sqlmap

mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-23 18:13:46 +03:00

Author	SHA1	Message	Date
Miroslav Stampar	3a9e36c52b	Reintroducing stacked queries removed in `79d08906a4` (good for WAF bypass)	2016-07-03 02:03:30 +02:00
Miroslav Stampar	cb43c03712	Definite patch for MemoryError(s) (fixes #1991 )	2016-06-30 14:57:56 +02:00
Miroslav Stampar	65a0f15f69	Minor update (error regex for PHP's sqlsrv module)	2016-06-28 15:13:37 +02:00
Miroslav Stampar	98b77d32cc	Minor update	2016-06-27 11:16:41 +02:00
Miroslav Stampar	86a3569ccb	New WAF script (SonicWALL)	2016-06-26 16:42:05 +02:00
Miroslav Stampar	17fca351d3	Minor update	2016-06-26 16:26:13 +02:00
Miroslav Stampar	2614e7bec1	Minor update	2016-06-26 16:23:39 +02:00
Miroslav Stampar	832c6e806f	Revert of last commit	2016-06-26 15:59:35 +02:00
Miroslav Stampar	7b334b0808	'Conversion failed' happens in regular SQLi on MsSQL	2016-06-26 15:57:11 +02:00
Miroslav Stampar	aa9151785e	Minor update	2016-06-26 15:37:30 +02:00
Miroslav Stampar	6bdef1b7da	Minor update	2016-06-26 01:46:49 +02:00
Miroslav Stampar	8b4367d354	Revert of last commit	2016-06-26 01:42:21 +02:00
Miroslav Stampar	0a9d69a7d0	Minor patch	2016-06-26 01:10:47 +02:00
Miroslav Stampar	a4b60dc00f	New error regex for MsSQL	2016-06-26 00:40:54 +02:00
Miroslav Stampar	f91ae32284	Minor update (to not confuse S3 vs Cloudfront)	2016-06-24 13:39:13 +02:00
Miroslav Stampar	53fc9d6720	Fixes #1990	2016-06-24 13:31:19 +02:00
Miroslav Stampar	0b31568306	Minor update	2016-06-24 13:28:08 +02:00
Miroslav Stampar	e9407cf791	Cleaning some garbage boundaries (it doesn't make any sense to use %00 as prefix)	2016-06-23 22:57:59 +02:00
Miroslav Stampar	0175acd028	Bug fix (in some cases lack of warning message for SQLi appearing)	2016-06-23 17:52:37 +02:00
Miroslav Stampar	733a32de32	Minor patch	2016-06-23 12:09:51 +02:00
Miroslav Stampar	1b863ecf93	Far better detection of SecureIIS (WAF)	2016-06-23 12:03:05 +02:00
Miroslav Stampar	ec06037335	Update of bigip waf script	2016-06-23 11:41:49 +02:00
Miroslav Stampar	0cdb62a1b5	Adding new waf script (armor)	2016-06-23 11:15:31 +02:00
Miroslav Stampar	99454198b8	Minor refactoring	2016-06-20 10:01:57 +02:00
Miroslav Stampar	dd6287ace8	Fixes #1972	2016-06-20 09:59:50 +02:00
Miroslav Stampar	786460e3b4	Minor just in case patch	2016-06-19 17:44:47 +02:00
Miroslav Stampar	419cf979f1	Showing again the 'shutting down at ...' message	2016-06-19 17:17:01 +02:00
Miroslav Stampar	30be875304	Patch for an Issue #1968	2016-06-18 01:21:57 +02:00
Miroslav Stampar	7d011bc811	Fixes #1964	2016-06-17 17:07:44 +02:00
Miroslav Stampar	b2c4a3b247	Fixes #1960	2016-06-17 16:54:23 +02:00
Miroslav Stampar	9d9592a69b	Fixes #1963	2016-06-17 16:51:23 +02:00
Miroslav Stampar	cb42294a7e	Minor message update	2016-06-15 07:57:10 +02:00
Miroslav Stampar	146762c109	Minor update	2016-06-15 07:54:47 +02:00
Miroslav Stampar	494b9d1586	Fixes #1943	2016-06-13 15:30:38 +02:00
Miroslav Stampar	2e95fdb52d	Fixes #1947	2016-06-13 14:50:44 +02:00
Miroslav Stampar	46736cac7b	Fixes #1931	2016-06-10 18:41:41 +02:00
Miroslav Stampar	041213f22d	Fixes #1935	2016-06-10 18:18:48 +02:00
Miroslav Stampar	8ca45c5678	Fixes #1936	2016-06-10 18:02:24 +02:00
Miroslav Stampar	c6eec8db97	Fixes #1938	2016-06-10 17:52:22 +02:00
Miroslav Stampar	98fdc493f4	Proper patch for #1923 (Fixes #1940 , #1941 )	2016-06-10 17:42:11 +02:00
Miroslav Stampar	91372bff87	Fixes #1932	2016-06-08 08:20:54 +02:00
Miroslav Stampar	7fb9db42a7	Performing a backup of old dump file (Issue #841 )	2016-06-05 12:37:19 +02:00
Miroslav Stampar	82382957f9	Minor refactoring	2016-06-05 12:25:42 +02:00
Miroslav Stampar	f034122bd0	Fixes #1920	2016-06-05 12:14:01 +02:00
Miroslav Stampar	0df2456f34	Fixes #1923	2016-06-03 16:06:29 +02:00
Miroslav Stampar	78fdb27a0b	More improvements	2016-06-03 15:51:52 +02:00
Miroslav Stampar	350baf0a0a	Minor update	2016-06-03 14:29:32 +02:00
Miroslav Stampar	9886b646eb	Proper update regarding the last commit	2016-06-03 14:18:28 +02:00
Miroslav Stampar	c5197b99a0	Minor patch and minor improvement	2016-06-03 13:59:32 +02:00
Miroslav Stampar	cc313280af	Payload that never ever worked (now fixed)	2016-06-03 13:16:00 +02:00
Miroslav Stampar	f06ff42c58	This never worked. Not sure who incorporated it (WAITFOR DELAY can't go to SELECT/CASE)	2016-06-03 10:42:57 +02:00
Miroslav Stampar	4bc1cf4518	Vastly better patch for MsSQL payloads	2016-06-03 10:29:04 +02:00
Miroslav Stampar	0e65043c84	Minor adjustment	2016-06-03 09:48:49 +02:00
Miroslav Stampar	d7d565415a	Patch for MySQL fingerprinting	2016-06-03 02:31:31 +02:00
Miroslav Stampar	0986ec8948	Update for Oracle fingerprinting	2016-06-03 02:27:59 +02:00
Miroslav Stampar	50bced511f	Adding support for fingerprinting MsSQL 2014 and 2016	2016-06-03 02:24:19 +02:00
Miroslav Stampar	e275e8c0b0	Fixes #1921	2016-06-03 02:02:11 +02:00
Miroslav Stampar	77dea38ac1	Fixes #1918	2016-06-03 00:37:18 +02:00
Miroslav Stampar	7dc2ec5fd8	Minor touch	2016-06-01 20:42:09 +02:00
Miroslav Stampar	4bf2e3b139	Minor update	2016-06-01 20:37:05 +02:00
Miroslav Stampar	8114c14755	Removing leftover	2016-06-01 16:32:22 +02:00
Miroslav Stampar	ec8cf6aadc	Adding support for detecting CAPTCHA	2016-06-01 15:48:04 +02:00
Miroslav Stampar	d326965966	Reordering MySQL's error-based payloads (BIGINT and EXP have crazy bigger chunk lenghts)	2016-06-01 14:12:22 +02:00
Miroslav Stampar	030df0353d	Removing ugly legacy code (e.g. showing MySQL 5.0 when it is e.g. '5.7.8')	2016-06-01 13:47:20 +02:00
Miroslav Stampar	5038d7a70a	Removing ugly boolean check results (0 or 1) in output of UNION and ERROR SQLi	2016-06-01 13:39:40 +02:00
Miroslav Stampar	f0b8fbb7fd	Implemented support for JSON_KEYS error-based SQLi (and tons of fixes for MySQL 'ORDER BY,GROUP BY' payloads)	2016-06-01 13:23:41 +02:00
Miroslav Stampar	5810c2b199	Minor patch	2016-06-01 11:30:27 +02:00
Miroslav Stampar	77f0b5dfa8	Fixes #1919	2016-06-01 10:56:42 +02:00
Miroslav Stampar	b0ea74dc63	Minor warning message update	2016-06-01 10:53:32 +02:00
Miroslav Stampar	0c07c8942c	Automatic monthly tagging	2016-06-01 10:44:08 +02:00
Miroslav Stampar	7d1bdb35ca	Update of parsed versions	2016-06-01 10:44:08 +02:00
Miroslav Stampar	e823889819	Update for JSP exceptions	2016-05-31 15:35:10 +02:00
Miroslav Stampar	680aedaefc	Adding option --tmp-dir	2016-05-31 14:55:56 +02:00
Miroslav Stampar	afdca09ced	Minor patches (proper user warnings in case of output directory permissions)	2016-05-31 14:05:35 +02:00
Miroslav Stampar	ac89ee71c3	Minor improvement	2016-05-31 13:29:43 +02:00
Miroslav Stampar	af7c8cff92	Bug fix (previously removing temporary directory even if it is needed afterwards)	2016-05-31 13:21:08 +02:00
Miroslav Stampar	26d4dec5fb	Minor refactoring	2016-05-31 13:02:26 +02:00
Miroslav Stampar	cf31d12528	Adding support for python's cgitb tracebacks	2016-05-31 12:33:56 +02:00
Miroslav Stampar	b4c730f8c0	Minor refactoring	2016-05-31 12:23:59 +02:00
Miroslav Stampar	fba1720b31	Minor patch	2016-05-31 11:16:13 +02:00
Miroslav Stampar	9fad72f28b	Adding support for MsAccess usage of parsed FROM table names (e.g. in case of ColdFusion)	2016-05-31 11:08:23 +02:00
Miroslav Stampar	1782bf8e64	Adding support for parsing ODBC/JDBC error messages	2016-05-31 10:49:34 +02:00
Miroslav Stampar	2d59a10515	Better patch than last commit	2016-05-31 10:25:01 +02:00
Miroslav Stampar	21a25c4f00	Bug for fix comments in case of MsAccess	2016-05-31 10:24:13 +02:00
Miroslav Stampar	6b5c16c22c	Minor update for ColdFusion error messages	2016-05-31 09:54:14 +02:00
Miroslav Stampar	2c6621c26a	Minor upgrade for WAF/IDS/IPS detection	2016-05-31 09:49:50 +02:00
Miroslav Stampar	f0500b1d2f	Minor update for ColdFusion path regexes	2016-05-31 09:35:58 +02:00
Miroslav Stampar	6a033bb58c	Minor update for ColdFusion type casting	2016-05-31 09:31:32 +02:00
Miroslav Stampar	2fa4b22645	Patch for URL encoding cookie values (asking the user to choose)	2016-05-30 17:47:08 +02:00
Miroslav Stampar	229d3a7dd0	Patch for cases when error page looks more like original, than the False one does	2016-05-30 16:46:23 +02:00
Miroslav Stampar	b965e5bf1c	Minor refactoring	2016-05-30 16:06:39 +02:00
Miroslav Stampar	3bd74c5351	Minor patch	2016-05-30 15:20:21 +02:00
Miroslav Stampar	55624ec1a2	Minor message update	2016-05-30 14:40:22 +02:00
