Commit Graph

2788 Commits

Author SHA1 Message Date
Miroslav Stampar
02bd9a54f3 minor update 2011-11-30 17:19:21 +00:00
Miroslav Stampar
872a73f631 minor refactoring 2011-11-29 19:17:07 +00:00
Miroslav Stampar
3cd8f47686 minor bug fix 2011-11-29 17:17:06 +00:00
Miroslav Stampar
2842c13d75 minor update 2011-11-29 16:59:06 +00:00
Miroslav Stampar
d958c2fe48 minor fix 2011-11-28 11:21:39 +00:00
Miroslav Stampar
885b432808 minor update 2011-11-23 21:39:53 +00:00
Miroslav Stampar
ba4234dc42 switching from HTTP proxy to SOCKS proxy for --tor (sick and tired of Polipo/Privoxy bull; either Tor flag is overwritten every here and there or they are putting all kinds of filter warnings) 2011-11-23 21:17:08 +00:00
Miroslav Stampar
8ea9b19b66 minor update regarding dumping of table content in --forms mode 2011-11-23 20:56:22 +00:00
Miroslav Stampar
d6f936b98d minor update 2011-11-23 15:51:48 +00:00
Miroslav Stampar
40f21c3917 minor update 2011-11-23 15:38:31 +00:00
Miroslav Stampar
14e8ca6d41 minor fix 2011-11-23 14:26:40 +00:00
Miroslav Stampar
9b99530add minor bug fix 2011-11-23 08:14:20 +00:00
Miroslav Stampar
d5cddd40f6 minor fix 2011-11-23 03:03:31 +00:00
Miroslav Stampar
f39170a2c4 minor update 2011-11-22 15:06:51 +00:00
Miroslav Stampar
e33f70269b minor optimization 2011-11-22 12:44:28 +00:00
Miroslav Stampar
501fd85fa1 minor optimization 2011-11-22 12:40:12 +00:00
Miroslav Stampar
2e10de8921 minor update 2011-11-22 12:18:24 +00:00
Miroslav Stampar
ac041399f0 minor patch 2011-11-22 11:04:43 +00:00
Miroslav Stampar
9697e80013 some more optimizations 2011-11-22 10:54:29 +00:00
Miroslav Stampar
267d67b024 minor update 2011-11-22 10:41:56 +00:00
Miroslav Stampar
b117c40aa5 major improvement of HashDB speed in multi-threaded mode 2011-11-22 10:09:35 +00:00
Miroslav Stampar
e94efff187 some more optimization 2011-11-22 09:00:00 +00:00
Miroslav Stampar
2ed3efba12 speed optimization and bug fix (kb.absFilePaths were not stored previously; also, they are now extracted only in heuristic phase) 2011-11-22 08:39:13 +00:00
Miroslav Stampar
493e436e16 minor update 2011-11-22 07:32:39 +00:00
Miroslav Stampar
e905ea2a54 minor bug fix 2011-11-22 07:07:52 +00:00
Miroslav Stampar
f1f0828b28 minor update 2011-11-21 22:27:47 +00:00
Miroslav Stampar
704e1a4e74 minor minor update 2011-11-21 22:19:52 +00:00
Miroslav Stampar
fcac3d494b minor beautification 2011-11-21 22:18:04 +00:00
Miroslav Stampar
753dcb3450 minor update 2011-11-21 22:12:24 +00:00
Miroslav Stampar
da51e8a9d1 minor fix 2011-11-21 21:55:05 +00:00
Miroslav Stampar
eee03871d7 minor refactoring 2011-11-21 21:31:08 +00:00
Miroslav Stampar
4fa24ec704 minor improvement 2011-11-21 17:39:18 +00:00
Miroslav Stampar
65b2b0ad87 adding switch --eval 2011-11-21 16:41:02 +00:00
Miroslav Stampar
df0b451389 minor update 2011-11-20 23:17:57 +00:00
Miroslav Stampar
49fddaf668 minor update (for cases with 404 original page - e.g. time based injections in some cases) 2011-11-20 23:11:18 +00:00
Miroslav Stampar
8c32b3653b minor update of false positive check (in considerable amount of cases minus char is filtered/used for other means) 2011-11-20 20:27:30 +00:00
Miroslav Stampar
440b7efe55 minor optimization 2011-11-20 20:14:47 +00:00
Miroslav Stampar
7c1af97852 minor optimization 2011-11-20 19:38:56 +00:00
Miroslav Stampar
e1a92d59de implementing WordPress phpass hash cracking routine 2011-11-20 19:10:46 +00:00
Miroslav Stampar
f1979936c8 minor update 2011-11-18 15:32:33 +00:00
Miroslav Stampar
0df768e24a minor refactoring/optimization 2011-11-16 16:06:21 +00:00
Miroslav Stampar
7314de3490 language update 2011-11-15 11:17:39 +00:00
Miroslav Stampar
ad2762118d minor update 2011-11-14 15:10:39 +00:00
Miroslav Stampar
b888829d12 minor update 2011-11-14 11:39:18 +00:00
Miroslav Stampar
367627c331 minor fix for Python 2.6 2011-11-13 19:09:13 +00:00
Miroslav Stampar
76fb6ba666 minor update 2011-11-13 10:38:27 +00:00
Miroslav Stampar
ccbd93cc2e fix for redirect/HOST header bug 2011-11-11 11:28:27 +00:00
Miroslav Stampar
1061c06617 improvement of redirecting code 2011-11-11 11:07:49 +00:00
Miroslav Stampar
e183437f0b minor typo 2011-11-10 10:30:53 +00:00
Miroslav Stampar
62f8f8d36c bug fix (thanks to zhen zhou) 2011-11-10 10:22:35 +00:00
Miroslav Stampar
6c07573e30 minor update 2011-11-06 11:42:02 +00:00
Miroslav Stampar
030c57a0c8 minor update 2011-11-06 11:18:16 +00:00
Miroslav Stampar
2dbd51e357 fix for google searches 2011-11-06 08:55:09 +00:00
Miroslav Stampar
61e3621855 minor update 2011-11-02 14:33:23 +00:00
Miroslav Stampar
24bda96d9e adding items from John the Ripper's word list to the dictionary for Oracle cracking 2011-11-02 11:21:49 +00:00
Miroslav Stampar
6ec522e14b removal of minor obsolete thingy 2011-11-02 10:41:12 +00:00
Miroslav Stampar
ea125d820d some more speed ups for hash cracking 2011-11-02 09:57:42 +00:00
Miroslav Stampar
2f355db230 minor fix 2011-11-02 09:32:15 +00:00
Miroslav Stampar
