Commit Graph

579 Commits

Author SHA1 Message Date
Miroslav Stampar
1bdde51d0e minor just in case update 2011-09-11 16:41:07 +00:00
Miroslav Stampar
d434047482 minor bug fix 2011-09-05 09:28:40 +00:00
Miroslav Stampar
08e0eb9b61 minor lower/upper case fix 2011-08-29 13:47:32 +00:00
Miroslav Stampar
ac00014c4a implemented --randomize switch by request 2011-08-29 12:50:52 +00:00
Bernardo Damele
36280b33fa Ask the user wheather or not to adjust the time delay - there have been a case where the forcing of conf.timeSec screwed the result in an extremely lagged and unreliable site 2011-08-12 13:06:40 +00:00
Miroslav Stampar
41ae9bc7ff minor bug fix 2011-08-09 14:20:25 +00:00
Miroslav Stampar
457f501bbd proper fix 2011-08-01 23:48:38 +00:00
Bernardo Damele
cbd0ea0866 Possible fix for a minor bug 2011-08-01 23:24:39 +00:00
Miroslav Stampar
0627bb02cb minor beautification 2011-07-31 10:21:47 +00:00
Miroslav Stampar
68ae8ea5b2 minor refactoring 2011-07-29 10:54:25 +00:00
Miroslav Stampar
e522263640 fix for a neverending data retrieval in large full inband cases 2011-07-29 10:45:09 +00:00
Miroslav Stampar
107089c00b bug fix 2011-07-27 08:25:51 +00:00
Bernardo Damele
e71f96afe7 Reverted dumb "fix" 2011-07-26 09:42:09 +00:00
Bernardo Damele
0a7a648694 Minor bug fix for --start, now all techniques return the same result (before blind techniques returned from one entry behind) 2011-07-25 11:15:18 +00:00
Bernardo Damele
6cbb927012 Partial fix for -o not resumed at following runs if missing from command line 2011-07-25 11:05:49 +00:00
Miroslav Stampar
2033a28ae7 minor update regarding last commit (cleaner code) 2011-07-24 20:44:17 +00:00
Miroslav Stampar
3a3561fdaa doing proper big table support for partial union too 2011-07-24 20:36:44 +00:00
Miroslav Stampar
ec1bc0219c hello big tables, this is sqlmap, sqlmap this is big tables 2011-07-24 09:19:33 +00:00
Miroslav Stampar
82e1e61554 minor speedup 2011-07-23 19:51:19 +00:00
Miroslav Stampar
094dc91e2d minor update (prior to some changes regarding large content retrieval) 2011-07-23 19:04:59 +00:00
Miroslav Stampar
8a00ca83af refactoring. nothing special changed 2011-07-21 10:18:11 +00:00
Miroslav Stampar
963f54e6d2 minor fix for parameters containing '=' inside values itself (remark: no parameter name will have '=' nor '%3d' inside; tested and it does a good job) 2011-07-21 10:06:52 +00:00
Miroslav Stampar
ff8fc90ac7 bug fix 2011-07-13 06:44:15 +00:00
Miroslav Stampar
5c162efbd8 more optimization 2011-07-12 23:21:15 +00:00
Miroslav Stampar
9933edc718 optimization of reflective removal mechanism 2011-07-12 22:28:19 +00:00
Miroslav Stampar
3583d6dd1b quick fixes, more work to do 2011-07-12 20:32:19 +00:00
Miroslav Stampar
c517e97a44 few fixes and minor cosmetics 2011-07-08 06:02:31 +00:00
Bernardo Damele
aedcf8c8d7 Changed homepage address 2011-07-07 20:10:03 +00:00
Bernardo Damele
6f6038b534 Quick fix (revert..) 2011-07-06 11:32:12 +00:00
Miroslav Stampar
93b296e02c few bug fixes (NTLM credential parsing was wrong), some switch reordering (few Misc to General), implemented --check-waf switch (irony is that this will also be called highly experimental/unstable while other things will be called "major/turbo/super bug fix/implementation") 2011-07-06 05:44:47 +00:00
Miroslav Stampar
34d9a91af1 bulk of fixes 2011-07-02 22:48:56 +00:00
Bernardo Damele
861cdb1b14 cosmetics 2011-07-01 10:04:34 +00:00
Miroslav Stampar
4513ef409e massive (like really massive) dictionary support 2011-06-30 23:44:49 +00:00
Miroslav Stampar
43db6b03a7 update with a feature request (file with list of wordlist files) 2011-06-30 08:42:43 +00:00
Miroslav Stampar
be9b8bca78 bug fix 2011-06-29 17:39:58 +00:00
Miroslav Stampar
8a8b94883b minor update (that default quit in --batch was bothering me - my original idea and it was bad :) 2011-06-27 14:14:49 +00:00
Bernardo Damele
