Commit Graph

4559 Commits

Author SHA1 Message Date
Miroslav Stampar
4d23744430 Bug fix (there was a problem using --tamper=varnish with --identify-waf because of same named modules) 2014-09-30 09:58:02 +02:00
Miroslav Stampar
ff42720c62 Minor fix 2014-09-29 14:07:59 +02:00
Miroslav Stampar
1e636fb925 Minor patch regarding Issue #840 2014-09-28 13:38:09 +02:00
Miroslav Stampar
767c278a0f Fix for an Issue #838 2014-09-26 17:00:50 +02:00
Miroslav Stampar
00fc842c6f Update agent.py 2014-09-20 10:20:57 +02:00
Miroslav Stampar
69701ba08c Minor refactoring 2014-09-17 18:29:01 +02:00
Miroslav Stampar
09064a4a24 Minor just in case patch 2014-09-17 18:25:24 +02:00
Miroslav Stampar
bbc6dd9ac8 Minor fix 2014-09-17 10:28:18 +02:00
Miroslav Stampar
6888d2fc34 Minor cosmetic update 2014-09-16 16:32:54 +02:00
Miroslav Stampar
0e8090381c Minor cosmetic update 2014-09-16 16:21:29 +02:00
Miroslav Stampar
c5294f2cbb Minor patch for an Issue #832 2014-09-16 16:18:13 +02:00
Miroslav Stampar
5b0732e9f9 Minor update for Issue #832 2014-09-16 15:17:50 +02:00
Miroslav Stampar
7278af01ee Implementation for an Issue #832 2014-09-16 14:12:43 +02:00
Miroslav Stampar
57eb19377e Minor code refactoring 2014-09-16 09:07:31 +02:00
Miroslav Stampar
45f5548113 Minor update regarding shell history file 2014-09-16 08:58:25 +02:00
Miroslav Stampar
637d3cbaf7 Fix for cases when parameter name is urlencoded 2014-09-12 13:29:30 +02:00
Miroslav Stampar
bfc8ab0e35 Language update 2014-09-08 14:48:31 +02:00
Miroslav Stampar
53d0d5bf8b Minor update (adding a warning message about potential dropping of requests because of protection mechanisms involved) 2014-09-08 14:33:13 +02:00
Miroslav Stampar
055b759145 Minor update 2014-09-03 23:13:57 +02:00
Miroslav Stampar
bbf0be1f8d Bug fix (Issue #813) 2014-09-03 22:09:12 +02:00
Miroslav Stampar
112a0cb1ae Patch for output directory (using unicode for international support) 2014-09-03 21:49:30 +02:00
Miroslav Stampar
7e40890f32 Patch for an Issue #815 2014-09-01 16:16:12 +02:00
Miroslav Stampar
25c6fca20e Minor fix 2014-09-01 15:48:00 +02:00
Miroslav Stampar
d5d01e91ad Warning message 2014-08-30 22:15:14 +02:00
Miroslav Stampar
20ff402103 Minor patch 2014-08-30 22:04:55 +02:00
Miroslav Stampar
dc2ee8bfa0 Minor update 2014-08-30 21:53:09 +02:00
Miroslav Stampar
177fc0376d Minor fix for HSQLDB 2014-08-30 21:37:38 +02:00
Miroslav Stampar
1a9a331422 Bug fix (proper extending of tests when dbms is known) 2014-08-30 21:34:23 +02:00
Miroslav Stampar
e501b2a80b Minor patch 2014-08-30 20:58:59 +02:00
Miroslav Stampar
03c8e7b7a2 Patch for an Issue #810 2014-08-30 17:13:02 +02:00
Miroslav Stampar
77cb35dcf6 Fix for an Issue #804 2014-08-28 14:26:55 +02:00
Miroslav Stampar
9476359255 Bug fix 2014-08-28 12:50:39 +02:00
Miroslav Stampar
834f8e18c8 Minor patch for an Issue #802 2014-08-28 00:45:57 +02:00
Miroslav Stampar
b77d8d617b Minor patch for an Issue #800 2014-08-28 00:31:49 +02:00
Miroslav Stampar
7595f2b73e Minor fix 2014-08-28 00:13:27 +02:00
Miroslav Stampar
fce671c899 Patch for an Issue #801 2014-08-28 00:00:16 +02:00
Miroslav Stampar
fd36250026 Proper fix for an Issue #757 2014-08-26 23:36:04 +02:00
Miroslav Stampar
2a268199d4 Patch for an Issue #798 2014-08-26 23:11:44 +02:00
Miroslav Stampar
e68326c0fe expandAsteriskForColumns changes value of conf.db and conf.tbl potentially causing problems in further work 2014-08-26 22:57:08 +02:00
Miroslav Stampar
decd092b2a Minor patch 2014-08-26 22:40:50 +02:00
