Commit Graph

989 Commits

Author SHA1 Message Date
Miroslav Stampar
0b449bb1d9 Fix for an Issue #433 2013-04-10 19:33:31 +02:00
stamparm
f67148a9a4 Update for an Issue #431 2013-04-10 16:43:57 +02:00
stamparm
8c9da95343 Style and consistency update (url -> URL) 2013-04-09 11:48:42 +02:00
stamparm
3948b527dd Update for an Issue #429 2013-04-09 11:36:33 +02:00
stamparm
cce541cc33 Patch for an Issue #429 2013-04-09 10:39:20 +02:00
stamparm
825aa4b8dd Minor language update 2013-03-26 14:27:51 +01:00
stamparm
7447773237 Update for consistency (all other enums are using _ in between words) 2013-03-20 11:10:24 +01:00
stamparm
6969874c02 Switch --no-cast is incompatible with switch --hex (integer values are not being casted in case of --no-cast --hex which is causing unwanted decodings of returned values) 2013-03-19 10:52:37 +01:00
Miroslav Stampar
2f43c3eb9b Minor fix (digest live test case) and some refactoring 2013-03-12 21:16:44 +01:00
Miroslav Stampar
2ada9e9b84 Patch for an Issue Issue #416 2013-03-04 18:05:40 +01:00
stamparm
9ef79df23d Cleaning up cases with Set-Cookie (conf.cj is handling it automatically; also, default redirector needed to be patched) 2013-02-28 13:51:08 +01:00
stamparm
17fa0f568c Minor patch for an Issue #404 2013-02-26 12:55:09 +01:00
stamparm
ecbcd4afe6 Minor update 2013-02-26 12:55:09 +01:00
stamparm
08f0670aca Minor refactoring for an Issue #290 2013-02-21 14:39:22 +01:00
stamparm
8e49872d7c Finalizing implementation for an Issue #290 2013-02-21 14:33:12 +01:00
stamparm
6b2981ef4e Update for an Issue #290 (adding tamper-like scripts into (new) directory waf) 2013-02-21 11:14:57 +01:00
Bernardo Damele
4b9d8ed673 reverted a previous commit as not all distributions create a link file /usr/bin/python2 to the Python interpreter 2013-02-14 11:32:17 +00:00
Bernardo Damele
a67ef4117f make sure to use Python 2 interpreter when default system Python is version 3 2013-02-14 11:25:04 +00:00
Miroslav Stampar
c6d29e093e Fixing issue with newlines after the data in -r mode 2013-02-13 12:36:01 +01:00
Miroslav Stampar
235153ab39 Removal of unused imports 2013-02-04 15:29:13 +01:00
Miroslav Stampar
e7b93b5b66 Implementation for an Issue #363 2013-02-01 17:24:04 +01:00
Miroslav Stampar
d6606a8f31 Patch to prevent problems like Issue #381 2013-01-31 13:58:39 +01:00
Bernardo Damele
c47b44e93f Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-29 15:38:16 +00:00
Bernardo Damele
eeecb3fe2c split init() into two separate functions for API purposes (issue #297) 2013-01-29 15:33:16 +00:00
Miroslav Stampar
f4b7b3fd35 Minor cosmetics 2013-01-29 16:04:20 +01:00
Miroslav Stampar
9eca41bae2 Minor fix 2013-01-29 15:55:50 +01:00
Bernardo Damele
a0b9e0f1c5 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-25 17:11:38 +00:00
Bernardo Damele
195d17449e first test of stdout/stderr redirect to a database when sqlmap is executed from restful API (#297) 2013-01-25 17:11:31 +00:00
Miroslav Stampar
194a9e7b88 Implementation for an Issue #377 2013-01-25 12:34:57 +01:00
Bernardo Damele
5b3c8d8991 first implementation of asynchronous inter-protocol communication between the sqlmap RESTful API and the sqlmap engine with SQLite 2013-01-24 12:57:24 +00:00
Miroslav Stampar
232f8d3585 Fix for an Issue #368 2013-01-23 13:36:17 +01:00
Miroslav Stampar
e9641e30db This last commit was in haste :) 2013-01-19 19:07:38 +01:00
Miroslav Stampar
6a87dd9225 Minor update (just for consistency with the rest of code) 2013-01-19 19:07:06 +01:00
Miroslav Stampar
979e108c87 Minor update (just for consistency with the rest of code) 2013-01-19 19:06:51 +01:00
Miroslav Stampar
efe26ac3f8 In case that content-length header was not in a desired case ('Content-length') POST request file would fail badly (repeating original content-length header value) 2013-01-19 18:28:37 +01:00
Miroslav Stampar
bb6b89fe93 Patch for an Issue #360 2013-01-19 18:06:36 +01:00
Bernardo Damele
a43202f3c0 updated copyright 2013-01-18 14:07:51 +00:00
Miroslav Stampar
33ea811c6c Removing some unused stuff (mainly imports) 2013-01-18 11:50:02 +01:00
Miroslav Stampar
17d36684b5 Removing obsolete proxy handling code (Python < 2.6) 2013-01-18 11:30:52 +01:00
Miroslav Stampar
e941e60b20 Minor just in place update for an Issue #348 2013-01-17 22:44:55 +01:00
Miroslav Stampar
9428d1819e Fix for an Issue #346 2013-01-17 12:03:02 +01:00
Miroslav Stampar
3ab4a5e36d Fix for an Issue #345 2013-01-17 11:50:12 +01:00
Miroslav Stampar
