Commit Graph

556 Commits

Author SHA1 Message Date
Miroslav Stampar
6ebb621228 adding support for (custom) POST injection (marking injection point with '*' in conf.data) 2012-04-17 14:23:00 +00:00
Miroslav Stampar
052d9455fe warning user in cases of "User xyz already has more than 'max_user_connections' active connections" 2012-04-12 09:44:54 +00:00
Miroslav Stampar
8541222080 minor update 2012-04-10 22:26:42 +00:00
Miroslav Stampar
02924eb345 minor update 2012-04-04 23:47:06 +00:00
Bernardo Damele
d106fb5184 layout adjustments 2012-04-04 12:27:24 +00:00
Miroslav Stampar
e05109812f minor improvements regarding data retrieval through DNS channel 2012-04-03 09:18:30 +00:00
Miroslav Stampar
1cd3c3f7af further update of DNS data retrieval mechanism through SQLi 2012-04-02 14:05:30 +00:00
Miroslav Stampar
f7a664b120 enablind DNS server for DNS data exfiltration 2012-03-31 12:08:27 +00:00
Miroslav Stampar
adb5fff6b2 one more update related to the redirection mechanism 2012-03-15 20:17:40 +00:00
Miroslav Stampar
19beb912fa first step toward negative logic support 2012-03-15 15:52:12 +00:00
Miroslav Stampar
3d9b1599d1 minor update 2012-03-15 11:45:32 +00:00
Miroslav Stampar
a7fbc55748 grammar fix 2012-03-13 22:03:23 +00:00
Miroslav Stampar
cd28eb6544 minor update regarding --load-cookies 2012-03-08 10:19:34 +00:00
Miroslav Stampar
2c87d061e9 minor update 2012-03-08 10:03:59 +00:00
Miroslav Stampar
b4cf8b05b3 added switch --load-cookies 2012-03-07 14:48:45 +00:00
Miroslav Stampar
ac5a752b12 Oracle's XMLType doesn't like '#' char too 2012-03-01 11:59:37 +00:00
Miroslav Stampar
570d3a19c2 more general fix 2012-02-24 10:53:28 +00:00
Miroslav Stampar
e8352e504f fixing problems with chars deletition by logging messages in inference mode 2012-02-24 10:48:19 +00:00
Miroslav Stampar
61a25418a9 minor update 2012-02-22 10:45:10 +00:00
Miroslav Stampar
b3bd4144f5 removing of unused imports together with some general code refactoring 2012-02-22 10:40:11 +00:00
Miroslav Stampar
aee269cc14 gazillion changes, nothing will work, muhahaha 2012-02-17 14:22:48 +00:00
Miroslav Stampar
7e9e582eca minor update 2012-02-08 14:23:57 +00:00
Miroslav Stampar
2662fe84f7 minor update 2012-02-08 12:02:50 +00:00
Miroslav Stampar
f7bf1fbe94 upgrade/fixes for direct DBMS access 2012-02-07 10:46:55 +00:00
Miroslav Stampar
8405ef59ac some estetic updates 2012-02-01 14:49:42 +00:00
Miroslav Stampar
9eee6c252d minor update for --scope 2012-01-16 10:28:21 +00:00
Miroslav Stampar
95f89ab63a updating copyright date 2012-01-11 14:59:46 +00:00
Miroslav Stampar
1d0b43b1a2 implemented mechanism for merging cookies by request 2012-01-11 14:28:08 +00:00
Miroslav Stampar
5a8fc44119 minor update 2012-01-07 15:26:54 +00:00
Miroslav Stampar
3f4afdf251 minor fix (crashing if no : in value) 2012-01-07 14:54:56 +00:00
Miroslav Stampar
29f502fe29 some refactoring 2011-12-28 16:27:17 +00:00
Miroslav Stampar
dda979a15a minor refactoring 2011-12-27 12:31:29 +00:00
Miroslav Stampar
c20546dcaa minor refactoring 2011-12-26 12:24:39 +00:00
Miroslav Stampar
b71a81041d implemented --tor-port by request 2011-12-23 10:57:09 +00:00
Miroslav Stampar
a6310c0b21 minor update 2011-12-21 23:04:36 +00:00
Miroslav Stampar
41ccf88990 some more refactoring 2011-12-21 22:09:21 +00:00
Miroslav Stampar
81bd9a201b minor refactoring 2011-12-21 11:50:49 +00:00
