Miroslav Stampar
54d65328bc
Patch for negative logic (e.g. OR) cases (reported privately)
2015-08-18 03:09:01 +02:00
Miroslav Stampar
023def3203
Fixes #1336
2015-08-16 23:47:11 +02:00
Miroslav Stampar
c9d1c4d7b1
Fixes #1337
2015-08-16 23:29:39 +02:00
Miroslav Stampar
713d5384bc
Potential patch for an Issue #1337
2015-08-16 23:15:04 +02:00
Miroslav Stampar
310d79b8f1
Adding special variable 'lastPage' to the eval code (by request from ML)
2015-08-14 23:29:31 +02:00
Miroslav Stampar
b010fda695
Switch --save becomes an option (taking file path where to save config file)
2015-08-14 22:49:32 +02:00
flsf
9adefb3ffd
Minor change
2015-08-14 16:18:51 +08:00
Miroslav Stampar
2c1cde0f59
Minor fix (reported over ML - ignore saving of conf.saveCmdline)
2015-08-13 17:21:36 +02:00
Miroslav Stampar
8ea8b168b1
Minor cosmetics
2015-08-13 17:10:35 +02:00
Miroslav Stampar
9ad1d122f4
Minor patch (Issue #1327 )
2015-08-12 22:09:31 +02:00
Miroslav Stampar
e5863d8b89
Minor patch
2015-08-12 21:43:13 +02:00
Jiang Jie
1ac27e9305
fixed pipe and zoombie problems
...
1.we don't need stdin here, and it'll cause OSError: too many openfiles problem.
2. after using /scan/taskid/stop , process turned into a zoombie, need add wait()
2015-08-12 16:25:33 +08:00
Miroslav Stampar
62f35698ee
Bug fix (ML) - when cookies have blank expiration time
2015-08-06 13:07:16 +02:00
Miroslav Stampar
c5f3c0cc32
Fixes #1324
2015-08-03 17:21:35 +02:00
Miroslav Stampar
e623ee66ad
Better approach for #1320
2015-07-30 23:29:31 +02:00
Miroslav Stampar
bcb25823e6
Fixes #1320
2015-07-30 23:19:38 +02:00
Miroslav Stampar
301aca57e6
Fixes #1319
2015-07-29 10:00:15 +02:00
Miroslav Stampar
401905b2dd
Minor improvement to UNION file write
2015-07-26 17:02:46 +02:00
Miroslav Stampar
e3553ae893
Missing import
2015-07-26 16:19:44 +02:00
Miroslav Stampar
b0bc3149f9
Fixes #1315
2015-07-26 16:18:41 +02:00
Miroslav Stampar
e7af081447
Minor patch
2015-07-26 16:08:30 +02:00
Miroslav Stampar
314df093f1
Fixes #1314
2015-07-26 16:06:01 +02:00
Miroslav Stampar
b6ea2fdb07
Fixes #1170
2015-07-24 14:56:45 +02:00
Miroslav Stampar
a905b8d8f5
Fixes #1312
2015-07-23 10:07:21 +02:00
Miroslav Stampar
58002c5057
Minor cosmetics
2015-07-23 09:55:59 +02:00
Miroslav Stampar
cece2cb12d
Minor cosmetics
2015-07-23 00:42:29 +02:00
Miroslav Stampar
358651b19c
Fixes #1313
2015-07-23 00:41:03 +02:00
Miroslav Stampar
75ed5f767c
Fixes #1309
2015-07-20 17:03:20 +02:00
Miroslav Stampar
2afb5687f6
Fixes #1307
2015-07-20 15:47:27 +02:00
Miroslav Stampar
21e8182ac6
Fixes #1305
2015-07-18 17:01:34 +02:00
Miroslav Stampar
a7c4400cc9
Fixes #1304
2015-07-17 14:20:51 +02:00
Miroslav Stampar
00f190fc92
Fixes #1303
2015-07-17 10:14:35 +02:00
Miroslav Stampar
49212ec920
Fixes #1302
2015-07-17 09:56:24 +02:00
Miroslav Stampar
1aafe85a3a
Fixes #1299
2015-07-15 11:15:06 +02:00
Miroslav Stampar
fdc8e664df
Updating --beep functionality (ML request)
2015-07-13 23:55:46 +02:00
Miroslav Stampar
16f8e4c8ba
Removing unused imports
2015-07-12 12:25:02 +02:00
Miroslav Stampar
a20da7a677
Patch for automatic reporting (GitHub has robots)
2015-07-12 12:05:19 +02:00
Miroslav Stampar
fa303ef8b1
Minor update
2015-07-10 16:39:18 +02:00
Miroslav Stampar
10f8c6a0b6
Introducing --offline switch (to perform session only lookups)
2015-07-10 16:10:24 +02:00
Miroslav Stampar
9bdbdc136f
Minor cosmetics update
2015-07-10 11:33:12 +02:00
Miroslav Stampar
0ba264bfa0
Minor patch
2015-07-10 09:51:11 +02:00
Miroslav Stampar
4baaa4a5ad
Minor improvement
2015-07-10 09:24:14 +02:00
Miroslav Stampar
9ff115ce71
Minor patch
2015-07-10 01:33:53 +02:00
Miroslav Stampar
02470ea683
Further decreasing number of testing payloads
2015-07-10 01:19:46 +02:00
Miroslav Stampar
48b627f3ff
Prevent double tests (e.g. in same final tests where suffix is cut by the comment)
2015-07-10 00:54:02 +02:00
Miroslav Stampar
ca2f63c672
Test speed up in case of boolean based blind
2015-07-10 00:37:59 +02:00
Miroslav Stampar
3a5cc98976
-Z is/are a pseudo-option (just like -H) expanded during the run
2015-07-07 09:27:18 +02:00
Miroslav Stampar
2080fcaa37
Fixes #1293
2015-07-07 09:24:16 +02:00
Miroslav Stampar
f488377001
Fixes #1293
2015-07-07 08:47:07 +02:00
Miroslav Stampar
6a1b3895f9
Patch for an Issue #1285
2015-07-06 11:50:59 +02:00
Miroslav Stampar
96327b6701
Fixes #1290
2015-07-05 01:47:01 +02:00
Miroslav Stampar
166dc98e81
Minor patch
2015-07-05 00:03:29 +02:00
Miroslav Stampar
1f71d809d4
Fixes #1288
2015-07-03 08:55:33 +02:00
Miroslav Stampar
7b95a2d80d
Patch for an Issue #1280
2015-06-29 10:05:16 +02:00
Miroslav Stampar
8b63ee9bc3
Minor update for #1281
2015-06-29 01:12:14 +02:00
Miroslav Stampar
97244f5e5e
Fixes #1279
2015-06-29 00:20:35 +02:00
Miroslav Stampar
b212321c07
Fixes #1278
2015-06-26 10:30:53 +02:00
Miroslav Stampar
b02be9674f
Fixes #1277
2015-06-26 10:11:34 +02:00
Miroslav Stampar
7d418af274
Fix for a bug reported privately by email
2015-06-22 16:28:35 +02:00
Miroslav Stampar
9e5ef094a3
Closes #1270
2015-06-16 22:20:21 +02:00
Miroslav Stampar
e4b23c9beb
Minor fix regarding POST redirects (ML)
2015-06-16 12:00:56 +02:00
Miroslav Stampar
04c1d439a7
Minor patch for #1260
2015-06-05 17:18:21 +02:00
Miroslav Stampar
8d7e915af7
Minor patch for #1260
2015-06-05 17:02:56 +02:00
Miroslav Stampar
ec87d8ebda
Adding a support for SNI (Issue #1256 )
2015-06-01 10:45:16 +02:00
Miroslav Stampar
341d2a6028
Minor fix for (hidden) switch '--dummy'
2015-05-29 17:30:02 +02:00
Miroslav Stampar
08caca387b
Minor patch of automatic WAF heuristic check
2015-05-29 16:01:41 +02:00
Miroslav Stampar
699c965bc0
Fixes #1248
2015-05-19 18:40:45 +02:00
Miroslav Stampar
17bfda1b9c
Adding new switch ('--skip-static')
2015-05-18 20:57:15 +02:00
Miroslav Stampar
e8f87bfa41
Minor patches related to the #1206
2015-05-11 11:01:21 +02:00
Miroslav Stampar
91bc02e3ba
Fixes related to the #1206
2015-05-11 10:56:10 +02:00
Miroslav Stampar
9010e157e9
Conflict fix
2015-05-11 10:11:33 +02:00
Miroslav Stampar
5b8df7984c
Minor update (for Windows-31j charset)
2015-05-09 14:32:55 +02:00
Miroslav Stampar
4b2ff4339a
Fixes #1243
2015-05-07 12:36:23 +02:00
Miroslav Stampar
18e62fd507
Fix for an Issue #1240
2015-05-05 14:36:21 +02:00
Miroslav Stampar
84ba3d45c1
Patch for an Issue #1238
2015-05-04 21:47:10 +02:00
Miroslav Stampar
5ee7fd785a
Fixes #1235
2015-05-01 00:48:08 +02:00
Miroslav Stampar
03f32ae2b6
Merge of an Issue #1227
2015-04-22 17:21:55 +02:00
Miroslav Stampar
a94dcf94e9
Patch for an Issue #1226đ
2015-04-22 16:41:20 +02:00
Miroslav Stampar
bb98894dc1
Adding option --safe-req
2015-04-22 16:28:54 +02:00
Miroslav Stampar
4ded9a9966
Small patch for existing option validation
2015-04-22 15:32:14 +02:00
Miroslav Stampar
77c96de4ea
Minor patch related to the last commit
2015-04-22 10:33:22 +02:00
Miroslav Stampar
95b52a02ec
Minor patch for custom injection into HTTP Authorization header
2015-04-22 10:28:16 +02:00
Miroslav Stampar
c5138d4696
Minor refactoring
2015-04-21 00:02:47 +02:00
Miroslav Stampar
349dfbf2ae
Adding an option --safe-post
2015-04-20 23:55:59 +02:00
Miroslav Stampar
7517db76d1
Minor fix for SQLite's schema parsing
2015-04-16 18:40:43 +02:00
Miroslav Stampar
dbfa8f1cfc
Fix for a bug reported by the user (conf.scheme/conf.hostname/conf.port were None in multiple targets mode)
2015-04-14 11:05:17 +02:00
Miroslav Stampar
0e4800f73c
Changing default answer for sitemap checking to N
2015-04-14 09:30:01 +02:00
Miroslav Stampar
1e7f2d6da2
Implements #1215
2015-04-06 22:07:22 +02:00
Miroslav Stampar
c35fa63a48
Fixes #1212
2015-03-30 11:58:09 +02:00
Miroslav Stampar
99c1cc9937
Fixes #1208
2015-03-26 17:17:46 +01:00
Miroslav Stampar
a19bccc84f
Fixes #1205
2015-03-26 15:31:29 +01:00
Miroslav Stampar
770cfb6102
Removing test print
2015-03-26 15:20:54 +01:00
Miroslav Stampar
fc0186e029
Minor update
2015-03-26 12:39:44 +01:00
Miroslav Stampar
5dfd3ef1e4
Another update
2015-03-26 12:25:32 +01:00
Miroslav Stampar
3be7a447a5
Update
2015-03-26 12:22:49 +01:00
Miroslav Stampar
7587528ebd
Fixes #1202
2015-03-26 11:40:19 +01:00
ricterz
bbfdb02a0e
fix mandatorily depend of websocket #1198
2015-03-24 22:25:16 +08:00
ricterz
811f5c11c6
remove Host header field and add cookie support #1198
2015-03-24 18:50:57 +08:00
ricterz
9b5dcbbbb2
modified error handle #1198
2015-03-24 18:21:50 +08:00
ricterz
78dbe080d7
determine whether it's websocket when connect #1198
2015-03-24 17:19:37 +08:00
ricterz
50fd6ce7f7
add websocket support for parse url #1198
2015-03-24 10:30:38 +08:00
Miroslav Stampar
05a496c275
Fixes #1196
2015-03-20 00:56:52 +01:00
Miroslav Stampar
25b23750e8
Bug fix for crawling over non-80 port
2015-03-12 11:49:52 +01:00
Miroslav Stampar
adc8ac267d
Fixes #1190
2015-03-10 09:23:26 +01:00
Miroslav Stampar
9bd41ed99d
Fixes #1189
2015-03-09 22:02:20 +01:00
Christ van Willegen
80fb2e29cc
Fix some spelling errors in help texts (through -> thorough)
2015-03-04 13:31:29 +01:00
Miroslav Stampar
3347fc25ca
Fixes #1185
2015-03-03 15:10:06 +01:00
Miroslav Stampar
3f6c3b40dd
Minor update (not overriding user given 'Accept-Encoding' header value)
2015-03-03 14:37:36 +01:00
Bernardo Damele
8281fe48e5
bug fix: test for boundaries with high levels if the test was extended
2015-03-01 11:02:05 +00:00
Bernardo Damele
260643241a
prioritized fingerprinted DBMS to error-based and user provided one
2015-02-27 14:19:30 +00:00
Bernardo Damele
2f08c8b666
bug fix: do not skil heuristic check if previous page (test for dynamicity) had DBMS message. Code cleanup
2015-02-27 13:57:28 +00:00
Miroslav Stampar
dde400ab8f
More suitable version of 6bcc95a
(suggested by user)
2015-02-25 10:19:51 +01:00
Miroslav Stampar
6bcc95a20d
Restricting evaluated code variable names to Python valid characters ([_0-9a-zA-Z])
2015-02-24 15:05:44 +01:00
Miroslav Stampar
e35c7fbb7a
Fixes #1172
2015-02-22 13:41:54 +01:00
Bernardo Damele
475cc8b24b
trivial code cleanup
2015-02-21 13:12:30 +00:00
Bernardo Damele
383929c0c2
if the user forces the DBMS, then sort the tests accordingly to perform first the DBMS-specific tests, then the others
2015-02-21 13:12:03 +00:00
Bernardo Damele
d235ee375b
code cleanup
2015-02-21 12:59:44 +00:00
Bernardo Damele
8be24d3e9b
minor enhancement, prefer intersect() each time DBMS values are comfronted
2015-02-21 12:59:27 +00:00
Bernardo Damele
388c0dfd77
trivial layout fix
2015-02-21 12:57:49 +00:00
Bernardo Damele
52dd92748a
rework some of the logic of the detection phase based on identified DBMS along the way
2015-02-21 02:23:42 +00:00
Bernardo Damele
4f939b5719
avoid false positive message when extensive heuristic check is performed following detection of boolean blind injection detection: do only heuristic DBMS fingerprint for DBMS specific tables
2015-02-20 18:36:34 +00:00
Bernardo Damele
1ecb921ba7
Consistency in enums
2015-02-20 18:31:47 +00:00
Bernardo Damele
214b9360e9
Minor fix to check for inline query payloads regardless of previously identified payloads and code cleanup
2015-02-20 18:30:42 +00:00
Bernardo Damele
79d4d970a5
trivial code cleanup
2015-02-20 15:42:28 +00:00
Bernardo Damele
201b605f9b
Minor fix and consistency: do not ask to include all tests if level and risk are at the max settings already
2015-02-20 10:21:44 +00:00
Bernardo Damele
daa8e0d8c5
minor fix
2015-02-18 10:13:28 +00:00
Miroslav Stampar
1636088b75
Minor update
2015-02-16 11:48:53 +01:00
Bernardo Damele
e17d212c23
bug fix introduced with 863d5a6281
2015-02-15 20:07:52 +00:00
Bernardo Damele
32ab52b8ca
code refactoring: split boundaries and payloads XML files
2015-02-15 16:31:35 +00:00
Bernardo Damele
863d5a6281
--test-filter now ignores values of --risk and --level
2015-02-15 16:28:37 +00:00
Miroslav Stampar
2e5c11e427
Closes #1163
2015-02-13 10:59:03 +01:00
Miroslav Stampar
247384858e
Patch for an Issue #1159 (undo commit with single-quotes problem on windows)
2015-02-04 16:21:21 +01:00
Miroslav Stampar
38011743bb
Patch for an Issue #1157
2015-02-04 15:01:19 +01:00
Miroslav Stampar
eecc0b924b
Patch for an Issue #1148
2015-02-03 10:06:00 +01:00
Miroslav Stampar
2af2aef43e
Minor patch for masking sensitive information (when formation -u=... is used)
2015-02-03 09:48:05 +01:00
Miroslav Stampar
59f0da369d
Patch for a bug reported via ML (Accept header ignored in --headers)
2015-02-02 22:07:16 +01:00
Miroslav Stampar
8b135e45bd
Patch for an Issue #1147
2015-02-02 22:05:31 +01:00
Miroslav Stampar
bf1c08a8a6
Bug fix
2015-01-30 22:43:40 +01:00
Miroslav Stampar
2e9bf47703
Heuristic check for WAF/IDS/IPS is now prone to tamper functions (Issue #1145 )
2015-01-30 22:12:35 +01:00
Miroslav Stampar
9e90e357cf
Patch for an Issue #1146
2015-01-30 21:59:03 +01:00
Miroslav Stampar
9563e429d3
Removal of fun code
2015-01-30 21:49:22 +01:00
Miroslav Stampar
9f679a952f
Minor update
2015-01-29 10:44:36 +01:00
Miroslav Stampar
024c500d8e
Minor fix
2015-01-28 00:54:39 +01:00
Miroslav Stampar
5400bb2c95
Patch for an Issue #1142
2015-01-28 00:52:40 +01:00
Miroslav Stampar
fd632e5ada
Update for unhandled exception mechanism (BADA)
2015-01-26 09:09:38 +01:00
Miroslav Stampar
eb548959b3
Minor update
2015-01-26 08:59:10 +01:00
Miroslav Stampar
f0eac38ab4
Minor fix
2015-01-26 08:48:37 +01:00
Miroslav Stampar
32bf2dbe6d
Patch for an Issue #1133
2015-01-23 23:00:28 +01:00
Miroslav Stampar
779db7cbc3
Minor enhancement
2015-01-22 09:17:45 +01:00
Miroslav Stampar
b7cfaa6ca5
Minor style update
2015-01-22 08:55:37 +01:00
Miroslav Stampar
2655b078d0
Patch for an Issue #1127
2015-01-22 08:52:15 +01:00
Miroslav Stampar
02b3eb941f
Patch for an Issue #1124
2015-01-21 09:26:30 +01:00
Miroslav Stampar
cd743ab098
Minor update
2015-01-21 09:12:12 +01:00
Miroslav Stampar
9f4a32ca2b
Automatically checking for sitemap existence in case of --crawl
2015-01-20 10:03:35 +01:00
Miroslav Stampar
a603002acd
Adding a choice to automatically turn on --identify-waf if protection has been detected
2015-01-20 09:38:18 +01:00
Miroslav Stampar
a66b0c91bb
Patch for an Issue #1120
2015-01-19 09:19:30 +01:00
Miroslav Stampar
393659ffbf
Patch for an Issue #1121
2015-01-19 09:17:16 +01:00
Miroslav Stampar
e73ac6c8e3
Minor patch on request of an user
2015-01-17 21:47:57 +01:00
Miroslav Stampar
c2b2ccd2b5
Minor bug fix
2015-01-17 17:31:00 +01:00
Miroslav Stampar
da737d23ed
Fixing a leftover for #1117
2015-01-15 17:34:14 +01:00
Miroslav Stampar
20a9d94f56
Patch for an Issue #1117
2015-01-15 17:32:07 +01:00
Miroslav Stampar
1dd2b7aceb
Important fix for dumping location of databases/tables with international letters
2015-01-15 14:01:19 +01:00
Miroslav Stampar
ccbe424e23
Patch for an Issue #1115
2015-01-15 12:42:32 +01:00
Miroslav Stampar
54e9a1fb2d
Minor style update
2015-01-14 16:11:55 +01:00
Miroslav Stampar
570d30789b
Patch for an Issue #1113
2015-01-14 14:20:33 +01:00
nixawk
7388c3bf49
datatype.py
2015-01-14 09:40:24 +00:00
Miroslav Stampar
7e7513aa5e
Patch for an Issue #1107
2015-01-14 05:30:08 +01:00
Miroslav Stampar
f9a9ededb1
Patch for an Issue #1106
2015-01-14 05:16:32 +01:00
Miroslav Stampar
06ff8b3a16
Patch for an Issue #1105
2015-01-13 10:33:51 +01:00
Miroslav Stampar
8e03f4db0f
Patch for an Issue #1062
2015-01-09 15:33:53 +01:00
Miroslav Stampar
f96f33a984
Fix for an Issue #1100
2015-01-08 22:15:04 +01:00
Miroslav Stampar
7bcb3ce599
Patch for an Issue #1099
2015-01-08 09:22:47 +01:00
Miroslav Stampar
0c4d63fb00
Bug fix (reported by user over ML)
2015-01-08 09:00:21 +01:00
Miroslav Stampar
c8d4df6eba
Adding names to parameters in structured POST requests (e.g. JSON)
2015-01-07 22:09:40 +01:00
Miroslav Stampar
49982bce9c
Trivial update
2015-01-07 16:03:37 +01:00
Miroslav Stampar
450b3c93cb
Potential patch for an Issue #1093
2015-01-07 11:40:11 +01:00
Miroslav Stampar
30b9f3d556
Minor update
2015-01-07 10:53:57 +01:00
Miroslav Stampar
47af7dfe6a
Another minor patch
2015-01-07 10:49:15 +01:00
Miroslav Stampar
83add9fd9b
Minor patch
2015-01-07 10:46:06 +01:00
Miroslav Stampar
c4c4ac13fe
Better patch for an Issue #1095
2015-01-07 09:21:02 +01:00
Miroslav Stampar
2030311d50
Patch for an Issue #1095
2015-01-07 02:04:10 +01:00
Miroslav Stampar
5920d16cf6
Adding a warning message for deprecated switch '--check-waf+
2015-01-06 15:25:24 +01:00
Miroslav Stampar
45bdefd29b
Update of copyright
2015-01-06 15:02:16 +01:00
Miroslav Stampar
3d5ca1b25a
Minor update
2015-01-06 14:36:51 +01:00
Miroslav Stampar
6fc41ca940
Heuristically checking for WAF/IDS/IPS by default
2015-01-06 14:01:47 +01:00
Miroslav Stampar
c474c16b4a
Removing ML email address
2015-01-06 12:30:49 +01:00
Miroslav Stampar
7b144f03ea
Fix for an Issue #1092
2015-01-05 01:31:06 +01:00
Miroslav Stampar
beffe85d6c
Patch for an Issue #1085
2015-01-03 22:30:21 +01:00
Miroslav Stampar
f042a7392d
Patch for an Issue #1083
2014-12-31 17:10:45 +01:00
Miroslav Stampar
2985050fce
Minor patch
2014-12-30 16:07:08 +00:00
Miroslav Stampar
33508e3bae
Patch for an Issue #1077
2014-12-30 16:11:33 +01:00
Miroslav Stampar
41c2f889b2
Fix related to the SSLv3 disabling
2014-12-30 15:44:55 +01:00
Miroslav Stampar
d3c6cf1932
Patch for an Issue #1079
2014-12-30 14:14:47 +00:00
Miroslav Stampar
4f602daa5b
Minor patch
2014-12-30 09:35:56 +00:00
Miroslav Stampar
e383df8e29
Patch for an Issue #1073
2014-12-30 09:16:50 +00:00
Miroslav Stampar
02d20ccd13
Patch for an Issue #1078
2014-12-30 08:48:50 +00:00
Miroslav Stampar
1e014de6be
Patch for an Issue #1066
2014-12-26 22:24:28 +01:00
Miroslav Stampar
bc91884c4d
Fix for an Issue #1065
2014-12-25 23:05:34 +01:00
Miroslav Stampar
45886cb9ca
Patch for an Issue #1060
2014-12-23 22:04:23 +01:00
Miroslav Stampar
483158c371
Minor style update
2014-12-23 09:07:33 +01:00
Miroslav Stampar
3c23d616e7
Adding a more user friendly (copy-pastable) client example for sqlmapapi client
2014-12-23 09:01:29 +01:00
Miroslav Stampar
59a3407322
Patch for an Issue #1057
2014-12-23 08:36:00 +01:00
Miroslav Stampar
f93bca4564
Patch for an Issue #1058
2014-12-23 08:23:40 +01:00
Miroslav Stampar
fc7dd2a9b9
Patch for an Issue #1056
2014-12-22 06:02:39 +01:00
Miroslav Stampar
76f79ece13
run like --threads=20! will skip the maximum number of threads check
2014-12-21 05:15:42 +01:00
Miroslav Stampar
4f122ee008
Bug fix regarding a problem reported by user @blink2014
2014-12-20 00:23:31 +01:00
Miroslav Stampar
6cb76bcf85
Adding one new smart ass warning message
2014-12-19 15:48:54 +01:00
Miroslav Stampar
1ea2f5bfe2
Patch for an Issue #1052
2014-12-19 09:37:06 +01:00
Miroslav Stampar
cf3b02ee04
Proper fix for #1053
2014-12-19 09:26:01 +01:00
Miroslav Stampar
6972020faf
Bug fix for login-like SQLi (OR with 500 result)
2014-12-18 15:58:19 +01:00
Miroslav Stampar
0cb7852754
Patch for an Issue #1046
2014-12-17 10:02:36 +01:00
Miroslav Stampar
180ede0cb3
Minor patch
2014-12-15 14:07:28 +01:00
Miroslav Stampar
9d06b71862
Minor revert
2014-12-15 13:51:00 +01:00
Miroslav Stampar
e6de92ce88
Minor patch (unicode related)
2014-12-15 13:36:08 +01:00
Miroslav Stampar
35c8e016a8
Minor patch
2014-12-15 13:26:15 +01:00
Miroslav Stampar
3f3a873b10
Merge pull request #1037 from flsf/master
...
