sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-23 01:56:36 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,781 Commits 4 Branches 117 Tags 97 MiB
49b925772b
Commit Graph

1931 Commits

Author SHA1 Message Date
Bernardo Damele
e35f25b2cb Major recode of --os-pwn functionality. Now the Metasploit shellcode can not be run as a Metasploit generated payload stager anymore. Instead it can be run on the target system either via sys_bineval() (as it was before, anti-forensics mode, all the same) or via shellcodeexec executable. Advantages are that: 
* It is stealthier as the shellcode itself does not touch the filesystem, it's an argument passed to shellcodeexec at runtime.
* shellcodeexec is not (yet) recognized as malicious by any (Avast excluded) AV product.
* shellcodeexec binary size is significantly smaller than a Metasploit payload stager (even when packed with UPX).
* UPX now is not needed anymore, so sqlmap package is also way smaller and less likely to be detected itself as malicious by your AV software.
shellcodeexec source code, compilation files and binaries are in extra/shellcodeexec/ folder now - copied over from https://github.com/inquisb/shellcodeexec.
Minor code refactoring.
 2011-04-24 23:01:21 +00:00
Bernardo Damele
d0dff82ce0 Minor code refactoring relating set/get back-end DBMS operating system and minor bug fix to properly enforce OS value with --os switch 2011-04-23 16:25:09 +00:00
Miroslav Stampar
75142b383d huge speed up (4x times faster) 2011-04-22 21:00:42 +00:00
Miroslav Stampar
f88aa4b165 implemented suppressResumeInfo mechanism (huge slowdown on large tables) 2011-04-22 19:58:10 +00:00
Miroslav Stampar
493b9adf8e speed up of resume values (compiled regexes used) 2011-04-22 19:27:41 +00:00
Miroslav Stampar
7b3b9e6a87 it seems that this was indeed not meant to be here 2011-04-22 15:07:09 +00:00
Miroslav Stampar
304500a2e8 implemented checkFalsePositives method (simple Turing like tests) 2011-04-22 12:24:16 +00:00
Bernardo Damele
f3088079c0 error message adjustment 2011-04-21 22:31:02 +00:00
Bernardo Damele
eabb5a2ba7 More adjustments to the error message when no sql injections are detected 2011-04-21 22:04:20 +00:00
Bernardo Damele
6d07dddf60 updated doc and minor layout adjustments 2011-04-21 21:53:35 +00:00
Bernardo Damele
06a00fe85e For development version, print also the revision number in the banner 2011-04-21 21:34:57 +00:00
Bernardo Damele
770b1523ff More verbose output when no SQL injections are detected 2011-04-21 21:31:16 +00:00
Bernardo Damele
edc2d75702 Cosmetics and major bug fix 2011-04-21 21:15:23 +00:00
Bernardo Damele
d2f102f5a1 cosmetics 2011-04-21 20:21:37 +00:00
Bernardo Damele
b667c50588 store/resume info on xp_cmd available in session file 2011-04-21 14:25:04 +00:00
Miroslav Stampar
930872cf3b fix 2011-04-21 14:20:09 +00:00
Bernardo Damele
a313df4d37 Allow user to force temporary folder with --tmp-path even if it has been saved one in the session file 2011-04-21 14:05:37 +00:00
Bernardo Damele
fbe5ba5394 cosmetics 2011-04-21 10:54:12 +00:00
Miroslav Stampar
e1a8d268d8 fix for UPX linux/macos 2011-04-21 10:52:34 +00:00
Bernardo Damele
8d8fc2bbd8 cosmetics 2011-04-21 10:17:41 +00:00
Bernardo Damele
11ecd16099 cosmetics 2011-04-21 10:08:38 +00:00
Miroslav Stampar
9ccf720c05 removing funny remark 2011-04-21 10:06:13 +00:00
Bernardo Damele
a91e6a8440 layout 2011-04-21 10:03:18 +00:00
Miroslav Stampar
cbfe743bad added a comment 2011-04-21 10:01:58 +00:00
Miroslav Stampar
c84c4d835f minor update 2011-04-21 09:31:35 +00:00
Miroslav Stampar
e4d3190f41 reverting back to NVARCHAR because of error technique 2011-04-20 12:59:23 +00:00
Miroslav Stampar
3607f03a9e fix of a minor typo 2011-04-20 12:42:35 +00:00
Miroslav Stampar
1286cc0913 now showing trimmed output in for of warning message (UNION and ERROR techniques affected) 2011-04-20 12:41:58 +00:00
