Miroslav Stampar
|
8405ef59ac
|
some estetic updates
|
2012-02-01 14:49:42 +00:00 |
|
Miroslav Stampar
|
23117e72ca
|
minor improvement
|
2012-01-13 20:56:06 +00:00 |
|
Miroslav Stampar
|
95f89ab63a
|
updating copyright date
|
2012-01-11 14:59:46 +00:00 |
|
Miroslav Stampar
|
1f085a0241
|
now [SLEEPTIME] is changeable properly in vivo
|
2012-01-05 14:45:05 +00:00 |
|
Miroslav Stampar
|
94d43a4135
|
minor bug fix
|
2011-12-30 14:20:06 +00:00 |
|
Miroslav Stampar
|
f622995a29
|
compatibility with partial union and error technique resumed data
|
2011-12-22 12:20:21 +00:00 |
|
Miroslav Stampar
|
6f8d8a15aa
|
minor update
|
2011-12-22 11:55:02 +00:00 |
|
Miroslav Stampar
|
95cd9e2af3
|
adding support for scanning Host header values (-p host)
|
2011-12-20 12:52:41 +00:00 |
|
Miroslav Stampar
|
c57941c102
|
minor beautification
|
2011-12-15 23:33:44 +00:00 |
|
Miroslav Stampar
|
27d244b326
|
minor update
|
2011-12-15 23:29:11 +00:00 |
|
Miroslav Stampar
|
0f5d48ff20
|
minor update
|
2011-12-05 09:25:56 +00:00 |
|
Miroslav Stampar
|
2842c13d75
|
minor update
|
2011-11-29 16:59:06 +00:00 |
|
Miroslav Stampar
|
2ed3efba12
|
speed optimization and bug fix (kb.absFilePaths were not stored previously; also, they are now extracted only in heuristic phase)
|
2011-11-22 08:39:13 +00:00 |
|
Miroslav Stampar
|
49fddaf668
|
minor update (for cases with 404 original page - e.g. time based injections in some cases)
|
2011-11-20 23:11:18 +00:00 |
|
Miroslav Stampar
|
8c32b3653b
|
minor update of false positive check (in considerable amount of cases minus char is filtered/used for other means)
|
2011-11-20 20:27:30 +00:00 |
|
Miroslav Stampar
|
20ae1c2187
|
added switch --logic-negative
|
2011-10-24 00:40:06 +00:00 |
|
Miroslav Stampar
|
4989e8e6d3
|
minor update
|
2011-10-10 17:29:54 +00:00 |
|
Miroslav Stampar
|
b888a84764
|
minor update
|
2011-09-27 14:31:58 +00:00 |
|
Miroslav Stampar
|
88f1110c44
|
adding a new (for now) hidden switch --test-filter for filtering tests by their name
|
2011-09-27 14:09:25 +00:00 |
|
Miroslav Stampar
|
7e80274fac
|
refactoring
|
2011-09-25 21:10:45 +00:00 |
|
Miroslav Stampar
|
f46baac70b
|
bug fix (when comment is None this was errornous)
|
2011-08-17 10:58:29 +00:00 |
|
Bernardo Damele
|
702ed73a65
|
Added --code switch to match in boolean-based tests against the HTTP response code
|
2011-08-12 16:48:11 +00:00 |
|
Bernardo Damele
|
fff4c34e33
|
Search for --string and --regexp matches also in HTTP response headers
|
2011-08-12 15:33:37 +00:00 |
|
Miroslav Stampar
|
2ad267132a
|
minor update for empty normal responses (like AJAX requests)
|
2011-08-05 10:55:21 +00:00 |
|
Miroslav Stampar
|
07afcd5440
|
fix for a bug reported by Ahmed Shawky (when user uses --suffix intermixing test default comments with the provided suffix is a big no no)
|
2011-08-02 18:20:21 +00:00 |
|
Bernardo Damele
|
6cbb927012
|
Partial fix for -o not resumed at following runs if missing from command line
|
2011-07-25 11:05:49 +00:00 |
|
Miroslav Stampar
|
c517e97a44
|
few fixes and minor cosmetics
|
2011-07-08 06:02:31 +00:00 |
|
Bernardo Damele
|
aedcf8c8d7
|
Changed homepage address
|
2011-07-07 20:10:03 +00:00 |
|
Bernardo Damele
|
0d28c1e9e7
|
cosmetics
|
2011-07-06 20:41:13 +00:00 |
|
Miroslav Stampar
|
93b296e02c