0e96af65e6 minor update 2011-11-02 07:06:07 +00:00
Miroslav Stampar
d735582536 major speed improvement of hash cracking 2011-11-02 06:53:43 +00:00
Miroslav Stampar
b3a57391e4 minor update 2011-11-01 20:39:22 +00:00
Miroslav Stampar
3e3f037f1e improvement of hash cracking routine 2011-11-01 19:58:22 +00:00
Miroslav Stampar
4cafc5f31b language update 2011-11-01 19:09:17 +00:00
Miroslav Stampar
43340a7ea5 language 2011-11-01 19:06:27 +00:00
Miroslav Stampar
f9bb762d1d minor improvement (resuming of already cracked values) 2011-11-01 19:00:34 +00:00
Miroslav Stampar
c0cd29f01c minor update 2011-10-31 15:20:40 +00:00
Miroslav Stampar
60cadf4747 better regex used 2011-10-29 10:31:52 +00:00
Miroslav Stampar
ef987c6954 adding compatibility support for using --crawl and --forms together 2011-10-29 09:32:20 +00:00
Miroslav Stampar
ddc4dfe5ff minor refactoring for regarding --forms 2011-10-29 08:32:24 +00:00
Miroslav Stampar
d7866ac78d added support for automatic filtering of badly formed HTML in --forms mode 2011-10-28 21:28:03 +00:00
Miroslav Stampar
1b45c5b56a bug fix 2011-10-28 15:24:35 +00:00
Miroslav Stampar
666a7da12a minor update 2011-10-28 11:28:21 +00:00
Miroslav Stampar
b83fe6113e turning off time adjustment off (now is shown as a tip) because it seems that it never was actually used (payload always left the same) 2011-10-28 11:25:07 +00:00
Miroslav Stampar
e290f2b80b minor update 2011-10-28 11:11:55 +00:00
Miroslav Stampar
7ce3af68fc fixing support for parsing BURP logs 2011-10-27 17:31:34 +00:00
Miroslav Stampar
6b7920d89a minor patch for --tor 2011-10-27 10:52:06 +00:00
Miroslav Stampar
3c31ccd16e minor update 2011-10-26 22:37:04 +00:00
Miroslav Stampar
9d31230d5e minor update 2011-10-26 21:56:26 +00:00
Miroslav Stampar
d64c0af461 minor update 2011-10-26 14:31:00 +00:00
Miroslav Stampar
9c1d1ca5d8 minor update 2011-10-26 14:13:38 +00:00
Miroslav Stampar
2a72c1ae68 minor fix 2011-10-26 11:30:10 +00:00
Miroslav Stampar
a99547363f some fixes 2011-10-26 11:24:15 +00:00
Miroslav Stampar
3d883a2218 minor update 2011-10-26 11:10:15 +00:00
Miroslav Stampar
d467b40ff6 minor fix 2011-10-26 10:54:43 +00:00
Miroslav Stampar
8d668b1833 some updates regarding hash attack 2011-10-26 10:30:32 +00:00
Miroslav Stampar
f41ae9cf49 minor update 2011-10-26 09:40:47 +00:00
Miroslav Stampar
0b68144c8f minor fixes for hash cracking 2011-10-26 09:29:41 +00:00
Miroslav Stampar
18affca0bc minor update 2011-10-26 09:14:18 +00:00
Miroslav Stampar
64ca01ea0e minor update 2011-10-25 22:06:47 +00:00
Miroslav Stampar
35c889a411 minor update 2011-10-25 18:07:33 +00:00
Miroslav Stampar
ee76fed56a minor update 2011-10-25 17:48:20 +00:00
Miroslav Stampar
41ad7f9eab minor update 2011-10-25 17:44:30 +00:00
Miroslav Stampar
86b4a3562f added switch --check-tor 2011-10-25 17:37:43 +00:00
Miroslav Stampar
eaaf6041b9 minor fix 2011-10-25 11:20:42 +00:00
Miroslav Stampar
c1486ed4be adding usage of non-encoded/decoded post data (if data is recognized to be already encoded) by user request 2011-10-25 09:53:44 +00:00
Miroslav Stampar
b07f165d60 quick fix 2011-10-24 18:11:34 +00:00
Miroslav Stampar
23bf52e496 minor refactoring 2011-10-24 09:55:50 +00:00
Miroslav Stampar
cd00c0d084 minor patch 2011-10-24 09:43:59 +00:00
Miroslav Stampar
6d64f87190 minor update 2011-10-24 00:46:54 +00:00
Miroslav Stampar
20ae1c2187 added switch --logic-negative 2011-10-24 00:40:06 +00:00
Miroslav Stampar
8bd3cfdc8e minor update 2011-10-24 00:17:38 +00:00
Miroslav Stampar
d39d36f7a7 minor language beautification 2011-10-23 23:27:56 +00:00
Miroslav Stampar
7c626f1dbe minor fix 2011-10-23 23:18:39 +00:00
Miroslav Stampar
d77a5f5928 update (generalizing ORDER BY approach) 2011-10-23 23:02:01 +00:00
Miroslav Stampar
1dd3fae930 minor fix 2011-10-23 22:27:45 +00:00
Miroslav Stampar
0c29311eb2 minor update 2011-10-23 22:24:57 +00:00
Miroslav Stampar
5863429fc1 minor update 2011-10-23 21:17:45 +00:00
Miroslav Stampar
4a469c3258 minor update 2011-10-23 21:12:34 +00:00
Miroslav Stampar
1f7d87c6a4 bug fix for --code (previously redirecting codes where not considered) 2011-10-23 20:48:37 +00:00
Miroslav Stampar
77e630d89e replaced longer CHAR form of escaped MySQL strings with more compact hex form 2011-10-23 20:19:42 +00:00
Miroslav Stampar
3f0517d3f3 support for non-latin (e.g. cyrillic) URLs 2011-10-23 17:02:48 +00:00
Miroslav Stampar
1c3f4e9e54 minor update 2011-10-23 08:44:21 +00:00
Miroslav Stampar
25f0ec3597 some minor range to xrange conversion (where safe to do) 2011-10-21 22:34:27 +00:00
Miroslav Stampar
eb240243ea minor update 2011-10-21 22:21:41 +00:00
Miroslav Stampar
b4ce857f9b added some comments 2011-10-21 21:29:24 +00:00
Miroslav Stampar
7a3096ce25 some refactoring 2011-10-21 21:12:48 +00:00
Miroslav Stampar
9356f8005c important bug fix 2011-10-21 21:07:06 +00:00
Miroslav Stampar
0a8e45955c minor update 2011-10-21 20:44:18 +00:00
Miroslav Stampar
566d6e4974 minor fix 2011-10-21 20:21:29 +00:00
Miroslav Stampar
