Commit Graph

3622 Commits

Author SHA1 Message Date
Bernardo Damele
8093f3950d properly distinguish stdout from stderr with a separate pipe (tracebacks go to stderr) - issue #297 2013-01-10 00:52:44 +00:00
Bernardo Damele
10f1099944 remove logging handler that shows logging messages to stdout - issue #297 2013-01-10 00:51:56 +00:00
Bernardo Damele
ccc3c3d1a3 minor fix to distinguish stdout from stderr 2013-01-10 00:51:05 +00:00
Bernardo Damele
ef40779ad3 upgraded to use custom subprocessng for non-blocking send and read functions for spawned processes. Added new method to display range of log messages, just in case and improved parsing/unpickling of read log messages 2013-01-10 00:01:28 +00:00
Bernardo Damele
2126a5ba12 minor index fix 2013-01-10 00:00:00 +00:00
Bernardo Damele
9766f6025e logging is now handled in a separate file descriptor :) - issue #297 2013-01-09 22:09:50 +00:00
Bernardo Damele
794700eb37 preparing to handle logging calls by a separate file descriptor when sqlmap is executed by the REST API - issue #297 2013-01-09 22:08:50 +00:00
Bernardo Damele
d120dc18d1 cleanup 2013-01-09 22:06:27 +00:00
Bernardo Damele
58a60562ac avoid exiting with a traceback for missing dependency, handle properly at some point 2013-01-09 16:05:55 +00:00
Bernardo Damele
7f4ce4afbb Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-09 16:04:29 +00:00
Bernardo Damele
510ceb6e19 first attempt to have --os-pwn and other takeover switches work across Windows and Linux - issue #28 2013-01-09 16:04:23 +00:00
Miroslav Stampar
bf5544903b Minor style update 2013-01-09 16:10:26 +01:00
Miroslav Stampar
9bdcb1176d Update for an Issue #169 2013-01-09 15:58:13 +01:00
Miroslav Stampar
25f01a419f Minor style update (for the sake of consistency over the code and our PEP8 adaptation) 2013-01-09 15:38:41 +01:00
Miroslav Stampar
bdd2592848 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-09 15:22:30 +01:00
Miroslav Stampar
3d4f381ab5 Patch for an Issue #169 2013-01-09 15:22:21 +01:00
Bernardo Damele
c44a829b9b pass a pickled options object to sqlmap engine when called from API 2013-01-09 12:34:45 +00:00
Bernardo Damele
8457cff278 added variable to store the live test traceback if any 2013-01-09 12:33:18 +00:00
Bernardo Damele
f11747732e added missing command line options 2013-01-09 12:30:13 +00:00
Miroslav Stampar
55a552ddc4 Update for an Issue #24 2013-01-08 10:55:25 +01:00
Miroslav Stampar
ad85c4c964 Minor refactoring for an Issue #295 2013-01-08 10:23:02 +01:00
Bernardo Damele
c155c6df84 minor bug fix for user's provided LIMIT'd statement when technique is full UNION SQLi 2013-01-07 23:31:11 +00:00
Miroslav Stampar
3abe87ac89 Minor fix with status update (Issue #305) 2013-01-07 18:53:08 +01:00
Miroslav Stampar
a8f02916a9 Minor fix (Issue #305) 2013-01-07 18:39:35 +01:00
Miroslav Stampar
e219fad8bf Added a short comment 2013-01-07 18:19:48 +01:00
Bernardo Damele
1e35b3c8c9 proper link 2013-01-07 16:59:59 +00:00
Miroslav Stampar
96e5d5d178 Some more updates for an Issue #295 2013-01-07 16:55:41 +01:00
Miroslav Stampar
74552bea87 Cleaning some garbage (hard coded paths with linux native slashes) 2013-01-07 16:51:00 +01:00
Miroslav Stampar
425df067eb Fix for an --os-pwn with ICMPsh (it was crashing because methods interleaved with Metasploit ones) 2013-01-07 16:44:22 +01:00
Miroslav Stampar
ac407ae4a1 Implementation for an Issue #295 2013-01-07 15:55:40 +01:00
Miroslav Stampar
76839ff9d6 Fix for an Issue #305 2013-01-07 12:52:55 +01:00
Bernardo Damele
1e1892c962 prep for subprocess.. 2013-01-07 11:10:33 +00:00
Bernardo Damele
7fa75792dd Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-07 11:10:08 +00:00
Bernardo Damele
a30d7014b9 removed unused var 2013-01-07 11:05:33 +00:00
Miroslav Stampar
