58b36fe07 
							
						 
					 
					
						
						
							
							code commit regarding Feature  #119  
						
						
						
					 
					
						2010-01-12 13:11:26 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d58ba7ee6d 
							
						 
					 
					
						
						
							
							added --scope feature regarding Feature  #105  
						
						
						
					 
					
						2010-01-09 20:44:50 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d07f60578c 
							
						 
					 
					
						
						
							
							implementation of Feature  #17  
						
						
						
					 
					
						2010-01-07 12:59:09 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							ce022a3b6e 
							
						 
					 
					
						
						
							
							sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup.  
						
						
						
					 
					
						2010-01-02 02:02:12 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							e4e081cdc6 
							
						 
					 
					
						
						
							
							sqlmap 0.8-rc2: minor enhancement based on msfencode 3.3.3-dev -t exe-small so that also PostgreSQL supports again the out-of-band via Metasploit payload stager optionally to shellcode execution in-memory via sys_bineval() UDF. Speed up OOB connect back. Cleanup target file system after --os-pwn too. Minor bug fix to correctly forge file system paths with os.path.join() all around. Minor code refactoring and user's manual update.  
						
						
						
					 
					
						2009-12-17 22:04:01 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							b363f1c5ab 
							
						 
					 
					
						
						
							
							Added support for NTLM authentication  
						
						
						
					 
					
						2009-12-02 22:54:39 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							89c43893d4 
							
						 
					 
					
						
						
							
							Merged back from personal branch to trunk (svn merge -r846:940 ...)  
						
						... 
						
						
						
						Changes:
* Major enhancement to the Microsoft SQL Server stored procedure
heap-based buffer overflow exploit (--os-bof) to automatically bypass
DEP memory protection.
* Added support for MySQL and PostgreSQL to execute Metasploit shellcode
via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an
option instead of uploading the standalone payload stager executable.
* Added options for MySQL, PostgreSQL and Microsoft SQL Server to
read/add/delete Windows registry keys.
* Added options for MySQL and PostgreSQL to inject custom user-defined
functions.
* Added support for --first and --last so the user now has even more
granularity in what to enumerate in the query output.
* Minor enhancement to save the session by default in
'output/hostname/session' file if -s option is not specified.
* Minor improvement to automatically remove sqlmap created temporary
files from the DBMS underlying file system.
* Minor bugs fixed.
* Major code refactoring. 
						
					 
					
						2009-09-25 23:03:45 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							24a3a23159 
							
						 
					 
					
						
						
							
							Minor bug fix to --dbms, updated user's manual  
						
						
						
					 
					
						2009-07-09 11:05:24 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							e5a01d500e 
							
						 
					 
					
						
						
							
							Minor bug fix in --update option, updated also Microsoft XML versions file  
						
						
						
					 
					
						2009-06-16 15:12:02 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							150abc0f1e 
							
						 
					 
					
						
						
							
							sqlmap 0.7-rc3: Reset takeover OOB features (if any of --os-pwn, --os-smbrelay or --os-bof is selected) when running under Windows because msfconsole and msfcli are not supported on the native Windows Ruby interpreter. Correctly handle fcntl to be imported only on systems different from Windows. Minor code refactoring.  
						
						
						
					 
					
						2009-06-11 15:01:48 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							3bca0d4b28 
							
						 
					 
					
						
						
							
							Minor improvement so that user's options can also be passed directly as a dictionary/advancedDict rather than only as an optparse instance.  
						
						
						
					 
					
						2009-06-05 10:15:55 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							5ac2b0658c 
							
						 
					 
					
						
						
							
							Fixed regular expression to parse burp log file hosts' scheme/port  
						
						
						
					 
					
						2009-06-04 14:42:53 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							cfd8a83655 
							
						 
					 
					
						
						
							
							Minor adjustment to get also the port when parsing burp logs  
						
						
						
					 
					
						2009-06-04 14:36:31 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							966f34f381 
							
						 
					 
					
						
						
							
							Minor parsing syntax adjustment due to sligh differences between Burp 1.2 lite and professional editions  
						
						
						
					 
					
						2009-06-03 15:26:18 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							c7b72abc0e 
							
						 
					 
					
						
						
							
							Minor bug fix in parsing Burp (WebScarab too?) log to correctly parse httpS urls  
						
						
						
					 
					
						2009-06-03 15:04:40 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							ef3846e0de 
							
						 
					 
					
						
						
							
							Minor fix in Host header value by Oliver Gruskovnjak  
						
						
						
					 
					
						2009-05-19 14:40:04 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							b463205544 
							
						 
					 
					
						
						
							
							Minor fixes for MacOSX  
						
						
						
					 
					
						2009-05-12 20:24:00 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							ccedadd780 
							
						 
					 
					
						
						
							
							Finished Mac OS X  
						
						
						
					 
					
						2009-04-30 21:42:54 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							e8c115500d 
							
						 
					 
					
						
						
							
							Now it works also on Mac OS X  
						
						
						
					 
					
						2009-04-30 10:46:50 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							16b4530bbe 
							
						 
					 
					
						
						
							
							Minor bug fixes to --os-shell (altought web backdoor functionality still to be reviewed).  
						