fix comments error
2014-12-15 13:23:39 +01:00
flsf
21837f236f
fix comments error
2014-12-15 20:07:38 +08:00
Miroslav Stampar
4c6331daa6
Patch for an Issue #1028
2014-12-15 09:30:54 +01:00
Miroslav Stampar
e794c7f246
Patch for an Issue #1027
2014-12-15 09:13:13 +01:00
Miroslav Stampar
eb15a19532
Patch for an Issue #1032
2014-12-15 09:11:40 +01:00
Miroslav Stampar
ecbba4ea20
Patch for an Issue #1030
2014-12-15 07:18:47 +01:00
Miroslav Stampar
e17e703e3e
Minor bug fix (for Windows nagging message about Unicode data)
2014-12-14 00:17:43 +01:00
Miroslav Stampar
fb645b90f7
Minor update
2014-12-14 00:14:18 +01:00
Miroslav Stampar
5166675ff5
Patch for an Issue #1024
2014-12-13 23:32:18 +01:00
Miroslav Stampar
9c225557d1
Patch for an Issue #1020
2014-12-13 14:08:37 +01:00
Miroslav Stampar
25196b4572
Patch for an Issue #1021
2014-12-13 13:48:50 +01:00
Miroslav Stampar
84ba5f35ac
Minor update for #1022
2014-12-13 13:41:39 +01:00
Miroslav Stampar
fe58aff26c
Patch for an Issue #1019
2014-12-13 00:08:18 +01:00
Miroslav Stampar
650dfe9526
Patch for an Issue #1018
2014-12-12 14:54:47 +01:00
Miroslav Stampar
23d33bb5b5
Patch for an Issue #1017
2014-12-12 09:58:42 +01:00
Miroslav Stampar
bb4ac41ff7
Patch for an Issue #1016
2014-12-12 04:40:44 +01:00
Miroslav Stampar
785e3d0317
Patch for an Issue #1014
2014-12-11 13:29:42 +01:00
Miroslav Stampar
1e06e7c386
Adding a debug message during name resolution
2014-12-11 13:29:26 +01:00
Miroslav Stampar
6f211f9d3e
Patch for an Issue #1013
2014-12-11 00:35:51 +01:00
Miroslav Stampar
6d13b67822
Patch for an Issue #1012
2014-12-11 00:32:26 +01:00
Miroslav Stampar
2bcaae3a0b
Another just in case update for an Issue #1011
2014-12-11 00:14:35 +01:00
Miroslav Stampar
763f720675
Patch for an Issue #1011
2014-12-11 00:11:52 +01:00
Miroslav Stampar
10ed97b0df
Patch for an Issue #1010
2014-12-10 13:50:29 +01:00
Miroslav Stampar
ee20d98bca
Minor fix for --forms
2014-12-10 12:13:37 +01:00
Miroslav Stampar
d700e50b36
Minor update related to the Issue #993
2014-12-10 06:37:17 +01:00
Miroslav Stampar
a7b21a2f62
Rerun advice update
2014-12-09 09:02:06 +01:00
Miroslav Stampar
20c272b77d
More generic patch for an Issue #994
2014-12-07 16:14:48 +01:00
Miroslav Stampar
4e7f835eae
Patch for an Issue #994
2014-12-07 16:11:07 +01:00
Miroslav Stampar
0d931a7b09
Fix for an Issue #999
2014-12-07 15:55:22 +01:00
Miroslav Stampar
bd99470a4a
Minor update to cleanup properly new xp_cmdshell
2014-12-05 22:01:59 +01:00
Miroslav Stampar
d726050bc4
Patch for an Issue #991
2014-12-05 11:46:03 +01:00
Miroslav Stampar
034fae0f47
Patch for an Issue #992
2014-12-05 11:24:43 +01:00
Miroslav Stampar
7673f3e045
Minor style update
2014-12-05 11:15:33 +01:00
Miroslav Stampar
56965e3608
Patch for an Issue #990
2014-12-04 13:36:41 +01:00
Miroslav Stampar
9b32e69f26
Adding new WAF script (UrlScan)
2014-12-04 10:06:15 +01:00
Miroslav Stampar
a3507d65fd
Minor update
2014-12-04 09:34:37 +01:00
Miroslav Stampar
d3060f20d7
Minor improvement
2014-12-03 13:22:55 +01:00
Miroslav Stampar
aa95a05477
Minor update
2014-12-03 13:14:06 +01:00
Miroslav Stampar
17db587e2c
Adding some friendly warning messages (regarding blocking)
2014-12-03 10:06:21 +01:00
Miroslav Stampar
e4b00bdbcb
Patch for an Issue #983
2014-12-02 10:57:50 +01:00
Miroslav Stampar
2358e34bb8
Minor refactoring
2014-12-02 10:50:15 +01:00
Miroslav Stampar
e03aaa7542
Patch for an Issue #982
2014-12-02 10:23:10 +01:00
Miroslav Stampar
7a04595f5e
Added a reference url (http charset priority)
2014-12-01 11:15:45 +01:00
Miroslav Stampar
f71a65a9a0
Patch for an Issue #979
2014-12-01 00:29:25 +01:00
Miroslav Stampar
56b6bf72f4
Patch for an Issue #978
2014-11-29 23:33:24 +01:00
Miroslav Stampar
605b126758
Patch for an Issue #976
2014-11-26 13:38:21 +01:00
Miroslav Stampar
8cd40f8917
Patch for an Issue #971
2014-11-25 13:54:26 +01:00
Miroslav Stampar
a0d95a8ec4
Refactoring of #952
2014-11-24 12:56:39 +01:00
Miroslav Stampar
27cd9e7064
Merge pull request #952 from Rexikon/patch-1
...
Update httpshandler.py, AttributeError PROTOCOL_SSLv3
2014-11-24 12:52:27 +01:00
Miroslav Stampar
816348f1ab
Patch for an Issue #963
2014-11-24 11:54:04 +01:00
Miroslav Stampar
05f7b1f121
Patch for an Issue #970
2014-11-24 10:55:19 +01:00
Miroslav Stampar
2f744139fc
Patch for an Issue #968
2014-11-24 10:13:56 +01:00
Miroslav Stampar
2284535267
Update for an Issue #963
2014-11-24 05:44:38 +01:00
Miroslav Stampar
69cdad4148
Patch for an Issue #958
2014-11-23 15:55:12 +01:00
Miroslav Stampar
28d6af6237
Minor update
2014-11-23 15:42:41 +01:00
Miroslav Stampar
f853f8973f
Minor refactorign
2014-11-23 15:41:24 +01:00
Miroslav Stampar
080a873922
Patch for an Issue #964
2014-11-23 15:39:08 +01:00
Miroslav Stampar
5c182a0ec4
Update for an Issue #431
2014-11-21 11:33:57 +01:00
Miroslav Stampar
f0802c6fb9
Update for an Issue #431
2014-11-21 11:20:54 +01:00
Miroslav Stampar
1fc4d0e3c4
Update for an Issue #431
2014-11-21 10:31:55 +01:00
Miroslav Stampar
cf2d5fd453
Update for an Issue #431
2014-11-21 09:41:49 +01:00
Miroslav Stampar
34ce774acd
Patch for an Issue #956
2014-11-21 09:41:49 +01:00
Miroslav Stampar
1a8b58fca6
Minor update
2014-11-20 16:42:06 +01:00
Miroslav Stampar
f8a8cbf9a6
Storing crawling results to a temporary file (for eventual further processing)
2014-11-20 16:29:17 +01:00
Miroslav Stampar
d3551631c4
Minor update
2014-11-20 16:10:25 +01:00
Miroslav Stampar
484fa61afc
Patch for an Issue #954
2014-11-20 15:08:08 +01:00
Miroslav Stampar
ee8b3ee664
Patch for an Issue #953
2014-11-20 09:49:04 +01:00
Rexikon
4da20679ee
Update httpshandler.py
...
ssl.PROTOCOL_SSLv3 removed
affecting error: AttributeError: 'module' object has no attribute 'PROTOCOL_SSLv3'
2014-11-19 16:36:30 +01:00
Miroslav Stampar
05d5342f20
Update and patch for an Issue #2
2014-11-17 11:50:05 +01:00
Miroslav Stampar
733e06e31f
Patch for an Issue #944
2014-11-16 14:25:44 +01:00
Miroslav Stampar
bb56eb583a
Minor update
2014-11-16 13:34:35 +01:00
Miroslav Stampar
d8d9678947
Patch for an Issue #935
2014-11-14 00:21:04 +01:00
Miroslav Stampar
74eacf95fd
Patch for an Issue #929
2014-11-13 10:52:33 +01:00
Miroslav Stampar
671facc6d9
Patch for an Issue #930
2014-11-13 10:28:38 +01:00
Miroslav Stampar
d0afa7f325
Bug fix for not displaying proper version in unhandled exception win cases
2014-11-12 11:53:42 +01:00
Miroslav Stampar
06e6d2aaeb
Patch for an Issue #921
2014-11-11 11:38:14 +01:00
Miroslav Stampar
c5df45a14f
Minor bug fix (skipping HTML decoding in heuristic mode)
2014-11-11 11:23:14 +01:00
Miroslav Stampar
dfa8e0456d
Potential patch for an Issue #914
2014-11-10 14:51:31 +01:00
Miroslav Stampar
cdbfb17408
Patch for an Issue #919
2014-11-10 13:41:53 +01:00
Miroslav Stampar
06bb957d13
Preventing a run of duplicate issues
2014-11-09 22:07:11 +01:00
Miroslav Stampar
de1cf26fe6
Minor patch
2014-11-09 18:58:25 +01:00
Miroslav Stampar
80af465ce3
Fix for an Issue #911
2014-11-09 18:40:49 +01:00
Miroslav Stampar
9fe6ab749b
Bug fix for occureance of ANSI color codes in multiprocessing hash cracking on Windows OS
2014-11-09 15:08:44 +01:00
Miroslav Stampar
62a73bf30b
Minor fix for automatic removal of temporary files
2014-11-09 14:52:50 +01:00
Miroslav Stampar
5e9c73f9c1
Just in case update (for unhandled exceptions happening too soon)
2014-11-08 21:44:46 +01:00
Miroslav Stampar
3b06665c9f
Patch for an Issue #910
2014-11-08 21:22:03 +01:00
Miroslav Stampar
8fdf9ff746
Probable fix for an Issue #908
2014-11-07 15:47:42 +01:00
Miroslav Stampar
31f8d6e612
Fix for an Issue #904
2014-11-06 11:19:05 +01:00
Miroslav Stampar
a91fb4149b
Minor update (using lower frequency alphabet for kb.chars)
2014-11-05 10:56:30 +01:00
Miroslav Stampar
a074efe75e
Minor improvement of error-based SQLi when trimmed output is detected (trying to reconstruct)
2014-11-05 10:46:11 +01:00
Miroslav Stampar
71c43be53a
Patch for an Issue #901
2014-11-05 10:03:19 +01:00
Miroslav Stampar
78cc3853b6
Fix for an Issue #902
2014-11-05 09:56:50 +01:00
Miroslav Stampar
97cc679f9c
Fix for an Issue #900
2014-11-04 15:15:58 +01:00
Miroslav Stampar
4d5b48b2ae
Patch for an Issue #896
2014-11-04 00:34:35 +01:00
Miroslav Stampar
6f45596f28
Minor style update
2014-11-03 23:48:44 +01:00
Miroslav Stampar
05b446b95d
Patch for an Issue #893
2014-11-02 23:38:52 +01:00
Miroslav Stampar
9652e41226
Path for an Issue #891
2014-11-02 23:32:19 +01:00
Miroslav Stampar
1ef2c4006d
Patch for an Issue #892
2014-11-02 11:01:46 +01:00
Miroslav Stampar
a4d058d70c
More anonymization of unhanded exception data
2014-11-02 10:55:38 +01:00
Miroslav Stampar
baf9ada28d
Fix for an Issue #889
2014-11-01 17:13:33 +01:00
Miroslav Stampar
4e0e64d06b
Bug fix for DNS Exfiltration in PgSQL case ('invalid URI')
2014-10-31 20:28:37 +01:00
Miroslav Stampar
49d3860b1f
Minor fix
2014-10-31 20:22:15 +01:00
Miroslav Stampar
ab269f315f
Fix for an Issue #886
2014-10-31 18:58:30 +01:00
Miroslav Stampar
c33e493e0d
Fix for an Issue #885
2014-10-31 17:06:09 +01:00
Miroslav Stampar
38978c3e54
Fix for an Issue #884
2014-10-31 16:45:26 +01:00
Miroslav Stampar
0feb379b47
Fix for an Issue #887
2014-10-31 16:39:29 +01:00
Miroslav Stampar
5b0d74146e
Fix for an Issue #883
2014-10-31 01:01:35 +01:00
Miroslav Stampar
8ea22c5124
Fix for an Issue #878
2014-10-28 15:34:53 +01:00
Miroslav Stampar
455ea9922c
Minor update
2014-10-28 15:26:28 +01:00
Miroslav Stampar
258a700b2e
More anonymization of unhandled exception messages
2014-10-28 15:14:41 +01:00
Miroslav Stampar
df73be32f1
Fix for an Issue #876
2014-10-28 14:41:21 +01:00
Miroslav Stampar
725c3a6a95
Minor update
2014-10-28 14:08:06 +01:00
Miroslav Stampar
3b3b8d4ef2
Potential bug fix (escaping formatted regular expressions)
2014-10-28 14:02:55 +01:00
Miroslav Stampar
268e774087
Minor refactoring
2014-10-28 13:44:55 +01:00
Miroslav Stampar
f89e94fb8c
Minor refactoring
2014-10-28 13:42:13 +01:00
Miroslav Stampar
e08c8f272a
Fix for an Issue #875
2014-10-28 13:10:07 +01:00
Miroslav Stampar
19aed90ae5
Implementation for an Issue #874
2014-10-27 00:37:46 +01:00
Miroslav Stampar
6448d3caf4
Implementing support for csrfcookie (Issue #2 )
2014-10-24 09:37:51 +02:00
Miroslav Stampar
5e31229d48
Minor cosmetic update
2014-10-23 15:18:22 +02:00
Miroslav Stampar
abbd352392
Support for X-CSRF-TOKEN header (Issue #2 )
2014-10-23 14:33:22 +02:00
Miroslav Stampar
95f2e61ca1
Minor fix related to the Issue #2
2014-10-23 14:23:01 +02:00
Miroslav Stampar
01f4b76817
Minor update for the Issue #2
2014-10-23 14:03:44 +02:00
Miroslav Stampar
7143e61619
Minor update
2014-10-23 14:00:53 +02:00
Miroslav Stampar
32bcca0aae
Basic options check for Issue #2
2014-10-23 11:54:29 +02:00
Miroslav Stampar
7fc9e82d28
Minor style update
2014-10-23 11:44:38 +02:00
Miroslav Stampar
780dbd1c64
Update for an Issue #2
2014-10-23 11:42:30 +02:00
Miroslav Stampar
a52c8811e6
Minor style update
2014-10-23 11:25:44 +02:00
Miroslav Stampar
fc1b05bec9
Implementation for an Issue #2
2014-10-23 11:23:53 +02:00
Miroslav Stampar
8dcad46805
Update basic.py
2014-10-22 23:16:46 +02:00
Miroslav Stampar
73a3db67eb
Fix for an Issue #862
2014-10-22 14:54:49 +02:00
Miroslav Stampar
60f2764c3d
Minor style update
2014-10-22 13:53:18 +02:00
Miroslav Stampar
34aed7cde0
Bug fix (now it's possible to use multiple parsed requests without mixing associated headers)
2014-10-22 13:49:29 +02:00
Miroslav Stampar
2f18df345e
Minor patch
2014-10-22 13:41:36 +02:00
Miroslav Stampar
268095495e
Minor patch
2014-10-22 13:32:49 +02:00
Miroslav Stampar
e239fefe67
Minor patch for JSON requests
2014-10-22 10:38:49 +02:00
Miroslav Stampar
a2f578dbf4
Patch to also include JSON array elements into automatic recognition
2014-10-22 10:28:10 +02:00
Miroslav Stampar
3ebc5faa34
Falling back to partial UNION if large dump connects out
2014-10-21 09:23:34 +02:00
Miroslav Stampar
006d9d1859
Bug fix for a problem reported by a user via ML (--os-shell)
2014-10-13 12:00:34 +02:00
Miroslav Stampar
fb65caabd2
Unhidding switch --ignore-401
2014-10-13 09:19:25 +02:00
Miroslav Stampar
4e3a4eb0ff
Added a prompt for choosing a number of threads when in crawling mode
2014-10-10 12:09:08 +02:00
Miroslav Stampar
2aadfc0fd3
Fix for an Issue #851
2014-10-10 10:38:17 +02:00
Miroslav Stampar
d4610890ca
Minor patch (flushing log file output at the end of program run)
2014-10-10 10:07:17 +02:00
Miroslav Stampar
7811a958ae
Another minor patch for Issue #846
2014-10-09 15:42:44 +02:00
Miroslav Stampar
f94ac8c69d
Second patch related to the Issue #846
2014-10-09 15:21:26 +02:00
Miroslav Stampar
c823c58d47
One patch related to the Issue #846
2014-10-09 14:39:54 +02:00
Miroslav Stampar
70215a95a1
Patch for an Issue #847
2014-10-07 13:02:47 +02:00
Miroslav Stampar
c6a8feea8a
Fix for an Issue #831
2014-10-07 12:00:11 +02:00
Miroslav Stampar
2ab4558859
Potential fix for an Issue #846
2014-10-07 11:49:53 +02:00
Miroslav Stampar
ddfec1c668
Initial patch for an Issue #846
2014-10-07 11:34:47 +02:00
Miroslav Stampar
2de12ef4a2
Potential fix for an Issue #843
2014-10-05 00:20:42 +02:00
Miroslav Stampar
fdef53aa67
Minor update of unhandled exception message
2014-10-01 14:23:45 +02:00
Miroslav Stampar
a2b059123a
Minor update of format exception strings
2014-10-01 14:12:30 +02:00
Miroslav Stampar
e81168af0f
Minor adjustment
2014-10-01 13:59:51 +02:00
Miroslav Stampar
f67a38dba9
Minor adjustment
2014-10-01 13:42:10 +02:00
Miroslav Stampar
a9454fbb43
Minor commit related to the last one (bypassing DBMS error trimming problem)
2014-10-01 13:35:20 +02:00
Miroslav Stampar
8c9014c39f
Adding a dummy (auxiliary) XSS check
2014-10-01 13:31:48 +02:00
Miroslav Stampar
4d23744430
Bug fix (there was a problem using --tamper=varnish with --identify-waf because of same named modules)
2014-09-30 09:58:02 +02:00
Miroslav Stampar
ff42720c62
Minor fix
2014-09-29 14:07:59 +02:00
Miroslav Stampar
1e636fb925
Minor patch regarding Issue #840
2014-09-28 13:38:09 +02:00
Miroslav Stampar
767c278a0f
Fix for an Issue #838
2014-09-26 17:00:50 +02:00
Miroslav Stampar
00fc842c6f
Update agent.py
2014-09-20 10:20:57 +02:00
Miroslav Stampar
69701ba08c
Minor refactoring
2014-09-17 18:29:01 +02:00
Miroslav Stampar
09064a4a24
Minor just in case patch
2014-09-17 18:25:24 +02:00
Miroslav Stampar
bbc6dd9ac8
Minor fix
2014-09-17 10:28:18 +02:00
Miroslav Stampar
6888d2fc34
Minor cosmetic update
2014-09-16 16:32:54 +02:00
Miroslav Stampar
0e8090381c
Minor cosmetic update
2014-09-16 16:21:29 +02:00
Miroslav Stampar
c5294f2cbb
Minor patch for an Issue #832
2014-09-16 16:18:13 +02:00
Miroslav Stampar
5b0732e9f9
Minor update for Issue #832
2014-09-16 15:17:50 +02:00
Miroslav Stampar
7278af01ee
Implementation for an Issue #832
2014-09-16 14:12:43 +02:00
Miroslav Stampar
57eb19377e
Minor code refactoring
2014-09-16 09:07:31 +02:00
Miroslav Stampar
45f5548113
Minor update regarding shell history file
2014-09-16 08:58:25 +02:00
Miroslav Stampar
637d3cbaf7
Fix for cases when parameter name is urlencoded
2014-09-12 13:29:30 +02:00
Miroslav Stampar
bfc8ab0e35
Language update
2014-09-08 14:48:31 +02:00
Miroslav Stampar
53d0d5bf8b
Minor update (adding a warning message about potential dropping of requests because of protection mechanisms involved)
2014-09-08 14:33:13 +02:00
Miroslav Stampar
055b759145
Minor update
2014-09-03 23:13:57 +02:00
Miroslav Stampar
bbf0be1f8d
Bug fix (Issue #813 )
2014-09-03 22:09:12 +02:00
Miroslav Stampar
112a0cb1ae
Patch for output directory (using unicode for international support)
2014-09-03 21:49:30 +02:00
Miroslav Stampar
7e40890f32
Patch for an Issue #815
2014-09-01 16:16:12 +02:00
Miroslav Stampar
25c6fca20e
Minor fix
2014-09-01 15:48:00 +02:00
Miroslav Stampar
d5d01e91ad
Warning message
2014-08-30 22:15:14 +02:00
Miroslav Stampar
20ff402103
Minor patch
2014-08-30 22:04:55 +02:00
Miroslav Stampar
dc2ee8bfa0
Minor update
2014-08-30 21:53:09 +02:00
Miroslav Stampar
177fc0376d
Minor fix for HSQLDB
2014-08-30 21:37:38 +02:00
Miroslav Stampar
1a9a331422
Bug fix (proper extending of tests when dbms is known)
2014-08-30 21:34:23 +02:00
Miroslav Stampar
e501b2a80b
Minor patch
2014-08-30 20:58:59 +02:00
Miroslav Stampar
03c8e7b7a2
Patch for an Issue #810
2014-08-30 17:13:02 +02:00
Miroslav Stampar
77cb35dcf6
Fix for an Issue #804
2014-08-28 14:26:55 +02:00
Miroslav Stampar
9476359255
Bug fix
2014-08-28 12:50:39 +02:00
Miroslav Stampar
834f8e18c8
Minor patch for an Issue #802
2014-08-28 00:45:57 +02:00
Miroslav Stampar
b77d8d617b
Minor patch for an Issue #800
2014-08-28 00:31:49 +02:00
Miroslav Stampar
7595f2b73e
Minor fix
2014-08-28 00:13:27 +02:00
Miroslav Stampar
fce671c899
Patch for an Issue #801
2014-08-28 00:00:16 +02:00
Miroslav Stampar
fd36250026
Proper fix for an Issue #757
2014-08-26 23:36:04 +02:00
Miroslav Stampar
2a268199d4
Patch for an Issue #798
2014-08-26 23:11:44 +02:00
Miroslav Stampar
e68326c0fe
expandAsteriskForColumns changes value of conf.db and conf.tbl potentially causing problems in further work
2014-08-26 22:57:08 +02:00
Miroslav Stampar
decd092b2a
Minor patch
2014-08-26 22:40:50 +02:00
Miroslav Stampar
2be0ebd883
Minor fix (e.g. Oracle identifier names can contain character $)
2014-08-26 22:40:15 +02:00
Miroslav Stampar
dcaad75a1e
Fix for an Issue #794
2014-08-22 15:08:05 +02:00
Miroslav Stampar
d74b803306
Minor patch
2014-08-22 14:45:23 +02:00
Miroslav Stampar
e0a8b89069
Minor patch when trailing space is used with comma to split option items (e.g. '-C id, name')
2014-08-22 14:19:53 +02:00
Miroslav Stampar
e3a0f25db0
Patch for an Issue #795
2014-08-22 14:11:23 +02:00
Miroslav Stampar
2ce3ccac46
Patch for an Issue #797 (switching to greedy because of performance; it shouldn't be a problem because it was a single line replacement in the first place)
2014-08-22 13:06:53 +02:00
Miroslav Stampar
77513e1de9
Minor style update
2014-08-21 01:19:10 +02:00
Miroslav Stampar
c5b71cff10
Some filtering
2014-08-21 01:12:44 +02:00
Miroslav Stampar
3cfdb5ff0f
Removing / from auto directories (it doesn't make sense to auto-test for uploading to /)
2014-08-21 00:43:37 +02:00
Miroslav Stampar
acb3b1d1fe
Bug fix for common table/column existence check
2014-08-21 00:12:19 +02:00
Miroslav Stampar
074b57804e
Minor style update
2014-08-21 00:03:46 +02:00
Miroslav Stampar
58d93ffb2b
Fix for falling back to partial union (excluding scalar queries)
2014-08-20 23:53:15 +02:00
Miroslav Stampar
90882f081d
Language update
2014-08-20 23:47:57 +02:00
Miroslav Stampar
0296081692
Minor refactoring
2014-08-20 23:42:40 +02:00
Miroslav Stampar
f51ea20bbd
Minor style update
2014-08-20 22:50:00 +02:00
Miroslav Stampar
5d10bae31f
Removing trailing blank lines
2014-08-20 21:07:19 +02:00
Miroslav Stampar
e0216771ed
Minor update
2014-08-20 15:23:07 +02:00
Miroslav Stampar
c97782cfed
Minor update of banner
2014-08-20 15:10:21 +02:00
Miroslav Stampar
07f881e711
Minor fix
2014-08-20 14:02:04 +02:00
Miroslav Stampar
b4fbb9cafe
Minor upgrade
2014-08-20 13:52:48 +02:00
Miroslav Stampar
7828f61642
Minor style update
2014-08-20 13:35:41 +02:00
Miroslav Stampar
dfa426fbb5
Minor style update
2014-08-20 13:32:32 +02:00
Miroslav Stampar
6795b51c7e
Another minor update
2014-08-20 01:59:30 +02:00
Miroslav Stampar
d08c1b7c04
Minor update
2014-08-20 01:45:42 +02:00
Miroslav Stampar
6caccc3d93
Bug fix for ultra-slow processing of binary data
2014-08-20 01:38:01 +02:00
Miroslav Stampar
ebc964267f
Better reporting on filtered-chars cases
2014-08-20 01:11:26 +02:00
Miroslav Stampar
c12e51173a
Minor style update
2014-08-20 00:28:33 +02:00
Miroslav Stampar
5a05271097
Minor fix
2014-08-19 22:34:07 +02:00
Miroslav Stampar
b0465a6a76
Adding a revision scheme for nongit checkouts
2014-08-19 22:32:16 +02:00
Miroslav Stampar
cd92de1702
Adding colorful banner
2014-08-19 22:19:22 +02:00
Miroslav Stampar
7d578d395f
Minor update for Apache on Windows
2014-08-16 16:01:18 +02:00
Miroslav Stampar
a8b4b96cd9
Extending list for brute forcing doc root
2014-08-16 15:16:03 +02:00
Miroslav Stampar
0fb576724e
Implementation for cases when there are multiple copies/variations of the same result(s) in response for partial UNION SQLi
2014-08-13 22:50:42 +02:00
Miroslav Stampar
0809a61fc3
Bug fix (whole page output as a result of partial union runs)
2014-08-13 15:18:11 +02:00
Miroslav Stampar
0a74ae736f
Probable fix for an Issue #788
2014-08-13 14:01:57 +02:00
Miroslav Stampar
658110e644
Minor fix
2014-08-11 12:46:37 +02:00
hydhyd
e7ffe92d8c
Update settings.py
...