87e923613f Minor adjustment (URI (marked with custom injection char) has precedence over GET/POST) 2013-01-05 21:16:47 +01:00
Miroslav Stampar
dc21f3ce67 Minor just in case filtering of union results 2013-01-04 17:09:07 +01:00
Miroslav Stampar
5b77b20e2e Removing trailing whitespaces (PEP8) 2013-01-03 23:57:07 +01:00
Miroslav Stampar
82b468211d Minor update 2013-01-03 23:38:29 +01:00
Miroslav Stampar
f340ce8b4b Minor style update 2013-01-03 23:35:29 +01:00
Miroslav Stampar
1712603dce Replacing deprecated has_key() with operator in (PEP8) 2013-01-03 23:28:07 +01:00
Miroslav Stampar
e4a3c015e5 Replacing old and deprecated raise Exception style (PEP8) 2013-01-03 23:20:55 +01:00
Bernardo Damele
3a11d36c66 minor bug fix 2013-01-02 21:49:15 +00:00
Miroslav Stampar
cb15fcc8af Fix for an Issue #329 2013-01-02 22:17:06 +01:00
Miroslav Stampar
304e52cb4d Minor language update 2013-01-02 22:11:59 +01:00
Miroslav Stampar
09f1cdd8e1 Minor style update 2013-01-02 21:52:50 +01:00
Miroslav Stampar
0795760255 Minor fix 2012-12-30 11:22:23 +01:00
Miroslav Stampar
75edb84a71 Minor update 2012-12-30 11:10:32 +01:00
Miroslav Stampar
58ad2f1c5d Revert of last commit and proper fix 2012-12-29 10:35:05 +01:00
Miroslav Stampar
0e18fa9c5f Minor fix 2012-12-28 23:43:47 +01:00
Miroslav Stampar
648d91d790 Distinguishing invalid unicode from safe encoded characters (for proper potential decoding) 2012-12-27 22:43:39 +01:00
Miroslav Stampar
3d01890147 Patch for an Issue #56 (full target url is now being written to a output .CSV file in multi target mode) 2012-12-27 21:15:44 +01:00
Miroslav Stampar
cb91729913 Fix for an Issue #324 (crawling when HTML is not well-formed) 2012-12-27 20:55:37 +01:00
Miroslav Stampar
127b880577 Minor update 2012-12-27 15:14:40 +01:00
Miroslav Stampar
6ae4590edc Removing problematic per-MySQL LIMIT prefix 2012-12-26 19:48:01 +01:00
Miroslav Stampar
a77b7f00d9 Fix for an Issue #323 2012-12-23 19:34:35 +01:00
Bernardo Damele
832567ecf6 import order 2012-12-21 23:34:37 +00:00
Miroslav Stampar
77625e5af7 Minor revert 2012-12-21 19:31:05 +01:00
Miroslav Stampar
00e55828e4 Minor style update 2012-12-21 15:06:03 +01:00
Miroslav Stampar
8b3e17ed4d Minor update (better approach for those old NOT IN cases in MsSQL - instead of standard pivot dump table) 2012-12-21 14:52:47 +01:00
Miroslav Stampar
6c1ec9b54f Fix for an Issue #318 2012-12-21 11:10:05 +01:00
Miroslav Stampar
35728fa443 Fix (and some hidden bug fixes/improvements) regarding an Issue #317 2012-12-21 10:51:35 +01:00
Miroslav Stampar
352e516400 Bottle is a 3rd party tool (not going to extra folder) 2012-12-21 10:18:30 +01:00
Miroslav Stampar
b94a5d42d4 Removing a leftover 2012-12-21 09:49:09 +01:00
Miroslav Stampar
0a122ccce4 Related to an Issue #319 2012-12-21 09:47:58 +01:00
Miroslav Stampar
0d5d84edc7 Minor cleanup 2012-12-20 21:03:41 +01:00
Miroslav Stampar
712cf4e4db Fix for an Issue #316 2012-12-20 20:55:59 +01:00
Miroslav Stampar
1073ebc697 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2012-12-20 20:51:41 +01:00
Bernardo Damele
89d8c58fd1 poor attempt at forking a child process for sqlmap engine execution, output is not handled yet 2012-12-20 17:56:53 +00:00
Bernardo Damele
912323c12d minor bug fix (#297) 2012-12-20 17:05:44 +00:00
Bernardo Damele
7adaffa71b fixed options initiation 2012-12-20 16:53:43 +00:00
Miroslav Stampar
1c4d438aff Merge branch 'master' of github.com:sqlmapproject/sqlmap 2012-12-20 16:37:03 +01:00
Bernardo Damele
b0635bddcc adjustments 2012-12-20 15:29:23 +00:00
Miroslav Stampar
8efe056671 Minor refactoring 2012-12-20 15:51:03 +01:00
Bernardo Damele
e9ab33e9dd standalone REST API, code cleanup (#297) 2012-12-20 14:35:02 +00:00
Bernardo Damele
5632279bf7 removed deprecated feature (#287) 2012-12-20 13:21:07 +00:00
