Miroslav Stampar
04aaa5985b
Fixes #1497
2015-10-29 17:02:47 +01:00
Miroslav Stampar
0b64cf803c
Fixes #1496
2015-10-29 16:52:17 +01:00
Miroslav Stampar
d41cd53d31
Minor style fix (distinguish form from URL testing when --forms --crawl combo used)
2015-10-28 14:03:21 +01:00
Miroslav Stampar
caafa377a6
Fixes #1495
2015-10-28 10:29:12 +01:00
Miroslav Stampar
8fbac5a99e
Patch for --proxy-file
2015-10-25 15:58:43 +01:00
Miroslav Stampar
89e36392f7
Fixes #1486
2015-10-25 15:32:02 +01:00
Miroslav Stampar
1b81084106
Fixes #1484
2015-10-23 23:48:41 +02:00
Miroslav Stampar
2c754b57bb
Minor patch
2015-10-23 14:29:48 +02:00
Miroslav Stampar
8f9979c302
Patch for an Issue #541
2015-10-22 20:51:05 +02:00
Miroslav Stampar
5fb8ae9d3c
Fixes #1479
2015-10-22 19:59:16 +02:00
Miroslav Stampar
fbec463b49
Adding new bold patterns
2015-10-22 15:44:08 +02:00
Miroslav Stampar
7c1cff6749
Fixing ancient bug (introduced with #6c80f29) - that removes original value when --prefix used
2015-10-22 15:14:12 +02:00
Miroslav Stampar
90ad914c1e
Patch related to the #1477
2015-10-22 14:58:06 +02:00
Miroslav Stampar
8aada250f3
Fixes #1471
2015-10-19 11:08:58 +02:00
Miroslav Stampar
3dc8820caa
Fixes #1474
2015-10-19 10:38:38 +02:00
Miroslav Stampar
441196f360
Fixes #1470
2015-10-16 23:59:39 +02:00
Miroslav Stampar
f793a26095
Removing ugly duplicating of \ (hidden bugs came - e.g. DNS exfiltration)
2015-10-15 16:00:59 +02:00
Miroslav Stampar
956047b43f
Patch for an Issue #1468
2015-10-15 13:07:43 +02:00
Miroslav Stampar
475ca5277a
Minor information update regarding #541
2015-10-14 16:11:11 +02:00
Miroslav Stampar
e3ae026077
Fixes #1467
2015-10-14 15:19:44 +02:00
Miroslav Stampar
80aca35dd1
Removing #1450
2015-10-13 15:00:59 +02:00
Miroslav Stampar
c4df6f3a22
Fixes #1465
2015-10-13 13:31:28 +02:00
Miroslav Stampar
570562369b
Further fixes for sqlmap to work properly with HSQLDB (WebGoat)
2015-10-13 13:04:59 +02:00
Miroslav Stampar
b9a44555ff
Fixes #1462
2015-10-11 15:20:10 +02:00
Miroslav Stampar
47a42c234e
Fixes #1459
2015-10-10 19:19:50 +02:00
Miroslav Stampar
9641e84dd9
Bug fixes for HSQLDB
2015-10-09 16:52:13 +02:00
Miroslav Stampar
41db0e0eea
range to xrange (leftovers)
2015-10-09 13:48:21 +02:00
Miroslav Stampar
d424d4cdc7
Fixes #1457
2015-10-09 11:54:28 +02:00
Miroslav Stampar
8bf236ce11
Minor patch for SQLite parsing of schemas
2015-10-07 10:01:48 +02:00
Miroslav Stampar
fd686fb691
Patch related to the #1455
2015-10-07 09:43:25 +02:00
Miroslav Stampar
eb7c18d1f8
Fixes #1452
2015-10-07 09:25:14 +02:00
Miroslav Stampar
657d71119b
Fixes #1453
2015-10-07 09:22:11 +02:00
Miroslav Stampar
78bbf5d63c
Fixes #1451
2015-10-06 14:17:35 +02:00
Miroslav Stampar
551b7e4b45
Patch for an Issue #1450
2015-10-06 13:23:01 +02:00
Miroslav Stampar
95ce5a4a09
Fixes #1444
2015-10-05 16:33:10 +02:00
Miroslav Stampar
b98f84a610
Fixes #1443
2015-10-05 16:26:12 +02:00
Miroslav Stampar
1258b354c3
Minor refactoring
2015-10-05 16:09:58 +02:00
Miroslav Stampar
20c19f33dc
Minor update
2015-10-05 15:51:21 +02:00
Miroslav Stampar
1c6e288eb1
Fixes #1447
2015-10-05 15:33:29 +02:00
Miroslav Stampar
acd6b7797f
Fixes #1446
2015-10-05 15:18:54 +02:00
Miroslav Stampar
53de0e8949
Implements #1442
2015-10-01 11:57:33 +02:00
Miroslav Stampar
29edb4f75c
Fixes #1440
2015-09-30 11:26:56 +02:00
Miroslav Stampar
a1a7161fab
Fixes #1441
2015-09-30 10:13:19 +02:00
Miroslav Stampar
5ce4d4d2ec
Fixes #1439
2015-09-29 10:10:39 +02:00
Miroslav Stampar
906cb6d3c2
Removing a hard limit to use --start/--stop only for --dump scenarios
2015-09-28 11:11:39 +02:00
Miroslav Stampar
ac467bc453
Fixes #1437
2015-09-28 09:54:41 +02:00
Miroslav Stampar
1fd6b007ab
Less critical messages when something goes wrong with connection
2015-09-27 16:36:20 +02:00
Miroslav Stampar
ef22f31fdf
Fixes #1433
2015-09-27 16:17:58 +02:00
Miroslav Stampar
5bade7947b
Fixes #1435
2015-09-27 16:09:02 +02:00
Miroslav Stampar
5ed106ecea
Patch for an Issue #1434
2015-09-27 15:59:17 +02:00
Miroslav Stampar
38541b021a
Implementing hidden switch '--force-threads' on request (to force multi-threading in time-based SQLi)
2015-09-26 00:09:17 +02:00
Miroslav Stampar
b68891050d
Better word used
2015-09-25 23:41:47 +02:00
Miroslav Stampar
f16389232f
Bug fix for --proxy-file (only first element was fetched in case of fail)
2015-09-25 15:23:42 +02:00
Miroslav Stampar
4774795d8c
Fixes #1429
2015-09-25 14:59:21 +02:00
Miroslav Stampar
d28c72b6f1
Another fix for Python 2.6 (bug introduced with ff7be9d0eb
)
2015-09-24 16:26:52 +02:00
Miroslav Stampar
74294ae105
Bug fix for --common-tables in case of MsSQL/Sybase (safeSQLIdentificatorNaming already used)
2015-09-22 11:28:56 +02:00
Miroslav Stampar
0e22a0ca5f
Minor cosmetics
2015-09-21 16:41:54 +02:00
Miroslav Stampar
81caf14b6d
Adding switch --skip-waf
2015-09-21 14:57:44 +02:00
Miroslav Stampar
e81e474646
Minor adjustment
2015-09-21 14:46:34 +02:00
Miroslav Stampar
56f0b811a6
Minor patch
2015-09-21 13:23:56 +02:00
Miroslav Stampar
3fca379f29
Minor patch (avoiding message 'can't establish SSL connection' in --check-tor)
2015-09-21 11:25:59 +02:00
Miroslav Stampar
27707be467
Fixes #1416
2015-09-17 17:09:36 +02:00
Miroslav Stampar
aa2112b360
Update for #1414
2015-09-17 16:18:58 +02:00
Miroslav Stampar
7cfa90830d
Merge pull request #1414 from daremon/api-client-2
...
Added commands stop, kill, list to API client
2015-09-17 15:51:12 +02:00
Miroslav Stampar
65a8f0fe32
Minor enhancement
2015-09-17 15:25:40 +02:00
Miroslav Stampar
2cea977e12
Fixes #1415
2015-09-17 14:58:01 +02:00
daremon
c2fb2161d3
Added flush command
2015-09-16 00:15:16 +03:00
daremon
ff7be9d0eb
Fixed list command
2015-09-16 00:01:57 +03:00
Miroslav Stampar
c59ead36ce
Patch for Python 2.6 (SyntaxError)
2015-09-15 17:23:59 +02:00
Miroslav Stampar
058870635b
Update for an #1414
2015-09-15 14:37:30 +02:00
Miroslav Stampar
ee38574449
Fixes #1411
2015-09-15 13:26:25 +02:00
Miroslav Stampar
5de1825d0c
Fixes #1412
2015-09-15 10:48:23 +02:00
daremon
1417decdf1
Added commands stop, kill, list to API client
2015-09-14 17:31:02 +03:00
Miroslav Stampar
f89ce2173f
Fixes #1404
2015-09-12 15:13:30 +02:00
Miroslav Stampar
c4f9e66a6f
Patch related to the #1403
2015-09-10 16:21:31 +02:00
Miroslav Stampar
c05c0ff435
Minor patch with imports
2015-09-10 15:55:49 +02:00
Miroslav Stampar
f494004f44
Switching to the getSafeExString (where it can be used)
2015-09-10 15:51:33 +02:00
Miroslav Stampar
7a261ef447
Just in case commit related to the aee4c93c8b
2015-09-10 15:19:33 +02:00
Miroslav Stampar
b06a34ab1a
Another update for #1402
2015-09-10 15:06:07 +02:00
Miroslav Stampar
2453b02b63
Update for #1402
2015-09-10 15:01:30 +02:00
Miroslav Stampar
b3fdbe24c2
Merge pull request #1402 from daremon/api-client
...
Minimal API client
2015-09-10 12:03:25 +02:00
Miroslav Stampar
263665637e
Minor bug fix
2015-09-10 11:34:03 +02:00
daremon
a29a3a4e5c
Minimal API client
2015-09-09 16:14:04 +03:00
Miroslav Stampar
90329a8b01
Minor patch
2015-09-09 11:53:44 +02:00
Miroslav Stampar
b6206692e0
Fixes #1392
2015-09-08 11:53:29 +02:00
Miroslav Stampar
c1f829d131
Removing last remnants of bad handling the exceptions as strings
2015-09-08 11:15:31 +02:00
Miroslav Stampar
e59a220199
Fixes #1393
2015-09-08 11:10:47 +02:00
Miroslav Stampar
924e31c414
Fixes #1394
2015-09-08 11:04:36 +02:00
Miroslav Stampar
28a60f5be2
Fixes #1391
2015-09-06 20:22:07 +02:00
Miroslav Stampar
aee4c93c8b
Fixes #1384
2015-09-03 10:32:45 +02:00
Miroslav Stampar
51a4cb04a5
Another minor language patch
2015-09-03 10:26:46 +02:00
Miroslav Stampar
7511023bc2
Fixes #1385
2015-09-03 10:11:36 +02:00
Miroslav Stampar
401564898d
Adding support for 'empty' POST body (if forced by --method)
2015-08-31 14:43:41 +02:00
Miroslav Stampar
265a78b455
Fixes #1379
2015-08-31 14:27:47 +02:00
Miroslav Stampar
d70215ad6c
Fixes #1237
2015-08-31 10:24:05 +02:00
Miroslav Stampar
d2a9c7584f
Minor patch
2015-08-31 09:51:35 +02:00
Miroslav Stampar
50d39d0252
Closes #1372
2015-08-30 23:15:50 +02:00
Miroslav Stampar
89292ce1f9
Closes #1376
2015-08-30 22:52:24 +02:00
Miroslav Stampar
6a01d2e430
Fixes #1366
2015-08-30 02:13:07 +02:00
Miroslav Stampar
737a37bfda
Fixes #1367
2015-08-30 01:58:43 +02:00
Miroslav Stampar
06c8704179
Fixes #1365
2015-08-28 15:30:28 +02:00
Miroslav Stampar
43f3900ffe
Fixes #1362
2015-08-27 12:25:25 +02:00
Miroslav Stampar
1cf012521d
Minor refactoring
2015-08-26 16:18:03 +02:00
Miroslav Stampar
a33b0454cd
Implementation for an Issue #1360
2015-08-26 15:26:16 +02:00
Miroslav Stampar
2c2f83f67b
Minor code consistency patch
2015-08-26 11:30:48 +02:00
Miroslav Stampar
1f5e6606a7
Fixes #1357
2015-08-25 02:03:56 +02:00
Miroslav Stampar
337eb9861a
Fixes #1347
2015-08-23 22:11:59 +02:00
Miroslav Stampar
690347a170
Bug fix (non-ASCII chars in command line caused gibberish in unhandled messages)
2015-08-23 21:48:31 +02:00
Miroslav Stampar
9fb0eb3dd7
Blank removal
2015-08-23 21:41:59 +02:00
Miroslav Stampar
1204141278
Fixes #1350
2015-08-23 21:09:20 +02:00
Miroslav Stampar
fef8f20565
Minor reporting patch
2015-08-23 20:27:14 +02:00
KingX
3ebb3e6f4f
fix removeDynamicContent bug
...
double re.escape() in "findDynamicContent" function and "removeDynamicContent" function leads an bug in finding dynamic content,
2015-08-22 14:05:03 +08:00
Miroslav Stampar
f609158d1b
Adding new error message (when short options carry illegal '=')
2015-08-19 21:00:16 +02:00
Miroslav Stampar
383316fcb3
Fixing issues caused by 9ad1d122f4
(better approach)
2015-08-18 22:48:55 +02:00
Miroslav Stampar
8806ce72c1
Patch for an Issue #1341
2015-08-18 22:03:42 +02:00
Miroslav Stampar
54d65328bc
Patch for negative logic (e.g. OR) cases (reported privately)
2015-08-18 03:09:01 +02:00
Miroslav Stampar
023def3203
Fixes #1336
2015-08-16 23:47:11 +02:00
Miroslav Stampar
c9d1c4d7b1
Fixes #1337
2015-08-16 23:29:39 +02:00
Miroslav Stampar
713d5384bc
Potential patch for an Issue #1337
2015-08-16 23:15:04 +02:00
Miroslav Stampar
310d79b8f1
Adding special variable 'lastPage' to the eval code (by request from ML)
2015-08-14 23:29:31 +02:00
Miroslav Stampar
b010fda695
Switch --save becomes an option (taking file path where to save config file)
2015-08-14 22:49:32 +02:00
flsf
9adefb3ffd
Minor change
2015-08-14 16:18:51 +08:00
Miroslav Stampar
2c1cde0f59
Minor fix (reported over ML - ignore saving of conf.saveCmdline)
2015-08-13 17:21:36 +02:00
Miroslav Stampar
8ea8b168b1
Minor cosmetics
2015-08-13 17:10:35 +02:00
Miroslav Stampar
9ad1d122f4
Minor patch (Issue #1327 )
2015-08-12 22:09:31 +02:00
Miroslav Stampar
e5863d8b89
Minor patch
2015-08-12 21:43:13 +02:00
Jiang Jie
1ac27e9305
fixed pipe and zoombie problems
...
1.we don't need stdin here, and it'll cause OSError: too many openfiles problem.
2. after using /scan/taskid/stop , process turned into a zoombie, need add wait()
2015-08-12 16:25:33 +08:00
Miroslav Stampar
62f35698ee
Bug fix (ML) - when cookies have blank expiration time
2015-08-06 13:07:16 +02:00
Miroslav Stampar
c5f3c0cc32
Fixes #1324
2015-08-03 17:21:35 +02:00
Miroslav Stampar
e623ee66ad
Better approach for #1320
2015-07-30 23:29:31 +02:00
Miroslav Stampar
bcb25823e6
Fixes #1320
2015-07-30 23:19:38 +02:00
Miroslav Stampar
301aca57e6
Fixes #1319
2015-07-29 10:00:15 +02:00
Miroslav Stampar
401905b2dd
Minor improvement to UNION file write
2015-07-26 17:02:46 +02:00
Miroslav Stampar
e3553ae893
Missing import
2015-07-26 16:19:44 +02:00
Miroslav Stampar
b0bc3149f9
Fixes #1315
2015-07-26 16:18:41 +02:00
Miroslav Stampar
e7af081447
Minor patch
2015-07-26 16:08:30 +02:00
Miroslav Stampar
314df093f1
Fixes #1314
2015-07-26 16:06:01 +02:00
Miroslav Stampar
b6ea2fdb07
Fixes #1170
2015-07-24 14:56:45 +02:00
Miroslav Stampar
a905b8d8f5
Fixes #1312
2015-07-23 10:07:21 +02:00
Miroslav Stampar
58002c5057
Minor cosmetics
2015-07-23 09:55:59 +02:00
Miroslav Stampar
cece2cb12d
Minor cosmetics
2015-07-23 00:42:29 +02:00
Miroslav Stampar
358651b19c
Fixes #1313
2015-07-23 00:41:03 +02:00
Miroslav Stampar
75ed5f767c
Fixes #1309
2015-07-20 17:03:20 +02:00
Miroslav Stampar
2afb5687f6
Fixes #1307
2015-07-20 15:47:27 +02:00
Miroslav Stampar
21e8182ac6
Fixes #1305
2015-07-18 17:01:34 +02:00
Miroslav Stampar
a7c4400cc9
Fixes #1304
2015-07-17 14:20:51 +02:00
Miroslav Stampar
00f190fc92
Fixes #1303
2015-07-17 10:14:35 +02:00
Miroslav Stampar
49212ec920
Fixes #1302
2015-07-17 09:56:24 +02:00
Miroslav Stampar
1aafe85a3a
Fixes #1299
2015-07-15 11:15:06 +02:00
Miroslav Stampar
fdc8e664df
Updating --beep functionality (ML request)
2015-07-13 23:55:46 +02:00
Miroslav Stampar
16f8e4c8ba
Removing unused imports
2015-07-12 12:25:02 +02:00
Miroslav Stampar
a20da7a677
Patch for automatic reporting (GitHub has robots)
2015-07-12 12:05:19 +02:00
Miroslav Stampar
fa303ef8b1
Minor update
2015-07-10 16:39:18 +02:00
Miroslav Stampar
10f8c6a0b6
Introducing --offline switch (to perform session only lookups)
2015-07-10 16:10:24 +02:00
Miroslav Stampar
9bdbdc136f
Minor cosmetics update
2015-07-10 11:33:12 +02:00
Miroslav Stampar
0ba264bfa0
Minor patch
2015-07-10 09:51:11 +02:00
Miroslav Stampar
4baaa4a5ad
Minor improvement
2015-07-10 09:24:14 +02:00
Miroslav Stampar
9ff115ce71
Minor patch
2015-07-10 01:33:53 +02:00
Miroslav Stampar
02470ea683
Further decreasing number of testing payloads
2015-07-10 01:19:46 +02:00
Miroslav Stampar
48b627f3ff
Prevent double tests (e.g. in same final tests where suffix is cut by the comment)
2015-07-10 00:54:02 +02:00
Miroslav Stampar
ca2f63c672
Test speed up in case of boolean based blind
2015-07-10 00:37:59 +02:00
Miroslav Stampar
3a5cc98976
-Z is/are a pseudo-option (just like -H) expanded during the run
2015-07-07 09:27:18 +02:00
Miroslav Stampar
2080fcaa37
Fixes #1293
2015-07-07 09:24:16 +02:00
Miroslav Stampar
f488377001
Fixes #1293
2015-07-07 08:47:07 +02:00
Miroslav Stampar
6a1b3895f9
Patch for an Issue #1285
2015-07-06 11:50:59 +02:00
Miroslav Stampar
96327b6701
Fixes #1290
2015-07-05 01:47:01 +02:00
Miroslav Stampar
166dc98e81
Minor patch
2015-07-05 00:03:29 +02:00
Miroslav Stampar
1f71d809d4
Fixes #1288
2015-07-03 08:55:33 +02:00
Miroslav Stampar
7b95a2d80d
Patch for an Issue #1280
2015-06-29 10:05:16 +02:00
Miroslav Stampar
8b63ee9bc3
Minor update for #1281
2015-06-29 01:12:14 +02:00
Miroslav Stampar
97244f5e5e
Fixes #1279
2015-06-29 00:20:35 +02:00
Miroslav Stampar
b212321c07
Fixes #1278
2015-06-26 10:30:53 +02:00
Miroslav Stampar
b02be9674f
Fixes #1277
2015-06-26 10:11:34 +02:00
Miroslav Stampar
7d418af274
Fix for a bug reported privately by email
2015-06-22 16:28:35 +02:00
Miroslav Stampar
9e5ef094a3
Closes #1270
2015-06-16 22:20:21 +02:00
Miroslav Stampar
e4b23c9beb
Minor fix regarding POST redirects (ML)
2015-06-16 12:00:56 +02:00
Miroslav Stampar
04c1d439a7
Minor patch for #1260
2015-06-05 17:18:21 +02:00
Miroslav Stampar
8d7e915af7
Minor patch for #1260
2015-06-05 17:02:56 +02:00
Miroslav Stampar
ec87d8ebda
Adding a support for SNI (Issue #1256 )
2015-06-01 10:45:16 +02:00
Miroslav Stampar
341d2a6028
Minor fix for (hidden) switch '--dummy'
2015-05-29 17:30:02 +02:00
Miroslav Stampar
08caca387b
Minor patch of automatic WAF heuristic check
2015-05-29 16:01:41 +02:00
Miroslav Stampar
699c965bc0
Fixes #1248
2015-05-19 18:40:45 +02:00
Miroslav Stampar
17bfda1b9c
Adding new switch ('--skip-static')
2015-05-18 20:57:15 +02:00
Miroslav Stampar
e8f87bfa41
Minor patches related to the #1206
2015-05-11 11:01:21 +02:00
Miroslav Stampar
91bc02e3ba
Fixes related to the #1206
2015-05-11 10:56:10 +02:00
Miroslav Stampar
9010e157e9
Conflict fix
2015-05-11 10:11:33 +02:00
Miroslav Stampar
5b8df7984c
Minor update (for Windows-31j charset)
2015-05-09 14:32:55 +02:00
Miroslav Stampar
4b2ff4339a
Fixes #1243
2015-05-07 12:36:23 +02:00
Miroslav Stampar
18e62fd507
Fix for an Issue #1240
2015-05-05 14:36:21 +02:00
Miroslav Stampar
84ba3d45c1
Patch for an Issue #1238
2015-05-04 21:47:10 +02:00
Miroslav Stampar
5ee7fd785a
Fixes #1235
2015-05-01 00:48:08 +02:00
Miroslav Stampar
03f32ae2b6
Merge of an Issue #1227
2015-04-22 17:21:55 +02:00
Miroslav Stampar
a94dcf94e9
Patch for an Issue #1226đ
2015-04-22 16:41:20 +02:00
Miroslav Stampar
bb98894dc1
Adding option --safe-req
2015-04-22 16:28:54 +02:00
Miroslav Stampar
4ded9a9966
Small patch for existing option validation
2015-04-22 15:32:14 +02:00
Miroslav Stampar
77c96de4ea
Minor patch related to the last commit