|
few bug fixes (NTLM credential parsing was wrong), some switch reordering (few Misc to General), implemented --check-waf switch (irony is that this will also be called highly experimental/unstable while other things will be called "major/turbo/super bug fix/implementation")
|
2011-07-06 05:44:47 +00:00 |
|
Miroslav Stampar
|
8a8b94883b
|
minor update (that default quit in --batch was bothering me - my original idea and it was bad :)
|
2011-06-27 14:14:49 +00:00 |
|
Miroslav Stampar
|
c4cb367e65
|
looks nicer (though --tor is implicitly converted into --proxy)
|
2011-06-24 19:00:53 +00:00 |
|
Miroslav Stampar
|
2de88bd90b
|
minor update
|
2011-06-24 17:19:24 +00:00 |
|
Bernardo Damele
|
f8c32cf6b9
|
Moved folder
|
2011-06-18 12:34:41 +00:00 |
|
Miroslav Stampar
|
25b923bbc3
|
minor fixes and minor updates
|
2011-06-16 12:12:30 +00:00 |
|
Miroslav Stampar
|
4d51fa8155
|
minor update planned for a long time (in case of heuristic test was positive warn the user properly at the end if program fails)
|
2011-06-15 17:37:28 +00:00 |
|
Miroslav Stampar
|
9331abb96f
|
minor update
|
2011-06-11 08:33:36 +00:00 |
|
Bernardo Damele
|
d217cf71b2
|
Minor bug fix
|
2011-06-08 23:32:44 +00:00 |
|
Miroslav Stampar
|
d8155dfae9
|
change by request
|
2011-06-08 14:44:11 +00:00 |
|
Bernardo Damele
|
0d3e8a76d8
|
Cosmetics and a missing param
|
2011-06-08 14:40:42 +00:00 |
|
Miroslav Stampar
|
4a9640160e
|
more concise
|
2011-06-08 14:35:23 +00:00 |
|
Miroslav Stampar
|
1c633b7351
|
i am tired of pressing hundred times Ctrl+C in testing phase if --batch is specified
|
2011-06-07 22:14:18 +00:00 |
|
Miroslav Stampar
|
97d8c60c3f
|
better language
|
2011-06-03 15:58:19 +00:00 |
|
Miroslav Stampar
|
0a620bf322
|
more info to the user
|
2011-06-03 15:43:50 +00:00 |
|
Miroslav Stampar
|
8aa5625cd0
|
proper fix related to the last commit
|
2011-06-01 23:00:18 +00:00 |
|
Miroslav Stampar
|
fd57aae779
|
bug fix (until this moment we had UNION unfunctional for MSSQL)
|
2011-06-01 22:47:54 +00:00 |
|
Miroslav Stampar
|
45caadbd4a
|
important update - finally found what was causing headache for UNION payloads in noticeable number of cases
|
2011-05-26 21:54:19 +00:00 |
|
Miroslav Stampar
|
97bd5355dd
|
minor update
|
2011-05-26 21:18:55 +00:00 |
|
Miroslav Stampar
|
4f46a5ab63
|
minor usability enhancement regarding warning for --text-only switch
|
2011-05-26 20:48:18 +00:00 |
|
Miroslav Stampar
|
f11d5c91e3
|
minor update so that only one DNS request per scan is being done (before this commit there were two)
|
2011-05-12 14:32:39 +00:00 |
|
Miroslav Stampar
|
120b0d756e
|
unfix
|
2011-05-10 21:33:06 +00:00 |
|
Bernardo Damele
|
3a8309c4b0
|
Major bug fix to detect UNION query technique and various improvements to parsing and using of --union-char and --union-cols switches
|
2011-05-10 15:34:54 +00:00 |
|
Bernardo Damele
|
1151af52bb
|
More fix for save/resume of --technique
|
2011-05-07 21:08:14 +00:00 |
|
Bernardo Damele
|
2d8408c885
|
More fix for --technique resume
|
2011-05-05 16:38:46 +00:00 |
|
Bernardo Damele
|
6cff3e97f4
|
cosmetics
|
2011-05-02 21:48:08 +00:00 |
|
Miroslav Stampar
|
06498796b9
|
minor cosmetics
|
2011-05-02 20:51:53 +00:00 |
|
Bernardo Damele
|
955dbc85e7
|
Minor variable rename
|
2011-04-30 15:29:59 +00:00 |
