Commit Graph

419 Commits

Author SHA1 Message Date
Miroslav Stampar
3048e9f710 minor refactoring 2011-05-17 23:03:31 +00:00
Miroslav Stampar
cc07e5dc97 added --charset option to force charset encoding of the retrieved data (e.g. when the backend collation is different than the current web page charset) as requested by devon.mitchell1988@y​ahoo.com 2011-05-17 22:55:22 +00:00
Miroslav Stampar
faa74cd2bc introducing results file for multiple target mode 2011-05-15 22:21:38 +00:00
Miroslav Stampar
a7d7be5ce0 bug fix ('Host' header was being set to the conf.hostname for all getPages causing problems in some cases when retrieved page was not coming from that same Host) 2011-05-13 01:01:53 +00:00
Miroslav Stampar
0b2da2f9f5 minor beautification for --tor switch 2011-05-12 05:46:17 +00:00
Miroslav Stampar
e05a9c0554 i was probably very tired or very stupid to do this 2011-05-11 13:13:46 +00:00
Miroslav Stampar
53065ee1fb adding ordered set for kb.targetUrls (now the order of appereance in multiple targets mode will be respected) 2011-05-11 08:55:48 +00:00
Miroslav Stampar
5ee07b90b9 added -m switch for bulk loading multiple targets 2011-05-11 08:46:40 +00:00
Miroslav Stampar
192c685bc8 changing conf attribute to a more proper name 2011-05-10 20:48:34 +00:00
Miroslav Stampar
deae534ee7 minor refactoring 2011-05-10 20:44:36 +00:00
Bernardo Damele
97bc816aeb layout 2011-05-10 16:24:09 +00:00
Bernardo Damele
3a8309c4b0 Major bug fix to detect UNION query technique and various improvements to parsing and using of --union-char and --union-cols switches 2011-05-10 15:34:54 +00:00
Miroslav Stampar
707edc7b1a fix for a bug (previously --dbms="mysql 4" was ignored and abruptly terminated while the mechanism was here all along) 2011-05-10 13:28:07 +00:00
Miroslav Stampar
a64407d9db minor bug fix for multithreading and lots of connection retries 2011-05-10 12:40:01 +00:00
Bernardo Damele
6653907700 forgot in last commit 2011-05-07 21:13:56 +00:00
Bernardo Damele
aae140080e SVN roll back, DB2 patch will be recommitted after testing:
$ svn merge https://svn.sqlmap.org/sqlmap/trunk/sqlmap@HEAD https://svn.sqlmap.org/sqlmap/trunk/sqlmap@3847 .
2011-05-06 10:27:43 +00:00
Miroslav Stampar
6e392b6054 applying contributed patch for DB2 2011-05-06 09:30:39 +00:00
Miroslav Stampar
5e9620198c fix for a privately reported bug ("AttributeError: item is disabled") 2011-05-02 18:18:04 +00:00
Miroslav Stampar
93dee30895 better fix for the previous commit 2011-05-02 13:34:55 +00:00
Miroslav Stampar
20ad1c1f2f minor update to not confuse users when using -o 2011-05-02 13:24:35 +00:00
Bernardo Damele
955dbc85e7 Minor variable rename 2011-04-30 15:29:59 +00:00
Bernardo Damele
f56d135438 Minor code restyling 2011-04-30 13:20:05 +00:00
Miroslav Stampar
983546d6bf proper fix 2011-04-30 07:01:21 +00:00
Bernardo Damele
956e75e2b5 Minor adjustment to --mobile.
Bug fix to --random-agent.
2011-04-29 21:50:48 +00:00
Miroslav Stampar
11124b21f9 implemented --mobile switch 2011-04-29 19:27:23 +00:00
Bernardo Damele
e35f25b2cb Major recode of --os-pwn functionality. Now the Metasploit shellcode can not be run as a Metasploit generated payload stager anymore. Instead it can be run on the target system either via sys_bineval() (as it was before, anti-forensics mode, all the same) or via shellcodeexec executable. Advantages are that:
* It is stealthier as the shellcode itself does not touch the filesystem, it's an argument passed to shellcodeexec at runtime.
* shellcodeexec is not (yet) recognized as malicious by any (Avast excluded) AV product.
* shellcodeexec binary size is significantly smaller than a Metasploit payload stager (even when packed with UPX).
* UPX now is not needed anymore, so sqlmap package is also way smaller and less likely to be detected itself as malicious by your AV software.
shellcodeexec source code, compilation files and binaries are in extra/shellcodeexec/ folder now - copied over from https://github.com/inquisb/shellcodeexec.
Minor code refactoring.