2015-04-22 10:33:22 +02:00
Miroslav Stampar
95b52a02ec
Minor patch for custom injection into HTTP Authorization header
2015-04-22 10:28:16 +02:00
Miroslav Stampar
c5138d4696
Minor refactoring
2015-04-21 00:02:47 +02:00
Miroslav Stampar
349dfbf2ae
Adding an option --safe-post
2015-04-20 23:55:59 +02:00
Miroslav Stampar
7517db76d1
Minor fix for SQLite's schema parsing
2015-04-16 18:40:43 +02:00
Miroslav Stampar
dbfa8f1cfc
Fix for a bug reported by the user (conf.scheme/conf.hostname/conf.port were None in multiple targets mode)
2015-04-14 11:05:17 +02:00
Miroslav Stampar
0e4800f73c
Changing default answer for sitemap checking to N
2015-04-14 09:30:01 +02:00
Miroslav Stampar
1e7f2d6da2
Implements #1215
2015-04-06 22:07:22 +02:00
Miroslav Stampar
c35fa63a48
Fixes #1212
2015-03-30 11:58:09 +02:00
Miroslav Stampar
99c1cc9937
Fixes #1208
2015-03-26 17:17:46 +01:00
Miroslav Stampar
a19bccc84f
Fixes #1205
2015-03-26 15:31:29 +01:00
Miroslav Stampar
770cfb6102
Removing test print
2015-03-26 15:20:54 +01:00
Miroslav Stampar
fc0186e029
Minor update
2015-03-26 12:39:44 +01:00
Miroslav Stampar
5dfd3ef1e4
Another update
2015-03-26 12:25:32 +01:00
Miroslav Stampar
3be7a447a5
Update
2015-03-26 12:22:49 +01:00
Miroslav Stampar
7587528ebd
Fixes #1202
2015-03-26 11:40:19 +01:00
ricterz
bbfdb02a0e
fix mandatorily depend of websocket #1198
2015-03-24 22:25:16 +08:00
ricterz
811f5c11c6
remove Host header field and add cookie support #1198
2015-03-24 18:50:57 +08:00
ricterz
9b5dcbbbb2
modified error handle #1198
2015-03-24 18:21:50 +08:00
ricterz
78dbe080d7
determine whether it's websocket when connect #1198
2015-03-24 17:19:37 +08:00
ricterz
50fd6ce7f7
add websocket support for parse url #1198
2015-03-24 10:30:38 +08:00
Miroslav Stampar
05a496c275
Fixes #1196
2015-03-20 00:56:52 +01:00
Miroslav Stampar
25b23750e8
Bug fix for crawling over non-80 port
2015-03-12 11:49:52 +01:00
Miroslav Stampar
adc8ac267d
Fixes #1190
2015-03-10 09:23:26 +01:00
Miroslav Stampar
9bd41ed99d
Fixes #1189
2015-03-09 22:02:20 +01:00
Christ van Willegen
80fb2e29cc
Fix some spelling errors in help texts (through -> thorough)
2015-03-04 13:31:29 +01:00
Miroslav Stampar
3347fc25ca
Fixes #1185
2015-03-03 15:10:06 +01:00
Miroslav Stampar
3f6c3b40dd
Minor update (not overriding user given 'Accept-Encoding' header value)
2015-03-03 14:37:36 +01:00
Bernardo Damele
8281fe48e5
bug fix: test for boundaries with high levels if the test was extended
2015-03-01 11:02:05 +00:00
Bernardo Damele
260643241a
prioritized fingerprinted DBMS to error-based and user provided one
2015-02-27 14:19:30 +00:00
Bernardo Damele
2f08c8b666
bug fix: do not skil heuristic check if previous page (test for dynamicity) had DBMS message. Code cleanup
2015-02-27 13:57:28 +00:00
Miroslav Stampar
dde400ab8f
More suitable version of 6bcc95a
(suggested by user)
2015-02-25 10:19:51 +01:00
Miroslav Stampar
6bcc95a20d
Restricting evaluated code variable names to Python valid characters ([_0-9a-zA-Z])
2015-02-24 15:05:44 +01:00
Miroslav Stampar
e35c7fbb7a
Fixes #1172
2015-02-22 13:41:54 +01:00
Bernardo Damele
475cc8b24b
trivial code cleanup
2015-02-21 13:12:30 +00:00
Bernardo Damele
383929c0c2
if the user forces the DBMS, then sort the tests accordingly to perform first the DBMS-specific tests, then the others
2015-02-21 13:12:03 +00:00
Bernardo Damele
d235ee375b
code cleanup
2015-02-21 12:59:44 +00:00
Bernardo Damele
8be24d3e9b
minor enhancement, prefer intersect() each time DBMS values are comfronted
2015-02-21 12:59:27 +00:00
Bernardo Damele
388c0dfd77
trivial layout fix
2015-02-21 12:57:49 +00:00
Bernardo Damele
52dd92748a
rework some of the logic of the detection phase based on identified DBMS along the way
2015-02-21 02:23:42 +00:00
Bernardo Damele
4f939b5719
avoid false positive message when extensive heuristic check is performed following detection of boolean blind injection detection: do only heuristic DBMS fingerprint for DBMS specific tables
2015-02-20 18:36:34 +00:00
Bernardo Damele
1ecb921ba7
Consistency in enums
2015-02-20 18:31:47 +00:00
Bernardo Damele
214b9360e9
Minor fix to check for inline query payloads regardless of previously identified payloads and code cleanup
2015-02-20 18:30:42 +00:00
Bernardo Damele
79d4d970a5
trivial code cleanup
2015-02-20 15:42:28 +00:00
Bernardo Damele
201b605f9b
Minor fix and consistency: do not ask to include all tests if level and risk are at the max settings already
2015-02-20 10:21:44 +00:00
Bernardo Damele
daa8e0d8c5
minor fix
2015-02-18 10:13:28 +00:00
Miroslav Stampar
1636088b75
Minor update
2015-02-16 11:48:53 +01:00
Bernardo Damele
e17d212c23
bug fix introduced with 863d5a6281
2015-02-15 20:07:52 +00:00
Bernardo Damele
32ab52b8ca
code refactoring: split boundaries and payloads XML files
2015-02-15 16:31:35 +00:00
Bernardo Damele
863d5a6281
--test-filter now ignores values of --risk and --level
2015-02-15 16:28:37 +00:00
Miroslav Stampar
2e5c11e427
Closes #1163
2015-02-13 10:59:03 +01:00
Miroslav Stampar
247384858e
Patch for an Issue #1159 (undo commit with single-quotes problem on windows)
2015-02-04 16:21:21 +01:00
Miroslav Stampar
38011743bb
Patch for an Issue #1157
2015-02-04 15:01:19 +01:00
Miroslav Stampar
eecc0b924b
Patch for an Issue #1148
2015-02-03 10:06:00 +01:00
Miroslav Stampar
2af2aef43e
Minor patch for masking sensitive information (when formation -u=... is used)
2015-02-03 09:48:05 +01:00
Miroslav Stampar
59f0da369d
Patch for a bug reported via ML (Accept header ignored in --headers)
2015-02-02 22:07:16 +01:00
Miroslav Stampar
8b135e45bd
Patch for an Issue #1147
2015-02-02 22:05:31 +01:00
Miroslav Stampar
bf1c08a8a6
Bug fix
2015-01-30 22:43:40 +01:00
Miroslav Stampar
2e9bf47703
Heuristic check for WAF/IDS/IPS is now prone to tamper functions (Issue #1145 )
2015-01-30 22:12:35 +01:00
Miroslav Stampar
9e90e357cf
Patch for an Issue #1146
2015-01-30 21:59:03 +01:00
Miroslav Stampar
9563e429d3
Removal of fun code
2015-01-30 21:49:22 +01:00
Miroslav Stampar
9f679a952f
Minor update
2015-01-29 10:44:36 +01:00
Miroslav Stampar
024c500d8e
Minor fix
2015-01-28 00:54:39 +01:00
Miroslav Stampar
5400bb2c95
Patch for an Issue #1142
2015-01-28 00:52:40 +01:00
Miroslav Stampar
fd632e5ada
Update for unhandled exception mechanism (BADA)
2015-01-26 09:09:38 +01:00
Miroslav Stampar
eb548959b3
Minor update
2015-01-26 08:59:10 +01:00
Miroslav Stampar
f0eac38ab4
Minor fix
2015-01-26 08:48:37 +01:00
Miroslav Stampar
32bf2dbe6d
Patch for an Issue #1133
2015-01-23 23:00:28 +01:00
Miroslav Stampar
779db7cbc3
Minor enhancement
2015-01-22 09:17:45 +01:00
Miroslav Stampar
b7cfaa6ca5
Minor style update
2015-01-22 08:55:37 +01:00
Miroslav Stampar
2655b078d0
Patch for an Issue #1127
2015-01-22 08:52:15 +01:00
Miroslav Stampar
02b3eb941f
Patch for an Issue #1124
2015-01-21 09:26:30 +01:00
Miroslav Stampar
cd743ab098
Minor update
2015-01-21 09:12:12 +01:00
Miroslav Stampar
9f4a32ca2b
Automatically checking for sitemap existence in case of --crawl
2015-01-20 10:03:35 +01:00
Miroslav Stampar
a603002acd
Adding a choice to automatically turn on --identify-waf if protection has been detected
2015-01-20 09:38:18 +01:00
Miroslav Stampar
a66b0c91bb
Patch for an Issue #1120
2015-01-19 09:19:30 +01:00
Miroslav Stampar
393659ffbf
Patch for an Issue #1121
2015-01-19 09:17:16 +01:00
Miroslav Stampar
e73ac6c8e3
Minor patch on request of an user
2015-01-17 21:47:57 +01:00
Miroslav Stampar
c2b2ccd2b5
Minor bug fix
2015-01-17 17:31:00 +01:00
Miroslav Stampar
da737d23ed
Fixing a leftover for #1117
2015-01-15 17:34:14 +01:00
Miroslav Stampar
20a9d94f56
Patch for an Issue #1117
2015-01-15 17:32:07 +01:00
Miroslav Stampar
1dd2b7aceb
Important fix for dumping location of databases/tables with international letters
2015-01-15 14:01:19 +01:00
Miroslav Stampar
ccbe424e23
Patch for an Issue #1115
2015-01-15 12:42:32 +01:00
Miroslav Stampar
54e9a1fb2d
Minor style update
2015-01-14 16:11:55 +01:00
Miroslav Stampar
570d30789b
Patch for an Issue #1113
2015-01-14 14:20:33 +01:00
nixawk
7388c3bf49
datatype.py
2015-01-14 09:40:24 +00:00
Miroslav Stampar
7e7513aa5e
Patch for an Issue #1107
2015-01-14 05:30:08 +01:00
Miroslav Stampar
f9a9ededb1
Patch for an Issue #1106
2015-01-14 05:16:32 +01:00
Miroslav Stampar
06ff8b3a16
Patch for an Issue #1105
2015-01-13 10:33:51 +01:00
Miroslav Stampar
8e03f4db0f
Patch for an Issue #1062
2015-01-09 15:33:53 +01:00
Miroslav Stampar
f96f33a984
Fix for an Issue #1100
2015-01-08 22:15:04 +01:00
Miroslav Stampar
7bcb3ce599
Patch for an Issue #1099
2015-01-08 09:22:47 +01:00
Miroslav Stampar
0c4d63fb00
Bug fix (reported by user over ML)
2015-01-08 09:00:21 +01:00
Miroslav Stampar
c8d4df6eba
Adding names to parameters in structured POST requests (e.g. JSON)
2015-01-07 22:09:40 +01:00
Miroslav Stampar
49982bce9c
Trivial update
2015-01-07 16:03:37 +01:00
Miroslav Stampar
450b3c93cb
Potential patch for an Issue #1093
2015-01-07 11:40:11 +01:00
Miroslav Stampar
30b9f3d556
Minor update
2015-01-07 10:53:57 +01:00
Miroslav Stampar
47af7dfe6a
Another minor patch
2015-01-07 10:49:15 +01:00
Miroslav Stampar
83add9fd9b
Minor patch
2015-01-07 10:46:06 +01:00
Miroslav Stampar
c4c4ac13fe
Better patch for an Issue #1095
2015-01-07 09:21:02 +01:00
Miroslav Stampar
2030311d50
Patch for an Issue #1095
2015-01-07 02:04:10 +01:00
Miroslav Stampar
5920d16cf6
Adding a warning message for deprecated switch '--check-waf+
2015-01-06 15:25:24 +01:00
Miroslav Stampar
45bdefd29b
Update of copyright
2015-01-06 15:02:16 +01:00
Miroslav Stampar
3d5ca1b25a
Minor update
2015-01-06 14:36:51 +01:00
Miroslav Stampar
6fc41ca940
Heuristically checking for WAF/IDS/IPS by default
2015-01-06 14:01:47 +01:00
Miroslav Stampar
c474c16b4a
Removing ML email address
2015-01-06 12:30:49 +01:00
Miroslav Stampar
7b144f03ea
Fix for an Issue #1092
2015-01-05 01:31:06 +01:00
Miroslav Stampar
beffe85d6c
Patch for an Issue #1085
2015-01-03 22:30:21 +01:00
Miroslav Stampar
f042a7392d
Patch for an Issue #1083
2014-12-31 17:10:45 +01:00
Miroslav Stampar
2985050fce
Minor patch
2014-12-30 16:07:08 +00:00
Miroslav Stampar
33508e3bae
Patch for an Issue #1077
2014-12-30 16:11:33 +01:00
Miroslav Stampar
41c2f889b2
Fix related to the SSLv3 disabling
2014-12-30 15:44:55 +01:00
Miroslav Stampar
d3c6cf1932
Patch for an Issue #1079
2014-12-30 14:14:47 +00:00
Miroslav Stampar
4f602daa5b
Minor patch
2014-12-30 09:35:56 +00:00
Miroslav Stampar
e383df8e29
Patch for an Issue #1073
2014-12-30 09:16:50 +00:00
Miroslav Stampar
02d20ccd13
Patch for an Issue #1078
2014-12-30 08:48:50 +00:00
Miroslav Stampar
1e014de6be
Patch for an Issue #1066
2014-12-26 22:24:28 +01:00
Miroslav Stampar
bc91884c4d
Fix for an Issue #1065
2014-12-25 23:05:34 +01:00
Miroslav Stampar
45886cb9ca
Patch for an Issue #1060
2014-12-23 22:04:23 +01:00
Miroslav Stampar
483158c371
Minor style update
2014-12-23 09:07:33 +01:00
Miroslav Stampar
3c23d616e7
Adding a more user friendly (copy-pastable) client example for sqlmapapi client
2014-12-23 09:01:29 +01:00
Miroslav Stampar
59a3407322
Patch for an Issue #1057
2014-12-23 08:36:00 +01:00
Miroslav Stampar
f93bca4564
Patch for an Issue #1058
2014-12-23 08:23:40 +01:00
Miroslav Stampar
fc7dd2a9b9
Patch for an Issue #1056
2014-12-22 06:02:39 +01:00
Miroslav Stampar
76f79ece13
run like --threads=20! will skip the maximum number of threads check
2014-12-21 05:15:42 +01:00
Miroslav Stampar
4f122ee008
Bug fix regarding a problem reported by user @blink2014
2014-12-20 00:23:31 +01:00
Miroslav Stampar
6cb76bcf85
Adding one new smart ass warning message
2014-12-19 15:48:54 +01:00
Miroslav Stampar
1ea2f5bfe2
Patch for an Issue #1052
2014-12-19 09:37:06 +01:00
Miroslav Stampar
cf3b02ee04
Proper fix for #1053
2014-12-19 09:26:01 +01:00
Miroslav Stampar
6972020faf
Bug fix for login-like SQLi (OR with 500 result)
2014-12-18 15:58:19 +01:00
Miroslav Stampar
0cb7852754
Patch for an Issue #1046
2014-12-17 10:02:36 +01:00
Miroslav Stampar
180ede0cb3
Minor patch
2014-12-15 14:07:28 +01:00
Miroslav Stampar
9d06b71862
Minor revert
2014-12-15 13:51:00 +01:00
Miroslav Stampar
e6de92ce88
Minor patch (unicode related)
2014-12-15 13:36:08 +01:00
Miroslav Stampar
35c8e016a8
Minor patch
2014-12-15 13:26:15 +01:00
Miroslav Stampar
3f3a873b10
Merge pull request #1037 from flsf/master
...
fix comments error
2014-12-15 13:23:39 +01:00
flsf
21837f236f
fix comments error
2014-12-15 20:07:38 +08:00
Miroslav Stampar
4c6331daa6
Patch for an Issue #1028
2014-12-15 09:30:54 +01:00
Miroslav Stampar
e794c7f246
Patch for an Issue #1027
2014-12-15 09:13:13 +01:00
Miroslav Stampar
eb15a19532
Patch for an Issue #1032
2014-12-15 09:11:40 +01:00
Miroslav Stampar
ecbba4ea20
Patch for an Issue #1030
2014-12-15 07:18:47 +01:00
Miroslav Stampar
e17e703e3e
Minor bug fix (for Windows nagging message about Unicode data)
2014-12-14 00:17:43 +01:00
Miroslav Stampar
fb645b90f7
Minor update
2014-12-14 00:14:18 +01:00
Miroslav Stampar
5166675ff5
Patch for an Issue #1024
2014-12-13 23:32:18 +01:00
Miroslav Stampar
9c225557d1
Patch for an Issue #1020
2014-12-13 14:08:37 +01:00
Miroslav Stampar
25196b4572
Patch for an Issue #1021
2014-12-13 13:48:50 +01:00
Miroslav Stampar
84ba5f35ac
Minor update for #1022
2014-12-13 13:41:39 +01:00
Miroslav Stampar
fe58aff26c
Patch for an Issue #1019
2014-12-13 00:08:18 +01:00
Miroslav Stampar
650dfe9526
Patch for an Issue #1018
2014-12-12 14:54:47 +01:00
Miroslav Stampar
23d33bb5b5
Patch for an Issue #1017
2014-12-12 09:58:42 +01:00
Miroslav Stampar
bb4ac41ff7
Patch for an Issue #1016
2014-12-12 04:40:44 +01:00
Miroslav Stampar
785e3d0317
Patch for an Issue #1014
2014-12-11 13:29:42 +01:00
Miroslav Stampar
1e06e7c386
Adding a debug message during name resolution
2014-12-11 13:29:26 +01:00
Miroslav Stampar
6f211f9d3e
Patch for an Issue #1013
2014-12-11 00:35:51 +01:00
Miroslav Stampar
6d13b67822
Patch for an Issue #1012
2014-12-11 00:32:26 +01:00
Miroslav Stampar
2bcaae3a0b
Another just in case update for an Issue #1011
2014-12-11 00:14:35 +01:00
Miroslav Stampar
763f720675
Patch for an Issue #1011
2014-12-11 00:11:52 +01:00
Miroslav Stampar
10ed97b0df
Patch for an Issue #1010
2014-12-10 13:50:29 +01:00
Miroslav Stampar
ee20d98bca
Minor fix for --forms
2014-12-10 12:13:37 +01:00
Miroslav Stampar
d700e50b36
Minor update related to the Issue #993
2014-12-10 06:37:17 +01:00
Miroslav Stampar
a7b21a2f62
Rerun advice update
2014-12-09 09:02:06 +01:00
Miroslav Stampar
20c272b77d
More generic patch for an Issue #994
2014-12-07 16:14:48 +01:00
Miroslav Stampar
4e7f835eae
Patch for an Issue #994
2014-12-07 16:11:07 +01:00
Miroslav Stampar
0d931a7b09
Fix for an Issue #999
2014-12-07 15:55:22 +01:00
Miroslav Stampar
bd99470a4a
Minor update to cleanup properly new xp_cmdshell
2014-12-05 22:01:59 +01:00
Miroslav Stampar
d726050bc4
Patch for an Issue #991
2014-12-05 11:46:03 +01:00
Miroslav Stampar
034fae0f47
Patch for an Issue #992
2014-12-05 11:24:43 +01:00
Miroslav Stampar
7673f3e045
Minor style update
2014-12-05 11:15:33 +01:00
Miroslav Stampar
56965e3608
Patch for an Issue #990
2014-12-04 13:36:41 +01:00
Miroslav Stampar
9b32e69f26
Adding new WAF script (UrlScan)
2014-12-04 10:06:15 +01:00
Miroslav Stampar
a3507d65fd
Minor update
2014-12-04 09:34:37 +01:00
Miroslav Stampar
d3060f20d7
Minor improvement
2014-12-03 13:22:55 +01:00
Miroslav Stampar
aa95a05477
Minor update
2014-12-03 13:14:06 +01:00
Miroslav Stampar
17db587e2c
Adding some friendly warning messages (regarding blocking)
2014-12-03 10:06:21 +01:00
Miroslav Stampar
e4b00bdbcb
Patch for an Issue #983
2014-12-02 10:57:50 +01:00
Miroslav Stampar
2358e34bb8
Minor refactoring
2014-12-02 10:50:15 +01:00
Miroslav Stampar
e03aaa7542
Patch for an Issue #982
2014-12-02 10:23:10 +01:00
Miroslav Stampar
7a04595f5e
Added a reference url (http charset priority)
2014-12-01 11:15:45 +01:00
Miroslav Stampar
f71a65a9a0
Patch for an Issue #979
2014-12-01 00:29:25 +01:00
Miroslav Stampar
56b6bf72f4
Patch for an Issue #978
2014-11-29 23:33:24 +01:00
Miroslav Stampar
605b126758
Patch for an Issue #976
2014-11-26 13:38:21 +01:00
Miroslav Stampar
8cd40f8917
Patch for an Issue #971
2014-11-25 13:54:26 +01:00
Miroslav Stampar
a0d95a8ec4
Refactoring of #952
2014-11-24 12:56:39 +01:00
Miroslav Stampar
27cd9e7064
Merge pull request #952 from Rexikon/patch-1
...