Miroslav Stampar
563c0c1066 adding switch --tor-type 2011-12-15 23:19:55 +00:00
Miroslav Stampar
364113441b adding (for now) hidden switch --tor-http (utilizing Tor proxy bundles) 2011-12-14 10:19:45 +00:00
Miroslav Stampar
0f5d48ff20 minor update 2011-12-05 09:25:56 +00:00
Miroslav Stampar
9bc735963b update of redirection mechanism (now 3-state - redirected, original and "ignored" (containing redirection message itself)) 2011-12-04 22:42:19 +00:00
Miroslav Stampar
ec895c3d1a revert of last commit 2011-12-04 16:37:18 +00:00
Miroslav Stampar
393843bf87 it seems that SOCKS4 is safer solution for TOR socks access 2011-12-04 16:23:08 +00:00
Miroslav Stampar
b9ae28dd5e minor beautification 2011-12-02 14:11:43 +00:00
Miroslav Stampar
32ab7171ea minor update 2011-12-01 10:07:39 +00:00
Miroslav Stampar
9975ff8d17 minor update 2011-11-30 19:26:03 +00:00
Miroslav Stampar
872a73f631 minor refactoring 2011-11-29 19:17:07 +00:00
Miroslav Stampar
885b432808 minor update 2011-11-23 21:39:53 +00:00
Miroslav Stampar
ba4234dc42 switching from HTTP proxy to SOCKS proxy for --tor (sick and tired of Polipo/Privoxy bull; either Tor flag is overwritten every here and there or they are putting all kinds of filter warnings) 2011-11-23 21:17:08 +00:00
Miroslav Stampar
14e8ca6d41 minor fix 2011-11-23 14:26:40 +00:00
Miroslav Stampar
2e10de8921 minor update 2011-11-22 12:18:24 +00:00
Miroslav Stampar
eee03871d7 minor refactoring 2011-11-21 21:31:08 +00:00
Miroslav Stampar
65b2b0ad87 adding switch --eval 2011-11-21 16:41:02 +00:00
Miroslav Stampar
7314de3490 language update 2011-11-15 11:17:39 +00:00
Miroslav Stampar
030c57a0c8 minor update 2011-11-06 11:18:16 +00:00
Miroslav Stampar
61e3621855 minor update 2011-11-02 14:33:23 +00:00
Miroslav Stampar
43340a7ea5 language 2011-11-01 19:06:27 +00:00
Miroslav Stampar
ef987c6954 adding compatibility support for using --crawl and --forms together 2011-10-29 09:32:20 +00:00
Miroslav Stampar
ddc4dfe5ff minor refactoring for regarding --forms 2011-10-29 08:32:24 +00:00
Miroslav Stampar
d7866ac78d added support for automatic filtering of badly formed HTML in --forms mode 2011-10-28 21:28:03 +00:00
Miroslav Stampar
7ce3af68fc fixing support for parsing BURP logs 2011-10-27 17:31:34 +00:00
Miroslav Stampar
6b7920d89a minor patch for --tor 2011-10-27 10:52:06 +00:00
Miroslav Stampar
64ca01ea0e minor update 2011-10-25 22:06:47 +00:00
Miroslav Stampar
35c889a411 minor update 2011-10-25 18:07:33 +00:00
Miroslav Stampar
ee76fed56a minor update 2011-10-25 17:48:20 +00:00
Miroslav Stampar
41ad7f9eab minor update 2011-10-25 17:44:30 +00:00
Miroslav Stampar
86b4a3562f added switch --check-tor 2011-10-25 17:37:43 +00:00
Miroslav Stampar
c1486ed4be adding usage of non-encoded/decoded post data (if data is recognized to be already encoded) by user request 2011-10-25 09:53:44 +00:00
Miroslav Stampar
323aa7bf2f minor update 2011-10-09 21:21:41 +00:00
Miroslav Stampar
6d2536f217 minor update 2011-09-27 22:27:34 +00:00
Miroslav Stampar
c0910ca2c8 added one more warning message by request 2011-09-27 22:25:15 +00:00
Miroslav Stampar
88f1110c44 adding a new (for now) hidden switch --test-filter for filtering tests by their name 2011-09-27 14:09:25 +00:00
Miroslav Stampar
7e80274fac refactoring 2011-09-25 21:10:45 +00:00
Miroslav Stampar
