Miroslav Stampar
74b19a0386
minor update
2012-02-25 10:43:10 +00:00
Miroslav Stampar
5b67af3b20
minor update
2012-02-24 15:03:39 +00:00
Miroslav Stampar
8a203ef79d
making session data strictly dependent on url through HashDB helper functions
2012-02-24 14:58:24 +00:00
Miroslav Stampar
c36cbbb3ae
minor fix
2012-02-24 14:54:10 +00:00
Miroslav Stampar
9d6fd2e507
bug fix for --schema --technique=BST
2012-02-24 14:12:19 +00:00
Miroslav Stampar
f94b91ad87
added helper function for HashDB data storing/retrieval
2012-02-24 13:07:20 +00:00
Miroslav Stampar
b481c0352f
minor update
2012-02-24 11:25:56 +00:00
Miroslav Stampar
1f6ce265b9
minor fix
2012-02-24 11:05:04 +00:00
Miroslav Stampar
5afbd52b61
more update related to last commits
2012-02-24 10:57:23 +00:00
Miroslav Stampar
570d3a19c2
more general fix
2012-02-24 10:53:28 +00:00
Miroslav Stampar
e8352e504f
fixing problems with chars deletition by logging messages in inference mode
2012-02-24 10:48:19 +00:00
Miroslav Stampar
71028a81f5
fix for proper retrieval of columns in SQLite
2012-02-24 09:55:13 +00:00
Miroslav Stampar
7941504c3a
minor update
2012-02-23 15:32:36 +00:00
Miroslav Stampar
0478e4166a
minor justin case fix
2012-02-23 15:19:20 +00:00
Miroslav Stampar
086c3a3662
minor fix
2012-02-23 13:31:50 +00:00
Miroslav Stampar
6e54cb171f
minor code restyling
2012-02-22 15:53:36 +00:00
Miroslav Stampar
61a25418a9
minor update
2012-02-22 10:45:10 +00:00
Miroslav Stampar
b3bd4144f5
removing of unused imports together with some general code refactoring
2012-02-22 10:40:11 +00:00
Miroslav Stampar
386e98a0e3
using UNION SELECT for where=..NEGATIVE
2012-02-22 09:41:58 +00:00
Miroslav Stampar
c9d570c83b
minor update
2012-02-21 13:49:30 +00:00
Miroslav Stampar
686eacda9a
minor update regarding --hex
2012-02-21 13:38:18 +00:00
Miroslav Stampar
bcf3255fe1
implementation of switch --hex for 4 major DBMSes
2012-02-21 11:44:48 +00:00
Miroslav Stampar
3e4db6d140
minor fix for Python v2.6
2012-02-20 19:35:57 +00:00
Miroslav Stampar
bc4dd7c0dd
fix for -g
2012-02-20 10:02:19 +00:00
Bernardo Damele
121148f27f
There was no point relying on a support table (sqlmapoutput) to get the stdout of executed OS commands when using direct connection (-d) and it saves also number of requests.
...
Also, BULK INSERT apparently does not work on MSSQL when running as Network Service (at least on Windows XP) so one more reason to avoid using support table.
Minor fix also to threat MSSQL's EXEC statements as SELECT ones
2012-02-17 15:54:49 +00:00
Miroslav Stampar
aee269cc14
gazillion changes, nothing will work, muhahaha
2012-02-17 14:22:48 +00:00
Miroslav Stampar
dcf7277a0f
some more refactorings
2012-02-16 14:42:28 +00:00
Miroslav Stampar
6632aa7308
some more refactoring
2012-02-16 13:46:01 +00:00
Miroslav Stampar
844fc8addb
minor cleanup
2012-02-16 10:19:36 +00:00
Miroslav Stampar
0e23521adc
some more refactoring
2012-02-16 09:54:29 +00:00
Miroslav Stampar
e1f86c97c4
minor refactoring
2012-02-16 09:46:41 +00:00
Miroslav Stampar
bcf9fc6c6f
minor refactoring
2012-02-16 09:32:47 +00:00
Miroslav Stampar
8d7912ad34
minor update and refactoring
2012-02-15 14:05:50 +00:00
Miroslav Stampar
bf923a97df
minor update
2012-02-15 13:45:10 +00:00
Miroslav Stampar
122db6e164
minor update
2012-02-15 13:24:02 +00:00
Miroslav Stampar
9059d30312
adding first code example for SPL snippets
2012-02-15 13:17:01 +00:00
Miroslav Stampar
edeb4b6113
bug fix for --os-shell on Windows (echo ... > requires double quotes if the piped filename contains whitespace, otherwise doesn't hurt)
2012-02-15 11:14:01 +00:00
Miroslav Stampar
35fa214a1e
minor update (it was working before too, but this is cleaner)
2012-02-15 10:14:29 +00:00
Bernardo Damele
1c44d6d3c7
Fixed annoying bug that prevented proper checkBooleanExpression() function to work with direct connection (-d). Now DBMS fingerprint should work properly with -d
2012-02-14 17:29:00 +00:00
Miroslav Stampar
23cc8b6974
minor fix for special cases when parameter value contains html encoded characters
2012-02-14 14:08:10 +00:00
Miroslav Stampar
c1ab02494c
minor grammar and cosmetics
2012-02-14 13:18:37 +00:00
Miroslav Stampar
bb5113980b
minor update
2012-02-14 10:27:56 +00:00
Miroslav Stampar
3f15c52188
minor change in workflow for "tainted" parameter values
2012-02-14 09:26:52 +00:00
Miroslav Stampar
2604e73d88
minor change in workflow
2012-02-13 11:18:47 +00:00
Miroslav Stampar
96f589fc89
minor fix
2012-02-12 19:22:33 +00:00
Miroslav Stampar
8a2bd3897d
minor output fix
2012-02-12 19:11:54 +00:00
Miroslav Stampar
c1368053e5
minor fix
2012-02-12 18:46:25 +00:00
Miroslav Stampar
249cb48b0b
minor fix
2012-02-10 15:59:11 +00:00
Miroslav Stampar
6be95194a7
matter of concision
2012-02-10 15:37:43 +00:00
Miroslav Stampar
eab7a54e03
cosmetics
2012-02-10 15:34:04 +00:00
Miroslav Stampar
92590d0d59
minor fix
2012-02-10 15:26:55 +00:00
Miroslav Stampar
e36e9de57e
minor update by request
2012-02-10 15:12:23 +00:00
Miroslav Stampar
b140ef4a14
minor update (preparing for switching to HashDB from old sessionFile)
2012-02-10 10:24:48 +00:00
Miroslav Stampar
980367b7b2
minor update
2012-02-09 09:48:47 +00:00
Miroslav Stampar
7e9e582eca
minor update
2012-02-08 14:23:57 +00:00
Miroslav Stampar
2662fe84f7
minor update
2012-02-08 12:02:50 +00:00
Miroslav Stampar
85a4ef6593
minor update
2012-02-08 12:00:03 +00:00
Miroslav Stampar
93d7d6c355
minor patch
2012-02-08 10:38:58 +00:00
Miroslav Stampar
6bedb80ffa
adding --force-ssl switch (most useful in combination with -r)
2012-02-08 09:11:57 +00:00
Miroslav Stampar
e50d64546f
minor fix
2012-02-07 14:57:48 +00:00
Miroslav Stampar
2b05ded9c3
just a makeup
2012-02-07 12:05:23 +00:00
Miroslav Stampar
b4f4a982e4
minor update
2012-02-07 11:37:54 +00:00
Miroslav Stampar
11af0b1bbc
minor fix
2012-02-07 11:16:03 +00:00
Miroslav Stampar
f7bf1fbe94
upgrade/fixes for direct DBMS access
2012-02-07 10:46:55 +00:00
Miroslav Stampar
af71e3c563
minor update
2012-02-06 09:48:44 +00:00
Miroslav Stampar
8c45ff0d57
bug fix
2012-02-03 10:38:04 +00:00
Bernardo Damele
c0f4b4632d
Minor fix
2012-02-02 12:55:39 +00:00
Miroslav Stampar
a7970d094a
minor update
2012-02-01 15:10:06 +00:00
Miroslav Stampar
e56309f3b1
minor makeup update
2012-02-01 15:04:56 +00:00
Miroslav Stampar
8405ef59ac
some estetic updates
2012-02-01 14:49:42 +00:00
Miroslav Stampar
f4e7bf1d51
minor update regarding support for Unicode characters in Oracle
2012-02-01 14:17:27 +00:00
Miroslav Stampar
df43157284
minor patch
2012-02-01 12:28:06 +00:00
Miroslav Stampar
2ee198a381
minor "patch"
2012-02-01 11:00:01 +00:00
Miroslav Stampar
2589521ecf
fix of a wrong assumption (e.g. decodeIntToUnicode(12345) has been returning a "09" instead of a single unicode character)
2012-02-01 10:38:43 +00:00
Miroslav Stampar
4d9dcbf5db
minor fix
2012-02-01 10:14:23 +00:00
Miroslav Stampar
46f42f2fe4
minor fix
2012-01-30 13:10:35 +00:00
Miroslav Stampar
f2857e38ba
minor update
2012-01-30 10:19:03 +00:00
Miroslav Stampar
594579bef4
fix for a bug regarding --cookie and --crawl
2012-01-30 09:17:22 +00:00
Miroslav Stampar
2094c715db
minor update
2012-01-23 09:44:17 +00:00
Miroslav Stampar
9e5cf70a5a
minor fix
2012-01-20 11:13:25 +00:00
Miroslav Stampar
9eee6c252d
minor update for --scope
2012-01-16 10:28:21 +00:00
Miroslav Stampar
527ce070a3
minor fix
2012-01-16 10:04:18 +00:00
Miroslav Stampar
b2dad63000
some more refactoring
2012-01-13 22:00:34 +00:00
Miroslav Stampar
e5fe029a78
minor beautification
2012-01-13 21:03:50 +00:00
Miroslav Stampar
6634c4ac20
minor update
2012-01-13 21:01:58 +00:00
Miroslav Stampar
23117e72ca
minor improvement
2012-01-13 20:56:06 +00:00
Bernardo Damele
0043336620
Minor fix and removed leftover debug message
2012-01-13 17:04:59 +00:00
Bernardo Damele
e59ace5409
minor bug fix
2012-01-13 16:57:45 +00:00
Bernardo Damele
b03f91437b
Minor code refactoring
2012-01-13 16:49:52 +00:00
Miroslav Stampar
337973df77
reverting last 2 commits (better solution was the original one)
2012-01-13 15:58:47 +00:00
Miroslav Stampar
1f53ff0633
minor update regarding last commit
2012-01-13 15:56:50 +00:00
Miroslav Stampar
ff96c537a9
minor update for multithreaded mode
2012-01-13 15:50:38 +00:00
Bernardo Damele
7e560eec1f
Minor fix
2012-01-13 12:54:45 +00:00
Miroslav Stampar
dd295bbd4a
minor update regarding -d and time based injections
2012-01-13 12:45:02 +00:00
Miroslav Stampar
04686b83e3
minor update
2012-01-13 11:16:26 +00:00
Miroslav Stampar
305371b7a9
minor update
2012-01-12 14:58:23 +00:00
Miroslav Stampar
95f89ab63a
updating copyright date
2012-01-11 14:59:46 +00:00
Miroslav Stampar
1d0b43b1a2
implemented mechanism for merging cookies by request
2012-01-11 14:28:08 +00:00
Miroslav Stampar
ff52931140
some refactoring (skipping duplicate messages in case that UNION/ERROR techniques failed and BOOLEAN/TIMED/STACKED are not available)
2012-01-07 19:30:35 +00:00
Miroslav Stampar
18930539cd
more concise language
2012-01-07 17:45:45 +00:00
Miroslav Stampar
2b5e429dc2
one more level of defense against user himself
2012-01-07 17:16:14 +00:00
Miroslav Stampar
a675c88894
minor check added for invalid urls (e.g. deliberately too long)
2012-01-07 16:06:18 +00:00
Miroslav Stampar
164c8a4020
better message in case of update error
2012-01-07 15:47:38 +00:00
Miroslav Stampar
5a8fc44119
minor update
2012-01-07 15:26:54 +00:00
Miroslav Stampar
3f4afdf251
minor fix (crashing if no : in value)
2012-01-07 14:54:56 +00:00
Miroslav Stampar
759465bde5
minor fix
2012-01-06 00:06:38 +00:00
Miroslav Stampar
40398f358c
minor update