36c96ef796 Added DB2 support - patch provided by Sebastian Bittig 2011-06-25 09:44:24 +00:00
Miroslav Stampar
52ba3c281e minor update 2011-06-22 14:59:49 +00:00
Miroslav Stampar
4ca37901da thread safe logging+stdout (no more overlapping of log messages and raw output) 2011-06-22 14:53:42 +00:00
Bernardo Damele
1cb12ea659 replaced third-party library python-mysql with python pymysql, http://code.google.com/p/pymysql/ (MIT license) 2011-06-22 13:31:07 +00:00
Miroslav Stampar
d6062e8fc9 minor fix for crawler and far less message overlaps in future 2011-06-20 21:18:12 +00:00
Miroslav Stampar
8c04aa871a english typo 2011-06-20 11:00:23 +00:00
Miroslav Stampar
83af83da9e minor beautification (WordsSet is considered as a bad english) 2011-06-18 15:47:19 +00:00
Miroslav Stampar
1440c9f2d4 minor update 2011-06-17 22:28:07 +00:00
Miroslav Stampar
87e9842371 better language 2011-06-17 22:13:45 +00:00
Miroslav Stampar
ce3170edef minor update/better language 2011-06-17 22:11:40 +00:00
Miroslav Stampar
ec6fa384eb update 2011-06-17 22:04:25 +00:00
Miroslav Stampar
0eeb48f8f5 some fixes 2011-06-16 13:41:02 +00:00
Miroslav Stampar
7733e5866a minor update regarding mnemonics (again) 2011-06-16 12:34:38 +00:00
Miroslav Stampar
17e4c6b564 minor update regarding mnemonics 2011-06-16 12:26:50 +00:00
Miroslav Stampar
25b923bbc3 minor fixes and minor updates 2011-06-16 12:12:30 +00:00
Miroslav Stampar
6f681b45ad cleaning up a bit for a configuration mess 2011-06-16 11:42:13 +00:00
Miroslav Stampar
e0ad72031f minor update 2011-06-15 12:04:30 +00:00
Miroslav Stampar
1d93a03eeb introducing mnemonics 2011-06-15 11:58:50 +00:00
Bernardo Damele
7152a1ed3b Added --dependences to show which sqlmap dependences are not available 2011-06-13 18:44:02 +00:00
Miroslav Stampar
fae089646b minor fix 2011-06-09 08:38:17 +00:00
Miroslav Stampar
af5fe457bd revert of the revert (it's a good idea to have it like this because of problems with e.g. --text-only and binary content) 2011-06-09 07:53:31 +00:00
Miroslav Stampar
8ec4bc9d9d revert of the last commit. have to think about it 2011-06-09 06:32:53 +00:00
Miroslav Stampar
9c093d91f2 minor update 2011-06-09 06:14:35 +00:00
Bernardo Damele
64bef644c3 This was missing 2011-06-08 15:30:59 +00:00
Miroslav Stampar
4a9640160e more concise 2011-06-08 14:35:23 +00:00
Miroslav Stampar
6b81eef65a refactoring 2011-06-08 14:30:12 +00:00
Miroslav Stampar
f65abdaae3 added switch --cookie-del by request 2011-06-08 08:27:24 +00:00
Miroslav Stampar
26062ec71e minor update 2011-06-07 15:13:51 +00:00
Miroslav Stampar
03c3f83893 minor fix 2011-06-06 13:34:49 +00:00
Miroslav Stampar
24ed99e5a3 fix for a bug reported by aboynes@gmail.com 2011-06-06 08:50:48 +00:00
Miroslav Stampar
f27181c628 minor improvement for blind based injections with reflected values 2011-06-03 14:41:36 +00:00
Miroslav Stampar
faf7814869 fix for a fuzz "bug" reported by daniele.rivetti@yahoo.com 2011-06-03 11:01:26 +00:00
Miroslav Stampar
8aa5625cd0 proper fix related to the last commit 2011-06-01 23:00:18 +00:00
Miroslav Stampar
63145236b9 minor fix 2011-05-31 21:53:29 +00:00
Miroslav Stampar
3c12799ff0 minor improvement 2011-05-30 20:34:34 +00:00
Miroslav Stampar
20988e58ed warp 5 mr spock :) 2011-05-30 09:46:32 +00:00
Miroslav Stampar
eb9b84d1da type correction 2011-05-28 17:53:05 +00:00
Miroslav Stampar
f3ed61af5f bug fix when using inference and kb.pageEncoding is None (like in binary cases) 2011-05-25 21:12:12 +00:00
Miroslav Stampar
69eb173eca minor just in case patch 2011-05-24 15:07:37 +00:00
Miroslav Stampar
bfe8e51b7c minor fix for retrieving stuff like "SELECT * FROM testdb..users" 2011-05-23 19:45:40 +00:00
Miroslav Stampar
0ed03d474f now supporting "blank tables" - schema of the table will be preserved, even if it's empty - especially nice feature for --replicate 2011-05-23 11:09:44 +00:00
