sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-25 11:03:47 +03:00
Code Issues Packages Projects Releases Wiki Activity
4,095 Commits 4 Branches 117 Tags 97 MiB
70f754f6c5
Commit Graph

296 Commits

Author SHA1 Message Date
Miroslav Stampar
440b7efe55 minor optimization 2011-11-20 20:14:47 +00:00
Miroslav Stampar
0df768e24a minor refactoring/optimization 2011-11-16 16:06:21 +00:00
Miroslav Stampar
86b4a3562f added switch --check-tor 2011-10-25 17:37:43 +00:00
Miroslav Stampar
20ae1c2187 added switch --logic-negative 2011-10-24 00:40:06 +00:00
Miroslav Stampar
8720aad6dc transformed cDel to pDel as a more generic option 2011-10-06 22:03:33 +00:00
Miroslav Stampar
88f1110c44 adding a new (for now) hidden switch --test-filter for filtering tests by their name 2011-09-27 14:09:25 +00:00
Bernardo Damele
f890b29f81 Proper reference to Metasploit Framework as now it's version 4, not 3 anymore 2011-09-12 17:26:22 +00:00
Miroslav Stampar
9be89422da implemented parameter --skip 2011-08-29 13:29:42 +00:00
Miroslav Stampar
ac00014c4a implemented --randomize switch by request 2011-08-29 12:50:52 +00:00
Bernardo Damele
702ed73a65 Added --code switch to match in boolean-based tests against the HTTP response code 2011-08-12 16:48:11 +00:00
Miroslav Stampar
0d6afca7db adding new switch '--smart' by request 2011-07-10 15:16:58 +00:00
Miroslav Stampar
c517e97a44 few fixes and minor cosmetics 2011-07-08 06:02:31 +00:00
Bernardo Damele
aedcf8c8d7 Changed homepage address 2011-07-07 20:10:03 +00:00
Miroslav Stampar
93b296e02c few bug fixes (NTLM credential parsing was wrong), some switch reordering (few Misc to General), implemented --check-waf switch (irony is that this will also be called highly experimental/unstable while other things will be called "major/turbo/super bug fix/implementation") 2011-07-06 05:44:47 +00:00
Miroslav Stampar
d72db1bf91 minor update (all misc options are alphabetically ordered) 2011-06-27 08:21:33 +00:00
Miroslav Stampar
eaa2a4202f changing to: --crawl=CRAWLDEPTH 2011-06-24 05:40:03 +00:00
Miroslav Stampar
07e2c72943 adding Beautifulsoup (BSD) into extras; adding --crawl to options 2011-06-20 11:32:30 +00:00
Miroslav Stampar
6f681b45ad cleaning up a bit for a configuration mess 2011-06-16 11:42:13 +00:00
Miroslav Stampar
1d93a03eeb introducing mnemonics 2011-06-15 11:58:50 +00:00
Miroslav Stampar
d55a242908 minor improvement. messages are now warnings (not errors because lots of them are not causing problems for a normal usage) and most of all it's being checked only if the --dependencies is used (until now this switch has been ignored and turned on by default - always) 2011-06-14 19:38:35 +00:00
Miroslav Stampar
a4328e914b minor update 2011-06-14 19:29:42 +00:00
Bernardo Damele
8978fded03 typo fix 2011-06-13 19:00:27 +00:00
Bernardo Damele
7152a1ed3b Added --dependences to show which sqlmap dependences are not available 2011-06-13 18:44:02 +00:00
Miroslav Stampar
f8dde2c23b adding --titles switch (killer switch for pages with lots of dynamicity and/or international ones) 2011-06-10 23:18:43 +00:00
Bernardo Damele
0d8d6a4ace Cosmetics 2011-06-08 16:08:20 +00:00
Miroslav Stampar
f65abdaae3 added switch --cookie-del by request 2011-06-08 08:27:24 +00:00
Miroslav Stampar
4eeeb3655e asking and skipping to the next google result page if no usable links found 2011-06-07 23:24:17 +00:00
Miroslav Stampar
faf7814869 fix for a fuzz "bug" reported by daniele.rivetti@yahoo.com 2011-06-03 11:01:26 +00:00
Miroslav Stampar
fb23beef6f most elegant way i could think of to deal with "collation incompatibilities" issue on some MySQL/UNION cases (affected about 5% of all targets tested) 2011-05-22 19:14:36 +00:00
Miroslav Stampar
cc07e5dc97 added --charset option to force charset encoding of the retrieved data (e.g. when the backend collation is different than the current web page charset) as requested by devon.mitchell1988@y​ahoo.com 2011-05-17 22:55:22 +00:00
Miroslav Stampar
5ee07b90b9 added -m switch for bulk loading multiple targets 2011-05-11 08:46:40 +00:00
Miroslav Stampar
6b66fce72c minor fix 2011-05-10 20:52:43 +00:00
Miroslav Stampar
