Commit Graph

4983 Commits

Author SHA1 Message Date
Miroslav Stampar
aa2112b360 Update for #1414 2015-09-17 16:18:58 +02:00
Miroslav Stampar
7cfa90830d Merge pull request #1414 from daremon/api-client-2
Added commands stop, kill, list to API client
2015-09-17 15:51:12 +02:00
Miroslav Stampar
65a8f0fe32 Minor enhancement 2015-09-17 15:25:40 +02:00
Miroslav Stampar
2cea977e12 Fixes #1415 2015-09-17 14:58:01 +02:00
daremon
c2fb2161d3 Added flush command 2015-09-16 00:15:16 +03:00
daremon
ff7be9d0eb Fixed list command 2015-09-16 00:01:57 +03:00
Miroslav Stampar
c59ead36ce Patch for Python 2.6 (SyntaxError) 2015-09-15 17:23:59 +02:00
Miroslav Stampar
058870635b Update for an #1414 2015-09-15 14:37:30 +02:00
Miroslav Stampar
ee38574449 Fixes #1411 2015-09-15 13:26:25 +02:00
Miroslav Stampar
5de1825d0c Fixes #1412 2015-09-15 10:48:23 +02:00
daremon
1417decdf1 Added commands stop, kill, list to API client 2015-09-14 17:31:02 +03:00
Miroslav Stampar
f89ce2173f Fixes #1404 2015-09-12 15:13:30 +02:00
Miroslav Stampar
c4f9e66a6f Patch related to the #1403 2015-09-10 16:21:31 +02:00
Miroslav Stampar
c05c0ff435 Minor patch with imports 2015-09-10 15:55:49 +02:00
Miroslav Stampar
f494004f44 Switching to the getSafeExString (where it can be used) 2015-09-10 15:51:33 +02:00
Miroslav Stampar
7a261ef447 Just in case commit related to the aee4c93c8b 2015-09-10 15:19:33 +02:00
Miroslav Stampar
b06a34ab1a Another update for #1402 2015-09-10 15:06:07 +02:00
Miroslav Stampar
2453b02b63 Update for #1402 2015-09-10 15:01:30 +02:00
Miroslav Stampar
b3fdbe24c2 Merge pull request #1402 from daremon/api-client
Minimal API client
2015-09-10 12:03:25 +02:00
Miroslav Stampar
263665637e Minor bug fix 2015-09-10 11:34:03 +02:00
daremon
a29a3a4e5c Minimal API client 2015-09-09 16:14:04 +03:00
Miroslav Stampar
90329a8b01 Minor patch 2015-09-09 11:53:44 +02:00
Miroslav Stampar
b6206692e0 Fixes #1392 2015-09-08 11:53:29 +02:00
Miroslav Stampar
c1f829d131 Removing last remnants of bad handling the exceptions as strings 2015-09-08 11:15:31 +02:00
Miroslav Stampar
e59a220199 Fixes #1393 2015-09-08 11:10:47 +02:00
Miroslav Stampar
924e31c414 Fixes #1394 2015-09-08 11:04:36 +02:00
Miroslav Stampar
28a60f5be2 Fixes #1391 2015-09-06 20:22:07 +02:00
Miroslav Stampar
aee4c93c8b Fixes #1384 2015-09-03 10:32:45 +02:00
Miroslav Stampar
51a4cb04a5 Another minor language patch 2015-09-03 10:26:46 +02:00
Miroslav Stampar
7511023bc2 Fixes #1385 2015-09-03 10:11:36 +02:00
Miroslav Stampar
401564898d Adding support for 'empty' POST body (if forced by --method) 2015-08-31 14:43:41 +02:00
Miroslav Stampar
265a78b455 Fixes #1379 2015-08-31 14:27:47 +02:00
Miroslav Stampar
d70215ad6c Fixes #1237 2015-08-31 10:24:05 +02:00
Miroslav Stampar
d2a9c7584f Minor patch 2015-08-31 09:51:35 +02:00