05b9951a8b minor beautification 2011-10-21 09:19:31 +00:00
Miroslav Stampar
0db0571f35 minor patch 2011-10-21 09:06:00 +00:00
Miroslav Stampar
12a7fd4054 quick fix 2011-10-20 08:28:57 +00:00
Miroslav Stampar
0cbcbf159c minor fix 2011-10-19 21:35:01 +00:00
Miroslav Stampar
e3a719e7d2 minor update 2011-10-11 22:40:00 +00:00
Miroslav Stampar
7956390631 minor update 2011-10-11 22:27:49 +00:00
Miroslav Stampar
a7a29f33ad minor update 2011-10-11 21:58:57 +00:00
Miroslav Stampar
dacfeafc5f minor optimization 2011-10-10 17:45:16 +00:00
Miroslav Stampar
4989e8e6d3 minor update 2011-10-10 17:29:54 +00:00
Miroslav Stampar
c204f2b221 minor optimization 2011-10-10 14:47:48 +00:00
Miroslav Stampar
47b27a5988 minor improvement of HashDB 2011-10-10 14:23:17 +00:00
Miroslav Stampar
323aa7bf2f minor update 2011-10-09 21:21:41 +00:00
Miroslav Stampar
a31a0aa8d4 minor update 2011-10-06 22:29:49 +00:00
Miroslav Stampar
8720aad6dc transformed cDel to pDel as a more generic option 2011-10-06 22:03:33 +00:00
Miroslav Stampar
dd0ed5f5da adding redirect response to the traffic file 2011-09-28 08:13:46 +00:00
Miroslav Stampar
6d2536f217 minor update 2011-09-27 22:27:34 +00:00
Miroslav Stampar
c0910ca2c8 added one more warning message by request 2011-09-27 22:25:15 +00:00
Miroslav Stampar
b888a84764 minor update 2011-09-27 14:31:58 +00:00
Miroslav Stampar
88f1110c44 adding a new (for now) hidden switch --test-filter for filtering tests by their name 2011-09-27 14:09:25 +00:00
Miroslav Stampar
fd9acfd7d2 fix 2011-09-26 13:36:08 +00:00
Miroslav Stampar
b3b4459c72 minor fix 2011-09-26 13:01:43 +00:00
Miroslav Stampar
34738129c9 minor update 2011-09-25 21:27:58 +00:00
Miroslav Stampar
7e80274fac refactoring 2011-09-25 21:10:45 +00:00
Miroslav Stampar
744636a8c1 switching to SQLite resume support (on error and union techniques this moment) 2011-09-25 20:36:32 +00:00
Miroslav Stampar
ba5eff1de6 minor bug fix 2011-09-23 18:29:45 +00:00
Miroslav Stampar
d95ff4350d bug fix 2011-09-20 13:08:35 +00:00
Miroslav Stampar
4a3580d10b minor fix 2011-09-19 19:08:08 +00:00
Bernardo Damele
f890b29f81 Proper reference to Metasploit Framework as now it's version 4, not 3 anymore 2011-09-12 17:26:22 +00:00
Miroslav Stampar
4fb6dab1a2 minor bug fix 2011-09-12 14:15:57 +00:00
Miroslav Stampar
1bdde51d0e minor just in case update 2011-09-11 16:41:07 +00:00
Miroslav Stampar
02f993583b minor bug fix 2011-09-09 11:36:09 +00:00
Miroslav Stampar
2f4e34f5a0 minor improvement for URI injections 2011-09-08 11:13:12 +00:00
Miroslav Stampar
d434047482 minor bug fix 2011-09-05 09:28:40 +00:00
Miroslav Stampar
08e0eb9b61 minor lower/upper case fix 2011-08-29 13:47:32 +00:00
Miroslav Stampar
9be89422da implemented parameter --skip 2011-08-29 13:29:42 +00:00
Miroslav Stampar
e0f521cf9d minor update regarding --randomize 2011-08-29 13:08:25 +00:00
Miroslav Stampar
ac00014c4a implemented --randomize switch by request 2011-08-29 12:50:52 +00:00
Miroslav Stampar
8fe069b495 minor fix 2011-08-23 21:48:39 +00:00
Miroslav Stampar
01014eca17 by request 2011-08-23 21:45:01 +00:00
Miroslav Stampar
cfc1f2b70b minor update 2011-08-22 22:43:14 +00:00
Miroslav Stampar
f4127a80d7 improvement of UNION based injection detection (with non-NULL kb.uChar values searching of the content inside -1 UNION.. pages is used) 2011-08-22 21:43:46 +00:00
Miroslav Stampar
8a174248dc fix for a bug reported by blueBoy 2011-08-20 20:08:11 +00:00
Miroslav Stampar
cb32d46f2a minor minor update 2011-08-18 06:09:12 +00:00
Miroslav Stampar
54bcc35ba7 important bug fix (connection exception was causing losing of already retrieved data) 2011-08-17 22:31:33 +00:00
Miroslav Stampar
9d31322f3d update regarding special case when conf.uChar appears only in testable pages 2011-08-17 21:40:42 +00:00
Miroslav Stampar
75ec146224 minor beautification 2011-08-17 21:17:02 +00:00
Miroslav Stampar
f46baac70b bug fix (when comment is None this was errornous) 2011-08-17 10:58:29 +00:00
Bernardo Damele
9361e633f4 Minor bug fix - some applications do really set cookies like param="value" with double-quotes 2011-08-16 09:21:01 +00:00
Miroslav Stampar
e1dbb4443b minor update related to the last commit 2011-08-16 07:01:14 +00:00
Miroslav Stampar
7cc5743c5d minor adjustment of a time based char retrievals (no more infinite increasing of timeSec value for problematic characters) 2011-08-16 06:50:20 +00:00
Miroslav Stampar
600ef3eace minor patch 2011-08-16 06:22:04 +00:00
Miroslav Stampar
262996fc5b bug fix 2011-08-16 06:14:40 +00:00
Miroslav Stampar
df4abf1af1 lowering constant value from 10 to 7 for da peace in da houz 2011-08-12 17:19:19 +00:00
Bernardo Damele
702ed73a65 Added --code switch to match in boolean-based tests against the HTTP response code 2011-08-12 16:48:11 +00:00
Bernardo Damele
fff4c34e33 Search for --string and --regexp matches also in HTTP response headers 2011-08-12 15:33:37 +00:00
Bernardo Damele
5e5133b8e7 Should be fixed now 2011-08-12 15:00:11 +00:00