Miroslav Stampar	6885afe8c3	Minor update for requestvalidationmode.py waf script	2016-05-30 14:26:55 +02:00
Miroslav Stampar	acc1277246	Minor update	2016-05-30 14:13:57 +02:00
Miroslav Stampar	935cb9c8cb	Patch for a custom header cookie urlencoding	2016-05-30 14:09:53 +02:00
Miroslav Stampar	17a4ddad63	Fixes #1916	2016-05-30 13:10:25 +02:00
Miroslav Stampar	5264671f5b	Dump formatting patch for MsAccess	2016-05-30 12:03:33 +02:00
Miroslav Stampar	b4ebbae354	New payload(s)	2016-05-30 11:25:24 +02:00
Miroslav Stampar	510197c39e	Minor text update	2016-05-30 10:52:30 +02:00
Miroslav Stampar	b6a4bd91fe	Minor text update	2016-05-30 10:51:35 +02:00
Miroslav Stampar	83b82a5e98	Bug fix (wrong handler used in case of DBMS resolution)	2016-05-30 10:32:49 +02:00
Miroslav Stampar	0b1efc0759	Minor update (for newer versions of MsSQL)	2016-05-30 01:38:34 +02:00
Miroslav Stampar	2b506d744d	Minor update	2016-05-30 01:29:40 +02:00
Miroslav Stampar	79d08906a4	Cleaning some redundant payload(s)	2016-05-27 23:59:48 +02:00
Miroslav Stampar	6327063bd0	Minor patch	2016-05-27 16:43:01 +02:00
Miroslav Stampar	69fd900108	Adding waf script for detection of generic/unknown	2016-05-27 16:34:41 +02:00
Miroslav Stampar	f9d01f682b	Cloudflare has tons of HTTP error codes while detecting SQLi	2016-05-27 15:58:16 +02:00
Miroslav Stampar	d7d3db415b	Minor update	2016-05-27 15:32:30 +02:00
Miroslav Stampar	31850e4544	Minor bug fixes	2016-05-27 13:58:18 +02:00
Miroslav Stampar	de9f23939f	Major bug fix in WAF/IDS/IPS detection (question 'do you want..to try to detect backend WAF/IPS/IDS' never worked)	2016-05-27 13:41:03 +02:00
Miroslav Stampar	154ed2c4e2	Minor patch	2016-05-27 13:33:14 +02:00
Miroslav Stampar	89dfe4e1ac	Adding wallarm WAF script (and couple of other WAF script updates)	2016-05-27 11:58:18 +02:00
Miroslav Stampar	b41b07ddd8	Updates for 360 and jiasule WAF scripts	2016-05-27 11:02:05 +02:00
Miroslav Stampar	e36fc02282	Adding sophos WAF script	2016-05-27 10:17:42 +02:00
Miroslav Stampar	49b41c1eca	Minor update for cloudflare waf script	2016-05-27 09:43:54 +02:00
Miroslav Stampar	4cd9fdb7df	Minor update for F5 waf script	2016-05-27 09:27:45 +02:00
Miroslav Stampar	5aab2d8fb5	Update for Akamai Kona WAF script	2016-05-27 09:22:39 +02:00
Miroslav Stampar	210b65c02d	Couple of fixes for --identify-waf	2016-05-27 02:24:59 +02:00
Miroslav Stampar	7a2ac23f0b	Adding new waf script (sitelock)	2016-05-27 02:13:01 +02:00
Miroslav Stampar	e435fb2e9e	Adding new waf script (comodo)	2016-05-27 01:23:20 +02:00
Miroslav Stampar	6892c94595	Minor update	2016-05-27 01:10:37 +02:00
Miroslav Stampar	831c960216	Update for an Issue #1899	2016-05-26 16:47:38 +02:00
Miroslav Stampar	43af2a4aee	Fixes #1899	2016-05-26 16:08:59 +02:00
Miroslav Stampar	1de6996c26	Fixes #1893	2016-05-25 15:43:39 +02:00
Miroslav Stampar	304f2ed308	Minor language patch	2016-05-25 15:32:17 +02:00
Miroslav Stampar	148b35da4f	Better extraction of absolute file paths	2016-05-25 15:29:25 +02:00
Miroslav Stampar	3865b3a398	Minor improvement in case of technique E (when waiting for large entry - lots of chunks)	2016-05-25 12:50:53 +02:00
Miroslav Stampar	d6bcbbae1d	Minor patch for E technique to be more compatible with output of U technique	2016-05-25 12:42:15 +02:00
Miroslav Stampar	04b3aefc5d	Patch for special character output in U and E techniques	2016-05-25 12:24:36 +02:00
Miroslav Stampar	a5f8cae599	Fixes #1892	2016-05-24 17:58:35 +02:00
Miroslav Stampar	29c3037512	Better asciinema recording (shorter width)	2016-05-24 17:26:10 +02:00
Miroslav Stampar	d0d7d3a205	Update of location of a sample run	2016-05-24 17:12:44 +02:00
Miroslav Stampar	7ce36ea1b6	Removal of unused imports	2016-05-24 16:40:44 +02:00
Miroslav Stampar	6f97f4796b	Fixes #1891	2016-05-24 16:34:07 +02:00
Miroslav Stampar	39fe96009f	Minor improvement (related to the last commit)	2016-05-24 16:20:39 +02:00
Miroslav Stampar	b475a38895	Better ORDER BY detection	2016-05-24 15:46:06 +02:00
Miroslav Stampar	42de887b05	Language update	2016-05-24 15:18:19 +02:00
Miroslav Stampar	28576bf08e	Minor output update	2016-05-24 15:08:04 +02:00
Miroslav Stampar	c395958dff	Fixes #1888	2016-05-24 14:55:19 +02:00
Miroslav Stampar	798b539eec	Minor update	2016-05-24 14:50:56 +02:00
Miroslav Stampar	70cf8edc75	Fixes #1887	2016-05-24 14:17:00 +02:00
Miroslav Stampar	a81ea88eb0	Fixes #1889	2016-05-24 13:59:34 +02:00
Miroslav Stampar	023dda26fc	Minor update for --os-shell directories	2016-05-24 12:53:21 +02:00
Miroslav Stampar	3e76895155	Minor update	2016-05-24 12:30:01 +02:00
Miroslav Stampar	2c1bd7f034	Update for an Issue #1531 (MySQL quirk with international letters)	2016-05-24 12:01:02 +02:00
Miroslav Stampar	f7cae68378	More formal language	2016-05-22 21:44:17 +02:00
Miroslav Stampar	f6ff1a115a	Better (automatic) picking of a --string candidate (especially in case of international pages)	2016-05-22 21:29:08 +02:00
Miroslav Stampar	32ee586e2a	Minor language update	2016-05-22 14:30:32 +02:00
Miroslav Stampar	b9e5655e3c	Proper naming	2016-05-22 14:26:36 +02:00
Miroslav Stampar	6623c3f877	Pesky bug fix (nobody noticed :)	2016-05-22 14:22:31 +02:00
Miroslav Stampar	30a4173249	I like users which don't know the difference between detection and identification	2016-05-22 12:40:23 +02:00
Miroslav Stampar	dbbe4c6ddd	Fixes #1884	2016-05-22 11:44:21 +02:00
Miroslav Stampar	633e4dfe48	Fixes #1886	2016-05-22 11:37:27 +02:00
Miroslav Stampar	5e8b105677	Fixes #1880	2016-05-19 19:46:12 +02:00
Miroslav Stampar	414dd96bbd	Minor update (warning on negative integer values provided)	2016-05-19 18:04:25 +02:00
Miroslav Stampar	e857c2a88a	Update for an Issue #1879	2016-05-19 13:50:31 +02:00
Miroslav Stampar	e7aaea2b8e	Update for an Issue #1826	2016-05-17 14:10:49 +02:00
Miroslav Stampar	63d7cd607e	Minor patch (for late threading issues)	2016-05-17 13:54:42 +02:00
Miroslav Stampar	d886b08dd9	Update for an Issue #1826	2016-05-17 13:45:03 +02:00
Miroslav Stampar	72f3185ae7	Fixes #1878	2016-05-17 10:47:17 +02:00
Miroslav Stampar	03be9f9b65	Minor removal of blank lines	2016-05-17 10:43:16 +02:00
Miroslav Stampar	d9d0865c13	Another patch for an Issue #1874	2016-05-16 17:09:05 +02:00
Miroslav Stampar	e3f54bc226	Minor patch for #1874	2016-05-16 16:53:28 +02:00
Miroslav Stampar	9662f4a56a	Minor update	2016-05-16 16:47:29 +02:00
Miroslav Stampar	fea5cc8579	Minor patch	2016-05-16 15:37:49 +02:00
Miroslav Stampar	94091cd0e9	Fixes #1871	2016-05-15 09:37:45 +02:00
Miroslav Stampar	cc9f4b6102	Minor refactoring for MariaDB	2016-05-14 15:05:50 +02:00
Miroslav Stampar	cd7c99c752	Minor revert (it was not necessary - caused other problems)	2016-05-14 14:48:17 +02:00
Miroslav Stampar	75478c1181	Fixes #1868	2016-05-14 14:18:34 +02:00
Miroslav Stampar	ad0ca69579	Fixes #1865	2016-05-13 15:14:56 +02:00
Miroslav Stampar	2d801b7122	Minor patch for an Issue #1861	2016-05-12 17:16:55 +02:00
Miroslav Stampar	1e07269fe3	Patch for an Issue #1860	2016-05-12 16:42:12 +02:00
Miroslav Stampar	3b74e99576	Minor update (support for MariaDB)	2016-05-11 15:47:35 +02:00
Miroslav Stampar	439fff684e	Minor update (MSSQL CONCAT payload)	2016-05-11 09:42:54 +02:00
Miroslav Stampar	72cf06119c	Patch for an Issue #1852	2016-05-10 09:55:03 +02:00
Miroslav Stampar	808068d70a	Minor update	2016-05-10 09:19:59 +02:00
Miroslav Stampar	f09072b2b6	Fixes #1853	2016-05-09 13:13:02 +02:00
Miroslav Stampar	be9381abc5	Implements #1845	2016-05-06 13:06:59 +02:00
Miroslav Stampar	5d09f7b85f	Fixes #1822	2016-05-06 10:32:16 +02:00
Miroslav Stampar	8bbfee7591	Cleaning a leftover from `be26392057`	2016-05-06 10:30:58 +02:00
Miroslav Stampar	be26392057	Update for an Issue #1846	2016-05-06 10:23:57 +02:00
Miroslav Stampar	263730f4ee	Fixes #1840	2016-05-04 13:23:59 +02:00
Miroslav Stampar	5d7e1782d9	Fixes #1839	2016-05-04 11:14:42 +02:00
Miroslav Stampar	e27f590c2c	Fixes #1838	2016-05-04 11:11:58 +02:00
Miroslav Stampar	7afe655561	Another minor update for #1836	2016-05-03 12:52:46 +02:00
Miroslav Stampar	3bf08290a4	Update for an Issue #1836	2016-05-03 12:37:10 +02:00
Miroslav Stampar	34c2172391	Fixes #1837	2016-05-03 11:38:47 +02:00
Miroslav Stampar	48044f7a46	Minor update of IDS_WAF_CHECK_PAYLOAD	2016-05-03 00:19:19 +02:00
Miroslav Stampar	04e666182f	Minor update of FORMAT_EXCEPTION_STRINGS	2016-05-02 23:44:43 +02:00