Miroslav Stampar
63d9b7a1f8 No character shall be left forgotten (no more ? in case that character was not properly being decoded by used charset) 2012-12-20 12:23:37 +01:00
Miroslav Stampar
c2c4601d6e Minor restyling 2012-12-20 11:06:52 +01:00
Bernardo Damele
076b4063e6 these edits got overwritten from last commits 2012-12-20 09:42:44 +00:00
Miroslav Stampar
3cbe60b586 Proper fix 2012-12-20 10:37:20 +01:00
Miroslav Stampar
0d1ea7f05a Merge branch 'master' of github.com:sqlmapproject/sqlmap
Conflicts:
	lib/core/testing.py
2012-12-20 10:37:11 +01:00
Miroslav Stampar
da93e77eb2 Proper fix 2012-12-20 10:34:51 +01:00
Bernardo Damele
ac77724970 attempt to handle standard input from --live-test 2012-12-20 09:30:48 +00:00
Bernardo Damele
2b6ee06de0 minor bug fix to correctly parse unicode chars 2012-12-20 09:30:13 +00:00
Miroslav Stampar
69310e47ce Merge branch 'master' of github.com:sqlmapproject/sqlmap 2012-12-20 09:54:39 +01:00
Miroslav Stampar
06d8213ffd minor fix (reading of unicode xml files) 2012-12-20 09:53:08 +01:00
Bernardo Damele
86872956d5 minor bug fix (for PostgreSQL) 2012-12-19 22:55:31 +00:00
Bernardo Damele
77843f44fb minor bug fix (issue #314) 2012-12-19 22:49:02 +00:00
Bernardo Damele
357da43cea slight improvement of live test engine and added misc test cases to xml 2012-12-19 17:28:41 +00:00
Bernardo Damele
85fcd27e2d added support for random global variables 2012-12-19 15:58:06 +00:00
Bernardo Damele
12d34587cc minor restyling 2012-12-19 14:34:34 +00:00
Bernardo Damele
326ff404fc Merge branch 'master' of github.com:sqlmapproject/sqlmap 2012-12-19 14:25:35 +00:00
Bernardo Damele
12eed58485 pointless restyling 2012-12-19 14:25:29 +00:00
Miroslav Stampar
37346fe8a3 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2012-12-19 15:23:57 +01:00
Miroslav Stampar
7ee98c7bff Just for one girl out there waiting for this patch ;) 2012-12-19 15:23:38 +01:00
Bernardo Damele
3be90c97aa forgot these 2012-12-19 14:12:45 +00:00
Bernardo Damele
cefb03c835 fixed bug related to issue #223 2012-12-19 14:12:09 +00:00
Bernardo Damele
27a12ae85b restyling 2012-12-19 13:47:17 +00:00
Bernardo Damele
4b3b4eb374 commented out partial work 2012-12-19 13:47:04 +00:00
Bernardo Damele
3655d1f12a revert change of name for now 2012-12-19 13:45:52 +00:00
Bernardo Damele
874e2176c6 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2012-12-19 13:43:00 +00:00
Bernardo Damele
4f0f729982 be more specific in standard output message as to whether or not the read file is same as remote file 2012-12-19 13:42:56 +00:00
Miroslav Stampar
23153e8088 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2012-12-19 14:29:08 +01:00
Miroslav Stampar
244901eda0 During --flush-session log file should be cleaned too (especially because of --live-tests) 2012-12-19 14:28:54 +01:00
Bernardo Damele
282aeb734f ORDER BY does not play well with UNION query SQLi (related to issue #313) 2012-12-19 13:21:16 +00:00
Bernardo Damele
259b345f1f catch ImportError exception if libmagic is not installed 2012-12-19 13:10:54 +00:00
Bernardo Damele
128597ee7e --run-case is now case insensitive 2012-12-19 12:45:46 +00:00
Bernardo Damele
b91c829103 minor bug fix (issue #310) 2012-12-19 12:42:31 +00:00
Bernardo Damele
2bc2c0431c fixed test cases 2012-12-19 12:33:37 +00:00
Bernardo Damele
9149d77cc8 removed duplicate code - fixes issue #310 2012-12-19 12:17:56 +00:00
Bernardo Damele
d80744d3d5 preparation for issue #310 2012-12-19 11:40:00 +00:00
Bernardo Damele
f5450e9f0e layout adjustment 2012-12-19 11:39:38 +00:00
Bernardo Damele
dee56b17c3 handle "LIMIT num" as well as "LIMIT num, num" across all techniques - fixes issue #308 2012-12-19 10:50:15 +00:00
Miroslav Stampar
155c1eddae Debug message with declared page charset 2012-12-19 11:16:42 +01:00
