Commit Graph

675 Commits

Author SHA1 Message Date
Miroslav Stampar
5d3cbec457 no more regex. web server independent. 2010-10-20 09:35:46 +00:00
Bernardo Damele
0817d1b78d Cosmetics 2010-10-19 23:09:30 +00:00
Miroslav Stampar
8776db872c minor refactoring 2010-10-19 23:05:24 +00:00
Miroslav Stampar
1b376c99a6 removed temp dictionary and replaced with kb.misc 2010-10-19 23:00:19 +00:00
Bernardo Damele
813f44da16 Minor bug fix for MSSQL connector --tables option 2010-10-19 22:11:17 +00:00
Miroslav Stampar
8d9201a3dc minor update 2010-10-19 18:23:21 +00:00
Miroslav Stampar
4009ef385e more update regarding error based injection support 2010-10-19 18:17:34 +00:00
Miroslav Stampar
ccda92536f added header 2010-10-19 09:13:30 +00:00
Miroslav Stampar
264e0a6fda added support for displaying revision number at unhandled exception message 2010-10-19 08:55:14 +00:00
Miroslav Stampar
729156e91c proper fix 2010-10-18 21:39:46 +00:00
Miroslav Stampar
3d5494845c minor bug fix 2010-10-18 21:32:50 +00:00
Bernardo Damele
1d74036ee3 Minor cosmetic fixes 2010-10-18 11:34:53 +00:00
Miroslav Stampar
6b70dadfb2 minor cosmetics 2010-10-18 09:09:22 +00:00
Miroslav Stampar
149837ebf5 added the same for proxy authorization header 2010-10-18 09:02:56 +00:00
Miroslav Stampar
aaebb4336e fix for Bug #202 2010-10-18 08:54:08 +00:00
Bernardo Damele
64b9f94fcf Renamed --common-prediction switch to --predict-output 2010-10-16 23:50:13 +00:00
Bernardo Damele
6211915da5 Cosmetic fix 2010-10-16 22:31:16 +00:00
Bernardo Damele
7b71262de6 Cosmetic fix 2010-10-16 22:07:29 +00:00
Bernardo Damele
a2997a6dce Minor bug fix to --tamper 2010-10-16 21:55:34 +00:00
Bernardo Damele
2129935e06 Split character for tamper scripts (--tamper option) is now comma, not semi-colon.
Minor enhancement
2010-10-16 21:52:16 +00:00
Bernardo Damele
2dae934a2b Minor bug fixes, code refactoring and enhanced --tamper functionality 2010-10-16 21:33:15 +00:00
Bernardo Damele
84ed7f192a Cosmetic fixes 2010-10-16 15:10:48 +00:00
Miroslav Stampar
1336b97c2c removed --useBetween switch and added new tampering module ./tamper/between.py 2010-10-15 23:48:07 +00:00
Bernardo Damele
e7c8be1d45 Minor layout adjustments 2010-10-15 15:37:15 +00:00
Miroslav Stampar
c9f0c75030 removed --space (usage of tampering modules is now a prefered way to do it) 2010-10-15 12:52:33 +00:00
Miroslav Stampar
d0514d18ec removed that spaces from URI payloads 2010-10-15 12:49:03 +00:00
Miroslav Stampar
2fa8836c01 bug fix 2010-10-15 11:14:59 +00:00
Miroslav Stampar
d50684a057 added one more check 2010-10-15 11:05:50 +00:00
Miroslav Stampar
2b476e078c minor cosmetics 2010-10-15 10:36:29 +00:00
Bernardo Damele
a80f6110cd don't call variables 'file', it's a reserved word :) 2010-10-15 10:29:24 +00:00
Bernardo Damele
9fcab68700 Minor adjustments 2010-10-15 10:28:06 +00:00
Miroslav Stampar
207bef7f19 fix for that SQLite3 vs SQLite2 issue 2010-10-15 09:39:41 +00:00
Miroslav Stampar
d0df8cdac9 fix for that duplicates 2010-10-15 00:34:16 +00:00
Miroslav Stampar
4f7f20b94f sorry, cosmetics 2010-10-14 23:18:29 +00:00
Miroslav Stampar
8b48833136 large commit with copyright header modifications 2010-10-14 14:41:14 +00:00
Miroslav Stampar
f07608ef4d show static words in a sorted manner 2010-10-14 12:38:06 +00:00
Miroslav Stampar
162d01abed commit of all sorts (bug fix for heuristics and URI injections, fine tunning of tampering modules with SQL keywords,...) 2010-10-14 11:06:28 +00:00
Miroslav Stampar
7e1f784eaa cosmetic update 2010-10-14 06:00:10 +00:00
Miroslav Stampar
34580f56fc added --tamper option 2010-10-12 22:45:25 +00:00
Miroslav Stampar
9a08f7feb8 minor update 2010-10-12 20:01:59 +00:00
Miroslav Stampar
d2ec132469 added --text-only switch 2010-10-12 19:41:29 +00:00
Miroslav Stampar
f9f79ffbaf basic stuff for sybase 2010-10-12 19:05:12 +00:00
Miroslav Stampar
9ffa928783 added some user interaction when page is dynamic 2010-10-12 15:49:04 +00:00
Miroslav Stampar
73b77255e3 minor cosmetic update 2010-10-12 12:32:02 +00:00
Miroslav Stampar
6dcd05c39c minor update 2010-10-11 14:38:04 +00:00
Miroslav Stampar