2012-01-05 14:55:23 +00:00
Miroslav Stampar
1f085a0241
now [SLEEPTIME] is changeable properly in vivo
2012-01-05 14:45:05 +00:00
Miroslav Stampar
9d50c806e1
bug fix
2012-01-05 10:55:58 +00:00
Miroslav Stampar
804629832d
minor fix
2012-01-05 10:24:27 +00:00
Miroslav Stampar
ea87c89c25
minor fix
2012-01-03 23:44:56 +00:00
Miroslav Stampar
13f2afbbc9
minor fix
2012-01-03 17:28:50 +00:00
Miroslav Stampar
40991a5d52
minor fix
2011-12-31 01:03:54 +00:00
Miroslav Stampar
94d43a4135
minor bug fix
2011-12-30 14:20:06 +00:00
Miroslav Stampar
63bc4ce116
minor patch
2011-12-30 14:11:02 +00:00
Miroslav Stampar
29f502fe29
some refactoring
2011-12-28 16:27:17 +00:00
Miroslav Stampar
37d78ffe01
minor optimization
2011-12-28 15:59:30 +00:00
Miroslav Stampar
22c3fe49bb
some refactoring
2011-12-28 13:50:03 +00:00
Miroslav Stampar
dda979a15a
minor refactoring
2011-12-27 12:31:29 +00:00
Miroslav Stampar
0a6334db22
minor speedup
2011-12-27 11:41:57 +00:00
Miroslav Stampar
b02363b1aa
minor update
2011-12-27 11:25:40 +00:00
Miroslav Stampar
068ff92dc4
optimizing a bit pyDes module used in Oracle hash cracking
2011-12-26 15:33:49 +00:00
Miroslav Stampar
08071f42d0
minor update
2011-12-26 14:31:59 +00:00
Miroslav Stampar
366e86c560
minor "patch"
2011-12-26 14:08:25 +00:00
Miroslav Stampar
c20546dcaa
minor refactoring
2011-12-26 12:24:39 +00:00
Miroslav Stampar
b71a81041d
implemented --tor-port by request
2011-12-23 10:57:09 +00:00
Miroslav Stampar
89d2c7c042
minor update
2011-12-22 20:54:20 +00:00
Miroslav Stampar
abb401879c
minor update
2011-12-22 20:42:57 +00:00
Miroslav Stampar
087e29d272
minor update
2011-12-22 20:14:56 +00:00
Miroslav Stampar
8a7b0406c8
minor optimization
2011-12-22 20:08:28 +00:00
Miroslav Stampar
094129a656
minor optimization
2011-12-22 15:42:21 +00:00
Miroslav Stampar
8585107e3d
minor update
2011-12-22 12:21:30 +00:00
Miroslav Stampar
f622995a29
compatibility with partial union and error technique resumed data
2011-12-22 12:20:21 +00:00
Miroslav Stampar
58a4a02b7e
minor fix
2011-12-22 11:56:42 +00:00
Miroslav Stampar
6f8d8a15aa
minor update
2011-12-22 11:55:02 +00:00
Miroslav Stampar
9f68e54fff
minor cleanup
2011-12-22 10:59:28 +00:00
Miroslav Stampar
aaa29d1f24
minor fix
2011-12-22 10:51:41 +00:00
Miroslav Stampar
4a1a0773b7
speedup of UNION dumping
2011-12-22 10:44:14 +00:00
Miroslav Stampar
1ae413a206
some refactoring/speedup around UNION technique
2011-12-22 10:32:21 +00:00
Miroslav Stampar
b77e2042f2
some optimization
2011-12-21 23:23:00 +00:00
Miroslav Stampar
a6310c0b21
minor update
2011-12-21 23:04:36 +00:00
Miroslav Stampar
526aacb640
code cleanup
2011-12-21 22:59:23 +00:00
Miroslav Stampar
41ccf88990
some more refactoring
2011-12-21 22:09:21 +00:00
Miroslav Stampar
0a039d84e0
some more refactoring
2011-12-21 19:40:42 +00:00
Miroslav Stampar
41b60b26fc
minor refactoring
2011-12-21 14:25:39 +00:00
Miroslav Stampar
81bd9a201b
minor refactoring
2011-12-21 11:50:49 +00:00
Miroslav Stampar
113ebf5e9d
minor update
2011-12-20 16:08:17 +00:00
Miroslav Stampar
8bfff4a28e
minor update
2011-12-20 15:01:27 +00:00
Miroslav Stampar
d3a428c9c8
minor bug fix regarding dumping tables with safe quotes
2011-12-20 13:17:24 +00:00
Miroslav Stampar
95cd9e2af3
adding support for scanning Host header values (-p host)
2011-12-20 12:52:41 +00:00
Miroslav Stampar
bdc724cb46
minor bug fix
2011-12-20 10:34:28 +00:00
Miroslav Stampar
1b16b5e0f1
minor fix
2011-12-20 09:10:44 +00:00
Miroslav Stampar
dcf842692b
minor fix
2011-12-16 12:34:26 +00:00
Miroslav Stampar
c57941c102
minor beautification
2011-12-15 23:33:44 +00:00
Miroslav Stampar
27d244b326
minor update
2011-12-15 23:29:11 +00:00
Miroslav Stampar
563c0c1066
adding switch --tor-type
2011-12-15 23:19:55 +00:00
Miroslav Stampar
316e27a809
minor update
2011-12-15 10:19:31 +00:00
Miroslav Stampar
c98f5f6f94
minor fix
2011-12-15 09:28:58 +00:00
Miroslav Stampar
8793fbc9f5
minor update
2011-12-14 12:59:25 +00:00
Miroslav Stampar
1fd1ec22a1
minor fix
2011-12-14 12:03:21 +00:00
Miroslav Stampar
e6820ebbd2
minor update
2011-12-14 10:26:03 +00:00
Miroslav Stampar
364113441b
adding (for now) hidden switch --tor-http (utilizing Tor proxy bundles)
2011-12-14 10:19:45 +00:00
Miroslav Stampar
73a500833d
minor bug fix
2011-12-12 14:38:06 +00:00
Miroslav Stampar
25cde9e2c7
minor fixes
2011-12-12 09:45:40 +00:00
Bernardo Damele
8fe72d87a8
minor bug fix for mysql -d --file-read
2011-12-06 10:57:23 +00:00
Miroslav Stampar
0f5d48ff20
minor update
2011-12-05 09:25:56 +00:00
Miroslav Stampar
a8a5e61ee1
minor update
2011-12-05 00:06:32 +00:00
Miroslav Stampar
9bc735963b
update of redirection mechanism (now 3-state - redirected, original and "ignored" (containing redirection message itself))
2011-12-04 22:42:19 +00:00
Miroslav Stampar
ec895c3d1a
revert of last commit
2011-12-04 16:37:18 +00:00
Miroslav Stampar
393843bf87
it seems that SOCKS4 is safer solution for TOR socks access
2011-12-04 16:23:08 +00:00
Miroslav Stampar
5f7dbec41f
minor patch
2011-12-03 12:11:46 +00:00
Miroslav Stampar
b9ae28dd5e
minor beautification
2011-12-02 14:11:43 +00:00
Miroslav Stampar
b03a5e8928
people don't know what's "standard deviation" and they are wrongly connecting it's value in seconds to the --time-sec value
2011-12-01 13:30:47 +00:00
Miroslav Stampar
32ab7171ea
minor update
2011-12-01 10:07:39 +00:00
Miroslav Stampar
9975ff8d17
minor update
2011-11-30 19:26:03 +00:00
Miroslav Stampar
f1dfa5c860
minor update
2011-11-30 17:44:34 +00:00
Miroslav Stampar
71c46f50aa
adding option --csv-del
2011-11-30 17:39:41 +00:00
Miroslav Stampar
02bd9a54f3
minor update
2011-11-30 17:19:21 +00:00
Miroslav Stampar
872a73f631
minor refactoring
2011-11-29 19:17:07 +00:00
Miroslav Stampar
3cd8f47686
minor bug fix
2011-11-29 17:17:06 +00:00
Miroslav Stampar
2842c13d75
minor update
2011-11-29 16:59:06 +00:00
Miroslav Stampar
d958c2fe48
minor fix
2011-11-28 11:21:39 +00:00
Miroslav Stampar
885b432808
minor update
2011-11-23 21:39:53 +00:00
Miroslav Stampar
ba4234dc42
switching from HTTP proxy to SOCKS proxy for --tor (sick and tired of Polipo/Privoxy bull; either Tor flag is overwritten every here and there or they are putting all kinds of filter warnings)
2011-11-23 21:17:08 +00:00
Miroslav Stampar
8ea9b19b66
minor update regarding dumping of table content in --forms mode
2011-11-23 20:56:22 +00:00
Miroslav Stampar
d6f936b98d
minor update
2011-11-23 15:51:48 +00:00
Miroslav Stampar
40f21c3917
minor update
2011-11-23 15:38:31 +00:00
Miroslav Stampar
14e8ca6d41
minor fix
2011-11-23 14:26:40 +00:00
Miroslav Stampar
9b99530add
minor bug fix
2011-11-23 08:14:20 +00:00
Miroslav Stampar
d5cddd40f6
minor fix
2011-11-23 03:03:31 +00:00
Miroslav Stampar
f39170a2c4
minor update
2011-11-22 15:06:51 +00:00
Miroslav Stampar
e33f70269b
minor optimization
2011-11-22 12:44:28 +00:00
Miroslav Stampar
501fd85fa1
minor optimization
2011-11-22 12:40:12 +00:00
Miroslav Stampar
2e10de8921
minor update
2011-11-22 12:18:24 +00:00
Miroslav Stampar
ac041399f0
minor patch
2011-11-22 11:04:43 +00:00
Miroslav Stampar
9697e80013
some more optimizations
2011-11-22 10:54:29 +00:00
Miroslav Stampar
267d67b024
minor update
2011-11-22 10:41:56 +00:00
Miroslav Stampar
b117c40aa5
major improvement of HashDB speed in multi-threaded mode
2011-11-22 10:09:35 +00:00
Miroslav Stampar
e94efff187
some more optimization
2011-11-22 09:00:00 +00:00
Miroslav Stampar
2ed3efba12
speed optimization and bug fix (kb.absFilePaths were not stored previously; also, they are now extracted only in heuristic phase)
2011-11-22 08:39:13 +00:00
Miroslav Stampar
493e436e16
minor update
2011-11-22 07:32:39 +00:00
Miroslav Stampar
e905ea2a54
minor bug fix
2011-11-22 07:07:52 +00:00
Miroslav Stampar
f1f0828b28
minor update
2011-11-21 22:27:47 +00:00
Miroslav Stampar
704e1a4e74
minor minor update
2011-11-21 22:19:52 +00:00
Miroslav Stampar
fcac3d494b
minor beautification
2011-11-21 22:18:04 +00:00
Miroslav Stampar
753dcb3450
minor update
2011-11-21 22:12:24 +00:00
Miroslav Stampar
da51e8a9d1
minor fix
2011-11-21 21:55:05 +00:00
Miroslav Stampar
eee03871d7
minor refactoring
2011-11-21 21:31:08 +00:00
Miroslav Stampar
4fa24ec704
minor improvement
2011-11-21 17:39:18 +00:00
Miroslav Stampar
65b2b0ad87
adding switch --eval
2011-11-21 16:41:02 +00:00
Miroslav Stampar
df0b451389
minor update
2011-11-20 23:17:57 +00:00
Miroslav Stampar
49fddaf668
minor update (for cases with 404 original page - e.g. time based injections in some cases)
2011-11-20 23:11:18 +00:00
Miroslav Stampar
8c32b3653b
minor update of false positive check (in considerable amount of cases minus char is filtered/used for other means)
2011-11-20 20:27:30 +00:00
Miroslav Stampar
440b7efe55
minor optimization
2011-11-20 20:14:47 +00:00
Miroslav Stampar
7c1af97852
minor optimization
2011-11-20 19:38:56 +00:00
Miroslav Stampar
e1a92d59de
implementing WordPress phpass hash cracking routine
2011-11-20 19:10:46 +00:00
Miroslav Stampar
f1979936c8
minor update
2011-11-18 15:32:33 +00:00
Miroslav Stampar
0df768e24a
minor refactoring/optimization
2011-11-16 16:06:21 +00:00
Miroslav Stampar
7314de3490
language update
2011-11-15 11:17:39 +00:00
Miroslav Stampar
ad2762118d
minor update
2011-11-14 15:10:39 +00:00
Miroslav Stampar
b888829d12
minor update
2011-11-14 11:39:18 +00:00
Miroslav Stampar
367627c331
minor fix for Python 2.6
2011-11-13 19:09:13 +00:00
Miroslav Stampar
76fb6ba666
minor update
2011-11-13 10:38:27 +00:00
Miroslav Stampar
ccbd93cc2e
fix for redirect/HOST header bug
2011-11-11 11:28:27 +00:00
Miroslav Stampar
1061c06617
improvement of redirecting code