Miroslav Stampar
50d39d0252 Closes #1372 2015-08-30 23:15:50 +02:00
Miroslav Stampar
89292ce1f9 Closes #1376 2015-08-30 22:52:24 +02:00
Miroslav Stampar
6a01d2e430 Fixes #1366 2015-08-30 02:13:07 +02:00
Miroslav Stampar
737a37bfda Fixes #1367 2015-08-30 01:58:43 +02:00
Miroslav Stampar
06c8704179 Fixes #1365 2015-08-28 15:30:28 +02:00
Miroslav Stampar
43f3900ffe Fixes #1362 2015-08-27 12:25:25 +02:00
Miroslav Stampar
1cf012521d Minor refactoring 2015-08-26 16:18:03 +02:00
Miroslav Stampar
a33b0454cd Implementation for an Issue #1360 2015-08-26 15:26:16 +02:00
Miroslav Stampar
2c2f83f67b Minor code consistency patch 2015-08-26 11:30:48 +02:00
Miroslav Stampar
1f5e6606a7 Fixes #1357 2015-08-25 02:03:56 +02:00
Miroslav Stampar
337eb9861a Fixes #1347 2015-08-23 22:11:59 +02:00
Miroslav Stampar
690347a170 Bug fix (non-ASCII chars in command line caused gibberish in unhandled messages) 2015-08-23 21:48:31 +02:00
Miroslav Stampar
9fb0eb3dd7 Blank removal 2015-08-23 21:41:59 +02:00
Miroslav Stampar
1204141278 Fixes #1350 2015-08-23 21:09:20 +02:00
Miroslav Stampar
fef8f20565 Minor reporting patch 2015-08-23 20:27:14 +02:00
KingX
3ebb3e6f4f fix removeDynamicContent bug
double re.escape() in "findDynamicContent" function and "removeDynamicContent" function leads an bug in finding dynamic content,
2015-08-22 14:05:03 +08:00
Miroslav Stampar
f609158d1b Adding new error message (when short options carry illegal '=') 2015-08-19 21:00:16 +02:00
Miroslav Stampar
383316fcb3 Fixing issues caused by 9ad1d122f4 (better approach) 2015-08-18 22:48:55 +02:00
Miroslav Stampar
8806ce72c1 Patch for an Issue #1341 2015-08-18 22:03:42 +02:00
Miroslav Stampar
54d65328bc Patch for negative logic (e.g. OR) cases (reported privately) 2015-08-18 03:09:01 +02:00
Miroslav Stampar
023def3203 Fixes #1336 2015-08-16 23:47:11 +02:00
Miroslav Stampar
c9d1c4d7b1 Fixes #1337 2015-08-16 23:29:39 +02:00
Miroslav Stampar
713d5384bc Potential patch for an Issue #1337 2015-08-16 23:15:04 +02:00
Miroslav Stampar
310d79b8f1 Adding special variable 'lastPage' to the eval code (by request from ML) 2015-08-14 23:29:31 +02:00
Miroslav Stampar
b010fda695 Switch --save becomes an option (taking file path where to save config file) 2015-08-14 22:49:32 +02:00
flsf
9adefb3ffd Minor change 2015-08-14 16:18:51 +08:00
Miroslav Stampar
2c1cde0f59 Minor fix (reported over ML - ignore saving of conf.saveCmdline) 2015-08-13 17:21:36 +02:00
Miroslav Stampar
8ea8b168b1 Minor cosmetics 2015-08-13 17:10:35 +02:00
Miroslav Stampar
9ad1d122f4 Minor patch (Issue #1327) 2015-08-12 22:09:31 +02:00
Miroslav Stampar
e5863d8b89 Minor patch 2015-08-12 21:43:13 +02:00
Jiang Jie
1ac27e9305 fixed pipe and zoombie problems
1.we don't need stdin here, and it'll cause OSError: too many openfiles problem.