Modified BRUTE_DOC_PREFIXES to include "/srv/www" used by default in OpenSUSE.
2014-08-06 12:59:18 +04:00
Miroslav Stampar
8599005115
Implementation for an Issue #771
2014-08-01 14:19:32 +02:00
Miroslav Stampar
208d51e0e9
Revert of last trigger happy commit
2014-08-01 13:57:43 +02:00
Miroslav Stampar
d300f99b0b
Removing a redundant code (similar check is being done upper in code)
2014-08-01 13:57:07 +02:00
Miroslav Stampar
8bc6154f06
Removing a redundant code (similar check is being done upper in code)
2014-08-01 13:53:22 +02:00
Miroslav Stampar
b31e141012
Fix for an Issue #772
2014-07-29 14:37:48 +02:00
Miroslav Stampar
20d75cc52e
Patch for an Issue #767
2014-07-29 13:32:26 +02:00
Miroslav Stampar
9fff88d6e4
Minor update
2014-07-19 23:23:55 +02:00
Miroslav Stampar
3cfa63646b
Minor bug fix
2014-07-19 23:17:23 +02:00
Miroslav Stampar
0eb5fb1e5a
Update for an Issue #757
2014-07-19 23:02:14 +02:00
Miroslav Stampar
cd1c100cc0
Another patch for an Issue #757
2014-07-14 21:10:45 +02:00
Miroslav Stampar
e66a81ab4e
Fix for an Issue #757
2014-07-11 16:24:57 +02:00
Miroslav Stampar
32af0b17b0
Update for an Issue #760
2014-07-10 08:49:20 +02:00
Miroslav Stampar
33b6d189cd
Bug fix for some cases (in cases of working where=ORIGINAL, workflow switched to where=NEGATIVE because of false assumptions that it would be better than ORIGINAL; this kind of behaviour caused reported problems)
2014-07-07 22:22:56 +02:00
Miroslav Stampar
79a66ef22c
Minor patch
2014-07-06 09:09:44 +02:00
Miroslav Stampar
b5838ae7a4
Adding missing module (Issue #674 and Issue #747 )
2014-07-03 00:29:20 +02:00
Miroslav Stampar
9d571c7800
Minor language update
2014-07-02 22:31:18 +02:00
Miroslav Stampar
e6d0d5a1c7
Implementation for an Issue #674
2014-07-02 22:27:51 +02:00
Miroslav Stampar
1eecabaea8
Patch for an Issue #746
2014-07-02 10:11:31 +02:00
Bernardo Damele
4e909a2a05
code cleanup
2014-07-01 00:58:49 +01:00
Bernardo Damele
018748f52e
increase the timeout for the Metasploit session initialization to 5 minutes, better on slow speed connections
2014-07-01 00:34:09 +01:00
Conny Brunnkvist
f0e23c9441
Use the selected random User-Agent
2014-07-01 00:27:14 +07:00
Miroslav Stampar
c2f14e57e7
Patch for an Issue #740
2014-06-29 00:27:23 +02:00
Miroslav Stampar
686fe4d0e9
Another patch for DNS exfiltration and boolean checks
2014-06-27 14:22:00 +02:00
Miroslav Stampar
8e660e6911
Minor fix
2014-06-27 14:14:29 +02:00
Miroslav Stampar
2f8d17bcb7
Appendix to last commit
2014-06-27 13:45:40 +02:00
Miroslav Stampar
75279ea75a
Fix for DNS exfiltration of boolean checks
2014-06-27 13:07:34 +02:00
Miroslav Stampar
5b5a765f96
Patch for an Issue #734
2014-06-23 12:24:08 +02:00
Miroslav Stampar
a47072eced
Patch for an Issue #732
2014-06-22 00:09:08 +02:00
Miroslav Stampar
2a88436417
Patch for an Issue #724
2014-06-16 09:51:24 +02:00
Miroslav Stampar
f558b800ac
Patch for an Issue #719
2014-06-12 09:08:55 +02:00
Miroslav Stampar
c50560c3a6
Patch for an Issue #716
2014-06-10 21:57:54 +02:00
Miroslav Stampar
5e9334ab79
Implementation for an Issue #715
2014-06-08 23:55:15 +02:00
Miroslav Stampar
54be398e83
Patch for an Issue #711
2014-06-04 16:35:07 +02:00
Miroslav Stampar
27ebc02535
Minor fix (user reported problem via email)
2014-05-29 09:33:14 +02:00
Miroslav Stampar
0f10cdfa4c
Minor update
2014-05-29 09:24:09 +02:00
Miroslav Stampar
9e02816cbd
Raising number of used md5 digits in hashdb key value because of birthday paradox (Python can handle it - automatically expanding to long if required; SQLite can handle it - it will use 6 bytes per INTEGERs instead of 4)
2014-05-29 09:21:48 +02:00
Miroslav Stampar
680ab10ca6
Patch for an Issue #703
2014-05-27 21:41:07 +02:00
Miroslav Stampar
2d5461d250
Minor fix (related to the unknown encoding reported by ML)
2014-05-22 09:03:14 +02:00
Miroslav Stampar
24954776a5
Patch for an Issue #697
2014-05-20 22:00:26 +02:00
Miroslav Stampar
babe49f086
Minor update (added new warning message)
2014-05-20 17:14:40 +02:00
Miroslav Stampar
c181e909b5
Minor fix
2014-05-16 23:47:00 +02:00
Miroslav Stampar
0f581ccb6c
Minor fix
2014-05-13 15:36:28 +02:00
Miroslav Stampar
4e8b41b869
Patch for an Issue #688
2014-05-13 00:50:36 +02:00
Miroslav Stampar
3a2916724c
Minor style update
2014-05-11 17:12:15 +02:00
Miroslav Stampar
a72d73804e
Revert of 9255174890
(bug was introduced with it)
2014-05-10 01:31:44 +02:00
Miroslav Stampar
93bf8e2a13
Bug fix
2014-05-10 01:11:19 +02:00
Miroslav Stampar
8f0807d7f9
Another fix related to the last commit
2014-05-09 22:55:16 +02:00
Miroslav Stampar
5eae002084
Minor fix
2014-05-09 22:45:43 +02:00
Miroslav Stampar
9255174890
Minor fix
2014-05-09 22:39:56 +02:00
Miroslav Stampar
bc4369be06
Fix for an Issue #687
2014-05-07 09:16:17 +02:00
Miroslav Stampar
2a55f75f86
Using a more generic XML recognition regex
2014-04-30 21:25:45 +02:00
Miroslav Stampar
2e96e3c924
Adding a hidden switch --ignore-401
2014-04-29 23:26:45 +02:00
Miroslav Stampar
eb8e31c23f
Adding a failsafe output directory
2014-04-27 22:40:41 +02:00
Miroslav Stampar
b54651b5a2
Minor patch (while saving configuration file)
2014-04-25 09:32:57 +02:00
Miroslav Stampar
ae8b1fe89c
Implementation for an Issue #678
2014-04-25 09:17:10 +02:00
Miroslav Stampar
e0fb21c26a
Patch for an Issue #673
2014-04-21 21:57:30 +02:00
Miroslav Stampar
f29769b7d0
Minor patch
2014-04-16 09:06:17 +02:00
Miroslav Stampar
ef5ce7e66c
Fix for an Issue #670
2014-04-12 17:22:47 +02:00
Miroslav Stampar
fd884ec67b
Adding another comment
2014-04-12 17:22:47 +02:00
Miroslav Stampar
b5cca742e4
Adding a comment
2014-04-12 17:22:47 +02:00
Miroslav Stampar
7f371c499d
Commit related to the last one
2014-04-10 21:29:59 +02:00
Miroslav Stampar
096ce7881e
Minor beauty patch
2014-04-10 21:18:24 +02:00
Miroslav Stampar
0d1690de61
Minor fix
2014-04-10 21:18:24 +02:00
Miroslav Stampar
1e8349eeaa
Minor fix
2014-04-10 21:18:24 +02:00
Miroslav Stampar
2d3a74a0fe
Patch for an Issue #667
2014-04-07 21:01:40 +02:00
Miroslav Stampar
cb0044b2c4
Minor beauty patch
2014-04-07 20:28:17 +02:00
Miroslav Stampar
fdad787681
Graceful abort in case of an invalid option in configuration file
2014-04-07 20:22:51 +02:00
Miroslav Stampar
e3ccf45503
Graceful abort in case of an invalid configuration file
2014-04-07 20:17:47 +02:00
Miroslav Stampar
bcf754fb17
Consistency patch (to be the same as in help listing)
2014-04-07 20:10:21 +02:00
Miroslav Stampar
b74de19213
Trivial style update
2014-04-07 20:06:03 +02:00
Miroslav Stampar
75f447ccf8
Renaming lib/core/purge to lib/utils/purge
2014-04-07 20:04:07 +02:00
Miroslav Stampar
9c7fbd1a90
Minor refactoring
2014-04-06 18:19:54 +02:00
Miroslav Stampar
4f4c50c4d5
Minor language update
2014-04-06 18:12:59 +02:00
Miroslav Stampar
bf18b025d6
Minor removal of redundant code
2014-04-06 18:09:54 +02:00
Miroslav Stampar
e931344617
More elegant implementation for --random-agent
2014-04-06 18:05:43 +02:00
Miroslav Stampar
9456dc68e7
Minor patch
2014-04-06 17:24:27 +02:00
Miroslav Stampar
1c92d8d51f
More generic implementation for --proxy-file (accepting public lists format)
2014-04-06 17:23:13 +02:00
Miroslav Stampar
bbf08a825e
Minor language fix
2014-04-06 17:12:43 +02:00
Miroslav Stampar
cf250a0381
Minor patch (it would go boom if special character was inside the --param-del)
2014-04-06 17:02:32 +02:00
Miroslav Stampar
053b0fd0e9
Renaming conf.oDir to conf.outputDir
2014-04-06 16:54:46 +02:00
Miroslav Stampar
7cc4159316
Renaming conf.cDel to conf.cookieDel
2014-04-06 16:50:58 +02:00
Miroslav Stampar
0ae8ac707e
Renaming conf.pDel to conf.paramDel
2014-04-06 16:48:46 +02:00
Miroslav Stampar
95e7ca02f0
Minor bug fix (-d was not recognized as one of mandatory in case of config file)
2014-04-06 16:45:25 +02:00
Miroslav Stampar
1b3a98b8ef
Trivial update (for consistency sake)
2014-04-06 13:42:15 +02:00
Miroslav Stampar
492a410bcc
Minor fix
2014-04-04 16:14:53 +02:00
Miroslav Stampar
15f92c4197
Bug fix (port was not being used properly with Burp exported history)
2014-04-03 09:46:37 +02:00
Miroslav Stampar
1632bec10b
Another fix related to the last commit
2014-04-03 09:05:12 +02:00
Miroslav Stampar
e7e8a3965a
Minor fix
2014-04-03 09:00:14 +02:00
Miroslav Stampar
80d4426dbd
Patch related to the Issue #661
2014-04-02 22:34:37 +02:00
Miroslav Stampar
d8bacc904e
Minor language update
2014-04-01 16:38:50 +02:00
Miroslav Stampar
3e024ac8e6
Minor update (consistency patch)
2014-03-30 16:51:31 +02:00
Miroslav Stampar
76b9fad24a
Fix for an Issue #656
2014-03-30 16:21:18 +02:00
Miroslav Stampar
b2cc8f00ef
Bug fix (ORACLE_OLD on Windows - resulted in multiple entry per line output due to no locking used)
2014-03-28 00:41:22 +01:00
Miroslav Stampar
e8c1c90f2e
Whitespace was being double encoded in case of spaceplus (' '->%2B)
2014-03-25 22:02:14 +01:00
Miroslav Stampar
3710a7051b
Fix for an Issue #653
2014-03-25 21:26:22 +01:00
Miroslav Stampar
930c3e3c5a
Minor update (added check for --limit and --risk)
2014-03-25 09:28:12 +01:00
Miroslav Stampar
f6e1d9e026
Fix for an Issue #650
2014-03-24 10:46:23 +01:00
Miroslav Stampar
106102bd3c
Fix for an Issue #648
2014-03-21 20:28:29 +01:00
Bernardo Damele
9f838c3d5b
typo fix
2014-03-21 11:37:34 +00:00
Bernardo Damele
8091a88d3e
minor code cleanup and bug fix
2014-03-21 11:35:30 +00:00
Bernardo Damele
c211255773
replaced outfile with dumpfile so works even if the original statement outputs blob
2014-03-21 11:01:57 +00:00
Miroslav Stampar
39ab3b9149
Minor fix for meta refresh
2014-03-20 13:13:47 +01:00
Miroslav Stampar
d7f0da5599
Minor patch for an Issue #646
2014-03-20 13:08:28 +01:00
Miroslav Stampar
97fe5e52c2
Fix for an Issue #644
2014-03-18 16:41:05 +01:00
Miroslav Stampar
97f603af4a
Fix for an Issue #641
2014-03-17 20:20:25 +01:00
Miroslav Stampar
0622cdf3d8
Bug fix (credentials used in combination with request file)
2014-03-15 09:29:21 +01:00
Miroslav Stampar
3b47418a1d
Fix for an Issue #640
2014-03-14 22:20:20 +01:00
Miroslav Stampar
56d76e6bfd
Updating list of extensions to exclude from crawling
2014-03-14 21:34:16 +01:00
Miroslav Stampar
be3fd8bb29
Fix for an Issue #638
2014-03-14 16:44:56 +01:00
Miroslav Stampar
17742df0fa
Update for an Issue #636 (to prevent eventual future reports with lack of stack trace)
2014-03-11 21:18:31 +01:00
Miroslav Stampar
2f8846caec
Fix for an Issue #636
2014-03-11 21:11:51 +01:00
Miroslav Stampar
d1a6a775f1
Patch for an Issue #636
2014-03-11 21:00:15 +01:00
Miroslav Stampar
f1f53a5841
Minor cosmetic update
2014-03-06 21:08:31 +01:00
Miroslav Stampar
490d51258e
Raising number of minimum time responses (15 is statistically too low)
2014-03-03 20:49:58 +01:00
Miroslav Stampar
291a0d772a
Update for an Issue #615
2014-02-27 14:23:14 +01:00
Miroslav Stampar
2ffdee5733
Bug fix for PAYLOAD.WHERE.REPLACE payloads containing custom injection marker ([ORIGVALUE] was screwed)
2014-02-26 11:41:48 +01:00
Miroslav Stampar
cc62a8adc9
Bug fix for JSON-like data (proper escaping of quotes)
2014-02-26 09:30:37 +01:00
Miroslav Stampar
6369a38ebc
Adding support for JSON-like data with single quote
2014-02-26 08:56:17 +01:00
Miroslav Stampar
465f968be6
Minor cosmetic update
2014-02-26 08:41:23 +01:00
Miroslav Stampar
edc8ef9d5b
Patch for an Issue #611 (original page used in case of tamper functions was wrong - e.g. if --tamper=base64encode was used)
2014-02-25 13:48:34 +01:00
Miroslav Stampar
2a423d61ef
Raising number of requests for false positive testing in case of higher levels
2014-02-23 19:40:01 +01:00
Miroslav Stampar
d405fc1157
Minor update (for the consistency sake)
2014-02-16 22:04:12 +01:00
Miroslav Stampar
58eac364a2
Bug fix
2014-02-16 21:57:14 +01:00
Miroslav Stampar
dfa727cbc5
Fix for a same bug mentioned in last commit
2014-02-16 21:47:14 +01:00
Miroslav Stampar
43df4efd11
Bug fix (bad idea is to do os.path.join on web URLs - especially on Windows OS)
2014-02-16 21:44:57 +01:00
Miroslav Stampar
d05bfdd7dd
Implementing option '--where' (Issue #605 )
2014-02-11 16:20:45 +01:00
Bernardo Damele
be6767b3b0
minor fix for command execution via web shell
2014-02-10 09:59:57 +00:00
Miroslav Stampar
fe0ff6e679
Changing 'is injectable' to 'seems to be injectable' for boolean and time-based blind injection cases - for false positive cases
2014-02-09 17:50:16 +01:00
Miroslav Stampar
8521265526
Minor fix
2014-02-07 14:40:43 +01:00
Miroslav Stampar
534c2ee0e6
Minor update
2014-02-01 22:12:00 +01:00
Miroslav Stampar
0e44132778
Removing unused imports
2014-02-01 21:49:12 +01:00
Miroslav Stampar
f97fcb7bb3
Adding a switch --invalid-string
2014-01-23 21:56:06 +01:00
Miroslav Stampar
f88f6dcd7e
Changing --invalid-bignum from float producing to int producing
2014-01-23 09:07:25 +01:00
Miroslav Stampar
fc02badf40
Minor update
2014-01-23 08:33:21 +01:00
Bernardo Damele
bc29bf6481
removed comments
2014-01-13 23:57:49 +00:00
Bernardo Damele
1505f1dc74
removed useless sink
2014-01-13 23:55:32 +00:00
Bernardo Damele
124ebefc7f
code cleanup
2014-01-13 23:48:15 +00:00
Bernardo Damele
3c79d66569
fixed stderr
2014-01-13 17:34:38 +00:00
Bernardo Damele
43a4e85749
updated copyright
2014-01-13 17:24:49 +00:00
Bernardo Damele
dfa9076a70
fixed and improved web shell upload in MySQL (it was actually broken since fc57b7565d
)
2014-01-13 17:12:37 +00:00
Miroslav Stampar
6863436d4e
Implementation for an Issue #596
2014-01-13 10:05:56 +01:00
Bernardo Damele
d9e00adfae
minor fix
2014-01-10 17:23:16 +00:00
Miroslav Stampar
36f3ab5798
Minor bug fix (for cases when race between thread and main thread is causing server._running to not be set to True)
2014-01-09 15:46:55 +01:00
Miroslav Stampar
cb1f17cb04
Proper patch for an Issue #591
2014-01-02 12:15:56 +01:00
Miroslav Stampar
5437f8bf36
Fix for an Issue #85
2014-01-02 12:09:58 +01:00
Miroslav Stampar
4de83daf03
Minor style update
2014-01-02 11:06:19 +01:00
Miroslav Stampar
e0143e397a
Consistency fix (down below we use direct SQL)
2014-01-02 10:59:53 +01:00
Miroslav Stampar
0b4fcb6845
Fix for an Issue #591
2014-01-02 10:55:40 +01:00
Miroslav Stampar
854a55166c
Fix for an Issue #588
2014-01-02 10:29:10 +01:00
Miroslav Stampar
9b4b070ecf
Minor cosmetics
2014-01-02 10:05:58 +01:00
Miroslav Stampar
192a911b76
Patch for an Issue #28
2013-12-29 16:16:50 +01:00
Miroslav Stampar
41d6c1af82
Patch for an Issue #589
2013-12-28 13:47:40 +01:00
Miroslav Stampar
6c80f2903b
Patch for an Issue #564
2013-12-27 11:02:59 +01:00
Miroslav Stampar
cadbddd607
Adding a boundary proposed in Issue #564
2013-12-27 10:46:18 +01:00
Miroslav Stampar
7718edac9b
Fix for an Issue #570
2013-12-27 09:40:33 +01:00
Miroslav Stampar
02de2aee6d
Patch for an Issue #582
2013-12-26 22:27:04 +01:00
Miroslav Stampar
ab64d385d6
Bug fix (stacked queries as in PgSQL and MsSQL DNS tunneling queries MUST end with the comment - not the recognized underlying technique's suffix)
2013-12-25 22:18:57 +01:00
Miroslav Stampar
2c2667b2be
Minor patch for an Issue #575
2013-12-18 00:56:24 +01:00
Miroslav Stampar
fd6dcd8bf5
Merge pull request #583 from mattoufoutu/api
...