Miroslav Stampar
7993f3f12d way better for storing bulk of data (like BLOB on mysql) 2011-04-20 11:44:52 +00:00
Miroslav Stampar
04653684cd revert 2011-04-20 10:34:34 +00:00
Miroslav Stampar
4fadcf0615 improvement for UNION/ERROR case 2011-04-20 10:17:42 +00:00
Miroslav Stampar
1c1c20fb64 minor update 2011-04-20 09:34:00 +00:00
Miroslav Stampar
4b6c524d4c one more minor update regarding last commit 2011-04-20 09:26:03 +00:00
Miroslav Stampar
44926757da minor update 2011-04-20 09:23:08 +00:00
Miroslav Stampar
52c98afe93 minor fix 2011-04-20 08:38:46 +00:00
Miroslav Stampar
24435a2c20 implemented "break a tie" request by Andres Riancho 2011-04-20 08:35:47 +00:00
Miroslav Stampar
df0331fe9b some more refactoring 2011-04-19 23:04:10 +00:00
Miroslav Stampar
3b133303bf refactoring 2011-04-19 22:54:13 +00:00
Miroslav Stampar
de2479b864 dealing with http://bugs.python.org/issue1602 2011-04-19 22:33:03 +00:00
Miroslav Stampar
9a9838f1e6 cleaning a mess with UPX and virus scanners 2011-04-19 21:57:04 +00:00
Miroslav Stampar
44bbef42f8 minor cosmetics 2011-04-19 20:23:08 +00:00
Miroslav Stampar
b7efa255d6 minor update of usage string 2011-04-19 20:14:56 +00:00
Miroslav Stampar
fc90974940 revert of last commit because of the situation in detection phase where payload is made at the starting point (can't change conf.timeSec in that phase) 2011-04-19 14:50:09 +00:00
Miroslav Stampar
7abbd0c029 removing a leftover 2011-04-19 14:29:51 +00:00
Miroslav Stampar
96b5fede5a automatic increasing of time delay on lagging connections 2011-04-19 14:28:51 +00:00
Miroslav Stampar
13f8c001a7 minor update 2011-04-19 11:13:53 +00:00
Miroslav Stampar
7a06af9a92 added "lagging" critical message 2011-04-19 10:37:20 +00:00
Miroslav Stampar
9b0db33cc5 initial page request can result in unwanted lag (e.g. slow DNS response,...), hence it's response time shouldn't be a part of response time statistical model 2011-04-19 08:55:38 +00:00
Miroslav Stampar
a7c26366b4 doing that auto default value for --time-sec only for --tor 2011-04-19 08:43:29 +00:00
Miroslav Stampar
4d48ac54dc automatically increasing default --time-sec value when --tor/--proxy used (not touching anything if explicit --time-sec set) 2011-04-19 08:34:21 +00:00
Miroslav Stampar
b79d4f70f3 cleaner solution for the problem solved with last commit 2011-04-18 14:51:48 +00:00
Miroslav Stampar
f5cff067c6 little hack for --time-sec 2011-04-18 14:46:18 +00:00
Miroslav Stampar
6463cad8c5 minor update for SOAP payloads 2011-04-18 14:29:52 +00:00
Miroslav Stampar
da9ec67869 removing leftover 2011-04-18 13:43:22 +00:00
Miroslav Stampar
354a2ce249 'chardet' heuristic engine added to the project 2011-04-18 13:38:46 +00:00
Miroslav Stampar
b5aef9bcf9 fix for a bug reported by nightman (TypeError: unsupported operand type(s) for +: 'NoneType' and 'str') 2011-04-18 10:16:38 +00:00
Miroslav Stampar
6fab44d635 minor refactoring and improving of used regex 2011-04-17 22:37:00 +00:00
Miroslav Stampar
76d1f09b0a minor cosmetics 2011-04-17 22:25:25 +00:00
Miroslav Stampar
9aae447553 minor update for matching SOAP messages 2011-04-17 22:21:32 +00:00
Miroslav Stampar
4fa00121e4 that CONSTANT_RATIO was a pure black magic for dynamic pages. now we have better injection detection workflow than before (False, True, False) and it was just a matter of time for removing this one 2011-04-17 21:58:34 +00:00
Miroslav Stampar
a7366bf710 SOAP refactoring 2011-04-17 21:39:00 +00:00
Miroslav Stampar
c7ff5dcbeb minor update 2011-04-17 08:48:13 +00:00
Miroslav Stampar
ee88ccf0ac well, this could be important :) 2011-04-17 08:33:46 +00:00
Miroslav Stampar
29ee760021 improving time based data retrieval mechanism 2011-04-17 07:24:18 +00:00
Miroslav Stampar
5e70eac98c fix for a "popular" typo 'iso-5889-1' reported by David Guimaraes 2011-04-16 06:44:29 +00:00