Update httpshandler.py, AttributeError PROTOCOL_SSLv3
2014-11-24 12:52:27 +01:00
Miroslav Stampar
816348f1ab
Patch for an Issue #963
2014-11-24 11:54:04 +01:00
Miroslav Stampar
05f7b1f121
Patch for an Issue #970
2014-11-24 10:55:19 +01:00
Miroslav Stampar
2f744139fc
Patch for an Issue #968
2014-11-24 10:13:56 +01:00
Miroslav Stampar
2284535267
Update for an Issue #963
2014-11-24 05:44:38 +01:00
Miroslav Stampar
69cdad4148
Patch for an Issue #958
2014-11-23 15:55:12 +01:00
Miroslav Stampar
28d6af6237
Minor update
2014-11-23 15:42:41 +01:00
Miroslav Stampar
f853f8973f
Minor refactorign
2014-11-23 15:41:24 +01:00
Miroslav Stampar
080a873922
Patch for an Issue #964
2014-11-23 15:39:08 +01:00
Miroslav Stampar
5c182a0ec4
Update for an Issue #431
2014-11-21 11:33:57 +01:00
Miroslav Stampar
f0802c6fb9
Update for an Issue #431
2014-11-21 11:20:54 +01:00
Miroslav Stampar
1fc4d0e3c4
Update for an Issue #431
2014-11-21 10:31:55 +01:00
Miroslav Stampar
cf2d5fd453
Update for an Issue #431
2014-11-21 09:41:49 +01:00
Miroslav Stampar
34ce774acd
Patch for an Issue #956
2014-11-21 09:41:49 +01:00
Miroslav Stampar
1a8b58fca6
Minor update
2014-11-20 16:42:06 +01:00
Miroslav Stampar
f8a8cbf9a6
Storing crawling results to a temporary file (for eventual further processing)
2014-11-20 16:29:17 +01:00
Miroslav Stampar
d3551631c4
Minor update
2014-11-20 16:10:25 +01:00
Miroslav Stampar
484fa61afc
Patch for an Issue #954
2014-11-20 15:08:08 +01:00
Miroslav Stampar
ee8b3ee664
Patch for an Issue #953
2014-11-20 09:49:04 +01:00
Rexikon
4da20679ee
Update httpshandler.py
...
ssl.PROTOCOL_SSLv3 removed
affecting error: AttributeError: 'module' object has no attribute 'PROTOCOL_SSLv3'
2014-11-19 16:36:30 +01:00
Miroslav Stampar
05d5342f20
Update and patch for an Issue #2
2014-11-17 11:50:05 +01:00
Miroslav Stampar
733e06e31f
Patch for an Issue #944
2014-11-16 14:25:44 +01:00
Miroslav Stampar
bb56eb583a
Minor update
2014-11-16 13:34:35 +01:00
Miroslav Stampar
d8d9678947
Patch for an Issue #935
2014-11-14 00:21:04 +01:00
Miroslav Stampar
74eacf95fd
Patch for an Issue #929
2014-11-13 10:52:33 +01:00
Miroslav Stampar
671facc6d9
Patch for an Issue #930
2014-11-13 10:28:38 +01:00
Miroslav Stampar
d0afa7f325
Bug fix for not displaying proper version in unhandled exception win cases
2014-11-12 11:53:42 +01:00
Miroslav Stampar
06e6d2aaeb
Patch for an Issue #921
2014-11-11 11:38:14 +01:00
Miroslav Stampar
c5df45a14f
Minor bug fix (skipping HTML decoding in heuristic mode)
2014-11-11 11:23:14 +01:00
Miroslav Stampar
dfa8e0456d
Potential patch for an Issue #914
2014-11-10 14:51:31 +01:00
Miroslav Stampar
cdbfb17408
Patch for an Issue #919
2014-11-10 13:41:53 +01:00
Miroslav Stampar
06bb957d13
Preventing a run of duplicate issues
2014-11-09 22:07:11 +01:00
Miroslav Stampar
de1cf26fe6
Minor patch
2014-11-09 18:58:25 +01:00
Miroslav Stampar
80af465ce3
Fix for an Issue #911
2014-11-09 18:40:49 +01:00
Miroslav Stampar
9fe6ab749b
Bug fix for occureance of ANSI color codes in multiprocessing hash cracking on Windows OS
2014-11-09 15:08:44 +01:00
Miroslav Stampar
62a73bf30b
Minor fix for automatic removal of temporary files
2014-11-09 14:52:50 +01:00
Miroslav Stampar
5e9c73f9c1
Just in case update (for unhandled exceptions happening too soon)
2014-11-08 21:44:46 +01:00
Miroslav Stampar
3b06665c9f
Patch for an Issue #910
2014-11-08 21:22:03 +01:00
Miroslav Stampar
8fdf9ff746
Probable fix for an Issue #908
2014-11-07 15:47:42 +01:00
Miroslav Stampar
31f8d6e612
Fix for an Issue #904
2014-11-06 11:19:05 +01:00
Miroslav Stampar
a91fb4149b
Minor update (using lower frequency alphabet for kb.chars)
2014-11-05 10:56:30 +01:00
Miroslav Stampar
a074efe75e
Minor improvement of error-based SQLi when trimmed output is detected (trying to reconstruct)
2014-11-05 10:46:11 +01:00
Miroslav Stampar
71c43be53a
Patch for an Issue #901
2014-11-05 10:03:19 +01:00
Miroslav Stampar
78cc3853b6
Fix for an Issue #902
2014-11-05 09:56:50 +01:00
Miroslav Stampar
97cc679f9c
Fix for an Issue #900
2014-11-04 15:15:58 +01:00
Miroslav Stampar
4d5b48b2ae
Patch for an Issue #896
2014-11-04 00:34:35 +01:00
Miroslav Stampar
6f45596f28
Minor style update
2014-11-03 23:48:44 +01:00
Miroslav Stampar
05b446b95d
Patch for an Issue #893
2014-11-02 23:38:52 +01:00
Miroslav Stampar
9652e41226
Path for an Issue #891
2014-11-02 23:32:19 +01:00
Miroslav Stampar
1ef2c4006d
Patch for an Issue #892
2014-11-02 11:01:46 +01:00
Miroslav Stampar
a4d058d70c
More anonymization of unhanded exception data
2014-11-02 10:55:38 +01:00
Miroslav Stampar
baf9ada28d
Fix for an Issue #889
2014-11-01 17:13:33 +01:00
Miroslav Stampar
4e0e64d06b
Bug fix for DNS Exfiltration in PgSQL case ('invalid URI')
2014-10-31 20:28:37 +01:00
Miroslav Stampar
49d3860b1f
Minor fix
2014-10-31 20:22:15 +01:00
Miroslav Stampar
ab269f315f
Fix for an Issue #886
2014-10-31 18:58:30 +01:00
Miroslav Stampar
c33e493e0d
Fix for an Issue #885
2014-10-31 17:06:09 +01:00
Miroslav Stampar
38978c3e54
Fix for an Issue #884
2014-10-31 16:45:26 +01:00
Miroslav Stampar
0feb379b47
Fix for an Issue #887
2014-10-31 16:39:29 +01:00
Miroslav Stampar
5b0d74146e
Fix for an Issue #883
2014-10-31 01:01:35 +01:00
Miroslav Stampar
8ea22c5124
Fix for an Issue #878
2014-10-28 15:34:53 +01:00
Miroslav Stampar
455ea9922c
Minor update
2014-10-28 15:26:28 +01:00
Miroslav Stampar
258a700b2e
More anonymization of unhandled exception messages
2014-10-28 15:14:41 +01:00
Miroslav Stampar
df73be32f1
Fix for an Issue #876
2014-10-28 14:41:21 +01:00
Miroslav Stampar
725c3a6a95
Minor update
2014-10-28 14:08:06 +01:00
Miroslav Stampar
3b3b8d4ef2
Potential bug fix (escaping formatted regular expressions)
2014-10-28 14:02:55 +01:00
Miroslav Stampar
268e774087
Minor refactoring
2014-10-28 13:44:55 +01:00
Miroslav Stampar
f89e94fb8c
Minor refactoring
2014-10-28 13:42:13 +01:00
Miroslav Stampar
e08c8f272a
Fix for an Issue #875
2014-10-28 13:10:07 +01:00
Miroslav Stampar
19aed90ae5
Implementation for an Issue #874
2014-10-27 00:37:46 +01:00
Miroslav Stampar
6448d3caf4
Implementing support for csrfcookie (Issue #2 )
2014-10-24 09:37:51 +02:00
Miroslav Stampar
5e31229d48
Minor cosmetic update
2014-10-23 15:18:22 +02:00
Miroslav Stampar
abbd352392
Support for X-CSRF-TOKEN header (Issue #2 )
2014-10-23 14:33:22 +02:00
Miroslav Stampar
95f2e61ca1
Minor fix related to the Issue #2
2014-10-23 14:23:01 +02:00
Miroslav Stampar
01f4b76817
Minor update for the Issue #2
2014-10-23 14:03:44 +02:00
Miroslav Stampar
7143e61619
Minor update
2014-10-23 14:00:53 +02:00
Miroslav Stampar
32bcca0aae
Basic options check for Issue #2
2014-10-23 11:54:29 +02:00
Miroslav Stampar
7fc9e82d28
Minor style update
2014-10-23 11:44:38 +02:00
Miroslav Stampar
780dbd1c64
Update for an Issue #2
2014-10-23 11:42:30 +02:00
Miroslav Stampar
a52c8811e6
Minor style update
2014-10-23 11:25:44 +02:00
Miroslav Stampar
fc1b05bec9
Implementation for an Issue #2
2014-10-23 11:23:53 +02:00
Miroslav Stampar
8dcad46805
Update basic.py
2014-10-22 23:16:46 +02:00
Miroslav Stampar
73a3db67eb
Fix for an Issue #862
2014-10-22 14:54:49 +02:00
Miroslav Stampar
60f2764c3d
Minor style update
2014-10-22 13:53:18 +02:00
Miroslav Stampar
34aed7cde0
Bug fix (now it's possible to use multiple parsed requests without mixing associated headers)
2014-10-22 13:49:29 +02:00
Miroslav Stampar
2f18df345e
Minor patch
2014-10-22 13:41:36 +02:00
Miroslav Stampar
268095495e
Minor patch
2014-10-22 13:32:49 +02:00
Miroslav Stampar
e239fefe67
Minor patch for JSON requests
2014-10-22 10:38:49 +02:00
Miroslav Stampar
a2f578dbf4
Patch to also include JSON array elements into automatic recognition
2014-10-22 10:28:10 +02:00
Miroslav Stampar
3ebc5faa34
Falling back to partial UNION if large dump connects out
2014-10-21 09:23:34 +02:00
Miroslav Stampar
006d9d1859
Bug fix for a problem reported by a user via ML (--os-shell)
2014-10-13 12:00:34 +02:00
Miroslav Stampar
fb65caabd2
Unhidding switch --ignore-401
2014-10-13 09:19:25 +02:00
Miroslav Stampar
4e3a4eb0ff
Added a prompt for choosing a number of threads when in crawling mode
2014-10-10 12:09:08 +02:00
Miroslav Stampar
2aadfc0fd3
Fix for an Issue #851
2014-10-10 10:38:17 +02:00
Miroslav Stampar
d4610890ca
Minor patch (flushing log file output at the end of program run)
2014-10-10 10:07:17 +02:00
Miroslav Stampar
7811a958ae
Another minor patch for Issue #846
2014-10-09 15:42:44 +02:00
Miroslav Stampar
f94ac8c69d
Second patch related to the Issue #846
2014-10-09 15:21:26 +02:00
Miroslav Stampar
c823c58d47
One patch related to the Issue #846
2014-10-09 14:39:54 +02:00
Miroslav Stampar
70215a95a1
Patch for an Issue #847
2014-10-07 13:02:47 +02:00
Miroslav Stampar
c6a8feea8a
Fix for an Issue #831
2014-10-07 12:00:11 +02:00
Miroslav Stampar
2ab4558859
Potential fix for an Issue #846
2014-10-07 11:49:53 +02:00
Miroslav Stampar
ddfec1c668
Initial patch for an Issue #846
2014-10-07 11:34:47 +02:00
Miroslav Stampar
2de12ef4a2
Potential fix for an Issue #843
2014-10-05 00:20:42 +02:00
Miroslav Stampar
fdef53aa67
Minor update of unhandled exception message
2014-10-01 14:23:45 +02:00
Miroslav Stampar
a2b059123a
Minor update of format exception strings
2014-10-01 14:12:30 +02:00
Miroslav Stampar
e81168af0f
Minor adjustment
2014-10-01 13:59:51 +02:00
Miroslav Stampar
f67a38dba9
Minor adjustment
2014-10-01 13:42:10 +02:00
Miroslav Stampar
a9454fbb43
Minor commit related to the last one (bypassing DBMS error trimming problem)
2014-10-01 13:35:20 +02:00
Miroslav Stampar
8c9014c39f
Adding a dummy (auxiliary) XSS check
2014-10-01 13:31:48 +02:00
Miroslav Stampar
4d23744430
Bug fix (there was a problem using --tamper=varnish with --identify-waf because of same named modules)
2014-09-30 09:58:02 +02:00
Miroslav Stampar
ff42720c62
Minor fix
2014-09-29 14:07:59 +02:00
Miroslav Stampar
1e636fb925
Minor patch regarding Issue #840
2014-09-28 13:38:09 +02:00
Miroslav Stampar
767c278a0f
Fix for an Issue #838
2014-09-26 17:00:50 +02:00
Miroslav Stampar
00fc842c6f
Update agent.py
2014-09-20 10:20:57 +02:00
Miroslav Stampar
69701ba08c
Minor refactoring
2014-09-17 18:29:01 +02:00
Miroslav Stampar
09064a4a24
Minor just in case patch
2014-09-17 18:25:24 +02:00
Miroslav Stampar
bbc6dd9ac8
Minor fix
2014-09-17 10:28:18 +02:00
Miroslav Stampar
6888d2fc34
Minor cosmetic update
2014-09-16 16:32:54 +02:00
Miroslav Stampar
0e8090381c
Minor cosmetic update
2014-09-16 16:21:29 +02:00
Miroslav Stampar
c5294f2cbb
Minor patch for an Issue #832
2014-09-16 16:18:13 +02:00
Miroslav Stampar
5b0732e9f9
Minor update for Issue #832
2014-09-16 15:17:50 +02:00
Miroslav Stampar
7278af01ee
Implementation for an Issue #832
2014-09-16 14:12:43 +02:00
Miroslav Stampar
57eb19377e
Minor code refactoring
2014-09-16 09:07:31 +02:00
Miroslav Stampar
45f5548113
Minor update regarding shell history file
2014-09-16 08:58:25 +02:00
Miroslav Stampar
637d3cbaf7
Fix for cases when parameter name is urlencoded
2014-09-12 13:29:30 +02:00
Miroslav Stampar
bfc8ab0e35
Language update
2014-09-08 14:48:31 +02:00
Miroslav Stampar
53d0d5bf8b
Minor update (adding a warning message about potential dropping of requests because of protection mechanisms involved)
2014-09-08 14:33:13 +02:00
Miroslav Stampar
055b759145
Minor update
2014-09-03 23:13:57 +02:00
Miroslav Stampar
bbf0be1f8d
Bug fix (Issue #813 )
2014-09-03 22:09:12 +02:00
Miroslav Stampar
112a0cb1ae
Patch for output directory (using unicode for international support)
2014-09-03 21:49:30 +02:00
Miroslav Stampar
7e40890f32
Patch for an Issue #815
2014-09-01 16:16:12 +02:00
Miroslav Stampar
25c6fca20e
Minor fix
2014-09-01 15:48:00 +02:00
Miroslav Stampar
d5d01e91ad
Warning message
2014-08-30 22:15:14 +02:00
Miroslav Stampar
20ff402103
Minor patch
2014-08-30 22:04:55 +02:00
Miroslav Stampar
dc2ee8bfa0
Minor update
2014-08-30 21:53:09 +02:00
Miroslav Stampar
177fc0376d
Minor fix for HSQLDB
2014-08-30 21:37:38 +02:00
Miroslav Stampar
1a9a331422
Bug fix (proper extending of tests when dbms is known)
2014-08-30 21:34:23 +02:00
Miroslav Stampar
e501b2a80b
Minor patch
2014-08-30 20:58:59 +02:00
Miroslav Stampar
03c8e7b7a2
Patch for an Issue #810
2014-08-30 17:13:02 +02:00
Miroslav Stampar
77cb35dcf6
Fix for an Issue #804
2014-08-28 14:26:55 +02:00
Miroslav Stampar
9476359255
Bug fix
2014-08-28 12:50:39 +02:00
Miroslav Stampar
834f8e18c8
Minor patch for an Issue #802
2014-08-28 00:45:57 +02:00
Miroslav Stampar
b77d8d617b
Minor patch for an Issue #800
2014-08-28 00:31:49 +02:00
Miroslav Stampar
7595f2b73e
Minor fix
2014-08-28 00:13:27 +02:00
Miroslav Stampar
fce671c899
Patch for an Issue #801
2014-08-28 00:00:16 +02:00
Miroslav Stampar
fd36250026
Proper fix for an Issue #757
2014-08-26 23:36:04 +02:00
Miroslav Stampar
2a268199d4
Patch for an Issue #798
2014-08-26 23:11:44 +02:00
Miroslav Stampar
e68326c0fe
expandAsteriskForColumns changes value of conf.db and conf.tbl potentially causing problems in further work
2014-08-26 22:57:08 +02:00
Miroslav Stampar
decd092b2a
Minor patch
2014-08-26 22:40:50 +02:00
Miroslav Stampar
2be0ebd883
Minor fix (e.g. Oracle identifier names can contain character $)
2014-08-26 22:40:15 +02:00
Miroslav Stampar
dcaad75a1e
Fix for an Issue #794
2014-08-22 15:08:05 +02:00
Miroslav Stampar
d74b803306
Minor patch
2014-08-22 14:45:23 +02:00
Miroslav Stampar
e0a8b89069
Minor patch when trailing space is used with comma to split option items (e.g. '-C id, name')
2014-08-22 14:19:53 +02:00
Miroslav Stampar
e3a0f25db0
Patch for an Issue #795
2014-08-22 14:11:23 +02:00
Miroslav Stampar
2ce3ccac46
Patch for an Issue #797 (switching to greedy because of performance; it shouldn't be a problem because it was a single line replacement in the first place)
2014-08-22 13:06:53 +02:00
Miroslav Stampar
77513e1de9
Minor style update
2014-08-21 01:19:10 +02:00
Miroslav Stampar
c5b71cff10
Some filtering
2014-08-21 01:12:44 +02:00
Miroslav Stampar
3cfdb5ff0f
Removing / from auto directories (it doesn't make sense to auto-test for uploading to /)
2014-08-21 00:43:37 +02:00
Miroslav Stampar
acb3b1d1fe
Bug fix for common table/column existence check
2014-08-21 00:12:19 +02:00
Miroslav Stampar
074b57804e
Minor style update
2014-08-21 00:03:46 +02:00
Miroslav Stampar
58d93ffb2b
Fix for falling back to partial union (excluding scalar queries)
2014-08-20 23:53:15 +02:00
Miroslav Stampar
90882f081d
Language update
2014-08-20 23:47:57 +02:00
Miroslav Stampar
0296081692
Minor refactoring
2014-08-20 23:42:40 +02:00
Miroslav Stampar
f51ea20bbd
Minor style update
2014-08-20 22:50:00 +02:00
Miroslav Stampar
5d10bae31f
Removing trailing blank lines
2014-08-20 21:07:19 +02:00
Miroslav Stampar
e0216771ed
Minor update
2014-08-20 15:23:07 +02:00
Miroslav Stampar
c97782cfed
Minor update of banner
2014-08-20 15:10:21 +02:00
Miroslav Stampar
07f881e711
Minor fix
2014-08-20 14:02:04 +02:00
Miroslav Stampar
b4fbb9cafe
Minor upgrade
2014-08-20 13:52:48 +02:00
Miroslav Stampar
7828f61642
Minor style update
2014-08-20 13:35:41 +02:00
Miroslav Stampar
dfa426fbb5
Minor style update
2014-08-20 13:32:32 +02:00
Miroslav Stampar
6795b51c7e
Another minor update
2014-08-20 01:59:30 +02:00
Miroslav Stampar
d08c1b7c04
Minor update
2014-08-20 01:45:42 +02:00
Miroslav Stampar
6caccc3d93
Bug fix for ultra-slow processing of binary data
2014-08-20 01:38:01 +02:00
Miroslav Stampar
ebc964267f
Better reporting on filtered-chars cases
2014-08-20 01:11:26 +02:00
Miroslav Stampar
c12e51173a
Minor style update
2014-08-20 00:28:33 +02:00
Miroslav Stampar
5a05271097
Minor fix
2014-08-19 22:34:07 +02:00
Miroslav Stampar
b0465a6a76
Adding a revision scheme for nongit checkouts
2014-08-19 22:32:16 +02:00
Miroslav Stampar
cd92de1702
Adding colorful banner
2014-08-19 22:19:22 +02:00
Miroslav Stampar
7d578d395f
Minor update for Apache on Windows
2014-08-16 16:01:18 +02:00
Miroslav Stampar
a8b4b96cd9
Extending list for brute forcing doc root
2014-08-16 15:16:03 +02:00
Miroslav Stampar
0fb576724e
Implementation for cases when there are multiple copies/variations of the same result(s) in response for partial UNION SQLi
2014-08-13 22:50:42 +02:00
Miroslav Stampar
0809a61fc3
Bug fix (whole page output as a result of partial union runs)
2014-08-13 15:18:11 +02:00
Miroslav Stampar
0a74ae736f
Probable fix for an Issue #788
2014-08-13 14:01:57 +02:00
Miroslav Stampar
658110e644
Minor fix
2014-08-11 12:46:37 +02:00
hydhyd
e7ffe92d8c
Update settings.py
...
Modified BRUTE_DOC_PREFIXES to include "/srv/www" used by default in OpenSUSE.
