Miroslav Stampar
9c94a233a1
conf.md5hash thrown out
2010-10-25 13:52:21 +00:00
Miroslav Stampar
9a3879feba
keeping things neat and tidy
2010-10-25 12:33:49 +00:00
Miroslav Stampar
71543092b7
update regarding comparison engine
2010-10-25 12:00:59 +00:00
Miroslav Stampar
8df7c88174
implementation of a new dynamic content removal engine
2010-10-25 10:41:37 +00:00
Miroslav Stampar
2194d47782
setting conf.threads when -o switch is used
2010-10-22 19:10:45 +00:00
Bernardo Damele
1288def3b7
Cosmetics
2010-10-22 14:23:14 +00:00
Miroslav Stampar
a9b50a1e82
minor fix
2010-10-21 23:09:57 +00:00
Miroslav Stampar
bc79eec702
removed queriesfile.py, implemented XMLObject approach (still shell.py and udf.py TODO)
2010-10-21 13:13:12 +00:00
Miroslav Stampar
be443c6947
refactoring regarding __START__,...
2010-10-21 09:51:07 +00:00
Bernardo Damele
d8bfa76dca
Minor possible bug fix
2010-10-20 22:12:53 +00:00
Bernardo Damele
e73e06069b
Minor code refactoring
2010-10-20 22:09:03 +00:00
Bernardo Damele
3b5c5cc457
Minor possible bug fix
2010-10-20 21:49:05 +00:00
Bernardo Damele
f95098693f
Removed unused functions
2010-10-20 21:16:28 +00:00
Miroslav Stampar
e24bff0497
nice refactoring
2010-10-20 09:46:57 +00:00
Miroslav Stampar
5d3cbec457
no more regex. web server independent.
2010-10-20 09:35:46 +00:00
Bernardo Damele
0817d1b78d
Cosmetics
2010-10-19 23:09:30 +00:00
Miroslav Stampar
8776db872c
minor refactoring
2010-10-19 23:05:24 +00:00
Miroslav Stampar
1b376c99a6
removed temp dictionary and replaced with kb.misc
2010-10-19 23:00:19 +00:00
Bernardo Damele
813f44da16
Minor bug fix for MSSQL connector --tables option
2010-10-19 22:11:17 +00:00
Miroslav Stampar
8d9201a3dc
minor update
2010-10-19 18:23:21 +00:00
Miroslav Stampar
4009ef385e
more update regarding error based injection support
2010-10-19 18:17:34 +00:00
Miroslav Stampar
ccda92536f
added header
2010-10-19 09:13:30 +00:00
Miroslav Stampar
264e0a6fda
added support for displaying revision number at unhandled exception message
2010-10-19 08:55:14 +00:00
Miroslav Stampar
729156e91c
proper fix
2010-10-18 21:39:46 +00:00
Miroslav Stampar
3d5494845c
minor bug fix
2010-10-18 21:32:50 +00:00
Bernardo Damele
1d74036ee3
Minor cosmetic fixes
2010-10-18 11:34:53 +00:00
Miroslav Stampar
6b70dadfb2
minor cosmetics
2010-10-18 09:09:22 +00:00
Miroslav Stampar
149837ebf5
added the same for proxy authorization header
2010-10-18 09:02:56 +00:00
Miroslav Stampar
aaebb4336e
fix for Bug #202
2010-10-18 08:54:08 +00:00
Bernardo Damele
64b9f94fcf
Renamed --common-prediction switch to --predict-output
2010-10-16 23:50:13 +00:00
Bernardo Damele
6211915da5
Cosmetic fix
2010-10-16 22:31:16 +00:00
Bernardo Damele
7b71262de6
Cosmetic fix
2010-10-16 22:07:29 +00:00
Bernardo Damele
a2997a6dce
Minor bug fix to --tamper
2010-10-16 21:55:34 +00:00
Bernardo Damele
2129935e06
Split character for tamper scripts (--tamper option) is now comma, not semi-colon.
...