Miroslav Stampar
2be0ebd883 Minor fix (e.g. Oracle identifier names can contain character $) 2014-08-26 22:40:15 +02:00
Miroslav Stampar
dcaad75a1e Fix for an Issue #794 2014-08-22 15:08:05 +02:00
Miroslav Stampar
d74b803306 Minor patch 2014-08-22 14:45:23 +02:00
Miroslav Stampar
e0a8b89069 Minor patch when trailing space is used with comma to split option items (e.g. '-C id, name') 2014-08-22 14:19:53 +02:00
Miroslav Stampar
e3a0f25db0 Patch for an Issue #795 2014-08-22 14:11:23 +02:00
Miroslav Stampar
2ce3ccac46 Patch for an Issue #797 (switching to greedy because of performance; it shouldn't be a problem because it was a single line replacement in the first place) 2014-08-22 13:06:53 +02:00
Miroslav Stampar
77513e1de9 Minor style update 2014-08-21 01:19:10 +02:00
Miroslav Stampar
c5b71cff10 Some filtering 2014-08-21 01:12:44 +02:00
Miroslav Stampar
3cfdb5ff0f Removing / from auto directories (it doesn't make sense to auto-test for uploading to /) 2014-08-21 00:43:37 +02:00
Miroslav Stampar
acb3b1d1fe Bug fix for common table/column existence check 2014-08-21 00:12:19 +02:00
Miroslav Stampar
074b57804e Minor style update 2014-08-21 00:03:46 +02:00
Miroslav Stampar
58d93ffb2b Fix for falling back to partial union (excluding scalar queries) 2014-08-20 23:53:15 +02:00
Miroslav Stampar
90882f081d Language update 2014-08-20 23:47:57 +02:00
Miroslav Stampar
0296081692 Minor refactoring 2014-08-20 23:42:40 +02:00
Miroslav Stampar
f51ea20bbd Minor style update 2014-08-20 22:50:00 +02:00
Miroslav Stampar
5d10bae31f Removing trailing blank lines 2014-08-20 21:07:19 +02:00
Miroslav Stampar
e0216771ed Minor update 2014-08-20 15:23:07 +02:00
Miroslav Stampar
c97782cfed Minor update of banner 2014-08-20 15:10:21 +02:00
Miroslav Stampar
07f881e711 Minor fix 2014-08-20 14:02:04 +02:00
Miroslav Stampar
b4fbb9cafe Minor upgrade 2014-08-20 13:52:48 +02:00
Miroslav Stampar
7828f61642 Minor style update 2014-08-20 13:35:41 +02:00
Miroslav Stampar
dfa426fbb5 Minor style update 2014-08-20 13:32:32 +02:00
Miroslav Stampar
6795b51c7e Another minor update 2014-08-20 01:59:30 +02:00
Miroslav Stampar
d08c1b7c04 Minor update 2014-08-20 01:45:42 +02:00
Miroslav Stampar
6caccc3d93 Bug fix for ultra-slow processing of binary data 2014-08-20 01:38:01 +02:00
Miroslav Stampar
ebc964267f Better reporting on filtered-chars cases 2014-08-20 01:11:26 +02:00
Miroslav Stampar
c12e51173a Minor style update 2014-08-20 00:28:33 +02:00
Miroslav Stampar
5a05271097 Minor fix 2014-08-19 22:34:07 +02:00
Miroslav Stampar
b0465a6a76 Adding a revision scheme for nongit checkouts 2014-08-19 22:32:16 +02:00
Miroslav Stampar
cd92de1702 Adding colorful banner 2014-08-19 22:19:22 +02:00
Miroslav Stampar
7d578d395f Minor update for Apache on Windows 2014-08-16 16:01:18 +02:00
Miroslav Stampar
a8b4b96cd9 Extending list for brute forcing doc root 2014-08-16 15:16:03 +02:00
Miroslav Stampar
0fb576724e Implementation for cases when there are multiple copies/variations of the same result(s) in response for partial UNION SQLi 2014-08-13 22:50:42 +02:00
Miroslav Stampar
0809a61fc3 Bug fix (whole page output as a result of partial union runs) 2014-08-13 15:18:11 +02:00
Miroslav Stampar
0a74ae736f Probable fix for an Issue #788 2014-08-13 14:01:57 +02:00
Miroslav Stampar
658110e644 Minor fix 2014-08-11 12:46:37 +02:00
hydhyd
e7ffe92d8c Update settings.py
Modified BRUTE_DOC_PREFIXES to include "/srv/www" used by default in OpenSUSE.