2014-08-06 12:59:18 +04:00
Miroslav Stampar
8599005115
Implementation for an Issue #771
2014-08-01 14:19:32 +02:00
Miroslav Stampar
208d51e0e9
Revert of last trigger happy commit
2014-08-01 13:57:43 +02:00
Miroslav Stampar
d300f99b0b
Removing a redundant code (similar check is being done upper in code)
2014-08-01 13:57:07 +02:00
Miroslav Stampar
8bc6154f06
Removing a redundant code (similar check is being done upper in code)
2014-08-01 13:53:22 +02:00
Miroslav Stampar
b31e141012
Fix for an Issue #772
2014-07-29 14:37:48 +02:00
Miroslav Stampar
20d75cc52e
Patch for an Issue #767
2014-07-29 13:32:26 +02:00
Miroslav Stampar
9fff88d6e4
Minor update
2014-07-19 23:23:55 +02:00
Miroslav Stampar
3cfa63646b
Minor bug fix
2014-07-19 23:17:23 +02:00
Miroslav Stampar
0eb5fb1e5a
Update for an Issue #757
2014-07-19 23:02:14 +02:00
Miroslav Stampar
cd1c100cc0
Another patch for an Issue #757
2014-07-14 21:10:45 +02:00
Miroslav Stampar
e66a81ab4e
Fix for an Issue #757
2014-07-11 16:24:57 +02:00
Miroslav Stampar
32af0b17b0
Update for an Issue #760
2014-07-10 08:49:20 +02:00
Miroslav Stampar
33b6d189cd
Bug fix for some cases (in cases of working where=ORIGINAL, workflow switched to where=NEGATIVE because of false assumptions that it would be better than ORIGINAL; this kind of behaviour caused reported problems)
2014-07-07 22:22:56 +02:00
Miroslav Stampar
79a66ef22c
Minor patch
2014-07-06 09:09:44 +02:00
Miroslav Stampar
b5838ae7a4
Adding missing module (Issue #674 and Issue #747 )
2014-07-03 00:29:20 +02:00
Miroslav Stampar
9d571c7800
Minor language update
2014-07-02 22:31:18 +02:00
Miroslav Stampar
e6d0d5a1c7
Implementation for an Issue #674
2014-07-02 22:27:51 +02:00
Miroslav Stampar
1eecabaea8
Patch for an Issue #746
2014-07-02 10:11:31 +02:00
Bernardo Damele
4e909a2a05
code cleanup
2014-07-01 00:58:49 +01:00
Bernardo Damele
018748f52e
increase the timeout for the Metasploit session initialization to 5 minutes, better on slow speed connections
2014-07-01 00:34:09 +01:00
Conny Brunnkvist
f0e23c9441
Use the selected random User-Agent
2014-07-01 00:27:14 +07:00
Miroslav Stampar
c2f14e57e7
Patch for an Issue #740
2014-06-29 00:27:23 +02:00
Miroslav Stampar
686fe4d0e9
Another patch for DNS exfiltration and boolean checks
2014-06-27 14:22:00 +02:00
Miroslav Stampar
8e660e6911
Minor fix
2014-06-27 14:14:29 +02:00
Miroslav Stampar
2f8d17bcb7
Appendix to last commit
2014-06-27 13:45:40 +02:00
Miroslav Stampar
75279ea75a
Fix for DNS exfiltration of boolean checks
2014-06-27 13:07:34 +02:00
Miroslav Stampar
5b5a765f96
Patch for an Issue #734
2014-06-23 12:24:08 +02:00
Miroslav Stampar
a47072eced
Patch for an Issue #732
2014-06-22 00:09:08 +02:00
Miroslav Stampar
2a88436417
Patch for an Issue #724
2014-06-16 09:51:24 +02:00
Miroslav Stampar
f558b800ac
Patch for an Issue #719
2014-06-12 09:08:55 +02:00
Miroslav Stampar
c50560c3a6
Patch for an Issue #716
2014-06-10 21:57:54 +02:00
Miroslav Stampar
5e9334ab79
Implementation for an Issue #715
2014-06-08 23:55:15 +02:00
Miroslav Stampar
54be398e83
Patch for an Issue #711
2014-06-04 16:35:07 +02:00
Miroslav Stampar
27ebc02535
Minor fix (user reported problem via email)
2014-05-29 09:33:14 +02:00
Miroslav Stampar
0f10cdfa4c
Minor update
2014-05-29 09:24:09 +02:00
Miroslav Stampar
9e02816cbd
Raising number of used md5 digits in hashdb key value because of birthday paradox (Python can handle it - automatically expanding to long if required; SQLite can handle it - it will use 6 bytes per INTEGERs instead of 4)
2014-05-29 09:21:48 +02:00
Miroslav Stampar
680ab10ca6
Patch for an Issue #703
2014-05-27 21:41:07 +02:00
Miroslav Stampar
2d5461d250
Minor fix (related to the unknown encoding reported by ML)
2014-05-22 09:03:14 +02:00
Miroslav Stampar
24954776a5
Patch for an Issue #697
2014-05-20 22:00:26 +02:00
Miroslav Stampar
babe49f086
Minor update (added new warning message)
2014-05-20 17:14:40 +02:00
Miroslav Stampar
c181e909b5
Minor fix
2014-05-16 23:47:00 +02:00
Miroslav Stampar
0f581ccb6c
Minor fix
2014-05-13 15:36:28 +02:00
Miroslav Stampar
4e8b41b869
Patch for an Issue #688
2014-05-13 00:50:36 +02:00
Miroslav Stampar
3a2916724c
Minor style update
2014-05-11 17:12:15 +02:00
Miroslav Stampar
a72d73804e
Revert of 9255174890
(bug was introduced with it)
2014-05-10 01:31:44 +02:00
Miroslav Stampar
93bf8e2a13
Bug fix
2014-05-10 01:11:19 +02:00
Miroslav Stampar
8f0807d7f9
Another fix related to the last commit
2014-05-09 22:55:16 +02:00
Miroslav Stampar
5eae002084
Minor fix
2014-05-09 22:45:43 +02:00
Miroslav Stampar
9255174890
Minor fix
2014-05-09 22:39:56 +02:00
Miroslav Stampar
bc4369be06
Fix for an Issue #687
2014-05-07 09:16:17 +02:00
Miroslav Stampar
2a55f75f86
Using a more generic XML recognition regex
2014-04-30 21:25:45 +02:00
Miroslav Stampar
2e96e3c924
Adding a hidden switch --ignore-401
2014-04-29 23:26:45 +02:00
Miroslav Stampar
eb8e31c23f
Adding a failsafe output directory
2014-04-27 22:40:41 +02:00
Miroslav Stampar
b54651b5a2
Minor patch (while saving configuration file)
2014-04-25 09:32:57 +02:00
Miroslav Stampar
ae8b1fe89c
Implementation for an Issue #678
2014-04-25 09:17:10 +02:00
Miroslav Stampar
e0fb21c26a
Patch for an Issue #673
2014-04-21 21:57:30 +02:00
Miroslav Stampar
f29769b7d0
Minor patch
2014-04-16 09:06:17 +02:00
Miroslav Stampar
ef5ce7e66c
Fix for an Issue #670
2014-04-12 17:22:47 +02:00
Miroslav Stampar
fd884ec67b
Adding another comment
2014-04-12 17:22:47 +02:00
Miroslav Stampar
b5cca742e4
Adding a comment
2014-04-12 17:22:47 +02:00
Miroslav Stampar
7f371c499d
Commit related to the last one
2014-04-10 21:29:59 +02:00
Miroslav Stampar
096ce7881e
Minor beauty patch
2014-04-10 21:18:24 +02:00
Miroslav Stampar
0d1690de61
Minor fix
2014-04-10 21:18:24 +02:00
Miroslav Stampar
1e8349eeaa
Minor fix
2014-04-10 21:18:24 +02:00
Miroslav Stampar
2d3a74a0fe
Patch for an Issue #667
2014-04-07 21:01:40 +02:00
Miroslav Stampar
cb0044b2c4
Minor beauty patch
2014-04-07 20:28:17 +02:00
Miroslav Stampar
fdad787681
Graceful abort in case of an invalid option in configuration file
2014-04-07 20:22:51 +02:00
Miroslav Stampar
e3ccf45503
Graceful abort in case of an invalid configuration file
2014-04-07 20:17:47 +02:00
Miroslav Stampar
bcf754fb17
Consistency patch (to be the same as in help listing)
2014-04-07 20:10:21 +02:00
Miroslav Stampar
b74de19213
Trivial style update
2014-04-07 20:06:03 +02:00
Miroslav Stampar
75f447ccf8
Renaming lib/core/purge to lib/utils/purge
2014-04-07 20:04:07 +02:00
Miroslav Stampar
9c7fbd1a90
Minor refactoring
2014-04-06 18:19:54 +02:00
Miroslav Stampar
4f4c50c4d5
Minor language update
2014-04-06 18:12:59 +02:00
Miroslav Stampar
bf18b025d6
Minor removal of redundant code
2014-04-06 18:09:54 +02:00
Miroslav Stampar
e931344617
More elegant implementation for --random-agent
2014-04-06 18:05:43 +02:00
Miroslav Stampar
9456dc68e7
Minor patch
2014-04-06 17:24:27 +02:00
Miroslav Stampar
1c92d8d51f
More generic implementation for --proxy-file (accepting public lists format)
2014-04-06 17:23:13 +02:00
Miroslav Stampar
bbf08a825e
Minor language fix
2014-04-06 17:12:43 +02:00
Miroslav Stampar
cf250a0381
Minor patch (it would go boom if special character was inside the --param-del)
2014-04-06 17:02:32 +02:00
Miroslav Stampar
053b0fd0e9
Renaming conf.oDir to conf.outputDir
2014-04-06 16:54:46 +02:00
Miroslav Stampar
7cc4159316
Renaming conf.cDel to conf.cookieDel
2014-04-06 16:50:58 +02:00
Miroslav Stampar
0ae8ac707e
Renaming conf.pDel to conf.paramDel
2014-04-06 16:48:46 +02:00
Miroslav Stampar
95e7ca02f0
Minor bug fix (-d was not recognized as one of mandatory in case of config file)
2014-04-06 16:45:25 +02:00
Miroslav Stampar
1b3a98b8ef
Trivial update (for consistency sake)
2014-04-06 13:42:15 +02:00
Miroslav Stampar
492a410bcc
Minor fix
2014-04-04 16:14:53 +02:00
Miroslav Stampar
15f92c4197
Bug fix (port was not being used properly with Burp exported history)
2014-04-03 09:46:37 +02:00
Miroslav Stampar
1632bec10b
Another fix related to the last commit
2014-04-03 09:05:12 +02:00
Miroslav Stampar
e7e8a3965a
Minor fix
2014-04-03 09:00:14 +02:00
Miroslav Stampar
80d4426dbd
Patch related to the Issue #661
2014-04-02 22:34:37 +02:00
Miroslav Stampar
d8bacc904e
Minor language update
2014-04-01 16:38:50 +02:00
Miroslav Stampar
3e024ac8e6
Minor update (consistency patch)
2014-03-30 16:51:31 +02:00
Miroslav Stampar
76b9fad24a
Fix for an Issue #656
2014-03-30 16:21:18 +02:00
Miroslav Stampar
b2cc8f00ef
Bug fix (ORACLE_OLD on Windows - resulted in multiple entry per line output due to no locking used)
2014-03-28 00:41:22 +01:00
Miroslav Stampar
e8c1c90f2e
Whitespace was being double encoded in case of spaceplus (' '->%2B)
2014-03-25 22:02:14 +01:00
Miroslav Stampar
3710a7051b
Fix for an Issue #653
2014-03-25 21:26:22 +01:00
Miroslav Stampar
930c3e3c5a
Minor update (added check for --limit and --risk)
2014-03-25 09:28:12 +01:00
Miroslav Stampar
f6e1d9e026
Fix for an Issue #650
2014-03-24 10:46:23 +01:00
Miroslav Stampar
106102bd3c
Fix for an Issue #648
2014-03-21 20:28:29 +01:00
Bernardo Damele
9f838c3d5b
typo fix
2014-03-21 11:37:34 +00:00
Bernardo Damele
8091a88d3e
minor code cleanup and bug fix
2014-03-21 11:35:30 +00:00
Bernardo Damele
c211255773
replaced outfile with dumpfile so works even if the original statement outputs blob
2014-03-21 11:01:57 +00:00
Miroslav Stampar
39ab3b9149
Minor fix for meta refresh
2014-03-20 13:13:47 +01:00
Miroslav Stampar
d7f0da5599
Minor patch for an Issue #646
2014-03-20 13:08:28 +01:00
Miroslav Stampar
97fe5e52c2
Fix for an Issue #644
2014-03-18 16:41:05 +01:00
Miroslav Stampar
97f603af4a
Fix for an Issue #641
2014-03-17 20:20:25 +01:00
Miroslav Stampar
0622cdf3d8
Bug fix (credentials used in combination with request file)
2014-03-15 09:29:21 +01:00
Miroslav Stampar
3b47418a1d
Fix for an Issue #640
2014-03-14 22:20:20 +01:00
Miroslav Stampar
56d76e6bfd
Updating list of extensions to exclude from crawling
2014-03-14 21:34:16 +01:00
Miroslav Stampar
be3fd8bb29
Fix for an Issue #638
2014-03-14 16:44:56 +01:00
Miroslav Stampar
17742df0fa
Update for an Issue #636 (to prevent eventual future reports with lack of stack trace)
2014-03-11 21:18:31 +01:00
Miroslav Stampar
2f8846caec
Fix for an Issue #636
2014-03-11 21:11:51 +01:00
Miroslav Stampar
d1a6a775f1
Patch for an Issue #636
2014-03-11 21:00:15 +01:00
Miroslav Stampar
f1f53a5841
Minor cosmetic update
2014-03-06 21:08:31 +01:00
Miroslav Stampar
490d51258e
Raising number of minimum time responses (15 is statistically too low)
2014-03-03 20:49:58 +01:00
Miroslav Stampar
291a0d772a
Update for an Issue #615
2014-02-27 14:23:14 +01:00
Miroslav Stampar
2ffdee5733
Bug fix for PAYLOAD.WHERE.REPLACE payloads containing custom injection marker ([ORIGVALUE] was screwed)
2014-02-26 11:41:48 +01:00
Miroslav Stampar
cc62a8adc9
Bug fix for JSON-like data (proper escaping of quotes)
2014-02-26 09:30:37 +01:00
Miroslav Stampar
6369a38ebc
Adding support for JSON-like data with single quote
2014-02-26 08:56:17 +01:00
Miroslav Stampar
465f968be6
Minor cosmetic update
2014-02-26 08:41:23 +01:00
Miroslav Stampar
edc8ef9d5b
Patch for an Issue #611 (original page used in case of tamper functions was wrong - e.g. if --tamper=base64encode was used)
2014-02-25 13:48:34 +01:00
Miroslav Stampar
2a423d61ef
Raising number of requests for false positive testing in case of higher levels
2014-02-23 19:40:01 +01:00
Miroslav Stampar
d405fc1157
Minor update (for the consistency sake)
2014-02-16 22:04:12 +01:00
Miroslav Stampar
58eac364a2
Bug fix
2014-02-16 21:57:14 +01:00
Miroslav Stampar
dfa727cbc5
Fix for a same bug mentioned in last commit
2014-02-16 21:47:14 +01:00
Miroslav Stampar
43df4efd11
Bug fix (bad idea is to do os.path.join on web URLs - especially on Windows OS)
2014-02-16 21:44:57 +01:00
Miroslav Stampar
d05bfdd7dd
Implementing option '--where' (Issue #605 )
2014-02-11 16:20:45 +01:00
Bernardo Damele
be6767b3b0
minor fix for command execution via web shell
2014-02-10 09:59:57 +00:00
Miroslav Stampar
fe0ff6e679
Changing 'is injectable' to 'seems to be injectable' for boolean and time-based blind injection cases - for false positive cases
2014-02-09 17:50:16 +01:00
Miroslav Stampar
8521265526
Minor fix
2014-02-07 14:40:43 +01:00
Miroslav Stampar
534c2ee0e6
Minor update
2014-02-01 22:12:00 +01:00
Miroslav Stampar
0e44132778
Removing unused imports
2014-02-01 21:49:12 +01:00
Miroslav Stampar
f97fcb7bb3
Adding a switch --invalid-string
2014-01-23 21:56:06 +01:00
Miroslav Stampar
f88f6dcd7e
Changing --invalid-bignum from float producing to int producing
2014-01-23 09:07:25 +01:00
Miroslav Stampar
fc02badf40
Minor update
2014-01-23 08:33:21 +01:00
Bernardo Damele
bc29bf6481
removed comments
2014-01-13 23:57:49 +00:00
Bernardo Damele
1505f1dc74
removed useless sink
2014-01-13 23:55:32 +00:00
Bernardo Damele
124ebefc7f
code cleanup
2014-01-13 23:48:15 +00:00
Bernardo Damele
3c79d66569
fixed stderr
2014-01-13 17:34:38 +00:00
Bernardo Damele
43a4e85749
updated copyright
2014-01-13 17:24:49 +00:00
Bernardo Damele
dfa9076a70
fixed and improved web shell upload in MySQL (it was actually broken since fc57b7565d
)
2014-01-13 17:12:37 +00:00
Miroslav Stampar
6863436d4e
Implementation for an Issue #596
2014-01-13 10:05:56 +01:00
Bernardo Damele
d9e00adfae
minor fix
2014-01-10 17:23:16 +00:00
Miroslav Stampar
36f3ab5798
Minor bug fix (for cases when race between thread and main thread is causing server._running to not be set to True)
2014-01-09 15:46:55 +01:00
Miroslav Stampar
cb1f17cb04
Proper patch for an Issue #591
2014-01-02 12:15:56 +01:00
Miroslav Stampar
5437f8bf36
Fix for an Issue #85
2014-01-02 12:09:58 +01:00
Miroslav Stampar
4de83daf03
Minor style update
2014-01-02 11:06:19 +01:00
Miroslav Stampar
e0143e397a
Consistency fix (down below we use direct SQL)
2014-01-02 10:59:53 +01:00
Miroslav Stampar
0b4fcb6845
Fix for an Issue #591
2014-01-02 10:55:40 +01:00
Miroslav Stampar
854a55166c
Fix for an Issue #588
2014-01-02 10:29:10 +01:00
Miroslav Stampar
9b4b070ecf
Minor cosmetics
2014-01-02 10:05:58 +01:00
Miroslav Stampar
192a911b76
Patch for an Issue #28
2013-12-29 16:16:50 +01:00
Miroslav Stampar
41d6c1af82
Patch for an Issue #589
2013-12-28 13:47:40 +01:00
Miroslav Stampar
6c80f2903b
Patch for an Issue #564
2013-12-27 11:02:59 +01:00
Miroslav Stampar
cadbddd607
Adding a boundary proposed in Issue #564
2013-12-27 10:46:18 +01:00
Miroslav Stampar
7718edac9b
Fix for an Issue #570
2013-12-27 09:40:33 +01:00
Miroslav Stampar
02de2aee6d
Patch for an Issue #582
2013-12-26 22:27:04 +01:00
Miroslav Stampar
ab64d385d6
Bug fix (stacked queries as in PgSQL and MsSQL DNS tunneling queries MUST end with the comment - not the recognized underlying technique's suffix)
2013-12-25 22:18:57 +01:00
Miroslav Stampar
2c2667b2be
Minor patch for an Issue #575
2013-12-18 00:56:24 +01:00
Miroslav Stampar
fd6dcd8bf5
Merge pull request #583 from mattoufoutu/api
...
RESTful API improvements
2013-12-17 14:10:19 -08:00
Miroslav Stampar
f18abb1e9c
Minor update (proxy can be also a https one (e.g. Burp for HTTPS targets)
2013-12-17 09:30:51 +01:00
Miroslav Stampar
7d8eb148ce
Patch for an Issue #565 (DuckDuckGo doesn't like identity encoding)
2013-12-17 09:30:04 +01:00
Miroslav Stampar
4819e19200
Patch for an Issue #584
2013-12-16 22:00:47 +01:00
Mathieu Deous
4c9456dd72
moar logging!
2013-12-15 16:59:47 +01:00
Mathieu Deous
438ad73016
avoid names shadowing
2013-12-15 09:22:01 +01:00
Mathieu Deous
eda9a3da67
all instance attributes should be defined in constructor
2013-12-15 09:16:38 +01:00
Mathieu Deous
3effaee2a1
avoid using global variables, use a "store" class
2013-12-15 00:19:58 +01:00
Mathieu Deous
c70f2a4e6d
unused imports
2013-12-15 00:00:08 +01:00
Mathieu Deous
aa02019638
return file content in a json message when calling download endpoint
2013-12-14 16:33:17 +01:00
Mathieu Deous
c87ad1bab5
make returned values more coherent
2013-12-14 16:22:30 +01:00
Mathieu Deous
72137e85f9
do not reset options when firing a scan
2013-12-14 15:59:47 +01:00
Mathieu Deous
af7ad31182
fix commit method usage (belongs to connection, not cursor)
2013-12-14 15:58:09 +01:00
Mathieu Deous
c5a3f54b89
remove unused imports
2013-12-14 15:47:26 +01:00
Mathieu Deous
8a946509b9
PEP8
2013-12-14 15:44:10 +01:00
Miroslav Stampar
5b2ded0b18
Fix for an Issue #577
2013-12-13 21:00:26 +01:00
Miroslav Stampar
437278e32d
Fix for an Issue #580
2013-12-13 19:48:05 +01:00
Mathieu Deous
c3dd6e1e32
api's get_option function doesn't lookup the right object
2013-12-08 17:46:02 +01:00
Miroslav Stampar
b0ca34ff27
Bug fix (payload character '=' was not being url-encoded in custom (user) post cases - when posthint was None)
2013-12-04 10:09:54 +01:00
Miroslav Stampar
bf3fbb0ae0
Ignore Google analytics cookies
2013-12-04 09:56:37 +01:00
Miroslav Stampar
dd2ddec79a
Minor fix (better extraction of original value in case of replacement and custom POST injection mark)
2013-12-03 13:37:04 +01:00
Miroslav Stampar
59d667d94c
Minor update
2013-12-01 22:25:12 +01:00
Miroslav Stampar
7054586e8a
Update for an Issue #565 (more work TBD - DuckDuckGo has some kind of IP blocking mechanism)
2013-11-25 20:57:07 +01:00
Miroslav Stampar
cda27ec20b
Patch for an Issue #563
2013-11-24 15:01:51 +01:00
Bernardo Damele
59b6791faa
minor improvement
2013-11-19 00:24:47 +00:00
Bernardo Damele
c37ad88283
minor bug fix
2013-11-13 14:34:19 +00:00
Miroslav Stampar
3c67ba08c5
Minor fix
2013-11-12 14:53:05 +01:00
Miroslav Stampar
354aaeae5b
Removing unused imports
2013-11-12 14:11:07 +01:00
Miroslav Stampar
d84ddf23bd
Replacing os.sep constructs with os.path.join
2013-11-12 14:08:41 +01:00
Miroslav Stampar
2f1607b4d5
Minor fix for dumping non-alphanumeric database names
2013-11-12 13:13:47 +01:00
Miroslav Stampar
0a4512e9ae
Implementation for an Issue #557
2013-11-08 09:23:38 +01:00
Miroslav Stampar
48bd2e75e9
Minor patch
2013-10-28 13:59:38 +01:00
Miroslav Stampar
7ed05f01b3
Minor update
2013-10-27 00:24:57 +02:00
Miroslav Stampar
fabbe63f00
Proper fix for re.sub() call with repl value containing backslash
2013-10-23 18:07:38 +02:00
Miroslav Stampar
28529a92a7
Minor fix (for parameters with \ in value)
2013-10-23 10:49:50 +02:00
Miroslav Stampar
9f21406a4b
Using cPickle in BigArray (faster and potentially less memory used)
2013-10-21 20:48:00 +02:00
Miroslav Stampar
8dac47f7e5
Minor patch (for recognition of x-mac-turkish codec)
2013-10-21 20:04:48 +02:00
Miroslav Stampar
e197720def
Fix for an Issue #546
2013-10-19 20:54:52 +02:00
Miroslav Stampar
777d999e71
Minor update
2013-10-18 15:39:46 +02:00
Miroslav Stampar
6ff2b931ff
Another patch for an Issue #545
2013-10-17 23:42:51 +02:00
Miroslav Stampar
334c698d53
Adding change verbosity level in testing phase when Ctrl+C pressed
2013-10-17 16:54:53 +02:00
Miroslav Stampar
304c9822bd
Patch for an Issue #545
2013-10-17 16:38:07 +02:00
Miroslav Stampar
5b8d631dc0
Minor update
2013-10-16 11:48:00 +02:00
Miroslav Stampar
04dbee3bec
Update for a more generic JSON recognition regex
2013-10-16 11:39:04 +02:00
Moshe Kaplan
8cd641a2a6
minor typos corrected
...
"choosen" -> "chosen"
2013-10-15 13:26:24 -04:00
Miroslav Stampar
d7906e8f18
Minor fix
2013-10-15 09:49:27 +02:00
Miroslav Stampar
344d3f4b5f
Minor patch
2013-10-12 21:05:18 +02:00
Miroslav Stampar
b8d49c2ea2
Minor usability patch
2013-10-12 20:41:25 +02:00
Miroslav Stampar
98d27ef200
Bug fix (missing permissions when creating dump directory)
2013-10-11 21:17:12 +02:00
Ben Buchacher
54a6c01005
Fix - Custom objects cannot be serialized in JSON
...
Custom objects cannot be serialized in JSON, convert tasks into list before serializing.