Minor enhancement
2010-10-16 21:52:16 +00:00
Bernardo Damele
2dae934a2b
Minor bug fixes, code refactoring and enhanced --tamper functionality
2010-10-16 21:33:15 +00:00
Bernardo Damele
84ed7f192a
Cosmetic fixes
2010-10-16 15:10:48 +00:00
Miroslav Stampar
1336b97c2c
removed --useBetween switch and added new tampering module ./tamper/between.py
2010-10-15 23:48:07 +00:00
Bernardo Damele
e7c8be1d45
Minor layout adjustments
2010-10-15 15:37:15 +00:00
Miroslav Stampar
c9f0c75030
removed --space (usage of tampering modules is now a prefered way to do it)
2010-10-15 12:52:33 +00:00
Miroslav Stampar
d0514d18ec
removed that spaces from URI payloads
2010-10-15 12:49:03 +00:00
Miroslav Stampar
2fa8836c01
bug fix
2010-10-15 11:14:59 +00:00
Miroslav Stampar
d50684a057
added one more check
2010-10-15 11:05:50 +00:00
Miroslav Stampar
2b476e078c
minor cosmetics
2010-10-15 10:36:29 +00:00
Bernardo Damele
a80f6110cd
don't call variables 'file', it's a reserved word :)
2010-10-15 10:29:24 +00:00
Bernardo Damele
9fcab68700
Minor adjustments
2010-10-15 10:28:06 +00:00
Miroslav Stampar
207bef7f19
fix for that SQLite3 vs SQLite2 issue
2010-10-15 09:39:41 +00:00
Miroslav Stampar
d0df8cdac9
fix for that duplicates
2010-10-15 00:34:16 +00:00
Miroslav Stampar
4f7f20b94f
sorry, cosmetics
2010-10-14 23:18:29 +00:00
Miroslav Stampar
8b48833136
large commit with copyright header modifications
2010-10-14 14:41:14 +00:00
Miroslav Stampar
f07608ef4d
show static words in a sorted manner
2010-10-14 12:38:06 +00:00
Miroslav Stampar
162d01abed
commit of all sorts (bug fix for heuristics and URI injections, fine tunning of tampering modules with SQL keywords,...)
2010-10-14 11:06:28 +00:00
Miroslav Stampar
7e1f784eaa
cosmetic update
2010-10-14 06:00:10 +00:00
Miroslav Stampar
34580f56fc
added --tamper option
2010-10-12 22:45:25 +00:00
Miroslav Stampar
9a08f7feb8
minor update
2010-10-12 20:01:59 +00:00
Miroslav Stampar
d2ec132469
added --text-only switch
2010-10-12 19:41:29 +00:00
Miroslav Stampar
f9f79ffbaf
basic stuff for sybase
2010-10-12 19:05:12 +00:00
Miroslav Stampar
9ffa928783
added some user interaction when page is dynamic
2010-10-12 15:49:04 +00:00
Miroslav Stampar
73b77255e3
minor cosmetic update
2010-10-12 12:32:02 +00:00
Miroslav Stampar
6dcd05c39c
minor update
2010-10-11 14:38:04 +00:00
Miroslav Stampar
43892cddbb
some updates
2010-10-11 12:26:35 +00:00
Miroslav Stampar
2198a60684
bug fix (reported by james@ev6.net)
2010-10-10 20:51:11 +00:00
Miroslav Stampar
7a5bb2b0d6
update
2010-10-10 19:50:10 +00:00
Miroslav Stampar
8fcad29bbf
new feature --forms (still unfinished)
2010-10-10 18:56:43 +00:00
Miroslav Stampar
18d27cabc5
more changes
2010-10-07 15:34:17 +00:00
Miroslav Stampar
440ff639bb
more refactoring
2010-10-07 14:05:34 +00:00
Miroslav Stampar
1e9ae40397
major refactoring
2010-10-07 12:12:26 +00:00
Miroslav Stampar
1bf8939e2f
further updates
2010-10-06 22:43:04 +00:00
Miroslav Stampar
de6fa1247b
moved injections to xml format
2010-10-06 22:29:52 +00:00
Miroslav Stampar
adf2231edb
minor update
2010-10-06 13:38:03 +00:00
Miroslav Stampar
56dbf0038f
minor update (for future implementation of more advanced error page logic)
2010-10-06 12:10:00 +00:00
Miroslav Stampar
0ad8090ad8
fix for a google bug reported by Brandon E.
