Miroslav Stampar
|
a7c26366b4
|
doing that auto default value for --time-sec only for --tor
|
2011-04-19 08:43:29 +00:00 |
|
Miroslav Stampar
|
4d48ac54dc
|
automatically increasing default --time-sec value when --tor/--proxy used (not touching anything if explicit --time-sec set)
|
2011-04-19 08:34:21 +00:00 |
|
Miroslav Stampar
|
b79d4f70f3
|
cleaner solution for the problem solved with last commit
|
2011-04-18 14:51:48 +00:00 |
|
Miroslav Stampar
|
f5cff067c6
|
little hack for --time-sec
|
2011-04-18 14:46:18 +00:00 |
|
Miroslav Stampar
|
354a2ce249
|
'chardet' heuristic engine added to the project
|
2011-04-18 13:38:46 +00:00 |
|
Miroslav Stampar
|
76d1f09b0a
|
minor cosmetics
|
2011-04-17 22:25:25 +00:00 |
|
Miroslav Stampar
|
c7ff5dcbeb
|
minor update
|
2011-04-17 08:48:13 +00:00 |
|
Miroslav Stampar
|
ee88ccf0ac
|
well, this could be important :)
|
2011-04-17 08:33:46 +00:00 |
|
Miroslav Stampar
|
0387654166
|
update of copyright string (until year)
|
2011-04-15 12:33:18 +00:00 |
|
Miroslav Stampar
|
8c6f7c7d5f
|
explicit usage of --time-sec will implicitly turn off auto-adjustment of time delay
|
2011-04-15 08:52:53 +00:00 |
|
Miroslav Stampar
|
8426d48e2e
|
minor refactoring
|
2011-04-14 10:14:46 +00:00 |
|
Miroslav Stampar
|
930262f573
|
minor update related to the last commit
|
2011-04-14 10:12:07 +00:00 |
|
Miroslav Stampar
|
1c5427baf8
|
minor fix
|
2011-04-14 09:54:29 +00:00 |
|
Miroslav Stampar
|
940c225d7c
|
few fixes
|
2011-04-10 20:53:27 +00:00 |
|
Bernardo Damele
|
d324704844
|
Removed unused code
|
2011-04-10 20:39:15 +00:00 |
|
Miroslav Stampar
|
c4c40308c6
|
no more annoying "no metasploit found" for case when msfpath provided with root directory of Metasploit (not the bin one)
|
2011-04-08 22:42:07 +00:00 |
|
Miroslav Stampar
|
228cc68747
|
fix for those ugly DEBUG messages in brute mode
|
2011-04-08 11:02:21 +00:00 |
|
Miroslav Stampar
|
b288e5ef57
|
implemented DNS caching mechanism
|
2011-04-07 21:39:18 +00:00 |
|
Miroslav Stampar
|
ae4ea0af45
|
fix for a bug reported by m4l1c3 (AttributeError: 'NoneType' object has no attribute 'replace')
|
2011-04-07 13:57:07 +00:00 |
|
Miroslav Stampar
|
6a8a5db9aa
|
minor code restyling
|
2011-04-07 13:27:29 +00:00 |
|
Bernardo Damele
|
9e8c933333
|
cosmetics
|
2011-04-07 10:40:58 +00:00 |
|
Miroslav Stampar
|
68828d68a5
|
removed integers from --technique
|
2011-04-07 10:37:48 +00:00 |
|
Miroslav Stampar
|
fced81b6be
|
minor update
|
2011-04-07 10:32:39 +00:00 |
|
Miroslav Stampar
|
845533e92f
|
minor refactoring
|
2011-04-07 10:27:22 +00:00 |
|
Bernardo Damele
|
1880f18367
|
Minor layout adjustments
|
2011-04-07 10:07:52 +00:00 |
|
Bernardo Damele
|
17844eb87c
|
Refactoring to --technique
|
2011-04-07 10:00:47 +00:00 |
|
Bernardo Damele
|
05d12790f1
|
closes #219 - unhidden switch --technique and adapted code accordingly (renamed conf.technique to conf.tech to fit properly in the -h help message)
|
2011-04-06 14:41:44 +00:00 |
|
Miroslav Stampar
|
a379463213
|
cosmeticado
|
2011-04-06 08:40:06 +00:00 |
|
Miroslav Stampar
|
b327bbcd9b
|
minor fix (it was quite ... to have this check at the later stage)
|
2011-04-06 08:39:24 +00:00 |
|
Bernardo Damele
|
81034140c0
|
Reduced number of threads to 3 when -o is provided
|
2011-04-06 08:15:20 +00:00 |
|
Miroslav Stampar
|
2c01fc56e6
|