Miroslav Stampar	c797129956	Fixes #1833	2016-05-02 11:10:12 +02:00
Miroslav Stampar	6928dae956	Minor patch	2016-05-02 10:45:50 +02:00
Miroslav Stampar	6db3bcbb51	Minor update for UrlScan	2016-05-02 10:12:19 +02:00
Miroslav Stampar	d7f0b3566d	Automatic monthly tagging	2016-05-02 10:06:30 +02:00
Miroslav Stampar	0c67a90cc0	Minor bug fix	2016-05-02 10:06:30 +02:00
Miroslav Stampar	f06e498fb0	Implementation for an Issue #1826	2016-04-29 14:19:32 +02:00
Miroslav Stampar	ad612bf9e4	Patch for Windows banner display	2016-04-29 00:51:20 +02:00
Miroslav Stampar	9dd5cd8eb6	Removing CloudFlare check	2016-04-29 00:17:07 +02:00
Miroslav Stampar	5ed3cdc819	Minor update	2016-04-22 10:54:55 +02:00
Miroslav Stampar	0c5965c7b8	Minor patches	2016-04-19 13:13:37 +02:00
Miroslav Stampar	aa21550712	Minor patch for integer casting heuristics (circumvent auto-casting by DBMS itself)	2016-04-15 13:47:19 +02:00
Miroslav Stampar	66061e8c5f	Fixes #1811	2016-04-15 12:04:54 +02:00
Miroslav Stampar	c4b74c2e01	Fixes #1810	2016-04-12 22:37:14 +02:00
Miroslav Stampar	55b23e78ee	Fixes #1809	2016-04-12 22:10:26 +02:00
Miroslav Stampar	a9526bda92	Minor patch	2016-04-11 22:38:44 +02:00
Miroslav Stampar	0901da3f83	Update for an Issue #1807	2016-04-11 09:43:50 +02:00
Miroslav Stampar	8004652f7b	Some more optimization	2016-04-08 15:30:25 +02:00
Miroslav Stampar	c9b410c97f	Minor update	2016-04-08 14:59:52 +02:00
Miroslav Stampar	814d710320	Minor speed up	2016-04-08 14:41:34 +02:00
Miroslav Stampar	38fcc5a35a	Update for pre-WHERE payloads	2016-04-08 13:19:42 +02:00
Miroslav Stampar	674d516f3e	Minor patch	2016-04-08 11:40:09 +02:00
Miroslav Stampar	8ceb4907a5	Another update for Issue #1800	2016-04-08 11:37:38 +02:00
Miroslav Stampar	ce3749622a	Minor revisit of payload boundaries (Issue #1800 )	2016-04-08 11:28:17 +02:00
Miroslav Stampar	bcfae99701	Adding new WAF script	2016-04-08 10:32:18 +02:00
Miroslav Stampar	44c1c2c6f0	Minor update (reported via email)	2016-04-06 11:43:53 +02:00
Miroslav Stampar	ac08db82b2	Including one more error regex (based on testasp[.]vulnweb[.]com)	2016-04-04 16:14:30 +02:00
Miroslav Stampar	305bfd9d30	Implements #1763	2016-04-04 13:50:10 +02:00
Miroslav Stampar	f9aaec7b4a	Minor patch (binary extensions)	2016-04-04 12:43:53 +02:00
Miroslav Stampar	d881a92ee7	Automatic monthly tagging	2016-04-04 12:38:37 +02:00
Miroslav Stampar	60ada89347	Trying once again	2016-04-04 12:38:37 +02:00
Miroslav Stampar	171bfa33a7	Automatic monthly tagging	2016-04-04 12:34:19 +02:00
Miroslav Stampar	acaef90c7b	Minor tuning of auto tagging	2016-04-04 12:34:19 +02:00
Miroslav Stampar	31d7021d4c	Fixes #1794	2016-04-04 12:25:07 +02:00
Miroslav Stampar	e83d8f6143	Updating colorama (Issue #1784 )	2016-03-30 15:11:34 +02:00
Miroslav Stampar	ad3b766b65	Adding in-table name boundaries	2016-03-26 09:39:28 +01:00
Miroslav Stampar	074fbbcea5	Implementation for an Issue #1776	2016-03-23 15:45:49 +01:00
Miroslav Stampar	5b0d5970cc	Another patch related to the #1773	2016-03-23 10:33:32 +01:00
Miroslav Stampar	6c2f9859be	Potential patch for #1773	2016-03-23 10:26:22 +01:00
Miroslav Stampar	d496d99943	Fixes #1774	2016-03-22 13:24:54 +01:00
Miroslav Stampar	d20e9febf2	Fixes #1770	2016-03-19 17:40:05 +01:00
Miroslav Stampar	d76ee8f534	Further update for #1765	2016-03-17 17:06:11 +01:00
Miroslav Stampar	5b88e3e1ad	Minor update of version comment	2016-03-17 16:38:39 +01:00
Miroslav Stampar	a68848faf7	(Auto) adjusting micro version (to current month)	2016-03-17 16:31:34 +01:00
Miroslav Stampar	a4f21399e7	Fixes #1760	2016-03-17 16:23:28 +01:00
Miroslav Stampar	e03b2df58f	Fixes #1761	2016-03-14 17:21:35 +01:00
Miroslav Stampar	252eb97198	Patch related to the #1755	2016-03-12 19:28:28 +01:00
Miroslav Stampar	67ae620182	Another patch related to the #1752	2016-03-12 15:04:19 +01:00
Miroslav Stampar	13366aeb48	Fixes #1752	2016-03-12 12:26:30 +01:00
Miroslav Stampar	e1ce16144a	Fixes #1753	2016-03-10 15:42:01 +01:00
Miroslav Stampar	3307918389	Fixes #1750	2016-03-10 14:48:05 +01:00
Miroslav Stampar	c50849707f	Fixes #1748	2016-03-08 14:35:16 +01:00
Miroslav Stampar	06296bd251	Fixes #1743	2016-03-06 20:04:45 +01:00
Miroslav Stampar	0f6e529fb9	Fixes #1745	2016-03-06 12:14:20 +01:00
Miroslav Stampar	242800c085	Minor update related to the #1740	2016-03-01 15:40:34 +01:00
Miroslav Stampar	679f0cf772	Fixes #1738	2016-03-01 15:36:00 +01:00
Miroslav Stampar	1b5a4651a9	Trivial refactoring	2016-03-01 14:48:53 +01:00
Miroslav Stampar	05fa7eb7c6	Minor update	2016-03-01 11:56:56 +01:00
Miroslav Stampar	336169e181	Update of version display	2016-02-29 08:12:38 +01:00
Miroslav Stampar	b2bc3d49fd	Minor update	2016-02-29 00:52:46 +01:00
Miroslav Stampar	71aa7deefe	Minor beautification	2016-02-29 00:49:45 +01:00
Miroslav Stampar	cf5ae507c8	Minor update of READMEs	2016-02-29 00:44:08 +01:00
Miroslav Stampar	4898a2c332	Dummy commit	2016-02-29 00:30:37 +01:00
Miroslav Stampar	151dcee32e	Minor update	2016-02-29 00:23:59 +01:00
Miroslav Stampar	73f1155847	Adding new shutils file	2016-02-29 00:20:58 +01:00
Miroslav Stampar	adfcb1ad67	Adjusting version number	2016-02-27 15:59:52 +01:00
Miroslav Stampar	ee0439cf11	Update for #1678	2016-01-27 10:03:30 +01:00
Miroslav Stampar	c6c5a937f9	Minor style update	2016-01-21 10:17:17 +01:00
Miroslav Stampar	574b3a79aa	Adding support for detection of CloudFlare responses	2016-01-21 10:16:23 +01:00
Miroslav Stampar	8d42a93fdc	Fixes #1665	2016-01-16 08:13:56 +01:00
Miroslav Stampar	59695af101	Minor improvement of heuristic checks	2016-01-14 22:21:47 +01:00
Miroslav Stampar	4c1fc095d8	Adding heuristic check for FI vulnerability	2016-01-14 09:59:13 +01:00
Miroslav Stampar	6b40e0aa8c	Minor style update (nongit-version)	2016-01-10 02:08:23 +01:00
Miroslav Stampar	5908964db4	Another (better) patch for #1636	2016-01-09 17:32:19 +01:00
Miroslav Stampar	d0d676ccce	Update of copyright string	2016-01-06 00:06:12 +01:00
Miroslav Stampar	dc7f2a71d2	Minor refactoring	2015-12-12 23:48:30 +01:00
Miroslav Stampar	663c976a3b	Fixes #1600	2015-12-09 19:53:48 +01:00
Miroslav Stampar	1c5c937507	Minor update	2015-12-09 10:14:13 +01:00
Miroslav Stampar	5020269f50	Adding extra mark into non-git checkouts	2015-11-24 09:38:28 +01:00
Miroslav Stampar	527dcce08d	Better alternative (on Linux getctime() is the time of the last metadata change)	2015-11-24 09:25:11 +01:00
Miroslav Stampar	19f6eb234b	Revert of #58e049a60d250b881af60091215c75daa3f5c01a (I can imagine couple of things that could go wrong)	2015-11-17 08:52:24 +01:00
Miroslav Stampar	58e049a60d	More generic approach for number of pre-open sockets (Issue #1540 )	2015-11-17 02:45:27 +01:00
Miroslav Stampar	41b8dfab86	Implementation for an Issue #1540	2015-11-16 23:46:10 +01:00
Miroslav Stampar	4335ae8330	Patching previous commit	2015-11-16 16:59:54 +01:00
Miroslav Stampar	94639d11a3	Another update related to the #1539	2015-11-16 15:33:05 +01:00
Miroslav Stampar	5593bf2fee	Another patch related to #1539 (simplifying unicode bad chars and preventing double encoding of safe chars)	2015-11-16 15:02:30 +01:00
Miroslav Stampar	42649005c2	Lots of fixes and refactoring in search department	2015-11-08 16:37:46 +01:00
Miroslav Stampar	fbec463b49	Adding new bold patterns	2015-10-22 15:44:08 +02:00
Miroslav Stampar	80aca35dd1	Removing #1450	2015-10-13 15:00:59 +02:00
Miroslav Stampar	9641e84dd9	Bug fixes for HSQLDB	2015-10-09 16:52:13 +02:00
Miroslav Stampar	551b7e4b45	Patch for an Issue #1450	2015-10-06 13:23:01 +02:00
Miroslav Stampar	56f0b811a6	Minor patch	2015-09-21 13:23:56 +02:00
Miroslav Stampar	265a78b455	Fixes #1379	2015-08-31 14:27:47 +02:00
Miroslav Stampar	d70215ad6c	Fixes #1237	2015-08-31 10:24:05 +02:00
Miroslav Stampar	a33b0454cd	Implementation for an Issue #1360	2015-08-26 15:26:16 +02:00
Miroslav Stampar	b010fda695	Switch --save becomes an option (taking file path where to save config file)	2015-08-14 22:49:32 +02:00
Miroslav Stampar	2c1cde0f59	Minor fix (reported over ML - ignore saving of conf.saveCmdline)	2015-08-13 17:21:36 +02:00
Miroslav Stampar	b6ea2fdb07	Fixes #1170	2015-07-24 14:56:45 +02:00
Miroslav Stampar	16f8e4c8ba	Removing unused imports	2015-07-12 12:25:02 +02:00
Miroslav Stampar	a20da7a677	Patch for automatic reporting (GitHub has robots)	2015-07-12 12:05:19 +02:00