2010-10-01 08:03:39 +00:00
Miroslav Stampar
8abcdae1b5
some update
2010-09-30 19:45:23 +00:00
Miroslav Stampar
cf8e92699c
changes regarding EXISTS feature
2010-09-30 12:35:45 +00:00
Miroslav Stampar
3cd15960a0
more updates
2010-09-27 13:26:46 +00:00
Miroslav Stampar
3b9fe3e1c8
everything is ready for testing (smoke and live)
2010-09-27 11:20:48 +00:00
Miroslav Stampar
dc11ae0d65
update
2010-09-26 14:56:55 +00:00
Miroslav Stampar
35f35605df
changes regarding Feature #160
2010-09-26 14:02:13 +00:00
Miroslav Stampar
99d9f9e624
update for smoke testing
2010-09-26 10:47:04 +00:00
Miroslav Stampar
2e5f269650
update regarding --space option
2010-09-24 22:35:32 +00:00
Miroslav Stampar
9cd5d3bde7
added new option --space
2010-09-24 21:59:03 +00:00
Miroslav Stampar
327bfcbe97
update regarding Feature #61
2010-09-24 14:34:05 +00:00
Miroslav Stampar
b6ff03690f
update regarding Feature #61
2010-09-24 13:34:46 +00:00
Miroslav Stampar
48e0261e68
update for Feature #61
2010-09-24 13:19:35 +00:00
Miroslav Stampar
ff419f7384
more changes regarding path (URI) injection
2010-09-24 09:19:14 +00:00
Miroslav Stampar
e4925eb3dd
update
2010-09-23 21:57:11 +00:00
Miroslav Stampar
13bb3a6212
minor update
2010-09-23 14:07:23 +00:00
Miroslav Stampar
927ad7bf13
update
2010-09-22 12:21:21 +00:00
Miroslav Stampar
da8ae5578b
first commit regarding Feature #144
2010-09-22 11:56:35 +00:00
Miroslav Stampar
540a9b391f
stripped some trailing spaces
2010-09-16 13:19:13 +00:00
Miroslav Stampar
b745331974
added null connection check
2010-09-16 08:43:10 +00:00
Miroslav Stampar
76233ff5a3
added skeleton for live testing
2010-09-15 13:55:28 +00:00
Miroslav Stampar
53800ef65f
more refactoring
2010-09-15 13:32:42 +00:00
Miroslav Stampar
abc12bc361
more refactoring
2010-09-15 13:28:56 +00:00
Miroslav Stampar
682872689a
some more refactoring
2010-09-15 12:59:51 +00:00
Miroslav Stampar
91a0b5df3c
minor update
2010-09-15 12:52:28 +00:00
Miroslav Stampar
b699f98cbb
minor refactoring
2010-09-15 12:51:02 +00:00
Miroslav Stampar
798ab4989b
fix for a Bug #200
2010-09-14 10:35:01 +00:00
Miroslav Stampar
77a53228c5
changes regarding dynamic content recognition
2010-09-13 21:01:46 +00:00
Miroslav Stampar
19fb2e3dcf
fix for Bug #165
2010-09-13 13:31:01 +00:00
Miroslav Stampar
61120b0bac
minor comment added
2010-09-09 14:08:53 +00:00
Miroslav Stampar
1b3d287a09
fix for a bug reported by shaohua pan (and one other bug)
2010-09-07 10:21:42 +00:00
Miroslav Stampar
e810fe7b0b
no need for obsolete (and hard to find) sqlite module when sqlite3 handles both database versions
2010-08-31 13:37:53 +00:00
Miroslav Stampar
f5953bacc0
fix for direct connection parsing (now on windows machines python sqlmap.py -d access://C:\testdb.mdb is valid, while before it wasn't)
2010-08-30 16:35:28 +00:00
Miroslav Stampar
48cc87f6a9
added support for fingerprinting SAP MaxDB (Issue 143)
2010-08-30 13:29:19 +00:00
Miroslav Stampar
2cd8f31003
some doc test samples included
2010-08-20 21:27:47 +00:00
Miroslav Stampar
4edf6ebe00
update for smoke tests
2010-08-20 21:01:51 +00:00
Miroslav Stampar
8aa12db425
added option --proxy-cred for setting proxy credentials (Feature #195 )
2010-08-18 22:45:00 +00:00
Miroslav Stampar
70197affa0
little update (--ratio has a bigger priority then resumed value)
2010-08-10 19:57:59 +00:00
Miroslav Stampar
057ec8a6b2
added --ratio option for direct manipulation of conf.matchRatio parameter
2010-08-10 19:53:29 +00:00
Miroslav Stampar
02523dbfb5
fix of fix
2010-08-09 22:13:56 +00:00
Miroslav Stampar
6eab7997d1
fix for bug reported by dragoun dash (TypeError: sequence item 0: expected string, NoneType found)