14b7e655a9 Minor refactoring 2013-01-16 16:33:04 +01:00
Miroslav Stampar
053b7d12b4 Minor language update 2013-01-16 16:07:12 +01:00
Miroslav Stampar
fb7243c237 Cleaning a mess where multi-threaded HTTP requests (in log) had sometimes same UIDs 2013-01-16 16:04:00 +01:00
Miroslav Stampar
5571d09354 Minor revert 2013-01-11 11:13:55 +01:00
Miroslav Stampar
ec4e49d771 Minor refactoring 2013-01-10 16:09:28 +01:00
Miroslav Stampar
834be1eddc Restyling redundant 'except Exception' form 2013-01-10 15:54:28 +01:00
Miroslav Stampar
acfeeb4f51 Restyling old form of urlparse 2013-01-10 15:41:07 +01:00
Miroslav Stampar
934d41dac2 Minor style update (PEP8) 2013-01-10 15:02:28 +01:00
Miroslav Stampar
ca3d35a878 Some PEP8 related style cleaning 2013-01-10 13:18:44 +01:00
Miroslav Stampar
05705857a9 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-10 12:09:48 +01:00
Miroslav Stampar
ca1c0c2a1d Minor style update 2013-01-10 11:54:07 +01:00
Bernardo Damele
ca337159f5 added reminder TODO 2013-01-10 01:11:22 +00:00
Bernardo Damele
10f1099944 remove logging handler that shows logging messages to stdout - issue #297 2013-01-10 00:51:56 +00:00
Bernardo Damele
2126a5ba12 minor index fix 2013-01-10 00:00:00 +00:00
Bernardo Damele
794700eb37 preparing to handle logging calls by a separate file descriptor when sqlmap is executed by the REST API - issue #297 2013-01-09 22:08:50 +00:00
Miroslav Stampar
bf5544903b Minor style update 2013-01-09 16:10:26 +01:00
Miroslav Stampar
9bdcb1176d Update for an Issue #169 2013-01-09 15:58:13 +01:00
Miroslav Stampar
25f01a419f Minor style update (for the sake of consistency over the code and our PEP8 adaptation) 2013-01-09 15:38:41 +01:00
Miroslav Stampar
bdd2592848 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-09 15:22:30 +01:00
Miroslav Stampar
3d4f381ab5 Patch for an Issue #169 2013-01-09 15:22:21 +01:00
Bernardo Damele
c44a829b9b pass a pickled options object to sqlmap engine when called from API 2013-01-09 12:34:45 +00:00
Bernardo Damele
1e35b3c8c9 proper link 2013-01-07 16:59:59 +00:00
Bernardo Damele
7fa75792dd Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-07 11:10:08 +00:00
Bernardo Damele
a30d7014b9 removed unused var 2013-01-07 11:05:33 +00:00
Miroslav Stampar
e4a3c015e5 Replacing old and deprecated raise Exception style (PEP8) 2013-01-03 23:20:55 +01:00
Miroslav Stampar
304e52cb4d Minor language update 2013-01-02 22:11:59 +01:00
Miroslav Stampar
09f1cdd8e1 Minor style update 2013-01-02 21:52:50 +01:00
Bernardo Damele
7adaffa71b fixed options initiation 2012-12-20 16:53:43 +00:00
Miroslav Stampar
c2c4601d6e Minor restyling 2012-12-20 11:06:52 +01:00
Bernardo Damele
0500712a03 removed unuseful prints 2012-12-17 13:29:19 +00:00
Bernardo Damele
2926c815bf improved test switch --live-test and minor refactoring 2012-12-17 11:29:33 +00:00
Miroslav Stampar
c3f20a136f Minor update for an Issue #287 2012-12-12 14:03:03 +01:00
Miroslav Stampar
760519dbe9 Removing redundant piece of code 2012-12-11 15:21:27 +01:00
Miroslav Stampar
a54c261496 Minor update for Issues #292 & #293 (only single alert per target) 2012-12-11 14:44:43 +01:00
Miroslav Stampar
6433be8b3d Style update 2012-12-10 17:20:04 +01:00
Miroslav Stampar
974407396e Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods) 2012-12-06 14:14:19 +01:00
Miroslav Stampar
ab67344448 Removed unused imports and variables (pyflake-ing) 2012-12-06 11:15:05 +01:00
Miroslav Stampar
6b007ab188 Minor patch for an Issue #274 (just in case to avoid this kind of problems) 2012-12-04 16:14:14 +01:00
Miroslav Stampar
42a8234c6f Update for an Issue #12 2012-12-03 14:27:01 +01:00
Miroslav Stampar
8410fc5a9d Minor update 2012-12-02 08:00:55 +01:00
Miroslav Stampar
7e2db762d6 Minor update 2012-11-29 15:45:04 +01:00
Miroslav Stampar
8f10023523 Fix for an Issue #266 2012-11-29 15:44:14 +01:00
Miroslav Stampar
35d1146fd1 Minor update for an (Issue #254) 2012-11-28 12:53:11 +01:00
Miroslav Stampar
e2d8b53e97 Minor update for an Issue #264 2012-11-28 11:45:33 +01:00
Miroslav Stampar
cff0c59630 Implementation for an Issue #264 2012-11-28 11:41:39 +01:00
Miroslav Stampar
f08eb0fd9f Minor style update 2012-11-28 10:59:15 +01:00
Miroslav Stampar
d95dd2d16e Preparation for an Issue #254 2012-11-28 10:58:18 +01:00
Miroslav Stampar
6f7f9dd8eb Patch for an Issue #242 2012-11-13 10:41:13 +01:00
Miroslav Stampar
a52dbc575b Patch for an Issue #246 2012-11-13 10:21:11 +01:00
Miroslav Stampar