Bernardo Damele
1505cb2a80 typo 2011-08-12 14:51:39 +00:00
Bernardo Damele
702ca22d54 Minor bug fix for URI injections 2011-08-12 14:48:44 +00:00
Bernardo Damele
28bba9f5e6 More verbose warning message 2011-08-12 13:47:38 +00:00
Miroslav Stampar
10bdd90e60 minor speed optimizations (as a result of profiling) 2011-08-12 13:40:37 +00:00
Bernardo Damele
36280b33fa Ask the user wheather or not to adjust the time delay - there have been a case where the forcing of conf.timeSec screwed the result in an extremely lagged and unreliable site 2011-08-12 13:06:40 +00:00
Miroslav Stampar
41ae9bc7ff minor bug fix 2011-08-09 14:20:25 +00:00
Miroslav Stampar
2ad267132a minor update for empty normal responses (like AJAX requests) 2011-08-05 10:55:21 +00:00
Miroslav Stampar
e849b71027 minor typo 2011-08-03 14:31:42 +00:00
Miroslav Stampar
538b49bcc5 removing word "dramatically". i was too excited at the moment :). it is cool and all but we shouldn't put "highly subjective" attribs in reports 2011-08-03 13:26:38 +00:00
Miroslav Stampar
f7562da754 from now on proper union column count should be displayed in injection info output 2011-08-03 10:34:50 +00:00
Miroslav Stampar
9423d15fb3 ORDER BY technique used for finding proper UNION col count (dramatical improvement of speed and capabilities) and one minor bug fix 2011-08-03 09:08:16 +00:00
Miroslav Stampar
07afcd5440 fix for a bug reported by Ahmed Shawky (when user uses --suffix intermixing test default comments with the provided suffix is a big no no) 2011-08-02 18:20:21 +00:00
Miroslav Stampar
07c3d4fb18 minor adjustment 2011-08-02 17:35:43 +00:00
Miroslav Stampar
edab7d01a5 minor fix 2011-08-02 17:31:13 +00:00
Bernardo Damele
c15439ab7f Minor improvement to --passwords output 2011-08-02 09:04:34 +00:00
Miroslav Stampar
cb0981d858 proper way of handling 0 length results (as in __goInferenceProxy) 2011-08-02 08:39:32 +00:00
Miroslav Stampar
0643ced651 minor update 2011-08-02 08:12:43 +00:00
Miroslav Stampar
457f501bbd proper fix 2011-08-01 23:48:38 +00:00
Bernardo Damele
cbd0ea0866 Possible fix for a minor bug 2011-08-01 23:24:39 +00:00
Miroslav Stampar
018d7ed646 improvement for limited queries (more stable to have TOP/LIMIT/OFFSET mechanisms as part of a subquery) 2011-07-31 23:40:09 +00:00
Miroslav Stampar
0627bb02cb minor beautification 2011-07-31 10:21:47 +00:00
Miroslav Stampar
93ae1dfa2b minor bug fix 2011-07-31 08:52:48 +00:00
Miroslav Stampar
68ae8ea5b2 minor refactoring 2011-07-29 10:54:25 +00:00
Miroslav Stampar
e522263640 fix for a neverending data retrieval in large full inband cases 2011-07-29 10:45:09 +00:00
Miroslav Stampar
3fc603843e minor fix 2011-07-27 23:26:36 +00:00
Miroslav Stampar
107089c00b bug fix 2011-07-27 08:25:51 +00:00
Miroslav Stampar
f7eaffcec5 i believe that this could be ok 2011-07-26 21:28:48 +00:00
Bernardo Damele
a2483b3bc4 Aligned OS takeover functionalities to recent Metasploit improvements 2011-07-26 10:29:14 +00:00
Bernardo Damele
938716e361 Proper fix for --start and --stop consistency amongst different techniques 2011-07-26 10:06:28 +00:00
Bernardo Damele
e71f96afe7 Reverted dumb "fix" 2011-07-26 09:42:09 +00:00
Miroslav Stampar
6bbb8139a0 update (smaller memory footprint in postprocessing phase because of safecharencode part) 2011-07-25 20:40:31 +00:00
Miroslav Stampar
5770c08784 minor optimization and refactoring 2011-07-25 20:17:44 +00:00
Bernardo Damele
0a7a648694 Minor bug fix for --start, now all techniques return the same result (before blind techniques returned from one entry behind) 2011-07-25 11:15:18 +00:00
Bernardo Damele
6cbb927012 Partial fix for -o not resumed at following runs if missing from command line 2011-07-25 11:05:49 +00:00
Miroslav Stampar
2033a28ae7 minor update regarding last commit (cleaner code) 2011-07-24 20:44:17 +00:00
Miroslav Stampar
3a3561fdaa doing proper big table support for partial union too 2011-07-24 20:36:44 +00:00
Miroslav Stampar
ec1bc0219c hello big tables, this is sqlmap, sqlmap this is big tables 2011-07-24 09:19:33 +00:00
Miroslav Stampar
82e1e61554 minor speedup 2011-07-23 19:51:19 +00:00
Miroslav Stampar
094dc91e2d minor update (prior to some changes regarding large content retrieval) 2011-07-23 19:04:59 +00:00
Miroslav Stampar
a89140e1ce revisit of Oracle error-based payloads (added replace for '@' as a problematic char for XMLType function) 2011-07-23 06:07:00 +00:00
Miroslav Stampar
8a00ca83af refactoring. nothing special changed 2011-07-21 10:18:11 +00:00
Miroslav Stampar
963f54e6d2 minor fix for parameters containing '=' inside values itself (remark: no parameter name will have '=' nor '%3d' inside; tested and it does a good job) 2011-07-21 10:06:52 +00:00
Miroslav Stampar
7881ded60d quick fix (this other library was doing problems) 2011-07-20 22:20:16 +00:00
Bernardo Damele
d6b52242c7 Meterpreter's sniffer extension freezes 64-bit systems
Meterpreter's priv extension is loaded by default since Metasploit 3.5 or so.