192c685bc8 changing conf attribute to a more proper name 2011-05-10 20:48:34 +00:00
Bernardo Damele
9a4ae7d9e2 More code refactoring of Backend class methods used 2011-04-30 14:54:29 +00:00
Bernardo Damele
f56d135438 Minor code restyling 2011-04-30 13:20:05 +00:00
Bernardo Damele
a5968fff3e Added --count switch to count the number of entries for a specific table (when -T is provided), all database's tables (when only -D is provided) or all databases' tables when neither -D nor -T are provided 2011-04-30 00:22:22 +00:00
Miroslav Stampar
11124b21f9 implemented --mobile switch 2011-04-29 19:27:23 +00:00
Bernardo Damele
edac0b2558 Added switch --schema to enumerate DBMS schema and now --columns does not require a mandatory table (-T) anymore, instead it will act as an alias for --schema 2011-04-28 23:59:00 +00:00
Bernardo Damele
8d8fc2bbd8 cosmetics 2011-04-21 10:17:41 +00:00
Miroslav Stampar
b7efa255d6 minor update of usage string 2011-04-19 20:14:56 +00:00
Miroslav Stampar
b79d4f70f3 cleaner solution for the problem solved with last commit 2011-04-18 14:51:48 +00:00
Miroslav Stampar
f5cff067c6 little hack for --time-sec 2011-04-18 14:46:18 +00:00
Miroslav Stampar
0387654166 update of copyright string (until year) 2011-04-15 12:33:18 +00:00
Bernardo Damele
d324704844 Removed unused code 2011-04-10 20:39:15 +00:00
Bernardo Damele
17844eb87c Refactoring to --technique 2011-04-07 10:00:47 +00:00
Bernardo Damele
05d12790f1 closes #219 - unhidden switch --technique and adapted code accordingly (renamed conf.technique to conf.tech to fit properly in the -h help message) 2011-04-06 14:41:44 +00:00
Miroslav Stampar
adfbfef8c1 minor refactoring 2011-03-29 21:01:47 +00:00
Miroslav Stampar
e20d460809 Bernardo will kill me (added --wizard for total beginners) 2011-03-29 11:42:55 +00:00
Miroslav Stampar
a2d5358b08 minor fix 2011-03-28 23:40:46 +00:00
Miroslav Stampar
9e900ccbac minor comment update 2011-03-28 23:12:04 +00:00
Miroslav Stampar
a61e287d23 making updates for dummy Windows users 2011-03-28 23:09:19 +00:00
Miroslav Stampar
e42cdfd138 adding possibility to run only one live test (e.g. --run-case=8) 2011-03-24 12:07:47 +00:00
Miroslav Stampar
ecbbfeba6e introduction of --fresh-queries 2011-03-24 10:08:47 +00:00
Miroslav Stampar
bd75fd26e9 implementing a --page-rank switch as requested by l0rda@l0rda.biz 2011-03-23 11:57:57 +00:00
Miroslav Stampar
1abcd507b8 hidding --group-concat switch 2011-03-21 12:13:21 +00:00
Bernardo Damele
19e2ed9803 Layout fix 2011-03-21 00:40:25 +00:00
Miroslav Stampar
088c815567 minor update (exposing --tor switch) 2011-03-19 18:28:51 +00:00
Miroslav Stampar
00b9d85ffc fix regarding bug report from andyroyalbattle@yahoo.it 2011-03-18 16:26:39 +00:00
Miroslav Stampar
99adbbeaa3 los cosmeticados 2011-03-07 22:04:17 +00:00
Bernardo Damele
6e8ebd35f4 Hide switch -x (XML output format) as it is incomplete and bugged and won't make it for 0.9 stable 2011-02-27 12:17:41 +00:00
Miroslav Stampar
d05bd75068 adding experimental for --group-concat 2011-02-22 14:35:38 +00:00
Bernardo Damele
023a80c31c Section explanation change to reflect recent enhancements 2011-02-19 21:06:24 +00:00
Miroslav Stampar
199f14df46 implementation of MySQL GROUP_CONCAT technique 2011-02-15 00:28:27 +00:00
Miroslav Stampar
9f7d666451 removing --method per request of buawig 2011-02-12 19:50:27 +00:00
Miroslav Stampar
5f2fcd1eea minor adjustment regarding "file" switches 2011-02-10 19:55:47 +00:00
Miroslav Stampar
4295a78c5f minor update 2011-02-10 19:51:34 +00:00
Miroslav Stampar
b56a77e573 removing obsolete switches (--threshold, --excl-reg, --excl-str) 2011-02-03 15:55:19 +00:00
Miroslav Stampar
1b9850b73a revert of last commit (conf dictionary has a method "update" which caused if conf.update to True always :) ) 2011-02-03 12:21:29 +00:00
Miroslav Stampar
5edba2ffbc minor change (conf.updateAll to conf.update) 2011-02-03 11:13:39 +00:00
Miroslav Stampar
5f49e20cc8 adding --random-agent and removing -a 2011-02-02 14:51:12 +00:00
Bernardo Damele
5f0114a2a8 Minor bug fix 2011-02-02 14:06:40 +00:00
Miroslav Stampar
a6f2cd56ff removed junky import 2011-01-31 11:59:58 +00:00
Miroslav Stampar