f305dde413 Patch for an Issue #235 2012-11-10 11:01:29 +01:00
Miroslav Stampar
181c3534f0 Patch for an Issue #237 2012-11-08 19:16:37 +01:00
Miroslav Stampar
e7e83defaa Minor update 2012-11-08 11:09:34 +01:00
Miroslav Stampar
2de52927f3 Code refactoring (epecially Google search code) 2012-10-30 18:38:10 +01:00
Miroslav Stampar
5cfc066ac4 Minor update 2012-10-30 10:30:22 +01:00
Miroslav Stampar
39f565533a In case on --no-cast DUMP_REPLACEMENTS should not be used 2012-10-22 14:13:30 +02:00
Miroslav Stampar
ea49fa2db2 Fix for an Issue #206 2012-10-18 11:11:20 +02:00
Miroslav Stampar
3e64ab214e Minor update 2012-10-16 10:28:59 +02:00
Miroslav Stampar
9aba690a60 Patch for an Issue #203 2012-10-15 16:23:41 +02:00
Miroslav Stampar
e61c4c22c9 Implementation for an Issue #200 2012-10-09 15:19:47 +02:00
Miroslav Stampar
cd9a47835b Minor consistency update 2012-10-09 14:48:26 +02:00
Miroslav Stampar
ea12ccec77 Minor refactoring 2012-10-09 11:33:19 +02:00
Miroslav Stampar
10b0fd21dc Fix for an Issue #198 2012-10-09 11:27:19 +02:00
Miroslav Stampar
8e7449ccd5 Minor update 2012-10-07 20:28:24 +02:00
Miroslav Stampar
ebc7088f94 Implementation for an Issue #128 2012-10-05 10:24:09 +02:00
Miroslav Stampar
461e5ebc5f Work for Issue #197 and Issue #49 2012-10-04 11:25:44 +02:00
Miroslav Stampar
c9e7e71ea2 Implementation for an Issue #195 2012-09-25 10:17:25 +02:00
Miroslav Stampar
9ca7b3e20e Implementation for an Issue #194 2012-09-25 09:25:35 +02:00
Miroslav Stampar
511c3b8dcc Update and fix for an Issue #182 2012-09-11 14:58:52 +02:00
Miroslav Stampar
33980adaef Another update for an Issue #79 2012-08-31 12:46:38 +02:00
Miroslav Stampar
e9ae44c6fc Implementation for an #162 2012-08-22 16:50:01 +02:00
Miroslav Stampar
a62a874d59 Update for an Issue #161 (changing default readInput value regarding the conf.multipleTargets) 2012-08-22 16:06:09 +02:00
Miroslav Stampar
61151447fe Implementation of an Issue #161 2012-08-22 11:27:58 +02:00
Miroslav Stampar
01f481c332 Minor refactoring of dictionaries 2012-08-21 11:19:15 +02:00
Miroslav Stampar
823dde73ab Minor cleanup 2012-08-20 11:40:49 +02:00
Miroslav Stampar
e0d9fa8666 Minor style update 2012-08-20 11:28:41 +02:00
Miroslav Stampar
4649450603 Fix for an Issue #137 2012-08-16 22:20:24 +02:00
Miroslav Stampar
1af81c0de4 Implementation of an Issue #149 2012-08-15 22:31:25 +02:00
Miroslav Stampar
f358ab2e73 Implementation of an Issue #147 2012-08-15 16:37:18 +02:00
Miroslav Stampar
f797a6d813 Fix for an Issue #125 2012-07-31 13:06:45 +02:00
Miroslav Stampar
6f529542e3 Making those --string tips (containing escaped characters) decodable by sqlmap 2012-07-31 11:32:53 +02:00
Miroslav Stampar
142fc887f1 Fix for an Issue #129 2012-07-31 11:03:44 +02:00
Miroslav Stampar
1669c6bdb4 Another update for an Issue #28 2012-07-27 17:05:21 +02:00
Miroslav Stampar
6ffc5665d0 Update for Issue #28 2012-07-27 16:29:33 +02:00
Bernardo Damele
92c2b3bd4c Merge branch 'master' of github.com:sqlmapproject/sqlmap 2012-07-26 23:11:11 +01:00
Bernardo Damele
d492291744 working on issue #12 2012-07-26 23:11:07 +01:00
Miroslav Stampar
30f8d09651 Implementation for an Issue #70 2012-07-26 12:06:02 +02:00
Miroslav Stampar
922ea9d1f4 Update for Issue #118 2012-07-24 15:43:29 +02:00
Miroslav Stampar
f8c9868cb6 Implementation for an Issue #118 2012-07-24 15:34:50 +02:00
Miroslav Stampar
655dd55a6f Implementation of an Issue #105 2012-07-18 13:32:34 +02:00
Miroslav Stampar
e30646a54f Fix for an Issue #103 2012-07-17 10:36:22 +02:00
Miroslav Stampar
c96e44b30c Fix for an Issue #100 2012-07-16 23:28:01 +02:00
Miroslav Stampar
0eff977c63 Refactoring for Issue #91 2012-07-16 12:24:54 +02:00
Miroslav Stampar
4d759984b2 Implementation for Issue #91 2012-07-16 12:12:52 +02:00
Miroslav Stampar
87ecf205cb More work for Issue #66 2012-07-14 17:01:04 +02:00
Miroslav Stampar
32b700f130 Minor style update 2012-07-13 15:02:11 +02:00
Miroslav Stampar
fbb5db00ba Minor style update 2012-07-13 15:00:39 +02:00
Miroslav Stampar
d834e8debf Minor update 2012-07-13 10:28:03 +02:00
Bernardo Damele
162da75a04 modified homepage address 2012-07-12 18:38:03 +01:00
Miroslav Stampar
569c9214bf Adding support for boldifying important logging messages 2012-07-12 16:30:35 +02:00
Miroslav Stampar
8e18514e56 Minor refactoring for all that stickyness 2012-07-12 15:58:45 +02:00
Miroslav Stampar
dbbca16c69 Minor renaming 2012-07-12 15:24:40 +02:00
Miroslav Stampar
9bc24cea6b Dealing with kb.currentMessage issue 2012-07-12 15:23:35 +02:00