RESTful API improvements
2013-12-17 14:10:19 -08:00
Miroslav Stampar
f18abb1e9c
Minor update (proxy can be also a https one (e.g. Burp for HTTPS targets)
2013-12-17 09:30:51 +01:00
Miroslav Stampar
7d8eb148ce
Patch for an Issue #565 (DuckDuckGo doesn't like identity encoding)
2013-12-17 09:30:04 +01:00
Miroslav Stampar
4819e19200
Patch for an Issue #584
2013-12-16 22:00:47 +01:00
Mathieu Deous
4c9456dd72
moar logging!
2013-12-15 16:59:47 +01:00
Mathieu Deous
438ad73016
avoid names shadowing
2013-12-15 09:22:01 +01:00
Mathieu Deous
eda9a3da67
all instance attributes should be defined in constructor
2013-12-15 09:16:38 +01:00
Mathieu Deous
3effaee2a1
avoid using global variables, use a "store" class
2013-12-15 00:19:58 +01:00
Mathieu Deous
c70f2a4e6d
unused imports
2013-12-15 00:00:08 +01:00
Mathieu Deous
aa02019638
return file content in a json message when calling download endpoint
2013-12-14 16:33:17 +01:00
Mathieu Deous
c87ad1bab5
make returned values more coherent
2013-12-14 16:22:30 +01:00
Mathieu Deous
72137e85f9
do not reset options when firing a scan
2013-12-14 15:59:47 +01:00
Mathieu Deous
af7ad31182
fix commit method usage (belongs to connection, not cursor)
2013-12-14 15:58:09 +01:00
Mathieu Deous
c5a3f54b89
remove unused imports
2013-12-14 15:47:26 +01:00
Mathieu Deous
8a946509b9
PEP8
2013-12-14 15:44:10 +01:00
Miroslav Stampar
5b2ded0b18
Fix for an Issue #577
2013-12-13 21:00:26 +01:00
Miroslav Stampar
437278e32d
Fix for an Issue #580
2013-12-13 19:48:05 +01:00
Mathieu Deous
c3dd6e1e32
api's get_option function doesn't lookup the right object
2013-12-08 17:46:02 +01:00
Miroslav Stampar
b0ca34ff27
Bug fix (payload character '=' was not being url-encoded in custom (user) post cases - when posthint was None)
2013-12-04 10:09:54 +01:00
Miroslav Stampar
bf3fbb0ae0
Ignore Google analytics cookies
2013-12-04 09:56:37 +01:00
Miroslav Stampar
dd2ddec79a
Minor fix (better extraction of original value in case of replacement and custom POST injection mark)
2013-12-03 13:37:04 +01:00
Miroslav Stampar
59d667d94c
Minor update
2013-12-01 22:25:12 +01:00
Miroslav Stampar
7054586e8a
Update for an Issue #565 (more work TBD - DuckDuckGo has some kind of IP blocking mechanism)
2013-11-25 20:57:07 +01:00
Miroslav Stampar
cda27ec20b
Patch for an Issue #563
2013-11-24 15:01:51 +01:00
Bernardo Damele
59b6791faa
minor improvement
2013-11-19 00:24:47 +00:00
Bernardo Damele
c37ad88283
minor bug fix
2013-11-13 14:34:19 +00:00
Miroslav Stampar
3c67ba08c5
Minor fix
2013-11-12 14:53:05 +01:00
Miroslav Stampar
354aaeae5b
Removing unused imports
2013-11-12 14:11:07 +01:00
Miroslav Stampar
d84ddf23bd
Replacing os.sep constructs with os.path.join
2013-11-12 14:08:41 +01:00
Miroslav Stampar
2f1607b4d5
Minor fix for dumping non-alphanumeric database names
2013-11-12 13:13:47 +01:00
Miroslav Stampar
0a4512e9ae
Implementation for an Issue #557
2013-11-08 09:23:38 +01:00
Miroslav Stampar
48bd2e75e9
Minor patch
2013-10-28 13:59:38 +01:00
Miroslav Stampar
7ed05f01b3
Minor update
2013-10-27 00:24:57 +02:00
Miroslav Stampar
fabbe63f00
Proper fix for re.sub() call with repl value containing backslash
2013-10-23 18:07:38 +02:00
Miroslav Stampar
28529a92a7
Minor fix (for parameters with \ in value)
2013-10-23 10:49:50 +02:00
Miroslav Stampar
9f21406a4b
Using cPickle in BigArray (faster and potentially less memory used)
2013-10-21 20:48:00 +02:00
Miroslav Stampar
8dac47f7e5
Minor patch (for recognition of x-mac-turkish codec)
2013-10-21 20:04:48 +02:00
Miroslav Stampar
e197720def
Fix for an Issue #546
2013-10-19 20:54:52 +02:00
Miroslav Stampar
777d999e71
Minor update
2013-10-18 15:39:46 +02:00
Miroslav Stampar
6ff2b931ff
Another patch for an Issue #545
2013-10-17 23:42:51 +02:00
Miroslav Stampar
334c698d53
Adding change verbosity level in testing phase when Ctrl+C pressed
2013-10-17 16:54:53 +02:00
Miroslav Stampar
304c9822bd
Patch for an Issue #545
2013-10-17 16:38:07 +02:00
Miroslav Stampar
5b8d631dc0
Minor update
2013-10-16 11:48:00 +02:00
Miroslav Stampar
04dbee3bec
Update for a more generic JSON recognition regex
2013-10-16 11:39:04 +02:00
Moshe Kaplan
8cd641a2a6
minor typos corrected
...
"choosen" -> "chosen"
2013-10-15 13:26:24 -04:00
Miroslav Stampar
d7906e8f18
Minor fix
2013-10-15 09:49:27 +02:00
Miroslav Stampar
344d3f4b5f
Minor patch
2013-10-12 21:05:18 +02:00
Miroslav Stampar
b8d49c2ea2
Minor usability patch
2013-10-12 20:41:25 +02:00
Miroslav Stampar
98d27ef200
Bug fix (missing permissions when creating dump directory)
2013-10-11 21:17:12 +02:00
Ben Buchacher
54a6c01005
Fix - Custom objects cannot be serialized in JSON
...
Custom objects cannot be serialized in JSON, convert tasks into list before serializing.
2013-10-10 16:06:29 -07:00
Miroslav Stampar
2dc570d7a8
Minor patch (for ORDER BY 'col' cases)
2013-10-10 23:08:20 +02:00
Miroslav Stampar
dd87233fe4
Minor patch (to accept * inside urls in request files too)
2013-10-10 15:04:48 +02:00
Miroslav Stampar
369006ca73
Bug fix
2013-10-07 12:54:25 +02:00
Miroslav Stampar
18d9e1dbc3
Minor update due to reported (debug) problems with SSLv23
2013-10-04 10:53:49 +02:00
Miroslav Stampar
a944028114
Revert of last commit
2013-10-02 22:14:50 +02:00
Miroslav Stampar
9ceb518a50
Minor patch
2013-10-02 22:03:53 +02:00
Miroslav Stampar
8e2f4669d8
Removing dependency for bz2 as there are some reported problems with the library on non-standard platforms
2013-10-02 20:32:18 +02:00
Miroslav Stampar
45c88b36c6
Fix for an Issue #532
2013-09-30 09:33:39 +02:00
Miroslav Stampar
2fbd7e8929
Minor fix
2013-09-24 21:56:40 +02:00
Miroslav Stampar
df9b1d72de
Minor update
2013-09-24 21:44:59 +02:00
Miroslav Stampar
f11e15a180
Minor update
2013-09-11 23:22:10 +02:00
Miroslav Stampar
a3defc175d
Fix (we are not using certificate but PEM private key file in this particular authentication; also, auxiliary cert_file is holding certificate chain that is ignored by python itself)
2013-09-11 23:17:18 +02:00
Miroslav Stampar
176f744ac6
Minor cosmetic update
2013-09-11 15:05:37 +02:00
Miroslav Stampar
696fb6530e
Cosmetic fix (Kali shows ugly 'python ./sqlmap.py' in usage)
2013-09-11 14:57:38 +02:00
Miroslav Stampar
4cf49bc0cc
Minor fix for an Issue #517
2013-09-05 09:22:11 +02:00
Miroslav Stampar
b17bb07301
Minor regex update
2013-09-04 19:28:59 +02:00
Miroslav Stampar
bf57f636a3
Fix for an Issue #517
2013-09-04 19:22:24 +02:00
Miroslav Stampar
81409ce6da
Minor patch
2013-09-02 10:54:32 +02:00
Miroslav Stampar
dd39913cf6
Improvement for an --eval mechanism
2013-08-31 00:28:51 +02:00
Miroslav Stampar
3a57af1452
Minor fix
2013-08-30 15:26:03 +02:00
Miroslav Stampar
9e975210ac
Implementation for an Issue #515
2013-08-30 10:22:43 +02:00
Miroslav Stampar
e0bfb0503c
Minor language update
2013-08-30 09:55:57 +02:00
Miroslav Stampar
28eca2116f
Fix for an Issue #513
2013-08-27 13:55:38 +02:00
Miroslav Stampar
7cb3ea20dd
Minor patch for a problem noticed yesterday too (in some cases if Ctrl-C is pressed sent is most probably a None value)
2013-08-23 11:59:58 +02:00
Miroslav Stampar
88b992ad83
Fixing a bug noticed during the yesterday's AppSecEU presentation (--headers='user-agent:foobar*' was not working properly)
2013-08-23 11:54:08 +02:00
Miroslav Stampar
0cf2bdeb1c
Minor language update
2013-08-22 11:11:30 +02:00
Miroslav Stampar
bc19f40d09
Minor update
2013-08-22 10:44:21 +02:00
Miroslav Stampar
23f2c5f166
Finishing implementation for an Issue #58
2013-08-20 19:35:49 +02:00
Miroslav Stampar
c586559e30
Patch for an Issue #510
2013-08-20 18:54:32 +02:00
Miroslav Stampar
6cc0cf3702
Minor comment update
2013-08-20 18:36:31 +02:00
Miroslav Stampar
1f2c8fbf59
Fix for an Issue #500
2013-08-13 20:40:36 +02:00
Miroslav Stampar
38ee95e2c9
Minor language update
2013-08-13 18:58:24 +02:00
Miroslav Stampar
52a71546d0
Implementation for an Issue #507
2013-08-13 18:55:23 +02:00
Miroslav Stampar
4929cff0c0
Minor update
2013-08-13 06:42:49 +02:00
bladeswords
6d756317c3
Remove debugging which prevents sqlmap from running smoothly
2013-08-13 13:58:45 +10:00
Miroslav Stampar
b2855e0281
Minor patch
2013-08-12 14:25:51 +02:00
Miroslav Stampar
a711c9ed36
Minor cleanup and initial work for #58
2013-08-09 14:13:48 +02:00
Miroslav Stampar
4beef0900d
Minor language fix (we support SOCKS proxy settings too)
2013-08-09 13:58:42 +02:00
Miroslav Stampar
1088011bf0
Adding new binary file formats for excluding in crawling
2013-08-02 23:07:13 +02:00
Miroslav Stampar
32c1cb20f5
Fix for an Issue #497
2013-08-01 19:48:20 +02:00
Miroslav Stampar
953b5815d8
Implementation for an Issue #496
2013-07-31 21:15:03 +02:00
Miroslav Stampar
6b826ef64d
Reintroducing option --cookie-del
2013-07-31 20:41:19 +02:00
Miroslav Stampar
ca44b23d20
Implementation for --eval to support cookies
2013-07-31 17:29:16 +02:00
Miroslav Stampar
eaacbe0b12
Minor language fix
2013-07-31 09:24:34 +02:00
Miroslav Stampar
941b2387c0
Minor fix
2013-07-31 09:22:45 +02:00
Miroslav Stampar
4f58e0af0c
Minor fix
2013-07-31 08:45:04 +02:00
Miroslav Stampar
a585aa4bff
Adding support for ~
2013-07-29 20:42:29 +02:00
Miroslav Stampar
de31688c4f
Update for an Issue #481
2013-07-29 18:25:27 +02:00
Miroslav Stampar
b921ff0729
Fix for an Issue #495
2013-07-27 11:20:43 +02:00
stamparm
dbb0d7f700
Important fix (Issue #489 ) - we had a bad presumption than only public schema could be used for enumeration (while all schemas inside a current db could be used)
2013-07-19 13:24:35 +02:00
stamparm
28cd50b2f1
Patch for an Issue #490
2013-07-16 14:08:32 +02:00
stamparm
e6f71c2130
Making 10% less requests in futile higher level/risk runs (using static template payloads for where==NEGATIVE)
2013-07-15 16:24:49 +02:00
stamparm
c9d3974205
Minor fix (templatePayload had duplicate string patterns for where==NEGATIVE)
2013-07-15 13:54:02 +02:00
stamparm
ac2d40e259
Revert of last commit (there is a chance that that big integer value is really valid :)
2013-07-15 13:34:38 +02:00
stamparm
a097ee1505
Switching --invalid-bignum to a pure integer constant (more generic - more statements require pure integer constant)
2013-07-15 13:31:56 +02:00
Miroslav Stampar
f54082111d
Better way how to deal with required extensions
2013-07-13 19:25:49 +02:00
Miroslav Stampar
3f6d4083a7
Minor language update
2013-07-13 17:19:16 +02:00
Miroslav Stampar
31efabfca1
Appropriate error messaging when one of core libraries are missing due to erroneous Python build
2013-07-13 16:07:36 +02:00
Miroslav Stampar
4d9f8ad0dd
Commit related to the last one
2013-07-13 12:00:03 +02:00
stamparm
dc1623a40f
Fix for a bug reported over ML (error: unbalanced parenthesis)
2013-07-11 10:20:58 +02:00
stamparm
01159575b2
Fix for an Issue #488
2013-07-11 10:11:43 +02:00
stamparm
1ae68b9bb3
Update for an Issue #405 (fix for usage of old 'complete' data from previous runs)
2013-07-10 17:18:09 +02:00
stamparm
f6c7b398fd
Update for an Issue #405 (fix for persistent options problem)
2013-07-10 16:57:44 +02:00
stamparm
aad102378a
Fix for an Issue #487
2013-07-09 11:00:43 +02:00
stamparm
be5ce760b6
Fix for an Issue #485 (failing back to single-thread mode if over some bisection length)
2013-07-09 10:24:48 +02:00
stamparm
d7c0805e7c
Removing leftover
2013-07-08 12:45:02 +02:00
stamparm
a548eb5c70
Minor text update
2013-07-08 12:44:14 +02:00
stamparm
d0e79a4d15
Minor text update
2013-07-08 12:38:36 +02:00
stamparm
a530817727
Minor typo fix
2013-07-08 11:52:46 +02:00
stamparm
8d3435ab0b
Removing reflective warning for parsing heuristic test
2013-07-08 11:48:33 +02:00
stamparm
db536427f0
Adding a question for storing hashes to a temporary file (after a mention of it on Twitter)
2013-07-04 15:34:00 +02:00
stamparm
f97b35dcc1
Patch for an Issue #475
2013-07-01 13:43:38 +02:00
stamparm
017ce22a2f
Minor consistency patch (Issue #475 )
2013-07-01 13:01:53 +02:00
stamparm
5ff09aff63
Some more adjustments (Issue #475 )
2013-07-01 12:50:12 +02:00
stamparm
04046f38eb
Minor update (Issue #475 )
2013-07-01 12:26:57 +02:00
stamparm
f7d15cb465
Official naming is HSQLDB (and/or HyperSQL)
2013-07-01 11:57:47 +02:00
Miroslav Stampar
aeb83ba651
Merge pull request #475 from Meatballs1/hsql_clean
...
HSQL Payloads and Query Support
2013-07-01 02:38:04 -07:00
Miroslav Stampar
a1842f44f5
Fix for an Issue #477
2013-06-29 20:55:48 +02:00
stamparm
fd5b665f7d
Removing arithmetic operations from false positive checking to minimize affect of character filtering ('>' and '=' have to stay because those are minimal requirements)
2013-06-26 10:55:34 +02:00
Meatballs
4595b2c287
decodeHexValue
2013-06-24 23:45:39 +01:00
Meatballs
09e1dc814d
Fix concat
2013-06-24 23:20:34 +01:00
Meatballs
ed40a76c9d
Fix dummy table
2013-06-24 23:18:47 +01:00
Meatballs
9212b05eeb
Add call to execute statements
2013-06-24 15:01:44 +01:00
Meatballs
62000c6406
Remaining files
2013-06-24 14:42:58 +01:00
Meatballs
7b6cc3d183
Add hsql settings
2013-06-24 14:38:44 +01:00
Meatballs
20a5d9a16e
Include HSQL dummy table
2013-06-24 14:37:42 +01:00
Miroslav Stampar
0355e29b7c
Minor fix (NoneType has no attribute split)
2013-06-24 14:49:53 +02:00
Miroslav Stampar
95ed6b7203
Minor patch (Issue #470 )
2013-06-24 14:37:45 +02:00
Miroslav Stampar
fca6772df6
Implementation for an Issue #468
2013-06-22 00:13:46 +02:00
Bernardo Damele
a72096a345
slightly more appropriate definition of output variable
2013-06-19 20:25:01 +01:00
Bernardo Damele
cae108d9fc
careful at merging pull requests with TABs ( #466 )
2013-06-19 19:49:53 +01:00
stamparm
a53823f9b7
Minor refactoring
2013-06-19 10:59:26 +02:00
stamparm
690645f6c7
Cosmetic fix
2013-06-19 10:50:00 +02:00
stamparm
a7787e83b8
Minor fix for case-insensitive union duplicates
2013-06-18 12:52:36 +02:00
Miroslav Stampar
aff7092736
Merge pull request #466 from Meatballs1/xp_cmdshell_output
...