2010-08-08 22:25:33 +00:00
Miroslav Stampar
e0fe5d1504
bug fix for error reported by Marek Sarvas (error data)
2010-08-08 21:48:22 +00:00
Miroslav Stampar
0cab4a5355
fix for bug reported by m4l1c3 (UnicodeEncodeError)
2010-08-08 21:22:37 +00:00
Miroslav Stampar
7dcc2031ac
smoke test adjustments
2010-07-30 12:57:58 +00:00
Miroslav Stampar
092829c189
implemented basic smoke testing mechanism
2010-07-30 12:49:25 +00:00
Miroslav Stampar
28d9115373
fix for Feature #187 (Skip duplicates parameters in -g)
2010-07-29 20:01:04 +00:00
Bernardo Damele
49af0c43a5
Forgot
2010-07-01 15:26:18 +00:00
Miroslav Stampar
9d28ae23ca
fixup for situations with unexpected LENGTHs in multithreaded mode (e.g. UTF8 data retrieval)
2010-07-01 14:11:45 +00:00
Bernardo Damele
24428c1a1b
Added warning message if both --proxy and --keep-alive are provided
2010-06-30 11:41:42 +00:00
Bernardo Damele
d40a238335
Make --keep-alive public
2010-06-30 11:29:35 +00:00
Bernardo Damele
8625763c07
Minor code refactoring
2010-06-30 11:22:25 +00:00
Bernardo Damele
c33f3ef844
Minor adjustment to HTTP headers handling
2010-06-29 23:51:44 +00:00
Bernardo Damele
fb9f669544
More verbose comments
2010-06-29 21:10:33 +00:00
Bernardo Damele
8576817a2b
Added support for SOAP requests: fixed, extended and tested a user's patch - closes #196 .
2010-06-29 21:07:23 +00:00
Bernardo Damele
ea45d75f2d
Major bug fix to parse and store all HTTP headers from the request file (-r)
2010-06-29 21:06:03 +00:00
Bernardo Damele
7cad3cbda6
Minor code refactoring
2010-06-28 13:47:20 +00:00
Miroslav Stampar
ccfc9b0fec
fix for that bug linux man reported (UnicodeEncodeError inside raw_input)
2010-06-23 07:30:15 +00:00
Bernardo Damele
17e228024b
Minor enhancements and bug fixes to "good samaritan" feature - see #4
2010-06-21 14:40:12 +00:00
Bernardo Damele
fd76f048b6
Added common pattern value support to bisection algorithm
2010-06-17 11:38:32 +00:00
Bernardo Damele
9bce22683b
Minor bug fix and adjustment to deal with Keep-Alive also against Google (-g)
2010-06-11 10:08:19 +00:00
Bernardo Damele
c23ea4c749
--keep-alive is not compatible with --proxy
2010-06-10 21:19:45 +00:00
Bernardo Damele
75dc44deb8
Minor adjustments
2010-06-10 15:34:28 +00:00
Bernardo Damele
d3c8e461cf
Minor layout adjustments
2010-06-10 14:14:56 +00:00
Miroslav Stampar
ac55e1b75f
fix for localhost firebird direct db access
2010-06-10 12:02:48 +00:00
Miroslav Stampar
c398353e06
support for loading 'faulty character set' session files
2010-06-09 16:07:47 +00:00
Miroslav Stampar
38e5e342f8
added prettyprint module with fixed toprettyxml() method
2010-06-07 09:03:03 +00:00
Miroslav Stampar
9e76b847b3
fix regarding bug discovered by Andreas Constantinides
2010-06-04 17:07:17 +00:00
Miroslav Stampar
464f171a8c
added reusage of xml output and removed toprettyxml which has lots and lots of problems (output once stored is not usable any more from any xml parser/reader because it adds whitespaces all over the output just to be more 'human' readable)
2010-06-03 07:36:30 +00:00
Miroslav Stampar
c470255c18
minor update
2010-06-02 14:56:39 +00:00
Miroslav Stampar
12a5ec9f3d
more unicode refactoring
2010-06-02 12:45:40 +00:00
Miroslav Stampar
2fb8bf3b6a
more dump/unicode cleanup
2010-06-02 12:31:36 +00:00
Bernardo Damele
64ad3b03be
Minor bug fix
2010-06-02 11:01:41 +00:00
Miroslav Stampar
17e0e83990
minor unimportant update
2010-06-02 08:34:57 +00:00
Miroslav Stampar
32a0ba9296
fixing unicode mess
2010-06-02 08:28:38 +00:00
Miroslav Stampar
eb94edc48c
added keepalive module
2010-06-01 12:21:10 +00:00
Bernardo Damele
6df2d98fc9
Minor bug fix in common.py goGoodSamaritan().