Miroslav Stampar
d29dddf5b2 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2012-12-19 10:51:25 +01:00
Miroslav Stampar
92e338251a Finally working inference against MySQL/international letters (even chinese) 2012-12-19 10:44:02 +01:00
Bernardo Damele
65ed2304fd comment update 2012-12-19 09:38:03 +00:00
Bernardo Damele
0037d52098 typo fix 2012-12-19 01:11:18 +00:00
Miroslav Stampar
c9b8b51c9c Update lib/core/common.py
Revert of last commit and try 2
2012-12-19 01:48:53 +01:00
Bernardo Damele
8e95470415 minor refactoring 2012-12-19 00:46:23 +00:00
Bernardo Damele
318fcee49c Merge branch 'master' of github.com:sqlmapproject/sqlmap 2012-12-19 00:30:26 +00:00
Bernardo Damele
3c7007097a minor refactoring 2012-12-19 00:30:22 +00:00
Miroslav Stampar
50b846b5af Update lib/core/common.py
Fixing wrong assumption in case of MySQL inference international character retrieval
2012-12-19 01:26:12 +01:00
Miroslav Stampar
9e2f0131b9 Update lib/core/agent.py 2012-12-18 20:25:00 +01:00
Bernardo Damele
326ed33f31 added support for comma separated list of files for --file-read - fixes issue #223 2012-12-18 17:55:21 +00:00
Bernardo Damele
58656bbeb5 minor bug fix, union query has to be limited 0, 0 2012-12-18 16:36:30 +00:00
Bernardo Damele
61a838bb35 added more test cases 2012-12-18 15:59:48 +00:00
Miroslav Stampar
88d8494b5a Implementation for an Issue #307 2012-12-18 16:03:35 +01:00
Miroslav Stampar
7f47623876 Minor patch 2012-12-18 11:10:06 +01:00
Miroslav Stampar
2b64c10710 Patch for an Issue #304 2012-12-18 09:36:26 +01:00
Miroslav Stampar
4ea0c9e922 Another implementation for an Issue #302 2012-12-17 15:08:54 +01:00
Bernardo Damele
3c1b696bd6 removed more print statements 2012-12-17 13:35:32 +00:00
Bernardo Damele
1fdd804e94 replaced instances of dataToStdout with logger 2012-12-17 13:30:21 +00:00
Bernardo Damele
9f47eb0a59 cleaner 2012-12-17 13:29:37 +00:00
Bernardo Damele
0500712a03 removed unuseful prints 2012-12-17 13:29:19 +00:00
Bernardo Damele
ac44cf3ec0 minor fix: add also back-end DBMS and web app fingerprint output to log file 2012-12-17 13:02:09 +00:00
Bernardo Damele
bbd2adb5fb improvements to --live-test and added --stop-fail switch 2012-12-17 11:41:43 +00:00
Bernardo Damele
064d443d60 replaced unnecessary dataToStdout() call with appropriate logger.info() call 2012-12-17 11:30:08 +00:00
Bernardo Damele
2926c815bf improved test switch --live-test and minor refactoring 2012-12-17 11:29:33 +00:00
Bernardo Damele
f40c52cc17 comment adjustment 2012-12-17 11:28:03 +00:00
Bernardo Damele
2442a58884 minor leftover of deprecated XMLRPC service 2012-12-17 11:26:31 +00:00
Miroslav Stampar
60baf5071e Patch for an Issue #302 2012-12-17 00:40:01 +01:00
Bernardo Damele
d4a061d0c3 code cleanup - #297 2012-12-15 00:29:35 +00:00
Bernardo Damele
0c3da5c7eb code refactoring and first time logger is handled by a separate file descriptor (issue #297) 2012-12-15 00:12:22 +00:00
Bernardo Damele
2f6a31605c code refactoring (#279) 2012-12-14 22:00:42 +00:00
Bernardo Damele
8dee8355c2 on our way to make it thread safe.. it is a long way actually (issue #297) 2012-12-14 18:13:21 +00:00
Bernardo Damele
21ecffb750 added more comments, improved cleanup method 2012-12-14 17:21:19 +00:00
Bernardo Damele
1421e6a9d4 implemented cleanup and status admin methods 2012-12-14 16:18:45 +00:00
Bernardo Damele
4fa2f400ec minor fix 2012-12-14 15:55:30 +00:00
Bernardo Damele
4c4cb856ff minor bug fix to the /scan/<taskid>output method, forced each taskid to have its own temporary folder for output - issue #297 2012-12-14 15:52:35 +00:00
Bernardo Damele
27906f388f added first methods to interact with sqlmap core, it is now possible to launch a scan from the API, hurray! (issue #297) 2012-12-14 14:51:01 +00:00