43892cddbb some updates 2010-10-11 12:26:35 +00:00
Miroslav Stampar
2198a60684 bug fix (reported by james@ev6.net) 2010-10-10 20:51:11 +00:00
Miroslav Stampar
7a5bb2b0d6 update 2010-10-10 19:50:10 +00:00
Miroslav Stampar
8fcad29bbf new feature --forms (still unfinished) 2010-10-10 18:56:43 +00:00
Miroslav Stampar
18d27cabc5 more changes 2010-10-07 15:34:17 +00:00
Miroslav Stampar
440ff639bb more refactoring 2010-10-07 14:05:34 +00:00
Miroslav Stampar
1e9ae40397 major refactoring 2010-10-07 12:12:26 +00:00
Miroslav Stampar
1bf8939e2f further updates 2010-10-06 22:43:04 +00:00
Miroslav Stampar
de6fa1247b moved injections to xml format 2010-10-06 22:29:52 +00:00
Miroslav Stampar
adf2231edb minor update 2010-10-06 13:38:03 +00:00
Miroslav Stampar
56dbf0038f minor update (for future implementation of more advanced error page logic) 2010-10-06 12:10:00 +00:00
Miroslav Stampar
0ad8090ad8 fix for a google bug reported by Brandon E. 2010-10-01 08:03:39 +00:00
Miroslav Stampar
8abcdae1b5 some update 2010-09-30 19:45:23 +00:00
Miroslav Stampar
cf8e92699c changes regarding EXISTS feature 2010-09-30 12:35:45 +00:00
Miroslav Stampar
3cd15960a0 more updates 2010-09-27 13:26:46 +00:00
Miroslav Stampar
3b9fe3e1c8 everything is ready for testing (smoke and live) 2010-09-27 11:20:48 +00:00
Miroslav Stampar
dc11ae0d65 update 2010-09-26 14:56:55 +00:00
Miroslav Stampar
35f35605df changes regarding Feature #160 2010-09-26 14:02:13 +00:00
Miroslav Stampar
99d9f9e624 update for smoke testing 2010-09-26 10:47:04 +00:00
Miroslav Stampar
2e5f269650 update regarding --space option 2010-09-24 22:35:32 +00:00
Miroslav Stampar
9cd5d3bde7 added new option --space 2010-09-24 21:59:03 +00:00
Miroslav Stampar
327bfcbe97 update regarding Feature #61 2010-09-24 14:34:05 +00:00
Miroslav Stampar
b6ff03690f update regarding Feature #61 2010-09-24 13:34:46 +00:00
Miroslav Stampar
48e0261e68 update for Feature #61 2010-09-24 13:19:35 +00:00
Miroslav Stampar
ff419f7384 more changes regarding path (URI) injection 2010-09-24 09:19:14 +00:00
Miroslav Stampar
e4925eb3dd update 2010-09-23 21:57:11 +00:00
Miroslav Stampar
13bb3a6212 minor update 2010-09-23 14:07:23 +00:00
Miroslav Stampar
927ad7bf13 update 2010-09-22 12:21:21 +00:00
Miroslav Stampar
da8ae5578b first commit regarding Feature #144 2010-09-22 11:56:35 +00:00
Miroslav Stampar
540a9b391f stripped some trailing spaces 2010-09-16 13:19:13 +00:00
Miroslav Stampar
b745331974 added null connection check 2010-09-16 08:43:10 +00:00
Miroslav Stampar
76233ff5a3 added skeleton for live testing 2010-09-15 13:55:28 +00:00
Miroslav Stampar
53800ef65f more refactoring 2010-09-15 13:32:42 +00:00
Miroslav Stampar
abc12bc361 more refactoring 2010-09-15 13:28:56 +00:00
Miroslav Stampar
682872689a some more refactoring 2010-09-15 12:59:51 +00:00
Miroslav Stampar
91a0b5df3c minor update 2010-09-15 12:52:28 +00:00
Miroslav Stampar
b699f98cbb minor refactoring 2010-09-15 12:51:02 +00:00
Miroslav Stampar
798ab4989b fix for a Bug #200 2010-09-14 10:35:01 +00:00
Miroslav Stampar
77a53228c5 changes regarding dynamic content recognition 2010-09-13 21:01:46 +00:00
Miroslav Stampar
19fb2e3dcf fix for Bug #165 2010-09-13 13:31:01 +00:00
Miroslav Stampar
61120b0bac minor comment added 2010-09-09 14:08:53 +00:00
Miroslav Stampar
1b3d287a09 fix for a bug reported by shaohua pan (and one other bug) 2010-09-07 10:21:42 +00:00
Miroslav Stampar
e810fe7b0b no need for obsolete (and hard to find) sqlite module when sqlite3 handles both database versions 2010-08-31 13:37:53 +00:00
Miroslav Stampar
f5953bacc0 fix for direct connection parsing (now on windows machines python sqlmap.py -d access://C:\testdb.mdb is valid, while before it wasn't) 2010-08-30 16:35:28 +00:00
Miroslav Stampar
48cc87f6a9 added support for fingerprinting SAP MaxDB (Issue 143) 2010-08-30 13:29:19 +00:00
Miroslav Stampar
2cd8f31003 some doc test samples included 2010-08-20 21:27:47 +00:00
Miroslav Stampar
4edf6ebe00 update for smoke tests 2010-08-20 21:01:51 +00:00
Miroslav Stampar
8aa12db425 added option --proxy-cred for setting proxy credentials (Feature #195) 2010-08-18 22:45:00 +00:00