2011-11-11 11:07:49 +00:00
Miroslav Stampar
e183437f0b
minor typo
2011-11-10 10:30:53 +00:00
Miroslav Stampar
62f8f8d36c
bug fix (thanks to zhen zhou)
2011-11-10 10:22:35 +00:00
Miroslav Stampar
6c07573e30
minor update
2011-11-06 11:42:02 +00:00
Miroslav Stampar
030c57a0c8
minor update
2011-11-06 11:18:16 +00:00
Miroslav Stampar
2dbd51e357
fix for google searches
2011-11-06 08:55:09 +00:00
Miroslav Stampar
61e3621855
minor update
2011-11-02 14:33:23 +00:00
Miroslav Stampar
24bda96d9e
adding items from John the Ripper's word list to the dictionary for Oracle cracking
2011-11-02 11:21:49 +00:00
Miroslav Stampar
6ec522e14b
removal of minor obsolete thingy
2011-11-02 10:41:12 +00:00
Miroslav Stampar
ea125d820d
some more speed ups for hash cracking
2011-11-02 09:57:42 +00:00
Miroslav Stampar
2f355db230
minor fix
2011-11-02 09:32:15 +00:00
Miroslav Stampar
0e96af65e6
minor update
2011-11-02 07:06:07 +00:00
Miroslav Stampar
d735582536
major speed improvement of hash cracking
2011-11-02 06:53:43 +00:00
Miroslav Stampar
b3a57391e4
minor update
2011-11-01 20:39:22 +00:00
Miroslav Stampar
3e3f037f1e
improvement of hash cracking routine
2011-11-01 19:58:22 +00:00
Miroslav Stampar
4cafc5f31b
language update
2011-11-01 19:09:17 +00:00
Miroslav Stampar
43340a7ea5
language
2011-11-01 19:06:27 +00:00
Miroslav Stampar
f9bb762d1d
minor improvement (resuming of already cracked values)
2011-11-01 19:00:34 +00:00
Miroslav Stampar
c0cd29f01c
minor update
2011-10-31 15:20:40 +00:00
Miroslav Stampar
60cadf4747
better regex used
2011-10-29 10:31:52 +00:00
Miroslav Stampar
ef987c6954
adding compatibility support for using --crawl and --forms together
2011-10-29 09:32:20 +00:00
Miroslav Stampar
ddc4dfe5ff
minor refactoring for regarding --forms
2011-10-29 08:32:24 +00:00
Miroslav Stampar
d7866ac78d
added support for automatic filtering of badly formed HTML in --forms mode
2011-10-28 21:28:03 +00:00
Miroslav Stampar
1b45c5b56a
bug fix
2011-10-28 15:24:35 +00:00
Miroslav Stampar
666a7da12a
minor update
2011-10-28 11:28:21 +00:00
Miroslav Stampar
b83fe6113e
turning off time adjustment off (now is shown as a tip) because it seems that it never was actually used (payload always left the same)
2011-10-28 11:25:07 +00:00
Miroslav Stampar
e290f2b80b
minor update
2011-10-28 11:11:55 +00:00
Miroslav Stampar
7ce3af68fc
fixing support for parsing BURP logs
2011-10-27 17:31:34 +00:00
Miroslav Stampar
6b7920d89a
minor patch for --tor
2011-10-27 10:52:06 +00:00
Miroslav Stampar
3c31ccd16e
minor update
2011-10-26 22:37:04 +00:00
Miroslav Stampar
9d31230d5e
minor update
2011-10-26 21:56:26 +00:00
Miroslav Stampar
d64c0af461
minor update
2011-10-26 14:31:00 +00:00
Miroslav Stampar
9c1d1ca5d8
minor update
2011-10-26 14:13:38 +00:00
Miroslav Stampar
2a72c1ae68
minor fix
2011-10-26 11:30:10 +00:00
Miroslav Stampar
a99547363f
some fixes
2011-10-26 11:24:15 +00:00
Miroslav Stampar
3d883a2218
minor update
2011-10-26 11:10:15 +00:00
Miroslav Stampar
d467b40ff6
minor fix
2011-10-26 10:54:43 +00:00
Miroslav Stampar
8d668b1833
some updates regarding hash attack
2011-10-26 10:30:32 +00:00
Miroslav Stampar
f41ae9cf49
minor update
2011-10-26 09:40:47 +00:00
Miroslav Stampar
0b68144c8f
minor fixes for hash cracking
2011-10-26 09:29:41 +00:00
Miroslav Stampar
18affca0bc
minor update
2011-10-26 09:14:18 +00:00
Miroslav Stampar
64ca01ea0e
minor update
2011-10-25 22:06:47 +00:00
Miroslav Stampar
35c889a411
minor update
2011-10-25 18:07:33 +00:00
Miroslav Stampar
ee76fed56a
minor update
2011-10-25 17:48:20 +00:00
Miroslav Stampar
41ad7f9eab
minor update
2011-10-25 17:44:30 +00:00
Miroslav Stampar
86b4a3562f
added switch --check-tor
2011-10-25 17:37:43 +00:00
Miroslav Stampar
eaaf6041b9
minor fix
2011-10-25 11:20:42 +00:00
Miroslav Stampar
c1486ed4be
adding usage of non-encoded/decoded post data (if data is recognized to be already encoded) by user request
2011-10-25 09:53:44 +00:00
Miroslav Stampar
b07f165d60
quick fix
2011-10-24 18:11:34 +00:00
Miroslav Stampar
23bf52e496
minor refactoring
2011-10-24 09:55:50 +00:00
Miroslav Stampar
cd00c0d084
minor patch
2011-10-24 09:43:59 +00:00
Miroslav Stampar
6d64f87190
minor update
2011-10-24 00:46:54 +00:00
Miroslav Stampar
20ae1c2187
added switch --logic-negative
2011-10-24 00:40:06 +00:00
Miroslav Stampar
8bd3cfdc8e
minor update
2011-10-24 00:17:38 +00:00
Miroslav Stampar
d39d36f7a7
minor language beautification
2011-10-23 23:27:56 +00:00
Miroslav Stampar
7c626f1dbe
minor fix
2011-10-23 23:18:39 +00:00
Miroslav Stampar
d77a5f5928
update (generalizing ORDER BY approach)
2011-10-23 23:02:01 +00:00
Miroslav Stampar
1dd3fae930
minor fix
2011-10-23 22:27:45 +00:00
Miroslav Stampar
0c29311eb2
minor update
2011-10-23 22:24:57 +00:00
Miroslav Stampar
5863429fc1
minor update
2011-10-23 21:17:45 +00:00
Miroslav Stampar
4a469c3258
minor update
2011-10-23 21:12:34 +00:00
Miroslav Stampar
1f7d87c6a4
bug fix for --code (previously redirecting codes where not considered)
2011-10-23 20:48:37 +00:00
Miroslav Stampar
77e630d89e
replaced longer CHAR form of escaped MySQL strings with more compact hex form
2011-10-23 20:19:42 +00:00
Miroslav Stampar
3f0517d3f3
support for non-latin (e.g. cyrillic) URLs
2011-10-23 17:02:48 +00:00
Miroslav Stampar
1c3f4e9e54
minor update
2011-10-23 08:44:21 +00:00
Miroslav Stampar
25f0ec3597
some minor range to xrange conversion (where safe to do)
2011-10-21 22:34:27 +00:00
Miroslav Stampar
eb240243ea
minor update
2011-10-21 22:21:41 +00:00
Miroslav Stampar
b4ce857f9b
added some comments
2011-10-21 21:29:24 +00:00
Miroslav Stampar
7a3096ce25
some refactoring
2011-10-21 21:12:48 +00:00
Miroslav Stampar
9356f8005c
important bug fix
2011-10-21 21:07:06 +00:00
Miroslav Stampar
0a8e45955c
minor update
2011-10-21 20:44:18 +00:00
Miroslav Stampar
566d6e4974
minor fix
2011-10-21 20:21:29 +00:00
Miroslav Stampar
05b9951a8b
minor beautification
2011-10-21 09:19:31 +00:00
Miroslav Stampar
0db0571f35
minor patch
2011-10-21 09:06:00 +00:00
Miroslav Stampar
12a7fd4054
quick fix
2011-10-20 08:28:57 +00:00
Miroslav Stampar
0cbcbf159c
minor fix
2011-10-19 21:35:01 +00:00
Miroslav Stampar
e3a719e7d2
minor update
2011-10-11 22:40:00 +00:00
Miroslav Stampar
7956390631
minor update
2011-10-11 22:27:49 +00:00
Miroslav Stampar
a7a29f33ad
minor update
2011-10-11 21:58:57 +00:00
Miroslav Stampar
dacfeafc5f
minor optimization
2011-10-10 17:45:16 +00:00
Miroslav Stampar
4989e8e6d3
minor update
2011-10-10 17:29:54 +00:00
Miroslav Stampar
c204f2b221
minor optimization
2011-10-10 14:47:48 +00:00
Miroslav Stampar
47b27a5988
minor improvement of HashDB
2011-10-10 14:23:17 +00:00
Miroslav Stampar
323aa7bf2f
minor update
2011-10-09 21:21:41 +00:00
Miroslav Stampar
a31a0aa8d4
minor update
2011-10-06 22:29:49 +00:00
Miroslav Stampar
8720aad6dc
transformed cDel to pDel as a more generic option
2011-10-06 22:03:33 +00:00
Miroslav Stampar
dd0ed5f5da
adding redirect response to the traffic file
2011-09-28 08:13:46 +00:00
Miroslav Stampar
6d2536f217
minor update
2011-09-27 22:27:34 +00:00
Miroslav Stampar
c0910ca2c8
added one more warning message by request
2011-09-27 22:25:15 +00:00
Miroslav Stampar
b888a84764
minor update
2011-09-27 14:31:58 +00:00
Miroslav Stampar
88f1110c44
adding a new (for now) hidden switch --test-filter for filtering tests by their name
2011-09-27 14:09:25 +00:00
Miroslav Stampar
fd9acfd7d2
fix
2011-09-26 13:36:08 +00:00
Miroslav Stampar
b3b4459c72
minor fix
2011-09-26 13:01:43 +00:00
Miroslav Stampar
34738129c9
minor update
2011-09-25 21:27:58 +00:00
Miroslav Stampar
7e80274fac
refactoring
2011-09-25 21:10:45 +00:00
Miroslav Stampar
744636a8c1
switching to SQLite resume support (on error and union techniques this moment)
2011-09-25 20:36:32 +00:00
Miroslav Stampar
ba5eff1de6
minor bug fix
2011-09-23 18:29:45 +00:00
Miroslav Stampar
d95ff4350d
bug fix
2011-09-20 13:08:35 +00:00
Miroslav Stampar
4a3580d10b
minor fix
2011-09-19 19:08:08 +00:00
Bernardo Damele
f890b29f81
Proper reference to Metasploit Framework as now it's version 4, not 3 anymore
2011-09-12 17:26:22 +00:00
Miroslav Stampar
4fb6dab1a2
minor bug fix
2011-09-12 14:15:57 +00:00
Miroslav Stampar
1bdde51d0e
minor just in case update
2011-09-11 16:41:07 +00:00
Miroslav Stampar
02f993583b
minor bug fix
2011-09-09 11:36:09 +00:00
Miroslav Stampar
2f4e34f5a0
minor improvement for URI injections
2011-09-08 11:13:12 +00:00
Miroslav Stampar
d434047482
minor bug fix
2011-09-05 09:28:40 +00:00
Miroslav Stampar
08e0eb9b61
minor lower/upper case fix
2011-08-29 13:47:32 +00:00
Miroslav Stampar
9be89422da
implemented parameter --skip
2011-08-29 13:29:42 +00:00
Miroslav Stampar
e0f521cf9d
minor update regarding --randomize
2011-08-29 13:08:25 +00:00
Miroslav Stampar
ac00014c4a
implemented --randomize switch by request
2011-08-29 12:50:52 +00:00
Miroslav Stampar
8fe069b495
minor fix
2011-08-23 21:48:39 +00:00
Miroslav Stampar
01014eca17
by request
2011-08-23 21:45:01 +00:00
Miroslav Stampar
cfc1f2b70b
minor update
2011-08-22 22:43:14 +00:00
Miroslav Stampar
f4127a80d7
improvement of UNION based injection detection (with non-NULL kb.uChar values searching of the content inside -1 UNION.. pages is used)
2011-08-22 21:43:46 +00:00
Miroslav Stampar
8a174248dc
fix for a bug reported by blueBoy
2011-08-20 20:08:11 +00:00
Miroslav Stampar
cb32d46f2a
minor minor update
2011-08-18 06:09:12 +00:00
Miroslav Stampar
54bcc35ba7
important bug fix (connection exception was causing losing of already retrieved data)
2011-08-17 22:31:33 +00:00
Miroslav Stampar
9d31322f3d
