Commit Graph

5213 Commits

Author SHA1 Message Date
Miroslav Stampar
2284535267 Update for an Issue #963 2014-11-24 05:44:38 +01:00
Miroslav Stampar
69cdad4148 Patch for an Issue #958 2014-11-23 15:55:12 +01:00
Miroslav Stampar
28d6af6237 Minor update 2014-11-23 15:42:41 +01:00
Miroslav Stampar
f853f8973f Minor refactorign 2014-11-23 15:41:24 +01:00
Miroslav Stampar
080a873922 Patch for an Issue #964 2014-11-23 15:39:08 +01:00
Miroslav Stampar
5c182a0ec4 Update for an Issue #431 2014-11-21 11:33:57 +01:00
Miroslav Stampar
f0802c6fb9 Update for an Issue #431 2014-11-21 11:20:54 +01:00
Miroslav Stampar
1fc4d0e3c4 Update for an Issue #431 2014-11-21 10:31:55 +01:00
Miroslav Stampar
cf2d5fd453 Update for an Issue #431 2014-11-21 09:41:49 +01:00
Miroslav Stampar
34ce774acd Patch for an Issue #956 2014-11-21 09:41:49 +01:00
Miroslav Stampar
1a8b58fca6 Minor update 2014-11-20 16:42:06 +01:00
Miroslav Stampar
f8a8cbf9a6 Storing crawling results to a temporary file (for eventual further processing) 2014-11-20 16:29:17 +01:00
Miroslav Stampar
d3551631c4 Minor update 2014-11-20 16:10:25 +01:00
Miroslav Stampar
484fa61afc Patch for an Issue #954 2014-11-20 15:08:08 +01:00
Miroslav Stampar
ee8b3ee664 Patch for an Issue #953 2014-11-20 09:49:04 +01:00
Rexikon
4da20679ee Update httpshandler.py
ssl.PROTOCOL_SSLv3 removed
affecting error: AttributeError: 'module' object has no attribute 'PROTOCOL_SSLv3'
2014-11-19 16:36:30 +01:00
Miroslav Stampar
05d5342f20 Update and patch for an Issue #2 2014-11-17 11:50:05 +01:00
Miroslav Stampar
733e06e31f Patch for an Issue #944 2014-11-16 14:25:44 +01:00
Miroslav Stampar
bb56eb583a Minor update 2014-11-16 13:34:35 +01:00
Miroslav Stampar
d8d9678947 Patch for an Issue #935 2014-11-14 00:21:04 +01:00
Miroslav Stampar
74eacf95fd Patch for an Issue #929 2014-11-13 10:52:33 +01:00
Miroslav Stampar
671facc6d9 Patch for an Issue #930 2014-11-13 10:28:38 +01:00
Miroslav Stampar
d0afa7f325 Bug fix for not displaying proper version in unhandled exception win cases 2014-11-12 11:53:42 +01:00
Miroslav Stampar
06e6d2aaeb Patch for an Issue #921 2014-11-11 11:38:14 +01:00
Miroslav Stampar
c5df45a14f Minor bug fix (skipping HTML decoding in heuristic mode) 2014-11-11 11:23:14 +01:00
Miroslav Stampar
dfa8e0456d Potential patch for an Issue #914 2014-11-10 14:51:31 +01:00
Miroslav Stampar
cdbfb17408 Patch for an Issue #919 2014-11-10 13:41:53 +01:00
Miroslav Stampar
06bb957d13 Preventing a run of duplicate issues 2014-11-09 22:07:11 +01:00
Miroslav Stampar
de1cf26fe6 Minor patch 2014-11-09 18:58:25 +01:00
Miroslav Stampar
80af465ce3 Fix for an Issue #911 2014-11-09 18:40:49 +01:00
Miroslav Stampar
9fe6ab749b Bug fix for occureance of ANSI color codes in multiprocessing hash cracking on Windows OS 2014-11-09 15:08:44 +01:00
Miroslav Stampar
62a73bf30b Minor fix for automatic removal of temporary files 2014-11-09 14:52:50 +01:00
Miroslav Stampar
5e9c73f9c1 Just in case update (for unhandled exceptions happening too soon) 2014-11-08 21:44:46 +01:00
Miroslav Stampar
3b06665c9f Patch for an Issue #910 2014-11-08 21:22:03 +01:00
Miroslav Stampar
8fdf9ff746 Probable fix for an Issue #908 2014-11-07 15:47:42 +01:00
Miroslav Stampar