2014-08-06 12:59:18 +04:00
Miroslav Stampar
8599005115 Implementation for an Issue #771 2014-08-01 14:19:32 +02:00
Miroslav Stampar
208d51e0e9 Revert of last trigger happy commit 2014-08-01 13:57:43 +02:00
Miroslav Stampar
d300f99b0b Removing a redundant code (similar check is being done upper in code) 2014-08-01 13:57:07 +02:00
Miroslav Stampar
8bc6154f06 Removing a redundant code (similar check is being done upper in code) 2014-08-01 13:53:22 +02:00
Miroslav Stampar
b31e141012 Fix for an Issue #772 2014-07-29 14:37:48 +02:00
Miroslav Stampar
20d75cc52e Patch for an Issue #767 2014-07-29 13:32:26 +02:00
Miroslav Stampar
9fff88d6e4 Minor update 2014-07-19 23:23:55 +02:00
Miroslav Stampar
3cfa63646b Minor bug fix 2014-07-19 23:17:23 +02:00
Miroslav Stampar
0eb5fb1e5a Update for an Issue #757 2014-07-19 23:02:14 +02:00
Miroslav Stampar
cd1c100cc0 Another patch for an Issue #757 2014-07-14 21:10:45 +02:00
Miroslav Stampar
e66a81ab4e Fix for an Issue #757 2014-07-11 16:24:57 +02:00
Miroslav Stampar
32af0b17b0 Update for an Issue #760 2014-07-10 08:49:20 +02:00
Miroslav Stampar
33b6d189cd Bug fix for some cases (in cases of working where=ORIGINAL, workflow switched to where=NEGATIVE because of false assumptions that it would be better than ORIGINAL; this kind of behaviour caused reported problems) 2014-07-07 22:22:56 +02:00
Miroslav Stampar
79a66ef22c Minor patch 2014-07-06 09:09:44 +02:00
Miroslav Stampar
b5838ae7a4 Adding missing module (Issue #674 and Issue #747) 2014-07-03 00:29:20 +02:00
Miroslav Stampar
9d571c7800 Minor language update 2014-07-02 22:31:18 +02:00
Miroslav Stampar
e6d0d5a1c7 Implementation for an Issue #674 2014-07-02 22:27:51 +02:00
Miroslav Stampar
1eecabaea8 Patch for an Issue #746 2014-07-02 10:11:31 +02:00
Bernardo Damele
4e909a2a05 code cleanup 2014-07-01 00:58:49 +01:00
Bernardo Damele
018748f52e increase the timeout for the Metasploit session initialization to 5 minutes, better on slow speed connections 2014-07-01 00:34:09 +01:00
Conny Brunnkvist
f0e23c9441 Use the selected random User-Agent 2014-07-01 00:27:14 +07:00
Miroslav Stampar
c2f14e57e7 Patch for an Issue #740 2014-06-29 00:27:23 +02:00
Miroslav Stampar
686fe4d0e9 Another patch for DNS exfiltration and boolean checks 2014-06-27 14:22:00 +02:00
Miroslav Stampar
8e660e6911 Minor fix 2014-06-27 14:14:29 +02:00
Miroslav Stampar
2f8d17bcb7 Appendix to last commit 2014-06-27 13:45:40 +02:00
Miroslav Stampar
75279ea75a Fix for DNS exfiltration of boolean checks 2014-06-27 13:07:34 +02:00
Miroslav Stampar
5b5a765f96 Patch for an Issue #734 2014-06-23 12:24:08 +02:00
Miroslav Stampar
a47072eced Patch for an Issue #732 2014-06-22 00:09:08 +02:00
Miroslav Stampar
2a88436417 Patch for an Issue #724 2014-06-16 09:51:24 +02:00
Miroslav Stampar
f558b800ac Patch for an Issue #719 2014-06-12 09:08:55 +02:00
Miroslav Stampar