Unable to retrieve XP_Cmdshell Output
2013-06-18 00:47:08 -07:00
stamparm
9a6f5a95f5
Minor patch for SQLAlchemy/MSSQL
2013-06-18 09:36:09 +02:00
Meatballs
c5087399c1
Fix exception if init technique not available
2013-06-16 10:47:27 +01:00
Meatballs
2c98507f1e
Add better error msg
2013-06-16 10:27:08 +01:00
Meatballs
caa326774c
Fallback to blind
2013-06-16 10:22:20 +01:00
Miroslav Stampar
63d0e9bb12
Adding support for MsSQL >=2012 hash format (based on commit 70107f74f0be5357654f170a3f321e3e55e81881)
2013-06-13 21:50:35 +02:00
Miroslav Stampar
f185e5cdd5
Fix for an Issue #463
2013-06-10 22:26:34 +02:00
Miroslav Stampar
cdb434805a
Using alpha character as a boundary in union/error techniques (instead of ':') to support wider range of (output filtering) cases
2013-06-10 22:14:45 +02:00
Miroslav Stampar
6f49b96a2d
Fix for an Issue #462
2013-06-10 12:20:58 +02:00
Miroslav Stampar
3583f45ee7
Fix for an Issue #461
2013-06-10 11:44:56 +02:00
Miroslav Stampar
39612b5d87
Fix for an Issue #457
2013-06-04 23:46:39 +02:00
Miroslav Stampar
c1592e8508
Code refactoring (moving import ctypes to be used only when needed)
2013-06-04 22:23:44 +02:00
Miroslav Stampar
3e0f747fad
Minor fix
2013-06-04 00:05:25 +02:00
Miroslav Stampar
213d0ecfb9
Minor fix
2013-06-03 23:32:57 +02:00
Miroslav Stampar
edc9da1226
Minor refactoring
2013-06-03 15:14:56 +02:00
Miroslav Stampar
351c70b390
Locale module screws string.letters, etc. in some cases (e.g. IDLE run)
2013-06-01 14:06:58 +02:00
Miroslav Stampar
b7989f93c5
Trivial update regarding last commit
2013-05-30 12:04:56 +02:00
Miroslav Stampar
ed8f16e754
Minor update on user's request
2013-05-30 12:01:13 +02:00
Miroslav Stampar
12870e6ff3
Minor fix
2013-05-30 11:42:27 +02:00
Miroslav Stampar
793a8ad349
Minor fix
2013-05-30 11:38:24 +02:00
stamparm
f4ca4cd6c5
Minor update
2013-05-29 15:49:09 +02:00
stamparm
c3038fcb65
Minor cosmetic update
2013-05-29 15:46:59 +02:00
stamparm
8fbf4b11d2
Trivial update regarding last commit
2013-05-29 15:45:13 +02:00
stamparm
dfd6ee20bb
Patch for an Issue #454
2013-05-29 15:26:11 +02:00
stamparm
60df3e9d1e
Minor cosmetic update (displaying 'Technique: DIRECT' instead of 'Technique: None' in case of direct access)
2013-05-29 15:04:14 +02:00
stamparm
e28b056028
Dummy fix
2013-05-29 14:26:00 +02:00
stamparm
6b280d8da4
Putting 2 decimal places for debug messages with performed queries (e.g. to handle a problem with 0 seconds roundup)
2013-05-28 14:40:45 +02:00
stamparm
bc4e1dab19
Getting rid of those ugly warning messages
2013-05-28 11:24:56 +02:00
stamparm
659c0bb418
Minor fix
2013-05-27 10:38:47 +02:00
Miroslav Stampar
f3f752d85c
Patch for an Issue #452
2013-05-25 18:52:59 +02:00
Miroslav Stampar
a85a0e53de
Fix for an Issue 'ValueError: Invalid IPv6 URL'
2013-05-25 18:00:21 +02:00
Miroslav Stampar
e18796dbe1
Minor style update
2013-05-25 18:00:20 +02:00
Miroslav Stampar
e7ddc2fcab
Minor fix
2013-05-23 12:57:33 +04:00
Miroslav Stampar
eb8e12b7c2
Minor adjustment (for headers like 'name: http://asdas ')
2013-05-23 11:29:43 +04:00
stamparm
1b3f1a4016
More appropriate naming (also, preventing ambiguities with --smart)
2013-05-22 23:21:43 +04:00
stamparm
4b2cf07262
Minor style update
2013-05-20 16:15:35 +02:00
Miroslav Stampar
1a4ea186ca
Consistency fix
2013-05-19 23:00:40 +02:00
Miroslav Stampar
d3ad408a21
Minor cosmetics
2013-05-19 22:17:53 +02:00
Miroslav Stampar
4f49dad2ba
Minor cosmetics
2013-05-19 01:19:54 +02:00
Miroslav Stampar
6cfcc1af63
Minor cosmetic
2013-05-19 01:17:22 +02:00
Miroslav Stampar
ea5c742595
Update (lagging checking is now always done once when time based compare is done; not only in case if statistical model is being filled)
2013-05-18 21:30:21 +02:00
Miroslav Stampar
980a0e3adb
Trivial update
2013-05-18 21:00:53 +02:00
Miroslav Stampar
1ff98c2ff9
Another minor text update
2013-05-18 21:00:11 +02:00
Miroslav Stampar
967513e1bb
Minor message update
2013-05-18 20:59:23 +02:00
Miroslav Stampar
caa4ee96cd
Minor cosmetic update
2013-05-18 18:28:44 +02:00
Miroslav Stampar
6608410320
Adding a question after WAF has been identified
2013-05-18 18:26:40 +02:00
Miroslav Stampar
b2b3b3b5a6
Minor bug fix (level names not properly used in non-logger output)
2013-05-18 16:44:21 +02:00
Miroslav Stampar
f24c8c6b6b
Changing logging type to warning for parsed error messages
2013-05-18 16:17:56 +02:00
Miroslav Stampar
dcea745576
Minor update (not displaying safe enclosings in table dumps)
2013-05-18 16:13:34 +02:00
Miroslav Stampar
e528ea8208
Minor language fix
2013-05-18 16:02:34 +02:00
stamparm
03732d2592
Minor fix
2013-05-17 16:04:05 +02:00
stamparm
b26ecfe087
Patch for an Issue #449
2013-05-17 15:14:51 +02:00
stamparm
76b4e1ccb9
Implementation for an Issue #450
2013-05-17 15:04:25 +02:00
stamparm
7ba9e75c97
Minor update related to the last commit
2013-05-16 15:23:20 +02:00
stamparm
7ea8dd9428
MySQL is specific (types are automatically being converted without any warning/error)
2013-05-16 15:12:36 +02:00
stamparm
f1f34a65a2
Minor update
2013-05-15 13:38:26 +02:00
stamparm
41f0e91662
Minor update (related to last commit)
2013-05-13 14:50:03 +02:00
stamparm
cb9ea67c8d
Code refactoring (moving progress.py to lib/utils)
2013-05-13 14:48:39 +02:00
stamparm
936815128d
Minor fix
2013-05-13 13:42:43 +02:00
Miroslav Stampar
034e123b0c
Minor fix (to accept -p cookie without need for raising --level / as it's already done for referer and user_agent)
2013-05-12 16:24:13 +02:00
Miroslav Stampar
6676eaf88f
Minor fix
2013-05-12 14:02:50 +02:00
Miroslav Stampar
f8cef1fc6f
Minor fix for a test case 211
2013-05-09 21:20:17 +02:00
stamparm
8b64709c17
Completing implementation for an Issue #189 (union)
2013-05-09 16:36:03 +02:00
stamparm
3873805dab
Partial implementation for an Issue #189 (error-based; still partial union left)
2013-05-09 16:23:57 +02:00
stamparm
9fe5a8832f
Update for an Issue #189 (code refactoring of ProgressBar so it could be ready for usage in non-inference cases out of box)
2013-05-09 15:52:18 +02:00
stamparm
fc57b7565d
Implementation for an Issue #432
2013-05-09 14:26:29 +02:00
stamparm
03be419d5d
Fix for an Issue #447
2013-05-07 13:25:30 +02:00
stamparm
2bfdac5ebc
Minor update for crawler
2013-04-30 18:32:46 +02:00
stamparm
887109a12d
Minor bug fix (for not displaying heuristic detected page charset None)
2013-04-30 18:16:32 +02:00
stamparm
ebe8ee3500
Fix for crawler and redirection case
2013-04-30 18:08:26 +02:00
stamparm
09e7f4f697
Minor bug fix regarding traffic logging of redirected requests
2013-04-30 17:46:26 +02:00
stamparm
3c110b3620
Minor bug fix
2013-04-30 16:40:16 +02:00
stamparm
bdb9219e9b
Minor revert
2013-04-30 14:41:38 +02:00
stamparm
d2a5548889
Some more reordering
2013-04-30 14:32:11 +02:00
stamparm
16866119b8
Another minor update
2013-04-30 14:11:56 +02:00
stamparm
08fbfda5d2
Minor update
2013-04-30 14:06:04 +02:00
stamparm
69e3a2cb9e
Minor update
2013-04-30 14:06:04 +02:00
stamparm
03c4eb8338
Minor update
2013-04-30 14:06:04 +02:00
stamparm
214d9aaf4b
Language fix
2013-04-30 14:06:04 +02:00
stamparm
3266c6c1f1
Language fix
2013-04-30 14:06:04 +02:00
Bernardo Damele
9f1e644f23
language fixes
2013-04-30 11:44:47 +01:00
stamparm
46557198a5
Minor update of doc root names
2013-04-29 11:29:59 +02:00
stamparm
1035ee9c3d
Patch for an Issue #442
2013-04-26 14:49:24 +02:00
Miroslav Stampar
beab72a180
Minor language update
2013-04-25 19:55:45 +02:00
stamparm
63d7707346
Adding support for appending to the existing table dump if --start/--stop is used
2013-04-24 16:08:40 +02:00
stamparm
e3a02f56e6
Just in case for --force-ssl (if url is returned in e.g. refresh toward the target)
2013-04-24 12:35:39 +02:00
stamparm
42a73d8e0b
Minor language update
2013-04-24 12:10:06 +02:00
stamparm
8d382f00e8
Minor style update
2013-04-22 11:38:47 +02:00
Miroslav Stampar
a475116853
Minor check
2013-04-21 21:42:23 +02:00
stamparm
0d92145fc6
Minor bug fix
2013-04-19 15:40:25 +02:00
stamparm
0cb3ce5765
Bug fix (maybe it will have repercusions in future as this was a silent bug)
2013-04-19 10:10:06 +02:00
stamparm
b7d4afcc63
Moving '--pivot-column' to a General section (Issue #437 )
2013-04-18 17:12:32 +02:00
stamparm
9d045e14e8
Implementation for an Issue #437
2013-04-18 17:06:45 +02:00
stamparm
2defc30dc6
From now on --dbms-cred can be used also in combination with -d (more flexibility as spotted that one user used in that way on ML)
2013-04-17 11:12:15 +02:00
stamparm
feed2274c3
Patch for an Issue #435
2013-04-17 10:48:17 +02:00
stamparm
c73489aff3
Adding a couple of new option validation checks
2013-04-16 14:31:10 +02:00
stamparm
7204ec5616
Adding a basic validation check (-d with --url)
2013-04-16 14:23:27 +02:00
stamparm
6fed1921ed
Bug fix (there are cases when provided kwargs containing explicit None values while we want to use the alternative in those kind of cases; there was an intention in original code, while the implementation was buggy)
2013-04-16 14:17:41 +02:00
Miroslav Stampar
840ee26a14
If SQLAlchemy is available and it has problems while connecting then it should be smarter to not force the other (standard) method - if available
2013-04-15 18:42:26 +02:00
stamparm
de99717b00
Disable sqlalchemy warnings if applicable
2013-04-15 16:29:08 +02:00
stamparm
1c2197e8de
Minor bug fix for an Issue #361 (removal of that ugly garbage clean warning message after sqlmap ends)
2013-04-15 16:18:40 +02:00
stamparm
6ab2e8eca4
Trivial style update
2013-04-15 16:09:04 +02:00
stamparm
a3d36fcb73
Minor update
2013-04-15 16:07:27 +02:00
stamparm
140cffbde2
Patch for an Issue #434
2013-04-15 15:57:28 +02:00
stamparm
9ccbdb3fdf
Added a check for an Issue #361
2013-04-15 15:36:10 +02:00
stamparm
1c47b33020
Few bug fixes in -d (there were late values in payloads in some cases; sqlalchemy returns RowProxy for tuple)
2013-04-15 15:23:45 +02:00
stamparm
f936746423
Code restyling
2013-04-15 14:31:27 +02:00
stamparm
aed738d6e6
Update for an Issue #361
2013-04-15 14:20:21 +02:00
stamparm
a9a0d1a3f9
Minor update
2013-04-15 11:56:19 +02:00
stamparm
10fbeaed7b
Code refactoring
2013-04-15 11:49:11 +02:00
stamparm
349f885f08
Minor patch
2013-04-15 11:41:53 +02:00
stamparm
8853e43616
Applying patch from Brandon Perry via ML
2013-04-15 11:01:07 +02:00
stamparm
3e65037a05
Introducing lib/utils/sqlalchemy.py (Issue #361 )
2013-04-15 10:33:25 +02:00
Miroslav Stampar
b6fee638ef
Neutralizing time of cookie expiration (in case of --load-cookies)
2013-04-14 01:13:08 +02:00
Miroslav Stampar
ed5599f489
In case that cookie file is given and cookie header inside request file clashes with one of contained cookies, give cookie file greater priority
2013-04-12 19:20:33 +02:00
stamparm
7edd7ee2aa
Trivial code change
2013-04-12 16:25:24 +02:00
Miroslav Stampar
73917fc9c8
Minor update (same, but safer)
2013-04-11 21:25:44 +02:00
Miroslav Stampar
0b449bb1d9
Fix for an Issue #433
2013-04-10 19:33:31 +02:00
stamparm
f67148a9a4
Update for an Issue #431
2013-04-10 16:43:57 +02:00
stamparm
661b44135d
Minor bug fix
2013-04-10 11:59:07 +02:00
stamparm
8c9da95343
Style and consistency update (url -> URL)
2013-04-09 11:48:42 +02:00
stamparm
3948b527dd
Update for an Issue #429
2013-04-09 11:36:33 +02:00
stamparm
91054099aa
Minor style update
2013-04-09 10:42:58 +02:00
stamparm
cce541cc33
Patch for an Issue #429
2013-04-09 10:39:20 +02:00
stamparm
33e9b3c451
Minor style update
2013-04-09 10:39:20 +02:00
Miroslav Stampar
7614c815ed
Minor update/patch
2013-04-07 21:32:03 +02:00
Miroslav Stampar
240e9f3f7e
Minor patch
2013-04-07 11:02:43 +02:00
Miroslav Stampar
50ac3aab7a
Minor patch
2013-04-06 01:56:24 +02:00
stamparm
a75d3ed0b8
Minor style update
2013-04-06 01:56:23 +02:00
Miroslav Stampar
df4fd82515
Minor update
2013-04-03 23:27:27 +02:00
Miroslav Stampar
c75a2d0c40
Minor patch
2013-04-03 21:31:37 +02:00
Miroslav Stampar
153aa10b77
Minor cosmetic update
2013-04-03 19:00:54 +02:00
Miroslav Stampar
f387333415
Minor cosmetics
2013-04-02 17:34:56 +02:00
Miroslav Stampar
4b5335a323
Moving --force-ssl from [Request] to [General] options
2013-04-02 17:18:21 +02:00
Miroslav Stampar
76a0d20799
Minor patch
2013-04-01 22:18:41 +02:00
Miroslav Stampar
b67f342975
Minor patch
2013-04-01 17:32:16 +02:00
stamparm
a371f182ac
Minor patch (previous combination is not working well with oriental characters - 0 length normalized unicode string is being returned)
2013-03-28 15:37:14 +01:00
stamparm
e1ffdde532
Little cleaning a mess with url encoding and post hint types
2013-03-27 13:39:27 +01:00
Miroslav Stampar
c19a283434
Minor patch
2013-03-26 20:06:50 +01:00
stamparm
7accba4cf9
Minor update
2013-03-26 16:10:41 +01:00
stamparm
0882fe0ce3
Minor update related to the last two
2013-03-26 16:04:56 +01:00
stamparm
eb1bfc20cb
Update related to the last commit
2013-03-26 15:36:44 +01:00
stamparm
2fe6aea0eb
Minor fix
2013-03-26 15:07:14 +01:00
stamparm
825aa4b8dd
Minor language update
2013-03-26 14:27:51 +01:00
stamparm
5dd2529b02
Minor language update
2013-03-26 14:18:37 +01:00
stamparm
4d2b77dde3
Minor language update
2013-03-26 14:15:40 +01:00
stamparm
473a39b820
Minor language fix
2013-03-26 14:11:17 +01:00
stamparm
3f8dafedae
Minor text update
2013-03-26 14:08:35 +01:00
stamparm
ad039c335d
Implementation for an Issue #423
2013-03-21 11:28:44 +01:00
stamparm
3740a97cc9
Adding a --version switch like all command line programs have
2013-03-20 11:44:09 +01:00
stamparm
7447773237
Update for consistency (all other enums are using _ in between words)
2013-03-20 11:10:24 +01:00
stamparm
ae6ce7db30
Removal of unused imports
2013-03-20 10:44:15 +01:00
Miroslav Stampar
8acf033715
Code refactoring
2013-03-19 19:24:14 +01:00
Miroslav Stampar
a3d9a7b1ff
Minor fix
2013-03-19 19:06:51 +01:00
stamparm
d1ae62b22b
Patch for an Issue #422
2013-03-19 12:27:49 +01:00
stamparm
6969874c02
Switch --no-cast is incompatible with switch --hex (integer values are not being casted in case of --no-cast --hex which is causing unwanted decodings of returned values)
2013-03-19 10:52:37 +01:00
stamparm
10e6c70c22
Trivial style update (undoing last dummy commit)
2013-03-19 10:43:29 +01:00
stamparm
70265fd3b5
Trivial style update
2013-03-19 10:43:03 +01:00
stamparm
5adac57ca9
Trivial style update
2013-03-19 10:42:50 +01:00
stamparm
558ef0aaff
Minor fix
2013-03-19 10:42:20 +01:00
stamparm
e226006766
Trivial fix
2013-03-18 13:29:55 +01:00
stamparm
5e02bcbd58
Minor adjustment
2013-03-18 12:16:16 +01:00
stamparm
7111cdabe3
Minor cosmetics
2013-03-18 11:41:15 +01:00
Miroslav Stampar
5df1f5528e
More general update for an Issue #421
2013-03-15 22:49:09 +01:00
Miroslav Stampar
f0a419bdec
Patch for an Issue #421
2013-03-15 22:08:15 +01:00
Miroslav Stampar
596cf95040
Minor fix
2013-03-15 17:22:33 +01:00
Miroslav Stampar
ff4e62ff90
Minor cosmetics
2013-03-15 17:00:01 +01:00
Miroslav Stampar
4010df307e
Trivial cosmetics
2013-03-15 16:37:52 +01:00
Miroslav Stampar
4cb378ce3e
Another update for an Issue #352 and couple of fixes
2013-03-13 21:57:09 +01:00
Miroslav Stampar
b35122a42c
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-03-13 19:52:17 +01:00
Miroslav Stampar
eb08c8d752
Another update for an Issue #352
2013-03-13 19:42:22 +01:00
Bernardo Damele
dea62189b2
fixes #420
2013-03-12 22:16:42 +00:00
Miroslav Stampar
2f43c3eb9b
Minor fix (digest live test case) and some refactoring
2013-03-12 21:16:44 +01:00
Miroslav Stampar
65306f1ac1
Update for an Issue #352
2013-03-12 20:10:32 +01:00
Miroslav Stampar
db0a1e58b9
Update for an Issue #352
2013-03-11 14:58:05 +01:00
Miroslav Stampar
d6fc10092f
Minor refactoring
2013-03-11 13:31:50 +01:00
Miroslav Stampar
84a5bdb9cf
Trivial cosmetics
2013-03-09 19:41:24 +01:00
Miroslav Stampar
79d6a0e9c9
Using binary data in dummy mode
2013-03-09 19:40:24 +01:00
Miroslav Stampar
1e731f87a4
Patch for an Issue #419 (Authentication header is now properly being cached - no more one reauth per each request)
2013-03-09 19:33:04 +01:00
Miroslav Stampar
8e6692d793
Minor fix (for JSON values with :)
2013-03-05 20:12:24 +01:00
Miroslav Stampar
e9b86350f1
Patch for an Issue #403
2013-03-05 18:32:31 +01:00
Miroslav Stampar
62980d7d5a
Automatically decoding url encoded data in response
2013-03-05 17:32:10 +01:00
Miroslav Stampar
9e49d8c68f
Adding support for SHA2 hash functions
2013-03-05 11:04:46 +01:00
Miroslav Stampar
2ada9e9b84
Patch for an Issue Issue #416
2013-03-04 18:05:40 +01:00
Miroslav Stampar
084cfc797a
Fix for an Issue #415
2013-03-02 09:55:12 +01:00
Martin Bjerregaard Jepsen
d7a77c79ad
Fixed incorrect call to checkBooleanExpression when testing for false positives
2013-03-01 22:51:34 +01:00
stamparm
3a3f9c5ea1
Trivial commit related to the last one
2013-03-01 12:09:03 +01:00
stamparm
55f33da85a
Fix for invalid logical test cases
2013-03-01 12:04:49 +01:00
stamparm
440b484bf6
Minor update (one more just in case dummy request in false positive check for time-based injections - when DBMS could be unresponsive a bit due to previous heavy-queries)
2013-03-01 10:59:04 +01:00
Miroslav Stampar
e42350ddce
Minor style update
2013-02-28 20:28:34 +01:00
Miroslav Stampar
0e89cc62a2
Adding a hidden switch --dummy used for dummy runs (getPage() returns random data) - usefull for testing purposes for skipping connections
2013-02-28 20:20:08 +01:00
stamparm
9ef79df23d
Cleaning up cases with Set-Cookie (conf.cj is handling it automatically; also, default redirector needed to be patched)
2013-02-28 13:51:08 +01:00
stamparm
be50192d8d
Refactoring WAF scripts
2013-02-26 15:54:50 +01:00
stamparm
e5835dc74f
Update for WAF scripts
2013-02-26 15:30:11 +01:00
stamparm
17fa0f568c
Minor patch for an Issue #404
2013-02-26 12:55:09 +01:00
stamparm
ecbcd4afe6
Minor update
2013-02-26 12:55:09 +01:00
stamparm
af4762ace2
Minor style update
2013-02-26 11:16:09 +01:00
stamparm
f6b43b4b13
Minor update for an Issue #290
2013-02-26 11:08:06 +01:00
stamparm
e5e39bc682
Fix for an Issue #410
2013-02-25 11:07:30 +01:00
stamparm
6fbd902265
Minor refactoring (Issue #411 )
2013-02-25 10:44:04 +01:00
stamparm
7127869ede
Minor bug fix (live test specific verbosity should be valid only inside of it)
2013-02-22 17:26:48 +01:00
stamparm
68ce51bfd4
Changing from warn to info for no WAF found
2013-02-22 12:15:38 +01:00
stamparm
ad471368f5
Fixing a display bug (cases where messages are just appended after the readInput line in batch mode) introduced with b472d9809a
2013-02-22 11:42:09 +01:00
stamparm
0bbbfc2eac
Adding a small warning message (related to the Issue #407 )
2013-02-22 11:12:41 +01:00
stamparm
42cbd94fa4
Better update regarding 6acb2480b8
2013-02-22 10:49:45 +01:00
stamparm
44a46d2b10
Fix for an Issue #409
2013-02-22 10:18:22 +01:00
Miroslav Stampar
6acb2480b8
Adding WAF script for SecureIIS
2013-02-21 21:34:26 +01:00
Miroslav Stampar
229e4e167b
Minor cosmetics
2013-02-21 21:06:31 +01:00
stamparm
3a8c0cd3a2
Minor style update
2013-02-21 14:52:56 +01:00
stamparm
29ba43ee6c
Unhidding switch '--identify-waf' (Issue #290 )
2013-02-21 14:48:19 +01:00
stamparm
08f0670aca
Minor refactoring for an Issue #290
2013-02-21 14:39:22 +01:00
stamparm
8e49872d7c
Finalizing implementation for an Issue #290
2013-02-21 14:33:12 +01:00
stamparm
6b2981ef4e
Update for an Issue #290 (adding tamper-like scripts into (new) directory waf)
2013-02-21 11:14:57 +01:00
stamparm
69063947b6
Debug message should go with logging.DEBUG
2013-02-19 09:46:51 +01:00
Bernardo Damele
d7247a51ee
do not prompt constantly if the page is not found
2013-02-18 18:08:20 +00:00
Miroslav Stampar
7f293afe74
Proper escaping for SQL identificators in Oracle (also, revert for 9b5f33560b
)
2013-02-18 15:18:53 +01:00
Miroslav Stampar
5c099efccc
Fix for an Issue #401
2013-02-18 11:38:18 +01:00
Miroslav Stampar
9b5f33560b
Oracle is too specific (only column names can be enclosed) - removing it
2013-02-15 17:36:58 +01:00
Miroslav Stampar
bf82506c1b
Oracle can't enclose table names with double quotations
2013-02-15 17:36:58 +01:00
Miroslav Stampar
1b3d749488
Proper fix related to the last commit/revert
2013-02-15 17:36:58 +01:00
Miroslav Stampar
5a793cbc7c
Minor revert
2013-02-15 17:36:58 +01:00
Miroslav Stampar
799bd51c2e
Minor fix when two readInput/dataToStdout are called one at a time
2013-02-15 17:36:58 +01:00
Miroslav Stampar
97c06854a4
Minor fixes
2013-02-15 17:36:58 +01:00
Bernardo Damele
0e7f771be6