Miroslav Stampar
9b2623514a one bug fix for Host header (value should be without port number); one improvement for --tables - when no tables ask user if he wants to brute force them; one tweak - adding kb.ignoreTimeout for --tables 2011-05-22 09:48:46 +00:00
Miroslav Stampar
db72428765 minor update 2011-05-19 15:57:29 +00:00
Miroslav Stampar
f40c6b2ce7 added --cookie for maskSensitiveData too 2011-05-19 15:42:59 +00:00
Miroslav Stampar
9832fc42d4 minor improvement for --tamper (now standard tamper scripts can be used like --tamper=randomcase) 2011-05-18 21:47:40 +00:00
Miroslav Stampar
dfe81cc66f minor yielding 2011-05-16 20:14:10 +00:00
Miroslav Stampar
a5ad4621c9 minor refactoring 2011-05-16 20:09:12 +00:00
Miroslav Stampar
90e84c9a6d removing xmlcharrefreplace error handler as it seems that it wasn't such a good idea at the end 2011-05-15 21:43:38 +00:00
Miroslav Stampar
c3bb5a03e1 minor improvement 2011-05-14 20:09:37 +00:00
Miroslav Stampar
3484a4426b fix for a bug reported by itxx@qq.co​m (TypeError: encode() takes no keyword arguments) 2011-05-14 19:57:28 +00:00
Bernardo Damele
aae140080e SVN roll back, DB2 patch will be recommitted after testing:
$ svn merge https://svn.sqlmap.org/sqlmap/trunk/sqlmap@HEAD https://svn.sqlmap.org/sqlmap/trunk/sqlmap@3847 .
2011-05-06 10:27:43 +00:00
Miroslav Stampar
6e392b6054 applying contributed patch for DB2 2011-05-06 09:30:39 +00:00
Bernardo Damele
c58dc4a6d8 isDbmsWithin() must stay like this, no getIdentifiedDbms() in there 2011-05-03 14:13:45 +00:00
Miroslav Stampar
b202d73b46 bug fix for MSSQL identificators which were starting with d, b, o and . Thing is that .lstrip strips all occurances of the given chars :) (spotted ancidentally) 2011-05-03 11:09:30 +00:00
Miroslav Stampar
1e6c2fea74 update regarding warning for --random-agent during connection timeout in connection test phase 2011-05-03 10:05:42 +00:00
Bernardo Damele
ac2550535c Proper fix for --technique=U bug 2011-05-01 23:42:41 +00:00
Bernardo Damele
00f14bec5f layout adjustment 2011-04-30 15:22:33 +00:00
Bernardo Damele
9a4ae7d9e2 More code refactoring of Backend class methods used 2011-04-30 14:54:29 +00:00
Bernardo Damele
f56d135438 Minor code restyling 2011-04-30 13:20:05 +00:00
Bernardo Damele
a5968fff3e Added --count switch to count the number of entries for a specific table (when -T is provided), all database's tables (when only -D is provided) or all databases' tables when neither -D nor -T are provided 2011-04-30 00:22:22 +00:00
Miroslav Stampar
6bb4dce3aa minor refactoring 2011-04-29 15:22:32 +00:00
Bernardo Damele
e35f25b2cb Major recode of --os-pwn functionality. Now the Metasploit shellcode can not be run as a Metasploit generated payload stager anymore. Instead it can be run on the target system either via sys_bineval() (as it was before, anti-forensics mode, all the same) or via shellcodeexec executable. Advantages are that:
* It is stealthier as the shellcode itself does not touch the filesystem, it's an argument passed to shellcodeexec at runtime.
* shellcodeexec is not (yet) recognized as malicious by any (Avast excluded) AV product.
* shellcodeexec binary size is significantly smaller than a Metasploit payload stager (even when packed with UPX).
* UPX now is not needed anymore, so sqlmap package is also way smaller and less likely to be detected itself as malicious by your AV software.
shellcodeexec source code, compilation files and binaries are in extra/shellcodeexec/ folder now - copied over from https://github.com/inquisb/shellcodeexec.
Minor code refactoring.
2011-04-24 23:01:21 +00:00
Bernardo Damele
d0dff82ce0 Minor code refactoring relating set/get back-end DBMS operating system and minor bug fix to properly enforce OS value with --os switch 2011-04-23 16:25:09 +00:00
Miroslav Stampar
e1a8d268d8 fix for UPX linux/macos 2011-04-21 10:52:34 +00:00