2. after using /scan/taskid/stop , process turned into a zoombie, need add wait()
2015-08-12 16:25:33 +08:00
Miroslav Stampar
62f35698ee Bug fix (ML) - when cookies have blank expiration time 2015-08-06 13:07:16 +02:00
Miroslav Stampar
c5f3c0cc32 Fixes #1324 2015-08-03 17:21:35 +02:00
Miroslav Stampar
e623ee66ad Better approach for #1320 2015-07-30 23:29:31 +02:00
Miroslav Stampar
bcb25823e6 Fixes #1320 2015-07-30 23:19:38 +02:00
Miroslav Stampar
301aca57e6 Fixes #1319 2015-07-29 10:00:15 +02:00
Miroslav Stampar
401905b2dd Minor improvement to UNION file write 2015-07-26 17:02:46 +02:00
Miroslav Stampar
e3553ae893 Missing import 2015-07-26 16:19:44 +02:00
Miroslav Stampar
b0bc3149f9 Fixes #1315 2015-07-26 16:18:41 +02:00
Miroslav Stampar
e7af081447 Minor patch 2015-07-26 16:08:30 +02:00
Miroslav Stampar
314df093f1 Fixes #1314 2015-07-26 16:06:01 +02:00
Miroslav Stampar
b6ea2fdb07 Fixes #1170 2015-07-24 14:56:45 +02:00
Miroslav Stampar
a905b8d8f5 Fixes #1312 2015-07-23 10:07:21 +02:00
Miroslav Stampar
58002c5057 Minor cosmetics 2015-07-23 09:55:59 +02:00
Miroslav Stampar
cece2cb12d Minor cosmetics 2015-07-23 00:42:29 +02:00
Miroslav Stampar
358651b19c Fixes #1313 2015-07-23 00:41:03 +02:00
Miroslav Stampar
75ed5f767c Fixes #1309 2015-07-20 17:03:20 +02:00
Miroslav Stampar
2afb5687f6 Fixes #1307 2015-07-20 15:47:27 +02:00
Miroslav Stampar
21e8182ac6 Fixes #1305 2015-07-18 17:01:34 +02:00
Miroslav Stampar
a7c4400cc9 Fixes #1304 2015-07-17 14:20:51 +02:00
Miroslav Stampar
00f190fc92 Fixes #1303 2015-07-17 10:14:35 +02:00
Miroslav Stampar
49212ec920 Fixes #1302 2015-07-17 09:56:24 +02:00
Miroslav Stampar
1aafe85a3a Fixes #1299 2015-07-15 11:15:06 +02:00
Miroslav Stampar
fdc8e664df Updating --beep functionality (ML request) 2015-07-13 23:55:46 +02:00
Miroslav Stampar
16f8e4c8ba Removing unused imports 2015-07-12 12:25:02 +02:00
Miroslav Stampar
a20da7a677 Patch for automatic reporting (GitHub has robots) 2015-07-12 12:05:19 +02:00
Miroslav Stampar
fa303ef8b1 Minor update 2015-07-10 16:39:18 +02:00
Miroslav Stampar
10f8c6a0b6 Introducing --offline switch (to perform session only lookups) 2015-07-10 16:10:24 +02:00
Miroslav Stampar
9bdbdc136f Minor cosmetics update 2015-07-10 11:33:12 +02:00
Miroslav Stampar
0ba264bfa0 Minor patch 2015-07-10 09:51:11 +02:00
Miroslav Stampar
4baaa4a5ad Minor improvement 2015-07-10 09:24:14 +02:00
Miroslav Stampar
9ff115ce71 Minor patch 2015-07-10 01:33:53 +02:00
Miroslav Stampar
02470ea683 Further decreasing number of testing payloads 2015-07-10 01:19:46 +02:00
Miroslav Stampar
48b627f3ff Prevent double tests (e.g. in same final tests where suffix is cut by the comment) 2015-07-10 00:54:02 +02:00
Miroslav Stampar
ca2f63c672 Test speed up in case of boolean based blind 2015-07-10 00:37:59 +02:00
Miroslav Stampar
3a5cc98976 -Z is/are a pseudo-option (just like -H) expanded during the run 2015-07-07 09:27:18 +02:00
Miroslav Stampar
2080fcaa37 Fixes #1293 2015-07-07 09:24:16 +02:00
Miroslav Stampar
