Commit Graph

272 Commits

Author SHA1 Message Date
Miroslav Stampar
6c0054bc5f Putting that ugly parameter xyz is not inside the Cookie into the debug messages 2013-02-14 15:38:44 +01:00
Bernardo Damele
4b9d8ed673 reverted a previous commit as not all distributions create a link file /usr/bin/python2 to the Python interpreter 2013-02-14 11:32:17 +00:00
Bernardo Damele
a67ef4117f make sure to use Python 2 interpreter when default system Python is version 3 2013-02-14 11:25:04 +00:00
Miroslav Stampar
d78a3e977b Update (allowing regular char * to be inside SOAP/JSON/XML) 2013-02-13 12:24:42 +01:00
Miroslav Stampar
7c802ed8cc Minor fix 2013-02-13 11:14:45 +01:00
Miroslav Stampar
c2672e78fc Support for multiple injection marks inside the same header value (Issue #48) 2013-02-12 12:06:13 +01:00
Miroslav Stampar
15b0ab1b44 Fix for a 'no parameter found' problem when user says N on 'custom injection mark found in POST...' 2013-01-22 14:08:19 +01:00
Miroslav Stampar
9ce2395405 Minor refactoring 2013-01-19 18:40:44 +01:00
Miroslav Stampar
bb6b89fe93 Patch for an Issue #360 2013-01-19 18:06:36 +01:00
Bernardo Damele
a43202f3c0 updated copyright 2013-01-18 14:07:51 +00:00
Miroslav Stampar
a38b3e397c Patch for an Issue #286 2013-01-17 14:17:39 +01:00
Miroslav Stampar
03dd958d96 Implementation for an Issue #48 2013-01-13 16:22:43 +01:00
Miroslav Stampar
ec4e49d771 Minor refactoring 2013-01-10 16:09:28 +01:00
Miroslav Stampar
acfeeb4f51 Restyling old form of urlparse 2013-01-10 15:41:07 +01:00
Miroslav Stampar
ca3d35a878 Some PEP8 related style cleaning 2013-01-10 13:18:44 +01:00
Miroslav Stampar
e4a3c015e5 Replacing old and deprecated raise Exception style (PEP8) 2013-01-03 23:20:55 +01:00
Miroslav Stampar
0795760255 Minor fix 2012-12-30 11:22:23 +01:00
Miroslav Stampar
1f7644a691 Minor fix when user doesn't want custom injection char marker to be processed 2012-12-08 21:23:30 +01:00
Miroslav Stampar
974407396e Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods) 2012-12-06 14:14:19 +01:00
Miroslav Stampar
ab67344448 Removed unused imports and variables (pyflake-ing) 2012-12-06 11:15:05 +01:00
Miroslav Stampar
6f7f9dd8eb Patch for an Issue #242 2012-11-13 10:41:13 +01:00
Miroslav Stampar
a52dbc575b Patch for an Issue #246 2012-11-13 10:21:11 +01:00
Miroslav Stampar
181c3534f0 Patch for an Issue #237 2012-11-08 19:16:37 +01:00
Miroslav Stampar
1ee0d9ce5e Fix for an Issue #229 2012-11-05 15:58:54 +01:00
Miroslav Stampar
a9094a35fe Fix for an Issue #227 2012-10-30 00:20:49 +01:00
Miroslav Stampar
4365c48e83 Minor style update 2012-10-23 14:38:24 +02:00
Miroslav Stampar
06f226c494 Fix for an Issue #211 2012-10-23 14:37:45 +02:00
Miroslav Stampar
2cb1b054bb Implementation for an Issue #79 2012-10-16 12:32:58 +02:00
Miroslav Stampar
098e446ca4 Adding support for generic XML POST data 2012-10-04 18:44:12 +02:00
Miroslav Stampar
d464678e10 Minor update for an Issue #49 2012-10-04 18:01:42 +02:00
Miroslav Stampar
84b05e2d18 Better treating of numeric values (Issue #49) 2012-10-04 16:08:37 +02:00
Miroslav Stampar
31aa9be1c7 Minor update 2012-10-04 15:40:11 +02:00
Miroslav Stampar
5d2b534908 Minor update (Issue #49) 2012-10-04 15:23:01 +02:00
Miroslav Stampar
5b59b6feb4 Removing junk part 2012-10-04 12:09:09 +02:00
Miroslav Stampar
d570e25b1b Minor workflow update 2012-10-04 12:05:59 +02:00
Miroslav Stampar
eddc634ceb Minor improvement (custom injection marks are now processed in order of appearance) 2012-10-04 11:52:40 +02:00
Miroslav Stampar
461e5ebc5f Work for Issue #197 and Issue #49 2012-10-04 11:25:44 +02:00
Miroslav Stampar
bcbf0571a5 Implementation for an Issue #49 2012-10-02 14:23:58 +02:00
Miroslav Stampar