31f8d6e612 Fix for an Issue #904 2014-11-06 11:19:05 +01:00
Miroslav Stampar
a91fb4149b Minor update (using lower frequency alphabet for kb.chars) 2014-11-05 10:56:30 +01:00
Miroslav Stampar
a074efe75e Minor improvement of error-based SQLi when trimmed output is detected (trying to reconstruct) 2014-11-05 10:46:11 +01:00
Miroslav Stampar
71c43be53a Patch for an Issue #901 2014-11-05 10:03:19 +01:00
Miroslav Stampar
78cc3853b6 Fix for an Issue #902 2014-11-05 09:56:50 +01:00
Miroslav Stampar
97cc679f9c Fix for an Issue #900 2014-11-04 15:15:58 +01:00
Miroslav Stampar
4d5b48b2ae Patch for an Issue #896 2014-11-04 00:34:35 +01:00
Miroslav Stampar
6f45596f28 Minor style update 2014-11-03 23:48:44 +01:00
Miroslav Stampar
05b446b95d Patch for an Issue #893 2014-11-02 23:38:52 +01:00
Miroslav Stampar
9652e41226 Path for an Issue #891 2014-11-02 23:32:19 +01:00
Miroslav Stampar
1ef2c4006d Patch for an Issue #892 2014-11-02 11:01:46 +01:00
Miroslav Stampar
a4d058d70c More anonymization of unhanded exception data 2014-11-02 10:55:38 +01:00
Miroslav Stampar
baf9ada28d Fix for an Issue #889 2014-11-01 17:13:33 +01:00
Miroslav Stampar
4e0e64d06b Bug fix for DNS Exfiltration in PgSQL case ('invalid URI') 2014-10-31 20:28:37 +01:00
Miroslav Stampar
49d3860b1f Minor fix 2014-10-31 20:22:15 +01:00
Miroslav Stampar
ab269f315f Fix for an Issue #886 2014-10-31 18:58:30 +01:00
Miroslav Stampar
c33e493e0d Fix for an Issue #885 2014-10-31 17:06:09 +01:00
Miroslav Stampar
38978c3e54 Fix for an Issue #884 2014-10-31 16:45:26 +01:00
Miroslav Stampar
0feb379b47 Fix for an Issue #887 2014-10-31 16:39:29 +01:00
Miroslav Stampar
5b0d74146e Fix for an Issue #883 2014-10-31 01:01:35 +01:00
Miroslav Stampar
8ea22c5124 Fix for an Issue #878 2014-10-28 15:34:53 +01:00
Miroslav Stampar
455ea9922c Minor update 2014-10-28 15:26:28 +01:00
Miroslav Stampar
258a700b2e More anonymization of unhandled exception messages 2014-10-28 15:14:41 +01:00
Miroslav Stampar
df73be32f1 Fix for an Issue #876 2014-10-28 14:41:21 +01:00
Miroslav Stampar
725c3a6a95 Minor update 2014-10-28 14:08:06 +01:00
Miroslav Stampar
3b3b8d4ef2 Potential bug fix (escaping formatted regular expressions) 2014-10-28 14:02:55 +01:00
Miroslav Stampar
268e774087 Minor refactoring 2014-10-28 13:44:55 +01:00
Miroslav Stampar
f89e94fb8c Minor refactoring 2014-10-28 13:42:13 +01:00
Miroslav Stampar
e08c8f272a Fix for an Issue #875 2014-10-28 13:10:07 +01:00
Miroslav Stampar
19aed90ae5 Implementation for an Issue #874 2014-10-27 00:37:46 +01:00
Miroslav Stampar
6448d3caf4 Implementing support for csrfcookie (Issue #2) 2014-10-24 09:37:51 +02:00
Miroslav Stampar
5e31229d48 Minor cosmetic update 2014-10-23 15:18:22 +02:00
Miroslav Stampar
abbd352392 Support for X-CSRF-TOKEN header (Issue #2) 2014-10-23 14:33:22 +02:00
Miroslav Stampar
95f2e61ca1 Minor fix related to the Issue #2 2014-10-23 14:23:01 +02:00
Miroslav Stampar
01f4b76817 Minor update for the Issue #2 2014-10-23 14:03:44 +02:00
Miroslav Stampar
7143e61619 Minor update 2014-10-23 14:00:53 +02:00
Miroslav Stampar
32bcca0aae Basic options check for Issue #2 2014-10-23 11:54:29 +02:00
Miroslav Stampar
7fc9e82d28 Minor style update 2014-10-23 11:44:38 +02:00
Miroslav Stampar