						... 
						
						
						
						Minor common library code refactoring.
Code cleanup.
Set back the default User-Agent to sqlmap for comparison algorithm reasons.
Updated THANKS. 
						
					 
					
						2009-04-27 23:05:11 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							5121a4dcba 
							
						 
					 
					
						
						
							
							Send IE7.0 as default User-Agent  
						
						
						
					 
					
						2009-04-24 20:13:21 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							1af6898618 
							
						 
					 
					
						
						
							
							Fixed POST parsing when -l option is provided (burp/webscarab log file)  
						
						
						
					 
					
						2009-04-23 15:04:28 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8c0ac767f4 
							
						 
					 
					
						
						
							
							Updated to sqlmap 0.7 release candidate 1  
						
						
						
					 
					
						2009-04-22 11:48:07 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							207e96e2b2 
							
						 
					 
					
						
						
							
							Major bug fix in the comparison algorithm to correctly handle also the  
						
						... 
						
						
						
						case that the url is stable and the False response changes the page
content very little. 
						
					 
					
						2009-02-09 10:28:03 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							5560f0b68a 
							
						 
					 
					
						
						
							
							Updated the copyright  
						
						
						
					 
					
						2009-01-12 21:35:38 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							9c125a2b57 
							
						 
					 
					
						
						
							
							Minor improvement to use Python ConfigParser library when --save if specified.  
						
						... 
						
						
						
						Minor update to the user's manual 
						
					 
					
						2009-01-03 22:59:22 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							a4d62af2ea 
							
						 
					 
					
						
						
							
							Minor layout adjustments to --union-tech  
						
						
						
					 
					
						2008-12-29 18:48:23 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							4ae464c80d 
							
						 
					 
					
						
						
							
							Minor enhancement to support an option (--union-tech) to specify the  
						
						... 
						
						
						
						technique to use to detect the number of columns used in the web
application SELECT statement: NULL bruteforcing (default) or ORDER BY
clause. 
						
					 
					
						2008-12-21 21:39:53 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8d06975142 
							
						 
					 
					
						
						
							
							Major enhancement to make the comparison algorithm work properly also  
						
						... 
						
						
						
						on url not stables automatically by using the difflib SequenceMatcher
object: this changed a lot into the structure of the code, has to be
extensively beta-tested!
Please, do report bugs on sqlmap-users mailing list if you scout them.
Cheers,
Bernardo 
						
					 
					
						2008-12-20 01:54:08 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							7e8ac16245 
							
						 
					 
					
						
						
							
							Added preventive check for stacked queries support when executing DDL,  
						
						... 
						
						
						
						DML & co. statements in SQL query and SQL shell. Minor improvements on    
this new feature.
Increased default connection timeout to 30 seconds (needed for vmware
machine not correctly synched). 
						
					 
					
						2008-12-19 20:48:33 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							ad228e6947 
							
						 
					 
					
						
						
							
							Ahead with the improvements to the comparison algorithm.  
						
						... 
						
						
						
						Added support internally to forge CASE statements, used only by
--is-dba query at the moment.
Allow DDL, DML (INSERT, UPDATE, etc.) from user in SQL query and
SQL shell.
Minor code adjustments. 
						
					 
					
						2008-12-19 20:09:46 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							d0d6632c22 
							
						 
					 
					
						
						
							
							Initial support to automatically work around the dynamic page at each refresh  
						
						... 
						
						
						
						(Major refactor to the comparison algorithm (True/False response)) 
						
					 
					
						2008-12-18 20:48:23 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							05a8c8d3bf 
							
						 
					 
					
						
						
							
							Added support to test for stacked queries support and improved check for time based blind sql injection.  
						
						... 
						
						
						
						Minor bug fix in --save option 
						
					 
					
						2008-12-16 21:30:24 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							9dbad512f1 
							
						 
					 
					
						
						
							
							sqlmap 0.6.3-rc4: minor enhancement to be able to specify extra HTTP headers  
						
						... 
						