9a1fbb8941 Fix for an Issue #185 2012-09-13 14:22:26 +02:00
Miroslav Stampar
a64438fb5c Minor language update 2012-09-11 19:45:40 +02:00
Miroslav Stampar
05dced5418 Minor language update 2012-09-11 19:43:03 +02:00
Miroslav Stampar
33980adaef Another update for an Issue #79 2012-08-31 12:46:38 +02:00
Miroslav Stampar
2806185989 Minor refactoring 2012-08-31 10:43:06 +02:00
Miroslav Stampar
74a5d41272 Minor update for an Issue #79 2012-08-31 10:24:47 +02:00
Miroslav Stampar
59078bb1b8 Fix for an Issue #154 2012-08-20 10:05:13 +02:00
Miroslav Stampar
f358ab2e73 Implementation of an Issue #147 2012-08-15 16:37:18 +02:00
Miroslav Stampar
f797a6d813 Fix for an Issue #125 2012-07-31 13:06:45 +02:00
Miroslav Stampar
142fc887f1 Fix for an Issue #129 2012-07-31 11:03:44 +02:00
Miroslav Stampar
b3552494c4 Minor preparation for an Issue #48 2012-07-26 12:26:57 +02:00
Miroslav Stampar
805120ac52 Minor refactoring 2012-07-14 11:01:30 +02:00
Miroslav Stampar
3c81f74823 Minor style update 2012-07-13 12:22:37 +02:00
Miroslav Stampar
6ade007aec Minor update of language 2012-07-13 12:13:04 +02:00
Bernardo Damele
162da75a04 modified homepage address 2012-07-12 18:38:03 +01:00
Miroslav Stampar
a525dd4336 Fix for Issue #72 2012-07-07 19:02:46 +02:00
jekil
c39e5a85ba Removed $id$ tags 2012-06-27 20:56:43 +02:00
Miroslav Stampar
ec44e88db8 lots of refactoring regarding removal of already obsolete session file mechanism 2012-06-21 10:09:10 +00:00
Miroslav Stampar
302d782a0f minor style update 2012-06-19 08:33:51 +00:00
Miroslav Stampar
f94ebe3107 minor fix (credentials were only set for the first target) 2012-06-04 22:30:12 +00:00
Miroslav Stampar
6ebb621228 adding support for (custom) POST injection (marking injection point with '*' in conf.data) 2012-04-17 14:23:00 +00:00
Miroslav Stampar
efd27d7ade minor renaming 2012-04-17 08:41:19 +00:00
Miroslav Stampar
cbdcbdd786 minor minor update 2012-03-16 11:18:18 +00:00
Miroslav Stampar
cda8815634 introducing safe deprecation mechanism for HashDB versioning 2012-03-12 22:55:57 +00:00
Miroslav Stampar
11c7cc5224 minor temporary fix 2012-03-08 11:08:43 +00:00
Miroslav Stampar
cd28eb6544 minor update regarding --load-cookies 2012-03-08 10:19:34 +00:00
Miroslav Stampar
f142c0f782 minor update 2012-02-28 14:04:13 +00:00
Miroslav Stampar
a9bf0297f6 moving injection data to HashDB 2012-02-27 13:44:07 +00:00
Miroslav Stampar
85125018a1 minor bug fix 2012-02-25 22:54:32 +00:00
Miroslav Stampar
06ab3fa134 minor update 2012-02-25 10:53:38 +00:00
Miroslav Stampar
74b19a0386 minor update 2012-02-25 10:43:10 +00:00
Miroslav Stampar
b3bd4144f5 removing of unused imports together with some general code refactoring 2012-02-22 10:40:11 +00:00
Miroslav Stampar
95f89ab63a updating copyright date 2012-01-11 14:59:46 +00:00
Miroslav Stampar
22c3fe49bb some refactoring 2011-12-28 13:50:03 +00:00
Miroslav Stampar
f622995a29 compatibility with partial union and error technique resumed data 2011-12-22 12:20:21 +00:00
Miroslav Stampar
95cd9e2af3 adding support for scanning Host header values (-p host) 2011-12-20 12:52:41 +00:00
Miroslav Stampar
5f7dbec41f minor patch 2011-12-03 12:11:46 +00:00
Miroslav Stampar
2ed3efba12 speed optimization and bug fix (kb.absFilePaths were not stored previously; also, they are now extracted only in heuristic phase) 2011-11-22 08:39:13 +00:00
Miroslav Stampar
440b7efe55 minor optimization 2011-11-20 20:14:47 +00:00
Miroslav Stampar
c1486ed4be adding usage of non-encoded/decoded post data (if data is recognized to be already encoded) by user request 2011-10-25 09:53:44 +00:00
Miroslav Stampar
25f0ec3597 some minor range to xrange conversion (where safe to do) 2011-10-21 22:34:27 +00:00
