Commit Graph

357 Commits

Author SHA1 Message Date
Bernardo Damele
d3c8e461cf Minor layout adjustments 2010-06-10 14:14:56 +00:00
Miroslav Stampar
ac55e1b75f fix for localhost firebird direct db access 2010-06-10 12:02:48 +00:00
Miroslav Stampar
c398353e06 support for loading 'faulty character set' session files 2010-06-09 16:07:47 +00:00
Miroslav Stampar
38e5e342f8 added prettyprint module with fixed toprettyxml() method 2010-06-07 09:03:03 +00:00
Miroslav Stampar
9e76b847b3 fix regarding bug discovered by Andreas Constantinides 2010-06-04 17:07:17 +00:00
Miroslav Stampar
464f171a8c added reusage of xml output and removed toprettyxml which has lots and lots of problems (output once stored is not usable any more from any xml parser/reader because it adds whitespaces all over the output just to be more 'human' readable) 2010-06-03 07:36:30 +00:00
Miroslav Stampar
c470255c18 minor update 2010-06-02 14:56:39 +00:00
Miroslav Stampar
12a5ec9f3d more unicode refactoring 2010-06-02 12:45:40 +00:00
Miroslav Stampar
2fb8bf3b6a more dump/unicode cleanup 2010-06-02 12:31:36 +00:00
Bernardo Damele
64ad3b03be Minor bug fix 2010-06-02 11:01:41 +00:00
Miroslav Stampar
17e0e83990 minor unimportant update 2010-06-02 08:34:57 +00:00
Miroslav Stampar
32a0ba9296 fixing unicode mess 2010-06-02 08:28:38 +00:00
Miroslav Stampar
eb94edc48c added keepalive module 2010-06-01 12:21:10 +00:00
Bernardo Damele
6df2d98fc9 Minor bug fix in common.py goGoodSamaritan().
Minor code cleanup and adjustments.
2010-05-31 15:05:29 +00:00
Miroslav Stampar
db7ede96fd more updates/fixes 2010-05-31 11:11:53 +00:00
Miroslav Stampar
4bb5885413 some changes regarding --common-outputs feature 2010-05-31 09:41:41 +00:00
Miroslav Stampar
0450df8a77 added kb.cache for storing cached results (e.g. kb.cache.regex for storing compiled regular expressions and kb.cache.md5 for storing precalculated MD5 values during '--users --common-prediction' session) 2010-05-31 08:13:08 +00:00
Bernardo Damele
b798222dd7 Minor fixes 2010-05-30 14:53:13 +00:00
Bernardo Damele
89c721a451 More replacements from open() to codecs.open(). conf.dataEncoding has to be used only for non-binary files. 2010-05-29 10:10:28 +00:00
Miroslav Stampar
a4155269c5 bug fix (unicode(unicode) results in “TypeError: decoding Unicode is not supported” (http://www.red-mercury.com/blog/eclectic-tech/python-mystery-of-the-day/) 2010-05-29 07:25:38 +00:00
Bernardo Damele
e811101dce Minor bug fix 2010-05-28 23:39:52 +00:00
Bernardo Damele
10521b68eb Major bug fix in multipartpost and minor adjustments elsewhere 2010-05-28 23:12:20 +00:00
Bernardo Damele
06af405efd Adapted and merged in patch to support XML output (-x switch) - still in beta.
Minor bug fixes and adjustments.