Miroslav Stampar
70197affa0 little update (--ratio has a bigger priority then resumed value) 2010-08-10 19:57:59 +00:00
Miroslav Stampar
057ec8a6b2 added --ratio option for direct manipulation of conf.matchRatio parameter 2010-08-10 19:53:29 +00:00
Miroslav Stampar
02523dbfb5 fix of fix 2010-08-09 22:13:56 +00:00
Miroslav Stampar
6eab7997d1 fix for bug reported by dragoun dash (TypeError: sequence item 0: expected string, NoneType found) 2010-08-08 22:25:33 +00:00
Miroslav Stampar
e0fe5d1504 bug fix for error reported by Marek Sarvas (error data) 2010-08-08 21:48:22 +00:00
Miroslav Stampar
0cab4a5355 fix for bug reported by m4l1c3 (UnicodeEncodeError) 2010-08-08 21:22:37 +00:00
Miroslav Stampar
7dcc2031ac smoke test adjustments 2010-07-30 12:57:58 +00:00
Miroslav Stampar
092829c189 implemented basic smoke testing mechanism 2010-07-30 12:49:25 +00:00
Miroslav Stampar
28d9115373 fix for Feature #187 (Skip duplicates parameters in -g) 2010-07-29 20:01:04 +00:00
Bernardo Damele
49af0c43a5 Forgot 2010-07-01 15:26:18 +00:00
Miroslav Stampar
9d28ae23ca fixup for situations with unexpected LENGTHs in multithreaded mode (e.g. UTF8 data retrieval) 2010-07-01 14:11:45 +00:00
Bernardo Damele
24428c1a1b Added warning message if both --proxy and --keep-alive are provided 2010-06-30 11:41:42 +00:00
Bernardo Damele
d40a238335 Make --keep-alive public 2010-06-30 11:29:35 +00:00
Bernardo Damele
8625763c07 Minor code refactoring 2010-06-30 11:22:25 +00:00
Bernardo Damele
c33f3ef844 Minor adjustment to HTTP headers handling 2010-06-29 23:51:44 +00:00
Bernardo Damele
fb9f669544 More verbose comments 2010-06-29 21:10:33 +00:00
Bernardo Damele
8576817a2b Added support for SOAP requests: fixed, extended and tested a user's patch - closes #196. 2010-06-29 21:07:23 +00:00
Bernardo Damele
ea45d75f2d Major bug fix to parse and store all HTTP headers from the request file (-r) 2010-06-29 21:06:03 +00:00
Bernardo Damele
7cad3cbda6 Minor code refactoring 2010-06-28 13:47:20 +00:00
Miroslav Stampar
ccfc9b0fec fix for that bug linux man reported (UnicodeEncodeError inside raw_input) 2010-06-23 07:30:15 +00:00
Bernardo Damele
17e228024b Minor enhancements and bug fixes to "good samaritan" feature - see #4 2010-06-21 14:40:12 +00:00
Bernardo Damele
fd76f048b6 Added common pattern value support to bisection algorithm 2010-06-17 11:38:32 +00:00
Bernardo Damele
9bce22683b Minor bug fix and adjustment to deal with Keep-Alive also against Google (-g) 2010-06-11 10:08:19 +00:00
Bernardo Damele
c23ea4c749 --keep-alive is not compatible with --proxy 2010-06-10 21:19:45 +00:00
Bernardo Damele
75dc44deb8 Minor adjustments 2010-06-10 15:34:28 +00:00
Bernardo Damele
d3c8e461cf Minor layout adjustments 2010-06-10 14:14:56 +00:00
Miroslav Stampar
ac55e1b75f fix for localhost firebird direct db access 2010-06-10 12:02:48 +00:00
Miroslav Stampar
c398353e06 support for loading 'faulty character set' session files 2010-06-09 16:07:47 +00:00
Miroslav Stampar
38e5e342f8 added prettyprint module with fixed toprettyxml() method 2010-06-07 09:03:03 +00:00
Miroslav Stampar
9e76b847b3 fix regarding bug discovered by Andreas Constantinides 2010-06-04 17:07:17 +00:00
Miroslav Stampar
464f171a8c added reusage of xml output and removed toprettyxml which has lots and lots of problems (output once stored is not usable any more from any xml parser/reader because it adds whitespaces all over the output just to be more 'human' readable) 2010-06-03 07:36:30 +00:00
Miroslav Stampar
c470255c18 minor update 2010-06-02 14:56:39 +00:00
Miroslav Stampar
12a5ec9f3d more unicode refactoring 2010-06-02 12:45:40 +00:00
Miroslav Stampar
2fb8bf3b6a more dump/unicode cleanup 2010-06-02 12:31:36 +00:00
Bernardo Damele
64ad3b03be Minor bug fix 2010-06-02 11:01:41 +00:00
Miroslav Stampar
17e0e83990 minor unimportant update 2010-06-02 08:34:57 +00:00
Miroslav Stampar
32a0ba9296 fixing unicode mess 2010-06-02 08:28:38 +00:00
Miroslav Stampar
eb94edc48c added keepalive module 2010-06-01 12:21:10 +00:00
Bernardo Damele
6df2d98fc9 Minor bug fix in common.py goGoodSamaritan().