There is no shellcodeexec 64-bit yet, anyway as the Metasploit payload is encoded with a 32-bit encoded (alphanumeric), it's all fine.
2011-07-20 13:50:02 +00:00
Miroslav Stampar
9d996c07fb another quick fix 2011-07-20 13:00:34 +00:00
Miroslav Stampar
fad77dd078 fix for a ImportError bug reported by g@brindi.si 2011-07-20 12:18:36 +00:00
Miroslav Stampar
9cf33ec997 now status is no longer represented in percentage (impossible in cases where we need to support too small and too large dictionaries - technical issues regarding counting) but by the rotating char 2011-07-15 13:24:13 +00:00
Miroslav Stampar
ff8fc90ac7 bug fix 2011-07-13 06:44:15 +00:00
Miroslav Stampar
5c162efbd8 more optimization 2011-07-12 23:21:15 +00:00
Miroslav Stampar
9933edc718 optimization of reflective removal mechanism 2011-07-12 22:28:19 +00:00
Bernardo Damele
cda25cda2f Cosmetics 2011-07-12 20:49:27 +00:00
Miroslav Stampar
3583d6dd1b quick fixes, more work to do 2011-07-12 20:32:19 +00:00
Miroslav Stampar
0126b8eb0e minor revert (it's illegal to use append for updating one array with another array) 2011-07-12 19:34:54 +00:00
Bernardo Damele
48b7245a33 Minor bug fix 2011-07-12 15:47:04 +00:00
Bernardo Damele
0b8c6e4c81 Minor bug fix 2011-07-12 15:30:40 +00:00
Miroslav Stampar
a46b5230f5 minor "patch" 2011-07-11 20:33:16 +00:00
Miroslav Stampar
1f826684f6 disabling multiprocessing (maybe permanently) support for Windows as of complications with sharing dictionary iterator 2011-07-11 13:16:59 +00:00
Miroslav Stampar
7bc6280d53 possible fix for a multi-processing "problem" reported by christopher.oakley@gmail.com 2011-07-11 11:40:27 +00:00
Miroslav Stampar
f5e45bf113 quick fix for a bug reported by jovon.itwaru@gmail.com 2011-07-11 08:54:39 +00:00
Miroslav Stampar
98958f8808 minor minor update 2011-07-10 15:41:45 +00:00
Miroslav Stampar
0d6afca7db adding new switch '--smart' by request 2011-07-10 15:16:58 +00:00
Miroslav Stampar
1e182e6c72 quick fix 2011-07-08 22:34:44 +00:00
Bernardo Damele
651349e229 More verbose critical message 2011-07-08 13:12:53 +00:00
Bernardo Damele
b5dd4d4a63 Minor bug fix for Microsoft Access case expressions (like --common-tables) in UNION query SQL injection 2011-07-08 10:19:01 +00:00
Miroslav Stampar
02bfd05b20 more general approach 2011-07-08 10:03:14 +00:00
Miroslav Stampar
5443e06430 cosmetics (in debug mode [0] is used) 2011-07-08 09:43:52 +00:00
Miroslav Stampar
c463c411b9 minor update 2011-07-08 09:32:58 +00:00
Miroslav Stampar
ba2c06c9dc quick fix 2011-07-08 09:01:32 +00:00
Miroslav Stampar
c517e97a44 few fixes and minor cosmetics 2011-07-08 06:02:31 +00:00
Bernardo Damele
aedcf8c8d7 Changed homepage address 2011-07-07 20:10:03 +00:00
Bernardo Damele
067354b97f Revert of last commit and proper fix to detect UNION query SQL injection against Microsoft Access 2011-07-07 13:20:40 +00:00
Bernardo Damele
9e1a6beb7a Major bug fix in UNION detection, it was a leftover 2011-07-07 00:06:20 +00:00
Bernardo Damele
fcd4e94c04 Higher chances to detect UNION query SQL injection against Microsoft Access 2011-07-06 23:52:44 +00:00
Bernardo Damele
23b4efdcaf Revamp of tamper scripts, now supporting dependencies() function as well. Improved a lot the docstring and retested all. Added a new one from Ahmad too. 2011-07-06 21:04:45 +00:00
Bernardo Damele
0d28c1e9e7 cosmetics 2011-07-06 20:41:13 +00:00
Bernardo Damele
6f6038b534 Quick fix (revert..) 2011-07-06 11:32:12 +00:00
Miroslav Stampar
93b296e02c few bug fixes (NTLM credential parsing was wrong), some switch reordering (few Misc to General), implemented --check-waf switch (irony is that this will also be called highly experimental/unstable while other things will be called "major/turbo/super bug fix/implementation") 2011-07-06 05:44:47 +00:00
Miroslav Stampar
b8ffcf9495 few fixes here and there and multi-core processing for dictionary based hash attack 2011-07-04 19:58:41 +00:00
Miroslav Stampar
34d9a91af1 bulk of fixes 2011-07-02 22:48:56 +00:00
Bernardo Damele
861cdb1b14 cosmetics 2011-07-01 10:04:34 +00:00
Miroslav Stampar
4513ef409e massive (like really massive) dictionary support 2011-06-30 23:44:49 +00:00
Miroslav Stampar
43db6b03a7 update with a feature request (file with list of wordlist files) 2011-06-30 08:42:43 +00:00
Miroslav Stampar
9e453e8709 fix for a bug reported by nightman@email.de 2011-06-29 17:49:59 +00:00
Miroslav Stampar
be9b8bca78 bug fix 2011-06-29 17:39:58 +00:00