Miroslav Stampar
b3b4459c72 minor fix 2011-09-26 13:01:43 +00:00
Miroslav Stampar
744636a8c1 switching to SQLite resume support (on error and union techniques this moment) 2011-09-25 20:36:32 +00:00
Bernardo Damele
aedcf8c8d7 Changed homepage address 2011-07-07 20:10:03 +00:00
Miroslav Stampar
faa74cd2bc introducing results file for multiple target mode 2011-05-15 22:21:38 +00:00
Miroslav Stampar
ec4d9178f8 minor update related to the previous commit 2011-05-08 06:28:58 +00:00
Miroslav Stampar
4d6e7c738c minor update 2011-05-08 06:17:43 +00:00
Bernardo Damele
f56d135438 Minor code restyling 2011-04-30 13:20:05 +00:00
Bernardo Damele
edc2d75702 Cosmetics and major bug fix 2011-04-21 21:15:23 +00:00
Miroslav Stampar
6fab44d635 minor refactoring and improving of used regex 2011-04-17 22:37:00 +00:00
Miroslav Stampar
9aae447553 minor update for matching SOAP messages 2011-04-17 22:21:32 +00:00
Miroslav Stampar
a7366bf710 SOAP refactoring 2011-04-17 21:39:00 +00:00
Miroslav Stampar
0387654166 update of copyright string (until year) 2011-04-15 12:33:18 +00:00
Miroslav Stampar
139448eeb9 little stabilization regarding POST url(de/en)coding 2011-03-19 16:53:14 +00:00
Bernardo Damele
6e8ebd35f4 Hide switch -x (XML output format) as it is incomplete and bugged and won't make it for 0.9 stable 2011-02-27 12:17:41 +00:00
Miroslav Stampar
417b311475 minor update 2011-02-13 22:02:47 +00:00
Miroslav Stampar
50d25c3b4d update regarding explicit testing of ua and referer when using -p 2011-02-13 21:58:48 +00:00
Miroslav Stampar
535eb9f3eb implementation of referer feature 2011-02-11 23:07:03 +00:00
Miroslav Stampar
f83f1a1e06 minor just in case update 2011-02-04 13:08:54 +00:00
Miroslav Stampar
c69b76776e minor refactoring 2011-02-04 13:04:19 +00:00
Miroslav Stampar
c19d481bb1 little clean up 2011-02-04 12:25:14 +00:00
Miroslav Stampar
fa58a9c86b update (now URIs like www.site.com/id82 are automatically treated as possible URI injectable) 2011-01-31 20:36:01 +00:00
Miroslav Stampar
ddf23ba7cc refactoring 2011-01-30 11:36:03 +00:00
Miroslav Stampar
81722b6881 major bug fix reported by Ahmed Shawky (there was a possibility of double url encoding of parameter values) 2011-01-27 18:36:28 +00:00
Miroslav Stampar
dd7262d9e6 we haven't closed session file for previous target which lead to potentially nasty problems in multi target mode 2011-01-20 17:53:49 +00:00
Miroslav Stampar
fb9d7cdfaa refactoring, code clearing and removal of obsolete switch --longest-common 2011-01-14 14:37:03 +00:00
Miroslav Stampar
dce9a762f1 important update regarding restoring of potentially changed switch values in multi-target mode and/or missing switch values in resume mode 2011-01-02 10:37:32 +00:00
Miroslav Stampar
e355f92f22 bug fix 2010-12-18 10:02:01 +00:00
Miroslav Stampar
ec5c08ca7a cosmetics 2010-12-09 09:24:20 +00:00
Miroslav Stampar
db39dc32fc minor update 2010-12-09 00:59:39 +00:00
Miroslav Stampar
258e9fb50e fix for a "bug" reported by Spencer J. McIntyre (os.makedirs(conf.outputPath, 0755) -> permission denied) 2010-12-08 21:16:18 +00:00
Bernardo Damele
c8f943f5e4 Now, if the back-end dbms type has been identified by the detection engine, skips the fingerprint phase.
Major code refactoring and commenting to detection engine.
Ask user whether or not to proceed to test remaining parameters after an injection point has been identified.
Restore beep at SQL injection find.
Avoid reuse of same variable in DBMS handler code.
Minor adjustment of payloads XML file.
2010-11-30 22:40:25 +00:00
Bernardo Damele
9d7087e2ff Proper saving and resuming when more than a parameter are injectable.
Minor bug fix to --stacked-test
Minor code refactoring.