|
Bernardo Damele
|
f56d135438
|
Minor code restyling
|
2011-04-30 13:20:05 +00:00 |
|
Bernardo Damele
|
441c288dd9
|
cosmeticados
|
2011-04-25 00:36:09 +00:00 |
|
Miroslav Stampar
|
304500a2e8
|
implemented checkFalsePositives method (simple Turing like tests)
|
2011-04-22 12:24:16 +00:00 |
|
Miroslav Stampar
|
df0331fe9b
|
some more refactoring
|
2011-04-19 23:04:10 +00:00 |
|
Miroslav Stampar
|
9b0db33cc5
|
initial page request can result in unwanted lag (e.g. slow DNS response,...), hence it's response time shouldn't be a part of response time statistical model
|
2011-04-19 08:55:38 +00:00 |
|
Miroslav Stampar
|
0387654166
|
update of copyright string (until year)
|
2011-04-15 12:33:18 +00:00 |
|
Bernardo Damele
|
5b21352656
|
cosmeticados ;)
|
2011-04-08 10:39:07 +00:00 |
|
Bernardo Damele
|
c6b9d89d31
|
Accept [RANDNUM] as <char> in payloads.xml and handle it accordingly
|
2011-04-07 11:10:35 +00:00 |
|
Bernardo Damele
|
05d12790f1
|
closes #219 - unhidden switch --technique and adapted code accordingly (renamed conf.technique to conf.tech to fit properly in the -h help message)
|
2011-04-06 14:41:44 +00:00 |
|
Miroslav Stampar
|
0916117447
|
improvement of error-based testing (no more sqlmap aborting on error-based payloads which happens very often on MySQL servers); also, minor improvement on brute forcing of column names
|
2011-03-30 18:32:10 +00:00 |
|
Miroslav Stampar
|
dd01d66f13
|
proper update regarding last commit
|
2011-03-29 22:10:08 +00:00 |
|
Miroslav Stampar
|
b5c9ccb755
|
Oracle XML based error payload has problems with char $ as with space
|
2011-03-21 13:13:12 +00:00 |
|
Miroslav Stampar
|
970cde5a8a
|
minor update regarding last commit
|
2011-03-17 09:23:46 +00:00 |
|
Miroslav Stampar
|
e64f225e65
|
minor refactoring
|
2011-03-11 20:16:34 +00:00 |
|
Miroslav Stampar
|
90582ed7dc
|
minor change
|
2011-02-21 11:35:21 +00:00 |
|
Miroslav Stampar
|
6cdf08b81c
|
minor fix
|
2011-02-17 21:51:40 +00:00 |
|
Miroslav Stampar
|
22cd49a217
|
--technique can now be something like 123 which includes both techniques 1, 2 and 3
|
2011-02-17 21:39:16 +00:00 |
|
Miroslav Stampar
|
7ebc1ab90a
|
minor cosmetics
|
2011-02-17 08:59:14 +00:00 |
|
Miroslav Stampar
|
5fb11fd173
|
update regarding multiple DBMS payloads
|
2011-02-13 21:20:21 +00:00 |
|
Miroslav Stampar
|
521635c84d
|
quick fix for UA and Referer
|
2011-02-11 23:36:23 +00:00 |
|
Miroslav Stampar
|
535eb9f3eb
|
implementation of referer feature
|
2011-02-11 23:07:03 +00:00 |
|
Miroslav Stampar
|
a6ab24e0b5
|
just a minor fix to stop nagging with "Do you want to skip test payloads specific for other DBMSes?" if n is pressed
|
2011-02-10 22:47:43 +00:00 |
|
Bernardo Damele
|
0a81415f2f
|
Minor code cleanup
|
2011-02-08 00:02:54 +00:00 |
|
Miroslav Stampar
|
2c4f6d2e99
|
fix (lol. we were using same comparison payload through the all test. it's a nono :) p.s. this way we are dealing with "reflective" problem too
|
2011-02-07 21:53:05 +00:00 |
|
Miroslav Stampar
|
a577d0e9a5
|
restraining "using unescaped version of the test because of zero knowledge of the back-end DBMS" once per test (before was once per boundary)
|
2011-02-07 21:18:01 +00:00 |
|
Bernardo Damele
|
061f56daf9
|
More adjustments related to unescape() and cleanupPayload().