Bernardo Damele
9eb683531d Minor improvement at blind SQL inj technique for DB2 2011-06-27 22:28:12 +00:00
Miroslav Stampar
75524c283d minor update 2011-06-27 21:59:31 +00:00
Miroslav Stampar
4be55c811f minor update 2011-06-27 21:48:26 +00:00
Miroslav Stampar
831f083223 minor update 2011-06-27 21:38:12 +00:00
Miroslav Stampar
5b4eaf48d9 minor fix (for those blank suffixes out of nowhere at the end of payload - not related to "-- ") 2011-06-27 21:34:49 +00:00
Miroslav Stampar
8a8b94883b minor update (that default quit in --batch was bothering me - my original idea and it was bad :) 2011-06-27 14:14:49 +00:00
Miroslav Stampar
d72db1bf91 minor update (all misc options are alphabetically ordered) 2011-06-27 08:21:33 +00:00
Bernardo Damele
36c96ef796 Added DB2 support - patch provided by Sebastian Bittig 2011-06-25 09:44:24 +00:00
Miroslav Stampar
e00cf81f7e minor update 2011-06-24 19:50:13 +00:00
Miroslav Stampar
e9286ddd5b fix for a bug reported by g@brindi.si (UnicodeDecodeError: 'ascii' codec can't decode byte 0xc2 in position
47: ordinal not in range(128))
2011-06-24 19:24:11 +00:00
Miroslav Stampar
c4cb367e65 looks nicer (though --tor is implicitly converted into --proxy) 2011-06-24 19:00:53 +00:00
Miroslav Stampar
aa83fe5c66 minor update 2011-06-24 18:19:33 +00:00
Miroslav Stampar
21010f702c minor beautification 2011-06-24 17:46:54 +00:00
Miroslav Stampar
2de88bd90b minor update 2011-06-24 17:19:24 +00:00
Miroslav Stampar
96190cf594 minor update 2011-06-24 17:15:15 +00:00
Bernardo Damele
406f2cda09 Got rid of useless TAB completion in --sql-shell 2011-06-24 13:05:13 +00:00
Bernardo Damele
35ce6dedcf Got rid of useless imports 2011-06-24 09:59:11 +00:00
Bernardo Damele
a78f5b4eb3 Minor adjustment to avoid function and variables with same name 2011-06-24 09:29:11 +00:00
Miroslav Stampar
eaa2a4202f changing to: --crawl=CRAWLDEPTH 2011-06-24 05:40:03 +00:00
Miroslav Stampar
3717b8423f cleanest fix this moment (conf.dbms will for sure deal problems later in any form) 2011-06-22 15:48:44 +00:00
Miroslav Stampar
5190440ea2 minor fix 2011-06-22 15:36:59 +00:00
Miroslav Stampar
97d8729d71 probable fix for a bug reported by m4l1c3 (RuntimeError: maximum recursion depth exceeded) 2011-06-22 15:28:49 +00:00
Miroslav Stampar
52ba3c281e minor update 2011-06-22 14:59:49 +00:00
Miroslav Stampar
4ca37901da thread safe logging+stdout (no more overlapping of log messages and raw output) 2011-06-22 14:53:42 +00:00
Miroslav Stampar
84bc8c3a37 update 2011-06-22 14:39:31 +00:00
Miroslav Stampar
938db1b513 replacing xmlobject logic with our own 2011-06-22 14:33:52 +00:00
Bernardo Damele
1cb12ea659 replaced third-party library python-mysql with python pymysql, http://code.google.com/p/pymysql/ (MIT license) 2011-06-22 13:31:07 +00:00
Miroslav Stampar
e76cb19e35 minor patch 2011-06-22 09:11:12 +00:00
Miroslav Stampar
b16b92fe46 minor update 2011-06-21 20:59:34 +00:00
Miroslav Stampar
2220afbdf5 fix by request 2011-06-21 20:50:16 +00:00
Miroslav Stampar
9e232256f4 reverting that last commit because there is a mess with default dumping (startLimit is set to 0 which is not so friendly with --start and --stop logic) 2011-06-21 18:29:23 +00:00
Miroslav Stampar
3536320fc9 --stop is inclusive ("Last query output entry to retrieve") 2011-06-21 18:08:33 +00:00
Miroslav Stampar
dfc02d8c3c sorry Bernardo, i hope your mobile is turned off :))) 2011-06-20 22:47:24 +00:00
Miroslav Stampar
2a4a284a29 crawler fix (skip binary files) 2011-06-20 22:41:38 +00:00
Miroslav Stampar
20bb1a685b really minor update 2011-06-20 21:57:53 +00:00
Miroslav Stampar
812cd2f19b minor update 2011-06-20 21:47:03 +00:00
Miroslav Stampar
e8ac7414f2 bug fix 2011-06-20 21:36:15 +00:00
Miroslav Stampar
d6062e8fc9 minor fix for crawler and far less message overlaps in future 2011-06-20 21:18:12 +00:00
Miroslav Stampar
8968c708a0 minor update 2011-06-20 14:27:24 +00:00
Miroslav Stampar
17fac6f67f minor update 2011-06-20 13:53:39 +00:00
Miroslav Stampar
29314f425e minor fix 2011-06-20 13:42:31 +00:00
Miroslav Stampar
f09340fc89 minor update 2011-06-20 12:40:14 +00:00
Miroslav Stampar
4d1fa5596b added support for --scope in --crawl mode 2011-06-20 12:37:51 +00:00
Miroslav Stampar
42746cc706 bug fix 2011-06-20 12:18:46 +00:00
Miroslav Stampar
67fab9f2e2 putting this to info messages (user needs to know at this place why is it waiting) 2011-06-20 12:17:19 +00:00
Miroslav Stampar