minor adjustment
2013-02-15 16:28:09 +00:00
Bernardo Damele
35aa785870
bug fix to make --predict-output work also with time-based technique
2013-02-15 16:25:33 +00:00
Miroslav Stampar
014e4e0055
Minor represenation fix
2013-02-15 14:48:24 +01:00
Bernardo Damele
63ddeb9008
unnecessary variable
2013-02-15 13:26:28 +00:00
Miroslav Stampar
345d10a9e0
Consistency fix (everywhere else we show unsafe format of identificator names)
2013-02-15 14:05:14 +01:00
Bernardo Damele
b472d9809a
another consistency fix to readInput()
2013-02-15 09:35:09 +00:00
Bernardo Damele
32c8c67888
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-02-15 09:29:41 +00:00
Bernardo Damele
20c5f9a030
consistency fix
2013-02-15 09:29:36 +00:00
Miroslav Stampar
11bcf28d86
Fix for an Issue #399
2013-02-15 10:04:13 +01:00
Bernardo Damele
87db5d0dab
minor bug fix to avoid duplicates - #297
2013-02-15 00:53:05 +00:00
Bernardo Damele
c3f1e196e1
added missing parameter
2013-02-15 00:43:46 +00:00
Bernardo Damele
4727589135
code consistency
2013-02-15 00:17:13 +00:00
Miroslav Stampar
515be4ee0b
Minor just in case commit related to the last one
2013-02-14 19:58:10 +01:00
Miroslav Stampar
fef60b73f4
Minor update for proper display of [PAYLOAD] in JSON/XML/SOAP cases
2013-02-14 19:53:26 +01:00
Bernardo Damele
0c79d7b1e2
unnecessary import
2013-02-14 18:33:47 +00:00
Bernardo Damele
614ff6029d
working on #396 - handle the case when we dont have a web backdoor/file stager for the language API, added a few more log messages to give further information about what is going on, minor bug fix to docRoot
2013-02-14 18:31:14 +00:00
Bernardo Damele
3b38b20176
working on #396 - adaptation for the verification phase
2013-02-14 18:29:55 +00:00
Bernardo Damele
261db6ed4f
working on #396 - verify shellcodeexec executable has been properly uploaded
2013-02-14 18:29:35 +00:00
Bernardo Damele
4d5ecc3b03
working on #396 - verify icmpsh executable has been properly uploaded
2013-02-14 18:28:48 +00:00
Bernardo Damele
66cee83ca4
if needed, allow to reinitialize the environment for takeover - issue #396
2013-02-14 17:39:19 +00:00
Bernardo Damele
d91530f885
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-02-14 17:16:55 +00:00
Bernardo Damele
52264f544e
minor fix for Windows file paths, do not strip the windows drive letter
2013-02-14 17:16:49 +00:00
Miroslav Stampar
fdf00e4842
Fix for an Issue #397
2013-02-14 17:14:36 +01:00
Miroslav Stampar
368a2fd297
Fix for an Issue #393
2013-02-14 16:18:16 +01:00
Miroslav Stampar
f97f575018
Trivial restyling
2013-02-14 15:41:27 +01:00
Miroslav Stampar
605c5b089e
Minor style update
2013-02-14 15:38:44 +01:00
Miroslav Stampar
06d8547916
Implementation for an Issue #394
2013-02-14 15:38:44 +01:00
Miroslav Stampar
7944684ff2
This was supposed to be a separate commit (going to commit it in next one)
2013-02-14 15:38:44 +01:00
Miroslav Stampar
6c0054bc5f
Putting that ugly parameter xyz is not inside the Cookie into the debug messages
2013-02-14 15:38:44 +01:00
Bernardo Damele
d42d28392a
avoid tracebacks because the parameter does not exist
2013-02-14 13:18:33 +00:00
Bernardo Damele
646df37884
minor bug fix for --reg-read
2013-02-14 13:17:30 +00:00
Miroslav Stampar
c72353321d
Minor update for an Issue #392
2013-02-14 13:36:33 +01:00
Bernardo Damele
4b9d8ed673
reverted a previous commit as not all distributions create a link file /usr/bin/python2 to the Python interpreter
2013-02-14 11:32:17 +00:00
Bernardo Damele
2267dd8f47
working on #392 to fix --os-cmd and --os-shell output parsing
2013-02-14 11:31:20 +00:00
Bernardo Damele
cb6d549e57
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-02-14 11:25:12 +00:00
Bernardo Damele
a67ef4117f
make sure to use Python 2 interpreter when default system Python is version 3
2013-02-14 11:25:04 +00:00
Miroslav Stampar
efe1bf0ded
Minor fix (for those multiline cases like in MsSQL)
2013-02-14 12:20:40 +01:00
Miroslav Stampar
6629233de5
Minor update
2013-02-14 10:18:40 +01:00
Miroslav Stampar
a0b44da5d8
Minor fix for --threads>1 --binary-fields
2013-02-13 20:47:27 +01:00
Miroslav Stampar
0a4605644e
Minor fix for previous commit
2013-02-13 16:31:03 +01:00
Miroslav Stampar
2b121c938b
Minor fix
2013-02-13 16:24:21 +01:00
Miroslav Stampar
9b231f87d6
Minor bug fix (regarding Issue #379 ) - in case that two processes enter the same proc_count decrementing line sqlmap would halt
2013-02-13 15:31:50 +01:00
Miroslav Stampar
8138d1318e
Minor fix
2013-02-13 15:10:49 +01:00
Miroslav Stampar
c6d29e093e
Fixing issue with newlines after the data in -r mode
2013-02-13 12:36:01 +01:00
Miroslav Stampar
965fa04a33
Trivial update
2013-02-13 12:28:51 +01:00
Miroslav Stampar
d78a3e977b
Update (allowing regular char * to be inside SOAP/JSON/XML)
2013-02-13 12:24:42 +01:00
Miroslav Stampar
6314d64a70
Renaming --binary to --binary-fields
2013-02-13 11:27:03 +01:00
Miroslav Stampar
dd6f50a00e
Removing unused imports
2013-02-13 11:15:24 +01:00
Miroslav Stampar
7c802ed8cc
Minor fix
2013-02-13 11:14:45 +01:00
Miroslav Stampar
dc41484b3f
Refactoring of funcionality for finding out if stacking is available
2013-02-13 09:57:16 +01:00
Miroslav Stampar
8b4f72322a
Adding (for now hidden) option --binary (works like -C but deliberately retrieves data in hex format and displays in hex format)
2013-02-13 09:56:44 +01:00
Miroslav Stampar
1d42aba01e
Minor update regarding 093a93938c
(for goStacked to work properly with stacked conditional payloads - e.g. proper suffix/prefix)
2013-02-12 17:35:14 +01:00
Miroslav Stampar
c34f6e25b2
Minor fix for --eval (urldecoded values should be used inside evaluation)
2013-02-12 17:01:47 +01:00
Miroslav Stampar
6a98d375b1
More general except
2013-02-12 14:39:21 +01:00
Miroslav Stampar
212e92ea01
Minor update regarding --load-cookies (warning about expired ones)
2013-02-12 14:29:56 +01:00
Miroslav Stampar
c67b39d14d
Update for a last update
2013-02-12 12:58:15 +01:00
Miroslav Stampar
72984a578d
Update for --load-cookies
2013-02-12 12:42:12 +01:00
Miroslav Stampar
c2672e78fc
Support for multiple injection marks inside the same header value (Issue #48 )
2013-02-12 12:06:13 +01:00
Miroslav Stampar
c75560ba69
Minor bug fix (getting ? in < 0xf char cases)
2013-02-11 21:16:35 +01:00
Miroslav Stampar
7c06a937e5
Minor refactoring
2013-02-09 20:21:17 +01:00
Bernardo Damele
f970b4f240
minor adjustment fixing the regression test stall
2013-02-09 12:19:21 +00:00
Bernardo Damele
e48181e28d
another attempt to fix the stall during regression test
2013-02-09 12:16:56 +00:00
Bernardo Damele
138a846cf1
possible fix for regression test stall
2013-02-09 10:50:06 +00:00
Bernardo Damele
1596b9ed59
revert
2013-02-08 16:43:49 +00:00
Bernardo Damele
98864e425f
minor "fix"
2013-02-08 16:30:34 +00:00
Bernardo Damele
8b510c55fb
minor code cleanup
2013-02-08 16:29:16 +00:00
Miroslav Stampar
5aaf7f1aa6
BUG fix
2013-02-08 16:44:30 +01:00
Miroslav Stampar
c0e59d94a9
Better naming
2013-02-08 16:28:58 +01:00
Miroslav Stampar
cdfe43560b
Update for an Issue #207 (and a potential patch for regression tests)
2013-02-08 16:20:48 +01:00
Miroslav Stampar
ee1017a5a7
Minor fix
2013-02-08 13:46:39 +01:00
Bernardo Damele
d015bf98fc
renamed variable to avoid confusion
2013-02-07 14:19:07 +00:00
Bernardo Damele
07fe6d44fb
unnecessary condition here
2013-02-07 14:18:52 +00:00
Bernardo Damele
b477c56b52
first steps to allow multiple scans on the same taskid - issue #297
2013-02-07 00:05:26 +00:00
Bernardo Damele
dd6c73ea24
fixed --passwords output for API - #297
2013-02-06 21:45:51 +00:00
Bernardo Damele
21afba9571
got the partial output finally properly replaced by complete output in IPC database - #297
2013-02-06 21:32:26 +00:00
Bernardo Damele
5c8335876f
minor bug fix to make --disable-coloring work on log messages too
2013-02-06 21:04:54 +00:00
Bernardo Damele
2fa2f30d21
slighlty better, still not optimal
2013-02-06 17:45:52 +00:00
Bernardo Damele
477c66ac4b
minor refactoring and trivial bug fix
2013-02-06 17:45:25 +00:00
Bernardo Damele
e439c3d3f5
minor refactoring - #297
2013-02-06 17:09:43 +00:00
Bernardo Damele
b272b0574d
minor fix to reset partRun value - #297
2013-02-06 17:09:28 +00:00
Miroslav Stampar
060eac110a
Cleaner version checking
2013-02-06 10:28:17 +01:00
Miroslav Stampar
b1f31103f9
Removing that ugly disk I/O error in live testing mode
2013-02-05 17:04:42 +01:00
Miroslav Stampar
934808f53b
Fix for an Issue #379
2013-02-05 16:13:45 +01:00
Bernardo Damele
e03010f48b
got rid of unnecessary output for API - #297
2013-02-05 15:00:06 +00:00
Bernardo Damele
4428ad5345
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-02-05 14:43:14 +00:00
Bernardo Damele
f7d826fee1
first case where partial output is retrievable via RESTful API - issue #297
2013-02-05 14:43:03 +00:00
Miroslav Stampar
01219219fc
Minor bug fix (for --first/--last through problematic DBMSes)
2013-02-05 15:03:55 +01:00
Miroslav Stampar
31daefc7c9
Minor fix (skipping one uneccesary request in single-threaded --first/--last mode)
2013-02-05 13:51:35 +01:00
Miroslav Stampar
62772125e3
Bug fix for HTTPSCertAuthHandler
2013-02-05 12:16:06 +01:00
Miroslav Stampar
e836629215
Bug fixes for search (safeStringFormat should not replace all if given scalar values)
2013-02-05 11:37:49 +01:00
Miroslav Stampar
1618086027
Minor fix
2013-02-05 10:58:02 +01:00
Miroslav Stampar
9296bdd959
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-02-05 10:27:43 +01:00
Miroslav Stampar
4faa5f0f49
Fix for stalling in retrieving international letters (--technique=B)
2013-02-05 10:27:31 +01:00
Bernardo Damele
9d04ae5db5
minor improvement to temporary folder name
2013-02-05 09:11:38 +00:00
Miroslav Stampar
44579120b5
Cosmetics
2013-02-05 10:02:11 +01:00
Miroslav Stampar
74e82b2b53
Removing redundant check
2013-02-04 20:42:28 +01:00
Miroslav Stampar
cf8e5d535d
Minor cleanup
2013-02-04 20:15:44 +01:00
Miroslav Stampar
c5ae967fe0
Potential fix for an Issue #379
2013-02-04 17:43:58 +01:00
Miroslav Stampar
6cab3d4759
Minor update
2013-02-04 16:46:08 +01:00
Miroslav Stampar
4f2981f163
Minor fix
2013-02-04 16:37:54 +01:00
Miroslav Stampar
f4b8a3c1d8
Bug fix for boolean (multithreaded Ctrl+C) resumed values
2013-02-04 15:49:29 +01:00
Miroslav Stampar
5e4e863986
Bug fix (introduced with f1ab887c55
)
2013-02-04 15:31:28 +01:00
Miroslav Stampar
235153ab39
Removal of unused imports
2013-02-04 15:29:13 +01:00
Miroslav Stampar
7e1ff1bb8e
Same refactoring as the last commit
2013-02-04 15:26:44 +01:00
Bernardo Damele
9370f96a67
step by step getting there to partial output presentation to restful API (issue #297 ), not quite yet though..
2013-02-03 22:09:33 +00:00
Bernardo Damele
b55555e4e5
minor bug fix
2013-02-03 21:39:26 +00:00
Bernardo Damele
dc2bbbeaa7
minor revert
2013-02-03 20:55:58 +00:00
Bernardo Damele
df3cc38cd9
minor improvements
2013-02-03 15:39:07 +00:00
Bernardo Damele
bd1ea13b8d
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-02-03 11:31:12 +00:00
Bernardo Damele
f8bc74758c
improvement to restful API to store to IPC database partial entries, not yet functional (issue #297 )
2013-02-03 11:31:05 +00:00
Miroslav Stampar
e7b93b5b66
Implementation for an Issue #363
2013-02-01 17:24:04 +01:00
Miroslav Stampar
993372aae4
Bug fix (causing search problems)
2013-02-01 11:24:17 +01:00
Miroslav Stampar
6d942f92b5
Removing --check-payload (PHPIDS doesn't update rules lately; also, WAF/IDS/IPS is more than just regexes (unencoding, removing junk, etc.))
2013-02-01 10:03:06 +01:00
Miroslav Stampar
8d51b4b63a
Minor bug fix
2013-01-31 16:24:44 +01:00
Miroslav Stampar
d6606a8f31
Patch to prevent problems like Issue #381
2013-01-31 13:58:39 +01:00
Miroslav Stampar
cfcf8a3abb
Another update for an Issue #380 (--common-... switches)
2013-01-31 13:49:19 +01:00
Miroslav Stampar
f5844eabae
Valuable data is potentially lost if page not parsed in dump mode (e.g. --technique=B and error occuring) <- partial revert of previous optimization commit 10bdd90e60
2013-01-31 13:32:14 +01:00
Miroslav Stampar
2420a4b626
Update for an Issue #342 and #372
2013-01-31 10:01:52 +01:00
Miroslav Stampar
9b4eaa9272
Minor fix
2013-01-30 18:21:15 +01:00
Miroslav Stampar
fdea8ddea6
Starting to clean up a mess in Oracle's world of DISTINCT (part of Issue #342 and #372 )
2013-01-30 16:55:09 +01:00
Bernardo Damele
103045d284
variable renamed
2013-01-30 15:30:34 +00:00
Miroslav Stampar
f33bf06c88
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-30 11:38:20 +01:00
Bernardo Damele
6dfe91165d
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-30 10:34:51 +00:00
Bernardo Damele
8519717f25
minor fixes to --live-test
2013-01-30 10:32:56 +00:00
Miroslav Stampar
f391937083
Minor refactoring
2013-01-30 10:43:46 +01:00
Miroslav Stampar
d6fb0e8545
Update for an Issue #352
2013-01-30 10:38:11 +01:00
Miroslav Stampar
bd08ede117
Minor fine tuning
2013-01-29 21:06:02 +01:00
Miroslav Stampar
f41460f8d8
Better naming
2013-01-29 20:53:11 +01:00
Miroslav Stampar
95b922309c
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-29 20:50:40 +01:00
Bernardo Damele
e8bd3c9c9f
cosmetics
2013-01-29 17:00:28 +00:00
Bernardo Damele
8f36f92dd3
minor fix
2013-01-29 16:23:30 +00:00
Bernardo Damele
edd6699ed1
code refactoring and added /status method for scan (issue #297 )
2013-01-29 16:11:25 +00:00
Bernardo Damele
c47b44e93f
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-29 15:38:16 +00:00
Bernardo Damele
1152cf8958
increased SQLite connection timeout to 3 seconds, the object will now wait for the lock to go away max 3 seconds, no longer 1 only. Relevant code refactoring and minor improvements all over the API library (issue #297 )
2013-01-29 15:38:09 +00:00
Bernardo Damele
9677e0f910
more data content types for API (issue #297 )
2013-01-29 15:36:19 +00:00
Bernardo Damele
92ae8145df
ignore any non-relevant string: avoid storing to the API, careful this can introduce bugs but it is necessary at this stage of development (issue #297 )
2013-01-29 15:35:51 +00:00
Bernardo Damele
a56f4ec15c
techniques has to go too to the API (issue #297 )
2013-01-29 15:34:53 +00:00
Bernardo Damele
bfce7210e6
improvements to the dump library to output to the API data fetched properly formatted (issue #297 )
2013-01-29 15:34:20 +00:00
Bernardo Damele
eeecb3fe2c
split init() into two separate functions for API purposes (issue #297 )
2013-01-29 15:33:16 +00:00
Miroslav Stampar
a59ac8e27f
Trivial cosmetics
2013-01-29 16:30:38 +01:00
Miroslav Stampar
f4b7b3fd35
Minor cosmetics
2013-01-29 16:04:20 +01:00
Miroslav Stampar
9eca41bae2
Minor fix
2013-01-29 15:55:50 +01:00
Miroslav Stampar
a104de01d7
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-29 15:35:01 +01:00
Miroslav Stampar
7e73825ece
Minor cosmetics
2013-01-29 15:34:41 +01:00
Bernardo Damele
085495024f
minor adjustment
2013-01-29 01:44:57 +00:00
Bernardo Damele
f1ab887c55
major enhancement, code refactoring for issue #297
2013-01-29 01:39:27 +00:00
Bernardo Damele
d07881b6c3
apply a little bit of secure coding practices to the API
2013-01-27 12:26:40 +00:00
Bernardo Damele
cd4075f6a3
no raise, just pass at ctrl-c
2013-01-26 15:33:09 +00:00
Bernardo Damele
a0b9e0f1c5
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-25 17:11:38 +00:00
Bernardo Damele
195d17449e
first test of stdout/stderr redirect to a database when sqlmap is executed from restful API ( #297 )
2013-01-25 17:11:31 +00:00
Miroslav Stampar
c06f94e2c8
Fix for an Issue #378
2013-01-25 16:38:41 +01:00
Miroslav Stampar
8c84a16cb7
Minor style update for an Issue #377
2013-01-25 12:52:31 +01:00
Miroslav Stampar
479f791112
Minor fix
2013-01-25 12:41:51 +01:00
Miroslav Stampar
194a9e7b88
Implementation for an Issue #377
2013-01-25 12:34:57 +01:00
Bernardo Damele
5b3c8d8991
first implementation of asynchronous inter-protocol communication between the sqlmap RESTful API and the sqlmap engine with SQLite
2013-01-24 12:57:24 +00:00
Chris Frohoff
218a6a9695
fixed response header logging for header names with special chars
2013-01-23 11:10:25 -08:00
Bernardo Damele
f848f259a6
upper() -D value for certain DBMSes
2013-01-23 16:22:28 +00:00
Bernardo Damele
012815333c
minor bug fix to ignore provided -D when brute-forcing columns/tables names and the DBMS is either Access, Firebird or SQLite
2013-01-23 15:52:03 +00:00
Miroslav Stampar
232f8d3585
Fix for an Issue #368
2013-01-23 13:36:17 +01:00
Bernardo Damele
f4028bd7d2
minor adjustment
2013-01-23 02:10:38 +00:00
Bernardo Damele
d8a0e7eacb
fixes #187
2013-01-23 01:27:01 +00:00
Bernardo Damele
5635776173
proper SQLite 2 library
2013-01-22 18:56:25 +00:00
Bernardo Damele
dea15b5892
notify user if --udf-inject is provided but no stacked queries SQLi is detected
2013-01-22 18:28:48 +00:00
Miroslav Stampar
d6a361f859
Proper implementation for --technique=Q --dbms=Firebird
2013-01-22 16:31:26 +01:00
Miroslav Stampar
719c7f622b
Probable fix for --technique=Q --dbms=Firebird (but also other potential issues with splitting of fields in expressions)
2013-01-22 15:51:06 +01:00
Miroslav Stampar
2ec828f1cb
Fix for an Issue #367
2013-01-22 14:27:17 +01:00
Miroslav Stampar
09c02c6c72
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-22 14:08:31 +01:00
Miroslav Stampar
15b0ab1b44
Fix for a 'no parameter found' problem when user says N on 'custom injection mark found in POST...'
2013-01-22 14:08:19 +01:00
Bernardo Damele
061aef57ba
missing import
2013-01-22 11:25:01 +00:00
Miroslav Stampar
59b02539ca
More general approach regarding that last commit
2013-01-22 11:34:34 +01:00
Miroslav Stampar
01f1488f07
Minor patch (annoying trailing spaces for some DBMSes --technique=B --sql-query)
2013-01-22 11:29:51 +01:00
Bernardo Damele
e558040810
minor fix to previous commit
2013-01-21 17:10:56 +00:00
Bernardo Damele
d43b04c582
better detection if vulnerable of not for regression test
2013-01-21 17:09:35 +00:00
Miroslav Stampar
b35a0810ef
Fix for an Issue #364
2013-01-21 17:01:52 +01:00
Miroslav Stampar
1e3f68c7ff
Rewriting some query crafting parts (especially those .find(' FROM '))
2013-01-21 16:15:38 +01:00
Miroslav Stampar
832d95984c
IFNULL-like mechanism now works on SQLite 2 too
2013-01-21 15:04:27 +01:00
Miroslav Stampar
75bf8528d1
Minor just in case update
2013-01-21 14:50:43 +01:00
Miroslav Stampar
c55a002f95
Language fix
2013-01-21 13:19:08 +01:00
Miroslav Stampar
80255433b0
Trivial style update
2013-01-21 13:18:34 +01:00
Miroslav Stampar
0e86175342
Adding new common function for further refactoring
2013-01-21 11:50:47 +01:00
Miroslav Stampar
3200134b3b
Fix for a regression test #30 test case fail (Firebird inline)
2013-01-21 10:12:54 +01:00
Miroslav Stampar
069c6acabd
Another update for an Issue #362
2013-01-20 22:47:26 +01:00
Miroslav Stampar
b4a55a809e
Refactoring DBMS string escaping functions
2013-01-20 13:45:58 +01:00
Bernardo Damele
3373e30808
minor fix for a bug introduced with commit 1ad9e26a21
2013-01-20 02:40:40 +00:00
Bernardo Damele
115be9d7b5
minor fixes
2013-01-20 01:26:46 +00:00
Miroslav Stampar
0a4f5d2e51
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-19 19:08:18 +01:00
Miroslav Stampar
e9641e30db
This last commit was in haste :)
2013-01-19 19:07:38 +01:00
Miroslav Stampar
6a87dd9225
Minor update (just for consistency with the rest of code)
2013-01-19 19:07:06 +01:00
Miroslav Stampar
979e108c87
Minor update (just for consistency with the rest of code)
2013-01-19 19:06:51 +01:00
Bernardo Damele
f89b25fdb6
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-19 18:04:38 +00:00
Bernardo Damele
adf97e630f
add possibility to provide a list of web server document root possible directories for web shell upload in --os-cmd and --os-shell for MySQL
2013-01-19 18:04:33 +00:00
Miroslav Stampar
9ce2395405
Minor refactoring
2013-01-19 18:40:44 +01:00
Miroslav Stampar
3f4c010370
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-19 18:28:52 +01:00
Miroslav Stampar
efe26ac3f8
In case that content-length header was not in a desired case ('Content-length') POST request file would fail badly (repeating original content-length header value)
2013-01-19 18:28:37 +01:00
Bernardo Damele
6a62292a3f
layout adjustment
2013-01-19 17:11:16 +00:00
Miroslav Stampar
bb6b89fe93
Patch for an Issue #360
2013-01-19 18:06:36 +01:00
Bernardo Damele
dcf2dcd03d
all we need to debug failed test cases while regression test run..
