Commit Graph

386 Commits

Author SHA1 Message Date
Miroslav Stampar
45bdefd29b Update of copyright 2015-01-06 15:02:16 +01:00
Miroslav Stampar
6fc41ca940 Heuristically checking for WAF/IDS/IPS by default 2015-01-06 14:01:47 +01:00
Miroslav Stampar
beffe85d6c Patch for an Issue #1085 2015-01-03 22:30:21 +01:00
Miroslav Stampar
a7b21a2f62 Rerun advice update 2014-12-09 09:02:06 +01:00
Miroslav Stampar
5c182a0ec4 Update for an Issue #431 2014-11-21 11:33:57 +01:00
Miroslav Stampar
f0802c6fb9 Update for an Issue #431 2014-11-21 11:20:54 +01:00
Miroslav Stampar
cf2d5fd453 Update for an Issue #431 2014-11-21 09:41:49 +01:00
Miroslav Stampar
05d5342f20 Update and patch for an Issue #2 2014-11-17 11:50:05 +01:00
Miroslav Stampar
fc1b05bec9 Implementation for an Issue #2 2014-10-23 11:23:53 +02:00
Miroslav Stampar
34aed7cde0 Bug fix (now it's possible to use multiple parsed requests without mixing associated headers) 2014-10-22 13:49:29 +02:00
Miroslav Stampar
cb0044b2c4 Minor beauty patch 2014-04-07 20:28:17 +02:00
Miroslav Stampar
9456dc68e7 Minor patch 2014-04-06 17:24:27 +02:00
Miroslav Stampar
cf250a0381 Minor patch (it would go boom if special character was inside the --param-del) 2014-04-06 17:02:32 +02:00
Miroslav Stampar
0ae8ac707e Renaming conf.pDel to conf.paramDel 2014-04-06 16:48:46 +02:00
Bernardo Damele
43a4e85749 updated copyright 2014-01-13 17:24:49 +00:00
Miroslav Stampar
bf3fbb0ae0 Ignore Google analytics cookies 2013-12-04 09:56:37 +01:00
Moshe Kaplan
8cd641a2a6 minor typos corrected
"choosen" -> "chosen"
2013-10-15 13:26:24 -04:00
Miroslav Stampar
38ee95e2c9 Minor language update 2013-08-13 18:58:24 +02:00
Miroslav Stampar
52a71546d0 Implementation for an Issue #507 2013-08-13 18:55:23 +02:00
Miroslav Stampar
b921ff0729 Fix for an Issue #495 2013-07-27 11:20:43 +02:00
stamparm
690645f6c7 Cosmetic fix 2013-06-19 10:50:00 +02:00
Miroslav Stampar
034e123b0c Minor fix (to accept -p cookie without need for raising --level / as it's already done for referer and user_agent) 2013-05-12 16:24:13 +02:00
stamparm
661b44135d Minor bug fix 2013-04-10 11:59:07 +02:00
stamparm
8c9da95343 Style and consistency update (url -> URL) 2013-04-09 11:48:42 +02:00
Miroslav Stampar
153aa10b77 Minor cosmetic update 2013-04-03 19:00:54 +02:00
stamparm
6b2981ef4e Update for an Issue #290 (adding tamper-like scripts into (new) directory waf) 2013-02-21 11:14:57 +01:00
Bernardo Damele
4b9d8ed673 reverted a previous commit as not all distributions create a link file /usr/bin/python2 to the Python interpreter 2013-02-14 11:32:17 +00:00
Bernardo Damele
a67ef4117f make sure to use Python 2 interpreter when default system Python is version 3 2013-02-14 11:25:04 +00:00
Bernardo Damele
103045d284 variable renamed 2013-01-30 15:30:34 +00:00
Bernardo Damele
a56f4ec15c techniques has to go too to the API (issue #297) 2013-01-29 15:34:53 +00:00
Bernardo Damele
a43202f3c0 updated copyright 2013-01-18 14:07:51 +00:00
Bernardo Damele
8125fe90a7 code refactoring 2013-01-14 10:22:38 +00:00
Miroslav Stampar
03dd958d96 Implementation for an Issue #48 2013-01-13 16:22:43 +01:00
Miroslav Stampar
934d41dac2 Minor style update (PEP8) 2013-01-10 15:02:28 +01:00
Miroslav Stampar
ca3d35a878 Some PEP8 related style cleaning 2013-01-10 13:18:44 +01:00
Miroslav Stampar
25f01a419f Minor style update (for the sake of consistency over the code and our PEP8 adaptation) 2013-01-09 15:38:41 +01:00
Miroslav Stampar
87e923613f Minor adjustment (URI (marked with custom injection char) has precedence over GET/POST) 2013-01-05 21:16:47 +01:00
Miroslav Stampar
5b77b20e2e Removing trailing whitespaces (PEP8) 2013-01-03 23:57:07 +01:00