...
Minor code cleanup and adjustments.
2010-05-31 15:05:29 +00:00
Miroslav Stampar
db7ede96fd
more updates/fixes
2010-05-31 11:11:53 +00:00
Miroslav Stampar
4bb5885413
some changes regarding --common-outputs feature
2010-05-31 09:41:41 +00:00
Miroslav Stampar
0450df8a77
added kb.cache for storing cached results (e.g. kb.cache.regex for storing compiled regular expressions and kb.cache.md5 for storing precalculated MD5 values during '--users --common-prediction' session)
2010-05-31 08:13:08 +00:00
Bernardo Damele
b798222dd7
Minor fixes
2010-05-30 14:53:13 +00:00
Bernardo Damele
89c721a451
More replacements from open() to codecs.open(). conf.dataEncoding has to be used only for non-binary files.
2010-05-29 10:10:28 +00:00
Miroslav Stampar
a4155269c5
bug fix (unicode(unicode) results in “TypeError: decoding Unicode is not supported” ( http://www.red-mercury.com/blog/eclectic-tech/python-mystery-of-the-day/ )
2010-05-29 07:25:38 +00:00
Bernardo Damele
e811101dce
Minor bug fix
2010-05-28 23:39:52 +00:00
Bernardo Damele
10521b68eb
Major bug fix in multipartpost and minor adjustments elsewhere
2010-05-28 23:12:20 +00:00
Bernardo Damele
06af405efd
Adapted and merged in patch to support XML output (-x switch) - still in beta.
...
Minor bug fixes and adjustments.
2010-05-28 16:43:04 +00:00
Bernardo Damele
a138dbe5f6
Minor bug fixes and code refactoring
2010-05-28 15:57:43 +00:00
Miroslav Stampar
919a8345d6
minor fix
2010-05-28 15:30:02 +00:00
Miroslav Stampar
ad3c425a18
quick fix
2010-05-28 15:26:55 +00:00
Miroslav Stampar
accaf0b3bd
minor refactoring
2010-05-28 14:07:48 +00:00
Miroslav Stampar
0f5768cddf
more and more fixes
2010-05-28 14:04:34 +00:00
Miroslav Stampar
a3db3c03c1
str() -> unicode()
2010-05-28 13:05:02 +00:00
Miroslav Stampar
f24187f251
few fixes here and there
2010-05-28 12:47:03 +00:00
Bernardo Damele
f26de89216
Minor bug fix to correctly deal with unicode queries with -d
2010-05-28 11:32:10 +00:00
Miroslav Stampar
f36e093fa7
minor update
2010-05-28 09:13:50 +00:00
Bernardo Damele
9de1671b8f
Code refactoring and minor bug fixes.