Minor code cleanup and adjustments.
2010-05-31 15:05:29 +00:00
Miroslav Stampar
db7ede96fd more updates/fixes 2010-05-31 11:11:53 +00:00
Miroslav Stampar
4bb5885413 some changes regarding --common-outputs feature 2010-05-31 09:41:41 +00:00
Miroslav Stampar
0450df8a77 added kb.cache for storing cached results (e.g. kb.cache.regex for storing compiled regular expressions and kb.cache.md5 for storing precalculated MD5 values during '--users --common-prediction' session) 2010-05-31 08:13:08 +00:00
Bernardo Damele
b798222dd7 Minor fixes 2010-05-30 14:53:13 +00:00
Bernardo Damele
89c721a451 More replacements from open() to codecs.open(). conf.dataEncoding has to be used only for non-binary files. 2010-05-29 10:10:28 +00:00
Miroslav Stampar
a4155269c5 bug fix (unicode(unicode) results in “TypeError: decoding Unicode is not supported” (http://www.red-mercury.com/blog/eclectic-tech/python-mystery-of-the-day/) 2010-05-29 07:25:38 +00:00
Bernardo Damele
e811101dce Minor bug fix 2010-05-28 23:39:52 +00:00
Bernardo Damele
10521b68eb Major bug fix in multipartpost and minor adjustments elsewhere 2010-05-28 23:12:20 +00:00
Bernardo Damele
06af405efd Adapted and merged in patch to support XML output (-x switch) - still in beta.
Minor bug fixes and adjustments.
2010-05-28 16:43:04 +00:00
Bernardo Damele
a138dbe5f6 Minor bug fixes and code refactoring 2010-05-28 15:57:43 +00:00
Miroslav Stampar
919a8345d6 minor fix 2010-05-28 15:30:02 +00:00
Miroslav Stampar
ad3c425a18 quick fix 2010-05-28 15:26:55 +00:00
Miroslav Stampar
accaf0b3bd minor refactoring 2010-05-28 14:07:48 +00:00
Miroslav Stampar
0f5768cddf more and more fixes 2010-05-28 14:04:34 +00:00
Miroslav Stampar
a3db3c03c1 str() -> unicode() 2010-05-28 13:05:02 +00:00
Miroslav Stampar
f24187f251 few fixes here and there 2010-05-28 12:47:03 +00:00
Bernardo Damele
f26de89216 Minor bug fix to correctly deal with unicode queries with -d 2010-05-28 11:32:10 +00:00
Miroslav Stampar
f36e093fa7 minor update 2010-05-28 09:13:50 +00:00
Bernardo Damele
9de1671b8f Code refactoring and minor bug fixes. 2010-05-27 16:45:09 +00:00
Miroslav Stampar
c431a74d9e minor fix/adjustment regarding getCompiledRegex 2010-05-27 11:52:18 +00:00
Miroslav Stampar
ce29c841cf some comments added 2010-05-26 11:14:22 +00:00
Miroslav Stampar
1a3dfd8ced some more changes 2010-05-26 11:01:26 +00:00
Miroslav Stampar
bbdbe44e3f fuck yea, first tests (MySQL/--tables & --common-prediction) are great :) 2010-05-26 10:41:37 +00:00
Miroslav Stampar
7f0db26e99 more code updates regarding good samaritan (common output) feature 2010-05-26 09:48:20 +00:00
Miroslav Stampar
8ed76b3024 minor update regarding good samaritan 2010-05-25 14:51:02 +00:00
Miroslav Stampar
065d5b02ec added singleValue parameter for good samaritan (same thing Bernardo wanted :) 2010-05-25 13:51:03 +00:00
Miroslav Stampar
056d1ad76e new commit regarding good samaritan feature 2010-05-25 13:06:23 +00:00
Miroslav Stampar
dc83f794ea fix regarding proper string isinstance checking (including unicode) 2010-05-25 10:09:35 +00:00
Miroslav Stampar
1f07db875d fix for that float() report from Shaohua Pan 2010-05-24 20:12:37 +00:00
Bernardo Damele
a43eb64c5d Minor refactoring 2010-05-24 15:46:12 +00:00
Miroslav Stampar
0197f8db5c code refactoring regarding issue #184 2010-05-24 11:12:40 +00:00
Miroslav Stampar
e9be60e1ac added support for proper unicode session(s) storage/retrieval 2010-05-24 11:00:49 +00:00
Bernardo Damele
03fb84e29f Minor enhancement to internal --profile function 2010-05-21 15:06:05 +00:00
Miroslav Stampar
5d5ebd49b6 introducing regex caching mechanism 2010-05-21 14:42:59 +00:00
Bernardo Damele