Miroslav Stampar	fa303ef8b1	Minor update	2015-07-10 16:39:18 +02:00
Miroslav Stampar	9e5ef094a3	Closes #1270	2015-06-16 22:20:21 +02:00
Miroslav Stampar	5ee7fd785a	Fixes #1235	2015-05-01 00:48:08 +02:00
Miroslav Stampar	5dfd3ef1e4	Another update	2015-03-26 12:25:32 +01:00
Miroslav Stampar	3be7a447a5	Update	2015-03-26 12:22:49 +01:00
Miroslav Stampar	e35c7fbb7a	Fixes #1172	2015-02-22 13:41:54 +01:00
Bernardo Damele	388c0dfd77	trivial layout fix	2015-02-21 12:57:49 +00:00
Miroslav Stampar	fd632e5ada	Update for unhandled exception mechanism (BADA)	2015-01-26 09:09:38 +01:00
Miroslav Stampar	2655b078d0	Patch for an Issue #1127	2015-01-22 08:52:15 +01:00
Miroslav Stampar	06ff8b3a16	Patch for an Issue #1105	2015-01-13 10:33:51 +01:00
Miroslav Stampar	8e03f4db0f	Patch for an Issue #1062	2015-01-09 15:33:53 +01:00
Miroslav Stampar	c4c4ac13fe	Better patch for an Issue #1095	2015-01-07 09:21:02 +01:00
Miroslav Stampar	2030311d50	Patch for an Issue #1095	2015-01-07 02:04:10 +01:00
Miroslav Stampar	45bdefd29b	Update of copyright	2015-01-06 15:02:16 +01:00
Miroslav Stampar	3d5ca1b25a	Minor update	2015-01-06 14:36:51 +01:00
Miroslav Stampar	6fc41ca940	Heuristically checking for WAF/IDS/IPS by default	2015-01-06 14:01:47 +01:00
Miroslav Stampar	c474c16b4a	Removing ML email address	2015-01-06 12:30:49 +01:00
Miroslav Stampar	e383df8e29	Patch for an Issue #1073	2014-12-30 09:16:50 +00:00
Miroslav Stampar	4f122ee008	Bug fix regarding a problem reported by user @blink2014	2014-12-20 00:23:31 +01:00
Miroslav Stampar	17db587e2c	Adding some friendly warning messages (regarding blocking)	2014-12-03 10:06:21 +01:00
Miroslav Stampar	f71a65a9a0	Patch for an Issue #979	2014-12-01 00:29:25 +01:00
Miroslav Stampar	05d5342f20	Update and patch for an Issue #2	2014-11-17 11:50:05 +01:00
Miroslav Stampar	a91fb4149b	Minor update (using lower frequency alphabet for kb.chars)	2014-11-05 10:56:30 +01:00
Miroslav Stampar	6f45596f28	Minor style update	2014-11-03 23:48:44 +01:00
Miroslav Stampar	19aed90ae5	Implementation for an Issue #874	2014-10-27 00:37:46 +01:00
Miroslav Stampar	01f4b76817	Minor update for the Issue #2	2014-10-23 14:03:44 +02:00
Miroslav Stampar	7143e61619	Minor update	2014-10-23 14:00:53 +02:00
Miroslav Stampar	60f2764c3d	Minor style update	2014-10-22 13:53:18 +02:00
Miroslav Stampar	f94ac8c69d	Second patch related to the Issue #846	2014-10-09 15:21:26 +02:00
Miroslav Stampar	2de12ef4a2	Potential fix for an Issue #843	2014-10-05 00:20:42 +02:00
Miroslav Stampar	fdef53aa67	Minor update of unhandled exception message	2014-10-01 14:23:45 +02:00
Miroslav Stampar	a2b059123a	Minor update of format exception strings	2014-10-01 14:12:30 +02:00
Miroslav Stampar	8c9014c39f	Adding a dummy (auxiliary) XSS check	2014-10-01 13:31:48 +02:00
Miroslav Stampar	7278af01ee	Implementation for an Issue #832	2014-09-16 14:12:43 +02:00
Miroslav Stampar	177fc0376d	Minor fix for HSQLDB	2014-08-30 21:37:38 +02:00
Miroslav Stampar	1a9a331422	Bug fix (proper extending of tests when dbms is known)	2014-08-30 21:34:23 +02:00
Miroslav Stampar	dcaad75a1e	Fix for an Issue #794	2014-08-22 15:08:05 +02:00
Miroslav Stampar	2ce3ccac46	Patch for an Issue #797 (switching to greedy because of performance; it shouldn't be a problem because it was a single line replacement in the first place)	2014-08-22 13:06:53 +02:00
Miroslav Stampar	c5b71cff10	Some filtering	2014-08-21 01:12:44 +02:00
Miroslav Stampar	0296081692	Minor refactoring	2014-08-20 23:42:40 +02:00
Miroslav Stampar	f51ea20bbd	Minor style update	2014-08-20 22:50:00 +02:00
Miroslav Stampar	e0216771ed	Minor update	2014-08-20 15:23:07 +02:00
Miroslav Stampar	c97782cfed	Minor update of banner	2014-08-20 15:10:21 +02:00
Miroslav Stampar	07f881e711	Minor fix	2014-08-20 14:02:04 +02:00
Miroslav Stampar	5a05271097	Minor fix	2014-08-19 22:34:07 +02:00
Miroslav Stampar	b0465a6a76	Adding a revision scheme for nongit checkouts	2014-08-19 22:32:16 +02:00
Miroslav Stampar	cd92de1702	Adding colorful banner	2014-08-19 22:19:22 +02:00
Miroslav Stampar	7d578d395f	Minor update for Apache on Windows	2014-08-16 16:01:18 +02:00
Miroslav Stampar	a8b4b96cd9	Extending list for brute forcing doc root	2014-08-16 15:16:03 +02:00
hydhyd	e7ffe92d8c	Update settings.py Modified BRUTE_DOC_PREFIXES to include "/srv/www" used by default in OpenSUSE.	2014-08-06 12:59:18 +04:00
Bernardo Damele	018748f52e	increase the timeout for the Metasploit session initialization to 5 minutes, better on slow speed connections	2014-07-01 00:34:09 +01:00
Miroslav Stampar	0f10cdfa4c	Minor update	2014-05-29 09:24:09 +02:00
Miroslav Stampar	2a55f75f86	Using a more generic XML recognition regex	2014-04-30 21:25:45 +02:00
Miroslav Stampar	ae8b1fe89c	Implementation for an Issue #678	2014-04-25 09:17:10 +02:00
Miroslav Stampar	15f92c4197	Bug fix (port was not being used properly with Burp exported history)	2014-04-03 09:46:37 +02:00
Miroslav Stampar	f6e1d9e026	Fix for an Issue #650	2014-03-24 10:46:23 +01:00
Miroslav Stampar	39ab3b9149	Minor fix for meta refresh	2014-03-20 13:13:47 +01:00
Miroslav Stampar	56d76e6bfd	Updating list of extensions to exclude from crawling	2014-03-14 21:34:16 +01:00
Miroslav Stampar	490d51258e	Raising number of minimum time responses (15 is statistically too low)	2014-03-03 20:49:58 +01:00
Miroslav Stampar	6369a38ebc	Adding support for JSON-like data with single quote	2014-02-26 08:56:17 +01:00
Miroslav Stampar	465f968be6	Minor cosmetic update	2014-02-26 08:41:23 +01:00
Miroslav Stampar	8521265526	Minor fix	2014-02-07 14:40:43 +01:00
Bernardo Damele	43a4e85749	updated copyright	2014-01-13 17:24:49 +00:00
Miroslav Stampar	7718edac9b	Fix for an Issue #570	2013-12-27 09:40:33 +01:00
Miroslav Stampar	bf3fbb0ae0	Ignore Google analytics cookies	2013-12-04 09:56:37 +01:00
Miroslav Stampar	7054586e8a	Update for an Issue #565 (more work TBD - DuckDuckGo has some kind of IP blocking mechanism)	2013-11-25 20:57:07 +01:00
Miroslav Stampar	0a4512e9ae	Implementation for an Issue #557	2013-11-08 09:23:38 +01:00
Miroslav Stampar	e197720def	Fix for an Issue #546	2013-10-19 20:54:52 +02:00
Miroslav Stampar	777d999e71	Minor update	2013-10-18 15:39:46 +02:00
Miroslav Stampar	6ff2b931ff	Another patch for an Issue #545	2013-10-17 23:42:51 +02:00
Miroslav Stampar	304c9822bd	Patch for an Issue #545	2013-10-17 16:38:07 +02:00
Miroslav Stampar	5b8d631dc0	Minor update	2013-10-16 11:48:00 +02:00
Miroslav Stampar	04dbee3bec	Update for a more generic JSON recognition regex	2013-10-16 11:39:04 +02:00
Miroslav Stampar	bc19f40d09	Minor update	2013-08-22 10:44:21 +02:00
Miroslav Stampar	6cc0cf3702	Minor comment update	2013-08-20 18:36:31 +02:00
Miroslav Stampar	1088011bf0	Adding new binary file formats for excluding in crawling	2013-08-02 23:07:13 +02:00
stamparm	be5ce760b6	Fix for an Issue #485 (failing back to single-thread mode if over some bisection length)	2013-07-09 10:24:48 +02:00
stamparm	f7d15cb465	Official naming is HSQLDB (and/or HyperSQL)	2013-07-01 11:57:47 +02:00
Meatballs	7b6cc3d183	Add hsql settings	2013-06-24 14:38:44 +01:00
Miroslav Stampar	cdb434805a	Using alpha character as a boundary in union/error techniques (instead of ':') to support wider range of (output filtering) cases	2013-06-10 22:14:45 +02:00
Miroslav Stampar	351c70b390	Locale module screws string.letters, etc. in some cases (e.g. IDLE run)	2013-06-01 14:06:58 +02:00
stamparm	fc57b7565d	Implementation for an Issue #432	2013-05-09 14:26:29 +02:00
stamparm	46557198a5	Minor update of doc root names	2013-04-29 11:29:59 +02:00
stamparm	10fbeaed7b	Code refactoring	2013-04-15 11:49:11 +02:00
Miroslav Stampar	0b449bb1d9	Fix for an Issue #433	2013-04-10 19:33:31 +02:00
stamparm	8c9da95343	Style and consistency update (url -> URL)	2013-04-09 11:48:42 +02:00
stamparm	e1ffdde532	Little cleaning a mess with url encoding and post hint types	2013-03-27 13:39:27 +01:00
Miroslav Stampar	8acf033715	Code refactoring	2013-03-19 19:24:14 +01:00
Miroslav Stampar	2ada9e9b84	Patch for an Issue Issue #416	2013-03-04 18:05:40 +01:00
Miroslav Stampar	0e89cc62a2	Adding a hidden switch --dummy used for dummy runs (getPage() returns random data) - usefull for testing purposes for skipping connections	2013-02-28 20:20:08 +01:00
stamparm	be50192d8d	Refactoring WAF scripts	2013-02-26 15:54:50 +01:00