780dbd1c64 Update for an Issue #2 2014-10-23 11:42:30 +02:00
Miroslav Stampar
a52c8811e6 Minor style update 2014-10-23 11:25:44 +02:00
Miroslav Stampar
fc1b05bec9 Implementation for an Issue #2 2014-10-23 11:23:53 +02:00
Miroslav Stampar
8dcad46805 Update basic.py 2014-10-22 23:16:46 +02:00
Miroslav Stampar
73a3db67eb Fix for an Issue #862 2014-10-22 14:54:49 +02:00
Miroslav Stampar
60f2764c3d Minor style update 2014-10-22 13:53:18 +02:00
Miroslav Stampar
34aed7cde0 Bug fix (now it's possible to use multiple parsed requests without mixing associated headers) 2014-10-22 13:49:29 +02:00
Miroslav Stampar
2f18df345e Minor patch 2014-10-22 13:41:36 +02:00
Miroslav Stampar
268095495e Minor patch 2014-10-22 13:32:49 +02:00
Miroslav Stampar
e239fefe67 Minor patch for JSON requests 2014-10-22 10:38:49 +02:00
Miroslav Stampar
a2f578dbf4 Patch to also include JSON array elements into automatic recognition 2014-10-22 10:28:10 +02:00
Miroslav Stampar
3ebc5faa34 Falling back to partial UNION if large dump connects out 2014-10-21 09:23:34 +02:00
Miroslav Stampar
006d9d1859 Bug fix for a problem reported by a user via ML (--os-shell) 2014-10-13 12:00:34 +02:00
Miroslav Stampar
fb65caabd2 Unhidding switch --ignore-401 2014-10-13 09:19:25 +02:00
Miroslav Stampar
4e3a4eb0ff Added a prompt for choosing a number of threads when in crawling mode 2014-10-10 12:09:08 +02:00
Miroslav Stampar
2aadfc0fd3 Fix for an Issue #851 2014-10-10 10:38:17 +02:00
Miroslav Stampar
d4610890ca Minor patch (flushing log file output at the end of program run) 2014-10-10 10:07:17 +02:00
Miroslav Stampar
7811a958ae Another minor patch for Issue #846 2014-10-09 15:42:44 +02:00
Miroslav Stampar
f94ac8c69d Second patch related to the Issue #846 2014-10-09 15:21:26 +02:00
Miroslav Stampar
c823c58d47 One patch related to the Issue #846 2014-10-09 14:39:54 +02:00
Miroslav Stampar
70215a95a1 Patch for an Issue #847 2014-10-07 13:02:47 +02:00
Miroslav Stampar
c6a8feea8a Fix for an Issue #831 2014-10-07 12:00:11 +02:00
Miroslav Stampar
2ab4558859 Potential fix for an Issue #846 2014-10-07 11:49:53 +02:00
Miroslav Stampar
ddfec1c668 Initial patch for an Issue #846 2014-10-07 11:34:47 +02:00
Miroslav Stampar
2de12ef4a2 Potential fix for an Issue #843 2014-10-05 00:20:42 +02:00
Miroslav Stampar
fdef53aa67 Minor update of unhandled exception message 2014-10-01 14:23:45 +02:00
Miroslav Stampar
a2b059123a Minor update of format exception strings 2014-10-01 14:12:30 +02:00
Miroslav Stampar
e81168af0f Minor adjustment 2014-10-01 13:59:51 +02:00
Miroslav Stampar
f67a38dba9 Minor adjustment 2014-10-01 13:42:10 +02:00
Miroslav Stampar
a9454fbb43 Minor commit related to the last one (bypassing DBMS error trimming problem) 2014-10-01 13:35:20 +02:00
Miroslav Stampar
8c9014c39f Adding a dummy (auxiliary) XSS check 2014-10-01 13:31:48 +02:00
Miroslav Stampar
4d23744430 Bug fix (there was a problem using --tamper=varnish with --identify-waf because of same named modules) 2014-09-30 09:58:02 +02:00
Miroslav Stampar
ff42720c62 Minor fix 2014-09-29 14:07:59 +02:00
Miroslav Stampar
1e636fb925 Minor patch regarding Issue #840 2014-09-28 13:38:09 +02:00
Miroslav Stampar
767c278a0f Fix for an Issue #838 2014-09-26 17:00:50 +02:00
Miroslav Stampar