Minor code cleanup related to error-based payload.
|
2011-02-06 23:27:56 +00:00 |
|
Bernardo Damele
|
0800d9e49b
|
Major bug fix for semi-centralize unescape() and cleanupPayload() into prefixQuery() and suffixQuery()
|
2011-02-06 22:58:12 +00:00 |
|
Miroslav Stampar
|
078a2207cc
|
few reverts
|
2011-02-06 22:10:28 +00:00 |
|
Miroslav Stampar
|
b9b2fe0e7c
|
little cleanup
|
2011-02-06 21:52:39 +00:00 |
|
Miroslav Stampar
|
d2b96a66a2
|
one more update regarding last few "unescape" related commits
|
2011-02-06 20:23:23 +00:00 |
|
Bernardo Damele
|
c44978862e
|
Minor reordering of what gets saved into the injection object
|
2011-02-06 15:20:44 +00:00 |
|
Miroslav Stampar
|
8134c2154a
|
adding WHERE enum for payloads
|
2011-02-02 13:34:09 +00:00 |
|
Bernardo Damele
|
d875d848ce
|
Better sort
|
2011-02-01 22:04:48 +00:00 |
|
Bernardo Damele
|
6761933f75
|
Just.. cosmetics ;)
|
2011-01-31 22:51:14 +00:00 |
|
Miroslav Stampar
|
8ef47307db
|
added checking of header values for GREP (error); still UNION to do
|
2011-01-31 12:21:17 +00:00 |
|
Bernardo Damele
|
8278d821ac
|
Another layout adjustment
|
2011-01-30 16:23:19 +00:00 |
|
Miroslav Stampar
|
367d0639f0
|
refactoring (class names should always be Capital cased)
|
2011-01-28 16:36:09 +00:00 |
|
Miroslav Stampar
|
8e74c571bc
|
centralization of urlencoding should be (only) in connect.py and we are from now on handling non-urlencoded data at other levels
|
2011-01-27 19:44:24 +00:00 |
|
Miroslav Stampar
|
10b723f196
|
minor fix for a bug reported by yonnym@googlemail.com
|
2011-01-25 22:26:28 +00:00 |
|
Bernardo Damele
|
e1db2700f0
|
Minor bug fix to properly deal --prefix and --suffix and parameter replace payloads
|
2011-01-24 12:25:45 +00:00 |
|
Miroslav Stampar
|
7c4c79477d
|
world premiere of "forced-error blind stacked" payloads (spent 3 hours on pgsql)
|
2011-01-21 18:32:10 +00:00 |
|
Bernardo Damele
|
9770db597e
|
Centralization of unescape()
|
2011-01-20 21:55:13 +00:00 |
|
Bernardo Damele
|
bade0e3124
|
Major code refactoring - centralized all kb.dbms* info for both retrieval and set.
|
2011-01-19 23:06:15 +00:00 |
|