Commit Graph

4872 Commits

Author SHA1 Message Date
Miroslav Stampar
7d418af274 Fix for a bug reported privately by email 2015-06-22 16:28:35 +02:00
Miroslav Stampar
9e5ef094a3 Closes #1270 2015-06-16 22:20:21 +02:00
Miroslav Stampar
e4b23c9beb Minor fix regarding POST redirects (ML) 2015-06-16 12:00:56 +02:00
Miroslav Stampar
04c1d439a7 Minor patch for #1260 2015-06-05 17:18:21 +02:00
Miroslav Stampar
8d7e915af7 Minor patch for #1260 2015-06-05 17:02:56 +02:00
Miroslav Stampar
ec87d8ebda Adding a support for SNI (Issue #1256) 2015-06-01 10:45:16 +02:00
Miroslav Stampar
341d2a6028 Minor fix for (hidden) switch '--dummy' 2015-05-29 17:30:02 +02:00
Miroslav Stampar
08caca387b Minor patch of automatic WAF heuristic check 2015-05-29 16:01:41 +02:00
Miroslav Stampar
699c965bc0 Fixes #1248 2015-05-19 18:40:45 +02:00
Miroslav Stampar
17bfda1b9c Adding new switch ('--skip-static') 2015-05-18 20:57:15 +02:00
Miroslav Stampar
e8f87bfa41 Minor patches related to the #1206 2015-05-11 11:01:21 +02:00
Miroslav Stampar
91bc02e3ba Fixes related to the #1206 2015-05-11 10:56:10 +02:00
Miroslav Stampar
9010e157e9 Conflict fix 2015-05-11 10:11:33 +02:00
Miroslav Stampar
5b8df7984c Minor update (for Windows-31j charset) 2015-05-09 14:32:55 +02:00
Miroslav Stampar
4b2ff4339a Fixes #1243 2015-05-07 12:36:23 +02:00
Miroslav Stampar
18e62fd507 Fix for an Issue #1240 2015-05-05 14:36:21 +02:00
Miroslav Stampar
84ba3d45c1 Patch for an Issue #1238 2015-05-04 21:47:10 +02:00
Miroslav Stampar
5ee7fd785a Fixes #1235 2015-05-01 00:48:08 +02:00
Miroslav Stampar
03f32ae2b6 Merge of an Issue #1227 2015-04-22 17:21:55 +02:00
Miroslav Stampar
a94dcf94e9 Patch for an Issue #1226đ 2015-04-22 16:41:20 +02:00
Miroslav Stampar
bb98894dc1 Adding option --safe-req 2015-04-22 16:28:54 +02:00
Miroslav Stampar
4ded9a9966 Small patch for existing option validation 2015-04-22 15:32:14 +02:00
Miroslav Stampar
77c96de4ea Minor patch related to the last commit 2015-04-22 10:33:22 +02:00
Miroslav Stampar
95b52a02ec Minor patch for custom injection into HTTP Authorization header 2015-04-22 10:28:16 +02:00
Miroslav Stampar
c5138d4696 Minor refactoring 2015-04-21 00:02:47 +02:00
Miroslav Stampar
349dfbf2ae Adding an option --safe-post 2015-04-20 23:55:59 +02:00
Miroslav Stampar
7517db76d1 Minor fix for SQLite's schema parsing 2015-04-16 18:40:43 +02:00
Miroslav Stampar
dbfa8f1cfc Fix for a bug reported by the user (conf.scheme/conf.hostname/conf.port were None in multiple targets mode) 2015-04-14 11:05:17 +02:00
Miroslav Stampar
0e4800f73c Changing default answer for sitemap checking to N 2015-04-14 09:30:01 +02:00
Miroslav Stampar
1e7f2d6da2 Implements #1215 2015-04-06 22:07:22 +02:00
Miroslav Stampar
c35fa63a48 Fixes #1212 2015-03-30 11:58:09 +02:00
Miroslav Stampar
99c1cc9937 Fixes #1208 2015-03-26 17:17:46 +01:00
Miroslav Stampar
a19bccc84f Fixes #1205 2015-03-26 15:31:29 +01:00
Miroslav Stampar
770cfb6102 Removing test print 2015-03-26 15:20:54 +01:00