f488377001 Fixes #1293 2015-07-07 08:47:07 +02:00
Miroslav Stampar
6a1b3895f9 Patch for an Issue #1285 2015-07-06 11:50:59 +02:00
Miroslav Stampar
96327b6701 Fixes #1290 2015-07-05 01:47:01 +02:00
Miroslav Stampar
166dc98e81 Minor patch 2015-07-05 00:03:29 +02:00
Miroslav Stampar
1f71d809d4 Fixes #1288 2015-07-03 08:55:33 +02:00
Miroslav Stampar
7b95a2d80d Patch for an Issue #1280 2015-06-29 10:05:16 +02:00
Miroslav Stampar
8b63ee9bc3 Minor update for #1281 2015-06-29 01:12:14 +02:00
Miroslav Stampar
97244f5e5e Fixes #1279 2015-06-29 00:20:35 +02:00
Miroslav Stampar
b212321c07 Fixes #1278 2015-06-26 10:30:53 +02:00
Miroslav Stampar
b02be9674f Fixes #1277 2015-06-26 10:11:34 +02:00
Miroslav Stampar
7d418af274 Fix for a bug reported privately by email 2015-06-22 16:28:35 +02:00
Miroslav Stampar
9e5ef094a3 Closes #1270 2015-06-16 22:20:21 +02:00
Miroslav Stampar
e4b23c9beb Minor fix regarding POST redirects (ML) 2015-06-16 12:00:56 +02:00
Miroslav Stampar
04c1d439a7 Minor patch for #1260 2015-06-05 17:18:21 +02:00
Miroslav Stampar
8d7e915af7 Minor patch for #1260 2015-06-05 17:02:56 +02:00
Miroslav Stampar
ec87d8ebda Adding a support for SNI (Issue #1256) 2015-06-01 10:45:16 +02:00
Miroslav Stampar
341d2a6028 Minor fix for (hidden) switch '--dummy' 2015-05-29 17:30:02 +02:00
Miroslav Stampar
08caca387b Minor patch of automatic WAF heuristic check 2015-05-29 16:01:41 +02:00
Miroslav Stampar
699c965bc0 Fixes #1248 2015-05-19 18:40:45 +02:00
Miroslav Stampar
17bfda1b9c Adding new switch ('--skip-static') 2015-05-18 20:57:15 +02:00
Miroslav Stampar
e8f87bfa41 Minor patches related to the #1206 2015-05-11 11:01:21 +02:00
Miroslav Stampar
91bc02e3ba Fixes related to the #1206 2015-05-11 10:56:10 +02:00
Miroslav Stampar
9010e157e9 Conflict fix 2015-05-11 10:11:33 +02:00
Miroslav Stampar
5b8df7984c Minor update (for Windows-31j charset) 2015-05-09 14:32:55 +02:00
Miroslav Stampar
4b2ff4339a Fixes #1243 2015-05-07 12:36:23 +02:00
Miroslav Stampar
18e62fd507 Fix for an Issue #1240 2015-05-05 14:36:21 +02:00
Miroslav Stampar
84ba3d45c1 Patch for an Issue #1238 2015-05-04 21:47:10 +02:00
Miroslav Stampar
5ee7fd785a Fixes #1235 2015-05-01 00:48:08 +02:00
Miroslav Stampar
03f32ae2b6 Merge of an Issue #1227 2015-04-22 17:21:55 +02:00
Miroslav Stampar
a94dcf94e9 Patch for an Issue #1226đ 2015-04-22 16:41:20 +02:00
Miroslav Stampar
bb98894dc1 Adding option --safe-req 2015-04-22 16:28:54 +02:00
Miroslav Stampar
4ded9a9966 Small patch for existing option validation 2015-04-22 15:32:14 +02:00
Miroslav Stampar
77c96de4ea Minor patch related to the last commit 2015-04-22 10:33:22 +02:00
Miroslav Stampar
95b52a02ec Minor patch for custom injection into HTTP Authorization header 2015-04-22 10:28:16 +02:00
Miroslav Stampar
c5138d4696 Minor refactoring 2015-04-21 00:02:47 +02:00
Miroslav Stampar
349dfbf2ae Adding an option --safe-post 2015-04-20 23:55:59 +02:00
Miroslav Stampar
7517db76d1 Minor fix for SQLite's schema parsing 2015-04-16 18:40:43 +02:00
Miroslav Stampar