2013-10-10 16:06:29 -07:00
Miroslav Stampar
2dc570d7a8
Minor patch (for ORDER BY 'col' cases)
2013-10-10 23:08:20 +02:00
Miroslav Stampar
dd87233fe4
Minor patch (to accept * inside urls in request files too)
2013-10-10 15:04:48 +02:00
Miroslav Stampar
369006ca73
Bug fix
2013-10-07 12:54:25 +02:00
Miroslav Stampar
18d9e1dbc3
Minor update due to reported (debug) problems with SSLv23
2013-10-04 10:53:49 +02:00
Miroslav Stampar
a944028114
Revert of last commit
2013-10-02 22:14:50 +02:00
Miroslav Stampar
9ceb518a50
Minor patch
2013-10-02 22:03:53 +02:00
Miroslav Stampar
8e2f4669d8
Removing dependency for bz2 as there are some reported problems with the library on non-standard platforms
2013-10-02 20:32:18 +02:00
Miroslav Stampar
45c88b36c6
Fix for an Issue #532
2013-09-30 09:33:39 +02:00
Miroslav Stampar
2fbd7e8929
Minor fix
2013-09-24 21:56:40 +02:00
Miroslav Stampar
df9b1d72de
Minor update
2013-09-24 21:44:59 +02:00
Miroslav Stampar
f11e15a180
Minor update
2013-09-11 23:22:10 +02:00
Miroslav Stampar
a3defc175d
Fix (we are not using certificate but PEM private key file in this particular authentication; also, auxiliary cert_file is holding certificate chain that is ignored by python itself)
2013-09-11 23:17:18 +02:00
Miroslav Stampar
176f744ac6
Minor cosmetic update
2013-09-11 15:05:37 +02:00
Miroslav Stampar
696fb6530e
Cosmetic fix (Kali shows ugly 'python ./sqlmap.py' in usage)
2013-09-11 14:57:38 +02:00
Miroslav Stampar
4cf49bc0cc
Minor fix for an Issue #517
2013-09-05 09:22:11 +02:00
Miroslav Stampar
b17bb07301
Minor regex update
2013-09-04 19:28:59 +02:00
Miroslav Stampar
bf57f636a3
Fix for an Issue #517
2013-09-04 19:22:24 +02:00
Miroslav Stampar
81409ce6da
Minor patch
2013-09-02 10:54:32 +02:00
Miroslav Stampar
dd39913cf6
Improvement for an --eval mechanism
2013-08-31 00:28:51 +02:00
Miroslav Stampar
3a57af1452
Minor fix
2013-08-30 15:26:03 +02:00
Miroslav Stampar
9e975210ac
Implementation for an Issue #515
2013-08-30 10:22:43 +02:00
Miroslav Stampar
e0bfb0503c
Minor language update
2013-08-30 09:55:57 +02:00
Miroslav Stampar
28eca2116f
Fix for an Issue #513
2013-08-27 13:55:38 +02:00
Miroslav Stampar
7cb3ea20dd
Minor patch for a problem noticed yesterday too (in some cases if Ctrl-C is pressed sent is most probably a None value)
2013-08-23 11:59:58 +02:00
Miroslav Stampar
88b992ad83
Fixing a bug noticed during the yesterday's AppSecEU presentation (--headers='user-agent:foobar*' was not working properly)
2013-08-23 11:54:08 +02:00
Miroslav Stampar
0cf2bdeb1c
Minor language update
2013-08-22 11:11:30 +02:00
Miroslav Stampar
bc19f40d09
Minor update
2013-08-22 10:44:21 +02:00
Miroslav Stampar
23f2c5f166
Finishing implementation for an Issue #58
2013-08-20 19:35:49 +02:00
Miroslav Stampar
c586559e30
Patch for an Issue #510
2013-08-20 18:54:32 +02:00
Miroslav Stampar
6cc0cf3702
Minor comment update
2013-08-20 18:36:31 +02:00
Miroslav Stampar
1f2c8fbf59
Fix for an Issue #500
2013-08-13 20:40:36 +02:00
Miroslav Stampar
38ee95e2c9
Minor language update
2013-08-13 18:58:24 +02:00
Miroslav Stampar
52a71546d0
Implementation for an Issue #507
2013-08-13 18:55:23 +02:00
Miroslav Stampar
4929cff0c0
Minor update
2013-08-13 06:42:49 +02:00
bladeswords
6d756317c3
Remove debugging which prevents sqlmap from running smoothly
2013-08-13 13:58:45 +10:00
Miroslav Stampar
b2855e0281
Minor patch
2013-08-12 14:25:51 +02:00
Miroslav Stampar
a711c9ed36
Minor cleanup and initial work for #58
2013-08-09 14:13:48 +02:00
Miroslav Stampar
4beef0900d
Minor language fix (we support SOCKS proxy settings too)
2013-08-09 13:58:42 +02:00
Miroslav Stampar
1088011bf0
Adding new binary file formats for excluding in crawling
2013-08-02 23:07:13 +02:00
Miroslav Stampar
32c1cb20f5
Fix for an Issue #497
2013-08-01 19:48:20 +02:00
Miroslav Stampar
953b5815d8
Implementation for an Issue #496
2013-07-31 21:15:03 +02:00
Miroslav Stampar
6b826ef64d
Reintroducing option --cookie-del
2013-07-31 20:41:19 +02:00
Miroslav Stampar
ca44b23d20
Implementation for --eval to support cookies
2013-07-31 17:29:16 +02:00
Miroslav Stampar
eaacbe0b12
Minor language fix
2013-07-31 09:24:34 +02:00
Miroslav Stampar
941b2387c0
Minor fix
2013-07-31 09:22:45 +02:00
Miroslav Stampar
4f58e0af0c
Minor fix
2013-07-31 08:45:04 +02:00
Miroslav Stampar
a585aa4bff
Adding support for ~
2013-07-29 20:42:29 +02:00
Miroslav Stampar
de31688c4f
Update for an Issue #481
2013-07-29 18:25:27 +02:00
Miroslav Stampar
b921ff0729
Fix for an Issue #495
2013-07-27 11:20:43 +02:00
stamparm
dbb0d7f700
Important fix (Issue #489 ) - we had a bad presumption than only public schema could be used for enumeration (while all schemas inside a current db could be used)
2013-07-19 13:24:35 +02:00
stamparm
28cd50b2f1
Patch for an Issue #490
2013-07-16 14:08:32 +02:00
stamparm
e6f71c2130
Making 10% less requests in futile higher level/risk runs (using static template payloads for where==NEGATIVE)
2013-07-15 16:24:49 +02:00
stamparm
c9d3974205
Minor fix (templatePayload had duplicate string patterns for where==NEGATIVE)
2013-07-15 13:54:02 +02:00
stamparm
ac2d40e259
Revert of last commit (there is a chance that that big integer value is really valid :)
2013-07-15 13:34:38 +02:00
stamparm
a097ee1505
Switching --invalid-bignum to a pure integer constant (more generic - more statements require pure integer constant)
2013-07-15 13:31:56 +02:00
Miroslav Stampar
f54082111d
Better way how to deal with required extensions
2013-07-13 19:25:49 +02:00
Miroslav Stampar
3f6d4083a7
Minor language update
2013-07-13 17:19:16 +02:00
Miroslav Stampar
31efabfca1
Appropriate error messaging when one of core libraries are missing due to erroneous Python build
2013-07-13 16:07:36 +02:00
Miroslav Stampar
4d9f8ad0dd
Commit related to the last one
2013-07-13 12:00:03 +02:00
stamparm
dc1623a40f
Fix for a bug reported over ML (error: unbalanced parenthesis)
2013-07-11 10:20:58 +02:00
stamparm
01159575b2
Fix for an Issue #488
2013-07-11 10:11:43 +02:00
stamparm
1ae68b9bb3
Update for an Issue #405 (fix for usage of old 'complete' data from previous runs)
2013-07-10 17:18:09 +02:00
stamparm
f6c7b398fd
Update for an Issue #405 (fix for persistent options problem)
2013-07-10 16:57:44 +02:00
stamparm
aad102378a
Fix for an Issue #487
2013-07-09 11:00:43 +02:00
stamparm
be5ce760b6
Fix for an Issue #485 (failing back to single-thread mode if over some bisection length)
2013-07-09 10:24:48 +02:00
stamparm
d7c0805e7c
Removing leftover
2013-07-08 12:45:02 +02:00
stamparm
a548eb5c70
Minor text update
2013-07-08 12:44:14 +02:00
stamparm
d0e79a4d15
Minor text update
2013-07-08 12:38:36 +02:00
stamparm
a530817727
Minor typo fix
2013-07-08 11:52:46 +02:00
stamparm
8d3435ab0b
Removing reflective warning for parsing heuristic test
2013-07-08 11:48:33 +02:00
stamparm
db536427f0
Adding a question for storing hashes to a temporary file (after a mention of it on Twitter)
2013-07-04 15:34:00 +02:00
stamparm
f97b35dcc1
Patch for an Issue #475
2013-07-01 13:43:38 +02:00
stamparm
017ce22a2f
Minor consistency patch (Issue #475 )
2013-07-01 13:01:53 +02:00
stamparm
5ff09aff63
Some more adjustments (Issue #475 )
2013-07-01 12:50:12 +02:00
stamparm
04046f38eb
Minor update (Issue #475 )
2013-07-01 12:26:57 +02:00
stamparm
f7d15cb465
Official naming is HSQLDB (and/or HyperSQL)
2013-07-01 11:57:47 +02:00
Miroslav Stampar
aeb83ba651
Merge pull request #475 from Meatballs1/hsql_clean
...
HSQL Payloads and Query Support
2013-07-01 02:38:04 -07:00
Miroslav Stampar
a1842f44f5
Fix for an Issue #477
2013-06-29 20:55:48 +02:00
stamparm
fd5b665f7d
Removing arithmetic operations from false positive checking to minimize affect of character filtering ('>' and '=' have to stay because those are minimal requirements)
2013-06-26 10:55:34 +02:00
Meatballs
4595b2c287
decodeHexValue
2013-06-24 23:45:39 +01:00
Meatballs
09e1dc814d
Fix concat
2013-06-24 23:20:34 +01:00
Meatballs
ed40a76c9d
Fix dummy table
2013-06-24 23:18:47 +01:00
Meatballs
9212b05eeb
Add call to execute statements
2013-06-24 15:01:44 +01:00
Meatballs
62000c6406
Remaining files
2013-06-24 14:42:58 +01:00
Meatballs
7b6cc3d183
Add hsql settings
2013-06-24 14:38:44 +01:00
Meatballs
20a5d9a16e
Include HSQL dummy table
2013-06-24 14:37:42 +01:00
Miroslav Stampar
0355e29b7c
Minor fix (NoneType has no attribute split)
2013-06-24 14:49:53 +02:00
Miroslav Stampar
95ed6b7203
Minor patch (Issue #470 )
2013-06-24 14:37:45 +02:00
Miroslav Stampar
fca6772df6
Implementation for an Issue #468
2013-06-22 00:13:46 +02:00
Bernardo Damele
a72096a345
slightly more appropriate definition of output variable
2013-06-19 20:25:01 +01:00
Bernardo Damele
cae108d9fc
careful at merging pull requests with TABs ( #466 )
2013-06-19 19:49:53 +01:00
stamparm
a53823f9b7
Minor refactoring
2013-06-19 10:59:26 +02:00
stamparm
690645f6c7
Cosmetic fix
2013-06-19 10:50:00 +02:00
stamparm
a7787e83b8
Minor fix for case-insensitive union duplicates
2013-06-18 12:52:36 +02:00
Miroslav Stampar
aff7092736
Merge pull request #466 from Meatballs1/xp_cmdshell_output
...
Unable to retrieve XP_Cmdshell Output
2013-06-18 00:47:08 -07:00
stamparm
9a6f5a95f5
Minor patch for SQLAlchemy/MSSQL
2013-06-18 09:36:09 +02:00
Meatballs
c5087399c1
Fix exception if init technique not available
2013-06-16 10:47:27 +01:00
Meatballs
2c98507f1e
Add better error msg
2013-06-16 10:27:08 +01:00
Meatballs
caa326774c
Fallback to blind
2013-06-16 10:22:20 +01:00
Miroslav Stampar
63d0e9bb12
Adding support for MsSQL >=2012 hash format (based on commit 70107f74f0be5357654f170a3f321e3e55e81881)
2013-06-13 21:50:35 +02:00
Miroslav Stampar
f185e5cdd5
Fix for an Issue #463
2013-06-10 22:26:34 +02:00
Miroslav Stampar
cdb434805a
Using alpha character as a boundary in union/error techniques (instead of ':') to support wider range of (output filtering) cases
2013-06-10 22:14:45 +02:00
Miroslav Stampar
6f49b96a2d
Fix for an Issue #462
2013-06-10 12:20:58 +02:00
Miroslav Stampar
3583f45ee7
Fix for an Issue #461
2013-06-10 11:44:56 +02:00
Miroslav Stampar
39612b5d87
Fix for an Issue #457
2013-06-04 23:46:39 +02:00
Miroslav Stampar
c1592e8508
Code refactoring (moving import ctypes to be used only when needed)
2013-06-04 22:23:44 +02:00
Miroslav Stampar
3e0f747fad
Minor fix
2013-06-04 00:05:25 +02:00
Miroslav Stampar
213d0ecfb9
Minor fix
2013-06-03 23:32:57 +02:00
Miroslav Stampar
edc9da1226
Minor refactoring
2013-06-03 15:14:56 +02:00
Miroslav Stampar
351c70b390
Locale module screws string.letters, etc. in some cases (e.g. IDLE run)
2013-06-01 14:06:58 +02:00
Miroslav Stampar
b7989f93c5
Trivial update regarding last commit
2013-05-30 12:04:56 +02:00
Miroslav Stampar
ed8f16e754
Minor update on user's request
2013-05-30 12:01:13 +02:00
Miroslav Stampar
12870e6ff3
Minor fix
2013-05-30 11:42:27 +02:00
Miroslav Stampar
793a8ad349
Minor fix
2013-05-30 11:38:24 +02:00
stamparm
f4ca4cd6c5
Minor update
2013-05-29 15:49:09 +02:00
stamparm
c3038fcb65
Minor cosmetic update
2013-05-29 15:46:59 +02:00
stamparm
8fbf4b11d2
Trivial update regarding last commit
2013-05-29 15:45:13 +02:00
stamparm
dfd6ee20bb
Patch for an Issue #454
2013-05-29 15:26:11 +02:00
stamparm
60df3e9d1e
Minor cosmetic update (displaying 'Technique: DIRECT' instead of 'Technique: None' in case of direct access)
2013-05-29 15:04:14 +02:00
stamparm
e28b056028
Dummy fix
2013-05-29 14:26:00 +02:00
stamparm
6b280d8da4
Putting 2 decimal places for debug messages with performed queries (e.g. to handle a problem with 0 seconds roundup)
2013-05-28 14:40:45 +02:00
stamparm
bc4e1dab19
Getting rid of those ugly warning messages
2013-05-28 11:24:56 +02:00
stamparm
659c0bb418
Minor fix
2013-05-27 10:38:47 +02:00
Miroslav Stampar
f3f752d85c
Patch for an Issue #452
2013-05-25 18:52:59 +02:00
Miroslav Stampar
a85a0e53de
Fix for an Issue 'ValueError: Invalid IPv6 URL'
2013-05-25 18:00:21 +02:00
Miroslav Stampar
e18796dbe1
Minor style update
2013-05-25 18:00:20 +02:00
Miroslav Stampar
e7ddc2fcab
Minor fix
2013-05-23 12:57:33 +04:00
Miroslav Stampar
eb8e12b7c2
Minor adjustment (for headers like 'name: http://asdas ')
2013-05-23 11:29:43 +04:00
stamparm
1b3f1a4016
More appropriate naming (also, preventing ambiguities with --smart)
2013-05-22 23:21:43 +04:00
stamparm
4b2cf07262
Minor style update
2013-05-20 16:15:35 +02:00
Miroslav Stampar
1a4ea186ca
Consistency fix
2013-05-19 23:00:40 +02:00
Miroslav Stampar
d3ad408a21
Minor cosmetics
2013-05-19 22:17:53 +02:00
Miroslav Stampar
4f49dad2ba
Minor cosmetics
2013-05-19 01:19:54 +02:00
Miroslav Stampar
6cfcc1af63
Minor cosmetic
2013-05-19 01:17:22 +02:00
Miroslav Stampar
ea5c742595
Update (lagging checking is now always done once when time based compare is done; not only in case if statistical model is being filled)
2013-05-18 21:30:21 +02:00
Miroslav Stampar
980a0e3adb
Trivial update
2013-05-18 21:00:53 +02:00
Miroslav Stampar
1ff98c2ff9
Another minor text update
2013-05-18 21:00:11 +02:00
Miroslav Stampar
967513e1bb
Minor message update
2013-05-18 20:59:23 +02:00
Miroslav Stampar
caa4ee96cd
Minor cosmetic update
2013-05-18 18:28:44 +02:00
Miroslav Stampar
6608410320
Adding a question after WAF has been identified
2013-05-18 18:26:40 +02:00
Miroslav Stampar
b2b3b3b5a6
Minor bug fix (level names not properly used in non-logger output)
2013-05-18 16:44:21 +02:00
Miroslav Stampar
f24c8c6b6b
Changing logging type to warning for parsed error messages
2013-05-18 16:17:56 +02:00
Miroslav Stampar
dcea745576
Minor update (not displaying safe enclosings in table dumps)
2013-05-18 16:13:34 +02:00
Miroslav Stampar
e528ea8208
Minor language fix
2013-05-18 16:02:34 +02:00
stamparm
03732d2592
Minor fix
2013-05-17 16:04:05 +02:00
stamparm
b26ecfe087
Patch for an Issue #449
2013-05-17 15:14:51 +02:00
stamparm
76b4e1ccb9
Implementation for an Issue #450
2013-05-17 15:04:25 +02:00
stamparm
7ba9e75c97
Minor update related to the last commit
2013-05-16 15:23:20 +02:00
stamparm
7ea8dd9428
MySQL is specific (types are automatically being converted without any warning/error)
2013-05-16 15:12:36 +02:00
stamparm
f1f34a65a2
Minor update
2013-05-15 13:38:26 +02:00
stamparm
41f0e91662
Minor update (related to last commit)
2013-05-13 14:50:03 +02:00
stamparm
cb9ea67c8d
Code refactoring (moving progress.py to lib/utils)
2013-05-13 14:48:39 +02:00
stamparm
936815128d
Minor fix
2013-05-13 13:42:43 +02:00
Miroslav Stampar
034e123b0c
Minor fix (to accept -p cookie without need for raising --level / as it's already done for referer and user_agent)
2013-05-12 16:24:13 +02:00
Miroslav Stampar
6676eaf88f
Minor fix
2013-05-12 14:02:50 +02:00
Miroslav Stampar
f8cef1fc6f
Minor fix for a test case 211
2013-05-09 21:20:17 +02:00
stamparm
8b64709c17
Completing implementation for an Issue #189 (union)
2013-05-09 16:36:03 +02:00
stamparm
3873805dab
Partial implementation for an Issue #189 (error-based; still partial union left)
2013-05-09 16:23:57 +02:00
stamparm
9fe5a8832f
Update for an Issue #189 (code refactoring of ProgressBar so it could be ready for usage in non-inference cases out of box)
2013-05-09 15:52:18 +02:00
stamparm
fc57b7565d
Implementation for an Issue #432
2013-05-09 14:26:29 +02:00
stamparm
03be419d5d
Fix for an Issue #447
2013-05-07 13:25:30 +02:00
stamparm
2bfdac5ebc
Minor update for crawler
2013-04-30 18:32:46 +02:00
stamparm
887109a12d
Minor bug fix (for not displaying heuristic detected page charset None)
2013-04-30 18:16:32 +02:00
stamparm
ebe8ee3500
Fix for crawler and redirection case
2013-04-30 18:08:26 +02:00
stamparm
09e7f4f697
Minor bug fix regarding traffic logging of redirected requests
2013-04-30 17:46:26 +02:00
stamparm
3c110b3620
Minor bug fix
2013-04-30 16:40:16 +02:00
stamparm
bdb9219e9b
Minor revert
2013-04-30 14:41:38 +02:00
stamparm
d2a5548889
Some more reordering
2013-04-30 14:32:11 +02:00
stamparm
16866119b8
Another minor update
2013-04-30 14:11:56 +02:00
stamparm
08fbfda5d2
Minor update
2013-04-30 14:06:04 +02:00
stamparm
69e3a2cb9e
Minor update
2013-04-30 14:06:04 +02:00
stamparm
03c4eb8338
Minor update
2013-04-30 14:06:04 +02:00
stamparm
214d9aaf4b
Language fix
2013-04-30 14:06:04 +02:00
stamparm
3266c6c1f1
Language fix
2013-04-30 14:06:04 +02:00
Bernardo Damele
9f1e644f23
language fixes
2013-04-30 11:44:47 +01:00
stamparm
46557198a5
Minor update of doc root names
2013-04-29 11:29:59 +02:00
stamparm
1035ee9c3d
Patch for an Issue #442
2013-04-26 14:49:24 +02:00
Miroslav Stampar
beab72a180
Minor language update
2013-04-25 19:55:45 +02:00
stamparm
63d7707346
Adding support for appending to the existing table dump if --start/--stop is used
2013-04-24 16:08:40 +02:00
stamparm
e3a02f56e6
Just in case for --force-ssl (if url is returned in e.g. refresh toward the target)
2013-04-24 12:35:39 +02:00
stamparm
42a73d8e0b
Minor language update
2013-04-24 12:10:06 +02:00
stamparm
8d382f00e8
Minor style update
2013-04-22 11:38:47 +02:00
Miroslav Stampar
a475116853
Minor check
2013-04-21 21:42:23 +02:00
stamparm
0d92145fc6
Minor bug fix
2013-04-19 15:40:25 +02:00
stamparm
0cb3ce5765
Bug fix (maybe it will have repercusions in future as this was a silent bug)
2013-04-19 10:10:06 +02:00
stamparm
b7d4afcc63
Moving '--pivot-column' to a General section (Issue #437 )
2013-04-18 17:12:32 +02:00
stamparm
9d045e14e8
Implementation for an Issue #437
2013-04-18 17:06:45 +02:00
stamparm
2defc30dc6
From now on --dbms-cred can be used also in combination with -d (more flexibility as spotted that one user used in that way on ML)
2013-04-17 11:12:15 +02:00
stamparm
feed2274c3
Patch for an Issue #435
2013-04-17 10:48:17 +02:00
stamparm
c73489aff3
Adding a couple of new option validation checks
2013-04-16 14:31:10 +02:00
stamparm
7204ec5616
Adding a basic validation check (-d with --url)
2013-04-16 14:23:27 +02:00
stamparm
6fed1921ed
Bug fix (there are cases when provided kwargs containing explicit None values while we want to use the alternative in those kind of cases; there was an intention in original code, while the implementation was buggy)
2013-04-16 14:17:41 +02:00
Miroslav Stampar
840ee26a14
If SQLAlchemy is available and it has problems while connecting then it should be smarter to not force the other (standard) method - if available
2013-04-15 18:42:26 +02:00
stamparm
de99717b00
Disable sqlalchemy warnings if applicable
2013-04-15 16:29:08 +02:00
stamparm
1c2197e8de
Minor bug fix for an Issue #361 (removal of that ugly garbage clean warning message after sqlmap ends)
2013-04-15 16:18:40 +02:00
stamparm
6ab2e8eca4
Trivial style update
2013-04-15 16:09:04 +02:00
stamparm
a3d36fcb73
Minor update
2013-04-15 16:07:27 +02:00
stamparm
140cffbde2
Patch for an Issue #434
2013-04-15 15:57:28 +02:00
stamparm
9ccbdb3fdf
Added a check for an Issue #361
2013-04-15 15:36:10 +02:00
stamparm
1c47b33020
Few bug fixes in -d (there were late values in payloads in some cases; sqlalchemy returns RowProxy for tuple)
2013-04-15 15:23:45 +02:00
stamparm
f936746423
Code restyling
2013-04-15 14:31:27 +02:00
stamparm
aed738d6e6
Update for an Issue #361
2013-04-15 14:20:21 +02:00
stamparm
a9a0d1a3f9
Minor update
2013-04-15 11:56:19 +02:00
stamparm
10fbeaed7b
Code refactoring
2013-04-15 11:49:11 +02:00
stamparm
349f885f08
Minor patch
2013-04-15 11:41:53 +02:00
stamparm
8853e43616
Applying patch from Brandon Perry via ML
2013-04-15 11:01:07 +02:00
stamparm
3e65037a05
Introducing lib/utils/sqlalchemy.py (Issue #361 )
2013-04-15 10:33:25 +02:00
Miroslav Stampar
b6fee638ef
Neutralizing time of cookie expiration (in case of --load-cookies)
2013-04-14 01:13:08 +02:00
Miroslav Stampar
ed5599f489
In case that cookie file is given and cookie header inside request file clashes with one of contained cookies, give cookie file greater priority
2013-04-12 19:20:33 +02:00
stamparm
7edd7ee2aa
Trivial code change
2013-04-12 16:25:24 +02:00
Miroslav Stampar
73917fc9c8
Minor update (same, but safer)
2013-04-11 21:25:44 +02:00
Miroslav Stampar
0b449bb1d9
Fix for an Issue #433
2013-04-10 19:33:31 +02:00
stamparm
f67148a9a4
Update for an Issue #431