00fc842c6f Update agent.py 2014-09-20 10:20:57 +02:00
Miroslav Stampar
69701ba08c Minor refactoring 2014-09-17 18:29:01 +02:00
Miroslav Stampar
09064a4a24 Minor just in case patch 2014-09-17 18:25:24 +02:00
Miroslav Stampar
bbc6dd9ac8 Minor fix 2014-09-17 10:28:18 +02:00
Miroslav Stampar
6888d2fc34 Minor cosmetic update 2014-09-16 16:32:54 +02:00
Miroslav Stampar
0e8090381c Minor cosmetic update 2014-09-16 16:21:29 +02:00
Miroslav Stampar
c5294f2cbb Minor patch for an Issue #832 2014-09-16 16:18:13 +02:00
Miroslav Stampar
5b0732e9f9 Minor update for Issue #832 2014-09-16 15:17:50 +02:00
Miroslav Stampar
7278af01ee Implementation for an Issue #832 2014-09-16 14:12:43 +02:00
Miroslav Stampar
57eb19377e Minor code refactoring 2014-09-16 09:07:31 +02:00
Miroslav Stampar
45f5548113 Minor update regarding shell history file 2014-09-16 08:58:25 +02:00
Miroslav Stampar
637d3cbaf7 Fix for cases when parameter name is urlencoded 2014-09-12 13:29:30 +02:00
Miroslav Stampar
bfc8ab0e35 Language update 2014-09-08 14:48:31 +02:00
Miroslav Stampar
53d0d5bf8b Minor update (adding a warning message about potential dropping of requests because of protection mechanisms involved) 2014-09-08 14:33:13 +02:00
Miroslav Stampar
055b759145 Minor update 2014-09-03 23:13:57 +02:00
Miroslav Stampar
bbf0be1f8d Bug fix (Issue #813) 2014-09-03 22:09:12 +02:00
Miroslav Stampar
112a0cb1ae Patch for output directory (using unicode for international support) 2014-09-03 21:49:30 +02:00
Miroslav Stampar
7e40890f32 Patch for an Issue #815 2014-09-01 16:16:12 +02:00
Miroslav Stampar
25c6fca20e Minor fix 2014-09-01 15:48:00 +02:00
Miroslav Stampar
d5d01e91ad Warning message 2014-08-30 22:15:14 +02:00
Miroslav Stampar
20ff402103 Minor patch 2014-08-30 22:04:55 +02:00
Miroslav Stampar
dc2ee8bfa0 Minor update 2014-08-30 21:53:09 +02:00
Miroslav Stampar
177fc0376d Minor fix for HSQLDB 2014-08-30 21:37:38 +02:00
Miroslav Stampar
1a9a331422 Bug fix (proper extending of tests when dbms is known) 2014-08-30 21:34:23 +02:00
Miroslav Stampar
e501b2a80b Minor patch 2014-08-30 20:58:59 +02:00
Miroslav Stampar
03c8e7b7a2 Patch for an Issue #810 2014-08-30 17:13:02 +02:00
Miroslav Stampar
77cb35dcf6 Fix for an Issue #804 2014-08-28 14:26:55 +02:00
Miroslav Stampar
9476359255 Bug fix 2014-08-28 12:50:39 +02:00
Miroslav Stampar
834f8e18c8 Minor patch for an Issue #802 2014-08-28 00:45:57 +02:00
Miroslav Stampar
b77d8d617b Minor patch for an Issue #800 2014-08-28 00:31:49 +02:00
Miroslav Stampar
7595f2b73e Minor fix 2014-08-28 00:13:27 +02:00
Miroslav Stampar
fce671c899 Patch for an Issue #801 2014-08-28 00:00:16 +02:00
Miroslav Stampar
fd36250026 Proper fix for an Issue #757 2014-08-26 23:36:04 +02:00
Miroslav Stampar
2a268199d4 Patch for an Issue #798 2014-08-26 23:11:44 +02:00
Miroslav Stampar
e68326c0fe expandAsteriskForColumns changes value of conf.db and conf.tbl potentially causing problems in further work 2014-08-26 22:57:08 +02:00
Miroslav Stampar
decd092b2a Minor patch 2014-08-26 22:40:50 +02:00
Miroslav Stampar
2be0ebd883 Minor fix (e.g. Oracle identifier names can contain character $) 2014-08-26 22:40:15 +02:00
Miroslav Stampar
dcaad75a1e Fix for an Issue #794 2014-08-22 15:08:05 +02:00
Miroslav Stampar