Miroslav Stampar
fc0186e029 Minor update 2015-03-26 12:39:44 +01:00
Miroslav Stampar
5dfd3ef1e4 Another update 2015-03-26 12:25:32 +01:00
Miroslav Stampar
3be7a447a5 Update 2015-03-26 12:22:49 +01:00
Miroslav Stampar
7587528ebd Fixes #1202 2015-03-26 11:40:19 +01:00
ricterz
bbfdb02a0e fix mandatorily depend of websocket #1198 2015-03-24 22:25:16 +08:00
ricterz
811f5c11c6 remove Host header field and add cookie support #1198 2015-03-24 18:50:57 +08:00
ricterz
9b5dcbbbb2 modified error handle #1198 2015-03-24 18:21:50 +08:00
ricterz
78dbe080d7 determine whether it's websocket when connect #1198 2015-03-24 17:19:37 +08:00
ricterz
50fd6ce7f7 add websocket support for parse url #1198 2015-03-24 10:30:38 +08:00
Miroslav Stampar
05a496c275 Fixes #1196 2015-03-20 00:56:52 +01:00
Miroslav Stampar
25b23750e8 Bug fix for crawling over non-80 port 2015-03-12 11:49:52 +01:00
Miroslav Stampar
adc8ac267d Fixes #1190 2015-03-10 09:23:26 +01:00
Miroslav Stampar
9bd41ed99d Fixes #1189 2015-03-09 22:02:20 +01:00
Christ van Willegen
80fb2e29cc Fix some spelling errors in help texts (through -> thorough) 2015-03-04 13:31:29 +01:00
Miroslav Stampar
3347fc25ca Fixes #1185 2015-03-03 15:10:06 +01:00
Miroslav Stampar
3f6c3b40dd Minor update (not overriding user given 'Accept-Encoding' header value) 2015-03-03 14:37:36 +01:00
Bernardo Damele
8281fe48e5 bug fix: test for boundaries with high levels if the test was extended 2015-03-01 11:02:05 +00:00
Bernardo Damele
260643241a prioritized fingerprinted DBMS to error-based and user provided one 2015-02-27 14:19:30 +00:00
Bernardo Damele
2f08c8b666 bug fix: do not skil heuristic check if previous page (test for dynamicity) had DBMS message. Code cleanup 2015-02-27 13:57:28 +00:00
Miroslav Stampar
dde400ab8f More suitable version of 6bcc95a (suggested by user) 2015-02-25 10:19:51 +01:00
Miroslav Stampar
6bcc95a20d Restricting evaluated code variable names to Python valid characters ([_0-9a-zA-Z]) 2015-02-24 15:05:44 +01:00
Miroslav Stampar
e35c7fbb7a Fixes #1172 2015-02-22 13:41:54 +01:00
Bernardo Damele
475cc8b24b trivial code cleanup 2015-02-21 13:12:30 +00:00
Bernardo Damele
383929c0c2 if the user forces the DBMS, then sort the tests accordingly to perform first the DBMS-specific tests, then the others 2015-02-21 13:12:03 +00:00
Bernardo Damele
d235ee375b code cleanup 2015-02-21 12:59:44 +00:00
Bernardo Damele
8be24d3e9b minor enhancement, prefer intersect() each time DBMS values are comfronted 2015-02-21 12:59:27 +00:00
Bernardo Damele
388c0dfd77 trivial layout fix 2015-02-21 12:57:49 +00:00
Bernardo Damele
52dd92748a rework some of the logic of the detection phase based on identified DBMS along the way 2015-02-21 02:23:42 +00:00
Bernardo Damele
4f939b5719 avoid false positive message when extensive heuristic check is performed following detection of boolean blind injection detection: do only heuristic DBMS fingerprint for DBMS specific tables 2015-02-20 18:36:34 +00:00