stamparm	e5e39bc682	Fix for an Issue #410	2013-02-25 11:07:30 +01:00
stamparm	8e49872d7c	Finalizing implementation for an Issue #290	2013-02-21 14:33:12 +01:00
Miroslav Stampar	368a2fd297	Fix for an Issue #393	2013-02-14 16:18:16 +01:00
Bernardo Damele	4b9d8ed673	reverted a previous commit as not all distributions create a link file /usr/bin/python2 to the Python interpreter	2013-02-14 11:32:17 +00:00
Bernardo Damele	a67ef4117f	make sure to use Python 2 interpreter when default system Python is version 3	2013-02-14 11:25:04 +00:00
Miroslav Stampar	6629233de5	Minor update	2013-02-14 10:18:40 +01:00
Miroslav Stampar	d78a3e977b	Update (allowing regular char * to be inside SOAP/JSON/XML)	2013-02-13 12:24:42 +01:00
Miroslav Stampar	72984a578d	Update for --load-cookies	2013-02-12 12:42:12 +01:00
Miroslav Stampar	c0e59d94a9	Better naming	2013-02-08 16:28:58 +01:00
Miroslav Stampar	cdfe43560b	Update for an Issue #207 (and a potential patch for regression tests)	2013-02-08 16:20:48 +01:00
Miroslav Stampar	f4b8a3c1d8	Bug fix for boolean (multithreaded Ctrl+C) resumed values	2013-02-04 15:49:29 +01:00
Miroslav Stampar	e7b93b5b66	Implementation for an Issue #363	2013-02-01 17:24:04 +01:00
Miroslav Stampar	bd08ede117	Minor fine tuning	2013-01-29 21:06:02 +01:00
Miroslav Stampar	c06f94e2c8	Fix for an Issue #378	2013-01-25 16:38:41 +01:00
Miroslav Stampar	8c84a16cb7	Minor style update for an Issue #377	2013-01-25 12:52:31 +01:00
Miroslav Stampar	194a9e7b88	Implementation for an Issue #377	2013-01-25 12:34:57 +01:00
Miroslav Stampar	601eb1e49a	Unescaping is renamed to escaping	2013-01-18 15:40:37 +01:00
Bernardo Damele	a43202f3c0	updated copyright	2013-01-18 14:07:51 +00:00
Miroslav Stampar	bcc907ce09	Minor update	2013-01-18 11:00:21 +01:00
Miroslav Stampar	507f185b69	Revert of patch for an Issue #347	2013-01-17 18:38:37 +01:00
Miroslav Stampar	f7eda07d92	Patch for an Issue #347	2013-01-17 15:30:14 +01:00
Miroslav Stampar	51a77d1fe2	Minor update for an Issue #8	2013-01-17 11:37:45 +01:00
Bernardo Damele	542f6de72e	typo fix	2013-01-16 01:31:03 +00:00
Bernardo Damele	c51358953a	add more Oracle system dbs	2013-01-15 14:51:29 +00:00
Miroslav Stampar	934d41dac2	Minor style update (PEP8)	2013-01-10 15:02:28 +01:00
Miroslav Stampar	ca3d35a878	Some PEP8 related style cleaning	2013-01-10 13:18:44 +01:00
Miroslav Stampar	25f01a419f	Minor style update (for the sake of consistency over the code and our PEP8 adaptation)	2013-01-09 15:38:41 +01:00
Miroslav Stampar	648d91d790	Distinguishing invalid unicode from safe encoded characters (for proper potential decoding)	2012-12-27 22:43:39 +01:00
Bernardo Damele	e9ab33e9dd	standalone REST API, code cleanup (#297 )	2012-12-20 14:35:02 +00:00
Bernardo Damele	61a838bb35	added more test cases	2012-12-18 15:59:48 +00:00
Bernardo Damele	2926c815bf	improved test switch --live-test and minor refactoring	2012-12-17 11:29:33 +00:00
Bernardo Damele	a2a71bb37b	cleanup from XML-RPC related stuff	2012-12-14 13:37:36 +00:00
Bernardo Damele	6e31e87de1	added initial support (hidden from -hh and not yet usable) for REST-JSON API	2012-12-14 02:49:25 +00:00
Miroslav Stampar	a6448e8768	Update for an Issue #287	2012-12-12 11:54:59 +01:00
Miroslav Stampar	b9f6fc5f4e	First commit (and working one) for an Issue #287 (XML-RPC server)	2012-12-11 16:02:06 +01:00
Miroslav Stampar	0cbdaaecfa	Revert of `99e9412f74` (because of an Issue #289 )	2012-12-08 08:53:25 +01:00
Miroslav Stampar	79fca8e9d5	Fix for an Issue #268	2012-12-03 12:13:59 +01:00
Miroslav Stampar	3b961c2550	Update for an Issue #254	2012-11-29 15:36:38 +01:00
Miroslav Stampar	753d0f18bf	First CSS style added for a HTML table dump format (Issue #254 )	2012-11-28 12:46:43 +01:00
Miroslav Stampar	cff0c59630	Implementation for an Issue #264	2012-11-28 11:41:39 +01:00
Miroslav Stampar	87a92ab330	Deprecating --replicate (Issue #254 )	2012-11-28 11:10:57 +01:00
Miroslav Stampar	d37be5f97b	Fix for an Issue #248	2012-11-14 15:54:24 +01:00
Miroslav Stampar	81ccf28785	Minor refactoring	2012-10-29 14:08:48 +01:00
Miroslav Stampar	359e734954	Minor refactoring	2012-10-29 10:48:49 +01:00
Miroslav Stampar	ca427af8b3	Minor refactoring/improvement	2012-10-28 01:42:08 +02:00
Miroslav Stampar	c1b8226329	Massive renaming (proper naming is inband = union & error techniques! - query naming stays as they are/in code things like forgeInbandQuery are renamed to forgeUnionQuery)	2012-10-28 00:36:09 +02:00
Miroslav Stampar	8a5844a364	Implementation for an Issue #222	2012-10-25 13:21:32 +02:00
Miroslav Stampar	d65d9e25cd	Implementation for an Issue #2	2012-10-19 11:02:14 +02:00
Miroslav Stampar	2cb1b054bb	Implementation for an Issue #79	2012-10-16 12:32:58 +02:00
Miroslav Stampar	ebc7088f94	Implementation for an Issue #128	2012-10-05 10:24:09 +02:00
Miroslav Stampar	8865fe69d7	Minor cleanup	2012-10-04 18:26:07 +02:00
Miroslav Stampar	3764d230be	Minor fix for Issue #197 and Issue #49	2012-10-04 11:43:37 +02:00
Miroslav Stampar	461e5ebc5f	Work for Issue #197 and Issue #49	2012-10-04 11:25:44 +02:00
Miroslav Stampar	bcbf0571a5	Implementation for an Issue #49	2012-10-02 14:23:58 +02:00
Miroslav Stampar	763dc98311	Minor refactoring	2012-10-02 13:36:15 +02:00
Miroslav Stampar	fccdb824bb	Patch for an Issue #193	2012-09-25 11:21:39 +02:00
Miroslav Stampar	cea5127ffd	Update for an Issue #6	2012-09-06 15:51:38 +02:00
Miroslav Stampar	c3d191e626	Minor update for an Issue #2	2012-09-06 14:13:54 +02:00
Miroslav Stampar	1e238b5a5a	Minor update	2012-09-06 13:36:34 +02:00
Miroslav Stampar	9674b174ee	One more minor update related to last commit	2012-08-23 15:37:17 +02:00
Miroslav Stampar	b79247c197	Minor update	2012-08-23 15:22:14 +02:00
Miroslav Stampar	52351e5d81	Update for an Issue #161 (now detecting format error messages too)	2012-08-22 15:51:47 +02:00
Miroslav Stampar	01f481c332	Minor refactoring of dictionaries	2012-08-21 11:19:15 +02:00
Miroslav Stampar	0d8fca30c9	Fix for an Issue #59	2012-08-16 11:31:43 +02:00
Miroslav Stampar	432b567584	Fix for an Issue #141	2012-08-08 00:03:58 +02:00
Miroslav Stampar	fec8a5cc9d	Fix for an Issue #139	2012-08-07 00:50:58 +02:00
Miroslav Stampar	922ea9d1f4	Update for Issue #118	2012-07-24 15:43:29 +02:00
Miroslav Stampar	a7d1a0c250	Implementation for an Issue #117	2012-07-23 14:14:22 +02:00
Bernardo Damele	5f876bdbbe	minor adjustments	2012-07-16 22:50:29 +01:00
Miroslav Stampar	786686da60	Minor language update	2012-07-13 14:53:42 +02:00
Miroslav Stampar	3c81f74823	Minor style update	2012-07-13 12:22:37 +02:00
Miroslav Stampar	c5ecc8b8db	Closing work on Issue #83	2012-07-13 11:23:21 +02:00
Bernardo Damele	162da75a04	modified homepage address	2012-07-12 18:38:03 +01:00
Miroslav Stampar	569c9214bf	Adding support for boldifying important logging messages	2012-07-12 16:30:35 +02:00
Miroslav Stampar	65639cdda6	First update for Issue #75 (error-based dumping)	2012-07-12 14:31:28 +02:00
Miroslav Stampar	c6464b44be	Some more refactoring	2012-07-11 20:13:23 +02:00
Miroslav Stampar	d7926b8aac	Minor refactoring	2012-07-11 19:54:21 +02:00
Bernardo Damele	eb7ffb8f91	setup for implementing logging colouring - issue #77	2012-07-10 02:54:37 +01:00
Miroslav Stampar	3ff28e58b4	Update regarding Issue #52	2012-07-08 19:24:25 +02:00
Bernardo Damele	4fa6d51d93	improved issues link	2012-07-05 16:26:50 +01:00
Miroslav Stampar	c3c1b9e957	Minor restyling	2012-07-04 20:28:18 +02:00
Bernardo Damele	793fa464e3	website url fix	2012-07-03 13:14:39 +01:00
Miroslav Stampar	481b46a004	Restyling output for Issue #52	2012-07-03 13:06:52 +02:00
Miroslav Stampar	3af1532700	Implementation for Issue #54	2012-07-03 12:09:18 +02:00
Miroslav Stampar	8eefe4b71f	Getting back revision number - displayed like in GitHub commits (Issue #52 )	2012-07-02 13:01:20 +02:00
Miroslav Stampar	21d9ae0a2c	some more refactoring	2012-07-01 01:19:54 +02:00
Miroslav Stampar	2a72fcce2b	Fix for Issue #42	2012-06-28 13:55:30 +02:00
jekil	c39e5a85ba	Removed $id$ tags	2012-06-27 20:56:43 +02:00
Miroslav Stampar	452ef202ae	minor fixes	2012-06-17 22:48:23 +00:00
Miroslav Stampar	b9f6943a42	minor update	2012-06-17 21:23:12 +00:00
Miroslav Stampar	06be7bbb18	few just in case fixes (unarrayizeValue in dumpTable entries) and and some refactoring (unique is now not done for every union case but only if detected that there are duplicates in union test)	2012-06-15 20:41:53 +00:00