minor update regarding misusage of --proxy and --ignore-proxy switches
|
2011-04-04 09:19:43 +00:00 |
|
Miroslav Stampar
|
bbd4c128b0
|
minor update related to the last commit
|
2011-04-01 22:19:42 +00:00 |
|
Miroslav Stampar
|
cd7e4f5afc
|
improvement for lots of multiple-selection forms (now by default the first one is selected - till now it was left unchecked which lead to blank get/post data for the whole form)
|
2011-04-01 22:12:24 +00:00 |
|
Bernardo Damele
|
eb99f68a7a
|
Minor improvement to --wizard. This does not mean I like the kiddie feature though ;)
|
2011-04-01 14:55:39 +00:00 |
|
Miroslav Stampar
|
de4e0c7346
|
minor update related to the problem with request files reported by jorge_a_santos@hotmail.com
|
2011-04-01 12:09:11 +00:00 |
|
Miroslav Stampar
|
b6af80bab3
|
refactoring, cleanup and improvement
|
2011-03-29 21:54:15 +00:00 |
|
Miroslav Stampar
|
adfbfef8c1
|
minor refactoring
|
2011-03-29 21:01:47 +00:00 |
|
Miroslav Stampar
|
d0861a00e2
|
minor improvement
|
2011-03-29 15:37:57 +00:00 |
|
Miroslav Stampar
|
5560196648
|
minor fix
|
2011-03-29 11:50:12 +00:00 |
|
Miroslav Stampar
|
e20d460809
|
Bernardo will kill me (added --wizard for total beginners)
|
2011-03-29 11:42:55 +00:00 |
|
Miroslav Stampar
|
47924fb92e
|
fix for a bug reported by malice.anon@gmail.com (AttributeError: 'unicode' object has no attribute 'geturl')
|
2011-03-27 13:41:54 +00:00 |
|
Miroslav Stampar
|
76b7e3517d
|
minor update
|
2011-03-27 07:58:15 +00:00 |
|
Miroslav Stampar
|
c5b6d377fb
|
fix for a bug reported by Kirill Morozov (we haven't expected mixed case/copied results in partial union pages)
|
2011-03-25 12:14:19 +00:00 |
|
Miroslav Stampar
|
2b15ad57c2
|
basic live tests against 3 major DBMSes
|
2011-03-24 11:47:01 +00:00 |
|
Miroslav Stampar
|
0bb08d09d2
|
fix for a bug reported by Kirill (value is None in attack table phase) and minor fix for loading request file
|
2011-03-24 08:43:40 +00:00 |
|
Miroslav Stampar
|
b5c9ccb755
|
Oracle XML based error payload has problems with char $ as with space
|
2011-03-21 13:13:12 +00:00 |
|
Miroslav Stampar
|
2cc91b8470
|
minor fix
|
2011-03-19 17:44:34 +00:00 |
|
Miroslav Stampar
|
7c2b3afafb
|
minor fix (-r required Content-Length which is a part of Burp log and as we share the parsing logic this was a headache for -r)
|
2011-03-19 17:37:26 +00:00 |
|
Miroslav Stampar
|
139448eeb9
|
little stabilization regarding POST url(de/en)coding
|
2011-03-19 16:53:14 +00:00 |
|
Miroslav Stampar
|
00b9d85ffc
|
fix regarding bug report from andyroyalbattle@yahoo.it
|
2011-03-18 16:26:39 +00:00 |
|
Miroslav Stampar
|
75c0e09f43
|
little refactoring
|
2011-03-18 13:46:51 +00:00 |
|
Miroslav Stampar
|
c301b245a9
|
adding default value for referer in case --referer was not defined and --level>=3 used (so it could be tested with default value)
|
2011-03-18 13:39:51 +00:00 |
|
Bernardo Damele
|
f00aff5303
|
-v 0 shows both error, critical and raw_input messages
|
2011-03-11 22:02:38 +00:00 |
|
Miroslav Stampar
|
8edc3b3302
|
further update regarding last commit
|
2011-03-03 10:39:04 +00:00 |
|
Miroslav Stampar
|
bc50387a17
|
possible fix for a bug reported by Black Zero (UnicodeDecodeError for --forms)
|
2011-03-03 09:42:50 +00:00 |
|
Miroslav Stampar
|
38dc82e13e
|
If no Accept header field is present, then it is assumed that the client accepts all media types.