2010-05-28 16:43:04 +00:00
Bernardo Damele
a138dbe5f6 Minor bug fixes and code refactoring 2010-05-28 15:57:43 +00:00
Miroslav Stampar
919a8345d6 minor fix 2010-05-28 15:30:02 +00:00
Miroslav Stampar
ad3c425a18 quick fix 2010-05-28 15:26:55 +00:00
Miroslav Stampar
accaf0b3bd minor refactoring 2010-05-28 14:07:48 +00:00
Miroslav Stampar
0f5768cddf more and more fixes 2010-05-28 14:04:34 +00:00
Miroslav Stampar
a3db3c03c1 str() -> unicode() 2010-05-28 13:05:02 +00:00
Miroslav Stampar
f24187f251 few fixes here and there 2010-05-28 12:47:03 +00:00
Bernardo Damele
f26de89216 Minor bug fix to correctly deal with unicode queries with -d 2010-05-28 11:32:10 +00:00
Miroslav Stampar
f36e093fa7 minor update 2010-05-28 09:13:50 +00:00
Bernardo Damele
9de1671b8f Code refactoring and minor bug fixes. 2010-05-27 16:45:09 +00:00
Miroslav Stampar
c431a74d9e minor fix/adjustment regarding getCompiledRegex 2010-05-27 11:52:18 +00:00
Miroslav Stampar
ce29c841cf some comments added 2010-05-26 11:14:22 +00:00
Miroslav Stampar
1a3dfd8ced some more changes 2010-05-26 11:01:26 +00:00
Miroslav Stampar
bbdbe44e3f fuck yea, first tests (MySQL/--tables & --common-prediction) are great :) 2010-05-26 10:41:37 +00:00
Miroslav Stampar
7f0db26e99 more code updates regarding good samaritan (common output) feature 2010-05-26 09:48:20 +00:00
Miroslav Stampar
8ed76b3024 minor update regarding good samaritan 2010-05-25 14:51:02 +00:00
Miroslav Stampar
065d5b02ec added singleValue parameter for good samaritan (same thing Bernardo wanted :) 2010-05-25 13:51:03 +00:00
Miroslav Stampar
056d1ad76e new commit regarding good samaritan feature 2010-05-25 13:06:23 +00:00
Miroslav Stampar
dc83f794ea fix regarding proper string isinstance checking (including unicode) 2010-05-25 10:09:35 +00:00
Miroslav Stampar
1f07db875d fix for that float() report from Shaohua Pan 2010-05-24 20:12:37 +00:00
Bernardo Damele
a43eb64c5d Minor refactoring 2010-05-24 15:46:12 +00:00
Miroslav Stampar
0197f8db5c code refactoring regarding issue #184 2010-05-24 11:12:40 +00:00
Miroslav Stampar
e9be60e1ac added support for proper unicode session(s) storage/retrieval 2010-05-24 11:00:49 +00:00
Bernardo Damele
03fb84e29f Minor enhancement to internal --profile function 2010-05-21 15:06:05 +00:00
Miroslav Stampar
5d5ebd49b6 introducing regex caching mechanism 2010-05-21 14:42:59 +00:00
Bernardo Damele
7ee20480a4 Added a TODO note 2010-05-21 13:24:23 +00:00
Bernardo Damele
319adef8c4 Minor adjustment 2010-05-21 13:19:50 +00:00
Miroslav Stampar
050015d2bb minor adjustments 2010-05-21 13:15:21 +00:00
Miroslav Stampar
5a5b31ad53 minor code adjustment 2010-05-21 13:03:57 +00:00
Miroslav Stampar
64f2afe585 in a mood for more changes 2010-05-21 12:44:09 +00:00
Miroslav Stampar
78547bb79e quick fix 2010-05-21 12:19:20 +00:00
Bernardo Damele
a21a7fc56d Minor code refactoring 2010-05-21 12:09:31 +00:00
Miroslav Stampar
9b91b30b69 minor refactoring 2010-05-21 10:41:30 +00:00
Miroslav Stampar
5f44696530 changes regarding putting of gprof2dot script inside extras and its usage 2010-05-21 10:30:11 +00:00
Miroslav Stampar
68e13c3872 periodical commit 2010-05-21 09:35:36 +00:00
Bernardo Damele
9c1d82c9f7 Minor bug fix to --proxy with HTTPS target on Python 2.6 - fixes #191. 2010-05-20 10:52:14 +00:00
Bernardo Damele
e0e2349529 Refactor to --search -C and minor bug fix - See #190. 2010-05-17 16:16:49 +00:00
Miroslav Stampar
19a82e151c minor cleanup 2010-05-14 14:03:33 +00:00
Miroslav Stampar
7107e8fd6a optimization of CPU intensive sanitizeAsciiString 2010-05-14 13:55:25 +00:00
Miroslav Stampar
5396f13bab added CPU throttling for lowering sqlmap's CPU intensivity 2010-05-13 15:19:28 +00:00
Miroslav Stampar
ca3e12ae73 added calculateDeltaSeconds method for dealing with non-deterministic time behaviour in some cases (e.g. WAITFOR DELAY in case of MSSQL) 2010-05-13 11:05:35 +00:00
Miroslav Stampar
893bc04fe4 changes regarding Feature #157 (Evaluate BETWEEN for inference algorithm) 2010-05-12 11:30:32 +00:00
Miroslav Stampar
1a8beebc8c minor fix 2010-05-11 13:55:30 +00:00
Miroslav Stampar
1e5ecbaa97 speedup of initial session file handling 2010-05-11 13:36:30 +00:00
Bernardo Damele