dbfa8f1cfc Fix for a bug reported by the user (conf.scheme/conf.hostname/conf.port were None in multiple targets mode) 2015-04-14 11:05:17 +02:00
Miroslav Stampar
0e4800f73c Changing default answer for sitemap checking to N 2015-04-14 09:30:01 +02:00
Miroslav Stampar
1e7f2d6da2 Implements #1215 2015-04-06 22:07:22 +02:00
Miroslav Stampar
c35fa63a48 Fixes #1212 2015-03-30 11:58:09 +02:00
Miroslav Stampar
99c1cc9937 Fixes #1208 2015-03-26 17:17:46 +01:00
Miroslav Stampar
a19bccc84f Fixes #1205 2015-03-26 15:31:29 +01:00
Miroslav Stampar
770cfb6102 Removing test print 2015-03-26 15:20:54 +01:00
Miroslav Stampar
fc0186e029 Minor update 2015-03-26 12:39:44 +01:00
Miroslav Stampar
5dfd3ef1e4 Another update 2015-03-26 12:25:32 +01:00
Miroslav Stampar
3be7a447a5 Update 2015-03-26 12:22:49 +01:00
Miroslav Stampar
7587528ebd Fixes #1202 2015-03-26 11:40:19 +01:00
ricterz
bbfdb02a0e fix mandatorily depend of websocket #1198 2015-03-24 22:25:16 +08:00
ricterz
811f5c11c6 remove Host header field and add cookie support #1198 2015-03-24 18:50:57 +08:00
ricterz
9b5dcbbbb2 modified error handle #1198 2015-03-24 18:21:50 +08:00
ricterz
78dbe080d7 determine whether it's websocket when connect #1198 2015-03-24 17:19:37 +08:00
ricterz
50fd6ce7f7 add websocket support for parse url #1198 2015-03-24 10:30:38 +08:00
Miroslav Stampar
05a496c275 Fixes #1196 2015-03-20 00:56:52 +01:00
Miroslav Stampar
25b23750e8 Bug fix for crawling over non-80 port 2015-03-12 11:49:52 +01:00
Miroslav Stampar
adc8ac267d Fixes #1190 2015-03-10 09:23:26 +01:00
Miroslav Stampar
9bd41ed99d Fixes #1189 2015-03-09 22:02:20 +01:00
Christ van Willegen
80fb2e29cc Fix some spelling errors in help texts (through -> thorough) 2015-03-04 13:31:29 +01:00
Miroslav Stampar
3347fc25ca Fixes #1185 2015-03-03 15:10:06 +01:00
Miroslav Stampar
3f6c3b40dd Minor update (not overriding user given 'Accept-Encoding' header value) 2015-03-03 14:37:36 +01:00
Bernardo Damele
8281fe48e5 bug fix: test for boundaries with high levels if the test was extended 2015-03-01 11:02:05 +00:00
Bernardo Damele
260643241a prioritized fingerprinted DBMS to error-based and user provided one 2015-02-27 14:19:30 +00:00
Bernardo Damele
2f08c8b666 bug fix: do not skil heuristic check if previous page (test for dynamicity) had DBMS message. Code cleanup 2015-02-27 13:57:28 +00:00
Miroslav Stampar
dde400ab8f More suitable version of 6bcc95a (suggested by user) 2015-02-25 10:19:51 +01:00
Miroslav Stampar
6bcc95a20d Restricting evaluated code variable names to Python valid characters ([_0-9a-zA-Z]) 2015-02-24 15:05:44 +01:00
Miroslav Stampar
e35c7fbb7a Fixes #1172 2015-02-22 13:41:54 +01:00
Bernardo Damele
475cc8b24b trivial code cleanup 2015-02-21 13:12:30 +00:00
Bernardo Damele
383929c0c2 if the user forces the DBMS, then sort the tests accordingly to perform first the DBMS-specific tests, then the others 2015-02-21 13:12:03 +00:00
Bernardo Damele
d235ee375b code cleanup 2015-02-21 12:59:44 +00:00
Bernardo Damele