|
2011-02-22 22:26:22 +00:00 |
|
Miroslav Stampar
|
d05bd75068
|
adding experimental for --group-concat
|
2011-02-22 14:35:38 +00:00 |
|
Bernardo Damele
|
8e60acae5d
|
Added support for --scope also in WebScarab logs (-l)
|
2011-02-19 21:03:55 +00:00 |
|
Miroslav Stampar
|
df58bcaf95
|
minor improvement
|
2011-02-18 14:27:02 +00:00 |
|
Miroslav Stampar
|
22cd49a217
|
--technique can now be something like 123 which includes both techniques 1, 2 and 3
|
2011-02-17 21:39:16 +00:00 |
|
Miroslav Stampar
|
199f14df46
|
implementation of MySQL GROUP_CONCAT technique
|
2011-02-15 00:28:27 +00:00 |
|
Miroslav Stampar
|
9f7d666451
|
removing --method per request of buawig
|
2011-02-12 19:50:27 +00:00 |
|
Miroslav Stampar
|
4295a78c5f
|
minor update
|
2011-02-10 19:51:34 +00:00 |
|
Miroslav Stampar
|
b56a77e573
|
removing obsolete switches (--threshold, --excl-reg, --excl-str)
|
2011-02-03 15:55:19 +00:00 |
|
Miroslav Stampar
|
5f49e20cc8
|
adding --random-agent and removing -a
|
2011-02-02 14:51:12 +00:00 |
|
Miroslav Stampar
|
e73a147fb5
|
minor update
|
2011-02-02 11:49:59 +00:00 |
|
Miroslav Stampar
|
99aa38b58f
|
minor refactoring
|
2011-02-02 10:10:28 +00:00 |
|
Miroslav Stampar
|
23c95107ed
|
we must do this because people tend to use ignorantly huge number threads resulting in lots of CRITICAL (timeout) connection messages (also, avoiding DoS)
|
2011-02-02 09:24:37 +00:00 |
|
Bernardo Damele
|
ec9ebb3479
|
Set threads to 4 when optimization switch is provided, -o
|
2011-01-31 21:21:13 +00:00 |
|
Miroslav Stampar
|
ddf23ba7cc
|
refactoring
|
2011-01-30 11:36:03 +00:00 |
|
Miroslav Stampar
|
367d0639f0
|
refactoring (class names should always be Capital cased)
|
2011-01-28 16:36:09 +00:00 |
|
Bernardo Damele
|
e1db2700f0
|
Minor bug fix to properly deal --prefix and --suffix and parameter replace payloads
|
2011-01-24 12:25:45 +00:00 |
|
Miroslav Stampar
|
4441e11f68
|
fix for case -r with no params and cookie available
|
2011-01-24 11:26:51 +00:00 |
|
Bernardo Damele
|
4128b2c87f
|
Enforce that when --prefix is provided, --suffix is too and viceversa.
|
2011-01-20 21:57:54 +00:00 |
|
Miroslav Stampar
|
ad12242151
|
LoL (removing those checks because we use same "logic" for parsing Burp log files and request files)
|
2011-01-20 16:27:59 +00:00 |
|
Miroslav Stampar
|
e8c037de1a
|
minor update
|
2011-01-20 16:17:38 +00:00 |
|
Miroslav Stampar
|
4e5f0da1ae
|
minor update
|
2011-01-20 16:07:08 +00:00 |
|
Miroslav Stampar
|
2fa066f892
|
added support for WebScarab logs
|
2011-01-20 15:55:50 +00:00 |
|
Miroslav Stampar
|
f6f4b5e9dd
|
bug fix for charset used in inference for pages retrieved with --null-connection
|
2011-01-20 11:01:01 +00:00 |
|
Bernardo Damele
|
bade0e3124
|
Major code refactoring - centralized all kb.dbms* info for both retrieval and set.