7ee20480a4 Added a TODO note 2010-05-21 13:24:23 +00:00
Bernardo Damele
319adef8c4 Minor adjustment 2010-05-21 13:19:50 +00:00
Miroslav Stampar
050015d2bb minor adjustments 2010-05-21 13:15:21 +00:00
Miroslav Stampar
5a5b31ad53 minor code adjustment 2010-05-21 13:03:57 +00:00
Miroslav Stampar
64f2afe585 in a mood for more changes 2010-05-21 12:44:09 +00:00
Miroslav Stampar
78547bb79e quick fix 2010-05-21 12:19:20 +00:00
Bernardo Damele
a21a7fc56d Minor code refactoring 2010-05-21 12:09:31 +00:00
Miroslav Stampar
9b91b30b69 minor refactoring 2010-05-21 10:41:30 +00:00
Miroslav Stampar
5f44696530 changes regarding putting of gprof2dot script inside extras and its usage 2010-05-21 10:30:11 +00:00
Miroslav Stampar
68e13c3872 periodical commit 2010-05-21 09:35:36 +00:00
Bernardo Damele
9c1d82c9f7 Minor bug fix to --proxy with HTTPS target on Python 2.6 - fixes #191. 2010-05-20 10:52:14 +00:00
Bernardo Damele
e0e2349529 Refactor to --search -C and minor bug fix - See #190. 2010-05-17 16:16:49 +00:00
Miroslav Stampar
19a82e151c minor cleanup 2010-05-14 14:03:33 +00:00
Miroslav Stampar
7107e8fd6a optimization of CPU intensive sanitizeAsciiString 2010-05-14 13:55:25 +00:00
Miroslav Stampar
5396f13bab added CPU throttling for lowering sqlmap's CPU intensivity 2010-05-13 15:19:28 +00:00
Miroslav Stampar
ca3e12ae73 added calculateDeltaSeconds method for dealing with non-deterministic time behaviour in some cases (e.g. WAITFOR DELAY in case of MSSQL) 2010-05-13 11:05:35 +00:00
Miroslav Stampar
893bc04fe4 changes regarding Feature #157 (Evaluate BETWEEN for inference algorithm) 2010-05-12 11:30:32 +00:00
Miroslav Stampar
1a8beebc8c minor fix 2010-05-11 13:55:30 +00:00
Miroslav Stampar
1e5ecbaa97 speedup of initial session file handling 2010-05-11 13:36:30 +00:00
Bernardo Damele
65a05452f7 Added option --search to work in conjunction with -D (done), -T (soon) or -C (replaces --dump -C) - See #190:
* --search -D foobar: searches all database names like the ones provided
* --search -T foobar: searches all databases' table names like the ones provided (soon)
* --search -C foobar: replaces --dump -C
2010-05-07 13:40:57 +00:00
Miroslav Stampar
789dd6c66f more quick fixes 2010-05-04 08:43:14 +00:00
Bernardo Damele
4d46f997a7 Minor bug fix 2010-04-29 13:34:03 +00:00
Bernardo Damele
fa48d26f95 Minor cosmetic fix 2010-04-26 12:34:21 +00:00
Miroslav Stampar
7eef76f1b0 added basic option validation for start/stop values regarding David Guimaraes mail 2010-04-26 11:23:12 +00:00
Bernardo Damele
a1b1f960cc Finally fixed and adapted all code around to the new isWindowsDriveLetterPath() function 2010-04-23 16:34:20 +00:00
Bernardo Damele
0f80768e66 Reverted 2010-04-22 16:35:22 +00:00
Bernardo Damele
7b070acd17 Reimported needed imports! 2010-04-22 16:13:22 +00:00
Miroslav Stampar
1bcec80e95 fix for that takeover bug Ethan Robish posted (Windows/PHP) 2010-04-22 10:31:33 +00:00
Bernardo Damele
2840f20605 Minor bug fix 2010-04-17 15:43:08 +00:00
Miroslav Stampar
915d3441e9 some code refactoring 2010-04-16 19:57:00 +00:00
Miroslav Stampar
938a3ab0b9 fix for Bug #183 (--threads dot output) 2010-04-16 13:40:02 +00:00
Miroslav Stampar
1aeaa5db47 implementation of Feature #176 (Safe URL: avoid being kicked out after N unsuccessful requests) 2010-04-16 12:44:47 +00:00
Miroslav Stampar
17554759b7 implemented feature request from Ole Rasmussen regarding table name retrieval speedup 2010-04-15 09:36:13 +00:00
Bernardo Damele
1ab78ce60e Added support to directly connect also to SQLite 2 db file 2010-04-13 22:43:38 +00:00
Bernardo Damele
fee062781f Minor adjustment 2010-04-13 11:13:01 +00:00
Miroslav Stampar
da1ea48947 added some nagging for connection details 2010-04-13 11:00:15 +00:00