Miroslav Stampar	058a9c59a2	fix for a bug noticed in a multi target run (log files weren't saved properly - removed buffering as it didn't produce any noticeable results)	2012-06-05 22:40:55 +00:00
Miroslav Stampar	d335ec0c34	turning back on time auto-adjustment mechanism (if turned off) after a threshold run of valid chars	2012-05-26 07:00:26 +00:00
Miroslav Stampar	37f2709197	making a generic solution for all "Generic comment"/MsAccess cases (it's the only DBMS which doesn't accept --, hence replacing generic comment with %00 for it)	2012-05-09 09:08:23 +00:00
Miroslav Stampar	efd27d7ade	minor renaming	2012-04-17 08:41:19 +00:00
Miroslav Stampar	627bfc589f	some more updates in reflective removal mechanism	2012-04-11 21:26:00 +00:00
Miroslav Stampar	01bd5d0ab2	some more updates for reflective mechanism	2012-04-11 10:41:33 +00:00
Miroslav Stampar	9c2f244d47	minor fix	2012-04-10 22:20:53 +00:00
Miroslav Stampar	119eec3598	improving "boolean detection" by automatic recognition of convenient --string candidate	2012-04-10 21:48:34 +00:00
Miroslav Stampar	b2afa87e48	reading page responses in chunks, trimming unnecessary content (especially for large table dumps in full inband cases)	2012-04-06 08:42:36 +00:00
Bernardo Damele	d106fb5184	layout adjustments	2012-04-04 12:27:24 +00:00
Miroslav Stampar	1cd3c3f7af	further update of DNS data retrieval mechanism through SQLi	2012-04-02 14:05:30 +00:00
Miroslav Stampar	772ead8d03	fixed support for error-based injection on MySQL 4.1 (help table a needs more than 2 items inside); also, fixed some border issues with reflective values	2012-03-29 12:44:20 +00:00
Miroslav Stampar	9433bbe26d	memory optimization for reflective removal mechanism (there was no need for \n\r in the first place as there was no re.S flag used - also, one re.sub "flags <-> count" bug fixed)	2012-03-28 19:27:12 +00:00
Miroslav Stampar	a8c9a47092	redirect logic rewritten from scratch	2012-03-15 11:10:58 +00:00
Miroslav Stampar	ca0d068575	distinguishing NULL from BLANK	2012-03-14 13:52:23 +00:00
Miroslav Stampar	e827f41cdb	using pickle HIGHEST_PROTOCOL just in case	2012-03-13 09:35:37 +00:00
Miroslav Stampar	cda8815634	introducing safe deprecation mechanism for HashDB versioning	2012-03-12 22:55:57 +00:00
Miroslav Stampar	b3bd4144f5	removing of unused imports together with some general code refactoring	2012-02-22 10:40:11 +00:00
Miroslav Stampar	bc4dd7c0dd	fix for -g	2012-02-20 10:02:19 +00:00
Miroslav Stampar	aee269cc14	gazillion changes, nothing will work, muhahaha	2012-02-17 14:22:48 +00:00
Miroslav Stampar	dcf7277a0f	some more refactorings	2012-02-16 14:42:28 +00:00
Miroslav Stampar	bcf9fc6c6f	minor refactoring	2012-02-16 09:32:47 +00:00
Miroslav Stampar	23cc8b6974	minor fix for special cases when parameter value contains html encoded characters	2012-02-14 14:08:10 +00:00
Miroslav Stampar	2b05ded9c3	just a makeup	2012-02-07 12:05:23 +00:00
Miroslav Stampar	f7bf1fbe94	upgrade/fixes for direct DBMS access	2012-02-07 10:46:55 +00:00
Bernardo Damele	c0f4b4632d	Minor fix	2012-02-02 12:55:39 +00:00
Miroslav Stampar	f2857e38ba	minor update	2012-01-30 10:19:03 +00:00
Bernardo Damele	7e560eec1f	Minor fix	2012-01-13 12:54:45 +00:00
Miroslav Stampar	95f89ab63a	updating copyright date	2012-01-11 14:59:46 +00:00
Miroslav Stampar	2b5e429dc2	one more level of defense against user himself	2012-01-07 17:16:14 +00:00
Miroslav Stampar	759465bde5	minor fix	2012-01-06 00:06:38 +00:00
Miroslav Stampar	37d78ffe01	minor optimization	2011-12-28 15:59:30 +00:00
Miroslav Stampar	dda979a15a	minor refactoring	2011-12-27 12:31:29 +00:00
Miroslav Stampar	c20546dcaa	minor refactoring	2011-12-26 12:24:39 +00:00
Miroslav Stampar	89d2c7c042	minor update	2011-12-22 20:54:20 +00:00
Miroslav Stampar	abb401879c	minor update	2011-12-22 20:42:57 +00:00
Miroslav Stampar	087e29d272	minor update	2011-12-22 20:14:56 +00:00
Miroslav Stampar	094129a656	minor optimization	2011-12-22 15:42:21 +00:00
Miroslav Stampar	9f68e54fff	minor cleanup	2011-12-22 10:59:28 +00:00
Miroslav Stampar	526aacb640	code cleanup	2011-12-21 22:59:23 +00:00
Miroslav Stampar	81bd9a201b	minor refactoring	2011-12-21 11:50:49 +00:00
Miroslav Stampar	95cd9e2af3	adding support for scanning Host header values (-p host)	2011-12-20 12:52:41 +00:00
Miroslav Stampar	364113441b	adding (for now) hidden switch --tor-http (utilizing Tor proxy bundles)	2011-12-14 10:19:45 +00:00
Bernardo Damele	8fe72d87a8	minor bug fix for mysql -d --file-read	2011-12-06 10:57:23 +00:00
Miroslav Stampar	71c46f50aa	adding option --csv-del	2011-11-30 17:39:41 +00:00
Miroslav Stampar	02bd9a54f3	minor update	2011-11-30 17:19:21 +00:00
Miroslav Stampar	885b432808	minor update	2011-11-23 21:39:53 +00:00
Miroslav Stampar	2e10de8921	minor update	2011-11-22 12:18:24 +00:00
Miroslav Stampar	ac041399f0	minor patch	2011-11-22 11:04:43 +00:00
Miroslav Stampar	9697e80013	some more optimizations	2011-11-22 10:54:29 +00:00
Miroslav Stampar	eee03871d7	minor refactoring	2011-11-21 21:31:08 +00:00
Miroslav Stampar	440b7efe55	minor optimization	2011-11-20 20:14:47 +00:00
Miroslav Stampar	e1a92d59de	implementing WordPress phpass hash cracking routine	2011-11-20 19:10:46 +00:00
Miroslav Stampar	f1979936c8	minor update	2011-11-18 15:32:33 +00:00
Miroslav Stampar	d735582536	major speed improvement of hash cracking	2011-11-02 06:53:43 +00:00
Miroslav Stampar	7ce3af68fc	fixing support for parsing BURP logs	2011-10-27 17:31:34 +00:00
Miroslav Stampar	d64c0af461	minor update	2011-10-26 14:31:00 +00:00
Miroslav Stampar	86b4a3562f	added switch --check-tor	2011-10-25 17:37:43 +00:00
Miroslav Stampar	c1486ed4be	adding usage of non-encoded/decoded post data (if data is recognized to be already encoded) by user request	2011-10-25 09:53:44 +00:00
Miroslav Stampar	323aa7bf2f	minor update	2011-10-09 21:21:41 +00:00
Miroslav Stampar	e0f521cf9d	minor update regarding --randomize	2011-08-29 13:08:25 +00:00
Bernardo Damele	9361e633f4	Minor bug fix - some applications do really set cookies like param="value" with double-quotes	2011-08-16 09:21:01 +00:00
Miroslav Stampar	7cc5743c5d	minor adjustment of a time based char retrievals (no more infinite increasing of timeSec value for problematic characters)	2011-08-16 06:50:20 +00:00
Miroslav Stampar	df4abf1af1	lowering constant value from 10 to 7 for da peace in da houz	2011-08-12 17:19:19 +00:00
Miroslav Stampar	9423d15fb3	ORDER BY technique used for finding proper UNION col count (dramatical improvement of speed and capabilities) and one minor bug fix	2011-08-03 09:08:16 +00:00
Miroslav Stampar	5770c08784	minor optimization and refactoring	2011-07-25 20:17:44 +00:00
Miroslav Stampar	ec1bc0219c	hello big tables, this is sqlmap, sqlmap this is big tables	2011-07-24 09:19:33 +00:00
Miroslav Stampar	094dc91e2d	minor update (prior to some changes regarding large content retrieval)	2011-07-23 19:04:59 +00:00
Miroslav Stampar	9cf33ec997	now status is no longer represented in percentage (impossible in cases where we need to support too small and too large dictionaries - technical issues regarding counting) but by the rotating char	2011-07-15 13:24:13 +00:00
Miroslav Stampar	5c162efbd8	more optimization	2011-07-12 23:21:15 +00:00
Miroslav Stampar	5443e06430	cosmetics (in debug mode [0] is used)	2011-07-08 09:43:52 +00:00
Bernardo Damele	aedcf8c8d7	Changed homepage address	2011-07-07 20:10:03 +00:00
Bernardo Damele	067354b97f	Revert of last commit and proper fix to detect UNION query SQL injection against Microsoft Access	2011-07-07 13:20:40 +00:00
Bernardo Damele	fcd4e94c04	Higher chances to detect UNION query SQL injection against Microsoft Access	2011-07-06 23:52:44 +00:00
Miroslav Stampar	93b296e02c	few bug fixes (NTLM credential parsing was wrong), some switch reordering (few Misc to General), implemented --check-waf switch (irony is that this will also be called highly experimental/unstable while other things will be called "major/turbo/super bug fix/implementation")	2011-07-06 05:44:47 +00:00
Miroslav Stampar	b8ffcf9495	few fixes here and there and multi-core processing for dictionary based hash attack	2011-07-04 19:58:41 +00:00