Bernardo Damele
1ecb921ba7 Consistency in enums 2015-02-20 18:31:47 +00:00
Bernardo Damele
214b9360e9 Minor fix to check for inline query payloads regardless of previously identified payloads and code cleanup 2015-02-20 18:30:42 +00:00
Bernardo Damele
79d4d970a5 trivial code cleanup 2015-02-20 15:42:28 +00:00
Bernardo Damele
201b605f9b Minor fix and consistency: do not ask to include all tests if level and risk are at the max settings already 2015-02-20 10:21:44 +00:00
Bernardo Damele
daa8e0d8c5 minor fix 2015-02-18 10:13:28 +00:00
Miroslav Stampar
1636088b75 Minor update 2015-02-16 11:48:53 +01:00
Bernardo Damele
e17d212c23 bug fix introduced with 863d5a6281 2015-02-15 20:07:52 +00:00
Bernardo Damele
32ab52b8ca code refactoring: split boundaries and payloads XML files 2015-02-15 16:31:35 +00:00
Bernardo Damele
863d5a6281 --test-filter now ignores values of --risk and --level 2015-02-15 16:28:37 +00:00
Miroslav Stampar
2e5c11e427 Closes #1163 2015-02-13 10:59:03 +01:00
Miroslav Stampar
247384858e Patch for an Issue #1159 (undo commit with single-quotes problem on windows) 2015-02-04 16:21:21 +01:00
Miroslav Stampar
38011743bb Patch for an Issue #1157 2015-02-04 15:01:19 +01:00
Miroslav Stampar
eecc0b924b Patch for an Issue #1148 2015-02-03 10:06:00 +01:00
Miroslav Stampar
2af2aef43e Minor patch for masking sensitive information (when formation -u=... is used) 2015-02-03 09:48:05 +01:00
Miroslav Stampar
59f0da369d Patch for a bug reported via ML (Accept header ignored in --headers) 2015-02-02 22:07:16 +01:00
Miroslav Stampar
8b135e45bd Patch for an Issue #1147 2015-02-02 22:05:31 +01:00
Miroslav Stampar
bf1c08a8a6 Bug fix 2015-01-30 22:43:40 +01:00
Miroslav Stampar
2e9bf47703 Heuristic check for WAF/IDS/IPS is now prone to tamper functions (Issue #1145) 2015-01-30 22:12:35 +01:00
Miroslav Stampar
9e90e357cf Patch for an Issue #1146 2015-01-30 21:59:03 +01:00
Miroslav Stampar
9563e429d3 Removal of fun code 2015-01-30 21:49:22 +01:00
Miroslav Stampar
9f679a952f Minor update 2015-01-29 10:44:36 +01:00
Miroslav Stampar
024c500d8e Minor fix 2015-01-28 00:54:39 +01:00
Miroslav Stampar
5400bb2c95 Patch for an Issue #1142 2015-01-28 00:52:40 +01:00
Miroslav Stampar
fd632e5ada Update for unhandled exception mechanism (BADA) 2015-01-26 09:09:38 +01:00
Miroslav Stampar
eb548959b3 Minor update 2015-01-26 08:59:10 +01:00
Miroslav Stampar
f0eac38ab4 Minor fix 2015-01-26 08:48:37 +01:00
Miroslav Stampar
32bf2dbe6d Patch for an Issue #1133 2015-01-23 23:00:28 +01:00
Miroslav Stampar
779db7cbc3 Minor enhancement 2015-01-22 09:17:45 +01:00
Miroslav Stampar
b7cfaa6ca5 Minor style update 2015-01-22 08:55:37 +01:00
Miroslav Stampar
2655b078d0 Patch for an Issue #1127 2015-01-22 08:52:15 +01:00
Miroslav Stampar
02b3eb941f Patch for an Issue #1124 2015-01-21 09:26:30 +01:00
Miroslav Stampar
cd743ab098 Minor update 2015-01-21 09:12:12 +01:00
Miroslav Stampar
