151 Commits

Author	SHA1	Message	Date
Miroslav Stampar	120b0d756e	unfix	2011-05-10 21:33:06 +00:00
Miroslav Stampar	deae534ee7	minor refactoring	2011-05-10 20:44:36 +00:00
Bernardo Damele	8179fd63c0	Minor fix	2011-05-07 23:48:03 +00:00
Bernardo Damele	1151af52bb	More fix for save/resume of --technique	2011-05-07 21:08:14 +00:00
Bernardo Damele	2d8408c885	More fix for --technique resume	2011-05-05 16:38:46 +00:00
Bernardo Damele	955dbc85e7	Minor variable rename	2011-04-30 15:29:59 +00:00
Bernardo Damele	f56d135438	Minor code restyling	2011-04-30 13:20:05 +00:00
Miroslav Stampar	7b3b9e6a87	it seems that this was indeed not meant to be here	2011-04-22 15:07:09 +00:00
Bernardo Damele	eabb5a2ba7	More adjustments to the error message when no sql injections are detected	2011-04-21 22:04:20 +00:00
Bernardo Damele	6d07dddf60	updated doc and minor layout adjustments	2011-04-21 21:53:35 +00:00
Bernardo Damele	770b1523ff	More verbose output when no SQL injections are detected	2011-04-21 21:31:16 +00:00
Bernardo Damele	edc2d75702	Cosmetics and major bug fix	2011-04-21 21:15:23 +00:00
Miroslav Stampar	0387654166	update of copyright string (until year)	2011-04-15 12:33:18 +00:00
Miroslav Stampar	21114d1748	added IGNORE_PARAMETERS to skip testing of state/session web server parameters	2011-04-13 19:01:02 +00:00
Miroslav Stampar	2db2e9b6a2	now GET forms are also prone to "do you want to fill with random values"	2011-04-11 11:38:41 +00:00
Bernardo Damele	5b21352656	cosmeticados ;)	2011-04-08 10:39:07 +00:00
Bernardo Damele	05d12790f1	closes #219 - unhidden switch --technique and adapted code accordingly (renamed conf.technique to conf.tech to fit properly in the -h help message)	2011-04-06 14:41:44 +00:00
Miroslav Stampar	bbd4c128b0	minor update related to the last commit	2011-04-01 22:19:42 +00:00
Miroslav Stampar	4d78eac938	revert of that thingy as requested by Bernardo	2011-03-29 10:06:35 +00:00
Miroslav Stampar	e8debbe724	minor cosmetics and one minor fix (|= is a nono with None)	2011-03-29 06:38:19 +00:00
Miroslav Stampar	86f93713d3	fix for a bug reported by m4l1c3 (object of type 'NoneType' has no len()) and minor update	2011-03-29 06:25:17 +00:00
Miroslav Stampar	bf0e3c4662	improvement for --forms with empty fields	2011-03-28 22:48:00 +00:00
Miroslav Stampar	1e22ff45de	minor update regarding testing of GET parameters if --data and/or --forms is used	2011-03-28 16:14:08 +00:00
Miroslav Stampar	bd75fd26e9	implementing a --page-rank switch as requested by l0rda@l0rda.biz	2011-03-23 11:57:57 +00:00
Miroslav Stampar	8edc3b3302	further update regarding last commit	2011-03-03 10:39:04 +00:00
Miroslav Stampar	50d25c3b4d	update regarding explicit testing of ua and referer when using -p	2011-02-13 21:58:48 +00:00
Bernardo Damele	45a005737d	Minor adjustment so that User-Agent and Referer headers are tests only when --level >= 3 and Cookie is tested only when --level >= 2	2011-02-13 21:08:42 +00:00
Miroslav Stampar	b56a77e573	removing obsolete switches (--threshold, --excl-reg, --excl-str)	2011-02-03 15:55:19 +00:00
Bernardo Damele	6761933f75	Just.. cosmetics ;)	2011-01-31 22:51:14 +00:00
Miroslav Stampar	fa58a9c86b	update (now URIs like www.site.com/id82 are automatically treated as possible URI injectable)	2011-01-31 20:36:01 +00:00
Miroslav Stampar	496a84c356	minor update	2011-01-20 18:32:04 +00:00
Miroslav Stampar	718eef8753	minor fix	2011-01-16 18:11:35 +00:00
Bernardo Damele	d3a28124b1	More code cleanup	2011-01-15 23:11:36 +00:00
Miroslav Stampar	5bdb50c224	code review part 3	2011-01-15 13:15:10 +00:00
Miroslav Stampar	6a0e0cde3c	code review of modules in lib/core directory	2011-01-15 12:13:45 +00:00
Miroslav Stampar	05b2a338fe	cosmetics	2011-01-14 16:12:44 +00:00
Bernardo Damele	300128042c	First big commit to move UNION query tests to detection phase - there are some improvements and tuning to do yet though. ... Major refactoring to Agent.payload() method. Minor bug fixes, some code refactoring and a lot of core adjustments here and there. Added more checks for injection in GROUP BY and ORDER BY.	2011-01-11 22:18:47 +00:00
Bernardo Damele	1c86ec374e	Code refactoring and cosmetics	2011-01-07 15:41:09 +00:00
Miroslav Stampar	6aa616bd0d	minor minor fix	2011-01-03 14:28:20 +00:00
Miroslav Stampar	8625494ff2	added one new quick check for multiple target(s) mode	2011-01-03 08:32:06 +00:00
Miroslav Stampar	5c6c870db4	removed some problematic user agents (google won't work with them) and added page rank next to tested item in multi target mode	2011-01-02 08:43:38 +00:00
Miroslav Stampar	da138c46c1	added support for displaying HTTP error codes (particularly interesting ones are 403 and 406 which screw up data retrieval and DBMS fingerprinting badly)	2011-01-02 07:37:47 +00:00
Miroslav Stampar	8a93cfd975	minor update	2011-01-01 22:43:15 +00:00
Miroslav Stampar	52e44df86c	minor update	2011-01-01 21:11:29 +00:00
Miroslav Stampar	15e6911fd8	fix for a bug reported by ragos@joker.ms (AttributeError: 'NoneType' object has no attribute 'write')	2011-01-01 12:23:02 +00:00
Miroslav Stampar	91f665aaaa	bug fix for Ctrl+C	2010-12-31 15:00:19 +00:00
Miroslav Stampar	5db8ebbfa9	update of mysql comment versions	2010-12-31 12:42:12 +00:00
Miroslav Stampar	017ea9e686	update	2010-12-23 14:06:22 +00:00
Miroslav Stampar	73f33c1999	bug fix of re-introduced bug (in multiple target mode sites with similar URI weren't skipped)	2010-12-23 11:28:13 +00:00
Bernardo Damele	5228f336da	Minor fix for ctrl+c during detection phase	2010-12-22 13:15:44 +00:00