Miroslav Stampar
|
88c76147e1
|
removed few trailing whitespace lines
|
2011-04-15 20:52:08 +00:00 |
|
Miroslav Stampar
|
3b6f9945ae
|
minor fix regarding report from nightman@email.de (...from time to time sqlmap lost the connection...)
|
2011-04-15 14:15:29 +00:00 |
|
Miroslav Stampar
|
c461fdca54
|
some refactoring
|
2011-04-15 13:51:06 +00:00 |
|
Miroslav Stampar
|
0387654166
|
update of copyright string (until year)
|
2011-04-15 12:33:18 +00:00 |
|
Miroslav Stampar
|
4d8a49a87c
|
more standard way to display hex encoded char (\xff instead of \ff) also compatible with python representation
|
2011-04-15 11:53:20 +00:00 |
|
Miroslav Stampar
|
467d1a50b3
|
removed debug message that could cause confusion
|
2011-04-15 11:28:01 +00:00 |
|
Miroslav Stampar
|
8c6f7c7d5f
|
explicit usage of --time-sec will implicitly turn off auto-adjustment of time delay
|
2011-04-15 08:52:53 +00:00 |
|
Miroslav Stampar
|
3efd9e3959
|
improved htmlunescape (great for localized html escape codes)
|
2011-04-14 21:36:13 +00:00 |
|
Miroslav Stampar
|
ded28442fb
|
minor fixes and refactoring regarding safecharencoding
|
2011-04-14 15:54:00 +00:00 |
|
Miroslav Stampar
|
866cdb4cf7
|
speed of --replicate is now vastly improved
|
2011-04-14 14:34:12 +00:00 |
|
Miroslav Stampar
|
eafab03d99
|
safe decoding values going into --replicate (as we should have a "replicate" and sqlite3 supports all chars)
|
2011-04-14 13:53:56 +00:00 |
|
Miroslav Stampar
|
30bfefd638
|
minor fix
|
2011-04-14 12:58:03 +00:00 |
|
Bernardo Damele
|
5cf38cd0d7
|
More cookies to ignore
|
2011-04-14 12:46:14 +00:00 |
|
Miroslav Stampar
|
8426d48e2e
|
minor refactoring
|
2011-04-14 10:14:46 +00:00 |
|
Miroslav Stampar
|
930262f573
|
minor update related to the last commit
|
2011-04-14 10:12:07 +00:00 |
|
Miroslav Stampar
|
1c5427baf8
|
minor fix
|
2011-04-14 09:54:29 +00:00 |
|
Miroslav Stampar
|
bb99bd2fbe
|
one more commit related to the issue with displaying of garbled characters
|
2011-04-14 09:43:36 +00:00 |
|
Miroslav Stampar
|
04986be4b9
|
update regarding safe character output together with a small fix for newlines
|
2011-04-14 09:31:45 +00:00 |
|
Miroslav Stampar
|
5dfb55effc
|
revert of the last commit because of this http://osvdb.org/show/osvdb/26582
|
2011-04-14 06:46:32 +00:00 |
|
Miroslav Stampar
|
786f305e1a
|
minor update
|
2011-04-14 06:43:08 +00:00 |
|
Miroslav Stampar
|
21114d1748
|
added IGNORE_PARAMETERS to skip testing of state/session web server parameters
|
2011-04-13 19:01:02 +00:00 |
|
Miroslav Stampar
|
58a93c5b1f
|
better beep for MacOSX
|
2011-04-13 18:32:47 +00:00 |
|
Miroslav Stampar
|
bf55b0b77a
|
more restrictions on crypt(3) hash recognition to prevent false positives
|
2011-04-13 14:40:23 +00:00 |
|
Miroslav Stampar
|
d06ae9cd47
|
implemented retrieved items info for partial union too
|
2011-04-13 14:33:15 +00:00 |
|
Miroslav Stampar
|
f5f2201bbc
|
minor cosmetics for partial inband retrieval
|
2011-04-13 11:25:42 +00:00 |
|
Miroslav Stampar
|
c193b896be
|
just in case update to prevent gibberish "retrieved: " outputs
|