Miroslav Stampar
65639cdda6 First update for Issue #75 (error-based dumping) 2012-07-12 14:31:28 +02:00
Bernardo Damele
247f95e051 restored kb.currentMessage - needed in cases where we send to dataToStdout() strings like "." (e.g. "creation in progres ..... done") 2012-07-11 22:48:27 +01:00
Miroslav Stampar
d7926b8aac Minor refactoring 2012-07-11 19:54:21 +02:00
Bernardo Damele
77b275f1a6 conf->kb 2012-07-11 17:32:12 +01:00
Bernardo Damele
105ac8ea77 deleted unnecessary hg file 2012-07-11 17:06:56 +01:00
Bernardo Damele
fa2f6f9a39 colourize manually crafter "logging" messages 2012-07-11 16:48:30 +01:00
Miroslav Stampar
8caffac4bc conf.unescape->kb.unescape 2012-07-10 10:55:04 +02:00
Bernardo Damele
eb7ffb8f91 setup for implementing logging colouring - issue #77 2012-07-10 02:54:37 +01:00
Bernardo Damele
a27f50ed1d added conf.unescape global variable to control whether or not the injected statements should be unescaped 2012-07-10 01:37:16 +01:00
Bernardo Damele
2527554f8e more work on #33 2012-07-10 00:53:07 +01:00
Miroslav Stampar
8c871476ee Some more refactoring 2012-07-06 17:34:40 +02:00
Miroslav Stampar
6bc0b34031 Some more refactoring 2012-07-06 17:28:01 +02:00
Miroslav Stampar
e948e4d45b Some more refactoring 2012-07-06 17:18:22 +02:00
Miroslav Stampar
6a05e3fd79 Fix for Issue #61 2012-07-06 14:24:44 +02:00
Miroslav Stampar
168aeadf76 Adding switch --output-dir (Issue #53) 2012-07-03 00:50:23 +02:00
Bernardo Damele
7b4ecd9df0 added skeleton code for issue #34, still not usable 2012-07-02 00:22:34 +01:00
Miroslav Stampar
2a72fcce2b Fix for Issue #42 2012-06-28 13:55:30 +02:00
jekil
c39e5a85ba Removed $id$ tags 2012-06-27 20:56:43 +02:00
Miroslav Stampar
ec44e88db8 lots of refactoring regarding removal of already obsolete session file mechanism 2012-06-21 10:09:10 +00:00
Miroslav Stampar
06be7bbb18 few just in case fixes (unarrayizeValue in dumpTable entries) and and some refactoring (unique is now not done for every union case but only if detected that there are duplicates in union test) 2012-06-15 20:41:53 +00:00
Miroslav Stampar
76584ff0fa unhidding --test-filter 2012-06-14 14:36:53 +00:00
Miroslav Stampar
3a90105fbb minor refactoring 2012-06-14 13:38:53 +00:00
Miroslav Stampar
f94ebe3107 minor fix (credentials were only set for the first target) 2012-06-04 22:30:12 +00:00
Miroslav Stampar
7b282b1d6c adding support for newer SSL protocols 2012-06-04 19:46:28 +00:00
Miroslav Stampar
b1d82422a0 changing conf.dnsDomain to conf.dName just because of long text problems in help listing 2012-05-28 14:15:04 +00:00
Miroslav Stampar
71ff081fde minor update 2012-05-27 09:11:19 +00:00
Miroslav Stampar
d335ec0c34 turning back on time auto-adjustment mechanism (if turned off) after a threshold run of valid chars 2012-05-26 07:00:26 +00:00
Miroslav Stampar
86fdad2bfa minor update 2012-05-24 22:07:50 +00:00
Miroslav Stampar
595f69fa2c minor language update 2012-05-10 18:30:25 +00:00
Miroslav Stampar
35f400b45b minor language upgrade 2012-05-10 18:25:12 +00:00
Miroslav Stampar
80aedbe284 adding a warning about --tor switch 2012-05-10 18:17:32 +00:00
Miroslav Stampar
17efeaae7f causing too much confusion among dummy users 2012-05-01 09:04:11 +00:00
Miroslav Stampar
cec432f94d minor update 2012-04-23 14:43:59 +00:00
Miroslav Stampar
697768c01a adding --purge-output to be one of mandatory switches 2012-04-23 14:42:24 +00:00
Miroslav Stampar
d57d5e4b2c minor update 2012-04-23 14:33:36 +00:00
Miroslav Stampar
095b25e1d1 adding option '--purge' 2012-04-23 14:24:23 +00:00
Miroslav Stampar
be2da77bf8 minor update 2012-04-23 10:15:04 +00:00
Miroslav Stampar
21c6b52198 minor fix 2012-04-23 10:11:00 +00:00
Miroslav Stampar
2b1b4c0742 minor fix 2012-04-18 10:01:04 +00:00
Miroslav Stampar
6ebb621228 adding support for (custom) POST injection (marking injection point with '*' in conf.data) 2012-04-17 14:23:00 +00:00
Miroslav Stampar
052d9455fe warning user in cases of "User xyz already has more than 'max_user_connections' active connections" 2012-04-12 09:44:54 +00:00
Miroslav Stampar
8541222080 minor update 2012-04-10 22:26:42 +00:00
Miroslav Stampar
02924eb345 minor update 2012-04-04 23:47:06 +00:00
Bernardo Damele
d106fb5184 layout adjustments 2012-04-04 12:27:24 +00:00
Miroslav Stampar
e05109812f minor improvements regarding data retrieval through DNS channel 2012-04-03 09:18:30 +00:00
Miroslav Stampar