Miroslav Stampar
e4a3c015e5 Replacing old and deprecated raise Exception style (PEP8) 2013-01-03 23:20:55 +01:00
Miroslav Stampar
3d01890147 Patch for an Issue #56 (full target url is now being written to a output .CSV file in multi target mode) 2012-12-27 21:15:44 +01:00
Bernardo Damele
ac44cf3ec0 minor fix: add also back-end DBMS and web app fingerprint output to log file 2012-12-17 13:02:09 +00:00
Bernardo Damele
2442a58884 minor leftover of deprecated XMLRPC service 2012-12-17 11:26:31 +00:00
Miroslav Stampar
c3f20a136f Minor update for an Issue #287 2012-12-12 14:03:03 +01:00
Miroslav Stampar
760519dbe9 Removing redundant piece of code 2012-12-11 15:21:27 +01:00
Miroslav Stampar
5677db02b7 Minor update 2012-12-10 12:40:28 +01:00
Miroslav Stampar
974407396e Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods) 2012-12-06 14:14:19 +01:00
Miroslav Stampar
ab67344448 Removed unused imports and variables (pyflake-ing) 2012-12-06 11:15:05 +01:00
Miroslav Stampar
775e0df04b Update for an Issue #278 2012-12-05 10:45:17 +01:00
Miroslav Stampar
949fcb77cf Minor style update 2012-12-05 10:22:16 +01:00
Miroslav Stampar
a52dbc575b Patch for an Issue #246 2012-11-13 10:21:11 +01:00
Miroslav Stampar
2de52927f3 Code refactoring (epecially Google search code) 2012-10-30 18:38:10 +01:00
Miroslav Stampar
c1b8226329 Massive renaming (proper naming is inband = union & error techniques! - query naming stays as they are/in code things like forgeInbandQuery are renamed to forgeUnionQuery) 2012-10-28 00:36:09 +02:00
Miroslav Stampar
d65d9e25cd Implementation for an Issue #2 2012-10-19 11:02:14 +02:00
Miroslav Stampar
dee6d2f9ff Minor language update 2012-10-04 11:34:14 +02:00
Miroslav Stampar
6eae7013b6 Minor cosmetics 2012-09-26 15:03:12 +02:00
Miroslav Stampar
687f3991de Cleaning/refactoring of bunch of stacked/suffix/comment stuff (e.g. 2012-09-26 11:27:43 +02:00
Miroslav Stampar
c3d191e626 Minor update for an Issue #2 2012-09-06 14:13:54 +02:00
Miroslav Stampar
e9ae44c6fc Implementation for an #162 2012-08-22 16:50:01 +02:00
Miroslav Stampar
25ee333e66 Minor language update 2012-08-22 12:00:17 +02:00
Miroslav Stampar
8a5042b6a4 Update for an #161 (preventing further skipping of non-heuristic parameters in ignore casted case) 2012-08-22 11:56:30 +02:00
Miroslav Stampar
61151447fe Implementation of an Issue #161 2012-08-22 11:27:58 +02:00
Miroslav Stampar
6f450ac8bf Implementation for an Issue #155 2012-08-20 12:14:01 +02:00
Miroslav Stampar
823dde73ab Minor cleanup 2012-08-20 11:40:49 +02:00
Miroslav Stampar
2b6123c4f8 Minor style update 2012-08-20 11:29:23 +02:00
Miroslav Stampar
e0d9fa8666 Minor style update 2012-08-20 11:28:41 +02:00
Miroslav Stampar
f358ab2e73 Implementation of an Issue #147 2012-08-15 16:37:18 +02:00
Miroslav Stampar
142fc887f1 Fix for an Issue #129 2012-07-31 11:03:44 +02:00
Miroslav Stampar
b3552494c4 Minor preparation for an Issue #48 2012-07-26 12:26:57 +02:00
Miroslav Stampar
30f8d09651 Implementation for an Issue #70 2012-07-26 12:06:02 +02:00
Miroslav Stampar
3279ce53a8 Minor style update 2012-07-23 13:57:38 +02:00
Miroslav Stampar
87ecf205cb More work for Issue #66 2012-07-14 17:01:04 +02:00
Miroslav Stampar
805120ac52 Minor refactoring 2012-07-14 11:01:30 +02:00
Bernardo Damele
162da75a04 modified homepage address 2012-07-12 18:38:03 +01:00
jekil
c39e5a85ba Removed $id$ tags 2012-06-27 20:56:43 +02:00
Miroslav Stampar
302d782a0f minor style update 2012-06-19 08:33:51 +00:00
Miroslav Stampar