Bernardo Damele	36c96ef796	Added DB2 support - patch provided by Sebastian Bittig	2011-06-25 09:44:24 +00:00
Miroslav Stampar	aa83fe5c66	minor update	2011-06-24 18:19:33 +00:00
Miroslav Stampar	21010f702c	minor beautification	2011-06-24 17:46:54 +00:00
Miroslav Stampar	96190cf594	minor update	2011-06-24 17:15:15 +00:00
Bernardo Damele	1cb12ea659	replaced third-party library python-mysql with python pymysql, http://code.google.com/p/pymysql/ (MIT license)	2011-06-22 13:31:07 +00:00
Miroslav Stampar	2a4a284a29	crawler fix (skip binary files)	2011-06-20 22:41:38 +00:00
Miroslav Stampar	d6062e8fc9	minor fix for crawler and far less message overlaps in future	2011-06-20 21:18:12 +00:00
Miroslav Stampar	31ad0875b4	added by request	2011-06-18 11:34:51 +00:00
Miroslav Stampar	ec6fa384eb	update	2011-06-17 22:04:25 +00:00
Miroslav Stampar	530c296519	minor fix	2011-06-16 13:56:17 +00:00
Miroslav Stampar	6f681b45ad	cleaning up a bit for a configuration mess	2011-06-16 11:42:13 +00:00
Miroslav Stampar	2da56ea507	fix of a language bug	2011-06-11 21:17:30 +00:00
Miroslav Stampar	f8dde2c23b	adding --titles switch (killer switch for pages with lots of dynamicity and/or international ones)	2011-06-10 23:18:43 +00:00
Bernardo Damele	7da3d8dbd1	minor layout adjustment	2011-06-08 13:01:33 +00:00
Miroslav Stampar	f27181c628	minor improvement for blind based injections with reflected values	2011-06-03 14:41:36 +00:00
Miroslav Stampar	89559d1b0a	better regex and now after we have that automatic switch off for reflective removal mechanism it's not so important to change it	2011-05-30 20:18:30 +00:00
Miroslav Stampar	20988e58ed	warp 5 mr spock :)	2011-05-30 09:46:32 +00:00
Miroslav Stampar	001cbff2a9	speed up of 2 times for partial union technique	2011-05-30 09:07:48 +00:00
Miroslav Stampar	d51efa679d	typo update	2011-05-29 06:26:28 +00:00
Miroslav Stampar	f848cc779e	adding legal disclaimer as latest situation (these days news headlines) seems out of control	2011-05-28 18:54:14 +00:00
Miroslav Stampar	03ef53f00a	update regarding mysql function resolution and versionedkeywords	2011-05-28 17:34:43 +00:00
Miroslav Stampar	4f46a5ab63	minor usability enhancement regarding warning for --text-only switch	2011-05-26 20:48:18 +00:00
Miroslav Stampar	0e480a9921	adding SYS to the ORACLE_SYSTEM_DBS	2011-05-25 10:55:47 +00:00
Miroslav Stampar	f774d8fea0	proper Tor settings (reverted r3915 and implemented it the right way)	2011-05-24 11:06:58 +00:00
Miroslav Stampar	a58aaf2e1a	better format for results file (easier for sorting when lots of files)	2011-05-22 07:02:36 +00:00
Miroslav Stampar	25fff8c135	changes in handling --tor (using SOCKS instead of HTTP for handling Tor - more standard way; doesn't require proxy bundle; fixes problems with default proxy ports on Win/Linux)	2011-05-21 11:46:57 +00:00
Miroslav Stampar	9e5856caf8	improvement for recognition of scalar vs multiple-row commands	2011-05-19 16:45:05 +00:00
Miroslav Stampar	3048e9f710	minor refactoring	2011-05-17 23:03:31 +00:00
Miroslav Stampar	faa74cd2bc	introducing results file for multiple target mode	2011-05-15 22:21:38 +00:00
Bernardo Damele	aae140080e	SVN roll back, DB2 patch will be recommitted after testing: $ svn merge https://svn.sqlmap.org/sqlmap/trunk/sqlmap@HEAD https://svn.sqlmap.org/sqlmap/trunk/sqlmap@3847 .	2011-05-06 10:27:43 +00:00
Miroslav Stampar	6e392b6054	applying contributed patch for DB2	2011-05-06 09:30:39 +00:00
Miroslav Stampar	742b0ef76e	major improvement of ERROR data retrieval on MSSQL	2011-05-03 13:25:20 +00:00
Bernardo Damele	f56d135438	Minor code restyling	2011-04-30 13:20:05 +00:00
Bernardo Damele	d0dff82ce0	Minor code refactoring relating set/get back-end DBMS operating system and minor bug fix to properly enforce OS value with --os switch	2011-04-23 16:25:09 +00:00
Miroslav Stampar	f88aa4b165	implemented suppressResumeInfo mechanism (huge slowdown on large tables)	2011-04-22 19:58:10 +00:00
Bernardo Damele	06a00fe85e	For development version, print also the revision number in the banner	2011-04-21 21:34:57 +00:00
Miroslav Stampar	7a06af9a92	added "lagging" critical message	2011-04-19 10:37:20 +00:00
Miroslav Stampar	b79d4f70f3	cleaner solution for the problem solved with last commit	2011-04-18 14:51:48 +00:00
Miroslav Stampar	f5cff067c6	little hack for --time-sec	2011-04-18 14:46:18 +00:00
Miroslav Stampar	6fab44d635	minor refactoring and improving of used regex	2011-04-17 22:37:00 +00:00
Miroslav Stampar	c461fdca54	some refactoring	2011-04-15 13:51:06 +00:00
Miroslav Stampar	0387654166	update of copyright string (until year)	2011-04-15 12:33:18 +00:00
Miroslav Stampar	4d8a49a87c	more standard way to display hex encoded char (\xff instead of \ff) also compatible with python representation	2011-04-15 11:53:20 +00:00
Miroslav Stampar	ded28442fb	minor fixes and refactoring regarding safecharencoding	2011-04-14 15:54:00 +00:00
Miroslav Stampar	eafab03d99	safe decoding values going into --replicate (as we should have a "replicate" and sqlite3 supports all chars)	2011-04-14 13:53:56 +00:00
Miroslav Stampar	30bfefd638	minor fix	2011-04-14 12:58:03 +00:00
Bernardo Damele	5cf38cd0d7	More cookies to ignore	2011-04-14 12:46:14 +00:00
Miroslav Stampar	bb99bd2fbe	one more commit related to the issue with displaying of garbled characters	2011-04-14 09:43:36 +00:00
Miroslav Stampar	5dfb55effc	revert of the last commit because of this http://osvdb.org/show/osvdb/26582	2011-04-14 06:46:32 +00:00
Miroslav Stampar	786f305e1a	minor update	2011-04-14 06:43:08 +00:00
Miroslav Stampar	21114d1748	added IGNORE_PARAMETERS to skip testing of state/session web server parameters	2011-04-13 19:01:02 +00:00
Miroslav Stampar	d06ae9cd47	implemented retrieved items info for partial union too	2011-04-13 14:33:15 +00:00
Miroslav Stampar	f5f2201bbc	minor cosmetics for partial inband retrieval	2011-04-13 11:25:42 +00:00
Miroslav Stampar	c193b896be	just in case update to prevent gibberish "retrieved: " outputs	2011-04-12 23:07:50 +00:00
Miroslav Stampar	941daa1645	just in case to prevent "object of type 'NoneType' has no len()" error reports	2011-04-11 11:59:02 +00:00
Miroslav Stampar	08d14886fd	added new dev version string	2011-04-11 09:44:44 +00:00
Bernardo Damele	07d6b18c4e	cutting for 0.9 stable	2011-04-11 00:24:51 +00:00
Miroslav Stampar	8597409d9e	lowering the value	2011-04-10 22:57:17 +00:00
Bernardo Damele	c3b54cc222	Cosmetics	2011-04-01 16:40:28 +00:00
Miroslav Stampar	220366b6e8	minor update (ip addresses will not be confused any more for crypt_generic hashes)	2011-03-31 16:56:26 +00:00
Miroslav Stampar	c5de903eab	minor improvement ("quick defense against substr fields")	2011-03-31 09:35:09 +00:00
Miroslav Stampar	d28ca5809b	adding support for meta HTML header 'refresh' - popular one amongst login pages (stumbled when tested blind injections on Mutillidae login page)	2011-03-29 14:16:28 +00:00
Miroslav Stampar	7cf4ba83dc	minor refactoring and comment update	2011-03-29 12:08:07 +00:00
Miroslav Stampar	bf0e3c4662	improvement for --forms with empty fields	2011-03-28 22:48:00 +00:00
Miroslav Stampar	76b7e3517d	minor update	2011-03-27 07:58:15 +00:00
Miroslav Stampar	d79fae724c	minor refactoring	2011-03-24 09:16:21 +00:00
Miroslav Stampar	5c97f9a496	improvement of url encoding technique (implemented failsafe routine for shortening too long GET queries)	2011-03-09 09:36:56 +00:00
Miroslav Stampar	f27f05308a	minor update for masking sensitive data in error report (added aCred too)	2011-03-02 10:09:17 +00:00
Miroslav Stampar	7036190e8e	minor improvement of regular expression	2011-02-27 17:58:01 +00:00
Miroslav Stampar	21041f8b90	further reflective value handling improvement	2011-02-27 17:43:41 +00:00
Miroslav Stampar	708ddf5608	added protection mechanism against reflected values	2011-02-24 16:52:46 +00:00
Miroslav Stampar	3f8eadf4fe	minor refactoring	2011-02-22 13:00:58 +00:00
Miroslav Stampar	199f14df46	implementation of MySQL GROUP_CONCAT technique	2011-02-15 00:28:27 +00:00
Miroslav Stampar	50d25c3b4d	update regarding explicit testing of ua and referer when using -p	2011-02-13 21:58:48 +00:00
Miroslav Stampar	4295a78c5f	minor update	2011-02-10 19:51:34 +00:00
Miroslav Stampar	5b57a69f3e	fix	2011-02-09 11:20:03 +00:00
Miroslav Stampar	37f7001143	first commit with mysql/error/substringing	2011-02-08 16:23:33 +00:00