Bernardo Damele
eecee3b274 Added resume functionality to -d and fixed logging with -d 2010-04-12 09:35:20 +00:00
Bernardo Damele
b72ddb6f1e Fixes non-deterministic unsorted results for most of the DBMSes - see #185 2010-04-09 15:48:53 +00:00
Miroslav Stampar
fcceceed45 fix for bug reported by shiftzwei@gmail.com regarding formatDBMSfp with unknown DBMS version 2010-04-09 10:40:08 +00:00
Miroslav Stampar
63c70018ca fix for that update (conf.cj) problem mentioned by shiftzwei@gmail.com 2010-04-09 10:16:15 +00:00
Bernardo Damele
effc7dc41c Minor adjustment to notify the user that the --auth-cred format for NTLM authentication is "DOMAIN\user:password" 2010-04-07 09:47:14 +00:00
Bernardo Damele
2d55ec19a3 Minor code restyling 2010-04-06 10:15:19 +00:00
Miroslav Stampar
e29e8f82f9 fix for "Problem with --dbms set" reported by David Guimaraes 2010-04-05 23:09:35 +00:00
Miroslav Stampar
0a363d3f2b fix for not properly clearing cookies when in multiple targets scanning mode spotted by Kasper Fons 2010-04-04 14:38:48 +00:00
Miroslav Stampar
4129cb22a7 update regarding bug reported by Ole Rasmussen 2010-04-03 19:41:47 +00:00
Bernardo Damele
cad8f61d55 Force pymssql to version >= 1.0.2 2010-03-31 15:31:11 +00:00
Bernardo Damele
b19de015c5 Minor bugs fixes 2010-03-31 13:52:51 +00:00
Bernardo Damele
5fdebb5d5b Added support to directly connect also to Microsoft SQL Server database.
Fixed direct connection to always use the same query as of UNION query SQL injection (= one query with multiple columns/entries output).
Minor fixes to Firebird/Access/SQLite connectors to use connector's execute()/fetchall() as wrapper for third-party libraries' methods.
Forced conf.timeout to 10 seconds when directly connecting to database.
Slightly improved regular expression to parse -d parameter.
Added import check for all connectors' third-party libraries.
Code refactoring:
* Moved conf.direct request to direct() function in lib/request/direct.py (code reused where needed).
* Back-delegated to generic connector close() and other methods.
2010-03-31 10:50:47 +00:00
Miroslav Stampar
a02ec29c15 too 2010-03-30 11:52:45 +00:00
Miroslav Stampar
c9c9c1fb2f replace only first occurrence 2010-03-30 11:52:01 +00:00
Miroslav Stampar
ae3455a0c2 more update 2010-03-30 11:28:14 +00:00
Miroslav Stampar
738c210075 update 2010-03-30 11:21:26 +00:00
Miroslav Stampar
87d8c6719e updates, fixes and stuff 2010-03-30 11:06:30 +00:00
Bernardo Damele
a0290a257b Added support to connect directly also to Oracle - see #158 2010-03-27 21:50:19 +00:00
Bernardo Damele
1416cd0d86 Major enhancement to directly connect to the dbms without passing via a sql injection: adapted code accordingly - see #158. This feature relies on python third-party libraries to be able to connect to the database. For the moment it has been implemented for MySQL (with python-mysqldb module) and PostgreSQL (with python-psycopg2 module).
Minor layout adjustments.
2010-03-26 23:23:25 +00:00
Miroslav Stampar
4ca1adba2c update 2010-03-26 21:30:36 +00:00
Miroslav Stampar
1ec5221d82 minor update 2010-03-26 20:51:55 +00:00
Miroslav Stampar
0aa8f7309b added copyright notice and keywords 2010-03-26 20:23:08 +00:00
Miroslav Stampar
2e05e1c54d new module for Feature #61 2010-03-26 20:19:18 +00:00
Miroslav Stampar
8bab94de64 added two new functions: isBase64EncodedString and isHexEncodedString for Feature #71 2010-03-26 17:18:02 +00:00
Bernardo Damele
2aadc5c939 Added support for --roles (for Oracle ROLE_PRIVS). Enhanced Oracle --privileges to fall-back to USER_SYS_PRIVS if DBA_SYS_PRIVS is not accessible (so session user is not DBA) - Fixes ticket #180.