65a05452f7 Added option --search to work in conjunction with -D (done), -T (soon) or -C (replaces --dump -C) - See #190:
* --search -D foobar: searches all database names like the ones provided
* --search -T foobar: searches all databases' table names like the ones provided (soon)
* --search -C foobar: replaces --dump -C
2010-05-07 13:40:57 +00:00
Miroslav Stampar
789dd6c66f more quick fixes 2010-05-04 08:43:14 +00:00
Bernardo Damele
4d46f997a7 Minor bug fix 2010-04-29 13:34:03 +00:00
Bernardo Damele
fa48d26f95 Minor cosmetic fix 2010-04-26 12:34:21 +00:00
Miroslav Stampar
7eef76f1b0 added basic option validation for start/stop values regarding David Guimaraes mail 2010-04-26 11:23:12 +00:00
Bernardo Damele
a1b1f960cc Finally fixed and adapted all code around to the new isWindowsDriveLetterPath() function 2010-04-23 16:34:20 +00:00
Bernardo Damele
0f80768e66 Reverted 2010-04-22 16:35:22 +00:00
Bernardo Damele
7b070acd17 Reimported needed imports! 2010-04-22 16:13:22 +00:00
Miroslav Stampar
1bcec80e95 fix for that takeover bug Ethan Robish posted (Windows/PHP) 2010-04-22 10:31:33 +00:00
Bernardo Damele
2840f20605 Minor bug fix 2010-04-17 15:43:08 +00:00
Miroslav Stampar
915d3441e9 some code refactoring 2010-04-16 19:57:00 +00:00
Miroslav Stampar
938a3ab0b9 fix for Bug #183 (--threads dot output) 2010-04-16 13:40:02 +00:00
Miroslav Stampar
1aeaa5db47 implementation of Feature #176 (Safe URL: avoid being kicked out after N unsuccessful requests) 2010-04-16 12:44:47 +00:00
Miroslav Stampar
17554759b7 implemented feature request from Ole Rasmussen regarding table name retrieval speedup 2010-04-15 09:36:13 +00:00
Bernardo Damele
1ab78ce60e Added support to directly connect also to SQLite 2 db file 2010-04-13 22:43:38 +00:00
Bernardo Damele
fee062781f Minor adjustment 2010-04-13 11:13:01 +00:00
Miroslav Stampar
da1ea48947 added some nagging for connection details 2010-04-13 11:00:15 +00:00
Bernardo Damele
eecee3b274 Added resume functionality to -d and fixed logging with -d 2010-04-12 09:35:20 +00:00
Bernardo Damele
b72ddb6f1e Fixes non-deterministic unsorted results for most of the DBMSes - see #185 2010-04-09 15:48:53 +00:00
Miroslav Stampar
fcceceed45 fix for bug reported by shiftzwei@gmail.com regarding formatDBMSfp with unknown DBMS version 2010-04-09 10:40:08 +00:00
Miroslav Stampar
63c70018ca fix for that update (conf.cj) problem mentioned by shiftzwei@gmail.com 2010-04-09 10:16:15 +00:00
Bernardo Damele
effc7dc41c Minor adjustment to notify the user that the --auth-cred format for NTLM authentication is "DOMAIN\user:password" 2010-04-07 09:47:14 +00:00
Bernardo Damele
2d55ec19a3 Minor code restyling 2010-04-06 10:15:19 +00:00
Miroslav Stampar
e29e8f82f9 fix for "Problem with --dbms set" reported by David Guimaraes 2010-04-05 23:09:35 +00:00
Miroslav Stampar
0a363d3f2b fix for not properly clearing cookies when in multiple targets scanning mode spotted by Kasper Fons 2010-04-04 14:38:48 +00:00
Miroslav Stampar
4129cb22a7 update regarding bug reported by Ole Rasmussen 2010-04-03 19:41:47 +00:00
Bernardo Damele
cad8f61d55 Force pymssql to version >= 1.0.2 2010-03-31 15:31:11 +00:00
Bernardo Damele
b19de015c5 Minor bugs fixes 2010-03-31 13:52:51 +00:00
Bernardo Damele
5fdebb5d5b Added support to directly connect also to Microsoft SQL Server database.
Fixed direct connection to always use the same query as of UNION query SQL injection (= one query with multiple columns/entries output).
Minor fixes to Firebird/Access/SQLite connectors to use connector's execute()/fetchall() as wrapper for third-party libraries' methods.
Forced conf.timeout to 10 seconds when directly connecting to database.
Slightly improved regular expression to parse -d parameter.
Added import check for all connectors' third-party libraries.
Code refactoring:
* Moved conf.direct request to direct() function in lib/request/direct.py (code reused where needed).
* Back-delegated to generic connector close() and other methods.
2010-03-31 10:50:47 +00:00
Miroslav Stampar
a02ec29c15 too 2010-03-30 11:52:45 +00:00
Miroslav Stampar
c9c9c1fb2f replace only first occurrence 2010-03-30 11:52:01 +00:00
Miroslav Stampar
ae3455a0c2 more update 2010-03-30 11:28:14 +00:00
Miroslav Stampar
738c210075 update 2010-03-30 11:21:26 +00:00