9f4a32ca2b Automatically checking for sitemap existence in case of --crawl 2015-01-20 10:03:35 +01:00
Miroslav Stampar
a603002acd Adding a choice to automatically turn on --identify-waf if protection has been detected 2015-01-20 09:38:18 +01:00
Miroslav Stampar
a66b0c91bb Patch for an Issue #1120 2015-01-19 09:19:30 +01:00
Miroslav Stampar
393659ffbf Patch for an Issue #1121 2015-01-19 09:17:16 +01:00
Miroslav Stampar
e73ac6c8e3 Minor patch on request of an user 2015-01-17 21:47:57 +01:00
Miroslav Stampar
c2b2ccd2b5 Minor bug fix 2015-01-17 17:31:00 +01:00
Miroslav Stampar
da737d23ed Fixing a leftover for #1117 2015-01-15 17:34:14 +01:00
Miroslav Stampar
20a9d94f56 Patch for an Issue #1117 2015-01-15 17:32:07 +01:00
Miroslav Stampar
1dd2b7aceb Important fix for dumping location of databases/tables with international letters 2015-01-15 14:01:19 +01:00
Miroslav Stampar
ccbe424e23 Patch for an Issue #1115 2015-01-15 12:42:32 +01:00
Miroslav Stampar
54e9a1fb2d Minor style update 2015-01-14 16:11:55 +01:00
Miroslav Stampar
570d30789b Patch for an Issue #1113 2015-01-14 14:20:33 +01:00
nixawk
7388c3bf49 datatype.py 2015-01-14 09:40:24 +00:00
Miroslav Stampar
7e7513aa5e Patch for an Issue #1107 2015-01-14 05:30:08 +01:00
Miroslav Stampar
f9a9ededb1 Patch for an Issue #1106 2015-01-14 05:16:32 +01:00
Miroslav Stampar
06ff8b3a16 Patch for an Issue #1105 2015-01-13 10:33:51 +01:00
Miroslav Stampar
8e03f4db0f Patch for an Issue #1062 2015-01-09 15:33:53 +01:00
Miroslav Stampar
f96f33a984 Fix for an Issue #1100 2015-01-08 22:15:04 +01:00
Miroslav Stampar
7bcb3ce599 Patch for an Issue #1099 2015-01-08 09:22:47 +01:00
Miroslav Stampar
0c4d63fb00 Bug fix (reported by user over ML) 2015-01-08 09:00:21 +01:00
Miroslav Stampar
c8d4df6eba Adding names to parameters in structured POST requests (e.g. JSON) 2015-01-07 22:09:40 +01:00
Miroslav Stampar
49982bce9c Trivial update 2015-01-07 16:03:37 +01:00
Miroslav Stampar
450b3c93cb Potential patch for an Issue #1093 2015-01-07 11:40:11 +01:00
Miroslav Stampar
30b9f3d556 Minor update 2015-01-07 10:53:57 +01:00
Miroslav Stampar
47af7dfe6a Another minor patch 2015-01-07 10:49:15 +01:00
Miroslav Stampar
83add9fd9b Minor patch 2015-01-07 10:46:06 +01:00
Miroslav Stampar
c4c4ac13fe Better patch for an Issue #1095 2015-01-07 09:21:02 +01:00
Miroslav Stampar
2030311d50 Patch for an Issue #1095 2015-01-07 02:04:10 +01:00
Miroslav Stampar
5920d16cf6 Adding a warning message for deprecated switch '--check-waf+ 2015-01-06 15:25:24 +01:00
Miroslav Stampar
45bdefd29b Update of copyright 2015-01-06 15:02:16 +01:00
Miroslav Stampar
3d5ca1b25a Minor update 2015-01-06 14:36:51 +01:00
Miroslav Stampar
6fc41ca940 Heuristically checking for WAF/IDS/IPS by default 2015-01-06 14:01:47 +01:00
Miroslav Stampar
c474c16b4a Removing ML email address 2015-01-06 12:30:49 +01:00
Miroslav Stampar
7b144f03ea Fix for an Issue #1092 2015-01-05 01:31:06 +01:00
Miroslav Stampar
beffe85d6c Patch for an Issue #1085 2015-01-03 22:30:21 +01:00