2010-05-27 16:45:09 +00:00
Miroslav Stampar
c431a74d9e
minor fix/adjustment regarding getCompiledRegex
2010-05-27 11:52:18 +00:00
Miroslav Stampar
ce29c841cf
some comments added
2010-05-26 11:14:22 +00:00
Miroslav Stampar
1a3dfd8ced
some more changes
2010-05-26 11:01:26 +00:00
Miroslav Stampar
bbdbe44e3f
fuck yea, first tests (MySQL/--tables & --common-prediction) are great :)
2010-05-26 10:41:37 +00:00
Miroslav Stampar
7f0db26e99
more code updates regarding good samaritan (common output) feature
2010-05-26 09:48:20 +00:00
Miroslav Stampar
8ed76b3024
minor update regarding good samaritan
2010-05-25 14:51:02 +00:00
Miroslav Stampar
065d5b02ec
added singleValue parameter for good samaritan (same thing Bernardo wanted :)
2010-05-25 13:51:03 +00:00
Miroslav Stampar
056d1ad76e
new commit regarding good samaritan feature
2010-05-25 13:06:23 +00:00
Miroslav Stampar
dc83f794ea
fix regarding proper string isinstance checking (including unicode)
2010-05-25 10:09:35 +00:00
Miroslav Stampar
1f07db875d
fix for that float() report from Shaohua Pan
2010-05-24 20:12:37 +00:00
Bernardo Damele
a43eb64c5d
Minor refactoring
2010-05-24 15:46:12 +00:00
Miroslav Stampar
0197f8db5c
code refactoring regarding issue #184
2010-05-24 11:12:40 +00:00
Miroslav Stampar
e9be60e1ac
added support for proper unicode session(s) storage/retrieval
2010-05-24 11:00:49 +00:00
Bernardo Damele
03fb84e29f
Minor enhancement to internal --profile function
2010-05-21 15:06:05 +00:00
Miroslav Stampar
5d5ebd49b6
introducing regex caching mechanism
2010-05-21 14:42:59 +00:00
Bernardo Damele
7ee20480a4
Added a TODO note
2010-05-21 13:24:23 +00:00
Bernardo Damele
319adef8c4
Minor adjustment
2010-05-21 13:19:50 +00:00
Miroslav Stampar
050015d2bb
minor adjustments
2010-05-21 13:15:21 +00:00
Miroslav Stampar
5a5b31ad53
minor code adjustment
2010-05-21 13:03:57 +00:00
Miroslav Stampar
64f2afe585
in a mood for more changes
2010-05-21 12:44:09 +00:00
Miroslav Stampar
78547bb79e
quick fix
2010-05-21 12:19:20 +00:00
Bernardo Damele
a21a7fc56d
Minor code refactoring
2010-05-21 12:09:31 +00:00
Miroslav Stampar
9b91b30b69
minor refactoring
2010-05-21 10:41:30 +00:00
Miroslav Stampar
5f44696530
changes regarding putting of gprof2dot script inside extras and its usage
2010-05-21 10:30:11 +00:00
Miroslav Stampar
68e13c3872
periodical commit
2010-05-21 09:35:36 +00:00
Bernardo Damele
9c1d82c9f7
Minor bug fix to --proxy with HTTPS target on Python 2.6 - fixes #191 .
2010-05-20 10:52:14 +00:00
Bernardo Damele
e0e2349529
Refactor to --search -C and minor bug fix - See #190 .
2010-05-17 16:16:49 +00:00
Miroslav Stampar
19a82e151c
minor cleanup
2010-05-14 14:03:33 +00:00
Miroslav Stampar
7107e8fd6a
optimization of CPU intensive sanitizeAsciiString
2010-05-14 13:55:25 +00:00
Miroslav Stampar
5396f13bab
added CPU throttling for lowering sqlmap's CPU intensivity
2010-05-13 15:19:28 +00:00
Miroslav Stampar
ca3e12ae73
added calculateDeltaSeconds method for dealing with non-deterministic time behaviour in some cases (e.g. WAITFOR DELAY in case of MSSQL)
2010-05-13 11:05:35 +00:00
Miroslav Stampar
893bc04fe4
changes regarding Feature #157 (Evaluate BETWEEN for inference algorithm)
2010-05-12 11:30:32 +00:00
Miroslav Stampar
1a8beebc8c
minor fix
2010-05-11 13:55:30 +00:00
Miroslav Stampar
1e5ecbaa97
speedup of initial session file handling
2010-05-11 13:36:30 +00:00
Bernardo Damele
65a05452f7
Added option --search to work in conjunction with -D (done), -T (soon) or -C (replaces --dump -C) - See #190 :
...