d74b803306 Minor patch 2014-08-22 14:45:23 +02:00
Miroslav Stampar
e0a8b89069 Minor patch when trailing space is used with comma to split option items (e.g. '-C id, name') 2014-08-22 14:19:53 +02:00
Miroslav Stampar
e3a0f25db0 Patch for an Issue #795 2014-08-22 14:11:23 +02:00
Miroslav Stampar
2ce3ccac46 Patch for an Issue #797 (switching to greedy because of performance; it shouldn't be a problem because it was a single line replacement in the first place) 2014-08-22 13:06:53 +02:00
Miroslav Stampar
77513e1de9 Minor style update 2014-08-21 01:19:10 +02:00
Miroslav Stampar
c5b71cff10 Some filtering 2014-08-21 01:12:44 +02:00
Miroslav Stampar
3cfdb5ff0f Removing / from auto directories (it doesn't make sense to auto-test for uploading to /) 2014-08-21 00:43:37 +02:00
Miroslav Stampar
acb3b1d1fe Bug fix for common table/column existence check 2014-08-21 00:12:19 +02:00
Miroslav Stampar
074b57804e Minor style update 2014-08-21 00:03:46 +02:00
Miroslav Stampar
58d93ffb2b Fix for falling back to partial union (excluding scalar queries) 2014-08-20 23:53:15 +02:00
Miroslav Stampar
90882f081d Language update 2014-08-20 23:47:57 +02:00
Miroslav Stampar
0296081692 Minor refactoring 2014-08-20 23:42:40 +02:00
Miroslav Stampar
f51ea20bbd Minor style update 2014-08-20 22:50:00 +02:00
Miroslav Stampar
5d10bae31f Removing trailing blank lines 2014-08-20 21:07:19 +02:00
Miroslav Stampar
e0216771ed Minor update 2014-08-20 15:23:07 +02:00
Miroslav Stampar
c97782cfed Minor update of banner 2014-08-20 15:10:21 +02:00
Miroslav Stampar
07f881e711 Minor fix 2014-08-20 14:02:04 +02:00
Miroslav Stampar
b4fbb9cafe Minor upgrade 2014-08-20 13:52:48 +02:00
Miroslav Stampar
7828f61642 Minor style update 2014-08-20 13:35:41 +02:00
Miroslav Stampar
dfa426fbb5 Minor style update 2014-08-20 13:32:32 +02:00
Miroslav Stampar
6795b51c7e Another minor update 2014-08-20 01:59:30 +02:00
Miroslav Stampar
d08c1b7c04 Minor update 2014-08-20 01:45:42 +02:00
Miroslav Stampar
6caccc3d93 Bug fix for ultra-slow processing of binary data 2014-08-20 01:38:01 +02:00
Miroslav Stampar
ebc964267f Better reporting on filtered-chars cases 2014-08-20 01:11:26 +02:00
Miroslav Stampar
c12e51173a Minor style update 2014-08-20 00:28:33 +02:00
Miroslav Stampar
5a05271097 Minor fix 2014-08-19 22:34:07 +02:00
Miroslav Stampar
b0465a6a76 Adding a revision scheme for nongit checkouts 2014-08-19 22:32:16 +02:00
Miroslav Stampar
cd92de1702 Adding colorful banner 2014-08-19 22:19:22 +02:00
Miroslav Stampar
7d578d395f Minor update for Apache on Windows 2014-08-16 16:01:18 +02:00
Miroslav Stampar
a8b4b96cd9 Extending list for brute forcing doc root 2014-08-16 15:16:03 +02:00
Miroslav Stampar
0fb576724e Implementation for cases when there are multiple copies/variations of the same result(s) in response for partial UNION SQLi 2014-08-13 22:50:42 +02:00
Miroslav Stampar
0809a61fc3 Bug fix (whole page output as a result of partial union runs) 2014-08-13 15:18:11 +02:00
Miroslav Stampar
0a74ae736f Probable fix for an Issue #788 2014-08-13 14:01:57 +02:00
Miroslav Stampar
658110e644 Minor fix 2014-08-11 12:46:37 +02:00
hydhyd
e7ffe92d8c Update settings.py
Modified BRUTE_DOC_PREFIXES to include "/srv/www" used by default in OpenSUSE.