Miroslav Stampar
f042a7392d Patch for an Issue #1083 2014-12-31 17:10:45 +01:00
Miroslav Stampar
2985050fce Minor patch 2014-12-30 16:07:08 +00:00
Miroslav Stampar
33508e3bae Patch for an Issue #1077 2014-12-30 16:11:33 +01:00
Miroslav Stampar
41c2f889b2 Fix related to the SSLv3 disabling 2014-12-30 15:44:55 +01:00
Miroslav Stampar
d3c6cf1932 Patch for an Issue #1079 2014-12-30 14:14:47 +00:00
Miroslav Stampar
4f602daa5b Minor patch 2014-12-30 09:35:56 +00:00
Miroslav Stampar
e383df8e29 Patch for an Issue #1073 2014-12-30 09:16:50 +00:00
Miroslav Stampar
02d20ccd13 Patch for an Issue #1078 2014-12-30 08:48:50 +00:00
Miroslav Stampar
1e014de6be Patch for an Issue #1066 2014-12-26 22:24:28 +01:00
Miroslav Stampar
bc91884c4d Fix for an Issue #1065 2014-12-25 23:05:34 +01:00
Miroslav Stampar
45886cb9ca Patch for an Issue #1060 2014-12-23 22:04:23 +01:00
Miroslav Stampar
483158c371 Minor style update 2014-12-23 09:07:33 +01:00
Miroslav Stampar
3c23d616e7 Adding a more user friendly (copy-pastable) client example for sqlmapapi client 2014-12-23 09:01:29 +01:00
Miroslav Stampar
59a3407322 Patch for an Issue #1057 2014-12-23 08:36:00 +01:00
Miroslav Stampar
f93bca4564 Patch for an Issue #1058 2014-12-23 08:23:40 +01:00
Miroslav Stampar
fc7dd2a9b9 Patch for an Issue #1056 2014-12-22 06:02:39 +01:00
Miroslav Stampar
76f79ece13 run like --threads=20! will skip the maximum number of threads check 2014-12-21 05:15:42 +01:00
Miroslav Stampar
4f122ee008 Bug fix regarding a problem reported by user @blink2014 2014-12-20 00:23:31 +01:00
Miroslav Stampar
6cb76bcf85 Adding one new smart ass warning message 2014-12-19 15:48:54 +01:00
Miroslav Stampar
1ea2f5bfe2 Patch for an Issue #1052 2014-12-19 09:37:06 +01:00
Miroslav Stampar
cf3b02ee04 Proper fix for #1053 2014-12-19 09:26:01 +01:00
Miroslav Stampar
6972020faf Bug fix for login-like SQLi (OR with 500 result) 2014-12-18 15:58:19 +01:00
Miroslav Stampar
0cb7852754 Patch for an Issue #1046 2014-12-17 10:02:36 +01:00
Miroslav Stampar
180ede0cb3 Minor patch 2014-12-15 14:07:28 +01:00
Miroslav Stampar
9d06b71862 Minor revert 2014-12-15 13:51:00 +01:00
Miroslav Stampar
e6de92ce88 Minor patch (unicode related) 2014-12-15 13:36:08 +01:00
Miroslav Stampar
35c8e016a8 Minor patch 2014-12-15 13:26:15 +01:00
Miroslav Stampar
3f3a873b10 Merge pull request #1037 from flsf/master
fix comments error
2014-12-15 13:23:39 +01:00
flsf
21837f236f fix comments error 2014-12-15 20:07:38 +08:00
Miroslav Stampar
4c6331daa6 Patch for an Issue #1028 2014-12-15 09:30:54 +01:00
Miroslav Stampar
e794c7f246 Patch for an Issue #1027 2014-12-15 09:13:13 +01:00
Miroslav Stampar
eb15a19532 Patch for an Issue #1032 2014-12-15 09:11:40 +01:00
Miroslav Stampar
ecbba4ea20 Patch for an Issue #1030 2014-12-15 07:18:47 +01:00
Miroslav Stampar
e17e703e3e Minor bug fix (for Windows nagging message about Unicode data) 2014-12-14 00:17:43 +01:00
Miroslav Stampar