						
						
						by providing option --headers. By default Accept, Accept-Language and
Accept-Charset headers are set.
Added support to get the injection payload prefix and postfix from user.
Minor bug fix to exclude image files when parsing (-l) proxies log files.
Minor code adjustments.
Updated documentation. 
						
					 
					
						2008-12-08 21:24:24 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							7f055924a7 
							
						 
					 
					
						
						
							
							sqlmap 0.6.3-rc4:  
						
						... 
						
						
						
						Minor enhancement to be able to specify the number of seconds before
timeout the connection, default is set to 10 seconds.
Minor improvement to retry the HTTP request up to three times in case
an exception is raised during the connection to the target url.
Minor bug fix to correctly catch connection exceptions and notify to
the user also if they occur within a thread.
Minor code restyling.
Updated documentation. 
						
					 
					
						2008-12-04 17:40:03 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							578bcb9140 
							
						 
					 
					
						
						
							
							Initial support for partial UNION query sql injection  
						
						
						
					 
					
						2008-12-02 21:56:23 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							3cf1658532 
							
						 
					 
					
						
						
							
							Increased default output level from 0 to 1  
						
						
						
					 
					
						2008-12-01 23:07:41 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							6e548eb2ec 
							
						 
					 
					
						
						
							
							Completed support to get the list of targets from WebScarab/Burp proxies  
						
						... 
						
						
						
						log file and updated the documentation 
						
					 
					
						2008-11-27 22:33:33 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							f2737ad0a3 
							
						 
					 
					
						
						
							
							Updated work on multiple targets support (works for WebScarab conversations/ folder, still to work out for Burp log file).  
						
						... 
						
						
						
						Major bug fix in the controller library. 
						
					 
					
						2008-11-22 01:57:22 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							9be844cf3e 
							
						 
					 
					
						
						
							
							Adapted the code to support a list of targets from a text file (Burp log file) or from a directory (WebScarab conversations folder) with command line option -l.  
						
						
						
					 
					
						2008-11-20 17:56:09 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							727664aea7 
							
						 
					 
					
						
						
							
							Minor enhancement to fingerprint the web server operating system and  
						
						... 
						
						
						
						the web application technology by parsing also HTTP response Server
header.
Refactor libraries and plugins that parses XML to fingerprint and show
on standard output the information.
Updated changelog. 
						
					 
					
						2008-11-18 17:42:46 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							7d0724843f 
							
						 
					 
					
						
						
							
							Major enhancement to the engine to parse XML files and matches on DBMS banner  
						
						... 
						
						
						
						and HTTP response headers.
Initial web application technology fingerprint (for the moment based only on
X-Powered-By HTTP response header and not shown yet to the user).
Minor layout adjustments. 
						
					 
					
						2008-11-17 17:41:02 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							654aecedfe 
							
						 
					 
					
						
						
							
							Minor layout adjustments, minor fixes and updated changelog  
						
						
						
					 
					
						2008-11-17 00:00:54 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							84cbc60659 
							
						 
					 
					
						
						
							
							Major bug fix to correctly handle httplib.BadStatusLine exception.  
						
						... 
						
						
						
						Minor improvement to set by default in all HTTP requests the standard HTTP headers (Accept, Accept-Encoding, etc.)
Updated user's manual. 
						
					 
					
						2008-11-15 12:25:19 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							0bd5b52d95 
							
						 
					 
					
						
						
							
							Minor fixes  
						
						
						
					 
					
						2008-11-13 00:03:04 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							0c5d3df546 
							
						 
					 
					
						
						
							
							sqlmap 0.6.3-rc1:  
						
						... 
						
						
						
						* Minor enhancement to be able to specify the number of seconds to wait between each HTTP request.
* Minor bug fix to handle session.error and session.timeout in HTTP requests.
* Updated documentation. 
						
					 
					
						2008-11-09 16:57:47 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							e2a0f7a47b 
							
						 
					 
					
						
						
							
							Fix typo  
						
						
						
					 
					
						2008-10-30 23:20:14 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							e07e48efb2 
							
						 
					 
					
						
						
							
							Major bug fix to correctly dump tables entries  
						
						
						
					 
					
						2008-10-26 16:10:28 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							892a7b2f8a 
							
						 
					 
					
						
						
							
							propsets..  
						
						
						
					 
					
						2008-10-15 15:56:32 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8e3eb45510 
							
						 
					 
					
						
						
							
							After the storm, a restore..  
						
						
						
					 
					
						2008-10-15 15:38:22 +00:00