update regarding special case when conf.uChar appears only in testable pages
2011-08-17 21:40:42 +00:00
Miroslav Stampar
75ec146224
minor beautification
2011-08-17 21:17:02 +00:00
Miroslav Stampar
f46baac70b
bug fix (when comment is None this was errornous)
2011-08-17 10:58:29 +00:00
Bernardo Damele
9361e633f4
Minor bug fix - some applications do really set cookies like param="value" with double-quotes
2011-08-16 09:21:01 +00:00
Miroslav Stampar
e1dbb4443b
minor update related to the last commit
2011-08-16 07:01:14 +00:00
Miroslav Stampar
7cc5743c5d
minor adjustment of a time based char retrievals (no more infinite increasing of timeSec value for problematic characters)
2011-08-16 06:50:20 +00:00
Miroslav Stampar
600ef3eace
minor patch
2011-08-16 06:22:04 +00:00
Miroslav Stampar
262996fc5b
bug fix
2011-08-16 06:14:40 +00:00
Miroslav Stampar
df4abf1af1
lowering constant value from 10 to 7 for da peace in da houz
2011-08-12 17:19:19 +00:00
Bernardo Damele
702ed73a65
Added --code switch to match in boolean-based tests against the HTTP response code
2011-08-12 16:48:11 +00:00
Bernardo Damele
fff4c34e33
Search for --string and --regexp matches also in HTTP response headers
2011-08-12 15:33:37 +00:00
Bernardo Damele
5e5133b8e7
Should be fixed now
2011-08-12 15:00:11 +00:00
Bernardo Damele
1505cb2a80
typo
2011-08-12 14:51:39 +00:00
Bernardo Damele
702ca22d54
Minor bug fix for URI injections
2011-08-12 14:48:44 +00:00
Bernardo Damele
28bba9f5e6
More verbose warning message
2011-08-12 13:47:38 +00:00
Miroslav Stampar
10bdd90e60
minor speed optimizations (as a result of profiling)
2011-08-12 13:40:37 +00:00
Bernardo Damele
36280b33fa
Ask the user wheather or not to adjust the time delay - there have been a case where the forcing of conf.timeSec screwed the result in an extremely lagged and unreliable site
2011-08-12 13:06:40 +00:00
Miroslav Stampar
41ae9bc7ff
minor bug fix
2011-08-09 14:20:25 +00:00
Miroslav Stampar
2ad267132a
minor update for empty normal responses (like AJAX requests)
2011-08-05 10:55:21 +00:00
Miroslav Stampar
e849b71027
minor typo
2011-08-03 14:31:42 +00:00
Miroslav Stampar
538b49bcc5
removing word "dramatically". i was too excited at the moment :). it is cool and all but we shouldn't put "highly subjective" attribs in reports
2011-08-03 13:26:38 +00:00
Miroslav Stampar
f7562da754
from now on proper union column count should be displayed in injection info output
2011-08-03 10:34:50 +00:00
Miroslav Stampar
9423d15fb3
ORDER BY technique used for finding proper UNION col count (dramatical improvement of speed and capabilities) and one minor bug fix
2011-08-03 09:08:16 +00:00
Miroslav Stampar
07afcd5440
fix for a bug reported by Ahmed Shawky (when user uses --suffix intermixing test default comments with the provided suffix is a big no no)
2011-08-02 18:20:21 +00:00
Miroslav Stampar
07c3d4fb18
minor adjustment
2011-08-02 17:35:43 +00:00
Miroslav Stampar
edab7d01a5
minor fix
2011-08-02 17:31:13 +00:00
Bernardo Damele
c15439ab7f
Minor improvement to --passwords output
2011-08-02 09:04:34 +00:00
Miroslav Stampar
cb0981d858
proper way of handling 0 length results (as in __goInferenceProxy)
2011-08-02 08:39:32 +00:00
Miroslav Stampar
0643ced651
minor update
2011-08-02 08:12:43 +00:00
Miroslav Stampar
457f501bbd
proper fix
2011-08-01 23:48:38 +00:00
Bernardo Damele
cbd0ea0866
Possible fix for a minor bug
2011-08-01 23:24:39 +00:00
Miroslav Stampar
018d7ed646
improvement for limited queries (more stable to have TOP/LIMIT/OFFSET mechanisms as part of a subquery)
2011-07-31 23:40:09 +00:00
Miroslav Stampar
0627bb02cb
minor beautification
2011-07-31 10:21:47 +00:00
Miroslav Stampar
93ae1dfa2b
minor bug fix
2011-07-31 08:52:48 +00:00
Miroslav Stampar
68ae8ea5b2
minor refactoring
2011-07-29 10:54:25 +00:00
Miroslav Stampar
e522263640
fix for a neverending data retrieval in large full inband cases
2011-07-29 10:45:09 +00:00
Miroslav Stampar
3fc603843e
minor fix
2011-07-27 23:26:36 +00:00
Miroslav Stampar
107089c00b
bug fix
2011-07-27 08:25:51 +00:00
Miroslav Stampar
f7eaffcec5
i believe that this could be ok
2011-07-26 21:28:48 +00:00
Bernardo Damele
a2483b3bc4
Aligned OS takeover functionalities to recent Metasploit improvements
2011-07-26 10:29:14 +00:00
Bernardo Damele
938716e361
Proper fix for --start and --stop consistency amongst different techniques
2011-07-26 10:06:28 +00:00
Bernardo Damele
e71f96afe7
Reverted dumb "fix"
2011-07-26 09:42:09 +00:00
Miroslav Stampar
6bbb8139a0
update (smaller memory footprint in postprocessing phase because of safecharencode part)
2011-07-25 20:40:31 +00:00
Miroslav Stampar
5770c08784
minor optimization and refactoring
2011-07-25 20:17:44 +00:00
Bernardo Damele
0a7a648694
Minor bug fix for --start, now all techniques return the same result (before blind techniques returned from one entry behind)
2011-07-25 11:15:18 +00:00
Bernardo Damele
6cbb927012
Partial fix for -o not resumed at following runs if missing from command line
2011-07-25 11:05:49 +00:00
Miroslav Stampar
2033a28ae7
minor update regarding last commit (cleaner code)
2011-07-24 20:44:17 +00:00
Miroslav Stampar
3a3561fdaa
doing proper big table support for partial union too
2011-07-24 20:36:44 +00:00
Miroslav Stampar
ec1bc0219c
hello big tables, this is sqlmap, sqlmap this is big tables
2011-07-24 09:19:33 +00:00
Miroslav Stampar
82e1e61554
minor speedup
2011-07-23 19:51:19 +00:00
Miroslav Stampar
094dc91e2d
minor update (prior to some changes regarding large content retrieval)
2011-07-23 19:04:59 +00:00
Miroslav Stampar
a89140e1ce
revisit of Oracle error-based payloads (added replace for '@' as a problematic char for XMLType function)
2011-07-23 06:07:00 +00:00
Miroslav Stampar
8a00ca83af
refactoring. nothing special changed
2011-07-21 10:18:11 +00:00
Miroslav Stampar
963f54e6d2
minor fix for parameters containing '=' inside values itself (remark: no parameter name will have '=' nor '%3d' inside; tested and it does a good job)
2011-07-21 10:06:52 +00:00
Miroslav Stampar
7881ded60d
quick fix (this other library was doing problems)
2011-07-20 22:20:16 +00:00
Bernardo Damele
d6b52242c7
Meterpreter's sniffer extension freezes 64-bit systems
...
Meterpreter's priv extension is loaded by default since Metasploit 3.5 or so.
There is no shellcodeexec 64-bit yet, anyway as the Metasploit payload is encoded with a 32-bit encoded (alphanumeric), it's all fine.
2011-07-20 13:50:02 +00:00
Miroslav Stampar
9d996c07fb
another quick fix
2011-07-20 13:00:34 +00:00
Miroslav Stampar
fad77dd078
fix for a ImportError bug reported by g@brindi.si
2011-07-20 12:18:36 +00:00
Miroslav Stampar
9cf33ec997
now status is no longer represented in percentage (impossible in cases where we need to support too small and too large dictionaries - technical issues regarding counting) but by the rotating char
2011-07-15 13:24:13 +00:00
Miroslav Stampar
ff8fc90ac7
bug fix
2011-07-13 06:44:15 +00:00
Miroslav Stampar
5c162efbd8
more optimization
2011-07-12 23:21:15 +00:00
Miroslav Stampar
9933edc718
optimization of reflective removal mechanism
2011-07-12 22:28:19 +00:00
Bernardo Damele
cda25cda2f
Cosmetics
2011-07-12 20:49:27 +00:00
Miroslav Stampar
3583d6dd1b
quick fixes, more work to do
2011-07-12 20:32:19 +00:00
Miroslav Stampar
0126b8eb0e
minor revert (it's illegal to use append for updating one array with another array)
2011-07-12 19:34:54 +00:00
Bernardo Damele
48b7245a33
Minor bug fix
2011-07-12 15:47:04 +00:00
Bernardo Damele
0b8c6e4c81
Minor bug fix
2011-07-12 15:30:40 +00:00
Miroslav Stampar
a46b5230f5
minor "patch"
2011-07-11 20:33:16 +00:00
Miroslav Stampar
1f826684f6
disabling multiprocessing (maybe permanently) support for Windows as of complications with sharing dictionary iterator
2011-07-11 13:16:59 +00:00
Miroslav Stampar
7bc6280d53
possible fix for a multi-processing "problem" reported by christopher.oakley@gmail.com
2011-07-11 11:40:27 +00:00
Miroslav Stampar
f5e45bf113
quick fix for a bug reported by jovon.itwaru@gmail.com
2011-07-11 08:54:39 +00:00
Miroslav Stampar
98958f8808
minor minor update
2011-07-10 15:41:45 +00:00
Miroslav Stampar
0d6afca7db
adding new switch '--smart' by request
2011-07-10 15:16:58 +00:00
Miroslav Stampar
1e182e6c72
quick fix
2011-07-08 22:34:44 +00:00
Bernardo Damele
651349e229
More verbose critical message
2011-07-08 13:12:53 +00:00
Bernardo Damele
b5dd4d4a63
Minor bug fix for Microsoft Access case expressions (like --common-tables) in UNION query SQL injection
2011-07-08 10:19:01 +00:00
Miroslav Stampar
02bfd05b20
more general approach
2011-07-08 10:03:14 +00:00
Miroslav Stampar
5443e06430
cosmetics (in debug mode [0] is used)
2011-07-08 09:43:52 +00:00
Miroslav Stampar
c463c411b9
minor update
2011-07-08 09:32:58 +00:00
Miroslav Stampar
ba2c06c9dc
quick fix
2011-07-08 09:01:32 +00:00
Miroslav Stampar
c517e97a44
few fixes and minor cosmetics
2011-07-08 06:02:31 +00:00
Bernardo Damele
aedcf8c8d7
Changed homepage address
2011-07-07 20:10:03 +00:00
Bernardo Damele
067354b97f
Revert of last commit and proper fix to detect UNION query SQL injection against Microsoft Access
2011-07-07 13:20:40 +00:00
Bernardo Damele
9e1a6beb7a
Major bug fix in UNION detection, it was a leftover
2011-07-07 00:06:20 +00:00
Bernardo Damele
fcd4e94c04
Higher chances to detect UNION query SQL injection against Microsoft Access
2011-07-06 23:52:44 +00:00
Bernardo Damele
23b4efdcaf
Revamp of tamper scripts, now supporting dependencies() function as well. Improved a lot the docstring and retested all. Added a new one from Ahmad too.