b1426b5131 bug fix 2011-06-20 12:11:09 +00:00
Miroslav Stampar
cda39ca350 minor update 2011-06-20 11:46:23 +00:00
Miroslav Stampar
07e2c72943 adding Beautifulsoup (BSD) into extras; adding --crawl to options 2011-06-20 11:32:30 +00:00
Miroslav Stampar
8c04aa871a english typo 2011-06-20 11:00:23 +00:00
Miroslav Stampar
bdb530da1f minor update 2011-06-19 10:11:27 +00:00
Miroslav Stampar
d5bc149636 made changes by buawig request (504 is treated as a classical timeout) 2011-06-19 09:57:41 +00:00
Miroslav Stampar
83af83da9e minor beautification (WordsSet is considered as a bad english) 2011-06-18 15:47:19 +00:00
Bernardo Damele
f8c32cf6b9 Moved folder 2011-06-18 12:34:41 +00:00
Bernardo Damele
28ef61b997 Use getPageTextWordsSet() also in --common-columns 2011-06-18 12:30:26 +00:00
Bernardo Damele
6b2f44de14 Minor layout adjustment 2011-06-18 12:27:12 +00:00
Bernardo Damele
cd07139919 Layout adjustments 2011-06-18 11:58:14 +00:00
Miroslav Stampar
31ad0875b4 added by request 2011-06-18 11:34:51 +00:00
Miroslav Stampar
e4be141602 minor fix for --smoke-test 2011-06-18 11:26:17 +00:00
Bernardo Damele
c7e1aeeef2 layout 2011-06-18 11:02:48 +00:00
Miroslav Stampar
905fef0eae now user can explicitly state number of UNION affected columns via --union-cols (e.g. --union-cols=5) 2011-06-18 10:51:14 +00:00
Miroslav Stampar
fde3e4cece better 2011-06-18 09:52:07 +00:00
Miroslav Stampar
2f129b01c0 "Please consider to provide" is a bad English 2011-06-18 09:46:22 +00:00
Miroslav Stampar
1440c9f2d4 minor update 2011-06-17 22:28:07 +00:00
Miroslav Stampar
87e9842371 better language 2011-06-17 22:13:45 +00:00
Miroslav Stampar
ce3170edef minor update/better language 2011-06-17 22:11:40 +00:00
Miroslav Stampar
ec6fa384eb update 2011-06-17 22:04:25 +00:00
Miroslav Stampar
0c9fa5c550 fix 2011-06-17 17:12:47 +00:00
Miroslav Stampar
043f2f92c1 minor update 2011-06-17 17:10:52 +00:00
Miroslav Stampar
c9a6aad5c3 minor fix by request 2011-06-17 16:58:50 +00:00
Miroslav Stampar
a0129dcbcb this is confusing for normal users (i've just get a mail where dude thinks that he needs to use tamper script because of this :) 2011-06-17 16:52:39 +00:00
Miroslav Stampar
f3ee2c09fb cleaner fix 2011-06-17 15:32:23 +00:00
Miroslav Stampar
bb987ec98f fix for DNS leakage 2011-06-17 15:23:58 +00:00
Miroslav Stampar
9498a3f259 little stabilization of multi threading 2011-06-17 12:50:28 +00:00
Miroslav Stampar
d27afaed7e some fixes 2011-06-16 14:27:44 +00:00
Miroslav Stampar
6b1d5a0ab8 minor fix 2011-06-16 14:11:30 +00:00
Miroslav Stampar
530c296519 minor fix 2011-06-16 13:56:17 +00:00
Miroslav Stampar
0eeb48f8f5 some fixes 2011-06-16 13:41:02 +00:00
Miroslav Stampar
7733e5866a minor update regarding mnemonics (again) 2011-06-16 12:34:38 +00:00
Miroslav Stampar
17e4c6b564 minor update regarding mnemonics 2011-06-16 12:26:50 +00:00
Miroslav Stampar
25b923bbc3 minor fixes and minor updates 2011-06-16 12:12:30 +00:00
Miroslav Stampar
3995891ab4 new file containing default settings 2011-06-16 11:43:07 +00:00
Miroslav Stampar
6f681b45ad cleaning up a bit for a configuration mess 2011-06-16 11:42:13 +00:00
Bernardo Damele
f515c9c9e0 Dealt with SVN update login traceback. Need to investigate further why it asks for credentials sometimes 2011-06-16 10:11:11 +00:00
Miroslav Stampar
63d98d8ce6 fix for a bug reported by rdsears@mtu.edu (ignored config file items) 2011-06-16 08:08:49 +00:00
Miroslav Stampar
4d51fa8155 minor update planned for a long time (in case of heuristic test was positive warn the user properly at the end if program fails) 2011-06-15 17:37:28 +00:00
Miroslav Stampar
e0ad72031f minor update 2011-06-15 12:04:30 +00:00
Miroslav Stampar
1d93a03eeb introducing mnemonics 2011-06-15 11:58:50 +00:00
Miroslav Stampar
d55a242908 minor improvement. messages are now warnings (not errors because lots of them are not causing problems for a normal usage) and most of all it's being checked only if the --dependencies is used (until now this switch has been ignored and turned on by default - always) 2011-06-14 19:38:35 +00:00
Miroslav Stampar
a4328e914b minor update 2011-06-14 19:29:42 +00:00
Miroslav Stampar
1e17c0d4a1 switching to debug mode for missing dependencies 2011-06-14 08:47:06 +00:00
Bernardo Damele
8978fded03 typo fix 2011-06-13 19:00:27 +00:00
Bernardo Damele
7152a1ed3b Added --dependences to show which sqlmap dependences are not available 2011-06-13 18:44:02 +00:00