2011-04-12 23:07:50 +00:00 |
|
Miroslav Stampar
|
5346ecbb56
|
fix for a "accept certificate first time for svn"
|
2011-04-12 14:25:17 +00:00 |
|
Miroslav Stampar
|
a883ce26b5
|
fix for a bug reported by ToR (AttributeError: 'NoneType' object has no attribute 'redcode')
|
2011-04-12 13:25:28 +00:00 |
|
Miroslav Stampar
|
0ae74f27e4
|
avoiding annoying "payload 'None' possibly..." in case where payload is not specified
|
2011-04-11 15:24:52 +00:00 |
|
Miroslav Stampar
|
941daa1645
|
just in case to prevent "object of type 'NoneType' has no len()" error reports
|
2011-04-11 11:59:02 +00:00 |
|
Miroslav Stampar
|
2db2e9b6a2
|
now GET forms are also prone to "do you want to fill with random values"
|
2011-04-11 11:38:41 +00:00 |
|
Miroslav Stampar
|
08d14886fd
|
added new dev version string
|
2011-04-11 09:44:44 +00:00 |
|
Bernardo Damele
|
07d6b18c4e
|
cutting for 0.9 stable
|
2011-04-11 00:24:51 +00:00 |
|
Miroslav Stampar
|
8597409d9e
|
lowering the value
|
2011-04-10 22:57:17 +00:00 |
|
Bernardo Damele
|
14219a3dac
|
Minor bug fix
|
2011-04-10 22:44:08 +00:00 |
|
Miroslav Stampar
|
6012ab1c46
|
better one for previous commit
|
2011-04-10 21:52:08 +00:00 |
|
Miroslav Stampar
|
e6c50df4f9
|
preventing case duplicates for --common-tables (as some DBMSes have case sensitive table names we can't just use them all with the same case)
|
2011-04-10 21:38:08 +00:00 |
|
Miroslav Stampar
|
940c225d7c
|
few fixes
|
2011-04-10 20:53:27 +00:00 |
|
Bernardo Damele
|
d324704844
|
Removed unused code
|
2011-04-10 20:39:15 +00:00 |
|
Miroslav Stampar
|
decab6642d
|
fix for that @chunk bug
|
2011-04-10 16:46:33 +00:00 |
|
Miroslav Stampar
|
723a7447b2
|
minor refactoring
|
2011-04-10 07:16:19 +00:00 |
|
Miroslav Stampar
|
c714ac6421
|
added support for handling binary data values (no more garbish chars)
|
2011-04-09 23:13:16 +00:00 |
|
Miroslav Stampar
|
4ad73f9263
|
added two new valuable functions for dealing with binary data (e.g. binary representations of password hashes) and some cosmetics
|
2011-04-09 22:39:03 +00:00 |
|
Miroslav Stampar
|
277f16d6b3
|
removing commented out debug print
|
2011-04-08 22:44:05 +00:00 |
|
Miroslav Stampar
|
c4c40308c6
|
no more annoying "no metasploit found" for case when msfpath provided with root directory of Metasploit (not the bin one)
|
2011-04-08 22:42:07 +00:00 |
|
Miroslav Stampar
|
83feb097ef
|
greater flexibility for --batch when default is None
|
2011-04-08 22:29:50 +00:00 |
|
Miroslav Stampar
|
6fa2fd139c
|
implemented support for __pivotDumpTable on MSSQL as normal tables tend to not play well with normal TOP 1 ..NOT IN..ORDER BY mechanism if the argument for ORDER BY is not the unique one (returns only number of rows equal to the number of distinct values for that field)
|
2011-04-08 15:17:57 +00:00 |
|
Bernardo Damele
|
beb98140b3
|
Minor improvement to --check-payload
|
2011-04-08 14:34:00 +00:00 |
|
Miroslav Stampar
|
228cc68747
|
fix for those ugly DEBUG messages in brute mode
|
2011-04-08 11:02:21 +00:00 |
|
Bernardo Damele
|
5b21352656
|
cosmeticados ;)
|
2011-04-08 10:39:07 +00:00 |