2011-07-06 21:04:45 +00:00
Bernardo Damele
0d28c1e9e7
cosmetics
2011-07-06 20:41:13 +00:00
Bernardo Damele
6f6038b534
Quick fix (revert..)
2011-07-06 11:32:12 +00:00
Miroslav Stampar
93b296e02c
few bug fixes (NTLM credential parsing was wrong), some switch reordering (few Misc to General), implemented --check-waf switch (irony is that this will also be called highly experimental/unstable while other things will be called "major/turbo/super bug fix/implementation")
2011-07-06 05:44:47 +00:00
Miroslav Stampar
b8ffcf9495
few fixes here and there and multi-core processing for dictionary based hash attack
2011-07-04 19:58:41 +00:00
Miroslav Stampar
34d9a91af1
bulk of fixes
2011-07-02 22:48:56 +00:00
Bernardo Damele
861cdb1b14
cosmetics
2011-07-01 10:04:34 +00:00
Miroslav Stampar
4513ef409e
massive (like really massive) dictionary support
2011-06-30 23:44:49 +00:00
Miroslav Stampar
43db6b03a7
update with a feature request (file with list of wordlist files)
2011-06-30 08:42:43 +00:00
Miroslav Stampar
9e453e8709
fix for a bug reported by nightman@email.de
2011-06-29 17:49:59 +00:00
Miroslav Stampar
be9b8bca78
bug fix
2011-06-29 17:39:58 +00:00
Bernardo Damele
9eb683531d
Minor improvement at blind SQL inj technique for DB2
2011-06-27 22:28:12 +00:00
Miroslav Stampar
75524c283d
minor update
2011-06-27 21:59:31 +00:00
Miroslav Stampar
4be55c811f
minor update
2011-06-27 21:48:26 +00:00
Miroslav Stampar
831f083223
minor update
2011-06-27 21:38:12 +00:00
Miroslav Stampar
5b4eaf48d9
minor fix (for those blank suffixes out of nowhere at the end of payload - not related to "-- ")
2011-06-27 21:34:49 +00:00
Miroslav Stampar
8a8b94883b
minor update (that default quit in --batch was bothering me - my original idea and it was bad :)
2011-06-27 14:14:49 +00:00
Miroslav Stampar
d72db1bf91
minor update (all misc options are alphabetically ordered)
2011-06-27 08:21:33 +00:00
Bernardo Damele
36c96ef796
Added DB2 support - patch provided by Sebastian Bittig
2011-06-25 09:44:24 +00:00
Miroslav Stampar
e00cf81f7e
minor update
2011-06-24 19:50:13 +00:00
Miroslav Stampar
e9286ddd5b
fix for a bug reported by g@brindi.si (UnicodeDecodeError: 'ascii' codec can't decode byte 0xc2 in position
...
47: ordinal not in range(128))
2011-06-24 19:24:11 +00:00
Miroslav Stampar
c4cb367e65
looks nicer (though --tor is implicitly converted into --proxy)
2011-06-24 19:00:53 +00:00
Miroslav Stampar
aa83fe5c66
minor update
2011-06-24 18:19:33 +00:00
Miroslav Stampar
21010f702c
minor beautification
2011-06-24 17:46:54 +00:00
Miroslav Stampar
2de88bd90b
minor update
2011-06-24 17:19:24 +00:00
Miroslav Stampar
96190cf594
minor update
2011-06-24 17:15:15 +00:00
Bernardo Damele
406f2cda09
Got rid of useless TAB completion in --sql-shell
2011-06-24 13:05:13 +00:00
Bernardo Damele
35ce6dedcf
Got rid of useless imports
2011-06-24 09:59:11 +00:00
Bernardo Damele
a78f5b4eb3
Minor adjustment to avoid function and variables with same name
2011-06-24 09:29:11 +00:00
Miroslav Stampar
eaa2a4202f
changing to: --crawl=CRAWLDEPTH
2011-06-24 05:40:03 +00:00
Miroslav Stampar
3717b8423f
cleanest fix this moment (conf.dbms will for sure deal problems later in any form)
2011-06-22 15:48:44 +00:00
Miroslav Stampar
5190440ea2
minor fix
2011-06-22 15:36:59 +00:00
Miroslav Stampar
97d8729d71
probable fix for a bug reported by m4l1c3 (RuntimeError: maximum recursion depth exceeded)
2011-06-22 15:28:49 +00:00
Miroslav Stampar
52ba3c281e
minor update
2011-06-22 14:59:49 +00:00
Miroslav Stampar
4ca37901da
thread safe logging+stdout (no more overlapping of log messages and raw output)
2011-06-22 14:53:42 +00:00
Miroslav Stampar
84bc8c3a37
update
2011-06-22 14:39:31 +00:00
Miroslav Stampar
938db1b513
replacing xmlobject logic with our own
2011-06-22 14:33:52 +00:00
Bernardo Damele
1cb12ea659
replaced third-party library python-mysql with python pymysql, http://code.google.com/p/pymysql/ (MIT license)
2011-06-22 13:31:07 +00:00
Miroslav Stampar
e76cb19e35
minor patch
2011-06-22 09:11:12 +00:00
Miroslav Stampar
b16b92fe46
minor update
2011-06-21 20:59:34 +00:00
Miroslav Stampar
2220afbdf5
fix by request
2011-06-21 20:50:16 +00:00
Miroslav Stampar
9e232256f4
reverting that last commit because there is a mess with default dumping (startLimit is set to 0 which is not so friendly with --start and --stop logic)
2011-06-21 18:29:23 +00:00
Miroslav Stampar
3536320fc9
--stop is inclusive ("Last query output entry to retrieve")
2011-06-21 18:08:33 +00:00
Miroslav Stampar
dfc02d8c3c
sorry Bernardo, i hope your mobile is turned off :)))
2011-06-20 22:47:24 +00:00
Miroslav Stampar
2a4a284a29
crawler fix (skip binary files)
2011-06-20 22:41:38 +00:00
Miroslav Stampar
20bb1a685b
really minor update
2011-06-20 21:57:53 +00:00
Miroslav Stampar
812cd2f19b
minor update
2011-06-20 21:47:03 +00:00
Miroslav Stampar
e8ac7414f2
bug fix
2011-06-20 21:36:15 +00:00
Miroslav Stampar
d6062e8fc9
minor fix for crawler and far less message overlaps in future
2011-06-20 21:18:12 +00:00
Miroslav Stampar
8968c708a0
minor update
2011-06-20 14:27:24 +00:00
Miroslav Stampar
17fac6f67f
minor update
2011-06-20 13:53:39 +00:00
Miroslav Stampar
29314f425e
minor fix
2011-06-20 13:42:31 +00:00
Miroslav Stampar
f09340fc89
minor update
2011-06-20 12:40:14 +00:00
Miroslav Stampar
4d1fa5596b
added support for --scope in --crawl mode
2011-06-20 12:37:51 +00:00
Miroslav Stampar
42746cc706
bug fix
2011-06-20 12:18:46 +00:00
Miroslav Stampar
67fab9f2e2
putting this to info messages (user needs to know at this place why is it waiting)
2011-06-20 12:17:19 +00:00
Miroslav Stampar
b1426b5131
bug fix
2011-06-20 12:11:09 +00:00
Miroslav Stampar
cda39ca350
minor update
2011-06-20 11:46:23 +00:00
Miroslav Stampar
07e2c72943
adding Beautifulsoup (BSD) into extras; adding --crawl to options
2011-06-20 11:32:30 +00:00
Miroslav Stampar
8c04aa871a
english typo
2011-06-20 11:00:23 +00:00
Miroslav Stampar
bdb530da1f
minor update
2011-06-19 10:11:27 +00:00
Miroslav Stampar
d5bc149636
made changes by buawig request (504 is treated as a classical timeout)
2011-06-19 09:57:41 +00:00
Miroslav Stampar
83af83da9e
minor beautification (WordsSet is considered as a bad english)
2011-06-18 15:47:19 +00:00
Bernardo Damele
f8c32cf6b9
Moved folder
2011-06-18 12:34:41 +00:00
Bernardo Damele
28ef61b997
Use getPageTextWordsSet() also in --common-columns
2011-06-18 12:30:26 +00:00
Bernardo Damele
6b2f44de14
Minor layout adjustment
2011-06-18 12:27:12 +00:00
Bernardo Damele
cd07139919
Layout adjustments
2011-06-18 11:58:14 +00:00
Miroslav Stampar
31ad0875b4
added by request
2011-06-18 11:34:51 +00:00
Miroslav Stampar
e4be141602
minor fix for --smoke-test
2011-06-18 11:26:17 +00:00
Bernardo Damele
c7e1aeeef2
layout
2011-06-18 11:02:48 +00:00
Miroslav Stampar
905fef0eae
now user can explicitly state number of UNION affected columns via --union-cols (e.g. --union-cols=5)
2011-06-18 10:51:14 +00:00
Miroslav Stampar
fde3e4cece
better
2011-06-18 09:52:07 +00:00
Miroslav Stampar
2f129b01c0
"Please consider to provide" is a bad English
2011-06-18 09:46:22 +00:00
Miroslav Stampar
1440c9f2d4
minor update
2011-06-17 22:28:07 +00:00
Miroslav Stampar
87e9842371
better language
2011-06-17 22:13:45 +00:00
Miroslav Stampar
ce3170edef
minor update/better language
2011-06-17 22:11:40 +00:00
Miroslav Stampar
ec6fa384eb
update
2011-06-17 22:04:25 +00:00
Miroslav Stampar
0c9fa5c550
fix
2011-06-17 17:12:47 +00:00
Miroslav Stampar
043f2f92c1
minor update
2011-06-17 17:10:52 +00:00
Miroslav Stampar
c9a6aad5c3
minor fix by request
2011-06-17 16:58:50 +00:00
Miroslav Stampar
a0129dcbcb
this is confusing for normal users (i've just get a mail where dude thinks that he needs to use tamper script because of this :)
2011-06-17 16:52:39 +00:00
Miroslav Stampar
f3ee2c09fb
cleaner fix
2011-06-17 15:32:23 +00:00
Miroslav Stampar
bb987ec98f
fix for DNS leakage
2011-06-17 15:23:58 +00:00
Miroslav Stampar
9498a3f259
little stabilization of multi threading
2011-06-17 12:50:28 +00:00
Miroslav Stampar
d27afaed7e
some fixes
2011-06-16 14:27:44 +00:00
Miroslav Stampar
6b1d5a0ab8
minor fix
2011-06-16 14:11:30 +00:00
Miroslav Stampar
530c296519
minor fix
2011-06-16 13:56:17 +00:00
Miroslav Stampar
0eeb48f8f5
some fixes
2011-06-16 13:41:02 +00:00
Miroslav Stampar
7733e5866a
minor update regarding mnemonics (again)
2011-06-16 12:34:38 +00:00
Miroslav Stampar
17e4c6b564
minor update regarding mnemonics
2011-06-16 12:26:50 +00:00
Miroslav Stampar
25b923bbc3
minor fixes and minor updates
2011-06-16 12:12:30 +00:00
Miroslav Stampar
3995891ab4
new file containing default settings
2011-06-16 11:43:07 +00:00
Miroslav Stampar
6f681b45ad
cleaning up a bit for a configuration mess
2011-06-16 11:42:13 +00:00
Bernardo Damele
f515c9c9e0
Dealt with SVN update login traceback. Need to investigate further why it asks for credentials sometimes
2011-06-16 10:11:11 +00:00
Miroslav Stampar
63d98d8ce6
fix for a bug reported by rdsears@mtu.edu (ignored config file items)
2011-06-16 08:08:49 +00:00
Miroslav Stampar
4d51fa8155
minor update planned for a long time (in case of heuristic test was positive warn the user properly at the end if program fails)
2011-06-15 17:37:28 +00:00
Miroslav Stampar
e0ad72031f
minor update
2011-06-15 12:04:30 +00:00
Miroslav Stampar
1d93a03eeb
introducing mnemonics
2011-06-15 11:58:50 +00:00
Miroslav Stampar
d55a242908
minor improvement. messages are now warnings (not errors because lots of them are not causing problems for a normal usage) and most of all it's being checked only if the --dependencies is used (until now this switch has been ignored and turned on by default - always)
2011-06-14 19:38:35 +00:00
Miroslav Stampar
a4328e914b
minor update
2011-06-14 19:29:42 +00:00
Miroslav Stampar
1e17c0d4a1
switching to debug mode for missing dependencies
2011-06-14 08:47:06 +00:00
Bernardo Damele
8978fded03
typo fix