1cd3c3f7af further update of DNS data retrieval mechanism through SQLi 2012-04-02 14:05:30 +00:00
Miroslav Stampar
f7a664b120 enablind DNS server for DNS data exfiltration 2012-03-31 12:08:27 +00:00
Miroslav Stampar
adb5fff6b2 one more update related to the redirection mechanism 2012-03-15 20:17:40 +00:00
Miroslav Stampar
19beb912fa first step toward negative logic support 2012-03-15 15:52:12 +00:00
Miroslav Stampar
3d9b1599d1 minor update 2012-03-15 11:45:32 +00:00
Miroslav Stampar
a7fbc55748 grammar fix 2012-03-13 22:03:23 +00:00
Miroslav Stampar
cd28eb6544 minor update regarding --load-cookies 2012-03-08 10:19:34 +00:00
Miroslav Stampar
2c87d061e9 minor update 2012-03-08 10:03:59 +00:00
Miroslav Stampar
b4cf8b05b3 added switch --load-cookies 2012-03-07 14:48:45 +00:00
Miroslav Stampar
ac5a752b12 Oracle's XMLType doesn't like '#' char too 2012-03-01 11:59:37 +00:00
Miroslav Stampar
570d3a19c2 more general fix 2012-02-24 10:53:28 +00:00
Miroslav Stampar
e8352e504f fixing problems with chars deletition by logging messages in inference mode 2012-02-24 10:48:19 +00:00
Miroslav Stampar
61a25418a9 minor update 2012-02-22 10:45:10 +00:00
Miroslav Stampar
b3bd4144f5 removing of unused imports together with some general code refactoring 2012-02-22 10:40:11 +00:00
Miroslav Stampar
aee269cc14 gazillion changes, nothing will work, muhahaha 2012-02-17 14:22:48 +00:00
Miroslav Stampar
7e9e582eca minor update 2012-02-08 14:23:57 +00:00
Miroslav Stampar
2662fe84f7 minor update 2012-02-08 12:02:50 +00:00
Miroslav Stampar
f7bf1fbe94 upgrade/fixes for direct DBMS access 2012-02-07 10:46:55 +00:00
Miroslav Stampar
8405ef59ac some estetic updates 2012-02-01 14:49:42 +00:00
Miroslav Stampar
9eee6c252d minor update for --scope 2012-01-16 10:28:21 +00:00
Miroslav Stampar
95f89ab63a updating copyright date 2012-01-11 14:59:46 +00:00
Miroslav Stampar
1d0b43b1a2 implemented mechanism for merging cookies by request 2012-01-11 14:28:08 +00:00
Miroslav Stampar
5a8fc44119 minor update 2012-01-07 15:26:54 +00:00
Miroslav Stampar
3f4afdf251 minor fix (crashing if no : in value) 2012-01-07 14:54:56 +00:00
Miroslav Stampar
29f502fe29 some refactoring 2011-12-28 16:27:17 +00:00
Miroslav Stampar
dda979a15a minor refactoring 2011-12-27 12:31:29 +00:00
Miroslav Stampar
c20546dcaa minor refactoring 2011-12-26 12:24:39 +00:00
Miroslav Stampar
b71a81041d implemented --tor-port by request 2011-12-23 10:57:09 +00:00
Miroslav Stampar
a6310c0b21 minor update 2011-12-21 23:04:36 +00:00
Miroslav Stampar
41ccf88990 some more refactoring 2011-12-21 22:09:21 +00:00
Miroslav Stampar
81bd9a201b minor refactoring 2011-12-21 11:50:49 +00:00
Miroslav Stampar
563c0c1066 adding switch --tor-type 2011-12-15 23:19:55 +00:00
Miroslav Stampar
364113441b adding (for now) hidden switch --tor-http (utilizing Tor proxy bundles) 2011-12-14 10:19:45 +00:00
Miroslav Stampar
0f5d48ff20 minor update 2011-12-05 09:25:56 +00:00
Miroslav Stampar
9bc735963b update of redirection mechanism (now 3-state - redirected, original and "ignored" (containing redirection message itself)) 2011-12-04 22:42:19 +00:00
Miroslav Stampar
ec895c3d1a revert of last commit 2011-12-04 16:37:18 +00:00
Miroslav Stampar
393843bf87 it seems that SOCKS4 is safer solution for TOR socks access 2011-12-04 16:23:08 +00:00
Miroslav Stampar
b9ae28dd5e minor beautification 2011-12-02 14:11:43 +00:00
Miroslav Stampar
32ab7171ea minor update 2011-12-01 10:07:39 +00:00
Miroslav Stampar
9975ff8d17 minor update 2011-11-30 19:26:03 +00:00
Miroslav Stampar
872a73f631 minor refactoring 2011-11-29 19:17:07 +00:00
Miroslav Stampar
885b432808 minor update 2011-11-23 21:39:53 +00:00
Miroslav Stampar
ba4234dc42 switching from HTTP proxy to SOCKS proxy for --tor (sick and tired of Polipo/Privoxy bull; either Tor flag is overwritten every here and there or they are putting all kinds of filter warnings) 2011-11-23 21:17:08 +00:00
Miroslav Stampar
14e8ca6d41 minor fix 2011-11-23 14:26:40 +00:00
Miroslav Stampar
2e10de8921 minor update 2011-11-22 12:18:24 +00:00
Miroslav Stampar
eee03871d7 minor refactoring 2011-11-21 21:31:08 +00:00
Miroslav Stampar
65b2b0ad87 adding switch --eval 2011-11-21 16:41:02 +00:00
Miroslav Stampar
7314de3490 language update 2011-11-15 11:17:39 +00:00
Miroslav Stampar
030c57a0c8 minor update 2011-11-06 11:18:16 +00:00
Miroslav Stampar
61e3621855 minor update 2011-11-02 14:33:23 +00:00
Miroslav Stampar
43340a7ea5 language 2011-11-01 19:06:27 +00:00
Miroslav Stampar