2011-04-24 23:01:21 +00:00
Bernardo Damele
d0dff82ce0 Minor code refactoring relating set/get back-end DBMS operating system and minor bug fix to properly enforce OS value with --os switch 2011-04-23 16:25:09 +00:00
Miroslav Stampar
f88aa4b165 implemented suppressResumeInfo mechanism (huge slowdown on large tables) 2011-04-22 19:58:10 +00:00
Bernardo Damele
b667c50588 store/resume info on xp_cmd available in session file 2011-04-21 14:25:04 +00:00
Bernardo Damele
11ecd16099 cosmetics 2011-04-21 10:08:38 +00:00
Miroslav Stampar
3b133303bf refactoring 2011-04-19 22:54:13 +00:00
Miroslav Stampar
44bbef42f8 minor cosmetics 2011-04-19 20:23:08 +00:00
Miroslav Stampar
a7c26366b4 doing that auto default value for --time-sec only for --tor 2011-04-19 08:43:29 +00:00
Miroslav Stampar
4d48ac54dc automatically increasing default --time-sec value when --tor/--proxy used (not touching anything if explicit --time-sec set) 2011-04-19 08:34:21 +00:00
Miroslav Stampar
b79d4f70f3 cleaner solution for the problem solved with last commit 2011-04-18 14:51:48 +00:00
Miroslav Stampar
f5cff067c6 little hack for --time-sec 2011-04-18 14:46:18 +00:00
Miroslav Stampar
354a2ce249 'chardet' heuristic engine added to the project 2011-04-18 13:38:46 +00:00
Miroslav Stampar
76d1f09b0a minor cosmetics 2011-04-17 22:25:25 +00:00
Miroslav Stampar
c7ff5dcbeb minor update 2011-04-17 08:48:13 +00:00
Miroslav Stampar
ee88ccf0ac well, this could be important :) 2011-04-17 08:33:46 +00:00
Miroslav Stampar
0387654166 update of copyright string (until year) 2011-04-15 12:33:18 +00:00
Miroslav Stampar
8c6f7c7d5f explicit usage of --time-sec will implicitly turn off auto-adjustment of time delay 2011-04-15 08:52:53 +00:00
Miroslav Stampar
8426d48e2e minor refactoring 2011-04-14 10:14:46 +00:00
Miroslav Stampar
930262f573 minor update related to the last commit 2011-04-14 10:12:07 +00:00
Miroslav Stampar
1c5427baf8 minor fix 2011-04-14 09:54:29 +00:00
Miroslav Stampar
940c225d7c few fixes 2011-04-10 20:53:27 +00:00
Bernardo Damele
d324704844 Removed unused code 2011-04-10 20:39:15 +00:00
Miroslav Stampar
c4c40308c6 no more annoying "no metasploit found" for case when msfpath provided with root directory of Metasploit (not the bin one) 2011-04-08 22:42:07 +00:00
Miroslav Stampar
228cc68747 fix for those ugly DEBUG messages in brute mode 2011-04-08 11:02:21 +00:00
Miroslav Stampar
b288e5ef57 implemented DNS caching mechanism 2011-04-07 21:39:18 +00:00
Miroslav Stampar
ae4ea0af45 fix for a bug reported by m4l1c3 (AttributeError: 'NoneType' object has no attribute 'replace') 2011-04-07 13:57:07 +00:00
Miroslav Stampar
6a8a5db9aa minor code restyling 2011-04-07 13:27:29 +00:00
Bernardo Damele
9e8c933333 cosmetics 2011-04-07 10:40:58 +00:00
Miroslav Stampar
68828d68a5 removed integers from --technique 2011-04-07 10:37:48 +00:00
Miroslav Stampar
fced81b6be minor update 2011-04-07 10:32:39 +00:00
Miroslav Stampar
845533e92f minor refactoring 2011-04-07 10:27:22 +00:00
Bernardo Damele
1880f18367 Minor layout adjustments 2011-04-07 10:07:52 +00:00
Bernardo Damele
17844eb87c Refactoring to --technique 2011-04-07 10:00:47 +00:00
Bernardo Damele
05d12790f1 closes #219 - unhidden switch --technique and adapted code accordingly (renamed conf.technique to conf.tech to fit properly in the -h help message) 2011-04-06 14:41:44 +00:00
Miroslav Stampar
a379463213 cosmeticado 2011-04-06 08:40:06 +00:00
Miroslav Stampar
b327bbcd9b minor fix (it was quite ... to have this check at the later stage) 2011-04-06 08:39:24 +00:00
Bernardo Damele
81034140c0 Reduced number of threads to 3 when -o is provided 2011-04-06 08:15:20 +00:00
Miroslav Stampar
2c01fc56e6 minor update regarding misusage of --proxy and --ignore-proxy switches 2011-04-04 09:19:43 +00:00
Miroslav Stampar
bbd4c128b0 minor update related to the last commit 2011-04-01 22:19:42 +00:00
Miroslav Stampar
cd7e4f5afc improvement for lots of multiple-selection forms (now by default the first one is selected - till now it was left unchecked which lead to blank get/post data for the whole form) 2011-04-01 22:12:24 +00:00