2538e2d5b4 fixing an issue with --file-read and ROW() MySQL payload (it's internal caching mechanism prevents error message if FROM part is not unique enough dumping only partial file content); minor refactoring 2012-05-22 09:33:22 +00:00
Miroslav Stampar
b0a8238774 minor fixes 2012-05-09 14:58:16 +00:00
Miroslav Stampar
6ebb621228 adding support for (custom) POST injection (marking injection point with '*' in conf.data) 2012-04-17 14:23:00 +00:00
Miroslav Stampar
052d9455fe warning user in cases of "User xyz already has more than 'max_user_connections' active connections" 2012-04-12 09:44:54 +00:00
Miroslav Stampar
f142c0f782 minor update 2012-02-28 14:04:13 +00:00
Miroslav Stampar
22b3fa0749 minor update 2012-02-27 15:28:36 +00:00
Miroslav Stampar
a9bf0297f6 moving injection data to HashDB 2012-02-27 13:44:07 +00:00
Miroslav Stampar
f94b91ad87 added helper function for HashDB data storing/retrieval 2012-02-24 13:07:20 +00:00
Miroslav Stampar
386e98a0e3 using UNION SELECT for where=..NEGATIVE 2012-02-22 09:41:58 +00:00
Miroslav Stampar
23cc8b6974 minor fix for special cases when parameter value contains html encoded characters 2012-02-14 14:08:10 +00:00
Miroslav Stampar
2604e73d88 minor change in workflow 2012-02-13 11:18:47 +00:00
Miroslav Stampar
96f589fc89 minor fix 2012-02-12 19:22:33 +00:00
Miroslav Stampar
249cb48b0b minor fix 2012-02-10 15:59:11 +00:00
Miroslav Stampar
6be95194a7 matter of concision 2012-02-10 15:37:43 +00:00
Miroslav Stampar
eab7a54e03 cosmetics 2012-02-10 15:34:04 +00:00
Miroslav Stampar
92590d0d59 minor fix 2012-02-10 15:26:55 +00:00
Miroslav Stampar
e36e9de57e minor update by request 2012-02-10 15:12:23 +00:00
Miroslav Stampar
8405ef59ac some estetic updates 2012-02-01 14:49:42 +00:00
Miroslav Stampar
95f89ab63a updating copyright date 2012-01-11 14:59:46 +00:00
Miroslav Stampar
1d0b43b1a2 implemented mechanism for merging cookies by request 2012-01-11 14:28:08 +00:00
Miroslav Stampar
1f085a0241 now [SLEEPTIME] is changeable properly in vivo 2012-01-05 14:45:05 +00:00
Miroslav Stampar
22c3fe49bb some refactoring 2011-12-28 13:50:03 +00:00
Miroslav Stampar
f622995a29 compatibility with partial union and error technique resumed data 2011-12-22 12:20:21 +00:00
Miroslav Stampar
95cd9e2af3 adding support for scanning Host header values (-p host) 2011-12-20 12:52:41 +00:00
Miroslav Stampar
563c0c1066 adding switch --tor-type 2011-12-15 23:19:55 +00:00
Miroslav Stampar
872a73f631 minor refactoring 2011-11-29 19:17:07 +00:00
Miroslav Stampar
2ed3efba12 speed optimization and bug fix (kb.absFilePaths were not stored previously; also, they are now extracted only in heuristic phase) 2011-11-22 08:39:13 +00:00
Miroslav Stampar
eee03871d7 minor refactoring 2011-11-21 21:31:08 +00:00
Miroslav Stampar
7314de3490 language update 2011-11-15 11:17:39 +00:00
Miroslav Stampar
eb240243ea minor update 2011-10-21 22:21:41 +00:00
Miroslav Stampar
05b9951a8b minor beautification 2011-10-21 09:19:31 +00:00
Miroslav Stampar
a31a0aa8d4 minor update 2011-10-06 22:29:49 +00:00
Miroslav Stampar
d95ff4350d bug fix 2011-09-20 13:08:35 +00:00
Miroslav Stampar
08e0eb9b61 minor lower/upper case fix 2011-08-29 13:47:32 +00:00
Miroslav Stampar
9be89422da implemented parameter --skip 2011-08-29 13:29:42 +00:00
Miroslav Stampar
ac00014c4a implemented --randomize switch by request 2011-08-29 12:50:52 +00:00
Miroslav Stampar
f7562da754 from now on proper union column count should be displayed in injection info output 2011-08-03 10:34:50 +00:00
Miroslav Stampar
07c3d4fb18 minor adjustment 2011-08-02 17:35:43 +00:00
Miroslav Stampar
0d6afca7db adding new switch '--smart' by request 2011-07-10 15:16:58 +00:00
Bernardo Damele
aedcf8c8d7 Changed homepage address 2011-07-07 20:10:03 +00:00