ef987c6954 adding compatibility support for using --crawl and --forms together 2011-10-29 09:32:20 +00:00
Miroslav Stampar
ddc4dfe5ff minor refactoring for regarding --forms 2011-10-29 08:32:24 +00:00
Miroslav Stampar
d7866ac78d added support for automatic filtering of badly formed HTML in --forms mode 2011-10-28 21:28:03 +00:00
Miroslav Stampar
7ce3af68fc fixing support for parsing BURP logs 2011-10-27 17:31:34 +00:00
Miroslav Stampar
6b7920d89a minor patch for --tor 2011-10-27 10:52:06 +00:00
Miroslav Stampar
64ca01ea0e minor update 2011-10-25 22:06:47 +00:00
Miroslav Stampar
35c889a411 minor update 2011-10-25 18:07:33 +00:00
Miroslav Stampar
ee76fed56a minor update 2011-10-25 17:48:20 +00:00
Miroslav Stampar
41ad7f9eab minor update 2011-10-25 17:44:30 +00:00
Miroslav Stampar
86b4a3562f added switch --check-tor 2011-10-25 17:37:43 +00:00
Miroslav Stampar
c1486ed4be adding usage of non-encoded/decoded post data (if data is recognized to be already encoded) by user request 2011-10-25 09:53:44 +00:00
Miroslav Stampar
323aa7bf2f minor update 2011-10-09 21:21:41 +00:00
Miroslav Stampar
6d2536f217 minor update 2011-09-27 22:27:34 +00:00
Miroslav Stampar
c0910ca2c8 added one more warning message by request 2011-09-27 22:25:15 +00:00
Miroslav Stampar
88f1110c44 adding a new (for now) hidden switch --test-filter for filtering tests by their name 2011-09-27 14:09:25 +00:00
Miroslav Stampar
7e80274fac refactoring 2011-09-25 21:10:45 +00:00
Miroslav Stampar
744636a8c1 switching to SQLite resume support (on error and union techniques this moment) 2011-09-25 20:36:32 +00:00
Bernardo Damele
f890b29f81 Proper reference to Metasploit Framework as now it's version 4, not 3 anymore 2011-09-12 17:26:22 +00:00
Miroslav Stampar
02f993583b minor bug fix 2011-09-09 11:36:09 +00:00
Miroslav Stampar
9be89422da implemented parameter --skip 2011-08-29 13:29:42 +00:00
Miroslav Stampar
e0f521cf9d minor update regarding --randomize 2011-08-29 13:08:25 +00:00
Miroslav Stampar
7cc5743c5d minor adjustment of a time based char retrievals (no more infinite increasing of timeSec value for problematic characters) 2011-08-16 06:50:20 +00:00
Bernardo Damele
702ed73a65 Added --code switch to match in boolean-based tests against the HTTP response code 2011-08-12 16:48:11 +00:00
Miroslav Stampar
10bdd90e60 minor speed optimizations (as a result of profiling) 2011-08-12 13:40:37 +00:00
Miroslav Stampar
2ad267132a minor update for empty normal responses (like AJAX requests) 2011-08-05 10:55:21 +00:00
Miroslav Stampar
9423d15fb3 ORDER BY technique used for finding proper UNION col count (dramatical improvement of speed and capabilities) and one minor bug fix 2011-08-03 09:08:16 +00:00
Bernardo Damele
938716e361 Proper fix for --start and --stop consistency amongst different techniques 2011-07-26 10:06:28 +00:00
Miroslav Stampar
6bbb8139a0 update (smaller memory footprint in postprocessing phase because of safecharencode part) 2011-07-25 20:40:31 +00:00
Bernardo Damele
6cbb927012 Partial fix for -o not resumed at following runs if missing from command line 2011-07-25 11:05:49 +00:00
Miroslav Stampar
a89140e1ce revisit of Oracle error-based payloads (added replace for '@' as a problematic char for XMLType function) 2011-07-23 06:07:00 +00:00
Miroslav Stampar
f5e45bf113 quick fix for a bug reported by jovon.itwaru@gmail.com 2011-07-11 08:54:39 +00:00
Bernardo Damele
651349e229 More verbose critical message 2011-07-08 13:12:53 +00:00
Miroslav Stampar
c517e97a44 few fixes and minor cosmetics 2011-07-08 06:02:31 +00:00
Bernardo Damele
aedcf8c8d7 Changed homepage address 2011-07-07 20:10:03 +00:00
Bernardo Damele
23b4efdcaf Revamp of tamper scripts, now supporting dependencies() function as well. Improved a lot the docstring and retested all. Added a new one from Ahmad too. 2011-07-06 21:04:45 +00:00
Miroslav Stampar
93b296e02c few bug fixes (NTLM credential parsing was wrong), some switch reordering (few Misc to General), implemented --check-waf switch (irony is that this will also be called highly experimental/unstable while other things will be called "major/turbo/super bug fix/implementation") 2011-07-06 05:44:47 +00:00
Miroslav Stampar
b8ffcf9495 few fixes here and there and multi-core processing for dictionary based hash attack 2011-07-04 19:58:41 +00:00
Bernardo Damele
36c96ef796 Added DB2 support - patch provided by Sebastian Bittig 2011-06-25 09:44:24 +00:00
Miroslav Stampar
aa83fe5c66 minor update 2011-06-24 18:19:33 +00:00