2010-11-29 01:04:42 +00:00
Miroslav Stampar
a0df36beda when in multi target mode this should be done (another bug was reported by ToR for using "old" data - kb was not properly cleared) 2010-11-17 15:33:07 +00:00
Miroslav Stampar
36c544f440 update (--forms acts now more like -g switch) 2010-11-15 11:34:57 +00:00
Bernardo Damele
5f46a549ba Cosmetics for --forms 2010-11-14 21:59:35 +00:00
Bernardo Damele
78d7b17483 More replacements for refactoring.
Minor layout adjustments.
Alignment of conffile/optiondict/cmdline parameters.
2010-11-08 12:36:48 +00:00
Miroslav Stampar
d551423379 further enum refactoring 2010-11-08 09:44:32 +00:00
Miroslav Stampar
e1cec8c02b fix for all that stable, dynamic mambo jambo :) 2010-11-04 16:44:34 +00:00
Miroslav Stampar
6adee3792a removed all trailing spaces from blank lines 2010-11-03 10:08:27 +00:00
Miroslav Stampar
9c94a233a1 conf.md5hash thrown out 2010-10-25 13:52:21 +00:00
Miroslav Stampar
8df7c88174 implementation of a new dynamic content removal engine 2010-10-25 10:41:37 +00:00
Miroslav Stampar
4009ef385e more update regarding error based injection support 2010-10-19 18:17:34 +00:00
Miroslav Stampar
729156e91c proper fix 2010-10-18 21:39:46 +00:00
Miroslav Stampar
3d5494845c minor bug fix 2010-10-18 21:32:50 +00:00
Miroslav Stampar
149837ebf5 added the same for proxy authorization header 2010-10-18 09:02:56 +00:00
Miroslav Stampar
aaebb4336e fix for Bug #202 2010-10-18 08:54:08 +00:00
Bernardo Damele
6211915da5 Cosmetic fix 2010-10-16 22:31:16 +00:00
Miroslav Stampar
2fa8836c01 bug fix 2010-10-15 11:14:59 +00:00
Miroslav Stampar
d0df8cdac9 fix for that duplicates 2010-10-15 00:34:16 +00:00
Miroslav Stampar
4f7f20b94f sorry, cosmetics 2010-10-14 23:18:29 +00:00
Miroslav Stampar
8b48833136 large commit with copyright header modifications 2010-10-14 14:41:14 +00:00
Miroslav Stampar
73b77255e3 minor cosmetic update 2010-10-12 12:32:02 +00:00
Miroslav Stampar
7a5bb2b0d6 update 2010-10-10 19:50:10 +00:00
Miroslav Stampar
8fcad29bbf new feature --forms (still unfinished) 2010-10-10 18:56:43 +00:00
Miroslav Stampar
adf2231edb minor update 2010-10-06 13:38:03 +00:00
Miroslav Stampar
56dbf0038f minor update (for future implementation of more advanced error page logic) 2010-10-06 12:10:00 +00:00
Miroslav Stampar
ff419f7384 more changes regarding path (URI) injection 2010-09-24 09:19:14 +00:00
Miroslav Stampar
da8ae5578b first commit regarding Feature #144 2010-09-22 11:56:35 +00:00
Bernardo Damele
8576817a2b Added support for SOAP requests: fixed, extended and tested a user's patch - closes #196. 2010-06-29 21:07:23 +00:00
Miroslav Stampar
c398353e06 support for loading 'faulty character set' session files 2010-06-09 16:07:47 +00:00
Bernardo Damele
64ad3b03be Minor bug fix 2010-06-02 11:01:41 +00:00
Bernardo Damele
b798222dd7 Minor fixes 2010-05-30 14:53:13 +00:00
Bernardo Damele
06af405efd Adapted and merged in patch to support XML output (-x switch) - still in beta.
Minor bug fixes and adjustments.
2010-05-28 16:43:04 +00:00
Miroslav Stampar
1f07db875d fix for that float() report from Shaohua Pan 2010-05-24 20:12:37 +00:00
Miroslav Stampar
0197f8db5c code refactoring regarding issue #184 2010-05-24 11:12:40 +00:00
Miroslav Stampar
e9be60e1ac added support for proper unicode session(s) storage/retrieval 2010-05-24 11:00:49 +00:00
Miroslav Stampar
1a8beebc8c minor fix 2010-05-11 13:55:30 +00:00
Miroslav Stampar
1e5ecbaa97 speedup of initial session file handling 2010-05-11 13:36:30 +00:00
Bernardo Damele
eecee3b274 Added resume functionality to -d and fixed logging with -d 2010-04-12 09:35:20 +00:00
Miroslav Stampar
fcceceed45 fix for bug reported by shiftzwei@gmail.com regarding formatDBMSfp with unknown DBMS version 2010-04-09 10:40:08 +00:00
Miroslav Stampar
63c70018ca fix for that update (conf.cj) problem mentioned by shiftzwei@gmail.com 2010-04-09 10:16:15 +00:00