2013-04-10 16:43:57 +02:00
stamparm
661b44135d
Minor bug fix
2013-04-10 11:59:07 +02:00
stamparm
8c9da95343
Style and consistency update (url -> URL)
2013-04-09 11:48:42 +02:00
stamparm
3948b527dd
Update for an Issue #429
2013-04-09 11:36:33 +02:00
stamparm
91054099aa
Minor style update
2013-04-09 10:42:58 +02:00
stamparm
cce541cc33
Patch for an Issue #429
2013-04-09 10:39:20 +02:00
stamparm
33e9b3c451
Minor style update
2013-04-09 10:39:20 +02:00
Miroslav Stampar
7614c815ed
Minor update/patch
2013-04-07 21:32:03 +02:00
Miroslav Stampar
240e9f3f7e
Minor patch
2013-04-07 11:02:43 +02:00
Miroslav Stampar
50ac3aab7a
Minor patch
2013-04-06 01:56:24 +02:00
stamparm
a75d3ed0b8
Minor style update
2013-04-06 01:56:23 +02:00
Miroslav Stampar
df4fd82515
Minor update
2013-04-03 23:27:27 +02:00
Miroslav Stampar
c75a2d0c40
Minor patch
2013-04-03 21:31:37 +02:00
Miroslav Stampar
153aa10b77
Minor cosmetic update
2013-04-03 19:00:54 +02:00
Miroslav Stampar
f387333415
Minor cosmetics
2013-04-02 17:34:56 +02:00
Miroslav Stampar
4b5335a323
Moving --force-ssl from [Request] to [General] options
2013-04-02 17:18:21 +02:00
Miroslav Stampar
76a0d20799
Minor patch
2013-04-01 22:18:41 +02:00
Miroslav Stampar
b67f342975
Minor patch
2013-04-01 17:32:16 +02:00
stamparm
a371f182ac
Minor patch (previous combination is not working well with oriental characters - 0 length normalized unicode string is being returned)
2013-03-28 15:37:14 +01:00
stamparm
e1ffdde532
Little cleaning a mess with url encoding and post hint types
2013-03-27 13:39:27 +01:00
Miroslav Stampar
c19a283434
Minor patch
2013-03-26 20:06:50 +01:00
stamparm
7accba4cf9
Minor update
2013-03-26 16:10:41 +01:00
stamparm
0882fe0ce3
Minor update related to the last two
2013-03-26 16:04:56 +01:00
stamparm
eb1bfc20cb
Update related to the last commit
2013-03-26 15:36:44 +01:00
stamparm
2fe6aea0eb
Minor fix
2013-03-26 15:07:14 +01:00
stamparm
825aa4b8dd
Minor language update
2013-03-26 14:27:51 +01:00
stamparm
5dd2529b02
Minor language update
2013-03-26 14:18:37 +01:00
stamparm
4d2b77dde3
Minor language update
2013-03-26 14:15:40 +01:00
stamparm
473a39b820
Minor language fix
2013-03-26 14:11:17 +01:00
stamparm
3f8dafedae
Minor text update
2013-03-26 14:08:35 +01:00
stamparm
ad039c335d
Implementation for an Issue #423
2013-03-21 11:28:44 +01:00
stamparm
3740a97cc9
Adding a --version switch like all command line programs have
2013-03-20 11:44:09 +01:00
stamparm
7447773237
Update for consistency (all other enums are using _ in between words)
2013-03-20 11:10:24 +01:00
stamparm
ae6ce7db30
Removal of unused imports
2013-03-20 10:44:15 +01:00
Miroslav Stampar
8acf033715
Code refactoring
2013-03-19 19:24:14 +01:00
Miroslav Stampar
a3d9a7b1ff
Minor fix
2013-03-19 19:06:51 +01:00
stamparm
d1ae62b22b
Patch for an Issue #422
2013-03-19 12:27:49 +01:00
stamparm
6969874c02
Switch --no-cast is incompatible with switch --hex (integer values are not being casted in case of --no-cast --hex which is causing unwanted decodings of returned values)
2013-03-19 10:52:37 +01:00
stamparm
10e6c70c22
Trivial style update (undoing last dummy commit)
2013-03-19 10:43:29 +01:00
stamparm
70265fd3b5
Trivial style update
2013-03-19 10:43:03 +01:00
stamparm
5adac57ca9
Trivial style update
2013-03-19 10:42:50 +01:00
stamparm
558ef0aaff
Minor fix
2013-03-19 10:42:20 +01:00
stamparm
e226006766
Trivial fix
2013-03-18 13:29:55 +01:00
stamparm
5e02bcbd58
Minor adjustment
2013-03-18 12:16:16 +01:00
stamparm
7111cdabe3
Minor cosmetics
2013-03-18 11:41:15 +01:00
Miroslav Stampar
5df1f5528e
More general update for an Issue #421
2013-03-15 22:49:09 +01:00
Miroslav Stampar
f0a419bdec
Patch for an Issue #421
2013-03-15 22:08:15 +01:00
Miroslav Stampar
596cf95040
Minor fix
2013-03-15 17:22:33 +01:00
Miroslav Stampar
ff4e62ff90
Minor cosmetics
2013-03-15 17:00:01 +01:00
Miroslav Stampar
4010df307e
Trivial cosmetics
2013-03-15 16:37:52 +01:00
Miroslav Stampar
4cb378ce3e
Another update for an Issue #352 and couple of fixes
2013-03-13 21:57:09 +01:00
Miroslav Stampar
b35122a42c
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-03-13 19:52:17 +01:00
Miroslav Stampar
eb08c8d752
Another update for an Issue #352
2013-03-13 19:42:22 +01:00
Bernardo Damele
dea62189b2
fixes #420
2013-03-12 22:16:42 +00:00
Miroslav Stampar
2f43c3eb9b
Minor fix (digest live test case) and some refactoring
2013-03-12 21:16:44 +01:00
Miroslav Stampar
65306f1ac1
Update for an Issue #352
2013-03-12 20:10:32 +01:00
Miroslav Stampar
db0a1e58b9
Update for an Issue #352
2013-03-11 14:58:05 +01:00
Miroslav Stampar
d6fc10092f
Minor refactoring
2013-03-11 13:31:50 +01:00
Miroslav Stampar
84a5bdb9cf
Trivial cosmetics
2013-03-09 19:41:24 +01:00
Miroslav Stampar
79d6a0e9c9
Using binary data in dummy mode
2013-03-09 19:40:24 +01:00
Miroslav Stampar
1e731f87a4
Patch for an Issue #419 (Authentication header is now properly being cached - no more one reauth per each request)
2013-03-09 19:33:04 +01:00
Miroslav Stampar
8e6692d793
Minor fix (for JSON values with :)
2013-03-05 20:12:24 +01:00
Miroslav Stampar
e9b86350f1
Patch for an Issue #403
2013-03-05 18:32:31 +01:00
Miroslav Stampar
62980d7d5a
Automatically decoding url encoded data in response
2013-03-05 17:32:10 +01:00
Miroslav Stampar
9e49d8c68f
Adding support for SHA2 hash functions
2013-03-05 11:04:46 +01:00
Miroslav Stampar
2ada9e9b84
Patch for an Issue Issue #416
2013-03-04 18:05:40 +01:00
Miroslav Stampar
084cfc797a
Fix for an Issue #415
2013-03-02 09:55:12 +01:00
Martin Bjerregaard Jepsen
d7a77c79ad
Fixed incorrect call to checkBooleanExpression when testing for false positives
2013-03-01 22:51:34 +01:00
stamparm
3a3f9c5ea1
Trivial commit related to the last one
2013-03-01 12:09:03 +01:00
stamparm
55f33da85a
Fix for invalid logical test cases
2013-03-01 12:04:49 +01:00
stamparm
440b484bf6
Minor update (one more just in case dummy request in false positive check for time-based injections - when DBMS could be unresponsive a bit due to previous heavy-queries)
2013-03-01 10:59:04 +01:00
Miroslav Stampar
e42350ddce
Minor style update
2013-02-28 20:28:34 +01:00
Miroslav Stampar
0e89cc62a2
Adding a hidden switch --dummy used for dummy runs (getPage() returns random data) - usefull for testing purposes for skipping connections
2013-02-28 20:20:08 +01:00
stamparm
9ef79df23d
Cleaning up cases with Set-Cookie (conf.cj is handling it automatically; also, default redirector needed to be patched)
2013-02-28 13:51:08 +01:00
stamparm
be50192d8d
Refactoring WAF scripts
2013-02-26 15:54:50 +01:00
stamparm
e5835dc74f
Update for WAF scripts
2013-02-26 15:30:11 +01:00
stamparm
17fa0f568c
Minor patch for an Issue #404
2013-02-26 12:55:09 +01:00
stamparm
ecbcd4afe6
Minor update
2013-02-26 12:55:09 +01:00
stamparm
af4762ace2
Minor style update
2013-02-26 11:16:09 +01:00
stamparm
f6b43b4b13
Minor update for an Issue #290
2013-02-26 11:08:06 +01:00
stamparm
e5e39bc682
Fix for an Issue #410
2013-02-25 11:07:30 +01:00
stamparm
6fbd902265
Minor refactoring (Issue #411 )
2013-02-25 10:44:04 +01:00
stamparm
7127869ede
Minor bug fix (live test specific verbosity should be valid only inside of it)
2013-02-22 17:26:48 +01:00
stamparm
68ce51bfd4
Changing from warn to info for no WAF found
2013-02-22 12:15:38 +01:00
stamparm
ad471368f5
Fixing a display bug (cases where messages are just appended after the readInput line in batch mode) introduced with b472d9809a
2013-02-22 11:42:09 +01:00
stamparm
0bbbfc2eac
Adding a small warning message (related to the Issue #407 )
2013-02-22 11:12:41 +01:00
stamparm
42cbd94fa4
Better update regarding 6acb2480b8
2013-02-22 10:49:45 +01:00
stamparm
44a46d2b10
Fix for an Issue #409
2013-02-22 10:18:22 +01:00
Miroslav Stampar
6acb2480b8
Adding WAF script for SecureIIS
2013-02-21 21:34:26 +01:00
Miroslav Stampar
229e4e167b
Minor cosmetics
2013-02-21 21:06:31 +01:00
stamparm
3a8c0cd3a2
Minor style update
2013-02-21 14:52:56 +01:00
stamparm
29ba43ee6c
Unhidding switch '--identify-waf' (Issue #290 )
2013-02-21 14:48:19 +01:00
stamparm
08f0670aca
Minor refactoring for an Issue #290
2013-02-21 14:39:22 +01:00
stamparm
8e49872d7c
Finalizing implementation for an Issue #290
2013-02-21 14:33:12 +01:00
stamparm
6b2981ef4e
Update for an Issue #290 (adding tamper-like scripts into (new) directory waf)
2013-02-21 11:14:57 +01:00
stamparm
69063947b6
Debug message should go with logging.DEBUG
2013-02-19 09:46:51 +01:00
Bernardo Damele
d7247a51ee
do not prompt constantly if the page is not found
2013-02-18 18:08:20 +00:00
Miroslav Stampar
7f293afe74
Proper escaping for SQL identificators in Oracle (also, revert for 9b5f33560b
)
2013-02-18 15:18:53 +01:00
Miroslav Stampar
5c099efccc
Fix for an Issue #401
2013-02-18 11:38:18 +01:00
Miroslav Stampar
9b5f33560b
Oracle is too specific (only column names can be enclosed) - removing it
2013-02-15 17:36:58 +01:00
Miroslav Stampar
bf82506c1b
Oracle can't enclose table names with double quotations
2013-02-15 17:36:58 +01:00
Miroslav Stampar
1b3d749488
Proper fix related to the last commit/revert
2013-02-15 17:36:58 +01:00
Miroslav Stampar
5a793cbc7c
Minor revert
2013-02-15 17:36:58 +01:00
Miroslav Stampar
799bd51c2e
Minor fix when two readInput/dataToStdout are called one at a time
2013-02-15 17:36:58 +01:00
Miroslav Stampar
97c06854a4
Minor fixes
2013-02-15 17:36:58 +01:00
Bernardo Damele
0e7f771be6
minor adjustment
2013-02-15 16:28:09 +00:00
Bernardo Damele
35aa785870
bug fix to make --predict-output work also with time-based technique
2013-02-15 16:25:33 +00:00
Miroslav Stampar
014e4e0055
Minor represenation fix
2013-02-15 14:48:24 +01:00
Bernardo Damele
63ddeb9008
unnecessary variable
2013-02-15 13:26:28 +00:00
Miroslav Stampar
345d10a9e0
Consistency fix (everywhere else we show unsafe format of identificator names)
2013-02-15 14:05:14 +01:00
Bernardo Damele
b472d9809a
another consistency fix to readInput()
2013-02-15 09:35:09 +00:00
Bernardo Damele
32c8c67888
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-02-15 09:29:41 +00:00
Bernardo Damele
20c5f9a030
consistency fix
2013-02-15 09:29:36 +00:00
Miroslav Stampar
11bcf28d86
Fix for an Issue #399
2013-02-15 10:04:13 +01:00
Bernardo Damele
87db5d0dab
minor bug fix to avoid duplicates - #297
2013-02-15 00:53:05 +00:00
Bernardo Damele
c3f1e196e1
added missing parameter
2013-02-15 00:43:46 +00:00
Bernardo Damele
4727589135
code consistency
2013-02-15 00:17:13 +00:00
Miroslav Stampar
515be4ee0b
Minor just in case commit related to the last one
2013-02-14 19:58:10 +01:00
Miroslav Stampar
fef60b73f4
Minor update for proper display of [PAYLOAD] in JSON/XML/SOAP cases
2013-02-14 19:53:26 +01:00
Bernardo Damele
0c79d7b1e2
unnecessary import
2013-02-14 18:33:47 +00:00
Bernardo Damele
614ff6029d
working on #396 - handle the case when we dont have a web backdoor/file stager for the language API, added a few more log messages to give further information about what is going on, minor bug fix to docRoot
2013-02-14 18:31:14 +00:00
Bernardo Damele
3b38b20176
working on #396 - adaptation for the verification phase
2013-02-14 18:29:55 +00:00
Bernardo Damele
261db6ed4f
working on #396 - verify shellcodeexec executable has been properly uploaded
2013-02-14 18:29:35 +00:00
Bernardo Damele
4d5ecc3b03
working on #396 - verify icmpsh executable has been properly uploaded
2013-02-14 18:28:48 +00:00
Bernardo Damele
66cee83ca4
if needed, allow to reinitialize the environment for takeover - issue #396
2013-02-14 17:39:19 +00:00
Bernardo Damele
d91530f885
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-02-14 17:16:55 +00:00
Bernardo Damele
52264f544e
minor fix for Windows file paths, do not strip the windows drive letter
2013-02-14 17:16:49 +00:00
Miroslav Stampar
fdf00e4842
Fix for an Issue #397
2013-02-14 17:14:36 +01:00
Miroslav Stampar
368a2fd297
Fix for an Issue #393
2013-02-14 16:18:16 +01:00
Miroslav Stampar
f97f575018
Trivial restyling
2013-02-14 15:41:27 +01:00
Miroslav Stampar
605c5b089e
Minor style update
2013-02-14 15:38:44 +01:00
Miroslav Stampar
06d8547916
Implementation for an Issue #394
2013-02-14 15:38:44 +01:00
Miroslav Stampar
7944684ff2
This was supposed to be a separate commit (going to commit it in next one)
2013-02-14 15:38:44 +01:00
Miroslav Stampar
6c0054bc5f
Putting that ugly parameter xyz is not inside the Cookie into the debug messages
2013-02-14 15:38:44 +01:00
Bernardo Damele
d42d28392a
avoid tracebacks because the parameter does not exist
2013-02-14 13:18:33 +00:00
Bernardo Damele
646df37884
minor bug fix for --reg-read
2013-02-14 13:17:30 +00:00
Miroslav Stampar
c72353321d
Minor update for an Issue #392
2013-02-14 13:36:33 +01:00
Bernardo Damele
4b9d8ed673
reverted a previous commit as not all distributions create a link file /usr/bin/python2 to the Python interpreter
2013-02-14 11:32:17 +00:00
Bernardo Damele
2267dd8f47
working on #392 to fix --os-cmd and --os-shell output parsing
2013-02-14 11:31:20 +00:00
Bernardo Damele
cb6d549e57
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-02-14 11:25:12 +00:00
Bernardo Damele
a67ef4117f
make sure to use Python 2 interpreter when default system Python is version 3
2013-02-14 11:25:04 +00:00
Miroslav Stampar
efe1bf0ded
Minor fix (for those multiline cases like in MsSQL)
2013-02-14 12:20:40 +01:00
Miroslav Stampar
6629233de5
Minor update
2013-02-14 10:18:40 +01:00
Miroslav Stampar
a0b44da5d8
Minor fix for --threads>1 --binary-fields
2013-02-13 20:47:27 +01:00
Miroslav Stampar
0a4605644e
Minor fix for previous commit
2013-02-13 16:31:03 +01:00
Miroslav Stampar
2b121c938b
Minor fix
2013-02-13 16:24:21 +01:00
Miroslav Stampar
9b231f87d6
Minor bug fix (regarding Issue #379 ) - in case that two processes enter the same proc_count decrementing line sqlmap would halt
2013-02-13 15:31:50 +01:00
Miroslav Stampar
8138d1318e
Minor fix
2013-02-13 15:10:49 +01:00
Miroslav Stampar
c6d29e093e
Fixing issue with newlines after the data in -r mode
2013-02-13 12:36:01 +01:00
Miroslav Stampar
965fa04a33
Trivial update
2013-02-13 12:28:51 +01:00
Miroslav Stampar
d78a3e977b
Update (allowing regular char * to be inside SOAP/JSON/XML)
2013-02-13 12:24:42 +01:00
Miroslav Stampar
6314d64a70
Renaming --binary to --binary-fields
2013-02-13 11:27:03 +01:00
Miroslav Stampar
dd6f50a00e
Removing unused imports
2013-02-13 11:15:24 +01:00
Miroslav Stampar
7c802ed8cc
Minor fix
2013-02-13 11:14:45 +01:00
Miroslav Stampar
dc41484b3f
Refactoring of funcionality for finding out if stacking is available
2013-02-13 09:57:16 +01:00
Miroslav Stampar
8b4f72322a
Adding (for now hidden) option --binary (works like -C but deliberately retrieves data in hex format and displays in hex format)
2013-02-13 09:56:44 +01:00
Miroslav Stampar
1d42aba01e
Minor update regarding 093a93938c
(for goStacked to work properly with stacked conditional payloads - e.g. proper suffix/prefix)
2013-02-12 17:35:14 +01:00
Miroslav Stampar
c34f6e25b2
Minor fix for --eval (urldecoded values should be used inside evaluation)
2013-02-12 17:01:47 +01:00
Miroslav Stampar
6a98d375b1
More general except
2013-02-12 14:39:21 +01:00
Miroslav Stampar
212e92ea01
Minor update regarding --load-cookies (warning about expired ones)
2013-02-12 14:29:56 +01:00
Miroslav Stampar
c67b39d14d
Update for a last update
2013-02-12 12:58:15 +01:00
Miroslav Stampar
72984a578d
Update for --load-cookies
2013-02-12 12:42:12 +01:00
Miroslav Stampar
c2672e78fc
Support for multiple injection marks inside the same header value (Issue #48 )
2013-02-12 12:06:13 +01:00
Miroslav Stampar
c75560ba69
Minor bug fix (getting ? in < 0xf char cases)
2013-02-11 21:16:35 +01:00
Miroslav Stampar
7c06a937e5
Minor refactoring
2013-02-09 20:21:17 +01:00
Bernardo Damele
f970b4f240
minor adjustment fixing the regression test stall
2013-02-09 12:19:21 +00:00
Bernardo Damele
e48181e28d
another attempt to fix the stall during regression test
2013-02-09 12:16:56 +00:00
Bernardo Damele
138a846cf1
possible fix for regression test stall
2013-02-09 10:50:06 +00:00
Bernardo Damele
1596b9ed59
revert
2013-02-08 16:43:49 +00:00
Bernardo Damele
98864e425f
minor "fix"
2013-02-08 16:30:34 +00:00
Bernardo Damele
8b510c55fb
minor code cleanup
2013-02-08 16:29:16 +00:00
Miroslav Stampar
5aaf7f1aa6
BUG fix
2013-02-08 16:44:30 +01:00
Miroslav Stampar
c0e59d94a9
Better naming
2013-02-08 16:28:58 +01:00
Miroslav Stampar
cdfe43560b
Update for an Issue #207 (and a potential patch for regression tests)
2013-02-08 16:20:48 +01:00
Miroslav Stampar
ee1017a5a7
Minor fix
2013-02-08 13:46:39 +01:00
Bernardo Damele
d015bf98fc
renamed variable to avoid confusion
2013-02-07 14:19:07 +00:00
Bernardo Damele
07fe6d44fb
unnecessary condition here
2013-02-07 14:18:52 +00:00
Bernardo Damele
b477c56b52
first steps to allow multiple scans on the same taskid - issue #297
2013-02-07 00:05:26 +00:00
Bernardo Damele
dd6c73ea24
fixed --passwords output for API - #297
2013-02-06 21:45:51 +00:00
Bernardo Damele
21afba9571
got the partial output finally properly replaced by complete output in IPC database - #297
2013-02-06 21:32:26 +00:00
Bernardo Damele
5c8335876f
minor bug fix to make --disable-coloring work on log messages too
2013-02-06 21:04:54 +00:00
Bernardo Damele
2fa2f30d21
slighlty better, still not optimal
2013-02-06 17:45:52 +00:00
Bernardo Damele
477c66ac4b
minor refactoring and trivial bug fix
2013-02-06 17:45:25 +00:00
Bernardo Damele
e439c3d3f5
minor refactoring - #297
2013-02-06 17:09:43 +00:00
Bernardo Damele
b272b0574d
minor fix to reset partRun value - #297
2013-02-06 17:09:28 +00:00
Miroslav Stampar
060eac110a
Cleaner version checking
2013-02-06 10:28:17 +01:00
Miroslav Stampar
b1f31103f9
Removing that ugly disk I/O error in live testing mode
2013-02-05 17:04:42 +01:00
Miroslav Stampar
934808f53b
Fix for an Issue #379
2013-02-05 16:13:45 +01:00
Bernardo Damele
e03010f48b
got rid of unnecessary output for API - #297
2013-02-05 15:00:06 +00:00
Bernardo Damele
4428ad5345
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-02-05 14:43:14 +00:00
Bernardo Damele
f7d826fee1
first case where partial output is retrievable via RESTful API - issue #297
2013-02-05 14:43:03 +00:00
Miroslav Stampar
01219219fc
Minor bug fix (for --first/--last through problematic DBMSes)
2013-02-05 15:03:55 +01:00
Miroslav Stampar
31daefc7c9
Minor fix (skipping one uneccesary request in single-threaded --first/--last mode)
2013-02-05 13:51:35 +01:00
Miroslav Stampar
62772125e3
Bug fix for HTTPSCertAuthHandler
2013-02-05 12:16:06 +01:00
Miroslav Stampar
e836629215
Bug fixes for search (safeStringFormat should not replace all if given scalar values)
2013-02-05 11:37:49 +01:00
Miroslav Stampar
1618086027
Minor fix
2013-02-05 10:58:02 +01:00
Miroslav Stampar
9296bdd959
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-02-05 10:27:43 +01:00
Miroslav Stampar
4faa5f0f49
Fix for stalling in retrieving international letters (--technique=B)
2013-02-05 10:27:31 +01:00
Bernardo Damele
9d04ae5db5
minor improvement to temporary folder name
2013-02-05 09:11:38 +00:00
Miroslav Stampar
44579120b5
Cosmetics
2013-02-05 10:02:11 +01:00
Miroslav Stampar
74e82b2b53
Removing redundant check
2013-02-04 20:42:28 +01:00
Miroslav Stampar
cf8e5d535d
Minor cleanup
2013-02-04 20:15:44 +01:00
Miroslav Stampar
c5ae967fe0
Potential fix for an Issue #379
2013-02-04 17:43:58 +01:00
Miroslav Stampar
6cab3d4759
Minor update
2013-02-04 16:46:08 +01:00
Miroslav Stampar
4f2981f163
Minor fix
2013-02-04 16:37:54 +01:00
Miroslav Stampar
f4b8a3c1d8
Bug fix for boolean (multithreaded Ctrl+C) resumed values
2013-02-04 15:49:29 +01:00
Miroslav Stampar
5e4e863986
Bug fix (introduced with f1ab887c55
)
2013-02-04 15:31:28 +01:00
Miroslav Stampar
235153ab39
Removal of unused imports
2013-02-04 15:29:13 +01:00
Miroslav Stampar
7e1ff1bb8e
Same refactoring as the last commit
2013-02-04 15:26:44 +01:00
Bernardo Damele
9370f96a67
step by step getting there to partial output presentation to restful API (issue #297 ), not quite yet though..