744636a8c1 switching to SQLite resume support (on error and union techniques this moment) 2011-09-25 20:36:32 +00:00
Bernardo Damele
f890b29f81 Proper reference to Metasploit Framework as now it's version 4, not 3 anymore 2011-09-12 17:26:22 +00:00
Miroslav Stampar
02f993583b minor bug fix 2011-09-09 11:36:09 +00:00
Miroslav Stampar
9be89422da implemented parameter --skip 2011-08-29 13:29:42 +00:00
Miroslav Stampar
e0f521cf9d minor update regarding --randomize 2011-08-29 13:08:25 +00:00
Miroslav Stampar
7cc5743c5d minor adjustment of a time based char retrievals (no more infinite increasing of timeSec value for problematic characters) 2011-08-16 06:50:20 +00:00
Bernardo Damele
702ed73a65 Added --code switch to match in boolean-based tests against the HTTP response code 2011-08-12 16:48:11 +00:00
Miroslav Stampar
10bdd90e60 minor speed optimizations (as a result of profiling) 2011-08-12 13:40:37 +00:00
Miroslav Stampar
2ad267132a minor update for empty normal responses (like AJAX requests) 2011-08-05 10:55:21 +00:00
Miroslav Stampar
9423d15fb3 ORDER BY technique used for finding proper UNION col count (dramatical improvement of speed and capabilities) and one minor bug fix 2011-08-03 09:08:16 +00:00
Bernardo Damele
938716e361 Proper fix for --start and --stop consistency amongst different techniques 2011-07-26 10:06:28 +00:00
Miroslav Stampar
6bbb8139a0 update (smaller memory footprint in postprocessing phase because of safecharencode part) 2011-07-25 20:40:31 +00:00
Bernardo Damele
6cbb927012 Partial fix for -o not resumed at following runs if missing from command line 2011-07-25 11:05:49 +00:00
Miroslav Stampar
a89140e1ce revisit of Oracle error-based payloads (added replace for '@' as a problematic char for XMLType function) 2011-07-23 06:07:00 +00:00
Miroslav Stampar
f5e45bf113 quick fix for a bug reported by jovon.itwaru@gmail.com 2011-07-11 08:54:39 +00:00
Bernardo Damele
651349e229 More verbose critical message 2011-07-08 13:12:53 +00:00
Miroslav Stampar
c517e97a44 few fixes and minor cosmetics 2011-07-08 06:02:31 +00:00
Bernardo Damele
aedcf8c8d7 Changed homepage address 2011-07-07 20:10:03 +00:00
Bernardo Damele
23b4efdcaf Revamp of tamper scripts, now supporting dependencies() function as well. Improved a lot the docstring and retested all. Added a new one from Ahmad too. 2011-07-06 21:04:45 +00:00
Miroslav Stampar
93b296e02c few bug fixes (NTLM credential parsing was wrong), some switch reordering (few Misc to General), implemented --check-waf switch (irony is that this will also be called highly experimental/unstable while other things will be called "major/turbo/super bug fix/implementation") 2011-07-06 05:44:47 +00:00
Miroslav Stampar
b8ffcf9495 few fixes here and there and multi-core processing for dictionary based hash attack 2011-07-04 19:58:41 +00:00
Bernardo Damele
36c96ef796 Added DB2 support - patch provided by Sebastian Bittig 2011-06-25 09:44:24 +00:00
Miroslav Stampar
aa83fe5c66 minor update 2011-06-24 18:19:33 +00:00
Miroslav Stampar
96190cf594 minor update 2011-06-24 17:15:15 +00:00
Miroslav Stampar
eaa2a4202f changing to: --crawl=CRAWLDEPTH 2011-06-24 05:40:03 +00:00
Miroslav Stampar
5190440ea2 minor fix 2011-06-22 15:36:59 +00:00
Miroslav Stampar
97d8729d71 probable fix for a bug reported by m4l1c3 (RuntimeError: maximum recursion depth exceeded) 2011-06-22 15:28:49 +00:00