Miroslav Stampar
|
a1fd2898a0
|
added friendly tip message for url encoding GET and POST payloads
|
2011-05-25 11:10:52 +00:00 |
|
Miroslav Stampar
|
0e480a9921
|
adding SYS to the ORACLE_SYSTEM_DBS
|
2011-05-25 10:55:47 +00:00 |
|
Miroslav Stampar
|
2f456bee75
|
minor beautification
|
2011-05-25 08:14:39 +00:00 |
|
Miroslav Stampar
|
8b7a3c5a6b
|
making it easier for totally dummy users
|
2011-05-24 17:24:01 +00:00 |
|
Miroslav Stampar
|
bec2c04671
|
helping dummy users
|
2011-05-24 17:15:25 +00:00 |
|
Miroslav Stampar
|
a3466ff79c
|
serving everything for the users
|
2011-05-24 16:34:08 +00:00 |
|
Miroslav Stampar
|
69eb173eca
|
minor just in case patch
|
2011-05-24 15:07:37 +00:00 |
|
Miroslav Stampar
|
0072c3af8e
|
fix for a bug reported by aboynes@gmail.com (for elt in self.a)
|
2011-05-24 15:03:21 +00:00 |
|
Miroslav Stampar
|
f774d8fea0
|
proper Tor settings (reverted r3915 and implemented it the right way)
|
2011-05-24 11:06:58 +00:00 |
|
Miroslav Stampar
|
915c206e3d
|
minor fix for socks proxy issues
|
2011-05-24 09:47:10 +00:00 |
|
Miroslav Stampar
|
ad25bcc2be
|
better way for dealing with relative paths
|
2011-05-24 05:26:51 +00:00 |
|
Miroslav Stampar
|
a536bf210f
|
improved redirection mechanism
|
2011-05-23 23:20:03 +00:00 |
|
Miroslav Stampar
|
128a012121
|
this was causing that --suffix trouble
|
2011-05-23 19:59:07 +00:00 |
|
Miroslav Stampar
|
bfe8e51b7c
|
minor fix for retrieving stuff like "SELECT * FROM testdb..users"
|
2011-05-23 19:45:40 +00:00 |
|
Miroslav Stampar
|
2b12b18357
|
incorporating metasploit patch from oliver.kuckertz@mologie.de
|
2011-05-23 15:27:10 +00:00 |
|
Miroslav Stampar
|
4542d4535f
|
minor beautification
|
2011-05-23 14:28:05 +00:00 |
|
Miroslav Stampar
|
31b48ec11c
|
removing space left
|
2011-05-23 14:18:33 +00:00 |
|
Miroslav Stampar
|
0ed03d474f
|
now supporting "blank tables" - schema of the table will be preserved, even if it's empty - especially nice feature for --replicate
|
2011-05-23 11:09:44 +00:00 |
|
Miroslav Stampar
|
868fbe370b
|
minor beautification
|
2011-05-23 10:39:58 +00:00 |
|
Miroslav Stampar
|
fb23beef6f
|
most elegant way i could think of to deal with "collation incompatibilities" issue on some MySQL/UNION cases (affected about 5% of all targets tested)
|
2011-05-22 19:14:36 +00:00 |
|
Miroslav Stampar
|
4fdb6ac9b9
|
adding useful info
|
2011-05-22 15:30:19 +00:00 |
|
Miroslav Stampar
|
48c20a62ac
|
minor nag fix
|
2011-05-22 15:08:55 +00:00 |
|
Miroslav Stampar
|
40971aca94
|
fixing nasty bug caused by retrying counter
|
2011-05-22 10:59:56 +00:00 |
|
Miroslav Stampar
|
712e238f33
|
another minor fix
|
2011-05-22 10:29:25 +00:00 |
|
Miroslav Stampar
|
2795aeff34
|
minor fix
|
2011-05-22 10:27:45 +00:00 |
|
Miroslav Stampar
|
806e898694
|
no more CRITICAL drop outs in test mode - lots of reports were related to this
|
2011-05-22 10:21:49 +00:00 |
|
Miroslav Stampar
|
9b2623514a
|
one bug fix for Host header (value should be without port number); one improvement for --tables - when no tables ask user if he wants to brute force them; one tweak - adding kb.ignoreTimeout for --tables
|
2011-05-22 09:48:46 +00:00 |
|
Miroslav Stampar
|
2ea613b170
|