* --search -D foobar: searches all database names like the ones provided
* --search -T foobar: searches all databases' table names like the ones provided (soon)
* --search -C foobar: replaces --dump -C
2010-05-07 13:40:57 +00:00
Miroslav Stampar
789dd6c66f
more quick fixes
2010-05-04 08:43:14 +00:00
Bernardo Damele
4d46f997a7
Minor bug fix
2010-04-29 13:34:03 +00:00
Bernardo Damele
fa48d26f95
Minor cosmetic fix
2010-04-26 12:34:21 +00:00
Miroslav Stampar
7eef76f1b0
added basic option validation for start/stop values regarding David Guimaraes mail
2010-04-26 11:23:12 +00:00
Bernardo Damele
a1b1f960cc
Finally fixed and adapted all code around to the new isWindowsDriveLetterPath() function
2010-04-23 16:34:20 +00:00
Bernardo Damele
0f80768e66
Reverted
2010-04-22 16:35:22 +00:00
Bernardo Damele
7b070acd17
Reimported needed imports!
2010-04-22 16:13:22 +00:00
Miroslav Stampar
1bcec80e95
fix for that takeover bug Ethan Robish posted (Windows/PHP)
2010-04-22 10:31:33 +00:00
Bernardo Damele
2840f20605
Minor bug fix
2010-04-17 15:43:08 +00:00
Miroslav Stampar
915d3441e9
some code refactoring
2010-04-16 19:57:00 +00:00
Miroslav Stampar
938a3ab0b9
fix for Bug #183 (--threads dot output)
2010-04-16 13:40:02 +00:00
Miroslav Stampar
1aeaa5db47
implementation of Feature #176 (Safe URL: avoid being kicked out after N unsuccessful requests)
2010-04-16 12:44:47 +00:00
Miroslav Stampar
17554759b7
implemented feature request from Ole Rasmussen regarding table name retrieval speedup
2010-04-15 09:36:13 +00:00
Bernardo Damele
1ab78ce60e
Added support to directly connect also to SQLite 2 db file
2010-04-13 22:43:38 +00:00
Bernardo Damele
fee062781f
Minor adjustment
2010-04-13 11:13:01 +00:00
Miroslav Stampar
da1ea48947
added some nagging for connection details
2010-04-13 11:00:15 +00:00
Bernardo Damele
eecee3b274
Added resume functionality to -d and fixed logging with -d
2010-04-12 09:35:20 +00:00
Bernardo Damele
b72ddb6f1e
Fixes non-deterministic unsorted results for most of the DBMSes - see #185
2010-04-09 15:48:53 +00:00
Miroslav Stampar
fcceceed45
fix for bug reported by shiftzwei@gmail.com regarding formatDBMSfp with unknown DBMS version
2010-04-09 10:40:08 +00:00
Miroslav Stampar
63c70018ca
fix for that update (conf.cj) problem mentioned by shiftzwei@gmail.com
2010-04-09 10:16:15 +00:00
Bernardo Damele
effc7dc41c
Minor adjustment to notify the user that the --auth-cred format for NTLM authentication is "DOMAIN\user:password"
2010-04-07 09:47:14 +00:00
Bernardo Damele
2d55ec19a3
Minor code restyling
2010-04-06 10:15:19 +00:00
Miroslav Stampar
e29e8f82f9
fix for "Problem with --dbms set" reported by David Guimaraes
2010-04-05 23:09:35 +00:00
Miroslav Stampar
0a363d3f2b
fix for not properly clearing cookies when in multiple targets scanning mode spotted by Kasper Fons
2010-04-04 14:38:48 +00:00
Miroslav Stampar
4129cb22a7
update regarding bug reported by Ole Rasmussen
2010-04-03 19:41:47 +00:00
Bernardo Damele
cad8f61d55
Force pymssql to version >= 1.0.2
2010-03-31 15:31:11 +00:00
Bernardo Damele
b19de015c5
Minor bugs fixes
2010-03-31 13:52:51 +00:00
Bernardo Damele
5fdebb5d5b
Added support to directly connect also to Microsoft SQL Server database.
