Miroslav Stampar
|
6c87bd1c63
|
added maskSensitiveData function
|
2011-02-02 14:25:16 +00:00 |
|
Bernardo Damele
|
5f0114a2a8
|
Minor bug fix
|
2011-02-02 14:06:40 +00:00 |
|
Miroslav Stampar
|
8134c2154a
|
adding WHERE enum for payloads
|
2011-02-02 13:34:09 +00:00 |
|
Miroslav Stampar
|
d6c9515f78
|
minor update
|
2011-02-02 13:03:24 +00:00 |
|
Miroslav Stampar
|
847b648e4a
|
minor update
|
2011-02-02 12:42:55 +00:00 |
|
Miroslav Stampar
|
e73a147fb5
|
minor update
|
2011-02-02 11:49:59 +00:00 |
|
Miroslav Stampar
|
e33428b833
|
adding __findUnionCharCount function
|
2011-02-02 11:22:35 +00:00 |
|
Miroslav Stampar
|
99aa38b58f
|
minor refactoring
|
2011-02-02 10:10:28 +00:00 |
|
Miroslav Stampar
|
23c95107ed
|
we must do this because people tend to use ignorantly huge number threads resulting in lots of CRITICAL (timeout) connection messages (also, avoiding DoS)
|
2011-02-02 09:24:37 +00:00 |
|
Miroslav Stampar
|
af99105c27
|
lol. sybase and maxdb were just ignored while fingerprinted because they weren't in dbmsDict screwing half of dbms related functions (most notably aliasToDbmsEnum)
|
2011-02-01 22:45:38 +00:00 |
|
Bernardo Damele
|
a37f5e05b9
|
Refactoring
|
2011-02-01 22:27:36 +00:00 |
|
Bernardo Damele
|
9b342a4c95
|
Bug fixes and proper packing/unpacking of custom statements and predefined queries for both error-based and UNION query techniques.
Now it deals in UNION query also with --start and --stop and resume has been enhanced for both techniques too.
|
2011-02-01 22:07:42 +00:00 |
|
Bernardo Damele
|
2619e4895f
|
Properly handle --technique at save/resume phase
|
2011-02-01 22:05:48 +00:00 |
|
Bernardo Damele
|
3d966bd569
|
You never know..
|
2011-02-01 22:05:12 +00:00 |
|
Bernardo Damele
|
d875d848ce
|
Better sort
|
2011-02-01 22:04:48 +00:00 |
|
Miroslav Stampar
|
705d45f4db
|
minor cosmetics
|
2011-02-01 11:10:23 +00:00 |
|
Miroslav Stampar
|
196e2d35b2
|
maybe we could ask user "are you willing to import local data content into error report" and use this function respectably
|
2011-02-01 11:06:56 +00:00 |
|
Bernardo Damele
|
6761933f75
|
Just.. cosmetics ;)
|
2011-01-31 22:51:14 +00:00 |
|
Miroslav Stampar
|
35b6d7278a
|
minor update
|
2011-01-31 22:50:54 +00:00 |
|
Miroslav Stampar
|
25c175a9a5
|
minor bug fix
|
2011-01-31 22:34:57 +00:00 |
|
Bernardo Damele
|
b04e1a0313
|
More detailed message for unhandled exception
|
2011-01-31 21:23:40 +00:00 |
|
Bernardo Damele
|
2fd9621499
|
Minor adjustments
Cosmetics
|
2011-01-31 21:22:39 +00:00 |
|
Bernardo Damele
|
ec9ebb3479
|
Set threads to 4 when optimization switch is provided, -o
|
2011-01-31 21:21:13 +00:00 |
|
Bernardo Damele
|
8397c526d8
|
Minor adjustment
|
2011-01-31 21:20:23 +00:00 |
|
Bernardo Damele
|
e3a3ae11cc
|
Proper return from error-based technique enumeration
|
2011-01-31 21:13:29 +00:00 |
|
Miroslav Stampar
|
fa58a9c86b
|
update (now URIs like www.site.com/id82 are automatically treated as possible URI injectable)
|
2011-01-31 20:36:01 +00:00 |
|
Miroslav Stampar
|
777a19cfa9
|
LOL. removing that debug 'True'
|
2011-01-31 16:22:55 +00:00 |
|
Miroslav Stampar
|
a80fe28631
|
one more thing ;)
|
2011-01-31 16:21:28 +00:00 |
|
Miroslav Stampar
|
933d701667
|
cosmetics
|
2011-01-31 16:14:44 +00:00 |
|
Miroslav Stampar
|
b1dc928e68
|
implemented validation for time-based inference
|
2011-01-31 16:07:23 +00:00 |
|
Miroslav Stampar
|
25463bc67c
|
fix for a bug (--predict-output) noticed by Bernardo
|
2011-01-31 15:00:41 +00:00 |
|
Miroslav Stampar
|
60a2364f2b
|
now union technique parses headers too
|
2011-01-31 12:41:39 +00:00 |
|
Miroslav Stampar
|
8ef47307db
|
added checking of header values for GREP (error); still UNION to do
|
2011-01-31 12:21:17 +00:00 |
|
Miroslav Stampar
|
a6f2cd56ff
|
removed junky import
|
2011-01-31 11:59:58 +00:00 |
|
Miroslav Stampar
|
fb3513650d
|
adding ID properties
|
2011-01-31 11:41:28 +00:00 |
|
Miroslav Stampar
|
f9eac97fe8
|
refactoring of MSSQL XML banner parsing
|
2011-01-31 11:38:00 +00:00 |
|
Miroslav Stampar
|
7175efcae1
|
another minor cosmetic update
|
2011-01-31 10:59:51 +00:00 |
|
Miroslav Stampar
|
97328c3104
|
minor fix
|
2011-01-31 10:54:13 +00:00 |
|
Miroslav Stampar
|
5e768be509
|
minor bug fix
|
2011-01-31 09:34:54 +00:00 |
|
Miroslav Stampar
|
f7feebe0df
|
fix for a bug reported by malice.anon@gmail.com (TypeError: encode() takes no keyword arguments)
|
2011-01-31 09:28:16 +00:00 |
|
Bernardo Damele
|
2a0b03e5c6
|
Unused import
|
2011-01-30 17:07:27 +00:00 |
|
Miroslav Stampar
|
fc9c626f9e
|
minor refactoring (removed URL_ENCODE_PAYLOAD)
|
2011-01-30 17:03:06 +00:00 |
|
Bernardo Damele
|
21e7223779
|
perhaps this is better english
|
2011-01-30 16:34:13 +00:00 |
|
Bernardo Damele
|
8278d821ac
|
Another layout adjustment
|
2011-01-30 16:23:19 +00:00 |
|
Bernardo Damele
|
71d82e6f57
|
Minor layout adjustment
|
2011-01-30 16:19:58 +00:00 |
|
Bernardo Damele
|
02e5c4b1e6
|
Minor bug fix for --sql-query/-shell with error-based technique
|
2011-01-30 14:19:50 +00:00 |
|
Miroslav Stampar
|
bc8f1142c9
|
minor revert
|
2011-01-30 11:41:58 +00:00 |
|
Miroslav Stampar
|
ddf23ba7cc
|
refactoring
|
2011-01-30 11:36:03 +00:00 |
|
Miroslav Stampar
|
3060c369a5
|
minor fix for previous commit
|
2011-01-30 07:44:47 +00:00 |
|
Miroslav Stampar
|
1abf354630
|
minor update
|
2011-01-30 07:41:09 +00:00 |
|