Bernardo Damele
eb99f68a7a Minor improvement to --wizard. This does not mean I like the kiddie feature though ;) 2011-04-01 14:55:39 +00:00
Miroslav Stampar
de4e0c7346 minor update related to the problem with request files reported by jorge_a_santos@hotmail.com 2011-04-01 12:09:11 +00:00
Miroslav Stampar
b6af80bab3 refactoring, cleanup and improvement 2011-03-29 21:54:15 +00:00
Miroslav Stampar
adfbfef8c1 minor refactoring 2011-03-29 21:01:47 +00:00
Miroslav Stampar
d0861a00e2 minor improvement 2011-03-29 15:37:57 +00:00
Miroslav Stampar
5560196648 minor fix 2011-03-29 11:50:12 +00:00
Miroslav Stampar
e20d460809 Bernardo will kill me (added --wizard for total beginners) 2011-03-29 11:42:55 +00:00
Miroslav Stampar
47924fb92e fix for a bug reported by malice.anon@gmail.co​m (AttributeError: 'unicode' object has no attribute 'geturl') 2011-03-27 13:41:54 +00:00
Miroslav Stampar
76b7e3517d minor update 2011-03-27 07:58:15 +00:00
Miroslav Stampar
c5b6d377fb fix for a bug reported by Kirill Morozov (we haven't expected mixed case/copied results in partial union pages) 2011-03-25 12:14:19 +00:00
Miroslav Stampar
2b15ad57c2 basic live tests against 3 major DBMSes 2011-03-24 11:47:01 +00:00
Miroslav Stampar
0bb08d09d2 fix for a bug reported by Kirill (value is None in attack table phase) and minor fix for loading request file 2011-03-24 08:43:40 +00:00
Miroslav Stampar
b5c9ccb755 Oracle XML based error payload has problems with char $ as with space 2011-03-21 13:13:12 +00:00
Miroslav Stampar
2cc91b8470 minor fix 2011-03-19 17:44:34 +00:00
Miroslav Stampar
7c2b3afafb minor fix (-r required Content-Length which is a part of Burp log and as we share the parsing logic this was a headache for -r) 2011-03-19 17:37:26 +00:00
Miroslav Stampar
139448eeb9 little stabilization regarding POST url(de/en)coding 2011-03-19 16:53:14 +00:00
Miroslav Stampar
00b9d85ffc fix regarding bug report from andyroyalbattle@yahoo.it 2011-03-18 16:26:39 +00:00
Miroslav Stampar
75c0e09f43 little refactoring 2011-03-18 13:46:51 +00:00
Miroslav Stampar
c301b245a9 adding default value for referer in case --referer was not defined and --level>=3 used (so it could be tested with default value) 2011-03-18 13:39:51 +00:00
Bernardo Damele
f00aff5303 -v 0 shows both error, critical and raw_input messages 2011-03-11 22:02:38 +00:00
Miroslav Stampar
8edc3b3302 further update regarding last commit 2011-03-03 10:39:04 +00:00
Miroslav Stampar
bc50387a17 possible fix for a bug reported by Black Zero (UnicodeDecodeError for --forms) 2011-03-03 09:42:50 +00:00
Miroslav Stampar
38dc82e13e If no Accept header field is present, then it is assumed that the client accepts all media types. 2011-02-22 22:26:22 +00:00
Miroslav Stampar
d05bd75068 adding experimental for --group-concat 2011-02-22 14:35:38 +00:00
Bernardo Damele
8e60acae5d Added support for --scope also in WebScarab logs (-l) 2011-02-19 21:03:55 +00:00
Miroslav Stampar
df58bcaf95 minor improvement 2011-02-18 14:27:02 +00:00
Miroslav Stampar
22cd49a217 --technique can now be something like 123 which includes both techniques 1, 2 and 3 2011-02-17 21:39:16 +00:00
Miroslav Stampar
199f14df46 implementation of MySQL GROUP_CONCAT technique 2011-02-15 00:28:27 +00:00
Miroslav Stampar
9f7d666451 removing --method per request of buawig 2011-02-12 19:50:27 +00:00
Miroslav Stampar
4295a78c5f minor update 2011-02-10 19:51:34 +00:00
Miroslav Stampar
b56a77e573 removing obsolete switches (--threshold, --excl-reg, --excl-str) 2011-02-03 15:55:19 +00:00
Miroslav Stampar
5f49e20cc8 adding --random-agent and removing -a 2011-02-02 14:51:12 +00:00
Miroslav Stampar
e73a147fb5 minor update 2011-02-02 11:49:59 +00:00
Miroslav Stampar
99aa38b58f minor refactoring 2011-02-02 10:10:28 +00:00
Miroslav Stampar
23c95107ed we must do this because people tend to use ignorantly huge number threads resulting in lots of CRITICAL (timeout) connection messages (also, avoiding DoS) 2011-02-02 09:24:37 +00:00