Commit Graph

100 Commits

Author SHA1 Message Date
Miroslav Stampar
21d083272e minor minor fix 2010-12-18 14:31:41 +00:00
Miroslav Stampar
4f73feec2f now dictionary attack on multiple hash formats is supported (like mysql_passwd and mysql_old_passwd in one database) 2010-12-18 14:11:49 +00:00
Miroslav Stampar
5764816891 minor cosmetics 2010-12-03 22:28:09 +00:00
Bernardo Damele
b0928e02c6 Proper comment 2010-12-03 10:39:36 +00:00
Bernardo Damele
09b265a1ea Got rid of conf.logic for the moment, haven't decided yet what to do with parenthesis check 2010-12-01 23:32:02 +00:00
Bernardo Damele
7e3b24afe6 Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own.
All (hopefully) functionalities should still be working.
Added two switches, --level and --risk to specify which injection tests and boundaries to use.
The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!
2010-11-28 18:10:54 +00:00
Miroslav Stampar
c54c9ee5d1 minor update 2010-11-23 22:33:00 +00:00
Miroslav Stampar
57ad59206b cosmetics as it's best 2010-11-23 22:09:10 +00:00
Miroslav Stampar
7a147041c4 cosmetics 2010-11-23 21:44:58 +00:00
Miroslav Stampar
f4f0bc9db3 minor fix 2010-11-23 21:17:01 +00:00
Miroslav Stampar
7877a931d5 more cosmetics regarding dictionary attack 2010-11-23 20:54:40 +00:00
Miroslav Stampar
e3b3e05748 minor update 2010-11-23 19:21:30 +00:00
Miroslav Stampar
0d24a15182 more cosmetics 2010-11-23 19:10:34 +00:00
Miroslav Stampar
836a1c214a los cosmeticados (of hash dictionary attack) 2010-11-23 18:57:00 +00:00
Miroslav Stampar
b41ee8d0d0 minor refactoring 2010-11-23 14:57:36 +00:00
Miroslav Stampar
aa5d038f18 more code refactoring 2010-11-23 14:50:47 +00:00
Miroslav Stampar
3cae76627c code refactoring regarding dictionary attack 2010-11-23 13:58:01 +00:00
Miroslav Stampar
ba4ea32603 first working version of dictionary attack 2010-11-23 13:24:02 +00:00
Miroslav Stampar
bfc9378542 sorry, even more proper naming should be like this (passwd is a standard naming for this kind of function(s)) 2010-11-20 13:22:59 +00:00
Miroslav Stampar
db59faedb9 more proper naming 2010-11-20 13:20:28 +00:00
Miroslav Stampar
1f8a9fe033 foundations for dictionary attack support combined with the sqlmap's password/hash retrieval functionality (--password switch) 2010-11-20 13:14:13 +00:00
Miroslav Stampar
71107e4e9e quick fix for google searches 2010-11-19 21:38:20 +00:00
Miroslav Stampar
df88280681 minor update of google regex (that * was a junky one) 2010-11-19 10:04:29 +00:00
Miroslav Stampar
e8bef28337 updating google parsing regex (for the better, of course) 2010-11-19 10:00:29 +00:00
Bernardo Damele
17486e472a Proper english (--postfix is now --suffix) and --string/--regexp does not necessarily need to match into the original response body, it might well be in the injected True condition only! 2010-11-17 22:00:09 +00:00
Miroslav Stampar
862395ced1 further refactoring (all enumerations are now put into enums.py) 2010-11-08 09:20:02 +00:00
Bernardo Damele
b6da946883 Added one new verbose level, -v 3 now shows the full injected payload.
Fixed also -d verbose output.
2010-11-07 22:34:29 +00:00
Miroslav Stampar
d3e7e89e60 major improvement with display of payloads (all payloads are displayed now) and removal of "pesky" spaces 2010-11-07 21:18:09 +00:00
Miroslav Stampar
6adee3792a removed all trailing spaces from blank lines 2010-11-03 10:08:27 +00:00
Miroslav Stampar
70f6eab715 minor update 2010-11-02 12:08:28 +00:00
Bernardo Damele
46be570463 Proper HTTP version display 2010-10-31 15:41:28 +00:00
Miroslav Stampar
f7d42af046 some fixes regarding --check-payload 2010-10-29 11:00:23 +00:00
Miroslav Stampar
228ac0cde5 refactoring regarding --check-payload 2010-10-25 18:38:54 +00:00
Miroslav Stampar
378653a1ec added IDS payload testing 2010-10-25 15:37:43 +00:00
Miroslav Stampar
bc79eec702 removed queriesfile.py, implemented XMLObject approach (still shell.py and udf.py TODO) 2010-10-21 13:13:12 +00:00
Miroslav Stampar
be443c6947 refactoring regarding __START__,... 2010-10-21 09:51:07 +00:00
Miroslav Stampar
4f7f20b94f sorry, cosmetics 2010-10-14 23:18:29 +00:00
Miroslav Stampar
2bbe0c9ba6 bug fix for Ctrl+C 2010-10-14 15:23:42 +00:00
Miroslav Stampar
8b48833136 large commit with copyright header modifications 2010-10-14 14:41:14 +00:00
Miroslav Stampar
43a3ac2c3a some bug fixes 2010-10-13 20:54:18 +00:00
Miroslav Stampar
18d27cabc5 more changes 2010-10-07 15:34:17 +00:00
Miroslav Stampar
440ff639bb more refactoring 2010-10-07 14:05:34 +00:00
Miroslav Stampar
e80a66acc5 minor update 2010-10-07 12:21:59 +00:00
Miroslav Stampar
1bf8939e2f further updates 2010-10-06 22:43:04 +00:00
Miroslav Stampar
0ad8090ad8 fix for a google bug reported by Brandon E. 2010-10-01 08:03:39 +00:00
Miroslav Stampar
c6bf0e43af minor update 2010-09-27 13:41:18 +00:00
Miroslav Stampar
c39d819dd2 fix for a resume bug reported by Augusto Urbieta 2010-07-20 08:13:02 +00:00
Bernardo Damele
9bce22683b Minor bug fix and adjustment to deal with Keep-Alive also against Google (-g) 2010-06-11 10:08:19 +00:00
Miroslav Stampar
12a5ec9f3d more unicode refactoring 2010-06-02 12:45:40 +00:00
Bernardo Damele
89c721a451 More replacements from open() to codecs.open(). conf.dataEncoding has to be used only for non-binary files. 2010-05-29 10:10:28 +00:00