c50560c3a6 Patch for an Issue #716 2014-06-10 21:57:54 +02:00
Miroslav Stampar
5e9334ab79 Implementation for an Issue #715 2014-06-08 23:55:15 +02:00
Miroslav Stampar
54be398e83 Patch for an Issue #711 2014-06-04 16:35:07 +02:00
Miroslav Stampar
27ebc02535 Minor fix (user reported problem via email) 2014-05-29 09:33:14 +02:00
Miroslav Stampar
0f10cdfa4c Minor update 2014-05-29 09:24:09 +02:00
Miroslav Stampar
9e02816cbd Raising number of used md5 digits in hashdb key value because of birthday paradox (Python can handle it - automatically expanding to long if required; SQLite can handle it - it will use 6 bytes per INTEGERs instead of 4) 2014-05-29 09:21:48 +02:00
Miroslav Stampar
680ab10ca6 Patch for an Issue #703 2014-05-27 21:41:07 +02:00
Miroslav Stampar
2d5461d250 Minor fix (related to the unknown encoding reported by ML) 2014-05-22 09:03:14 +02:00
Miroslav Stampar
24954776a5 Patch for an Issue #697 2014-05-20 22:00:26 +02:00
Miroslav Stampar
babe49f086 Minor update (added new warning message) 2014-05-20 17:14:40 +02:00
Miroslav Stampar
c181e909b5 Minor fix 2014-05-16 23:47:00 +02:00
Miroslav Stampar
0f581ccb6c Minor fix 2014-05-13 15:36:28 +02:00
Miroslav Stampar
4e8b41b869 Patch for an Issue #688 2014-05-13 00:50:36 +02:00
Miroslav Stampar
3a2916724c Minor style update 2014-05-11 17:12:15 +02:00
Miroslav Stampar
a72d73804e Revert of 9255174890 (bug was introduced with it) 2014-05-10 01:31:44 +02:00
Miroslav Stampar
93bf8e2a13 Bug fix 2014-05-10 01:11:19 +02:00
Miroslav Stampar
8f0807d7f9 Another fix related to the last commit 2014-05-09 22:55:16 +02:00
Miroslav Stampar
5eae002084 Minor fix 2014-05-09 22:45:43 +02:00
Miroslav Stampar
9255174890 Minor fix 2014-05-09 22:39:56 +02:00
Miroslav Stampar
bc4369be06 Fix for an Issue #687 2014-05-07 09:16:17 +02:00
Miroslav Stampar
2a55f75f86 Using a more generic XML recognition regex 2014-04-30 21:25:45 +02:00
Miroslav Stampar
2e96e3c924 Adding a hidden switch --ignore-401 2014-04-29 23:26:45 +02:00
Miroslav Stampar
eb8e31c23f Adding a failsafe output directory 2014-04-27 22:40:41 +02:00
Miroslav Stampar
b54651b5a2 Minor patch (while saving configuration file) 2014-04-25 09:32:57 +02:00
Miroslav Stampar
ae8b1fe89c Implementation for an Issue #678 2014-04-25 09:17:10 +02:00
Miroslav Stampar
e0fb21c26a Patch for an Issue #673 2014-04-21 21:57:30 +02:00
Miroslav Stampar
f29769b7d0 Minor patch 2014-04-16 09:06:17 +02:00
Miroslav Stampar
ef5ce7e66c Fix for an Issue #670 2014-04-12 17:22:47 +02:00
Miroslav Stampar
fd884ec67b Adding another comment 2014-04-12 17:22:47 +02:00
Miroslav Stampar
b5cca742e4 Adding a comment 2014-04-12 17:22:47 +02:00
Miroslav Stampar
7f371c499d Commit related to the last one 2014-04-10 21:29:59 +02:00
Miroslav Stampar
096ce7881e Minor beauty patch 2014-04-10 21:18:24 +02:00
Miroslav Stampar
0d1690de61 Minor fix 2014-04-10 21:18:24 +02:00
Miroslav Stampar