2011-06-13 19:00:27 +00:00
Bernardo Damele
7152a1ed3b
Added --dependences to show which sqlmap dependences are not available
2011-06-13 18:44:02 +00:00
Miroslav Stampar
0990f16f7f
minor update for invalid cases like 'iso-8859-1 (western europe)'
2011-06-12 08:36:21 +00:00
Miroslav Stampar
2da56ea507
fix of a language bug
2011-06-11 21:17:30 +00:00
Miroslav Stampar
9331abb96f
minor update
2011-06-11 08:33:36 +00:00
Miroslav Stampar
f8dde2c23b
adding --titles switch (killer switch for pages with lots of dynamicity and/or international ones)
2011-06-10 23:18:43 +00:00
Miroslav Stampar
15d72ec566
minor improvement for special cases with --string/--regexp
2011-06-10 23:05:47 +00:00
Miroslav Stampar
8fac4605a9
minor fix for None results
2011-06-10 22:28:15 +00:00
Miroslav Stampar
71093b1cad
adding one more user friendly message
2011-06-09 09:58:42 +00:00
Miroslav Stampar
fae089646b
minor fix
2011-06-09 08:38:17 +00:00
Miroslav Stampar
9202fedf7b
minor fix
2011-06-09 08:14:54 +00:00
Miroslav Stampar
af5fe457bd
revert of the revert (it's a good idea to have it like this because of problems with e.g. --text-only and binary content)
2011-06-09 07:53:31 +00:00
Miroslav Stampar
8ec4bc9d9d
revert of the last commit. have to think about it
2011-06-09 06:32:53 +00:00
Miroslav Stampar
9c093d91f2
minor update
2011-06-09 06:14:35 +00:00
Bernardo Damele
d217cf71b2
Minor bug fix
2011-06-08 23:32:44 +00:00
Bernardo Damele
6aade8e6fc
grammar fix, again
2011-06-08 16:40:22 +00:00
Bernardo Damele
d160888784
Grammar fix
2011-06-08 16:25:18 +00:00
Bernardo Damele
1c6ee1dc36
Rephrase
2011-06-08 16:22:16 +00:00
Bernardo Damele
0d8d6a4ace
Cosmetics
2011-06-08 16:08:20 +00:00
Bernardo Damele
70cac24909
Cosmetics
2011-06-08 15:31:27 +00:00
Bernardo Damele
64bef644c3
This was missing
2011-06-08 15:30:59 +00:00
Miroslav Stampar
d8155dfae9
change by request
2011-06-08 14:44:11 +00:00
Miroslav Stampar
6387d98ab0
quick fix
2011-06-08 14:42:48 +00:00
Bernardo Damele
0d3e8a76d8
Cosmetics and a missing param
2011-06-08 14:40:42 +00:00
Miroslav Stampar
4a9640160e
more concise
2011-06-08 14:35:23 +00:00
Miroslav Stampar
6b81eef65a
refactoring
2011-06-08 14:30:12 +00:00
Bernardo Damele
cd6ceb733e
Adjustment and refactoring for takeover via web backdoor
2011-06-08 14:16:53 +00:00
Bernardo Damele
cce3208b35
Cleanup
2011-06-08 14:15:34 +00:00
Bernardo Damele
7da3d8dbd1
minor layout adjustment
2011-06-08 13:01:33 +00:00
Miroslav Stampar
f65abdaae3
added switch --cookie-del by request
2011-06-08 08:27:24 +00:00
Miroslav Stampar
4eeeb3655e
asking and skipping to the next google result page if no usable links found
2011-06-07 23:24:17 +00:00
Miroslav Stampar
1c633b7351
i am tired of pressing hundred times Ctrl+C in testing phase if --batch is specified
2011-06-07 22:14:18 +00:00
Miroslav Stampar
75c12c5edb
fix for a bug reported by cclements@flatearth.net (TypeError: argument of type 'NoneType' is not iterable)
2011-06-07 21:46:49 +00:00
Miroslav Stampar
e7e23d1b79
fix for a Ctrl+C bug reported by nightman@email.de
2011-06-07 17:16:01 +00:00
Miroslav Stampar
26062ec71e
minor update
2011-06-07 15:13:51 +00:00
Miroslav Stampar
50dde39e68
minor update
2011-06-07 10:32:18 +00:00
Miroslav Stampar
e9bf768f23
more refactoring
2011-06-07 10:08:12 +00:00
Miroslav Stampar
7a3cc38e3c
refactoring and stabilization of multithreading
2011-06-07 09:50:00 +00:00
Miroslav Stampar
5f7858455d
fix for a bug reported by l0rda@l0rda.biz
2011-06-07 05:57:21 +00:00
Miroslav Stampar
03c3f83893
minor fix
2011-06-06 13:34:49 +00:00
Miroslav Stampar
24ed99e5a3
fix for a bug reported by aboynes@gmail.com
2011-06-06 08:50:48 +00:00
Miroslav Stampar
97d8c60c3f
better language
2011-06-03 15:58:19 +00:00
Miroslav Stampar
0a620bf322
more info to the user
2011-06-03 15:43:50 +00:00
Miroslav Stampar
8c80413c52
well, important fix for blind based cases (especially OR ones)
2011-06-03 15:29:22 +00:00
Miroslav Stampar
f27181c628
minor improvement for blind based injections with reflected values
2011-06-03 14:41:36 +00:00
Miroslav Stampar
e9eafc2e94
minor update
2011-06-03 14:13:22 +00:00
Miroslav Stampar
64a862ed58
minor usability update
2011-06-03 14:04:02 +00:00
Miroslav Stampar
faf7814869
fix for a fuzz "bug" reported by daniele.rivetti@yahoo.com
2011-06-03 11:01:26 +00:00
Miroslav Stampar
08d6bb4f23
minor fix
2011-06-02 22:13:31 +00:00
Miroslav Stampar
8aa5625cd0
proper fix related to the last commit
2011-06-01 23:00:18 +00:00
Miroslav Stampar
fd57aae779
bug fix (until this moment we had UNION unfunctional for MSSQL)
2011-06-01 22:47:54 +00:00
Miroslav Stampar
fc96764f80
minor bug fix ("trimmed" error message was shown for empty cases too because u'' or None == None)
2011-06-01 22:06:06 +00:00
Miroslav Stampar
091c174bc4
better language
2011-06-01 08:30:06 +00:00
Miroslav Stampar
63145236b9
minor fix
2011-05-31 21:53:29 +00:00
Miroslav Stampar
42100e0e5b
big bug fix
2011-05-30 23:15:29 +00:00
Miroslav Stampar
9600556dae
better language
2011-05-30 23:04:49 +00:00
Miroslav Stampar
b7088440c2
better sentence
2011-05-30 22:47:17 +00:00
Miroslav Stampar
3c12799ff0
minor improvement
2011-05-30 20:34:34 +00:00
Miroslav Stampar
89559d1b0a
better regex and now after we have that automatic switch off for reflective removal mechanism it's not so important to change it
2011-05-30 20:18:30 +00:00
Miroslav Stampar
b79dae6e95
minor update
2011-05-30 14:49:03 +00:00
Miroslav Stampar
20988e58ed
warp 5 mr spock :)
2011-05-30 09:46:32 +00:00
Miroslav Stampar
001cbff2a9
speed up of 2 times for partial union technique
2011-05-30 09:07:48 +00:00
Miroslav Stampar
97820949f5
minor update
2011-05-30 08:33:01 +00:00
Miroslav Stampar
d5ede6afb4
fix for a dirty reading issue reported by skysbsb@gmail.com (IndexError: list index out of range)
2011-05-30 06:38:44 +00:00
Miroslav Stampar
23d7820de7
minor update
2011-05-29 23:56:41 +00:00
Miroslav Stampar
6fd8602f01
minor update
2011-05-29 23:33:34 +00:00
Miroslav Stampar
86455ceb9c
implementation of multithreading for UNION and ERROR techniques
2011-05-29 23:17:50 +00:00
Miroslav Stampar
d51efa679d
typo update
2011-05-29 06:26:28 +00:00
Miroslav Stampar
f848cc779e
adding legal disclaimer as latest situation (these days news headlines) seems out of control
2011-05-28 18:54:14 +00:00
Miroslav Stampar
a5a70f0895
minor update
2011-05-28 18:21:03 +00:00
Miroslav Stampar
ecbeecdccf
minor refactoring
2011-05-28 18:11:56 +00:00
Miroslav Stampar
eb9b84d1da
type correction
2011-05-28 17:53:05 +00:00
Miroslav Stampar
03ef53f00a
update regarding mysql function resolution and versionedkeywords
2011-05-28 17:34:43 +00:00
Miroslav Stampar
95dea1fbf9
sharp tuning UNION tests even more
2011-05-28 08:06:19 +00:00
Miroslav Stampar
c11ea35d53
adding some user input for "refreshing" cases (like redirect ones)
2011-05-27 22:42:23 +00:00
Miroslav Stampar
cf69809c3c
minor update
2011-05-27 16:26:00 +00:00
Miroslav Stampar
8227298057
user friendliness uber 9000
2011-05-27 08:30:52 +00:00
Miroslav Stampar
a8b58afdb2
minor update
2011-05-27 08:21:02 +00:00
Miroslav Stampar
48f52d7697
minor beautification
2011-05-27 08:16:14 +00:00
Miroslav Stampar
61b960f65f
minor update related to the last one
2011-05-26 22:05:10 +00:00
Miroslav Stampar
45caadbd4a
important update - finally found what was causing headache for UNION payloads in noticeable number of cases
2011-05-26 21:54:19 +00:00
Miroslav Stampar
97bd5355dd
minor update
2011-05-26 21:18:55 +00:00
Miroslav Stampar
5d56e89cf5
minor update
2011-05-26 21:08:46 +00:00
Miroslav Stampar
06108b6da6
minor update related to the last commit
2011-05-26 20:58:24 +00:00
Miroslav Stampar
4f46a5ab63
minor usability enhancement regarding warning for --text-only switch
2011-05-26 20:48:18 +00:00
Miroslav Stampar
ff030e4d24
minor cleanup of the leftover
2011-05-26 17:37:24 +00:00
Miroslav Stampar
bf2b58ba82
minor update
2011-05-26 15:23:28 +00:00
Miroslav Stampar
b6fe5b12a4
adding --schema to the wizard/Basic as it looks like a cool thingy to put there
2011-05-26 14:30:05 +00:00
Miroslav Stampar
4f2c999146
fix for a bug reported by mail@8dh.de (UnicodeDecodeError: requestMsg += "\n%s" % requestHeaders)
2011-05-26 13:47:20 +00:00
Miroslav Stampar
f3ed61af5f
bug fix when using inference and kb.pageEncoding is None (like in binary cases)
2011-05-25 21:12:12 +00:00
Miroslav Stampar
5369657cd5
fix for cases with retrieved binary files (preventing difflib nagging around comparison)
2011-05-25 20:54:30 +00:00
Miroslav Stampar
a1fd2898a0
added friendly tip message for url encoding GET and POST payloads
2011-05-25 11:10:52 +00:00
Miroslav Stampar
0e480a9921
adding SYS to the ORACLE_SYSTEM_DBS
2011-05-25 10:55:47 +00:00
Miroslav Stampar
2f456bee75
minor beautification
2011-05-25 08:14:39 +00:00
Miroslav Stampar
8b7a3c5a6b
making it easier for totally dummy users
2011-05-24 17:24:01 +00:00
Miroslav Stampar
bec2c04671
helping dummy users
2011-05-24 17:15:25 +00:00
Miroslav Stampar
a3466ff79c
serving everything for the users
2011-05-24 16:34:08 +00:00
Miroslav Stampar
69eb173eca
minor just in case patch
2011-05-24 15:07:37 +00:00
Miroslav Stampar
0072c3af8e
fix for a bug reported by aboynes@gmail.com (for elt in self.a)
2011-05-24 15:03:21 +00:00
Miroslav Stampar
f774d8fea0
proper Tor settings (reverted r3915 and implemented it the right way)
2011-05-24 11:06:58 +00:00
Miroslav Stampar
915c206e3d
minor fix for socks proxy issues
2011-05-24 09:47:10 +00:00
Miroslav Stampar
ad25bcc2be
better way for dealing with relative paths
2011-05-24 05:26:51 +00:00
Miroslav Stampar
a536bf210f
improved redirection mechanism
2011-05-23 23:20:03 +00:00
Miroslav Stampar
128a012121
this was causing that --suffix trouble
2011-05-23 19:59:07 +00:00
Miroslav Stampar
bfe8e51b7c
minor fix for retrieving stuff like "SELECT * FROM testdb..users"
2011-05-23 19:45:40 +00:00
Miroslav Stampar
2b12b18357