fb645b90f7 Minor update 2014-12-14 00:14:18 +01:00
Miroslav Stampar
5166675ff5 Patch for an Issue #1024 2014-12-13 23:32:18 +01:00
Miroslav Stampar
9c225557d1 Patch for an Issue #1020 2014-12-13 14:08:37 +01:00
Miroslav Stampar
25196b4572 Patch for an Issue #1021 2014-12-13 13:48:50 +01:00
Miroslav Stampar
84ba5f35ac Minor update for #1022 2014-12-13 13:41:39 +01:00
Miroslav Stampar
fe58aff26c Patch for an Issue #1019 2014-12-13 00:08:18 +01:00
Miroslav Stampar
650dfe9526 Patch for an Issue #1018 2014-12-12 14:54:47 +01:00
Miroslav Stampar
23d33bb5b5 Patch for an Issue #1017 2014-12-12 09:58:42 +01:00
Miroslav Stampar
bb4ac41ff7 Patch for an Issue #1016 2014-12-12 04:40:44 +01:00
Miroslav Stampar
785e3d0317 Patch for an Issue #1014 2014-12-11 13:29:42 +01:00
Miroslav Stampar
1e06e7c386 Adding a debug message during name resolution 2014-12-11 13:29:26 +01:00
Miroslav Stampar
6f211f9d3e Patch for an Issue #1013 2014-12-11 00:35:51 +01:00
Miroslav Stampar
6d13b67822 Patch for an Issue #1012 2014-12-11 00:32:26 +01:00
Miroslav Stampar
2bcaae3a0b Another just in case update for an Issue #1011 2014-12-11 00:14:35 +01:00
Miroslav Stampar
763f720675 Patch for an Issue #1011 2014-12-11 00:11:52 +01:00
Miroslav Stampar
10ed97b0df Patch for an Issue #1010 2014-12-10 13:50:29 +01:00
Miroslav Stampar
ee20d98bca Minor fix for --forms 2014-12-10 12:13:37 +01:00
Miroslav Stampar
d700e50b36 Minor update related to the Issue #993 2014-12-10 06:37:17 +01:00
Miroslav Stampar
a7b21a2f62 Rerun advice update 2014-12-09 09:02:06 +01:00
Miroslav Stampar
20c272b77d More generic patch for an Issue #994 2014-12-07 16:14:48 +01:00
Miroslav Stampar
4e7f835eae Patch for an Issue #994 2014-12-07 16:11:07 +01:00
Miroslav Stampar
0d931a7b09 Fix for an Issue #999 2014-12-07 15:55:22 +01:00
Miroslav Stampar
bd99470a4a Minor update to cleanup properly new xp_cmdshell 2014-12-05 22:01:59 +01:00
Miroslav Stampar
d726050bc4 Patch for an Issue #991 2014-12-05 11:46:03 +01:00
Miroslav Stampar
034fae0f47 Patch for an Issue #992 2014-12-05 11:24:43 +01:00
Miroslav Stampar
7673f3e045 Minor style update 2014-12-05 11:15:33 +01:00
Miroslav Stampar
56965e3608 Patch for an Issue #990 2014-12-04 13:36:41 +01:00
Miroslav Stampar
9b32e69f26 Adding new WAF script (UrlScan) 2014-12-04 10:06:15 +01:00
Miroslav Stampar
a3507d65fd Minor update 2014-12-04 09:34:37 +01:00
Miroslav Stampar
d3060f20d7 Minor improvement 2014-12-03 13:22:55 +01:00
Miroslav Stampar
aa95a05477 Minor update 2014-12-03 13:14:06 +01:00
Miroslav Stampar
17db587e2c Adding some friendly warning messages (regarding blocking) 2014-12-03 10:06:21 +01:00
Miroslav Stampar
e4b00bdbcb Patch for an Issue #983 2014-12-02 10:57:50 +01:00
Miroslav Stampar
2358e34bb8 Minor refactoring 2014-12-02 10:50:15 +01:00
Miroslav Stampar
e03aaa7542 Patch for an Issue #982 2014-12-02 10:23:10 +01:00
Miroslav Stampar
7a04595f5e Added a reference url (http charset priority) 2014-12-01 11:15:45 +01:00