ddf23ba7cc refactoring 2011-01-30 11:36:03 +00:00
Miroslav Stampar
3060c369a5 minor fix for previous commit 2011-01-30 07:44:47 +00:00
Miroslav Stampar
1abf354630 minor update 2011-01-30 07:41:09 +00:00
Miroslav Stampar
d63339ca26 minor bug fix 2011-01-30 07:34:07 +00:00
Miroslav Stampar
e8883de2c6 minor update regarding unicode decoding of supplied arguments 2011-01-29 23:01:39 +00:00
Miroslav Stampar
367d0639f0 refactoring (class names should always be Capital cased) 2011-01-28 16:36:09 +00:00
Miroslav Stampar
539168dcca sanitizeStr screws html error parsing in some cases as new lines are removed (FALSE positives here and there) 2011-01-27 13:40:42 +00:00
Miroslav Stampar
6cc69f5e16 now --technique is appliable also after the injections have been identified 2011-01-24 16:47:24 +00:00
Miroslav Stampar
f5ff78d40c revert 2011-01-23 11:21:27 +00:00
Miroslav Stampar
3a5f0760f6 minor optimization (only way to prematurely stop SAX parser) 2011-01-23 10:12:01 +00:00
Bernardo Damele
bade0e3124 Major code refactoring - centralized all kb.dbms* info for both retrieval and set. 2011-01-19 23:06:15 +00:00
Miroslav Stampar
30d6791968 update regarding time based data retrieval 2011-01-16 17:52:42 +00:00
Miroslav Stampar
1fa8f0cba7 code reviewing part 2 2011-01-15 12:53:40 +00:00
Miroslav Stampar
fb9d7cdfaa refactoring, code clearing and removal of obsolete switch --longest-common 2011-01-14 14:37:03 +00:00
Bernardo Damele
2ac8debea0 Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS. 
Minor bug fixes thanks to previous refactoring too.
 2011-01-13 17:36:54 +00:00
Bernardo Damele
2f5995a7eb Added generic and mysql UNION tests from 1 to 25 columns. 
Adapted config file and command line removing now outdated --union-test switch.
Minor bug fix.
Minor code refactoring.
Got rid of some debug messages, standardized logging of UNION tests.
 2011-01-11 22:56:21 +00:00
Bernardo Damele
300128042c First big commit to move UNION query tests to detection phase - there are some improvements and tuning to do yet though. 
Major refactoring to Agent.payload() method.
Minor bug fixes, some code refactoring and a lot of core adjustments here and there.
Added more checks for injection in GROUP BY and ORDER BY.
 2011-01-11 22:18:47 +00:00
Miroslav Stampar
2c23a59ba5 fix for one of those more complex bugs (comparison was returning None while original page and/or page template were already had already DBMS error inside) 2010-12-24 12:13:48 +00:00
Miroslav Stampar
017ea9e686 update 2010-12-23 14:06:22 +00:00
Miroslav Stampar
8fd3e7ba1f thread based data added 2010-12-20 22:45:01 +00:00
Miroslav Stampar
19d8733e9a this is strictly for educational purposes 2010-12-20 17:30:47 +00:00
Miroslav Stampar
10a7a2dfb2 kids, don't use this at home 2010-12-20 10:13:14 +00:00
Bernardo Damele
5fb04515d3 Added hidden (for the moment) switch --technique 2010-12-09 13:47:17 +00:00
Miroslav Stampar
5764816891 minor cosmetics 2010-12-03 22:28:09 +00:00
Bernardo Damele
a9d4b37987 Code cleanup and minor refactoring 2010-12-03 10:51:27 +00:00
Bernardo Damele
089c16a1b8 Added tag <epayload> to the payloads.xml's <test> tag to define which payload to use when exploiting the test type. 
Removed some useless tests.
Moved <error> from queries.xml to payloads.xml as it makes more sense.
Beeps at sql inj found only if --beep is provided.
Minor fix in order to be able to pickle advancedDict() objects.
Minor code refactoring.
Removed useless folders.
 2010-12-01 17:09:52 +00:00
Bernardo Damele
c8f943f5e4 Now, if the back-end dbms type has been identified by the detection engine, skips the fingerprint phase. 
Major code refactoring and commenting to detection engine.
Ask user whether or not to proceed to test remaining parameters after an injection point has been identified.
Restore beep at SQL injection find.
Avoid reuse of same variable in DBMS handler code.
Minor adjustment of payloads XML file.
 2010-11-30 22:40:25 +00:00
Bernardo Damele
8b9706656e Got rid of unreliable 'ORDER BY' technique to detect UNION query SQL injection, consequently switch --union-tech has gone now. 
Minor code refactoring too.
 2010-11-29 17:18:38 +00:00