Miroslav Stampar
0990f16f7f minor update for invalid cases like 'iso-8859-1 (western europe)' 2011-06-12 08:36:21 +00:00
Miroslav Stampar
2da56ea507 fix of a language bug 2011-06-11 21:17:30 +00:00
Miroslav Stampar
9331abb96f minor update 2011-06-11 08:33:36 +00:00
Miroslav Stampar
f8dde2c23b adding --titles switch (killer switch for pages with lots of dynamicity and/or international ones) 2011-06-10 23:18:43 +00:00
Miroslav Stampar
15d72ec566 minor improvement for special cases with --string/--regexp 2011-06-10 23:05:47 +00:00
Miroslav Stampar
8fac4605a9 minor fix for None results 2011-06-10 22:28:15 +00:00
Miroslav Stampar
71093b1cad adding one more user friendly message 2011-06-09 09:58:42 +00:00
Miroslav Stampar
fae089646b minor fix 2011-06-09 08:38:17 +00:00
Miroslav Stampar
9202fedf7b minor fix 2011-06-09 08:14:54 +00:00
Miroslav Stampar
af5fe457bd revert of the revert (it's a good idea to have it like this because of problems with e.g. --text-only and binary content) 2011-06-09 07:53:31 +00:00
Miroslav Stampar
8ec4bc9d9d revert of the last commit. have to think about it 2011-06-09 06:32:53 +00:00
Miroslav Stampar
9c093d91f2 minor update 2011-06-09 06:14:35 +00:00
Bernardo Damele
d217cf71b2 Minor bug fix 2011-06-08 23:32:44 +00:00
Bernardo Damele
6aade8e6fc grammar fix, again 2011-06-08 16:40:22 +00:00
Bernardo Damele
d160888784 Grammar fix 2011-06-08 16:25:18 +00:00
Bernardo Damele
1c6ee1dc36 Rephrase 2011-06-08 16:22:16 +00:00
Bernardo Damele
0d8d6a4ace Cosmetics 2011-06-08 16:08:20 +00:00
Bernardo Damele
70cac24909 Cosmetics 2011-06-08 15:31:27 +00:00
Bernardo Damele
64bef644c3 This was missing 2011-06-08 15:30:59 +00:00
Miroslav Stampar
d8155dfae9 change by request 2011-06-08 14:44:11 +00:00
Miroslav Stampar
6387d98ab0 quick fix 2011-06-08 14:42:48 +00:00
Bernardo Damele
0d3e8a76d8 Cosmetics and a missing param 2011-06-08 14:40:42 +00:00
Miroslav Stampar
4a9640160e more concise 2011-06-08 14:35:23 +00:00
Miroslav Stampar
6b81eef65a refactoring 2011-06-08 14:30:12 +00:00
Bernardo Damele
cd6ceb733e Adjustment and refactoring for takeover via web backdoor 2011-06-08 14:16:53 +00:00
Bernardo Damele
cce3208b35 Cleanup 2011-06-08 14:15:34 +00:00
Bernardo Damele
7da3d8dbd1 minor layout adjustment 2011-06-08 13:01:33 +00:00
Miroslav Stampar
f65abdaae3 added switch --cookie-del by request 2011-06-08 08:27:24 +00:00
Miroslav Stampar
4eeeb3655e asking and skipping to the next google result page if no usable links found 2011-06-07 23:24:17 +00:00
Miroslav Stampar
1c633b7351 i am tired of pressing hundred times Ctrl+C in testing phase if --batch is specified 2011-06-07 22:14:18 +00:00
Miroslav Stampar
75c12c5edb fix for a bug reported by cclements@flatearth.​net (TypeError: argument of type 'NoneType' is not iterable) 2011-06-07 21:46:49 +00:00
Miroslav Stampar
e7e23d1b79 fix for a Ctrl+C bug reported by nightman@email.de 2011-06-07 17:16:01 +00:00
Miroslav Stampar
26062ec71e minor update 2011-06-07 15:13:51 +00:00
Miroslav Stampar
50dde39e68 minor update 2011-06-07 10:32:18 +00:00
Miroslav Stampar
e9bf768f23 more refactoring 2011-06-07 10:08:12 +00:00
Miroslav Stampar
7a3cc38e3c refactoring and stabilization of multithreading 2011-06-07 09:50:00 +00:00
Miroslav Stampar
5f7858455d fix for a bug reported by l0rda@l0rda.biz 2011-06-07 05:57:21 +00:00
Miroslav Stampar
03c3f83893 minor fix 2011-06-06 13:34:49 +00:00
Miroslav Stampar
24ed99e5a3 fix for a bug reported by aboynes@gmail.com 2011-06-06 08:50:48 +00:00
Miroslav Stampar
97d8c60c3f better language 2011-06-03 15:58:19 +00:00
Miroslav Stampar
0a620bf322 more info to the user 2011-06-03 15:43:50 +00:00
Miroslav Stampar
8c80413c52 well, important fix for blind based cases (especially OR ones) 2011-06-03 15:29:22 +00:00
Miroslav Stampar
f27181c628 minor improvement for blind based injections with reflected values 2011-06-03 14:41:36 +00:00
Miroslav Stampar
e9eafc2e94 minor update 2011-06-03 14:13:22 +00:00
Miroslav Stampar
64a862ed58 minor usability update 2011-06-03 14:04:02 +00:00
Miroslav Stampar
faf7814869 fix for a fuzz "bug" reported by daniele.rivetti@yahoo.com 2011-06-03 11:01:26 +00:00
Miroslav Stampar
08d6bb4f23 minor fix 2011-06-02 22:13:31 +00:00
Miroslav Stampar
8aa5625cd0 proper fix related to the last commit 2011-06-01 23:00:18 +00:00
Miroslav Stampar
fd57aae779 bug fix (until this moment we had UNION unfunctional for MSSQL) 2011-06-01 22:47:54 +00:00