|
2011-01-19 23:06:15 +00:00 |
|
Miroslav Stampar
|
c106dc829a
|
more proper way to deal with this because without it warn message is just fast scrolled while leaving users confused (why it doesn't run)
|
2011-01-19 22:08:56 +00:00 |
|
Bernardo Damele
|
47565f9459
|
Minor code refactoring
|
2011-01-17 21:13:59 +00:00 |
|
Miroslav Stampar
|
30d6791968
|
update regarding time based data retrieval
|
2011-01-16 17:52:42 +00:00 |
|
Miroslav Stampar
|
71391874eb
|
slightly faster and thread safer inference
|
2011-01-16 10:52:42 +00:00 |
|
Miroslav Stampar
|
fb9d7cdfaa
|
refactoring, code clearing and removal of obsolete switch --longest-common
|
2011-01-14 14:37:03 +00:00 |
|
Bernardo Damele
|
3c95d71ea5
|
Minor bug fix - restored of so called kb.misc.testedDbms (now kb.misc.fpDbms) to force the DBMS (only) during the fingerprint phase
|
2011-01-14 11:55:20 +00:00 |
|
Bernardo Damele
|
2ac8debea0
|
Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS.
Minor bug fixes thanks to previous refactoring too.
|
2011-01-13 17:36:54 +00:00 |
|
Bernardo Damele
|
af9725214a
|
Properly deal with partial (single entry) UNION injections.
Got rid of kb.union*, now it's all stored/used from kb.injection.
Minor bug fix with where=2 detection phase.
|
2011-01-12 12:01:32 +00:00 |
|
Bernardo Damele
|
8a67aea754
|
One more step to fully working UNION exploitation after merge into detection phase
|
2011-01-12 01:13:32 +00:00 |
|
Bernardo Damele
|
5c7c3c76c3
|
Fixed previous bug in getErrorParsedDBMSes() call in detection phase.
Added minor support to escape quotes in UNION payloads during detection phase.
|
2011-01-11 23:47:32 +00:00 |
|
Bernardo Damele
|
06230e4d92
|
Minor code refactoring and cosmetics
|
2011-01-11 21:46:21 +00:00 |
|
Miroslav Stampar
|
394b6bc029
|
reverting some changes
|
2011-01-11 12:11:33 +00:00 |
|
Miroslav Stampar
|
690281dce1
|
didn't know this to be honest
|
2011-01-11 10:17:22 +00:00 |
|
Miroslav Stampar
|
77b51dae57
|
adding openFile method with an exception block around file opening part
|
2011-01-08 09:30:10 +00:00 |
|
Miroslav Stampar
|
c17714c423
|
suppress session in case of brute methods
|
2011-01-07 16:47:46 +00:00 |
|
Miroslav Stampar
|
b313a20a3f
|
some fixes
|
2011-01-07 16:39:47 +00:00 |
|
Miroslav Stampar
|
a8d660db54
|
fixes for bugs reported by pragmatk@gmail.com
|
2011-01-06 16:59:58 +00:00 |
|
Miroslav Stampar
|
0eabca9fd4
|
update for a previous update (putting conf.dataEncoding in getUnicode wherever we know that data won't be 'touched' or 'used' in anyway related to the current web page - if not sure, just leave it as it is)
|
2011-01-03 22:31:29 +00:00 |
|
Miroslav Stampar
|
08ccbf2c1e
|
important fix for a bug reported by x <deep_freeze@mail.ru> (along with normal fixes, getUnicode now uses kb.pageEncoding)
|
2011-01-03 22:02:58 +00:00 |
|
Miroslav Stampar
|
da138c46c1
|
added support for displaying HTTP error codes (particularly interesting ones are 403 and 406 which screw up data retrieval and DBMS fingerprinting badly)
|
2011-01-02 07:37:47 +00:00 |
|
Miroslav Stampar
|
212035e64d
|
user can now choose if he wants to skip non-heuristic based DBMS tests