incorporating metasploit patch from oliver.kuckertz@mologie.de
2011-05-23 15:27:10 +00:00
Miroslav Stampar
4542d4535f
minor beautification
2011-05-23 14:28:05 +00:00
Miroslav Stampar
31b48ec11c
removing space left
2011-05-23 14:18:33 +00:00
Miroslav Stampar
0ed03d474f
now supporting "blank tables" - schema of the table will be preserved, even if it's empty - especially nice feature for --replicate
2011-05-23 11:09:44 +00:00
Miroslav Stampar
868fbe370b
minor beautification
2011-05-23 10:39:58 +00:00
Miroslav Stampar
fb23beef6f
most elegant way i could think of to deal with "collation incompatibilities" issue on some MySQL/UNION cases (affected about 5% of all targets tested)
2011-05-22 19:14:36 +00:00
Miroslav Stampar
4fdb6ac9b9
adding useful info
2011-05-22 15:30:19 +00:00
Miroslav Stampar
48c20a62ac
minor nag fix
2011-05-22 15:08:55 +00:00
Miroslav Stampar
40971aca94
fixing nasty bug caused by retrying counter
2011-05-22 10:59:56 +00:00
Miroslav Stampar
712e238f33
another minor fix
2011-05-22 10:29:25 +00:00
Miroslav Stampar
2795aeff34
minor fix
2011-05-22 10:27:45 +00:00
Miroslav Stampar
806e898694
no more CRITICAL drop outs in test mode - lots of reports were related to this
2011-05-22 10:21:49 +00:00
Miroslav Stampar
9b2623514a
one bug fix for Host header (value should be without port number); one improvement for --tables - when no tables ask user if he wants to brute force them; one tweak - adding kb.ignoreTimeout for --tables
2011-05-22 09:48:46 +00:00
Miroslav Stampar
2ea613b170
type correction and adding global flag kb.ignoreTimeout which could be useful
2011-05-22 08:24:13 +00:00
Miroslav Stampar
27f0e73cc9
refactoring of 'target' flag in connect.py
2011-05-22 07:46:09 +00:00
Miroslav Stampar
a58aaf2e1a
better format for results file (easier for sorting when lots of files)
2011-05-22 07:02:36 +00:00
Miroslav Stampar
25fff8c135
changes in handling --tor (using SOCKS instead of HTTP for handling Tor - more standard way; doesn't require proxy bundle; fixes problems with default proxy ports on Win/Linux)
2011-05-21 11:46:57 +00:00
Miroslav Stampar
9e5856caf8
improvement for recognition of scalar vs multiple-row commands
2011-05-19 16:45:05 +00:00
Miroslav Stampar
db72428765
minor update
2011-05-19 15:57:29 +00:00
Miroslav Stampar
f40c6b2ce7
added --cookie for maskSensitiveData too
2011-05-19 15:42:59 +00:00
Miroslav Stampar
9832fc42d4
minor improvement for --tamper (now standard tamper scripts can be used like --tamper=randomcase)
2011-05-18 21:47:40 +00:00
Miroslav Stampar
3048e9f710
minor refactoring
2011-05-17 23:03:31 +00:00
Miroslav Stampar
cc07e5dc97
added --charset option to force charset encoding of the retrieved data (e.g. when the backend collation is different than the current web page charset) as requested by devon.mitchell1988@yahoo.com
2011-05-17 22:55:22 +00:00
Miroslav Stampar
dfe81cc66f
minor yielding
2011-05-16 20:14:10 +00:00
Miroslav Stampar
a5ad4621c9
minor refactoring
2011-05-16 20:09:12 +00:00
Miroslav Stampar
ba1df457ab
fix for a charset euc_tw reported by devon.mitchell1988@yahoo.com
2011-05-16 19:26:58 +00:00
Miroslav Stampar
6ba9dea640
just in case for trimmed output
2011-05-16 06:17:37 +00:00
Miroslav Stampar
d2221e4604
fix for a minor "retrieved" cosmetic issue in partial union technique reported by Devon Mitchell (retrieved: "information_schema","COLUMNS</title><...)
2011-05-16 00:23:50 +00:00
Miroslav Stampar
faa74cd2bc
introducing results file for multiple target mode
2011-05-15 22:21:38 +00:00
Miroslav Stampar
90e84c9a6d
removing xmlcharrefreplace error handler as it seems that it wasn't such a good idea at the end
2011-05-15 21:43:38 +00:00
Miroslav Stampar
c3bb5a03e1
minor improvement
2011-05-14 20:09:37 +00:00
Miroslav Stampar
3484a4426b
fix for a bug reported by itxx@qq.com (TypeError: encode() takes no keyword arguments)
2011-05-14 19:57:28 +00:00
Miroslav Stampar
053c245114
few minor fixes
2011-05-13 09:56:12 +00:00
Miroslav Stampar
a7d7be5ce0
bug fix ('Host' header was being set to the conf.hostname for all getPages causing problems in some cases when retrieved page was not coming from that same Host)
2011-05-13 01:01:53 +00:00
Miroslav Stampar
f11d5c91e3
minor update so that only one DNS request per scan is being done (before this commit there were two)
2011-05-12 14:32:39 +00:00
Miroslav Stampar
70688fb8b5
minor enhancement for dumping 'None' values (proper way should be empty string because None is too pythonic)
2011-05-12 12:00:17 +00:00
Miroslav Stampar
c64eb38a8b
same thing as for the last commit, but for error technique this time
2011-05-12 11:52:18 +00:00
Miroslav Stampar
84a7e5ffb9
"unfix" for r3172 which was causing "AttributeError: 'list' object has no attribute 'isdigit'" because of change of appereance
2011-05-12 11:36:02 +00:00
Miroslav Stampar
0b2da2f9f5
minor beautification for --tor switch
2011-05-12 05:46:17 +00:00
Miroslav Stampar
e05a9c0554
i was probably very tired or very stupid to do this
2011-05-11 13:13:46 +00:00
Miroslav Stampar
2ab9e30f7a
bug fix
2011-05-11 12:54:33 +00:00
Miroslav Stampar
53065ee1fb
adding ordered set for kb.targetUrls (now the order of appereance in multiple targets mode will be respected)
2011-05-11 08:55:48 +00:00
Miroslav Stampar
5ee07b90b9
added -m switch for bulk loading multiple targets
2011-05-11 08:46:40 +00:00
Miroslav Stampar
120b0d756e
unfix
2011-05-10 21:33:06 +00:00
Miroslav Stampar
6b66fce72c
minor fix
2011-05-10 20:52:43 +00:00
Miroslav Stampar
192c685bc8
changing conf attribute to a more proper name
2011-05-10 20:48:34 +00:00
Miroslav Stampar
deae534ee7
minor refactoring
2011-05-10 20:44:36 +00:00
Bernardo Damele
97bc816aeb
layout
2011-05-10 16:24:09 +00:00
Bernardo Damele
3a8309c4b0
Major bug fix to detect UNION query technique and various improvements to parsing and using of --union-char and --union-cols switches
2011-05-10 15:34:54 +00:00
Miroslav Stampar
707edc7b1a
fix for a bug (previously --dbms="mysql 4" was ignored and abruptly terminated while the mechanism was here all along)
2011-05-10 13:28:07 +00:00
Miroslav Stampar
1dea609019
fix for a bug reported by David (UnicodeDecodeError: url = url + '?' + query)
2011-05-10 12:51:37 +00:00
Miroslav Stampar
a64407d9db
minor bug fix for multithreading and lots of connection retries
2011-05-10 12:40:01 +00:00
Miroslav Stampar
22a1870c2c
adding some constraining to number of used threads on brute force switches together with a warning in case of connection exception(s) with --threads>1
2011-05-10 12:32:07 +00:00
Miroslav Stampar
ec4d9178f8
minor update related to the previous commit
2011-05-08 06:28:58 +00:00
Miroslav Stampar
4d6e7c738c
minor update
2011-05-08 06:17:43 +00:00
Bernardo Damele
9955483052
Major improvement for --dump.
...
Minor improvement for --dump-all.
Minor bug fix for infinite loop
2011-05-08 02:08:18 +00:00
Bernardo Damele
8179fd63c0
Minor fix
2011-05-07 23:48:03 +00:00
Bernardo Damele
6653907700
forgot in last commit
2011-05-07 21:13:56 +00:00
Bernardo Damele
1151af52bb
More fix for save/resume of --technique
2011-05-07 21:08:14 +00:00
Bernardo Damele
aae140080e
SVN roll back, DB2 patch will be recommitted after testing:
...
$ svn merge https://svn.sqlmap.org/sqlmap/trunk/sqlmap@HEAD https://svn.sqlmap.org/sqlmap/trunk/sqlmap@3847 .
2011-05-06 10:27:43 +00:00
Miroslav Stampar
42bca80968
removing blank lines and adding newline at the end of files
2011-05-06 09:35:53 +00:00
Miroslav Stampar
6e392b6054
applying contributed patch for DB2
2011-05-06 09:30:39 +00:00
Bernardo Damele
2d8408c885
More fix for --technique resume
2011-05-05 16:38:46 +00:00
Bernardo Damele
e96a533a04
Bug fix to resume of --technique
2011-05-05 15:18:33 +00:00
Miroslav Stampar
b324b99f6e
minor update of warning message
2011-05-04 10:41:08 +00:00
Miroslav Stampar
83fac3f6d9
fix for proper MSSQL error chunking in some cases (not screwing output length toward lower values at chunk phase)
2011-05-03 21:12:51 +00:00
Miroslav Stampar
e6f010734e
minor fix for cases when the retrieved output is safe encoded (like for --os-shell)
2011-05-03 16:14:03 +00:00
Miroslav Stampar
4d4e3802e4
decoding of chars for --os-shell
2011-05-03 15:31:12 +00:00
Bernardo Damele
c58dc4a6d8
isDbmsWithin() must stay like this, no getIdentifiedDbms() in there
2011-05-03 14:13:45 +00:00
Miroslav Stampar
742b0ef76e
major improvement of ERROR data retrieval on MSSQL
2011-05-03 13:25:20 +00:00
Miroslav Stampar
2a7838928e
minor fancier --replicate update
2011-05-03 11:48:04 +00:00
Miroslav Stampar
b202d73b46
bug fix for MSSQL identificators which were starting with d, b, o and . Thing is that .lstrip strips all occurances of the given chars :) (spotted ancidentally)
2011-05-03 11:09:30 +00:00
Miroslav Stampar
1840b0e43b
fix for a bug reported by k1971@live.co.uk (OperationalError: unknown database dbo)
2011-05-03 10:22:38 +00:00
Miroslav Stampar
1e6c2fea74
update regarding warning for --random-agent during connection timeout in connection test phase
2011-05-03 10:05:42 +00:00
Bernardo Damele
6cff3e97f4
cosmetics
2011-05-02 21:48:08 +00:00
Miroslav Stampar
06498796b9
minor cosmetics
2011-05-02 20:51:53 +00:00
Miroslav Stampar
5e9620198c
fix for a privately reported bug ("AttributeError: item is disabled")
2011-05-02 18:18:04 +00:00
Miroslav Stampar
93dee30895
better fix for the previous commit
2011-05-02 13:34:55 +00:00
Miroslav Stampar
20ad1c1f2f
minor update to not confuse users when using -o
2011-05-02 13:24:35 +00:00
Miroslav Stampar
f8c3086d15
minor minor update
2011-05-02 12:37:54 +00:00
Miroslav Stampar
098f53d57a
patch for a problem reported by m.martin2311@yahoo.com (unknown charset 'is0-8859-1')
2011-05-02 12:34:35 +00:00
Bernardo Damele
ac2550535c
Proper fix for --technique=U bug
2011-05-01 23:42:41 +00:00
Miroslav Stampar
900ee0ff93
fix for a major bug reported by k1971@live.co.uk (1..9 99..)