|
Miroslav Stampar
|
be11e2535e
|
one more minor update
|
2011-04-08 00:05:44 +00:00 |
|
Miroslav Stampar
|
3435d549a9
|
minor update regarding the last commit
|
2011-04-07 23:35:51 +00:00 |
|
Miroslav Stampar
|
726155383d
|
higher compatibility with MSSQL 2000 ("ORDER BY items must appear in the select list if the statement contains a UNION operator.") as we always take the first field from the list as the one for referencing (field = expressionFieldsList[0])
|
2011-04-07 23:32:07 +00:00 |
|
Miroslav Stampar
|
b288e5ef57
|
implemented DNS caching mechanism
|
2011-04-07 21:39:18 +00:00 |
|
Miroslav Stampar
|
ae4ea0af45
|
fix for a bug reported by m4l1c3 (AttributeError: 'NoneType' object has no attribute 'replace')
|
2011-04-07 13:57:07 +00:00 |
|
Miroslav Stampar
|
6a8a5db9aa
|
minor code restyling
|
2011-04-07 13:27:29 +00:00 |
|
Miroslav Stampar
|
e33a48d40f
|
minor refactoring
|
2011-04-07 12:54:30 +00:00 |
|
Bernardo Damele
|
c6b9d89d31
|
Accept [RANDNUM] as <char> in payloads.xml and handle it accordingly
|
2011-04-07 11:10:35 +00:00 |
|
Bernardo Damele
|
9e8c933333
|
cosmetics
|
2011-04-07 10:40:58 +00:00 |
|
Miroslav Stampar
|
68828d68a5
|
removed integers from --technique
|
2011-04-07 10:37:48 +00:00 |
|
Miroslav Stampar
|
fced81b6be
|
minor update
|
2011-04-07 10:32:39 +00:00 |
|
Miroslav Stampar
|
845533e92f
|
minor refactoring
|
2011-04-07 10:27:22 +00:00 |
|
Bernardo Damele
|
1880f18367
|
Minor layout adjustments
|
2011-04-07 10:07:52 +00:00 |
|
Bernardo Damele
|
17844eb87c
|
Refactoring to --technique
|
2011-04-07 10:00:47 +00:00 |
|
Bernardo Damele
|
05d12790f1
|
closes #219 - unhidden switch --technique and adapted code accordingly (renamed conf.technique to conf.tech to fit properly in the -h help message)
|
2011-04-06 14:41:44 +00:00 |
|
Bernardo Damele
|
8b14a9eaa7
|
Minor code adjustments
|
2011-04-06 14:40:45 +00:00 |
|
Miroslav Stampar
|
a379463213
|
cosmeticado
|
2011-04-06 08:40:06 +00:00 |
|
Miroslav Stampar
|
b327bbcd9b
|
minor fix (it was quite ... to have this check at the later stage)
|
2011-04-06 08:39:24 +00:00 |
|
Miroslav Stampar
|
fdef6726cf
|
minor update
|
2011-04-06 08:30:50 +00:00 |
|
Bernardo Damele
|
d436ba2da5
|
Minor "fix" when reading hashes from a local sqlite3 (result of --replicate) and there is an int as value
|
2011-04-06 08:19:56 +00:00 |
|
Bernardo Damele
|
81034140c0
|
Reduced number of threads to 3 when -o is provided
|
2011-04-06 08:15:20 +00:00 |
|
Miroslav Stampar
|
265fa52600
|
minor code cosmetics
|
2011-04-04 18:24:16 +00:00 |
|
Miroslav Stampar
|
018b6b9430
|
fix for a charset encoding reported by Kirill
|
2011-04-04 18:20:09 +00:00 |
|
Miroslav Stampar
|
2c01fc56e6
|
minor update regarding misusage of --proxy and --ignore-proxy switches
|
2011-04-04 09:19:43 +00:00 |
|
Miroslav Stampar
|
e957c4400c
|
minor revisit of tampering script(s) functionality (urlencode one is removed as it's currently obsolete regarding the whole process of automatic urlencoding)
|
2011-04-04 08:04:47 +00:00 |
|
Miroslav Stampar
|
305115a68b
|