type correction and adding global flag kb.ignoreTimeout which could be useful
|
2011-05-22 08:24:13 +00:00 |
|
Miroslav Stampar
|
27f0e73cc9
|
refactoring of 'target' flag in connect.py
|
2011-05-22 07:46:09 +00:00 |
|
Miroslav Stampar
|
a58aaf2e1a
|
better format for results file (easier for sorting when lots of files)
|
2011-05-22 07:02:36 +00:00 |
|
Miroslav Stampar
|
25fff8c135
|
changes in handling --tor (using SOCKS instead of HTTP for handling Tor - more standard way; doesn't require proxy bundle; fixes problems with default proxy ports on Win/Linux)
|
2011-05-21 11:46:57 +00:00 |
|
Miroslav Stampar
|
9e5856caf8
|
improvement for recognition of scalar vs multiple-row commands
|
2011-05-19 16:45:05 +00:00 |
|
Miroslav Stampar
|
db72428765
|
minor update
|
2011-05-19 15:57:29 +00:00 |
|
Miroslav Stampar
|
f40c6b2ce7
|
added --cookie for maskSensitiveData too
|
2011-05-19 15:42:59 +00:00 |
|
Miroslav Stampar
|
9832fc42d4
|
minor improvement for --tamper (now standard tamper scripts can be used like --tamper=randomcase)
|
2011-05-18 21:47:40 +00:00 |
|
Miroslav Stampar
|
3048e9f710
|
minor refactoring
|
2011-05-17 23:03:31 +00:00 |
|
Miroslav Stampar
|
cc07e5dc97
|
added --charset option to force charset encoding of the retrieved data (e.g. when the backend collation is different than the current web page charset) as requested by devon.mitchell1988@yahoo.com
|
2011-05-17 22:55:22 +00:00 |
|
Miroslav Stampar
|
dfe81cc66f
|
minor yielding
|
2011-05-16 20:14:10 +00:00 |
|
Miroslav Stampar
|
a5ad4621c9
|
minor refactoring
|
2011-05-16 20:09:12 +00:00 |
|
Miroslav Stampar
|
ba1df457ab
|
fix for a charset euc_tw reported by devon.mitchell1988@yahoo.com
|
2011-05-16 19:26:58 +00:00 |
|
Miroslav Stampar
|
6ba9dea640
|
just in case for trimmed output
|
2011-05-16 06:17:37 +00:00 |
|
Miroslav Stampar
|
d2221e4604
|
fix for a minor "retrieved" cosmetic issue in partial union technique reported by Devon Mitchell (retrieved: "information_schema","COLUMNS</title><...)
|
2011-05-16 00:23:50 +00:00 |
|
Miroslav Stampar
|
faa74cd2bc
|
introducing results file for multiple target mode
|
2011-05-15 22:21:38 +00:00 |
|
Miroslav Stampar
|
90e84c9a6d
|
removing xmlcharrefreplace error handler as it seems that it wasn't such a good idea at the end
|
2011-05-15 21:43:38 +00:00 |
|
Miroslav Stampar
|
c3bb5a03e1
|
minor improvement
|
2011-05-14 20:09:37 +00:00 |
|
Miroslav Stampar
|
3484a4426b
|
fix for a bug reported by itxx@qq.com (TypeError: encode() takes no keyword arguments)
|
2011-05-14 19:57:28 +00:00 |
|
Miroslav Stampar
|
053c245114
|
few minor fixes
|
2011-05-13 09:56:12 +00:00 |
|
Miroslav Stampar
|
a7d7be5ce0
|
bug fix ('Host' header was being set to the conf.hostname for all getPages causing problems in some cases when retrieved page was not coming from that same Host)
|
2011-05-13 01:01:53 +00:00 |
|
Miroslav Stampar
|
f11d5c91e3
|
minor update so that only one DNS request per scan is being done (before this commit there were two)
|
2011-05-12 14:32:39 +00:00 |
|
Miroslav Stampar
|
70688fb8b5
|
minor enhancement for dumping 'None' values (proper way should be empty string because None is too pythonic)
|
2011-05-12 12:00:17 +00:00 |
|