8be24d3e9b minor enhancement, prefer intersect() each time DBMS values are comfronted 2015-02-21 12:59:27 +00:00
Bernardo Damele
388c0dfd77 trivial layout fix 2015-02-21 12:57:49 +00:00
Bernardo Damele
52dd92748a rework some of the logic of the detection phase based on identified DBMS along the way 2015-02-21 02:23:42 +00:00
Bernardo Damele
4f939b5719 avoid false positive message when extensive heuristic check is performed following detection of boolean blind injection detection: do only heuristic DBMS fingerprint for DBMS specific tables 2015-02-20 18:36:34 +00:00
Bernardo Damele
1ecb921ba7 Consistency in enums 2015-02-20 18:31:47 +00:00
Bernardo Damele
214b9360e9 Minor fix to check for inline query payloads regardless of previously identified payloads and code cleanup 2015-02-20 18:30:42 +00:00
Bernardo Damele
79d4d970a5 trivial code cleanup 2015-02-20 15:42:28 +00:00
Bernardo Damele
201b605f9b Minor fix and consistency: do not ask to include all tests if level and risk are at the max settings already 2015-02-20 10:21:44 +00:00
Bernardo Damele
daa8e0d8c5 minor fix 2015-02-18 10:13:28 +00:00
Miroslav Stampar
1636088b75 Minor update 2015-02-16 11:48:53 +01:00
Bernardo Damele
e17d212c23 bug fix introduced with 863d5a6281 2015-02-15 20:07:52 +00:00
Bernardo Damele
32ab52b8ca code refactoring: split boundaries and payloads XML files 2015-02-15 16:31:35 +00:00
Bernardo Damele
863d5a6281 --test-filter now ignores values of --risk and --level 2015-02-15 16:28:37 +00:00
Miroslav Stampar
2e5c11e427 Closes #1163 2015-02-13 10:59:03 +01:00
Miroslav Stampar
247384858e Patch for an Issue #1159 (undo commit with single-quotes problem on windows) 2015-02-04 16:21:21 +01:00
Miroslav Stampar
38011743bb Patch for an Issue #1157 2015-02-04 15:01:19 +01:00
Miroslav Stampar
eecc0b924b Patch for an Issue #1148 2015-02-03 10:06:00 +01:00
Miroslav Stampar
2af2aef43e Minor patch for masking sensitive information (when formation -u=... is used) 2015-02-03 09:48:05 +01:00
Miroslav Stampar
59f0da369d Patch for a bug reported via ML (Accept header ignored in --headers) 2015-02-02 22:07:16 +01:00
Miroslav Stampar
8b135e45bd Patch for an Issue #1147 2015-02-02 22:05:31 +01:00
Miroslav Stampar
bf1c08a8a6 Bug fix 2015-01-30 22:43:40 +01:00
Miroslav Stampar
2e9bf47703 Heuristic check for WAF/IDS/IPS is now prone to tamper functions (Issue #1145) 2015-01-30 22:12:35 +01:00
Miroslav Stampar
9e90e357cf Patch for an Issue #1146 2015-01-30 21:59:03 +01:00
Miroslav Stampar
9563e429d3 Removal of fun code 2015-01-30 21:49:22 +01:00
Miroslav Stampar
9f679a952f Minor update 2015-01-29 10:44:36 +01:00
Miroslav Stampar
024c500d8e Minor fix 2015-01-28 00:54:39 +01:00
Miroslav Stampar
5400bb2c95 Patch for an Issue #1142 2015-01-28 00:52:40 +01:00
Miroslav Stampar
fd632e5ada Update for unhandled exception mechanism (BADA) 2015-01-26 09:09:38 +01:00
Miroslav Stampar
eb548959b3 Minor update 2015-01-26 08:59:10 +01:00
Miroslav Stampar
f0eac38ab4 Minor fix 2015-01-26 08:48:37 +01:00