Miroslav Stampar
96190cf594 minor update 2011-06-24 17:15:15 +00:00
Miroslav Stampar
eaa2a4202f changing to: --crawl=CRAWLDEPTH 2011-06-24 05:40:03 +00:00
Miroslav Stampar
5190440ea2 minor fix 2011-06-22 15:36:59 +00:00
Miroslav Stampar
97d8729d71 probable fix for a bug reported by m4l1c3 (RuntimeError: maximum recursion depth exceeded) 2011-06-22 15:28:49 +00:00
Miroslav Stampar
84bc8c3a37 update 2011-06-22 14:39:31 +00:00
Miroslav Stampar
938db1b513 replacing xmlobject logic with our own 2011-06-22 14:33:52 +00:00
Miroslav Stampar
f09340fc89 minor update 2011-06-20 12:40:14 +00:00
Miroslav Stampar
4d1fa5596b added support for --scope in --crawl mode 2011-06-20 12:37:51 +00:00
Miroslav Stampar
b1426b5131 bug fix 2011-06-20 12:11:09 +00:00
Miroslav Stampar
cda39ca350 minor update 2011-06-20 11:46:23 +00:00
Miroslav Stampar
07e2c72943 adding Beautifulsoup (BSD) into extras; adding --crawl to options 2011-06-20 11:32:30 +00:00
Bernardo Damele
cd07139919 Layout adjustments 2011-06-18 11:58:14 +00:00
Miroslav Stampar
905fef0eae now user can explicitly state number of UNION affected columns via --union-cols (e.g. --union-cols=5) 2011-06-18 10:51:14 +00:00
Miroslav Stampar
f3ee2c09fb cleaner fix 2011-06-17 15:32:23 +00:00
Miroslav Stampar
bb987ec98f fix for DNS leakage 2011-06-17 15:23:58 +00:00
Miroslav Stampar
6f681b45ad cleaning up a bit for a configuration mess 2011-06-16 11:42:13 +00:00
Miroslav Stampar
63d98d8ce6 fix for a bug reported by rdsears@mtu.edu (ignored config file items) 2011-06-16 08:08:49 +00:00
Miroslav Stampar
4d51fa8155 minor update planned for a long time (in case of heuristic test was positive warn the user properly at the end if program fails) 2011-06-15 17:37:28 +00:00
Miroslav Stampar
d55a242908 minor improvement. messages are now warnings (not errors because lots of them are not causing problems for a normal usage) and most of all it's being checked only if the --dependencies is used (until now this switch has been ignored and turned on by default - always) 2011-06-14 19:38:35 +00:00
Bernardo Damele
8978fded03 typo fix 2011-06-13 19:00:27 +00:00
Bernardo Damele
7152a1ed3b Added --dependences to show which sqlmap dependences are not available 2011-06-13 18:44:02 +00:00
Miroslav Stampar
9331abb96f minor update 2011-06-11 08:33:36 +00:00
Miroslav Stampar
9202fedf7b minor fix 2011-06-09 08:14:54 +00:00
Bernardo Damele
0d8d6a4ace Cosmetics 2011-06-08 16:08:20 +00:00
Miroslav Stampar
4eeeb3655e asking and skipping to the next google result page if no usable links found 2011-06-07 23:24:17 +00:00
Miroslav Stampar
7a3cc38e3c refactoring and stabilization of multithreading 2011-06-07 09:50:00 +00:00
Miroslav Stampar
8aa5625cd0 proper fix related to the last commit 2011-06-01 23:00:18 +00:00
Miroslav Stampar
20988e58ed warp 5 mr spock :) 2011-05-30 09:46:32 +00:00
Miroslav Stampar
86455ceb9c implementation of multithreading for UNION and ERROR techniques 2011-05-29 23:17:50 +00:00
Miroslav Stampar
c11ea35d53 adding some user input for "refreshing" cases (like redirect ones) 2011-05-27 22:42:23 +00:00
Miroslav Stampar
4f46a5ab63 minor usability enhancement regarding warning for --text-only switch 2011-05-26 20:48:18 +00:00
Miroslav Stampar
ff030e4d24 minor cleanup of the leftover 2011-05-26 17:37:24 +00:00
Miroslav Stampar
b6fe5b12a4 adding --schema to the wizard/Basic as it looks like a cool thingy to put there 2011-05-26 14:30:05 +00:00
Miroslav Stampar
2f456bee75 minor beautification 2011-05-25 08:14:39 +00:00
Miroslav Stampar
8b7a3c5a6b making it easier for totally dummy users 2011-05-24 17:24:01 +00:00
Miroslav Stampar
bec2c04671 helping dummy users 2011-05-24 17:15:25 +00:00
Miroslav Stampar
f774d8fea0 proper Tor settings (reverted r3915 and implemented it the right way) 2011-05-24 11:06:58 +00:00
Miroslav Stampar
a536bf210f improved redirection mechanism 2011-05-23 23:20:03 +00:00
Miroslav Stampar
2ea613b170 type correction and adding global flag kb.ignoreTimeout which could be useful 2011-05-22 08:24:13 +00:00
Miroslav Stampar
25fff8c135 changes in handling --tor (using SOCKS instead of HTTP for handling Tor - more standard way; doesn't require proxy bundle; fixes problems with default proxy ports on Win/Linux) 2011-05-21 11:46:57 +00:00
Miroslav Stampar
9832fc42d4 minor improvement for --tamper (now standard tamper scripts can be used like --tamper=randomcase) 2011-05-18 21:47:40 +00:00
Miroslav Stampar