|
2011-01-01 23:38:11 +00:00 |
|
Miroslav Stampar
|
9fb0e0fc85
|
resume of brute forced data is now available
|
2010-12-27 14:17:20 +00:00 |
|
Miroslav Stampar
|
51a492e17d
|
pretty important commit (now dumped tables are prone to dictionary attack)
|
2010-12-27 10:56:28 +00:00 |
|
Miroslav Stampar
|
269d6bde24
|
this one is pretty complicated (authentication handler tries to call keep alive module, while keep alive module tries to call authentication handler, leading to an infinite recursion)
|
2010-12-27 00:14:29 +00:00 |
|
Miroslav Stampar
|
562a6440d1
|
fix for a bug reported by nightman (same as http://bugs.python.org/issue8797)
|
2010-12-26 09:33:04 +00:00 |
|
Miroslav Stampar
|
2c23a59ba5
|
fix for one of those more complex bugs (comparison was returning None while original page and/or page template were already had already DBMS error inside)
|
2010-12-24 12:13:48 +00:00 |
|
Miroslav Stampar
|
aab14fa2d3
|
minor refactoring/cosmetics
|
2010-12-24 11:06:57 +00:00 |
|
Miroslav Stampar
|
d9f08e4aa3
|
randomization of user agents
|
2010-12-24 10:04:27 +00:00 |
|
Miroslav Stampar
|
017ea9e686
|
update
|
2010-12-23 14:06:22 +00:00 |
|
Miroslav Stampar
|
73f33c1999
|
bug fix of re-introduced bug (in multiple target mode sites with similar URI weren't skipped)
|
2010-12-23 11:28:13 +00:00 |
|
Miroslav Stampar
|
d974a966b8
|
minor fix for end phase (Ctrl+C)
|
2010-12-21 23:55:55 +00:00 |
|
Miroslav Stampar
|
fb75d0636b
|
minor update
|
2010-12-21 23:42:59 +00:00 |
|
Miroslav Stampar
|
385e208f38
|
code refactoring regarding standard output suppression and some threading issues
|
2010-12-21 14:21:24 +00:00 |
|
Miroslav Stampar
|
8fd3e7ba1f
|
thread based data added
|
2010-12-20 22:45:01 +00:00 |
|
Miroslav Stampar
|
5852bad963
|
some refactoring
|
2010-12-20 18:56:06 +00:00 |
|
Miroslav Stampar
|
19d8733e9a
|
this is strictly for educational purposes
|
2010-12-20 17:30:47 +00:00 |
|
Miroslav Stampar
|
13d5b2c0ff
|
code refactoring
|
2010-12-20 09:44:21 +00:00 |
|
Miroslav Stampar
|
36862e2efa
|
update
|
2010-12-18 15:57:47 +00:00 |
|
Miroslav Stampar
|
e355f92f22
|
bug fix
|
2010-12-18 10:02:01 +00:00 |
|
Miroslav Stampar
|
fe67d3827c
|
code refactoring and some fixes
|
2010-12-18 09:51:34 +00:00 |
|
Miroslav Stampar
|
a19cb2c13a
|
code refactoring (added UNKNOWN_DBMS_VERSION instead of "Unknown")
|
2010-12-17 21:29:09 +00:00 |
|
Miroslav Stampar
|
de54219571
|
code refactoring
|
2010-12-15 12:50:56 +00:00 |
|
Miroslav Stampar
|
c1c525aaea
|
quick fix of a fix
|
2010-12-15 12:10:33 +00:00 |
|
Miroslav Stampar
|
7cfeb5447b
|
minor update
|
2010-12-15 11:46:28 +00:00 |
|
Miroslav Stampar
|
4dec24d056
|
quick fix for a bug reported by Andreas Constantinides (KeyError: 5)
|
2010-12-15 11:30:29 +00:00 |
|
Miroslav Stampar
|
c3d0295d21
|
minor update (checking for --time-sec value)
|
2010-12-14 12:37:21 +00:00 |
|
Miroslav Stampar
|
b75d7fa348
|
minor cache based optimization
|
2010-12-14 12:22:17 +00:00 |
|
Bernardo Damele
|
4b79227b5a
|
Minor bug fix to properly merge options from .conf file (-c) with command line switches
|