2013-01-19 17:04:57 +00:00
Bernardo Damele
f22fd396ef
write the test case name before it is run so if the test case crashes badly, we can trace back what test case it was at a later stage
2013-01-19 16:41:19 +00:00
Bernardo Damele
1923ef691e
just in case, add also the test case name inside the temp folder for debug purposes
2013-01-19 16:06:46 +00:00
Bernardo Damele
c95119559e
minor bug fix
2013-01-19 00:41:51 +00:00
Bernardo Damele
0e78fbef56
correctly format SQLi payload for inline query technique
2013-01-19 00:28:03 +00:00
Bernardo Damele
6be7eee8d6
more fixes
2013-01-18 23:35:16 +00:00
Bernardo Damele
56eaa073ce
fixed test cases for Firebird - #312
2013-01-18 23:32:39 +00:00
Bernardo Damele
1f4c6a8371
avoid blank line if password hashes have not been fetched
2013-01-18 22:10:36 +00:00
Bernardo Damele
1ad9e26a21
bug fix for ORDER BY users provided statements (issue #354 )
2013-01-18 21:40:50 +00:00
Miroslav Stampar
ac7709204a
Better fix for that page/headers/comparison --string candidate problem
2013-01-18 17:00:11 +01:00
Miroslav Stampar
8141d17985
Revert of previous commit (more care has to be done regarding headers dynamicity)
2013-01-18 16:49:35 +01:00
Miroslav Stampar
33094a118c
Fix for an Issue where '--string' is being automatically picked not looking properly in headers too
2013-01-18 16:35:09 +01:00
Miroslav Stampar
601eb1e49a
Unescaping is renamed to escaping
2013-01-18 15:40:37 +01:00
Bernardo Damele
a43202f3c0
updated copyright
2013-01-18 14:07:51 +00:00
Bernardo Damele
1bb061f68c
improvements to --live-test
2013-01-18 13:02:35 +00:00
Bernardo Damele
738ccb643d
minor output adjustment
2013-01-18 11:41:09 +00:00
Miroslav Stampar
33ea811c6c
Removing some unused stuff (mainly imports)
2013-01-18 11:50:02 +01:00
Miroslav Stampar
aa467cb54c
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-18 11:31:25 +01:00
Miroslav Stampar
17d36684b5
Removing obsolete proxy handling code (Python < 2.6)
2013-01-18 11:30:52 +01:00
Miroslav Stampar
4d5bae7131
Removing some obsolete functions
2013-01-18 11:18:56 +01:00
Miroslav Stampar
bcc907ce09
Minor update
2013-01-18 11:00:21 +01:00
Miroslav Stampar
d1008b45b5
Minor removal of unused function
2013-01-18 10:46:06 +01:00
Miroslav Stampar
caae773b2d
Minor removal of redundant code
2013-01-18 10:44:57 +01:00
Bernardo Damele
d66f7e22b1
more fixes to test cases
2013-01-18 09:32:05 +00:00
Miroslav Stampar
e941e60b20
Minor just in place update for an Issue #348
2013-01-17 22:44:55 +01:00
Bernardo Damele
1d6e642d41
fixed url
2013-01-17 21:29:00 +00:00
Bernardo Damele
38eb4eb33e
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-17 21:03:11 +00:00
Bernardo Damele
b6e44ae64e
fix for #349 (compatible with all others DBMSes too)
2013-01-17 21:03:03 +00:00
Miroslav Stampar
a8e3fd58c5
Implementation for an Issue #348
2013-01-17 21:49:58 +01:00
Miroslav Stampar
8480ceddcb
Minor style update
2013-01-17 19:55:56 +01:00
Miroslav Stampar
507f185b69
Revert of patch for an Issue #347
2013-01-17 18:38:37 +01:00
Miroslav Stampar
9dd69042de
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-17 15:31:55 +01:00
Miroslav Stampar
f7eda07d92
Patch for an Issue #347
2013-01-17 15:30:14 +01:00
Bernardo Damele
5e059ab6db
added check for DB2 lib
2013-01-17 14:20:34 +00:00
Miroslav Stampar
a38b3e397c
Patch for an Issue #286
2013-01-17 14:17:39 +01:00
Miroslav Stampar
65273295e3
Implementing a check for an Issue #25
2013-01-17 13:56:04 +01:00
Miroslav Stampar
9428d1819e
Fix for an Issue #346
2013-01-17 12:03:02 +01:00
Miroslav Stampar
3ab4a5e36d
Fix for an Issue #345
2013-01-17 11:50:12 +01:00
Miroslav Stampar
51a77d1fe2
Minor update for an Issue #8
2013-01-17 11:37:45 +01:00
Miroslav Stampar
14b7e655a9
Minor refactoring
2013-01-16 16:33:04 +01:00
Miroslav Stampar
053b7d12b4
Minor language update
2013-01-16 16:07:12 +01:00
Miroslav Stampar
fb7243c237
Cleaning a mess where multi-threaded HTTP requests (in log) had sometimes same UIDs
2013-01-16 16:04:00 +01:00
Miroslav Stampar
c0a6e1c3a7
Finishing first usable prototype for an Issue #8
2013-01-16 14:54:37 +01:00
Miroslav Stampar
ff5ec48abd
Minor update for an Issue #8
2013-01-16 14:16:22 +01:00
Bernardo Damele
3464a70ac2
bug fix: without this generic concatenation of strings in concatQuery(), detection of UNION query SQLi only (--technique U) when the page did not disclose any DBMS error message and it was not MySQL (for which there are UNION SQLi specific payloads) was not detected
2013-01-16 01:53:33 +00:00
Bernardo Damele
542f6de72e
typo fix
2013-01-16 01:31:03 +00:00
Bernardo Damele
e16ad38d3e
more work on #342
2013-01-15 18:15:07 +00:00
Bernardo Damele
329047fc12
restored fix for #210 to keep --hex work with --technique B
2013-01-15 17:51:40 +00:00
Bernardo Damele
2a751e075d
more work on #342
2013-01-15 17:14:44 +00:00
Bernardo Damele
ec076f5f8a
write console output to temporary folder in any case the test case fails, even if no traceback is raised
2013-01-15 15:51:03 +00:00
Bernardo Damele
4eaa0d17aa
Fix in forging query to calculate query output length - closes issue #342
2013-01-15 15:50:20 +00:00
Miroslav Stampar
7a1d484115
Implementation for an Issue #340
2013-01-15 16:05:33 +01:00
Bernardo Damele
3f84cefc77
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-15 14:59:22 +00:00
Bernardo Damele
c51358953a
add more Oracle system dbs
2013-01-15 14:51:29 +00:00
Miroslav Stampar
04aa39f0c6
Minor update
2013-01-15 13:51:19 +01:00
Miroslav Stampar
5ee653dd89
Merging commit 57bcbb458eade2850a6d7623ecddbe49c69cf334 from @morisson
2013-01-15 10:14:02 +01:00
Miroslav Stampar
2cac7e860e
Minor refactoring
2013-01-14 16:27:50 +01:00
Miroslav Stampar
31302eb707
Minor update
2013-01-14 16:26:07 +01:00
Miroslav Stampar
2a86c1cadc
Another cosmetics
2013-01-14 16:24:55 +01:00
Miroslav Stampar
1e1f560d0c
Minor cosmetics
2013-01-14 16:24:28 +01:00
Miroslav Stampar
0c2474cc22
Minor update
2013-01-14 16:21:40 +01:00
Miroslav Stampar
a5a309212a
Fix for an Issue #339
2013-01-14 16:18:03 +01:00
Bernardo Damele
3e2c3851f3
Make --live-test Metasploit integration cases work, added more test cases for PostgreSQL and code refactoring (issue #312 )
2013-01-14 13:42:50 +00:00
Bernardo Damele
515c1c6205
removed leftover
2013-01-14 10:26:22 +00:00
Bernardo Damele
83000de9e1
improved handling and storing of exceptions with --live-test ( #312 )
2013-01-14 10:23:40 +00:00
Bernardo Damele
8125fe90a7
code refactoring
2013-01-14 10:22:38 +00:00
Bernardo Damele
036b612bcb
bug fix to be able to write unicode chars to debug file
2013-01-14 01:11:42 +00:00
Miroslav Stampar
fc560f2b75
Minor revert and proper fix
2013-01-14 00:47:29 +01:00
Bernardo Damele
b74cfbf336
minor enhancements for debug purposes (issue #312 )
2013-01-13 23:15:56 +00:00
Bernardo Damele
fdd6075859
temporary patch to fix UNION query enumeration
2013-01-13 23:08:23 +00:00
Miroslav Stampar
92ea8841f8
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-13 16:23:09 +01:00
Miroslav Stampar
03dd958d96
Implementation for an Issue #48
2013-01-13 16:22:43 +01:00
Miroslav Stampar
81848c723d
Minor cleanup (we officially support Python >= 2.6)
2013-01-11 16:01:48 +01:00
Bernardo Damele
675e4a026b
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-11 13:31:49 +00:00
Bernardo Damele
41834e7a5b
working on #8 - still not usable though
2013-01-11 13:31:44 +00:00
Miroslav Stampar
bc4d8d3e02
Implementation for an Issue #332
2013-01-11 11:17:41 +01:00
Miroslav Stampar
5571d09354
Minor revert
2013-01-11 11:13:55 +01:00
Miroslav Stampar
4b79269608
Minor bug fix
2013-01-11 11:10:18 +01:00
Miroslav Stampar
ec4e49d771
Minor refactoring
2013-01-10 16:09:28 +01:00
Miroslav Stampar
1363f26367
Minor refactoring
2013-01-10 15:59:02 +01:00
Miroslav Stampar
834be1eddc
Restyling redundant 'except Exception' form
2013-01-10 15:54:28 +01:00
Miroslav Stampar
acfeeb4f51
Restyling old form of urlparse
2013-01-10 15:41:07 +01:00
Miroslav Stampar
8686c20fa5
Removing one obsolete instantiation line
2013-01-10 15:27:35 +01:00
Miroslav Stampar
934d41dac2
Minor style update (PEP8)
2013-01-10 15:02:28 +01:00
Miroslav Stampar
ca3d35a878
Some PEP8 related style cleaning
2013-01-10 13:18:44 +01:00
Miroslav Stampar
6cfa9cb0b3
Removing unused imports
2013-01-10 12:15:12 +01:00
Miroslav Stampar
05705857a9
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-10 12:09:48 +01:00
Miroslav Stampar
ca1c0c2a1d
Minor style update
2013-01-10 11:54:07 +01:00
Bernardo Damele
ca337159f5
added reminder TODO
2013-01-10 01:11:22 +00:00
Bernardo Damele
8093f3950d
properly distinguish stdout from stderr with a separate pipe (tracebacks go to stderr) - issue #297
2013-01-10 00:52:44 +00:00
Bernardo Damele
10f1099944
remove logging handler that shows logging messages to stdout - issue #297
2013-01-10 00:51:56 +00:00
Bernardo Damele
ccc3c3d1a3
minor fix to distinguish stdout from stderr
2013-01-10 00:51:05 +00:00
Bernardo Damele
ef40779ad3
upgraded to use custom subprocessng for non-blocking send and read functions for spawned processes. Added new method to display range of log messages, just in case and improved parsing/unpickling of read log messages
2013-01-10 00:01:28 +00:00
Bernardo Damele
2126a5ba12
minor index fix
2013-01-10 00:00:00 +00:00
Bernardo Damele
9766f6025e
logging is now handled in a separate file descriptor :) - issue #297
2013-01-09 22:09:50 +00:00
Bernardo Damele
794700eb37
preparing to handle logging calls by a separate file descriptor when sqlmap is executed by the REST API - issue #297
2013-01-09 22:08:50 +00:00
Bernardo Damele
d120dc18d1
cleanup
2013-01-09 22:06:27 +00:00
Bernardo Damele
58a60562ac
avoid exiting with a traceback for missing dependency, handle properly at some point
2013-01-09 16:05:55 +00:00
Bernardo Damele
7f4ce4afbb
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-09 16:04:29 +00:00
Bernardo Damele
510ceb6e19
first attempt to have --os-pwn and other takeover switches work across Windows and Linux - issue #28
2013-01-09 16:04:23 +00:00
Miroslav Stampar
bf5544903b
Minor style update
2013-01-09 16:10:26 +01:00
Miroslav Stampar
9bdcb1176d
Update for an Issue #169
2013-01-09 15:58:13 +01:00
Miroslav Stampar
25f01a419f
Minor style update (for the sake of consistency over the code and our PEP8 adaptation)
2013-01-09 15:38:41 +01:00
Miroslav Stampar
bdd2592848
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-09 15:22:30 +01:00
Miroslav Stampar
3d4f381ab5
Patch for an Issue #169
2013-01-09 15:22:21 +01:00
Bernardo Damele
c44a829b9b
pass a pickled options object to sqlmap engine when called from API
2013-01-09 12:34:45 +00:00
Bernardo Damele
8457cff278
added variable to store the live test traceback if any
2013-01-09 12:33:18 +00:00
Bernardo Damele
f11747732e
added missing command line options
2013-01-09 12:30:13 +00:00
Miroslav Stampar
55a552ddc4
Update for an Issue #24
2013-01-08 10:55:25 +01:00
Miroslav Stampar
ad85c4c964
Minor refactoring for an Issue #295
2013-01-08 10:23:02 +01:00
Bernardo Damele
c155c6df84
minor bug fix for user's provided LIMIT'd statement when technique is full UNION SQLi
2013-01-07 23:31:11 +00:00
Miroslav Stampar
3abe87ac89
Minor fix with status update (Issue #305 )
2013-01-07 18:53:08 +01:00
Miroslav Stampar
a8f02916a9
Minor fix (Issue #305 )
2013-01-07 18:39:35 +01:00
Miroslav Stampar
e219fad8bf
Added a short comment
2013-01-07 18:19:48 +01:00
Bernardo Damele
1e35b3c8c9
proper link
2013-01-07 16:59:59 +00:00
Miroslav Stampar
96e5d5d178
Some more updates for an Issue #295
2013-01-07 16:55:41 +01:00
Miroslav Stampar
74552bea87
Cleaning some garbage (hard coded paths with linux native slashes)
2013-01-07 16:51:00 +01:00
Miroslav Stampar
425df067eb
Fix for an --os-pwn with ICMPsh (it was crashing because methods interleaved with Metasploit ones)
2013-01-07 16:44:22 +01:00
Miroslav Stampar
ac407ae4a1
Implementation for an Issue #295
2013-01-07 15:55:40 +01:00
Miroslav Stampar
76839ff9d6
Fix for an Issue #305
2013-01-07 12:52:55 +01:00
Bernardo Damele
1e1892c962
prep for subprocess..
2013-01-07 11:10:33 +00:00
Bernardo Damele
7fa75792dd
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-07 11:10:08 +00:00
Bernardo Damele
a30d7014b9
removed unused var
2013-01-07 11:05:33 +00:00
Miroslav Stampar
87e923613f
Minor adjustment (URI (marked with custom injection char) has precedence over GET/POST)
2013-01-05 21:16:47 +01:00
Miroslav Stampar
dc21f3ce67
Minor just in case filtering of union results
2013-01-04 17:09:07 +01:00
Miroslav Stampar
5b77b20e2e
Removing trailing whitespaces (PEP8)
2013-01-03 23:57:07 +01:00
Miroslav Stampar
82b468211d
Minor update
2013-01-03 23:38:29 +01:00
Miroslav Stampar
f340ce8b4b
Minor style update
2013-01-03 23:35:29 +01:00
Miroslav Stampar
1712603dce
Replacing deprecated has_key() with operator in (PEP8)
2013-01-03 23:28:07 +01:00
Miroslav Stampar
e4a3c015e5
Replacing old and deprecated raise Exception style (PEP8)
2013-01-03 23:20:55 +01:00
Bernardo Damele
3a11d36c66
minor bug fix
2013-01-02 21:49:15 +00:00
Miroslav Stampar
cb15fcc8af
Fix for an Issue #329
2013-01-02 22:17:06 +01:00
Miroslav Stampar
304e52cb4d
Minor language update
2013-01-02 22:11:59 +01:00
Miroslav Stampar
09f1cdd8e1
Minor style update
2013-01-02 21:52:50 +01:00
Miroslav Stampar
0795760255
Minor fix
2012-12-30 11:22:23 +01:00
Miroslav Stampar
75edb84a71
Minor update
2012-12-30 11:10:32 +01:00
Miroslav Stampar
58ad2f1c5d
Revert of last commit and proper fix
2012-12-29 10:35:05 +01:00
Miroslav Stampar
0e18fa9c5f
Minor fix
2012-12-28 23:43:47 +01:00
Miroslav Stampar
648d91d790
Distinguishing invalid unicode from safe encoded characters (for proper potential decoding)
2012-12-27 22:43:39 +01:00
Miroslav Stampar
3d01890147
Patch for an Issue #56 (full target url is now being written to a output .CSV file in multi target mode)
2012-12-27 21:15:44 +01:00
Miroslav Stampar
cb91729913
Fix for an Issue #324 (crawling when HTML is not well-formed)
2012-12-27 20:55:37 +01:00
Miroslav Stampar
127b880577
Minor update
2012-12-27 15:14:40 +01:00
Miroslav Stampar
6ae4590edc
Removing problematic per-MySQL LIMIT prefix
2012-12-26 19:48:01 +01:00
Miroslav Stampar
a77b7f00d9
Fix for an Issue #323
2012-12-23 19:34:35 +01:00
Bernardo Damele
832567ecf6
import order
2012-12-21 23:34:37 +00:00
Miroslav Stampar
77625e5af7
Minor revert
2012-12-21 19:31:05 +01:00
Miroslav Stampar
00e55828e4
Minor style update
2012-12-21 15:06:03 +01:00
Miroslav Stampar
8b3e17ed4d
Minor update (better approach for those old NOT IN cases in MsSQL - instead of standard pivot dump table)
2012-12-21 14:52:47 +01:00
Miroslav Stampar
6c1ec9b54f
Fix for an Issue #318
2012-12-21 11:10:05 +01:00
Miroslav Stampar
35728fa443
Fix (and some hidden bug fixes/improvements) regarding an Issue #317
2012-12-21 10:51:35 +01:00
Miroslav Stampar
352e516400
Bottle is a 3rd party tool (not going to extra folder)
2012-12-21 10:18:30 +01:00
Miroslav Stampar
b94a5d42d4
Removing a leftover
2012-12-21 09:49:09 +01:00
Miroslav Stampar
0a122ccce4
Related to an Issue #319
2012-12-21 09:47:58 +01:00
Miroslav Stampar
0d5d84edc7
Minor cleanup
2012-12-20 21:03:41 +01:00
Miroslav Stampar
712cf4e4db
Fix for an Issue #316
2012-12-20 20:55:59 +01:00
Miroslav Stampar
1073ebc697
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2012-12-20 20:51:41 +01:00
Bernardo Damele
89d8c58fd1
poor attempt at forking a child process for sqlmap engine execution, output is not handled yet
2012-12-20 17:56:53 +00:00
Bernardo Damele
912323c12d
minor bug fix ( #297 )
2012-12-20 17:05:44 +00:00
Bernardo Damele
7adaffa71b
fixed options initiation
2012-12-20 16:53:43 +00:00
Miroslav Stampar
1c4d438aff
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2012-12-20 16:37:03 +01:00
Bernardo Damele
b0635bddcc
adjustments
2012-12-20 15:29:23 +00:00
Miroslav Stampar
8efe056671
Minor refactoring
2012-12-20 15:51:03 +01:00
Bernardo Damele
e9ab33e9dd
standalone REST API, code cleanup ( #297 )
2012-12-20 14:35:02 +00:00
Bernardo Damele
5632279bf7
removed deprecated feature ( #287 )
2012-12-20 13:21:07 +00:00
Miroslav Stampar
63d9b7a1f8
No character shall be left forgotten (no more ? in case that character was not properly being decoded by used charset)
2012-12-20 12:23:37 +01:00
Miroslav Stampar
c2c4601d6e
Minor restyling
2012-12-20 11:06:52 +01:00
Bernardo Damele
076b4063e6
these edits got overwritten from last commits
2012-12-20 09:42:44 +00:00
Miroslav Stampar
3cbe60b586
Proper fix
2012-12-20 10:37:20 +01:00
Miroslav Stampar
0d1ea7f05a
Merge branch 'master' of github.com:sqlmapproject/sqlmap
...
Conflicts:
lib/core/testing.py
2012-12-20 10:37:11 +01:00
Miroslav Stampar
da93e77eb2
Proper fix
2012-12-20 10:34:51 +01:00
Bernardo Damele
ac77724970
attempt to handle standard input from --live-test
2012-12-20 09:30:48 +00:00
Bernardo Damele
2b6ee06de0
minor bug fix to correctly parse unicode chars
2012-12-20 09:30:13 +00:00
Miroslav Stampar
69310e47ce
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2012-12-20 09:54:39 +01:00
Miroslav Stampar
06d8213ffd
minor fix (reading of unicode xml files)
2012-12-20 09:53:08 +01:00
Bernardo Damele
86872956d5
minor bug fix (for PostgreSQL)
2012-12-19 22:55:31 +00:00
Bernardo Damele
77843f44fb
minor bug fix (issue #314 )
2012-12-19 22:49:02 +00:00
Bernardo Damele
357da43cea
slight improvement of live test engine and added misc test cases to xml
2012-12-19 17:28:41 +00:00
Bernardo Damele
85fcd27e2d
added support for random global variables
2012-12-19 15:58:06 +00:00
Bernardo Damele
12d34587cc
minor restyling
2012-12-19 14:34:34 +00:00
Bernardo Damele
326ff404fc
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2012-12-19 14:25:35 +00:00
Bernardo Damele
12eed58485
pointless restyling
2012-12-19 14:25:29 +00:00
Miroslav Stampar
37346fe8a3
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2012-12-19 15:23:57 +01:00
Miroslav Stampar
7ee98c7bff
Just for one girl out there waiting for this patch ;)
2012-12-19 15:23:38 +01:00
Bernardo Damele
3be90c97aa
forgot these
2012-12-19 14:12:45 +00:00
Bernardo Damele
cefb03c835
fixed bug related to issue #223
2012-12-19 14:12:09 +00:00
Bernardo Damele
27a12ae85b
restyling
2012-12-19 13:47:17 +00:00
Bernardo Damele
4b3b4eb374
commented out partial work
2012-12-19 13:47:04 +00:00
Bernardo Damele
3655d1f12a
revert change of name for now
2012-12-19 13:45:52 +00:00
Bernardo Damele
874e2176c6
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2012-12-19 13:43:00 +00:00
Bernardo Damele
4f0f729982
be more specific in standard output message as to whether or not the read file is same as remote file
2012-12-19 13:42:56 +00:00
Miroslav Stampar
23153e8088
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2012-12-19 14:29:08 +01:00
Miroslav Stampar
244901eda0
During --flush-session log file should be cleaned too (especially because of --live-tests)
2012-12-19 14:28:54 +01:00
Bernardo Damele
282aeb734f
ORDER BY does not play well with UNION query SQLi (related to issue #313 )
2012-12-19 13:21:16 +00:00
Bernardo Damele
259b345f1f
catch ImportError exception if libmagic is not installed
2012-12-19 13:10:54 +00:00
Bernardo Damele
128597ee7e
--run-case is now case insensitive
2012-12-19 12:45:46 +00:00
Bernardo Damele
b91c829103
minor bug fix (issue #310 )
2012-12-19 12:42:31 +00:00
Bernardo Damele
2bc2c0431c
fixed test cases
2012-12-19 12:33:37 +00:00
Bernardo Damele
9149d77cc8
removed duplicate code - fixes issue #310
2012-12-19 12:17:56 +00:00
Bernardo Damele
d80744d3d5
preparation for issue #310
2012-12-19 11:40:00 +00:00
Bernardo Damele
f5450e9f0e
layout adjustment
2012-12-19 11:39:38 +00:00
Bernardo Damele
dee56b17c3
handle "LIMIT num" as well as "LIMIT num, num" across all techniques - fixes issue #308
2012-12-19 10:50:15 +00:00
Miroslav Stampar
155c1eddae
Debug message with declared page charset
2012-12-19 11:16:42 +01:00
Miroslav Stampar
d29dddf5b2
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2012-12-19 10:51:25 +01:00
Miroslav Stampar
92e338251a
Finally working inference against MySQL/international letters (even chinese)
2012-12-19 10:44:02 +01:00
Bernardo Damele
65ed2304fd
comment update
2012-12-19 09:38:03 +00:00
Bernardo Damele
0037d52098
typo fix
2012-12-19 01:11:18 +00:00
Miroslav Stampar
c9b8b51c9c
Update lib/core/common.py
...