3048e9f710 minor refactoring 2011-05-17 23:03:31 +00:00
Miroslav Stampar
cc07e5dc97 added --charset option to force charset encoding of the retrieved data (e.g. when the backend collation is different than the current web page charset) as requested by devon.mitchell1988@y​ahoo.com 2011-05-17 22:55:22 +00:00
Miroslav Stampar
faa74cd2bc introducing results file for multiple target mode 2011-05-15 22:21:38 +00:00
Miroslav Stampar
a7d7be5ce0 bug fix ('Host' header was being set to the conf.hostname for all getPages causing problems in some cases when retrieved page was not coming from that same Host) 2011-05-13 01:01:53 +00:00
Miroslav Stampar
0b2da2f9f5 minor beautification for --tor switch 2011-05-12 05:46:17 +00:00
Miroslav Stampar
e05a9c0554 i was probably very tired or very stupid to do this 2011-05-11 13:13:46 +00:00
Miroslav Stampar
53065ee1fb adding ordered set for kb.targetUrls (now the order of appereance in multiple targets mode will be respected) 2011-05-11 08:55:48 +00:00
Miroslav Stampar
5ee07b90b9 added -m switch for bulk loading multiple targets 2011-05-11 08:46:40 +00:00
Miroslav Stampar
192c685bc8 changing conf attribute to a more proper name 2011-05-10 20:48:34 +00:00
Miroslav Stampar
deae534ee7 minor refactoring 2011-05-10 20:44:36 +00:00
Bernardo Damele
97bc816aeb layout 2011-05-10 16:24:09 +00:00
Bernardo Damele
3a8309c4b0 Major bug fix to detect UNION query technique and various improvements to parsing and using of --union-char and --union-cols switches 2011-05-10 15:34:54 +00:00
Miroslav Stampar
707edc7b1a fix for a bug (previously --dbms="mysql 4" was ignored and abruptly terminated while the mechanism was here all along) 2011-05-10 13:28:07 +00:00
Miroslav Stampar
a64407d9db minor bug fix for multithreading and lots of connection retries 2011-05-10 12:40:01 +00:00
Bernardo Damele
6653907700 forgot in last commit 2011-05-07 21:13:56 +00:00
Bernardo Damele
aae140080e SVN roll back, DB2 patch will be recommitted after testing:
$ svn merge https://svn.sqlmap.org/sqlmap/trunk/sqlmap@HEAD https://svn.sqlmap.org/sqlmap/trunk/sqlmap@3847 .
2011-05-06 10:27:43 +00:00
Miroslav Stampar
6e392b6054 applying contributed patch for DB2 2011-05-06 09:30:39 +00:00
Miroslav Stampar
5e9620198c fix for a privately reported bug ("AttributeError: item is disabled") 2011-05-02 18:18:04 +00:00
Miroslav Stampar
93dee30895 better fix for the previous commit 2011-05-02 13:34:55 +00:00
Miroslav Stampar
20ad1c1f2f minor update to not confuse users when using -o 2011-05-02 13:24:35 +00:00
Bernardo Damele
955dbc85e7 Minor variable rename 2011-04-30 15:29:59 +00:00
Bernardo Damele
f56d135438 Minor code restyling 2011-04-30 13:20:05 +00:00
Miroslav Stampar
983546d6bf proper fix 2011-04-30 07:01:21 +00:00
Bernardo Damele
956e75e2b5 Minor adjustment to --mobile.
Bug fix to --random-agent.
2011-04-29 21:50:48 +00:00
Miroslav Stampar
11124b21f9 implemented --mobile switch 2011-04-29 19:27:23 +00:00
Bernardo Damele
e35f25b2cb Major recode of --os-pwn functionality. Now the Metasploit shellcode can not be run as a Metasploit generated payload stager anymore. Instead it can be run on the target system either via sys_bineval() (as it was before, anti-forensics mode, all the same) or via shellcodeexec executable. Advantages are that:
* It is stealthier as the shellcode itself does not touch the filesystem, it's an argument passed to shellcodeexec at runtime.
* shellcodeexec is not (yet) recognized as malicious by any (Avast excluded) AV product.
* shellcodeexec binary size is significantly smaller than a Metasploit payload stager (even when packed with UPX).
* UPX now is not needed anymore, so sqlmap package is also way smaller and less likely to be detected itself as malicious by your AV software.
shellcodeexec source code, compilation files and binaries are in extra/shellcodeexec/ folder now - copied over from https://github.com/inquisb/shellcodeexec.
Minor code refactoring.
2011-04-24 23:01:21 +00:00
Bernardo Damele
d0dff82ce0 Minor code refactoring relating set/get back-end DBMS operating system and minor bug fix to properly enforce OS value with --os switch 2011-04-23 16:25:09 +00:00
Miroslav Stampar
f88aa4b165 implemented suppressResumeInfo mechanism (huge slowdown on large tables) 2011-04-22 19:58:10 +00:00
Bernardo Damele
b667c50588 store/resume info on xp_cmd available in session file 2011-04-21 14:25:04 +00:00
Bernardo Damele
11ecd16099 cosmetics 2011-04-21 10:08:38 +00:00