1e8349eeaa Minor fix 2014-04-10 21:18:24 +02:00
Miroslav Stampar
2d3a74a0fe Patch for an Issue #667 2014-04-07 21:01:40 +02:00
Miroslav Stampar
cb0044b2c4 Minor beauty patch 2014-04-07 20:28:17 +02:00
Miroslav Stampar
fdad787681 Graceful abort in case of an invalid option in configuration file 2014-04-07 20:22:51 +02:00
Miroslav Stampar
e3ccf45503 Graceful abort in case of an invalid configuration file 2014-04-07 20:17:47 +02:00
Miroslav Stampar
bcf754fb17 Consistency patch (to be the same as in help listing) 2014-04-07 20:10:21 +02:00
Miroslav Stampar
b74de19213 Trivial style update 2014-04-07 20:06:03 +02:00
Miroslav Stampar
75f447ccf8 Renaming lib/core/purge to lib/utils/purge 2014-04-07 20:04:07 +02:00
Miroslav Stampar
9c7fbd1a90 Minor refactoring 2014-04-06 18:19:54 +02:00
Miroslav Stampar
4f4c50c4d5 Minor language update 2014-04-06 18:12:59 +02:00
Miroslav Stampar
bf18b025d6 Minor removal of redundant code 2014-04-06 18:09:54 +02:00
Miroslav Stampar
e931344617 More elegant implementation for --random-agent 2014-04-06 18:05:43 +02:00
Miroslav Stampar
9456dc68e7 Minor patch 2014-04-06 17:24:27 +02:00
Miroslav Stampar
1c92d8d51f More generic implementation for --proxy-file (accepting public lists format) 2014-04-06 17:23:13 +02:00
Miroslav Stampar
bbf08a825e Minor language fix 2014-04-06 17:12:43 +02:00
Miroslav Stampar
cf250a0381 Minor patch (it would go boom if special character was inside the --param-del) 2014-04-06 17:02:32 +02:00
Miroslav Stampar
053b0fd0e9 Renaming conf.oDir to conf.outputDir 2014-04-06 16:54:46 +02:00
Miroslav Stampar
7cc4159316 Renaming conf.cDel to conf.cookieDel 2014-04-06 16:50:58 +02:00
Miroslav Stampar
0ae8ac707e Renaming conf.pDel to conf.paramDel 2014-04-06 16:48:46 +02:00
Miroslav Stampar
95e7ca02f0 Minor bug fix (-d was not recognized as one of mandatory in case of config file) 2014-04-06 16:45:25 +02:00
Miroslav Stampar
1b3a98b8ef Trivial update (for consistency sake) 2014-04-06 13:42:15 +02:00
Miroslav Stampar
492a410bcc Minor fix 2014-04-04 16:14:53 +02:00
Miroslav Stampar
15f92c4197 Bug fix (port was not being used properly with Burp exported history) 2014-04-03 09:46:37 +02:00
Miroslav Stampar
1632bec10b Another fix related to the last commit 2014-04-03 09:05:12 +02:00
Miroslav Stampar
e7e8a3965a Minor fix 2014-04-03 09:00:14 +02:00
Miroslav Stampar
80d4426dbd Patch related to the Issue #661 2014-04-02 22:34:37 +02:00
Miroslav Stampar
d8bacc904e Minor language update 2014-04-01 16:38:50 +02:00
Miroslav Stampar
3e024ac8e6 Minor update (consistency patch) 2014-03-30 16:51:31 +02:00
Miroslav Stampar
76b9fad24a Fix for an Issue #656 2014-03-30 16:21:18 +02:00
Miroslav Stampar
b2cc8f00ef Bug fix (ORACLE_OLD on Windows - resulted in multiple entry per line output due to no locking used) 2014-03-28 00:41:22 +01:00
Miroslav Stampar
e8c1c90f2e Whitespace was being double encoded in case of spaceplus (' '->%2B) 2014-03-25 22:02:14 +01:00