Minor enhancement to Firebird to determine if a DB user is a DBA.
Minor code refactoring.
2010-03-25 15:46:06 +00:00
Bernardo Damele
f4f68218bc Minor layout adjustment for --threads and --eta output 2010-03-25 11:47:18 +00:00
Bernardo Damele
f9a135e232 Minor bug fix and layout adjustment regarding --threading and standard output 2010-03-22 17:38:19 +00:00
Bernardo Damele
d13ad8b2d7 fixes #181 - proper save/resume information about single entry UNION SQL injection 2010-03-22 15:39:29 +00:00
Bernardo Damele
d00e4a458a Code cleanup 2010-03-21 00:39:44 +00:00
Bernardo Damele
0d559d14df Initial support for SQLite (90% approx).
Initial support for Firebird (30% approx).
Initial support for Access (10% approx).
Shared libraries code/installation scripts ported to 64bit, directory structure adapted.
Minor code adjustments.
2010-03-18 17:20:54 +00:00
Bernardo Damele
d2f86fb0a5 Fixes #172 - also cookies are parsed from burp/webscarab logs (-l) and request file (-r) now 2010-03-16 15:21:42 +00:00
Bernardo Damele
466df89c4a Fixes #178 and #179 - proper handling of custom redirects 2010-03-16 14:30:57 +00:00
Bernardo Damele
3b3353e05b Revert last commit 2010-03-16 13:56:36 +00:00
Miroslav Stampar
1dfe558d3d Fix for Issue #177 2010-03-16 13:11:44 +00:00
Bernardo Damele
6d0ea86414 Fixes #59 - proper customizable redirect (302 and 301) 2010-03-15 14:24:43 +00:00
Miroslav Stampar
417f7fae00 Fix for "bug: -g uses wrong session file" 2010-03-15 12:02:04 +00:00
Miroslav Stampar
8af7d6c58b minor cosmetic update 2010-03-15 11:55:13 +00:00
Miroslav Stampar
a0ec447b7d fix for Issue #170 2010-03-15 11:33:34 +00:00
Bernardo Damele
7f5bc5e3fe Increased version to 0.9-dev 2010-03-15 11:04:57 +00:00
Bernardo Damele
5063401130 Minor bug fix, fixes #170 2010-03-15 11:00:14 +00:00
Bernardo Damele
572b6fd920 sqlmap 0.8 stable! 2010-03-15 01:17:27 +00:00
Miroslav Stampar
7ec04281dd minor adjustments 2010-03-12 12:46:26 +00:00
Miroslav Stampar
2c053d5cfb fix for Bug #166 (Keyboard interrupt in Python threading) 2010-03-11 11:14:20 +00:00
Bernardo Damele
fdf417f57e Minor adjustment and bug fix 2010-03-10 22:08:11 +00:00
Miroslav Stampar
91dd609e26 fixed threading bug (difflib :) 2010-03-10 14:14:27 +00:00
Bernardo Damele
8593741358 Minor bug fix 2010-03-05 15:25:53 +00:00
Bernardo Damele
7136c17f19 Minor log adjustments 2010-03-05 14:59:33 +00:00
Miroslav Stampar
6fd1f7f77c update 2010-03-05 14:06:03 +00:00
Miroslav Stampar
58d54b6515 added new option --flush-session 2010-03-04 13:01:18 +00:00
Miroslav Stampar
b544405878 fixed some issue involving banner parsing 2010-03-04 09:15:26 +00:00
Bernardo Damele
ef7666c12b Minor code cleanup 2010-03-03 19:23:43 +00:00
Bernardo Damele
a654a426ef Minor adjustments 2010-03-03 16:19:17 +00:00
Bernardo Damele
156fdd96ef Updated copyright 2010-03-03 15:26:27 +00:00
Miroslav Stampar
5d792feffd minor update 2010-03-03 10:57:54 +00:00
Bernardo Damele
694356821d sqlmap does not save nor leave back in temporary folder any file named 'sqlmapRANDOM', only random names now, less suspicious 2010-02-26 13:13:50 +00:00
Bernardo Damele
8c68d25b39 Major bug fix, be careful when editing isWindowsPath() and normalizePath() in common.py, they can break all 2010-02-26 12:00:47 +00:00
Miroslav Stampar
89e919f07a fixing my mistake 2010-02-26 10:01:23 +00:00
Miroslav Stampar
5ebf572cae added option --ignore-proxy 2010-02-25 20:55:10 +00:00
Bernardo Damele
98496fd173 Show also site in the banner 2010-02-25 17:37:46 +00:00
Bernardo Damele
404927d04a Adjusted banner, increased release candidate to rc7 2010-02-25 17:34:54 +00:00
Miroslav Stampar
d95a8850c8 fix 2010-02-25 16:38:39 +00:00
Miroslav Stampar