Miroslav Stampar
88c76147e1 removed few trailing whitespace lines 2011-04-15 20:52:08 +00:00
Miroslav Stampar
3b6f9945ae minor fix regarding report from nightman@email.de (...from time to time sqlmap lost the connection...) 2011-04-15 14:15:29 +00:00
Miroslav Stampar
c461fdca54 some refactoring 2011-04-15 13:51:06 +00:00
Miroslav Stampar
0387654166 update of copyright string (until year) 2011-04-15 12:33:18 +00:00
Miroslav Stampar
4d8a49a87c more standard way to display hex encoded char (\xff instead of \ff) also compatible with python representation 2011-04-15 11:53:20 +00:00
Miroslav Stampar
467d1a50b3 removed debug message that could cause confusion 2011-04-15 11:28:01 +00:00
Miroslav Stampar
8c6f7c7d5f explicit usage of --time-sec will implicitly turn off auto-adjustment of time delay 2011-04-15 08:52:53 +00:00
Miroslav Stampar
3efd9e3959 improved htmlunescape (great for localized html escape codes) 2011-04-14 21:36:13 +00:00
Miroslav Stampar
ded28442fb minor fixes and refactoring regarding safecharencoding 2011-04-14 15:54:00 +00:00
Miroslav Stampar
866cdb4cf7 speed of --replicate is now vastly improved 2011-04-14 14:34:12 +00:00
Miroslav Stampar
eafab03d99 safe decoding values going into --replicate (as we should have a "replicate" and sqlite3 supports all chars) 2011-04-14 13:53:56 +00:00
Miroslav Stampar
30bfefd638 minor fix 2011-04-14 12:58:03 +00:00
Bernardo Damele
5cf38cd0d7 More cookies to ignore 2011-04-14 12:46:14 +00:00
Miroslav Stampar
8426d48e2e minor refactoring 2011-04-14 10:14:46 +00:00
Miroslav Stampar
930262f573 minor update related to the last commit 2011-04-14 10:12:07 +00:00
Miroslav Stampar
1c5427baf8 minor fix 2011-04-14 09:54:29 +00:00
Miroslav Stampar
bb99bd2fbe one more commit related to the issue with displaying of garbled characters 2011-04-14 09:43:36 +00:00
Miroslav Stampar
04986be4b9 update regarding safe character output together with a small fix for newlines 2011-04-14 09:31:45 +00:00
Miroslav Stampar
5dfb55effc revert of the last commit because of this http://osvdb.org/show/osvdb/26582 2011-04-14 06:46:32 +00:00
Miroslav Stampar
786f305e1a minor update 2011-04-14 06:43:08 +00:00
Miroslav Stampar
21114d1748 added IGNORE_PARAMETERS to skip testing of state/session web server parameters 2011-04-13 19:01:02 +00:00
Miroslav Stampar
58a93c5b1f better beep for MacOSX 2011-04-13 18:32:47 +00:00
Miroslav Stampar
bf55b0b77a more restrictions on crypt(3) hash recognition to prevent false positives 2011-04-13 14:40:23 +00:00
Miroslav Stampar
d06ae9cd47 implemented retrieved items info for partial union too 2011-04-13 14:33:15 +00:00
Miroslav Stampar
f5f2201bbc minor cosmetics for partial inband retrieval 2011-04-13 11:25:42 +00:00
Miroslav Stampar
c193b896be just in case update to prevent gibberish "retrieved: " outputs 2011-04-12 23:07:50 +00:00
Miroslav Stampar
5346ecbb56 fix for a "accept certificate first time for svn" 2011-04-12 14:25:17 +00:00
Miroslav Stampar
a883ce26b5 fix for a bug reported by ToR (AttributeError: 'NoneType' object has no attribute 'redcode') 2011-04-12 13:25:28 +00:00
Miroslav Stampar
0ae74f27e4 avoiding annoying "payload 'None' possibly..." in case where payload is not specified 2011-04-11 15:24:52 +00:00
Miroslav Stampar
941daa1645 just in case to prevent "object of type 'NoneType' has no len()" error reports 2011-04-11 11:59:02 +00:00
Miroslav Stampar
2db2e9b6a2 now GET forms are also prone to "do you want to fill with random values" 2011-04-11 11:38:41 +00:00
Miroslav Stampar
08d14886fd added new dev version string 2011-04-11 09:44:44 +00:00
Bernardo Damele
07d6b18c4e cutting for 0.9 stable 2011-04-11 00:24:51 +00:00
Miroslav Stampar
8597409d9e lowering the value 2011-04-10 22:57:17 +00:00
Bernardo Damele
14219a3dac Minor bug fix 2011-04-10 22:44:08 +00:00