Miroslav Stampar
3710a7051b Fix for an Issue #653 2014-03-25 21:26:22 +01:00
Miroslav Stampar
930c3e3c5a Minor update (added check for --limit and --risk) 2014-03-25 09:28:12 +01:00
Miroslav Stampar
f6e1d9e026 Fix for an Issue #650 2014-03-24 10:46:23 +01:00
Miroslav Stampar
106102bd3c Fix for an Issue #648 2014-03-21 20:28:29 +01:00
Bernardo Damele
9f838c3d5b typo fix 2014-03-21 11:37:34 +00:00
Bernardo Damele
8091a88d3e minor code cleanup and bug fix 2014-03-21 11:35:30 +00:00
Bernardo Damele
c211255773 replaced outfile with dumpfile so works even if the original statement outputs blob 2014-03-21 11:01:57 +00:00
Miroslav Stampar
39ab3b9149 Minor fix for meta refresh 2014-03-20 13:13:47 +01:00
Miroslav Stampar
d7f0da5599 Minor patch for an Issue #646 2014-03-20 13:08:28 +01:00
Miroslav Stampar
97fe5e52c2 Fix for an Issue #644 2014-03-18 16:41:05 +01:00
Miroslav Stampar
97f603af4a Fix for an Issue #641 2014-03-17 20:20:25 +01:00
Miroslav Stampar
0622cdf3d8 Bug fix (credentials used in combination with request file) 2014-03-15 09:29:21 +01:00
Miroslav Stampar
3b47418a1d Fix for an Issue #640 2014-03-14 22:20:20 +01:00
Miroslav Stampar
56d76e6bfd Updating list of extensions to exclude from crawling 2014-03-14 21:34:16 +01:00
Miroslav Stampar
be3fd8bb29 Fix for an Issue #638 2014-03-14 16:44:56 +01:00
Miroslav Stampar
17742df0fa Update for an Issue #636 (to prevent eventual future reports with lack of stack trace) 2014-03-11 21:18:31 +01:00
Miroslav Stampar
2f8846caec Fix for an Issue #636 2014-03-11 21:11:51 +01:00
Miroslav Stampar
d1a6a775f1 Patch for an Issue #636 2014-03-11 21:00:15 +01:00
Miroslav Stampar
f1f53a5841 Minor cosmetic update 2014-03-06 21:08:31 +01:00
Miroslav Stampar
490d51258e Raising number of minimum time responses (15 is statistically too low) 2014-03-03 20:49:58 +01:00
Miroslav Stampar
291a0d772a Update for an Issue #615 2014-02-27 14:23:14 +01:00
Miroslav Stampar
2ffdee5733 Bug fix for PAYLOAD.WHERE.REPLACE payloads containing custom injection marker ([ORIGVALUE] was screwed) 2014-02-26 11:41:48 +01:00
Miroslav Stampar
cc62a8adc9 Bug fix for JSON-like data (proper escaping of quotes) 2014-02-26 09:30:37 +01:00
Miroslav Stampar
6369a38ebc Adding support for JSON-like data with single quote 2014-02-26 08:56:17 +01:00
Miroslav Stampar
465f968be6 Minor cosmetic update 2014-02-26 08:41:23 +01:00
Miroslav Stampar
edc8ef9d5b Patch for an Issue #611 (original page used in case of tamper functions was wrong - e.g. if --tamper=base64encode was used) 2014-02-25 13:48:34 +01:00
Miroslav Stampar
2a423d61ef Raising number of requests for false positive testing in case of higher levels 2014-02-23 19:40:01 +01:00
Miroslav Stampar
d405fc1157 Minor update (for the consistency sake) 2014-02-16 22:04:12 +01:00
Miroslav Stampar
58eac364a2 Bug fix 2014-02-16 21:57:14 +01:00