2011-05-01 15:47:00 +00:00
Miroslav Stampar
494503b334
proper way to deal with generic cases
2011-05-01 08:04:08 +00:00
Miroslav Stampar
fcd69ba9c7
fix for a --technique=U
2011-05-01 07:37:22 +00:00
Miroslav Stampar
41fc9f9d54
fix for an issue reported by andrew.gecse@upcmail.hu (unknown web page charset 'hungarian-iso-8859-2')
2011-04-30 22:41:54 +00:00
Bernardo Damele
955dbc85e7
Minor variable rename
2011-04-30 15:29:59 +00:00
Bernardo Damele
b3a0424269
More Backend class method usage refactoring
2011-04-30 15:24:15 +00:00
Bernardo Damele
00f14bec5f
layout adjustment
2011-04-30 15:22:33 +00:00
Bernardo Damele
9a4ae7d9e2
More code refactoring of Backend class methods used
2011-04-30 14:54:29 +00:00
Bernardo Damele
f56d135438
Minor code restyling
2011-04-30 13:20:05 +00:00
Miroslav Stampar
983546d6bf
proper fix
2011-04-30 07:01:21 +00:00
Bernardo Damele
a5968fff3e
Added --count switch to count the number of entries for a specific table (when -T is provided), all database's tables (when only -D is provided) or all databases' tables when neither -D nor -T are provided
2011-04-30 00:22:22 +00:00
Bernardo Damele
956e75e2b5
Minor adjustment to --mobile.
...
Bug fix to --random-agent.
2011-04-29 21:50:48 +00:00
Bernardo Damele
a23ca952e4
Actually brute-force switches make more sense just after their "normal" version. Also, getSchema() method is preferably to be called before getColumns(), see next commit for reason
2011-04-29 21:09:07 +00:00
Miroslav Stampar
46f96f3c4c
removing Kindle from list as it's not really a smartphone
2011-04-29 19:32:30 +00:00
Miroslav Stampar
11124b21f9
implemented --mobile switch
2011-04-29 19:27:23 +00:00
Miroslav Stampar
b299912de4
fix for a bug reported by ahmed@isecur1ty.org (UnicodeDecodeError: 'ascii' codec can't decode byte 0x84 in position 396: ordinal not in range(128)) for multipartpost
2011-04-29 16:56:02 +00:00
Miroslav Stampar
6bb4dce3aa
minor refactoring
2011-04-29 15:22:32 +00:00
Miroslav Stampar
a2bb0d72e8
fix for a bug reported by rdsears@mtu.edu (TypeError: expected string or buffer)
2011-04-29 14:40:28 +00:00
Bernardo Damele
edac0b2558
Added switch --schema to enumerate DBMS schema and now --columns does not require a mandatory table (-T) anymore, instead it will act as an alias for --schema
2011-04-28 23:59:00 +00:00
Bernardo Damele
441c288dd9
cosmeticados
2011-04-25 00:36:09 +00:00
Bernardo Damele
98f9f3e774
Minor bug fix in local shellcodeexec for Windows path
2011-04-25 00:03:12 +00:00
Bernardo Damele
e35f25b2cb
Major recode of --os-pwn functionality. Now the Metasploit shellcode can not be run as a Metasploit generated payload stager anymore. Instead it can be run on the target system either via sys_bineval() (as it was before, anti-forensics mode, all the same) or via shellcodeexec executable. Advantages are that:
...
* It is stealthier as the shellcode itself does not touch the filesystem, it's an argument passed to shellcodeexec at runtime.
* shellcodeexec is not (yet) recognized as malicious by any (Avast excluded) AV product.
* shellcodeexec binary size is significantly smaller than a Metasploit payload stager (even when packed with UPX).
* UPX now is not needed anymore, so sqlmap package is also way smaller and less likely to be detected itself as malicious by your AV software.
shellcodeexec source code, compilation files and binaries are in extra/shellcodeexec/ folder now - copied over from https://github.com/inquisb/shellcodeexec .
Minor code refactoring.
2011-04-24 23:01:21 +00:00
Bernardo Damele
d0dff82ce0
Minor code refactoring relating set/get back-end DBMS operating system and minor bug fix to properly enforce OS value with --os switch
2011-04-23 16:25:09 +00:00
Miroslav Stampar
75142b383d
huge speed up (4x times faster)
2011-04-22 21:00:42 +00:00
Miroslav Stampar
f88aa4b165
implemented suppressResumeInfo mechanism (huge slowdown on large tables)
2011-04-22 19:58:10 +00:00
Miroslav Stampar
493b9adf8e
speed up of resume values (compiled regexes used)
2011-04-22 19:27:41 +00:00
Miroslav Stampar
7b3b9e6a87
it seems that this was indeed not meant to be here
2011-04-22 15:07:09 +00:00
Miroslav Stampar
304500a2e8
implemented checkFalsePositives method (simple Turing like tests)
2011-04-22 12:24:16 +00:00
Bernardo Damele
f3088079c0
error message adjustment
2011-04-21 22:31:02 +00:00
Bernardo Damele
eabb5a2ba7
More adjustments to the error message when no sql injections are detected
2011-04-21 22:04:20 +00:00
Bernardo Damele
6d07dddf60
updated doc and minor layout adjustments
2011-04-21 21:53:35 +00:00
Bernardo Damele
06a00fe85e
For development version, print also the revision number in the banner
2011-04-21 21:34:57 +00:00
Bernardo Damele
770b1523ff
More verbose output when no SQL injections are detected
2011-04-21 21:31:16 +00:00
Bernardo Damele
edc2d75702
Cosmetics and major bug fix
2011-04-21 21:15:23 +00:00
Bernardo Damele
d2f102f5a1
cosmetics
2011-04-21 20:21:37 +00:00
Bernardo Damele
b667c50588
store/resume info on xp_cmd available in session file
2011-04-21 14:25:04 +00:00
Miroslav Stampar
930872cf3b
fix
2011-04-21 14:20:09 +00:00
Bernardo Damele
a313df4d37
Allow user to force temporary folder with --tmp-path even if it has been saved one in the session file
2011-04-21 14:05:37 +00:00
Bernardo Damele
fbe5ba5394
cosmetics
2011-04-21 10:54:12 +00:00
Miroslav Stampar
e1a8d268d8
fix for UPX linux/macos
2011-04-21 10:52:34 +00:00
Bernardo Damele
8d8fc2bbd8
cosmetics
2011-04-21 10:17:41 +00:00
Bernardo Damele
11ecd16099
cosmetics
2011-04-21 10:08:38 +00:00
Miroslav Stampar
9ccf720c05
removing funny remark
2011-04-21 10:06:13 +00:00
Bernardo Damele
a91e6a8440
layout
2011-04-21 10:03:18 +00:00
Miroslav Stampar
cbfe743bad
added a comment
2011-04-21 10:01:58 +00:00
Miroslav Stampar
c84c4d835f
minor update
2011-04-21 09:31:35 +00:00
Miroslav Stampar
e4d3190f41
reverting back to NVARCHAR because of error technique
2011-04-20 12:59:23 +00:00
Miroslav Stampar
3607f03a9e
fix of a minor typo
2011-04-20 12:42:35 +00:00
Miroslav Stampar
1286cc0913
now showing trimmed output in for of warning message (UNION and ERROR techniques affected)
2011-04-20 12:41:58 +00:00
Miroslav Stampar
7993f3f12d
way better for storing bulk of data (like BLOB on mysql)
2011-04-20 11:44:52 +00:00
Miroslav Stampar
04653684cd
revert
2011-04-20 10:34:34 +00:00
Miroslav Stampar
4fadcf0615
improvement for UNION/ERROR case
2011-04-20 10:17:42 +00:00
Miroslav Stampar
1c1c20fb64
minor update
2011-04-20 09:34:00 +00:00
Miroslav Stampar
4b6c524d4c
one more minor update regarding last commit
2011-04-20 09:26:03 +00:00
Miroslav Stampar
44926757da
minor update
2011-04-20 09:23:08 +00:00
Miroslav Stampar
52c98afe93
minor fix
2011-04-20 08:38:46 +00:00
Miroslav Stampar
24435a2c20
implemented "break a tie" request by Andres Riancho
2011-04-20 08:35:47 +00:00
Miroslav Stampar
df0331fe9b
some more refactoring
2011-04-19 23:04:10 +00:00
Miroslav Stampar
3b133303bf
refactoring
2011-04-19 22:54:13 +00:00
Miroslav Stampar
de2479b864
dealing with http://bugs.python.org/issue1602
2011-04-19 22:33:03 +00:00
Miroslav Stampar
9a9838f1e6
cleaning a mess with UPX and virus scanners
2011-04-19 21:57:04 +00:00
Miroslav Stampar
44bbef42f8
minor cosmetics
2011-04-19 20:23:08 +00:00
Miroslav Stampar
b7efa255d6
minor update of usage string
2011-04-19 20:14:56 +00:00
Miroslav Stampar
fc90974940
revert of last commit because of the situation in detection phase where payload is made at the starting point (can't change conf.timeSec in that phase)
2011-04-19 14:50:09 +00:00
Miroslav Stampar
7abbd0c029
removing a leftover
2011-04-19 14:29:51 +00:00
Miroslav Stampar
96b5fede5a
automatic increasing of time delay on lagging connections
2011-04-19 14:28:51 +00:00
Miroslav Stampar
13f8c001a7
minor update
2011-04-19 11:13:53 +00:00
Miroslav Stampar
7a06af9a92
added "lagging" critical message
2011-04-19 10:37:20 +00:00
Miroslav Stampar
9b0db33cc5
initial page request can result in unwanted lag (e.g. slow DNS response,...), hence it's response time shouldn't be a part of response time statistical model
2011-04-19 08:55:38 +00:00
Miroslav Stampar
a7c26366b4
doing that auto default value for --time-sec only for --tor
2011-04-19 08:43:29 +00:00
Miroslav Stampar
4d48ac54dc
automatically increasing default --time-sec value when --tor/--proxy used (not touching anything if explicit --time-sec set)
2011-04-19 08:34:21 +00:00
Miroslav Stampar
b79d4f70f3
cleaner solution for the problem solved with last commit
2011-04-18 14:51:48 +00:00
Miroslav Stampar
f5cff067c6
little hack for --time-sec
2011-04-18 14:46:18 +00:00
Miroslav Stampar
6463cad8c5
minor update for SOAP payloads
2011-04-18 14:29:52 +00:00
Miroslav Stampar
da9ec67869
removing leftover
2011-04-18 13:43:22 +00:00
Miroslav Stampar
354a2ce249
'chardet' heuristic engine added to the project
2011-04-18 13:38:46 +00:00
Miroslav Stampar
b5aef9bcf9
fix for a bug reported by nightman (TypeError: unsupported operand type(s) for +: 'NoneType' and 'str')
2011-04-18 10:16:38 +00:00
Miroslav Stampar
6fab44d635
minor refactoring and improving of used regex
2011-04-17 22:37:00 +00:00
Miroslav Stampar
76d1f09b0a
minor cosmetics
2011-04-17 22:25:25 +00:00
Miroslav Stampar
9aae447553
minor update for matching SOAP messages
2011-04-17 22:21:32 +00:00
Miroslav Stampar
4fa00121e4
that CONSTANT_RATIO was a pure black magic for dynamic pages. now we have better injection detection workflow than before (False, True, False) and it was just a matter of time for removing this one
2011-04-17 21:58:34 +00:00
Miroslav Stampar
a7366bf710
SOAP refactoring
2011-04-17 21:39:00 +00:00
Miroslav Stampar
c7ff5dcbeb
minor update
2011-04-17 08:48:13 +00:00
Miroslav Stampar
ee88ccf0ac
well, this could be important :)
2011-04-17 08:33:46 +00:00
Miroslav Stampar
29ee760021
improving time based data retrieval mechanism
2011-04-17 07:24:18 +00:00
Miroslav Stampar
5e70eac98c
fix for a "popular" typo 'iso-5889-1' reported by David Guimaraes
2011-04-16 06:44:29 +00:00
Miroslav Stampar
88c76147e1
removed few trailing whitespace lines
2011-04-15 20:52:08 +00:00