0913d700a8 important update regarding default directories 2010-02-25 15:22:41 +00:00
Bernardo Damele
a10adcfe08 Minor code cleanup 2010-02-25 15:16:41 +00:00
Miroslav Stampar
3721451cd6 default dirs update 2010-02-25 14:51:39 +00:00
Miroslav Stampar
4bea0e343a Avoiding md5/sha1 deprecated warning in Python >=2.6 2010-02-23 08:54:33 +00:00
Miroslav Stampar
9c014c0fd0 minor change 2010-02-20 23:11:05 +00:00
Miroslav Stampar
cef248a5ea update for that invalid target url Otavio Augusto reported 2010-02-10 12:06:23 +00:00
Miroslav Stampar
00a23ace9a some changes regarding web takeover 2010-02-09 14:27:41 +00:00
Miroslav Stampar
d291464cd4 code refactoring regarding path normalization 2010-02-04 14:50:54 +00:00
Miroslav Stampar
ec63fc4036 code refactoring - added functions posixToNtSlashes and ntToPosixSlashes 2010-02-04 14:37:00 +00:00
Miroslav Stampar
e4699f389d some bug fixes regarding --os-shell usage against windows servers 2010-02-04 09:49:31 +00:00
Miroslav Stampar
ea045eaa2f fixed serious issue with adding file paths into kb.absFilePaths (dirname was wrongly added, and afterwards getDirs used dirname of dirname)
also, fixed some issues with Windows paths
2010-02-03 16:40:12 +00:00
Miroslav Stampar
494e014a4a minor update 2010-02-03 16:04:44 +00:00
Miroslav Stampar
894b9f0f80 minor minor update 2010-02-03 15:15:30 +00:00
Miroslav Stampar
25f1a9c7d0 upgrade of web directory parsing for things like C:/xampp/htdocs/sqlmap/mysql/get_int.php (XAMPP uses this) 2010-02-03 15:06:41 +00:00
Miroslav Stampar
c74b920f54 bug fix 2010-02-03 14:49:28 +00:00
Miroslav Stampar
92817159dc cloaked upx for windows (used mkstemp because of execution and file access rights problem) 2010-01-29 10:12:09 +00:00
Bernardo Damele
6f5d2ed171 Minor cosmetic adjustments 2010-01-28 17:07:34 +00:00
Miroslav Stampar
732ed48e2b some refactoring regarding decloaking 2010-01-28 16:50:34 +00:00
Bernardo Damele
dcbbad642d Minor self fix, switched to rc6 2010-01-28 10:27:47 +00:00
Miroslav Stampar
645afee359 some changes 2010-01-28 00:25:36 +00:00
Miroslav Stampar
a4d8234875 minor update 2010-01-24 14:23:19 +00:00
Miroslav Stampar
98205cc488 another fix for Bug #148 2010-01-23 23:29:34 +00:00
Miroslav Stampar
97840535c6 fix for situations where proxy is set in environment, but the user tries to test something on localhost 2010-01-19 13:47:35 +00:00
Bernardo Damele
5c58747740 More tweaking on --update 2010-01-18 15:20:50 +00:00
Bernardo Damele
051db588a5 Minor tweaking to --update 2010-01-18 14:59:24 +00:00
Miroslav Stampar
44adbc5776 changes regarding Feature #125 2010-01-18 14:05:23 +00:00
Bernardo Damele
2825ab5e4e Major bug fix in url-encoding 2010-01-16 21:56:40 +00:00
Bernardo Damele
4ce3abc56d Minor adjustments 2010-01-15 17:42:46 +00:00
Miroslav Stampar
5f171340f5 introduced safe string formatting 2010-01-15 16:06:59 +00:00
Miroslav Stampar
dcf0b2a3c1 minor update 2010-01-15 11:45:48 +00:00
Miroslav Stampar
f5c422efb4 updated and renamed sanitizeCookie to urlEncodeCookieValues because of it's different nature than before 2010-01-15 11:44:05 +00:00
Bernardo Damele
505647b00f Minor bug fix to --cookie-urlencode 2010-01-15 11:24:30 +00:00
Bernardo Damele
c4215ce8d2 Minor code refactoring 2010-01-14 20:42:45 +00:00
Miroslav Stampar
26c7b74e65 changes regarding Data (GET/POST/Cookie) encoding (Bug #129) 2010-01-14 18:05:03 +00:00
Bernardo Damele
50bbb0cf8a Deprecate sqlmap update code, will use pysvn to update from latest development version from subversion repository. 2010-01-13 14:52:23 +00:00
Miroslav Stampar
3434a22872 HTTP header HOST is now mandatory in a HTTP request file 2010-01-12 14:07:58 +00:00
Miroslav Stampar
a193205323 minor update regarding requestFile option 2010-01-12 14:01:58 +00:00