Miroslav Stampar
93b296e02c few bug fixes (NTLM credential parsing was wrong), some switch reordering (few Misc to General), implemented --check-waf switch (irony is that this will also be called highly experimental/unstable while other things will be called "major/turbo/super bug fix/implementation") 2011-07-06 05:44:47 +00:00
Miroslav Stampar
b8ffcf9495 few fixes here and there and multi-core processing for dictionary based hash attack 2011-07-04 19:58:41 +00:00
Miroslav Stampar
eaa2a4202f changing to: --crawl=CRAWLDEPTH 2011-06-24 05:40:03 +00:00
Miroslav Stampar
29314f425e minor fix 2011-06-20 13:42:31 +00:00
Miroslav Stampar
07e2c72943 adding Beautifulsoup (BSD) into extras; adding --crawl to options 2011-06-20 11:32:30 +00:00
Miroslav Stampar
a0129dcbcb this is confusing for normal users (i've just get a mail where dude thinks that he needs to use tamper script because of this :) 2011-06-17 16:52:39 +00:00
Miroslav Stampar
6b1d5a0ab8 minor fix 2011-06-16 14:11:30 +00:00
Miroslav Stampar
4d51fa8155 minor update planned for a long time (in case of heuristic test was positive warn the user properly at the end if program fails) 2011-06-15 17:37:28 +00:00
Miroslav Stampar
71093b1cad adding one more user friendly message 2011-06-09 09:58:42 +00:00
Bernardo Damele
70cac24909 Cosmetics 2011-06-08 15:31:27 +00:00
Bernardo Damele
cce3208b35 Cleanup 2011-06-08 14:15:34 +00:00
Miroslav Stampar
b7088440c2 better sentence 2011-05-30 22:47:17 +00:00
Miroslav Stampar
a8b58afdb2 minor update 2011-05-27 08:21:02 +00:00
Miroslav Stampar
48f52d7697 minor beautification 2011-05-27 08:16:14 +00:00
Miroslav Stampar
5d56e89cf5 minor update 2011-05-26 21:08:46 +00:00
Miroslav Stampar
06108b6da6 minor update related to the last commit 2011-05-26 20:58:24 +00:00
Miroslav Stampar
4f46a5ab63 minor usability enhancement regarding warning for --text-only switch 2011-05-26 20:48:18 +00:00
Miroslav Stampar
a1fd2898a0 added friendly tip message for url encoding GET and POST payloads 2011-05-25 11:10:52 +00:00
Miroslav Stampar
bec2c04671 helping dummy users 2011-05-24 17:15:25 +00:00
Miroslav Stampar
faa74cd2bc introducing results file for multiple target mode 2011-05-15 22:21:38 +00:00
Miroslav Stampar
120b0d756e unfix 2011-05-10 21:33:06 +00:00
Miroslav Stampar
deae534ee7 minor refactoring 2011-05-10 20:44:36 +00:00
Bernardo Damele
8179fd63c0 Minor fix 2011-05-07 23:48:03 +00:00
Bernardo Damele
1151af52bb More fix for save/resume of --technique 2011-05-07 21:08:14 +00:00
Bernardo Damele
2d8408c885 More fix for --technique resume 2011-05-05 16:38:46 +00:00
Bernardo Damele
955dbc85e7 Minor variable rename 2011-04-30 15:29:59 +00:00
Bernardo Damele
f56d135438 Minor code restyling 2011-04-30 13:20:05 +00:00
Miroslav Stampar
7b3b9e6a87 it seems that this was indeed not meant to be here 2011-04-22 15:07:09 +00:00
Bernardo Damele
eabb5a2ba7 More adjustments to the error message when no sql injections are detected 2011-04-21 22:04:20 +00:00
Bernardo Damele
6d07dddf60 updated doc and minor layout adjustments 2011-04-21 21:53:35 +00:00
Bernardo Damele
770b1523ff More verbose output when no SQL injections are detected 2011-04-21 21:31:16 +00:00
Bernardo Damele
edc2d75702 Cosmetics and major bug fix 2011-04-21 21:15:23 +00:00
Miroslav Stampar
0387654166 update of copyright string (until year) 2011-04-15 12:33:18 +00:00
Miroslav Stampar
21114d1748 added IGNORE_PARAMETERS to skip testing of state/session web server parameters 2011-04-13 19:01:02 +00:00
Miroslav Stampar
2db2e9b6a2 now GET forms are also prone to "do you want to fill with random values" 2011-04-11 11:38:41 +00:00