Miroslav Stampar	99e9412f74	minor update	2011-02-07 12:34:23 +00:00
Bernardo Damele	39decebe85	Minor fixes to checking/re-enabling of xp_cmdshell procedure	2011-02-07 12:17:19 +00:00
Miroslav Stampar	096efea282	added BULK to EXCLUDE_UNESCAPE and preventing crashes when output=[]	2011-02-07 10:22:43 +00:00
Bernardo Damele	ba3a8a69d4	More statements to exclude from unescap'ing	2011-02-07 00:33:54 +00:00
Bernardo Damele	2e00656235	Minor fix	2011-02-07 00:20:23 +00:00
Bernardo Damele	f3d6be7868	Code cleanup	2011-02-06 22:32:44 +00:00
Miroslav Stampar	acb986ae80	minor refactoring	2011-02-04 17:40:55 +00:00
Miroslav Stampar	accf4e6ce0	one important fix (URI injection parameter '*' now can go anywhere)	2011-02-04 12:43:18 +00:00
Miroslav Stampar	c19d481bb1	little clean up	2011-02-04 12:25:14 +00:00
Miroslav Stampar	e4933f0c92	refactoring	2011-02-03 23:25:56 +00:00
Miroslav Stampar	e5f54644f0	minor "statistical" update	2011-02-03 16:59:49 +00:00
Miroslav Stampar	6c87bd1c63	added maskSensitiveData function	2011-02-02 14:25:16 +00:00
Miroslav Stampar	d6c9515f78	minor update	2011-02-02 13:03:24 +00:00
Miroslav Stampar	e33428b833	adding __findUnionCharCount function	2011-02-02 11:22:35 +00:00
Miroslav Stampar	99aa38b58f	minor refactoring	2011-02-02 10:10:28 +00:00
Miroslav Stampar	fa58a9c86b	update (now URIs like www.site.com/id82 are automatically treated as possible URI injectable)	2011-01-31 20:36:01 +00:00
Miroslav Stampar	b1dc928e68	implemented validation for time-based inference	2011-01-31 16:07:23 +00:00
Miroslav Stampar	25463bc67c	fix for a bug (--predict-output) noticed by Bernardo	2011-01-31 15:00:41 +00:00
Miroslav Stampar	60a2364f2b	now union technique parses headers too	2011-01-31 12:41:39 +00:00
Miroslav Stampar	f9eac97fe8	refactoring of MSSQL XML banner parsing	2011-01-31 11:38:00 +00:00
Miroslav Stampar	fc9c626f9e	minor refactoring (removed URL_ENCODE_PAYLOAD)	2011-01-30 17:03:06 +00:00
Miroslav Stampar	ddf23ba7cc	refactoring	2011-01-30 11:36:03 +00:00
Miroslav Stampar	03413bd5e0	minor refactoring before a huge bug fix reported by Ahmed Shawky (we are falsely urlencoding ORIGINAL part of the injection payload)	2011-01-27 16:55:58 +00:00
Miroslav Stampar	4e5f0da1ae	minor update	2011-01-20 16:07:08 +00:00
Miroslav Stampar	7a060e756d	dummy fix for SQLite schema retrieval (lots of spaces inside)	2011-01-19 23:16:22 +00:00
Bernardo Damele	daebb0010b	Major bug fix to properly process custom queries (--sql-query/--sql-shell) when technique in use is error-based. Alignment of SQL statement payload packing/unpacking between all of the techniques. Minor bug fix to use the proper charset (2, numbers) when dealing with COUNT() in custom queries too. Minor code cleanup.	2011-01-18 23:02:11 +00:00
Miroslav Stampar	34d13be0d3	minor update regarding default page encoding	2011-01-17 10:23:37 +00:00
Miroslav Stampar	5c857779c1	important fix for unicode based character inference	2011-01-17 10:15:19 +00:00
Miroslav Stampar	0fcca671bd	information update regarding common password suffixes	2011-01-17 09:28:25 +00:00
Miroslav Stampar	5476a8a27e	russian sites are great for testing :)	2011-01-16 19:00:19 +00:00
Miroslav Stampar	30d6791968	update regarding time based data retrieval	2011-01-16 17:52:42 +00:00
Miroslav Stampar	3873d204bb	important update for dictionary attack	2011-01-15 15:56:11 +00:00
Miroslav Stampar	e17ac5fdca	update	2011-01-15 15:14:22 +00:00
Bernardo Damele	97ae7e330f	cosmetics	2011-01-07 17:10:58 +00:00
Miroslav Stampar	7ae5192070	adding filtering of strings for control chars in blind inference mode (way to handle either errornous values, or either binary data)	2011-01-05 10:25:07 +00:00
Miroslav Stampar	c83e9f6ca5	foundation for filtering binary string values (for example, replacement of non readable chars with #)	2011-01-04 21:56:37 +00:00
Miroslav Stampar	aa81ed4033	implementation of a feature suggested by pan@knownsec.com (usage of charset type from http-equiv attribute in case when charset is not defined in headers)	2011-01-04 15:49:20 +00:00
Miroslav Stampar	8625494ff2	added one new quick check for multiple target(s) mode	2011-01-03 08:32:06 +00:00
Miroslav Stampar	f762f32de8	bug fix for proper --parse-errors on .aspx pages	2011-01-02 13:00:04 +00:00
Miroslav Stampar	51a492e17d	pretty important commit (now dumped tables are prone to dictionary attack)	2010-12-27 10:56:28 +00:00
Miroslav Stampar	b472b96f92	bug fix, refactoring and improved extractErrorMessage capabilities	2010-12-25 10:16:20 +00:00
Miroslav Stampar	aab14fa2d3	minor refactoring/cosmetics	2010-12-24 11:06:57 +00:00
Miroslav Stampar	d5eebb1cbf	fix for a fundamentally bad presumtion (ratio should be > 0.6 in stable pages), especially today when we have stuff like where=2; also, just imagine 500s which could just say something like FALSE, while on ratio level it would be far below 0.6	2010-12-24 09:49:19 +00:00
Miroslav Stampar	7a525f28d4	cosmetics	2010-12-21 15:26:23 +00:00
Miroslav Stampar	b2e7f9484d	minor tuning (2 techniques MAX per value used)	2010-12-21 15:24:14 +00:00
Miroslav Stampar	6c1133c4d4	some code refactoring	2010-12-21 15:13:13 +00:00
Miroslav Stampar	fe67d3827c	code refactoring and some fixes	2010-12-18 09:51:34 +00:00
Miroslav Stampar	a19cb2c13a	code refactoring (added UNKNOWN_DBMS_VERSION instead of "Unknown")	2010-12-17 21:29:09 +00:00
Bernardo Damele	04caef6de0	Tuning	2010-12-13 23:04:26 +00:00
Miroslav Stampar	c93634b6c7	blind dumping of tables in sqlite implemented	2010-12-11 22:13:19 +00:00
Miroslav Stampar	f021548bd0	added inference failsafe (like in for instance Firebirds SUBSTR always returns a string value, no matter which starting index you use)	2010-12-11 10:52:04 +00:00
Miroslav Stampar	fe2039f5ba	coollyy little commits	2010-12-10 11:32:46 +00:00
Miroslav Stampar	64cc2588f1	now resume is available for time-based blinds too	2010-12-08 12:49:26 +00:00
Miroslav Stampar	dc651d59ec	little mathematics here and there (used "Rules for normally distributed data")	2010-12-07 19:19:12 +00:00
Miroslav Stampar	ecd4a5a532	added standard deviation check in time based tests	2010-12-07 16:39:31 +00:00
Miroslav Stampar	294119d2ec	more advanced time technique(s)	2010-12-07 16:04:53 +00:00
Miroslav Stampar	3d87489de5	minor update	2010-12-07 08:05:03 +00:00
Miroslav Stampar	61f82fd274	introducing [DELAYED] for heavy query time based payloads when response time is non-deterministic	2010-12-07 00:27:26 +00:00
Miroslav Stampar	2735848ab6	removed ERROR_SPACE	2010-12-06 22:40:07 +00:00
Bernardo Damele	2708aad504	Unified start and stop delimiters accross errror-based (detection engine) and union query (--union-test) tests.	2010-12-01 10:31:50 +00:00
Miroslav Stampar	2a8e270bef	proper handling of carriage return character from Windows target machines	2010-11-16 15:11:03 +00:00
Miroslav Stampar	88c00e61d3	another update	2010-11-09 23:35:37 +00:00
Miroslav Stampar	5ebd5d935c	another name change	2010-11-09 22:49:31 +00:00
Miroslav Stampar	06f00cf8c1	name change	2010-11-09 22:48:22 +00:00
Miroslav Stampar	fef60d5cb7	some fixes :)	2010-11-09 22:32:05 +00:00
Miroslav Stampar	862395ced1	further refactoring (all enumerations are now put into enums.py)	2010-11-08 09:20:02 +00:00
Bernardo Damele	b6da946883	Added one new verbose level, -v 3 now shows the full injected payload. Fixed also -d verbose output.	2010-11-07 22:34:29 +00:00
Miroslav Stampar	685a8e7d2c	refactoring of hard coded dbms names	2010-11-02 11:59:24 +00:00
Miroslav Stampar	5a38ac7ea9	important update regarding (Bug #209 ) - probably more will be needed	2010-10-29 16:11:50 +00:00
Miroslav Stampar	be443c6947	refactoring regarding __START__,...	2010-10-21 09:51:07 +00:00
Miroslav Stampar	e24bff0497	nice refactoring	2010-10-20 09:46:57 +00:00
Miroslav Stampar	5d3cbec457	no more regex. web server independent.	2010-10-20 09:35:46 +00:00
Miroslav Stampar	8776db872c	minor refactoring	2010-10-19 23:05:24 +00:00
Miroslav Stampar	264e0a6fda	added support for displaying revision number at unhandled exception message	2010-10-19 08:55:14 +00:00
Miroslav Stampar	4f7f20b94f	sorry, cosmetics	2010-10-14 23:18:29 +00:00
Miroslav Stampar	8b48833136	large commit with copyright header modifications	2010-10-14 14:41:14 +00:00

... 12 13 14 15 16 ...

1406 Commits