2013-02-03 22:09:33 +00:00
Bernardo Damele
b55555e4e5
minor bug fix
2013-02-03 21:39:26 +00:00
Bernardo Damele
dc2bbbeaa7
minor revert
2013-02-03 20:55:58 +00:00
Bernardo Damele
df3cc38cd9
minor improvements
2013-02-03 15:39:07 +00:00
Bernardo Damele
bd1ea13b8d
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-02-03 11:31:12 +00:00
Bernardo Damele
f8bc74758c
improvement to restful API to store to IPC database partial entries, not yet functional (issue #297 )
2013-02-03 11:31:05 +00:00
Miroslav Stampar
e7b93b5b66
Implementation for an Issue #363
2013-02-01 17:24:04 +01:00
Miroslav Stampar
993372aae4
Bug fix (causing search problems)
2013-02-01 11:24:17 +01:00
Miroslav Stampar
6d942f92b5
Removing --check-payload (PHPIDS doesn't update rules lately; also, WAF/IDS/IPS is more than just regexes (unencoding, removing junk, etc.))
2013-02-01 10:03:06 +01:00
Miroslav Stampar
8d51b4b63a
Minor bug fix
2013-01-31 16:24:44 +01:00
Miroslav Stampar
d6606a8f31
Patch to prevent problems like Issue #381
2013-01-31 13:58:39 +01:00
Miroslav Stampar
cfcf8a3abb
Another update for an Issue #380 (--common-... switches)
2013-01-31 13:49:19 +01:00
Miroslav Stampar
f5844eabae
Valuable data is potentially lost if page not parsed in dump mode (e.g. --technique=B and error occuring) <- partial revert of previous optimization commit 10bdd90e60
2013-01-31 13:32:14 +01:00
Miroslav Stampar
2420a4b626
Update for an Issue #342 and #372
2013-01-31 10:01:52 +01:00
Miroslav Stampar
9b4eaa9272
Minor fix
2013-01-30 18:21:15 +01:00
Miroslav Stampar
fdea8ddea6
Starting to clean up a mess in Oracle's world of DISTINCT (part of Issue #342 and #372 )
2013-01-30 16:55:09 +01:00
Bernardo Damele
103045d284
variable renamed
2013-01-30 15:30:34 +00:00
Miroslav Stampar
f33bf06c88
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-30 11:38:20 +01:00
Bernardo Damele
6dfe91165d
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-30 10:34:51 +00:00
Bernardo Damele
8519717f25
minor fixes to --live-test
2013-01-30 10:32:56 +00:00
Miroslav Stampar
f391937083
Minor refactoring
2013-01-30 10:43:46 +01:00
Miroslav Stampar
d6fb0e8545
Update for an Issue #352
2013-01-30 10:38:11 +01:00
Miroslav Stampar
bd08ede117
Minor fine tuning
2013-01-29 21:06:02 +01:00
Miroslav Stampar
f41460f8d8
Better naming
2013-01-29 20:53:11 +01:00
Miroslav Stampar
95b922309c
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-29 20:50:40 +01:00
Bernardo Damele
e8bd3c9c9f
cosmetics
2013-01-29 17:00:28 +00:00
Bernardo Damele
8f36f92dd3
minor fix
2013-01-29 16:23:30 +00:00
Bernardo Damele
edd6699ed1
code refactoring and added /status method for scan (issue #297 )
2013-01-29 16:11:25 +00:00
Bernardo Damele
c47b44e93f
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-29 15:38:16 +00:00
Bernardo Damele
1152cf8958
increased SQLite connection timeout to 3 seconds, the object will now wait for the lock to go away max 3 seconds, no longer 1 only. Relevant code refactoring and minor improvements all over the API library (issue #297 )
2013-01-29 15:38:09 +00:00
Bernardo Damele
9677e0f910
more data content types for API (issue #297 )
2013-01-29 15:36:19 +00:00
Bernardo Damele
92ae8145df
ignore any non-relevant string: avoid storing to the API, careful this can introduce bugs but it is necessary at this stage of development (issue #297 )
2013-01-29 15:35:51 +00:00
Bernardo Damele
a56f4ec15c
techniques has to go too to the API (issue #297 )
2013-01-29 15:34:53 +00:00
Bernardo Damele
bfce7210e6
improvements to the dump library to output to the API data fetched properly formatted (issue #297 )
2013-01-29 15:34:20 +00:00
Bernardo Damele
eeecb3fe2c
split init() into two separate functions for API purposes (issue #297 )
2013-01-29 15:33:16 +00:00
Miroslav Stampar
a59ac8e27f
Trivial cosmetics
2013-01-29 16:30:38 +01:00
Miroslav Stampar
f4b7b3fd35
Minor cosmetics
2013-01-29 16:04:20 +01:00
Miroslav Stampar
9eca41bae2
Minor fix
2013-01-29 15:55:50 +01:00
Miroslav Stampar
a104de01d7
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-29 15:35:01 +01:00
Miroslav Stampar
7e73825ece
Minor cosmetics
2013-01-29 15:34:41 +01:00
Bernardo Damele
085495024f
minor adjustment
2013-01-29 01:44:57 +00:00
Bernardo Damele
f1ab887c55
major enhancement, code refactoring for issue #297
2013-01-29 01:39:27 +00:00
Bernardo Damele
d07881b6c3
apply a little bit of secure coding practices to the API
2013-01-27 12:26:40 +00:00
Bernardo Damele
cd4075f6a3
no raise, just pass at ctrl-c
2013-01-26 15:33:09 +00:00
Bernardo Damele
a0b9e0f1c5
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-25 17:11:38 +00:00
Bernardo Damele
195d17449e
first test of stdout/stderr redirect to a database when sqlmap is executed from restful API ( #297 )
2013-01-25 17:11:31 +00:00
Miroslav Stampar
c06f94e2c8
Fix for an Issue #378
2013-01-25 16:38:41 +01:00
Miroslav Stampar
8c84a16cb7
Minor style update for an Issue #377
2013-01-25 12:52:31 +01:00
Miroslav Stampar
479f791112
Minor fix
2013-01-25 12:41:51 +01:00
Miroslav Stampar
194a9e7b88
Implementation for an Issue #377
2013-01-25 12:34:57 +01:00
Bernardo Damele
5b3c8d8991
first implementation of asynchronous inter-protocol communication between the sqlmap RESTful API and the sqlmap engine with SQLite
2013-01-24 12:57:24 +00:00
Chris Frohoff
218a6a9695
fixed response header logging for header names with special chars
2013-01-23 11:10:25 -08:00
Bernardo Damele
f848f259a6
upper() -D value for certain DBMSes
2013-01-23 16:22:28 +00:00
Bernardo Damele
012815333c
minor bug fix to ignore provided -D when brute-forcing columns/tables names and the DBMS is either Access, Firebird or SQLite
2013-01-23 15:52:03 +00:00
Miroslav Stampar
232f8d3585
Fix for an Issue #368
2013-01-23 13:36:17 +01:00
Bernardo Damele
f4028bd7d2
minor adjustment
2013-01-23 02:10:38 +00:00
Bernardo Damele
d8a0e7eacb
fixes #187
2013-01-23 01:27:01 +00:00
Bernardo Damele
5635776173
proper SQLite 2 library
2013-01-22 18:56:25 +00:00
Bernardo Damele
dea15b5892
notify user if --udf-inject is provided but no stacked queries SQLi is detected
2013-01-22 18:28:48 +00:00
Miroslav Stampar
d6a361f859
Proper implementation for --technique=Q --dbms=Firebird
2013-01-22 16:31:26 +01:00
Miroslav Stampar
719c7f622b
Probable fix for --technique=Q --dbms=Firebird (but also other potential issues with splitting of fields in expressions)
2013-01-22 15:51:06 +01:00
Miroslav Stampar
2ec828f1cb
Fix for an Issue #367
2013-01-22 14:27:17 +01:00
Miroslav Stampar
09c02c6c72
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-22 14:08:31 +01:00
Miroslav Stampar
15b0ab1b44
Fix for a 'no parameter found' problem when user says N on 'custom injection mark found in POST...'
2013-01-22 14:08:19 +01:00
Bernardo Damele
061aef57ba
missing import
2013-01-22 11:25:01 +00:00
Miroslav Stampar
59b02539ca
More general approach regarding that last commit
2013-01-22 11:34:34 +01:00
Miroslav Stampar
01f1488f07
Minor patch (annoying trailing spaces for some DBMSes --technique=B --sql-query)
2013-01-22 11:29:51 +01:00
Bernardo Damele
e558040810
minor fix to previous commit
2013-01-21 17:10:56 +00:00
Bernardo Damele
d43b04c582
better detection if vulnerable of not for regression test
2013-01-21 17:09:35 +00:00
Miroslav Stampar
b35a0810ef
Fix for an Issue #364
2013-01-21 17:01:52 +01:00
Miroslav Stampar
1e3f68c7ff
Rewriting some query crafting parts (especially those .find(' FROM '))
2013-01-21 16:15:38 +01:00
Miroslav Stampar
832d95984c
IFNULL-like mechanism now works on SQLite 2 too
2013-01-21 15:04:27 +01:00
Miroslav Stampar
75bf8528d1
Minor just in case update
2013-01-21 14:50:43 +01:00
Miroslav Stampar
c55a002f95
Language fix
2013-01-21 13:19:08 +01:00
Miroslav Stampar
80255433b0
Trivial style update
2013-01-21 13:18:34 +01:00
Miroslav Stampar
0e86175342
Adding new common function for further refactoring
2013-01-21 11:50:47 +01:00
Miroslav Stampar
3200134b3b
Fix for a regression test #30 test case fail (Firebird inline)
2013-01-21 10:12:54 +01:00
Miroslav Stampar
069c6acabd
Another update for an Issue #362
2013-01-20 22:47:26 +01:00
Miroslav Stampar
b4a55a809e
Refactoring DBMS string escaping functions
2013-01-20 13:45:58 +01:00
Bernardo Damele
3373e30808
minor fix for a bug introduced with commit 1ad9e26a21
2013-01-20 02:40:40 +00:00
Bernardo Damele
115be9d7b5
minor fixes
2013-01-20 01:26:46 +00:00
Miroslav Stampar
0a4f5d2e51
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-19 19:08:18 +01:00
Miroslav Stampar
e9641e30db
This last commit was in haste :)
2013-01-19 19:07:38 +01:00
Miroslav Stampar
6a87dd9225
Minor update (just for consistency with the rest of code)
2013-01-19 19:07:06 +01:00
Miroslav Stampar
979e108c87
Minor update (just for consistency with the rest of code)
2013-01-19 19:06:51 +01:00
Bernardo Damele
f89b25fdb6
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-19 18:04:38 +00:00
Bernardo Damele
adf97e630f
add possibility to provide a list of web server document root possible directories for web shell upload in --os-cmd and --os-shell for MySQL
2013-01-19 18:04:33 +00:00
Miroslav Stampar
9ce2395405
Minor refactoring
2013-01-19 18:40:44 +01:00
Miroslav Stampar
3f4c010370
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-19 18:28:52 +01:00
Miroslav Stampar
efe26ac3f8
In case that content-length header was not in a desired case ('Content-length') POST request file would fail badly (repeating original content-length header value)
2013-01-19 18:28:37 +01:00
Bernardo Damele
6a62292a3f
layout adjustment
2013-01-19 17:11:16 +00:00
Miroslav Stampar
bb6b89fe93
Patch for an Issue #360
2013-01-19 18:06:36 +01:00
Bernardo Damele
dcf2dcd03d
all we need to debug failed test cases while regression test run..
2013-01-19 17:04:57 +00:00
Bernardo Damele
f22fd396ef
write the test case name before it is run so if the test case crashes badly, we can trace back what test case it was at a later stage
2013-01-19 16:41:19 +00:00
Bernardo Damele
1923ef691e
just in case, add also the test case name inside the temp folder for debug purposes
2013-01-19 16:06:46 +00:00
Bernardo Damele
c95119559e
minor bug fix
2013-01-19 00:41:51 +00:00
Bernardo Damele
0e78fbef56
correctly format SQLi payload for inline query technique
2013-01-19 00:28:03 +00:00
Bernardo Damele
6be7eee8d6
more fixes
2013-01-18 23:35:16 +00:00
Bernardo Damele
56eaa073ce
fixed test cases for Firebird - #312
2013-01-18 23:32:39 +00:00
Bernardo Damele
1f4c6a8371
avoid blank line if password hashes have not been fetched
2013-01-18 22:10:36 +00:00
Bernardo Damele
1ad9e26a21
bug fix for ORDER BY users provided statements (issue #354 )
2013-01-18 21:40:50 +00:00
Miroslav Stampar
ac7709204a
Better fix for that page/headers/comparison --string candidate problem
2013-01-18 17:00:11 +01:00
Miroslav Stampar
8141d17985
Revert of previous commit (more care has to be done regarding headers dynamicity)
2013-01-18 16:49:35 +01:00
Miroslav Stampar
33094a118c
Fix for an Issue where '--string' is being automatically picked not looking properly in headers too
2013-01-18 16:35:09 +01:00
Miroslav Stampar
601eb1e49a
Unescaping is renamed to escaping
2013-01-18 15:40:37 +01:00
Bernardo Damele
a43202f3c0
updated copyright
2013-01-18 14:07:51 +00:00
Bernardo Damele
1bb061f68c
improvements to --live-test
2013-01-18 13:02:35 +00:00
Bernardo Damele
738ccb643d
minor output adjustment
2013-01-18 11:41:09 +00:00
Miroslav Stampar
33ea811c6c
Removing some unused stuff (mainly imports)
2013-01-18 11:50:02 +01:00
Miroslav Stampar
aa467cb54c
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-18 11:31:25 +01:00
Miroslav Stampar
17d36684b5
Removing obsolete proxy handling code (Python < 2.6)
2013-01-18 11:30:52 +01:00
Miroslav Stampar
4d5bae7131
Removing some obsolete functions
2013-01-18 11:18:56 +01:00
Miroslav Stampar
bcc907ce09
Minor update
2013-01-18 11:00:21 +01:00
Miroslav Stampar
d1008b45b5
Minor removal of unused function
2013-01-18 10:46:06 +01:00
Miroslav Stampar
caae773b2d
Minor removal of redundant code
2013-01-18 10:44:57 +01:00
Bernardo Damele
d66f7e22b1
more fixes to test cases
2013-01-18 09:32:05 +00:00
Miroslav Stampar
e941e60b20
Minor just in place update for an Issue #348
2013-01-17 22:44:55 +01:00
Bernardo Damele
1d6e642d41
fixed url
2013-01-17 21:29:00 +00:00
Bernardo Damele
38eb4eb33e
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-17 21:03:11 +00:00
Bernardo Damele
b6e44ae64e
fix for #349 (compatible with all others DBMSes too)
2013-01-17 21:03:03 +00:00
Miroslav Stampar
a8e3fd58c5
Implementation for an Issue #348
2013-01-17 21:49:58 +01:00
Miroslav Stampar
8480ceddcb
Minor style update
2013-01-17 19:55:56 +01:00
Miroslav Stampar
507f185b69
Revert of patch for an Issue #347
2013-01-17 18:38:37 +01:00
Miroslav Stampar
9dd69042de
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-17 15:31:55 +01:00
Miroslav Stampar
f7eda07d92
Patch for an Issue #347
2013-01-17 15:30:14 +01:00
Bernardo Damele
5e059ab6db
added check for DB2 lib
2013-01-17 14:20:34 +00:00
Miroslav Stampar
a38b3e397c
Patch for an Issue #286
2013-01-17 14:17:39 +01:00
Miroslav Stampar
65273295e3
Implementing a check for an Issue #25
2013-01-17 13:56:04 +01:00
Miroslav Stampar
9428d1819e
Fix for an Issue #346
2013-01-17 12:03:02 +01:00
Miroslav Stampar
3ab4a5e36d
Fix for an Issue #345
2013-01-17 11:50:12 +01:00
Miroslav Stampar
51a77d1fe2
Minor update for an Issue #8
2013-01-17 11:37:45 +01:00
Miroslav Stampar
14b7e655a9
Minor refactoring
2013-01-16 16:33:04 +01:00
Miroslav Stampar
053b7d12b4
Minor language update
2013-01-16 16:07:12 +01:00
Miroslav Stampar
fb7243c237
Cleaning a mess where multi-threaded HTTP requests (in log) had sometimes same UIDs
2013-01-16 16:04:00 +01:00
Miroslav Stampar
c0a6e1c3a7
Finishing first usable prototype for an Issue #8
2013-01-16 14:54:37 +01:00
Miroslav Stampar
ff5ec48abd
Minor update for an Issue #8
2013-01-16 14:16:22 +01:00
Bernardo Damele
3464a70ac2
bug fix: without this generic concatenation of strings in concatQuery(), detection of UNION query SQLi only (--technique U) when the page did not disclose any DBMS error message and it was not MySQL (for which there are UNION SQLi specific payloads) was not detected
2013-01-16 01:53:33 +00:00
Bernardo Damele
542f6de72e
typo fix
2013-01-16 01:31:03 +00:00
Bernardo Damele
e16ad38d3e
more work on #342
2013-01-15 18:15:07 +00:00
Bernardo Damele
329047fc12
restored fix for #210 to keep --hex work with --technique B
2013-01-15 17:51:40 +00:00
Bernardo Damele
2a751e075d
more work on #342
2013-01-15 17:14:44 +00:00
Bernardo Damele
ec076f5f8a
write console output to temporary folder in any case the test case fails, even if no traceback is raised
2013-01-15 15:51:03 +00:00
Bernardo Damele
4eaa0d17aa
Fix in forging query to calculate query output length - closes issue #342
2013-01-15 15:50:20 +00:00
Miroslav Stampar
7a1d484115
Implementation for an Issue #340
2013-01-15 16:05:33 +01:00
Bernardo Damele
3f84cefc77
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-15 14:59:22 +00:00
Bernardo Damele
c51358953a
add more Oracle system dbs
2013-01-15 14:51:29 +00:00
Miroslav Stampar
04aa39f0c6
Minor update
2013-01-15 13:51:19 +01:00
Miroslav Stampar
5ee653dd89
Merging commit 57bcbb458eade2850a6d7623ecddbe49c69cf334 from @morisson
2013-01-15 10:14:02 +01:00
Miroslav Stampar
2cac7e860e
Minor refactoring
2013-01-14 16:27:50 +01:00
Miroslav Stampar
31302eb707
Minor update
2013-01-14 16:26:07 +01:00
Miroslav Stampar
2a86c1cadc
Another cosmetics
2013-01-14 16:24:55 +01:00
Miroslav Stampar
1e1f560d0c
Minor cosmetics
2013-01-14 16:24:28 +01:00
Miroslav Stampar
0c2474cc22
Minor update
2013-01-14 16:21:40 +01:00
Miroslav Stampar
a5a309212a
Fix for an Issue #339
2013-01-14 16:18:03 +01:00
Bernardo Damele
3e2c3851f3
Make --live-test Metasploit integration cases work, added more test cases for PostgreSQL and code refactoring (issue #312 )
2013-01-14 13:42:50 +00:00
Bernardo Damele
515c1c6205
removed leftover
2013-01-14 10:26:22 +00:00
Bernardo Damele
83000de9e1
improved handling and storing of exceptions with --live-test ( #312 )
2013-01-14 10:23:40 +00:00
Bernardo Damele
8125fe90a7
code refactoring
2013-01-14 10:22:38 +00:00
Bernardo Damele
036b612bcb
bug fix to be able to write unicode chars to debug file
2013-01-14 01:11:42 +00:00
Miroslav Stampar
fc560f2b75
Minor revert and proper fix
2013-01-14 00:47:29 +01:00
Bernardo Damele
b74cfbf336
minor enhancements for debug purposes (issue #312 )
2013-01-13 23:15:56 +00:00
Bernardo Damele
fdd6075859
temporary patch to fix UNION query enumeration
2013-01-13 23:08:23 +00:00
Miroslav Stampar
92ea8841f8
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-13 16:23:09 +01:00
Miroslav Stampar
03dd958d96
Implementation for an Issue #48
2013-01-13 16:22:43 +01:00
Miroslav Stampar
81848c723d
Minor cleanup (we officially support Python >= 2.6)
2013-01-11 16:01:48 +01:00
Bernardo Damele
675e4a026b
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-11 13:31:49 +00:00
Bernardo Damele
41834e7a5b
working on #8 - still not usable though
2013-01-11 13:31:44 +00:00
Miroslav Stampar
bc4d8d3e02
Implementation for an Issue #332
2013-01-11 11:17:41 +01:00
Miroslav Stampar
5571d09354
Minor revert
2013-01-11 11:13:55 +01:00
Miroslav Stampar
4b79269608
Minor bug fix
2013-01-11 11:10:18 +01:00
Miroslav Stampar
ec4e49d771
Minor refactoring
2013-01-10 16:09:28 +01:00
Miroslav Stampar
1363f26367
Minor refactoring
2013-01-10 15:59:02 +01:00
Miroslav Stampar
834be1eddc
Restyling redundant 'except Exception' form
2013-01-10 15:54:28 +01:00
Miroslav Stampar
acfeeb4f51
Restyling old form of urlparse
2013-01-10 15:41:07 +01:00
Miroslav Stampar
8686c20fa5
Removing one obsolete instantiation line
2013-01-10 15:27:35 +01:00
Miroslav Stampar
934d41dac2
Minor style update (PEP8)
2013-01-10 15:02:28 +01:00
Miroslav Stampar
ca3d35a878
Some PEP8 related style cleaning
2013-01-10 13:18:44 +01:00
Miroslav Stampar
6cfa9cb0b3
Removing unused imports
2013-01-10 12:15:12 +01:00
Miroslav Stampar
05705857a9
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-10 12:09:48 +01:00
Miroslav Stampar
ca1c0c2a1d
Minor style update
2013-01-10 11:54:07 +01:00
Bernardo Damele
ca337159f5
added reminder TODO
2013-01-10 01:11:22 +00:00
Bernardo Damele
8093f3950d
properly distinguish stdout from stderr with a separate pipe (tracebacks go to stderr) - issue #297
2013-01-10 00:52:44 +00:00
Bernardo Damele
10f1099944
remove logging handler that shows logging messages to stdout - issue #297
2013-01-10 00:51:56 +00:00
Bernardo Damele
ccc3c3d1a3
minor fix to distinguish stdout from stderr
2013-01-10 00:51:05 +00:00
Bernardo Damele
ef40779ad3
upgraded to use custom subprocessng for non-blocking send and read functions for spawned processes. Added new method to display range of log messages, just in case and improved parsing/unpickling of read log messages
2013-01-10 00:01:28 +00:00
Bernardo Damele
2126a5ba12
minor index fix
2013-01-10 00:00:00 +00:00
Bernardo Damele
9766f6025e
logging is now handled in a separate file descriptor :) - issue #297
2013-01-09 22:09:50 +00:00
Bernardo Damele
794700eb37
preparing to handle logging calls by a separate file descriptor when sqlmap is executed by the REST API - issue #297
2013-01-09 22:08:50 +00:00
Bernardo Damele
d120dc18d1
cleanup
2013-01-09 22:06:27 +00:00
Bernardo Damele
58a60562ac
avoid exiting with a traceback for missing dependency, handle properly at some point
2013-01-09 16:05:55 +00:00
Bernardo Damele
7f4ce4afbb
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-09 16:04:29 +00:00
Bernardo Damele
510ceb6e19
first attempt to have --os-pwn and other takeover switches work across Windows and Linux - issue #28
2013-01-09 16:04:23 +00:00
Miroslav Stampar
bf5544903b
Minor style update
2013-01-09 16:10:26 +01:00
Miroslav Stampar
9bdcb1176d
Update for an Issue #169
2013-01-09 15:58:13 +01:00
Miroslav Stampar
25f01a419f
Minor style update (for the sake of consistency over the code and our PEP8 adaptation)
2013-01-09 15:38:41 +01:00
Miroslav Stampar
bdd2592848
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-09 15:22:30 +01:00
Miroslav Stampar
3d4f381ab5
Patch for an Issue #169
2013-01-09 15:22:21 +01:00
Bernardo Damele
c44a829b9b
pass a pickled options object to sqlmap engine when called from API
2013-01-09 12:34:45 +00:00
Bernardo Damele
8457cff278
added variable to store the live test traceback if any
2013-01-09 12:33:18 +00:00
Bernardo Damele
f11747732e
added missing command line options
2013-01-09 12:30:13 +00:00
Miroslav Stampar
55a552ddc4
Update for an Issue #24
2013-01-08 10:55:25 +01:00
Miroslav Stampar
ad85c4c964
Minor refactoring for an Issue #295
2013-01-08 10:23:02 +01:00
Bernardo Damele
c155c6df84
minor bug fix for user's provided LIMIT'd statement when technique is full UNION SQLi
2013-01-07 23:31:11 +00:00
Miroslav Stampar
3abe87ac89
Minor fix with status update (Issue #305 )
2013-01-07 18:53:08 +01:00
Miroslav Stampar
a8f02916a9
Minor fix (Issue #305 )
2013-01-07 18:39:35 +01:00
Miroslav Stampar
e219fad8bf
Added a short comment
2013-01-07 18:19:48 +01:00
Bernardo Damele
1e35b3c8c9
proper link
2013-01-07 16:59:59 +00:00
Miroslav Stampar
96e5d5d178
Some more updates for an Issue #295
2013-01-07 16:55:41 +01:00
Miroslav Stampar
74552bea87
Cleaning some garbage (hard coded paths with linux native slashes)
2013-01-07 16:51:00 +01:00
Miroslav Stampar
425df067eb
Fix for an --os-pwn with ICMPsh (it was crashing because methods interleaved with Metasploit ones)
2013-01-07 16:44:22 +01:00
Miroslav Stampar
ac407ae4a1
Implementation for an Issue #295
2013-01-07 15:55:40 +01:00
Miroslav Stampar
76839ff9d6
Fix for an Issue #305
2013-01-07 12:52:55 +01:00
Bernardo Damele
1e1892c962
prep for subprocess..