...
Fixed direct connection to always use the same query as of UNION query SQL injection (= one query with multiple columns/entries output).
Minor fixes to Firebird/Access/SQLite connectors to use connector's execute()/fetchall() as wrapper for third-party libraries' methods.
Forced conf.timeout to 10 seconds when directly connecting to database.
Slightly improved regular expression to parse -d parameter.
Added import check for all connectors' third-party libraries.
Code refactoring:
* Moved conf.direct request to direct() function in lib/request/direct.py (code reused where needed).
* Back-delegated to generic connector close() and other methods.
2010-03-31 10:50:47 +00:00
Miroslav Stampar
a02ec29c15
too
2010-03-30 11:52:45 +00:00
Miroslav Stampar
c9c9c1fb2f
replace only first occurrence
2010-03-30 11:52:01 +00:00
Miroslav Stampar
ae3455a0c2
more update
2010-03-30 11:28:14 +00:00
Miroslav Stampar
738c210075
update
2010-03-30 11:21:26 +00:00
Miroslav Stampar
87d8c6719e
updates, fixes and stuff
2010-03-30 11:06:30 +00:00
Bernardo Damele
a0290a257b
Added support to connect directly also to Oracle - see #158
2010-03-27 21:50:19 +00:00
Bernardo Damele
1416cd0d86
Major enhancement to directly connect to the dbms without passing via a sql injection: adapted code accordingly - see #158 . This feature relies on python third-party libraries to be able to connect to the database. For the moment it has been implemented for MySQL (with python-mysqldb module) and PostgreSQL (with python-psycopg2 module).
...
Minor layout adjustments.
2010-03-26 23:23:25 +00:00
Miroslav Stampar
4ca1adba2c
update
2010-03-26 21:30:36 +00:00
Miroslav Stampar
1ec5221d82
minor update
2010-03-26 20:51:55 +00:00
Miroslav Stampar
0aa8f7309b
added copyright notice and keywords
2010-03-26 20:23:08 +00:00
Miroslav Stampar
2e05e1c54d
new module for Feature #61
2010-03-26 20:19:18 +00:00
Miroslav Stampar
8bab94de64
added two new functions: isBase64EncodedString and isHexEncodedString for Feature #71
2010-03-26 17:18:02 +00:00
Bernardo Damele
2aadc5c939
Added support for --roles (for Oracle ROLE_PRIVS). Enhanced Oracle --privileges to fall-back to USER_SYS_PRIVS if DBA_SYS_PRIVS is not accessible (so session user is not DBA) - Fixes ticket #180 .
...
Minor enhancement to Firebird to determine if a DB user is a DBA.
Minor code refactoring.
2010-03-25 15:46:06 +00:00
Bernardo Damele
f4f68218bc
Minor layout adjustment for --threads and --eta output
2010-03-25 11:47:18 +00:00
Bernardo Damele
f9a135e232
Minor bug fix and layout adjustment regarding --threading and standard output
2010-03-22 17:38:19 +00:00
Bernardo Damele
d13ad8b2d7
fixes #181 - proper save/resume information about single entry UNION SQL injection
2010-03-22 15:39:29 +00:00
Bernardo Damele
d00e4a458a
Code cleanup
2010-03-21 00:39:44 +00:00
Bernardo Damele
0d559d14df
Initial support for SQLite (90% approx).
...
Initial support for Firebird (30% approx).
Initial support for Access (10% approx).
Shared libraries code/installation scripts ported to 64bit, directory structure adapted.
Minor code adjustments.
2010-03-18 17:20:54 +00:00
Bernardo Damele
d2f86fb0a5
Fixes #172 - also cookies are parsed from burp/webscarab logs (-l) and request file (-r) now
2010-03-16 15:21:42 +00:00
Bernardo Damele
466df89c4a
Fixes #178 and #179 - proper handling of custom redirects
2010-03-16 14:30:57 +00:00
Bernardo Damele
3b3353e05b
Revert last commit
2010-03-16 13:56:36 +00:00
Miroslav Stampar
1dfe558d3d
Fix for Issue #177
2010-03-16 13:11:44 +00:00