2010-12-13 21:36:23 +00:00 |
|
Bernardo Damele
|
5fb04515d3
|
Added hidden (for the moment) switch --technique
|
2010-12-09 13:47:17 +00:00 |
|
Miroslav Stampar
|
293ce18fed
|
two major bug fixes regarding time calculation (previously comparison was also a part of "delta", which screwed results in cases with large pages; other was a standard distribution based one)
|
2010-12-07 23:32:33 +00:00 |
|
Miroslav Stampar
|
dc651d59ec
|
little mathematics here and there (used "Rules for normally distributed data")
|
2010-12-07 19:19:12 +00:00 |
|
Miroslav Stampar
|
ecd4a5a532
|
added standard deviation check in time based tests
|
2010-12-07 16:39:31 +00:00 |
|
Miroslav Stampar
|
294119d2ec
|
more advanced time technique(s)
|
2010-12-07 16:04:53 +00:00 |
|
Miroslav Stampar
|
add6235b16
|
removed pageTemplate from injection(s), it's not longer stored in session, and it's reloaded when resuming from session
|
2010-12-07 14:06:54 +00:00 |
|
Miroslav Stampar
|
0dc630203f
|
code refactoring
|
2010-12-07 13:34:06 +00:00 |
|
Bernardo Damele
|
8e78057ac8
|
Added counter of total HTTP(s) requests done during detection phase
|
2010-12-07 12:33:47 +00:00 |
|
Miroslav Stampar
|
d77ddbee47
|
OR based inference works for the first time in history and fingerprint of 4 major DBMSes is now injection based (instead of AND)
|
2010-12-06 18:20:57 +00:00 |
|
Bernardo Damele
|
17449754fe
|
Got rid of UNION false cond
|
2010-12-05 16:16:15 +00:00 |
|
Miroslav Stampar
|
9e5f933ace
|
some updates
|
2010-12-04 15:47:02 +00:00 |
|
Miroslav Stampar
|
1f795622b3
|
some fine tuning of dynamicity removing engine
|
2010-12-04 13:39:35 +00:00 |
|
Miroslav Stampar
|
04714374f9
|
now you can use kb.pageTemplate to set a page which will be used as a template in comparison process (at least in '-[RANDNUM] OR' cases we'll need to use different template(s))
|
2010-12-04 10:05:18 +00:00 |
|
Bernardo Damele
|
5d37df6104
|
Ugly code to set the cookies when got them from a 302 redirect too
|
2010-12-03 17:41:10 +00:00 |
|
Miroslav Stampar
|
612ee08a0b
|
added response time kb attribute
|
2010-12-03 13:19:34 +00:00 |
|
Bernardo Damele
|
22de82634a
|
Important update to parse correctly the <where> tag during exploitation phase.
Minor code cleanup.
|
2010-12-03 10:44:16 +00:00 |
|
Bernardo Damele
|
09b265a1ea
|
Got rid of conf.logic for the moment, haven't decided yet what to do with parenthesis check
|
2010-12-01 23:32:02 +00:00 |
|
Bernardo Damele
|
8b9706656e
|
Got rid of unreliable 'ORDER BY' technique to detect UNION query SQL injection, consequently switch --union-tech has gone now.
Minor code refactoring too.
|
2010-11-29 17:18:38 +00:00 |
|
Miroslav Stampar
|
e735f2960a
|
minor update
|
2010-11-29 15:25:45 +00:00 |
|
Bernardo Damele
|
2efb3b78ea
|
Consider also --dbms value during the detection phase
|
2010-11-29 14:48:07 +00:00 |
|
Bernardo Damele
|
76ce9cc888
|
Minor bug fix for --forms
|
2010-11-29 12:46:18 +00:00 |
|
Bernardo Damele
|
9d7087e2ff
|
Proper saving and resuming when more than a parameter are injectable.
Minor bug fix to --stacked-test
Minor code refactoring.
|
2010-11-29 01:04:42 +00:00 |
|