2013-01-07 11:10:33 +00:00
Bernardo Damele
7fa75792dd
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-07 11:10:08 +00:00
Bernardo Damele
a30d7014b9
removed unused var
2013-01-07 11:05:33 +00:00
Miroslav Stampar
87e923613f
Minor adjustment (URI (marked with custom injection char) has precedence over GET/POST)
2013-01-05 21:16:47 +01:00
Miroslav Stampar
dc21f3ce67
Minor just in case filtering of union results
2013-01-04 17:09:07 +01:00
Miroslav Stampar
5b77b20e2e
Removing trailing whitespaces (PEP8)
2013-01-03 23:57:07 +01:00
Miroslav Stampar
82b468211d
Minor update
2013-01-03 23:38:29 +01:00
Miroslav Stampar
f340ce8b4b
Minor style update
2013-01-03 23:35:29 +01:00
Miroslav Stampar
1712603dce
Replacing deprecated has_key() with operator in (PEP8)
2013-01-03 23:28:07 +01:00
Miroslav Stampar
e4a3c015e5
Replacing old and deprecated raise Exception style (PEP8)
2013-01-03 23:20:55 +01:00
Bernardo Damele
3a11d36c66
minor bug fix
2013-01-02 21:49:15 +00:00
Miroslav Stampar
cb15fcc8af
Fix for an Issue #329
2013-01-02 22:17:06 +01:00
Miroslav Stampar
304e52cb4d
Minor language update
2013-01-02 22:11:59 +01:00
Miroslav Stampar
09f1cdd8e1
Minor style update
2013-01-02 21:52:50 +01:00
Miroslav Stampar
0795760255
Minor fix
2012-12-30 11:22:23 +01:00
Miroslav Stampar
75edb84a71
Minor update
2012-12-30 11:10:32 +01:00
Miroslav Stampar
58ad2f1c5d
Revert of last commit and proper fix
2012-12-29 10:35:05 +01:00
Miroslav Stampar
0e18fa9c5f
Minor fix
2012-12-28 23:43:47 +01:00
Miroslav Stampar
648d91d790
Distinguishing invalid unicode from safe encoded characters (for proper potential decoding)
2012-12-27 22:43:39 +01:00
Miroslav Stampar
3d01890147
Patch for an Issue #56 (full target url is now being written to a output .CSV file in multi target mode)
2012-12-27 21:15:44 +01:00
Miroslav Stampar
cb91729913
Fix for an Issue #324 (crawling when HTML is not well-formed)
2012-12-27 20:55:37 +01:00
Miroslav Stampar
127b880577
Minor update
2012-12-27 15:14:40 +01:00
Miroslav Stampar
6ae4590edc
Removing problematic per-MySQL LIMIT prefix
2012-12-26 19:48:01 +01:00
Miroslav Stampar
a77b7f00d9
Fix for an Issue #323
2012-12-23 19:34:35 +01:00
Bernardo Damele
832567ecf6
import order
2012-12-21 23:34:37 +00:00
Miroslav Stampar
77625e5af7
Minor revert
2012-12-21 19:31:05 +01:00
Miroslav Stampar
00e55828e4
Minor style update
2012-12-21 15:06:03 +01:00
Miroslav Stampar
8b3e17ed4d
Minor update (better approach for those old NOT IN cases in MsSQL - instead of standard pivot dump table)
2012-12-21 14:52:47 +01:00
Miroslav Stampar
6c1ec9b54f
Fix for an Issue #318
2012-12-21 11:10:05 +01:00
Miroslav Stampar
35728fa443
Fix (and some hidden bug fixes/improvements) regarding an Issue #317
2012-12-21 10:51:35 +01:00
Miroslav Stampar
352e516400
Bottle is a 3rd party tool (not going to extra folder)
2012-12-21 10:18:30 +01:00
Miroslav Stampar
b94a5d42d4
Removing a leftover
2012-12-21 09:49:09 +01:00
Miroslav Stampar
0a122ccce4
Related to an Issue #319
2012-12-21 09:47:58 +01:00
Miroslav Stampar
0d5d84edc7
Minor cleanup
2012-12-20 21:03:41 +01:00
Miroslav Stampar
712cf4e4db
Fix for an Issue #316
2012-12-20 20:55:59 +01:00
Miroslav Stampar
1073ebc697
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2012-12-20 20:51:41 +01:00
Bernardo Damele
89d8c58fd1
poor attempt at forking a child process for sqlmap engine execution, output is not handled yet
2012-12-20 17:56:53 +00:00
Bernardo Damele
912323c12d
minor bug fix ( #297 )
2012-12-20 17:05:44 +00:00
Bernardo Damele
7adaffa71b
fixed options initiation
2012-12-20 16:53:43 +00:00
Miroslav Stampar
1c4d438aff
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2012-12-20 16:37:03 +01:00
Bernardo Damele
b0635bddcc
adjustments
2012-12-20 15:29:23 +00:00
Miroslav Stampar
8efe056671
Minor refactoring
2012-12-20 15:51:03 +01:00
Bernardo Damele
e9ab33e9dd
standalone REST API, code cleanup ( #297 )
2012-12-20 14:35:02 +00:00
Bernardo Damele
5632279bf7
removed deprecated feature ( #287 )
2012-12-20 13:21:07 +00:00
Miroslav Stampar
63d9b7a1f8
No character shall be left forgotten (no more ? in case that character was not properly being decoded by used charset)
2012-12-20 12:23:37 +01:00
Miroslav Stampar
c2c4601d6e
Minor restyling
2012-12-20 11:06:52 +01:00
Bernardo Damele
076b4063e6
these edits got overwritten from last commits
2012-12-20 09:42:44 +00:00
Miroslav Stampar
3cbe60b586
Proper fix
2012-12-20 10:37:20 +01:00
Miroslav Stampar
0d1ea7f05a
Merge branch 'master' of github.com:sqlmapproject/sqlmap
...
Conflicts:
lib/core/testing.py
2012-12-20 10:37:11 +01:00
Miroslav Stampar
da93e77eb2
Proper fix
2012-12-20 10:34:51 +01:00
Bernardo Damele
ac77724970
attempt to handle standard input from --live-test
2012-12-20 09:30:48 +00:00
Bernardo Damele
2b6ee06de0
minor bug fix to correctly parse unicode chars
2012-12-20 09:30:13 +00:00
Miroslav Stampar
69310e47ce
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2012-12-20 09:54:39 +01:00
Miroslav Stampar
06d8213ffd
minor fix (reading of unicode xml files)
2012-12-20 09:53:08 +01:00
Bernardo Damele
86872956d5
minor bug fix (for PostgreSQL)
2012-12-19 22:55:31 +00:00
Bernardo Damele
77843f44fb
minor bug fix (issue #314 )
2012-12-19 22:49:02 +00:00
Bernardo Damele
357da43cea
slight improvement of live test engine and added misc test cases to xml
2012-12-19 17:28:41 +00:00
Bernardo Damele
85fcd27e2d
added support for random global variables
2012-12-19 15:58:06 +00:00
Bernardo Damele
12d34587cc
minor restyling
2012-12-19 14:34:34 +00:00
Bernardo Damele
326ff404fc
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2012-12-19 14:25:35 +00:00
Bernardo Damele
12eed58485
pointless restyling
2012-12-19 14:25:29 +00:00
Miroslav Stampar
37346fe8a3
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2012-12-19 15:23:57 +01:00
Miroslav Stampar
7ee98c7bff
Just for one girl out there waiting for this patch ;)
2012-12-19 15:23:38 +01:00
Bernardo Damele
3be90c97aa
forgot these
2012-12-19 14:12:45 +00:00
Bernardo Damele
cefb03c835
fixed bug related to issue #223
2012-12-19 14:12:09 +00:00
Bernardo Damele
27a12ae85b
restyling
2012-12-19 13:47:17 +00:00
Bernardo Damele
4b3b4eb374
commented out partial work
2012-12-19 13:47:04 +00:00
Bernardo Damele
3655d1f12a
revert change of name for now
2012-12-19 13:45:52 +00:00
Bernardo Damele
874e2176c6
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2012-12-19 13:43:00 +00:00
Bernardo Damele
4f0f729982
be more specific in standard output message as to whether or not the read file is same as remote file
2012-12-19 13:42:56 +00:00
Miroslav Stampar
23153e8088
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2012-12-19 14:29:08 +01:00
Miroslav Stampar
244901eda0
During --flush-session log file should be cleaned too (especially because of --live-tests)
2012-12-19 14:28:54 +01:00
Bernardo Damele
282aeb734f
ORDER BY does not play well with UNION query SQLi (related to issue #313 )
2012-12-19 13:21:16 +00:00
Bernardo Damele
259b345f1f
catch ImportError exception if libmagic is not installed
2012-12-19 13:10:54 +00:00
Bernardo Damele
128597ee7e
--run-case is now case insensitive
2012-12-19 12:45:46 +00:00
Bernardo Damele
b91c829103
minor bug fix (issue #310 )
2012-12-19 12:42:31 +00:00
Bernardo Damele
2bc2c0431c
fixed test cases
2012-12-19 12:33:37 +00:00
Bernardo Damele
9149d77cc8
removed duplicate code - fixes issue #310
2012-12-19 12:17:56 +00:00
Bernardo Damele
d80744d3d5
preparation for issue #310
2012-12-19 11:40:00 +00:00
Bernardo Damele
f5450e9f0e
layout adjustment
2012-12-19 11:39:38 +00:00
Bernardo Damele
dee56b17c3
handle "LIMIT num" as well as "LIMIT num, num" across all techniques - fixes issue #308
2012-12-19 10:50:15 +00:00
Miroslav Stampar
155c1eddae
Debug message with declared page charset
2012-12-19 11:16:42 +01:00
Miroslav Stampar
d29dddf5b2
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2012-12-19 10:51:25 +01:00
Miroslav Stampar
92e338251a
Finally working inference against MySQL/international letters (even chinese)
2012-12-19 10:44:02 +01:00
Bernardo Damele
65ed2304fd
comment update
2012-12-19 09:38:03 +00:00
Bernardo Damele
0037d52098
typo fix
2012-12-19 01:11:18 +00:00
Miroslav Stampar
c9b8b51c9c
Update lib/core/common.py
...
Revert of last commit and try 2
2012-12-19 01:48:53 +01:00
Bernardo Damele
8e95470415
minor refactoring
2012-12-19 00:46:23 +00:00
Bernardo Damele
318fcee49c
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2012-12-19 00:30:26 +00:00
Bernardo Damele
3c7007097a
minor refactoring
2012-12-19 00:30:22 +00:00
Miroslav Stampar
50b846b5af
Update lib/core/common.py
...
Fixing wrong assumption in case of MySQL inference international character retrieval
2012-12-19 01:26:12 +01:00
Miroslav Stampar
9e2f0131b9
Update lib/core/agent.py
2012-12-18 20:25:00 +01:00
Bernardo Damele
326ed33f31
added support for comma separated list of files for --file-read - fixes issue #223
2012-12-18 17:55:21 +00:00
Bernardo Damele
58656bbeb5
minor bug fix, union query has to be limited 0, 0
2012-12-18 16:36:30 +00:00
Bernardo Damele
61a838bb35
added more test cases
2012-12-18 15:59:48 +00:00
Miroslav Stampar
88d8494b5a
Implementation for an Issue #307
2012-12-18 16:03:35 +01:00
Miroslav Stampar
7f47623876
Minor patch
2012-12-18 11:10:06 +01:00
Miroslav Stampar
2b64c10710
Patch for an Issue #304
2012-12-18 09:36:26 +01:00
Miroslav Stampar
4ea0c9e922
Another implementation for an Issue #302
2012-12-17 15:08:54 +01:00
Bernardo Damele
3c1b696bd6
removed more print statements
2012-12-17 13:35:32 +00:00
Bernardo Damele
1fdd804e94
replaced instances of dataToStdout with logger
2012-12-17 13:30:21 +00:00
Bernardo Damele
9f47eb0a59
cleaner
2012-12-17 13:29:37 +00:00
Bernardo Damele
0500712a03
removed unuseful prints
2012-12-17 13:29:19 +00:00
Bernardo Damele
ac44cf3ec0
minor fix: add also back-end DBMS and web app fingerprint output to log file
2012-12-17 13:02:09 +00:00
Bernardo Damele
bbd2adb5fb
improvements to --live-test and added --stop-fail switch
2012-12-17 11:41:43 +00:00
Bernardo Damele
064d443d60
replaced unnecessary dataToStdout() call with appropriate logger.info() call
2012-12-17 11:30:08 +00:00
Bernardo Damele
2926c815bf
improved test switch --live-test and minor refactoring
2012-12-17 11:29:33 +00:00
Bernardo Damele
f40c52cc17
comment adjustment
2012-12-17 11:28:03 +00:00
Bernardo Damele
2442a58884
minor leftover of deprecated XMLRPC service
2012-12-17 11:26:31 +00:00
Miroslav Stampar
60baf5071e
Patch for an Issue #302
2012-12-17 00:40:01 +01:00
Bernardo Damele
d4a061d0c3
code cleanup - #297
2012-12-15 00:29:35 +00:00
Bernardo Damele
0c3da5c7eb
code refactoring and first time logger is handled by a separate file descriptor (issue #297 )
2012-12-15 00:12:22 +00:00
Bernardo Damele
2f6a31605c
code refactoring ( #279 )
2012-12-14 22:00:42 +00:00
Bernardo Damele
8dee8355c2
on our way to make it thread safe.. it is a long way actually (issue #297 )
2012-12-14 18:13:21 +00:00
Bernardo Damele
21ecffb750
added more comments, improved cleanup method
2012-12-14 17:21:19 +00:00
Bernardo Damele
1421e6a9d4
implemented cleanup and status admin methods
2012-12-14 16:18:45 +00:00
Bernardo Damele
4fa2f400ec
minor fix
2012-12-14 15:55:30 +00:00
Bernardo Damele
4c4cb856ff
minor bug fix to the /scan/<taskid>output method, forced each taskid to have its own temporary folder for output - issue #297
2012-12-14 15:52:35 +00:00
Bernardo Damele
27906f388f
added first methods to interact with sqlmap core, it is now possible to launch a scan from the API, hurray! (issue #297 )
2012-12-14 14:51:01 +00:00
Bernardo Damele
f52d81c834
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2012-12-14 13:40:36 +00:00
Bernardo Damele
0b71c85d95
refactoring, code cleanup, more security-related headers and first /scan method implementation (issue #297 )
2012-12-14 13:40:25 +00:00
Bernardo Damele
a2a71bb37b
cleanup from XML-RPC related stuff
2012-12-14 13:37:36 +00:00
Miroslav Stampar
a3acf72e52
Fix for argparse issue
2012-12-14 14:35:11 +01:00
Miroslav Stampar
235631808f
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2012-12-14 14:25:02 +01:00
Bernardo Damele
3d9779ffd4
further improvements to RESTful API: enforce security headers across all HTTP responses properly and make consistent responses across methods ( #297 )
2012-12-14 12:15:04 +00:00
Bernardo Damele
7b43837238
cleaner solution for imports as standalone client/server (issue #297 )
2012-12-14 12:04:44 +00:00
Bernardo Damele
90d5696b25
enhanced RESTful API to support JSON requests and improved standalone client/server skeleton (issue #297 )
2012-12-14 12:01:13 +00:00
Bernardo Damele
156a291e2d
typo fix
2012-12-14 11:55:54 +00:00
Miroslav Stampar
c41618416c
Removing trailing blanks
2012-12-14 12:00:45 +01:00
Bernardo Damele
2e97405ffa
bundle bottle library in sqlmap (it is MIT license) - issue #297
2012-12-14 03:00:30 +00:00
Bernardo Damele
0ec420cc70
leftovers
2012-12-14 02:54:16 +00:00
Bernardo Damele
a1b83cd56f
added first implementation of REST-JSON API library - issue #297
2012-12-14 02:52:31 +00:00
Bernardo Damele
6e31e87de1
added initial support (hidden from -hh and not yet usable) for REST-JSON API
2012-12-14 02:49:25 +00:00
Miroslav Stampar
c040323821
Minor update
2012-12-13 14:55:20 +01:00
Miroslav Stampar
df0f08bc6a
Cleaning some (web upload based) garbage
2012-12-13 13:19:47 +01:00
Miroslav Stampar
5150172178
Minor update
2012-12-13 10:03:21 +01:00
Miroslav Stampar
b78b56d782
Update for an Issue #287 regarding read_output returning values
2012-12-12 17:17:36 +01:00
Miroslav Stampar
fc4be0a77c
Minor fix
2012-12-12 16:45:29 +01:00
Miroslav Stampar
e381158058
Hmmm... Let me guess. Update for an Issue #287
2012-12-12 16:31:20 +01:00
Miroslav Stampar
921000bd87
Another update for an Issue #287
2012-12-12 14:22:24 +01:00
Miroslav Stampar
c3f20a136f
Minor update for an Issue #287
2012-12-12 14:03:03 +01:00
Miroslav Stampar
32b39c72e4
Minor update
2012-12-12 12:07:56 +01:00
Miroslav Stampar
af52e8e8c2
Minor update for an Issue #287
2012-12-12 12:01:18 +01:00
Miroslav Stampar
a6448e8768
Update for an Issue #287
2012-12-12 11:54:59 +01:00
Miroslav Stampar
ef33729381
Writing only unique hashes to an output file (for eventual cracking with 3rd party tools)
2012-12-12 09:59:24 +01:00
Miroslav Stampar
b9f6fc5f4e
First commit (and working one) for an Issue #287 (XML-RPC server)
2012-12-11 16:02:06 +01:00