Revert of last commit and try 2
2012-12-19 01:48:53 +01:00
Bernardo Damele
8e95470415
minor refactoring
2012-12-19 00:46:23 +00:00
Bernardo Damele
318fcee49c
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2012-12-19 00:30:26 +00:00
Bernardo Damele
3c7007097a
minor refactoring
2012-12-19 00:30:22 +00:00
Miroslav Stampar
50b846b5af
Update lib/core/common.py
...
Fixing wrong assumption in case of MySQL inference international character retrieval
2012-12-19 01:26:12 +01:00
Miroslav Stampar
9e2f0131b9
Update lib/core/agent.py
2012-12-18 20:25:00 +01:00
Bernardo Damele
326ed33f31
added support for comma separated list of files for --file-read - fixes issue #223
2012-12-18 17:55:21 +00:00
Bernardo Damele
58656bbeb5
minor bug fix, union query has to be limited 0, 0
2012-12-18 16:36:30 +00:00
Bernardo Damele
61a838bb35
added more test cases
2012-12-18 15:59:48 +00:00
Miroslav Stampar
88d8494b5a
Implementation for an Issue #307
2012-12-18 16:03:35 +01:00
Miroslav Stampar
7f47623876
Minor patch
2012-12-18 11:10:06 +01:00
Miroslav Stampar
2b64c10710
Patch for an Issue #304
2012-12-18 09:36:26 +01:00
Miroslav Stampar
4ea0c9e922
Another implementation for an Issue #302
2012-12-17 15:08:54 +01:00
Bernardo Damele
3c1b696bd6
removed more print statements
2012-12-17 13:35:32 +00:00
Bernardo Damele
1fdd804e94
replaced instances of dataToStdout with logger
2012-12-17 13:30:21 +00:00
Bernardo Damele
9f47eb0a59
cleaner
2012-12-17 13:29:37 +00:00
Bernardo Damele
0500712a03
removed unuseful prints
2012-12-17 13:29:19 +00:00
Bernardo Damele
ac44cf3ec0
minor fix: add also back-end DBMS and web app fingerprint output to log file
2012-12-17 13:02:09 +00:00
Bernardo Damele
bbd2adb5fb
improvements to --live-test and added --stop-fail switch
2012-12-17 11:41:43 +00:00
Bernardo Damele
064d443d60
replaced unnecessary dataToStdout() call with appropriate logger.info() call
2012-12-17 11:30:08 +00:00
Bernardo Damele
2926c815bf
improved test switch --live-test and minor refactoring
2012-12-17 11:29:33 +00:00
Bernardo Damele
f40c52cc17
comment adjustment
2012-12-17 11:28:03 +00:00
Bernardo Damele
2442a58884
minor leftover of deprecated XMLRPC service
2012-12-17 11:26:31 +00:00
Miroslav Stampar
60baf5071e
Patch for an Issue #302
2012-12-17 00:40:01 +01:00
Bernardo Damele
d4a061d0c3
code cleanup - #297
2012-12-15 00:29:35 +00:00
Bernardo Damele
0c3da5c7eb
code refactoring and first time logger is handled by a separate file descriptor (issue #297 )
2012-12-15 00:12:22 +00:00
Bernardo Damele
2f6a31605c
code refactoring ( #279 )
2012-12-14 22:00:42 +00:00
Bernardo Damele
8dee8355c2
on our way to make it thread safe.. it is a long way actually (issue #297 )
2012-12-14 18:13:21 +00:00
Bernardo Damele
21ecffb750
added more comments, improved cleanup method
2012-12-14 17:21:19 +00:00
Bernardo Damele
1421e6a9d4
implemented cleanup and status admin methods
2012-12-14 16:18:45 +00:00
Bernardo Damele
4fa2f400ec
minor fix
2012-12-14 15:55:30 +00:00
Bernardo Damele
4c4cb856ff
minor bug fix to the /scan/<taskid>output method, forced each taskid to have its own temporary folder for output - issue #297
2012-12-14 15:52:35 +00:00
Bernardo Damele
27906f388f
added first methods to interact with sqlmap core, it is now possible to launch a scan from the API, hurray! (issue #297 )
2012-12-14 14:51:01 +00:00
Bernardo Damele
f52d81c834
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2012-12-14 13:40:36 +00:00
Bernardo Damele
0b71c85d95
refactoring, code cleanup, more security-related headers and first /scan method implementation (issue #297 )
2012-12-14 13:40:25 +00:00
Bernardo Damele
a2a71bb37b
cleanup from XML-RPC related stuff
2012-12-14 13:37:36 +00:00
Miroslav Stampar
a3acf72e52
Fix for argparse issue
2012-12-14 14:35:11 +01:00
Miroslav Stampar
235631808f
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2012-12-14 14:25:02 +01:00
Bernardo Damele
3d9779ffd4
further improvements to RESTful API: enforce security headers across all HTTP responses properly and make consistent responses across methods ( #297 )
2012-12-14 12:15:04 +00:00
Bernardo Damele
7b43837238
cleaner solution for imports as standalone client/server (issue #297 )
2012-12-14 12:04:44 +00:00
Bernardo Damele
90d5696b25
enhanced RESTful API to support JSON requests and improved standalone client/server skeleton (issue #297 )
2012-12-14 12:01:13 +00:00
Bernardo Damele
156a291e2d
typo fix
2012-12-14 11:55:54 +00:00
Miroslav Stampar
c41618416c
Removing trailing blanks
2012-12-14 12:00:45 +01:00
Bernardo Damele
2e97405ffa
bundle bottle library in sqlmap (it is MIT license) - issue #297
2012-12-14 03:00:30 +00:00
Bernardo Damele
0ec420cc70
leftovers
2012-12-14 02:54:16 +00:00
Bernardo Damele
a1b83cd56f
added first implementation of REST-JSON API library - issue #297
2012-12-14 02:52:31 +00:00
Bernardo Damele
6e31e87de1
added initial support (hidden from -hh and not yet usable) for REST-JSON API
2012-12-14 02:49:25 +00:00
Miroslav Stampar
c040323821
Minor update
2012-12-13 14:55:20 +01:00
Miroslav Stampar
df0f08bc6a
Cleaning some (web upload based) garbage
2012-12-13 13:19:47 +01:00
Miroslav Stampar
5150172178
Minor update
2012-12-13 10:03:21 +01:00
Miroslav Stampar
b78b56d782
Update for an Issue #287 regarding read_output returning values
2012-12-12 17:17:36 +01:00
Miroslav Stampar
fc4be0a77c
Minor fix
2012-12-12 16:45:29 +01:00
Miroslav Stampar
e381158058
Hmmm... Let me guess. Update for an Issue #287
2012-12-12 16:31:20 +01:00
Miroslav Stampar
921000bd87
Another update for an Issue #287
2012-12-12 14:22:24 +01:00
Miroslav Stampar
c3f20a136f
Minor update for an Issue #287
2012-12-12 14:03:03 +01:00
Miroslav Stampar
32b39c72e4
Minor update
2012-12-12 12:07:56 +01:00
Miroslav Stampar
af52e8e8c2
Minor update for an Issue #287
2012-12-12 12:01:18 +01:00
Miroslav Stampar
a6448e8768
Update for an Issue #287
2012-12-12 11:54:59 +01:00
Miroslav Stampar
ef33729381
Writing only unique hashes to an output file (for eventual cracking with 3rd party tools)
2012-12-12 09:59:24 +01:00
Miroslav Stampar
b9f6fc5f4e
First commit (and working one) for an Issue #287 (XML-RPC server)
2012-12-11 16:02:06 +01:00
Miroslav Stampar
b5884c7eda
Minor language update
2012-12-11 15:24:02 +01:00
Miroslav Stampar
760519dbe9
Removing redundant piece of code
2012-12-11 15:21:27 +01:00
Miroslav Stampar
a54c261496
Minor update for Issues #292 & #293 (only single alert per target)
2012-12-11 14:44:43 +01:00
Miroslav Stampar
5c2451d83c
Implementation for an Issue #293
2012-12-11 12:48:58 +01:00
Miroslav Stampar
562044577b
Implementation for an Issue #292
2012-12-11 12:02:06 +01:00
Miroslav Stampar
6433be8b3d
Style update
2012-12-10 17:20:04 +01:00
Miroslav Stampar
996e882e78
Minor update
2012-12-10 17:13:00 +01:00
Miroslav Stampar
013dc8bc98
Another minor update for an Issue #267
2012-12-10 13:07:36 +01:00
Miroslav Stampar
8bd0080bf4
Minor update for an Issue #267
2012-12-10 13:05:41 +01:00
Miroslav Stampar
96df0ba061
Implemented support for plain , chars too (Issue #267 )
2012-12-10 12:58:17 +01:00
Miroslav Stampar
d0ea4c65c5
Minor styl eupdate for an Issue #267
2012-12-10 12:54:01 +01:00
Miroslav Stampar
5677db02b7
Minor update
2012-12-10 12:40:28 +01:00
Miroslav Stampar
5606a860ce
Oracle supports inline comments too (Issue #267 )
2012-12-10 12:00:15 +01:00
Miroslav Stampar
a024884ca7
Support for a HTTP parameter pollution (Issue #267 )
2012-12-10 11:55:31 +01:00
Miroslav Stampar
42f4c2bac9
Minor fix when --dbms is enforced
2012-12-10 11:42:10 +01:00
Miroslav Stampar
1f7644a691
Minor fix when user doesn't want custom injection char marker to be processed
2012-12-08 21:23:30 +01:00
Miroslav Stampar
0cbdaaecfa
Revert of 99e9412f74
(because of an Issue #289 )
2012-12-08 08:53:25 +01:00
Miroslav Stampar
73968a448c
Minor update
2012-12-07 15:29:54 +01:00
Miroslav Stampar
e129a30e6b
Removing redundant code in redirect handler (related to an Issue #288 )
2012-12-07 12:40:19 +01:00
Miroslav Stampar
fccad15cfa
Minor update for an Issue #288
2012-12-07 12:14:33 +01:00
Miroslav Stampar
75e6d77fbc
Minor refactoring
2012-12-07 11:54:34 +01:00
Miroslav Stampar
fbaeecdaf9
Patch for an Issue #288
2012-12-07 11:52:21 +01:00
Miroslav Stampar
c0fc12beb2
Minor update for an Issue #288
2012-12-07 11:23:18 +01:00
Miroslav Stampar
1028afce37
Removal of leftovers
2012-12-06 14:15:44 +01:00
Miroslav Stampar
974407396e
Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods)
2012-12-06 14:14:19 +01:00
Miroslav Stampar
003d21e962
Minor style update (capitalization of leftover class names)
2012-12-06 13:46:24 +01:00
Miroslav Stampar
baccbd6f48
Implementation for an Issue #283
2012-12-06 11:57:57 +01:00
Miroslav Stampar
ab67344448
Removed unused imports and variables (pyflake-ing)
2012-12-06 11:15:05 +01:00
Miroslav Stampar
b6650add46
Introducing 'new style classes' (idea from Pull request #284 )
2012-12-06 10:42:53 +01:00
Miroslav Stampar
0f191f624c
Taking some goodies from Pull request #284
2012-12-06 10:21:53 +01:00
Miroslav Stampar
6b39e661a7
Fix for an issue #279
2012-12-05 12:15:14 +01:00
Miroslav Stampar
775e0df04b
Update for an Issue #278
2012-12-05 10:45:17 +01:00
Miroslav Stampar
949fcb77cf
Minor style update
2012-12-05 10:22:16 +01:00
Miroslav Stampar
d4b5133df7
Update for an Issue #272
2012-12-04 17:04:32 +01:00
Miroslav Stampar
a14697e8cf
Implementation for an Issue #272
2012-12-04 16:47:34 +01:00
Miroslav Stampar
6b007ab188
Minor patch for an Issue #274 (just in case to avoid this kind of problems)
2012-12-04 16:14:14 +01:00
Miroslav Stampar
e2aa695655
Minor update
2012-12-03 17:20:18 +01:00
Miroslav Stampar
42a8234c6f
Update for an Issue #12
2012-12-03 14:27:01 +01:00
Miroslav Stampar
79fca8e9d5
Fix for an Issue #268
2012-12-03 12:13:59 +01:00
Miroslav Stampar
8410fc5a9d
Minor update
2012-12-02 08:00:55 +01:00
redshark1802
1675386093
fixed typo that created an invalid configuration file with the option '--save'
2012-11-30 23:00:03 +01:00
Miroslav Stampar
0664e72bea
Minor fix for an Issue #230
2012-11-30 12:13:34 +01:00
Miroslav Stampar
5b61e9ce12
Minor update for an Issue #254
2012-11-30 11:43:50 +01:00
Miroslav Stampar
7e2db762d6
Minor update
2012-11-29 15:45:04 +01:00
Miroslav Stampar
8f10023523
Fix for an Issue #266
2012-11-29 15:44:14 +01:00
Miroslav Stampar
3b961c2550
Update for an Issue #254
2012-11-29 15:36:38 +01:00
Miroslav Stampar
605d73cc3d
Minor refactoring
2012-11-29 12:21:12 +01:00
Miroslav Stampar
7304971544
Patch for ORDER BY test on MsSQL on cases with 'The text, ntext, and image data types cannot be compared or sorted, except when using IS NULL or LIKE operator'
2012-11-29 11:43:49 +01:00
Miroslav Stampar
7c16bfe025
Fix for error-based MsSQL dumping (in some cases failed because of wrong order - e.g. MIN(SUBSTRING( instead of SUBSTRING(MIN )
2012-11-29 10:51:59 +01:00
Miroslav Stampar
a7e1e856d4
Fix for an Issue #260
2012-11-28 17:00:26 +01:00
Miroslav Stampar
35d1146fd1
Minor update for an (Issue #254 )
2012-11-28 12:53:11 +01:00
Miroslav Stampar
753d0f18bf
First CSS style added for a HTML table dump format (Issue #254 )
2012-11-28 12:46:43 +01:00
Miroslav Stampar
b6ea337937
First style-less prototype for an HTML dump output (Issue #254 )
2012-11-28 12:28:42 +01:00
Miroslav Stampar
e2d8b53e97
Minor update for an Issue #264
2012-11-28 11:45:33 +01:00
Miroslav Stampar
cff0c59630
Implementation for an Issue #264
2012-11-28 11:41:39 +01:00
Miroslav Stampar
5bf5b95588
More refactoring for an Issue #254
2012-11-28 11:16:00 +01:00
Miroslav Stampar
87a92ab330
Deprecating --replicate (Issue #254 )
2012-11-28 11:10:57 +01:00
Miroslav Stampar
f08eb0fd9f
Minor style update
2012-11-28 10:59:15 +01:00
Miroslav Stampar
d95dd2d16e
Preparation for an Issue #254
2012-11-28 10:58:18 +01:00
Miroslav Stampar
621ae587c7
Fix for an Issue #263
2012-11-28 00:03:17 +01:00
Miroslav Stampar
d490ffb163
Fix for an Issue #259
2012-11-27 11:45:22 +01:00
Miroslav Stampar
bd33128085
Fix for an Issue #262
2012-11-27 10:08:22 +01:00
Miroslav Stampar
38c96a366b
Patch for an Issue #260
2012-11-26 11:16:59 +01:00
Miroslav Stampar
ef2038f1c8
Implementation for an Issue #253
2012-11-21 10:16:13 +01:00
Miroslav Stampar
c40dded28c
Fix for an Issue #250
2012-11-20 12:10:29 +01:00
Miroslav Stampar
93e071fc33
Fix for an Issue #251
2012-11-20 11:19:23 +01:00
Miroslav Stampar
302348b0cd
Minor update
2012-11-19 11:59:28 +01:00
Miroslav Stampar
a40d7a5bca
Minor improvement (safer to use column name in COUNT than *, especially when only one column is needed)
2012-11-15 15:06:54 +01:00
Miroslav Stampar
d37be5f97b
Fix for an Issue #248
2012-11-14 15:54:24 +01:00
Miroslav Stampar
9a54a911a8
Patch for an Issue #231
2012-11-14 11:30:29 +01:00
Miroslav Stampar
5b3fe25211
Improving comparison engine (removing shared prelude part to further sharpen if pages are identical - especially noticable in small test pages)
2012-11-13 15:22:59 +01:00
Miroslav Stampar
6f7f9dd8eb
Patch for an Issue #242
2012-11-13 10:41:13 +01:00
Miroslav Stampar
a52dbc575b
Patch for an Issue #246
2012-11-13 10:21:11 +01:00
Miroslav Stampar
f305dde413
Patch for an Issue #235
2012-11-10 11:01:29 +01:00
Miroslav Stampar
181c3534f0
Patch for an Issue #237
2012-11-08 19:16:37 +01:00
Miroslav Stampar
e7e83defaa
Minor update
2012-11-08 11:09:34 +01:00
Miroslav Stampar
1ee0d9ce5e
Fix for an Issue #229
2012-11-05 15:58:54 +01:00
Miroslav Stampar
3cf5fc2f5a
Fix for an Issue #230
2012-11-05 15:10:49 +01:00
Miroslav Stampar
2de52927f3
Code refactoring (epecially Google search code)
2012-10-30 18:38:10 +01:00
Miroslav Stampar
76b793b199
Fix for an Issue #228
2012-10-30 18:08:25 +01:00
Miroslav Stampar
6e2041bc13
Better language than in last commit
2012-10-30 11:54:21 +01:00
Miroslav Stampar
1bbeb92eb6
Better language (used formation 'not required' in case of help for --dependencies while 'required'->'needs' in a check itself)
2012-10-30 11:19:39 +01:00
Miroslav Stampar
5cfc066ac4
Minor update
2012-10-30 10:30:22 +01:00
Miroslav Stampar
7c7aff12c6
Update for an Issue #225
2012-10-30 01:26:19 +01:00
Miroslav Stampar
b0f5b4f9bc
Update for an Issue #225
2012-10-30 00:59:31 +01:00
Miroslav Stampar
726de868e2
Fix for an Issue #225
2012-10-30 00:37:43 +01:00
Miroslav Stampar
a9094a35fe
Fix for an Issue #227
2012-10-30 00:20:49 +01:00
Miroslav Stampar
1d07b93730
Bug fix for --os-shell on MySQL (it was not working for a long time because of this)
2012-10-29 15:45:30 +01:00
Miroslav Stampar
5358d85d37
Important refactoring for web-based functionality
2012-10-29 15:09:05 +01:00
Miroslav Stampar
81ccf28785
Minor refactoring
2012-10-29 14:08:48 +01:00
Miroslav Stampar
d6e16e8641
Minor update
2012-10-29 11:08:02 +01:00
Miroslav Stampar
359e734954
Minor refactoring
2012-10-29 10:48:49 +01:00
Miroslav Stampar
919f75db9b
Improvement and fix for pivotDumpTable mechanism
2012-10-28 23:09:35 +01:00
Miroslav Stampar
d7973c3e32
Improvement of pivotDumpTable mechanism (no more fail on first entry)
2012-10-28 22:18:22 +01:00
Miroslav Stampar
c1eb803ef5
Bug fix for MsSQL --hex --technique=E (NOT IN based queries were not working properly)
2012-10-28 21:16:51 +01:00
Miroslav Stampar
b75c52f93c
Minor display fix (in --hex mode)
2012-10-28 12:30:21 +01:00
Miroslav Stampar
25a5073281
Bug fix for --hex/--technique=B (especially MsSQL)
2012-10-28 12:22:33 +01:00
Miroslav Stampar
8617fe0d65
Bug fix for international letters decoded with --hex on MsSQL
2012-10-28 11:50:16 +01:00
Miroslav Stampar
ca427af8b3
Minor refactoring/improvement
2012-10-28 01:42:08 +02:00
Miroslav Stampar
43ddf39bea
Minor refactoring
2012-10-28 01:16:02 +02:00
Miroslav Stampar
bcdba7b7bb
Dealing with rare cases when getIdentifiedDbms is needed prior to DBMS isfingerprinted and there are multiples of dbmses inside details
2012-10-28 01:11:50 +02:00
Miroslav Stampar
c1b8226329
Massive renaming (proper naming is inband = union & error techniques! - query naming stays as they are/in code things like forgeInbandQuery are renamed to forgeUnionQuery)
2012-10-28 00:36:09 +02:00
Miroslav Stampar
a435ba6863
Minor fix
2012-10-28 00:19:00 +02:00
Miroslav Stampar
0aeb9dbe8b
Bug fix (in --dump mode if error/inband failed with None other techniques were ignored)
2012-10-27 23:42:52 +02:00
Miroslav Stampar
06805b27f2
Bug fix (time was also meant to be disabled in case of error/inband getvalues)
2012-10-27 23:16:25 +02:00
Miroslav Stampar
7207cf29dd
Minor update
2012-10-26 11:05:44 +02:00
Miroslav Stampar
965d7eee17
Minor bug fix for a reflection removal mechanism
2012-10-26 00:06:15 +02:00
Miroslav Stampar
235cc656b9
Fix for an Issue #224
2012-10-25 15:25:31 +02:00
Miroslav Stampar
bcf708f4b1
Minor update
2012-10-25 13:37:33 +02:00
Miroslav Stampar
fdcdd11cb9
Minor update for an Issue #222
2012-10-25 13:35:44 +02:00
Miroslav Stampar
8a5844a364
Implementation for an Issue #222
2012-10-25 13:21:32 +02:00
Miroslav Stampar
afd82b92dd
Patch for an Issue #221
2012-10-25 10:21:36 +02:00
Miroslav Stampar
12fc9442b9
Tamper function(s) refactoring (really no need for returning headers as they are passed by reference)
2012-10-25 10:10:23 +02:00
Miroslav Stampar
54fbb22ab8
Minor refactoring
2012-10-25 09:56:36 +02:00
Miroslav Stampar
65ec715828
Fix for an Issue #218
2012-10-25 00:03:00 +02:00