important improvement of data handling (POST data and header values)
|
2011-04-03 15:02:52 +00:00 |
|
Miroslav Stampar
|
bbd4c128b0
|
minor update related to the last commit
|
2011-04-01 22:19:42 +00:00 |
|
Miroslav Stampar
|
cd7e4f5afc
|
improvement for lots of multiple-selection forms (now by default the first one is selected - till now it was left unchecked which lead to blank get/post data for the whole form)
|
2011-04-01 22:12:24 +00:00 |
|
Bernardo Damele
|
c3b54cc222
|
Cosmetics
|
2011-04-01 16:40:28 +00:00 |
|
Miroslav Stampar
|
e27afef6be
|
minor update regarding --current-db on Oracle
|
2011-04-01 15:56:11 +00:00 |
|
Bernardo Damele
|
eb99f68a7a
|
Minor improvement to --wizard. This does not mean I like the kiddie feature though ;)
|
2011-04-01 14:55:39 +00:00 |
|
Miroslav Stampar
|
de4e0c7346
|
minor update related to the problem with request files reported by jorge_a_santos@hotmail.com
|
2011-04-01 12:09:11 +00:00 |
|
Miroslav Stampar
|
ee15988878
|
another minor update related to previous commit
|
2011-03-31 17:34:07 +00:00 |
|
Miroslav Stampar
|
156d24203f
|
speed optimization
|
2011-03-31 17:16:26 +00:00 |
|
Miroslav Stampar
|
220366b6e8
|
minor update (ip addresses will not be confused any more for crypt_generic hashes)
|
2011-03-31 16:56:26 +00:00 |
|
Miroslav Stampar
|
557ed7d665
|
minor fix for a invalid charset reported by Kirill
|
2011-03-31 14:39:01 +00:00 |
|
Bernardo Damele
|
fed57282fc
|
Added one more warning message to show what's going on with ctrl+c
|
2011-03-31 14:26:14 +00:00 |
|
Bernardo Damele
|
3948cd9e77
|
Minor layout adjustments
|
2011-03-31 14:13:53 +00:00 |
|
Miroslav Stampar
|
c5de903eab
|
minor improvement ("quick defense against substr fields")
|
2011-03-31 09:35:09 +00:00 |
|
Miroslav Stampar
|
ce51326bff
|
quick fix
|
2011-03-31 08:43:17 +00:00 |
|
Miroslav Stampar
|
0916117447
|
improvement of error-based testing (no more sqlmap aborting on error-based payloads which happens very often on MySQL servers); also, minor improvement on brute forcing of column names
|
2011-03-30 18:32:10 +00:00 |
|
Miroslav Stampar
|
dd01d66f13
|
proper update regarding last commit
|
2011-03-29 22:10:08 +00:00 |
|
Miroslav Stampar
|
850328df6c
|
minor cosmetics
|
2011-03-29 22:03:48 +00:00 |
|
Miroslav Stampar
|
b6af80bab3
|
refactoring, cleanup and improvement
|
2011-03-29 21:54:15 +00:00 |
|
Miroslav Stampar
|
adfbfef8c1
|
minor refactoring
|
2011-03-29 21:01:47 +00:00 |
|
Miroslav Stampar
|
12f3024c8a
|
removing that boring message "reflective value found and filtered out" for headers case (we always include Uri header)
|
2011-03-29 20:45:21 +00:00 |
|
Miroslav Stampar
|
9f707febf5
|
minor update
|
2011-03-29 15:43:17 +00:00 |
|
Miroslav Stampar
|
d0861a00e2
|
minor improvement
|
2011-03-29 15:37:57 +00:00 |
|
Miroslav Stampar
|
d28ca5809b
|
adding support for meta HTML header 'refresh' - popular one amongst login pages (stumbled when tested blind injections on Mutillidae login page)
|
2011-03-29 14:16:28 +00:00 |
|
Miroslav Stampar
|
7cf4ba83dc
|
minor refactoring and comment update
|
2011-03-29 12:08:07 +00:00 |
|