2014-08-06 12:59:18 +04:00
Miroslav Stampar
8599005115 Implementation for an Issue #771 2014-08-01 14:19:32 +02:00
Miroslav Stampar
208d51e0e9 Revert of last trigger happy commit 2014-08-01 13:57:43 +02:00
Miroslav Stampar
d300f99b0b Removing a redundant code (similar check is being done upper in code) 2014-08-01 13:57:07 +02:00
Miroslav Stampar
8bc6154f06 Removing a redundant code (similar check is being done upper in code) 2014-08-01 13:53:22 +02:00
Miroslav Stampar
b31e141012 Fix for an Issue #772 2014-07-29 14:37:48 +02:00
Miroslav Stampar
20d75cc52e Patch for an Issue #767 2014-07-29 13:32:26 +02:00
Miroslav Stampar
9fff88d6e4 Minor update 2014-07-19 23:23:55 +02:00
Miroslav Stampar
3cfa63646b Minor bug fix 2014-07-19 23:17:23 +02:00
Miroslav Stampar
0eb5fb1e5a Update for an Issue #757 2014-07-19 23:02:14 +02:00
Miroslav Stampar
cd1c100cc0 Another patch for an Issue #757 2014-07-14 21:10:45 +02:00
Miroslav Stampar
e66a81ab4e Fix for an Issue #757 2014-07-11 16:24:57 +02:00
Miroslav Stampar
32af0b17b0 Update for an Issue #760 2014-07-10 08:49:20 +02:00
Miroslav Stampar
33b6d189cd Bug fix for some cases (in cases of working where=ORIGINAL, workflow switched to where=NEGATIVE because of false assumptions that it would be better than ORIGINAL; this kind of behaviour caused reported problems) 2014-07-07 22:22:56 +02:00
Miroslav Stampar
79a66ef22c Minor patch 2014-07-06 09:09:44 +02:00
Miroslav Stampar
b5838ae7a4 Adding missing module (Issue #674 and Issue #747) 2014-07-03 00:29:20 +02:00
Miroslav Stampar
9d571c7800 Minor language update 2014-07-02 22:31:18 +02:00
Miroslav Stampar
e6d0d5a1c7 Implementation for an Issue #674 2014-07-02 22:27:51 +02:00
Miroslav Stampar
1eecabaea8 Patch for an Issue #746 2014-07-02 10:11:31 +02:00
Bernardo Damele
4e909a2a05 code cleanup 2014-07-01 00:58:49 +01:00
Bernardo Damele
018748f52e increase the timeout for the Metasploit session initialization to 5 minutes, better on slow speed connections 2014-07-01 00:34:09 +01:00
Conny Brunnkvist
f0e23c9441 Use the selected random User-Agent 2014-07-01 00:27:14 +07:00
Miroslav Stampar
c2f14e57e7 Patch for an Issue #740 2014-06-29 00:27:23 +02:00
Miroslav Stampar
686fe4d0e9 Another patch for DNS exfiltration and boolean checks 2014-06-27 14:22:00 +02:00
Miroslav Stampar
8e660e6911 Minor fix 2014-06-27 14:14:29 +02:00
Miroslav Stampar
2f8d17bcb7 Appendix to last commit 2014-06-27 13:45:40 +02:00
Miroslav Stampar
75279ea75a Fix for DNS exfiltration of boolean checks 2014-06-27 13:07:34 +02:00
Miroslav Stampar
5b5a765f96 Patch for an Issue #734 2014-06-23 12:24:08 +02:00
Miroslav Stampar
a47072eced Patch for an Issue #732 2014-06-22 00:09:08 +02:00
Miroslav Stampar
2a88436417 Patch for an Issue #724 2014-06-16 09:51:24 +02:00
Miroslav Stampar
f558b800ac Patch for an Issue #719 2014-06-12 09:08:55 +02:00
Miroslav Stampar
c50560c3a6 Patch for an Issue #716 2014-06-10 21:57:54 +02:00
Miroslav Stampar
5e9334ab79 Implementation for an Issue #715 2014-06-08 23:55:15 +02:00
Miroslav Stampar
54be398e83 Patch for an Issue #711 2014-06-04 16:35:07 +02:00
Miroslav Stampar
27ebc02535 Minor fix (user reported problem via email) 2014-05-29 09:33:14 +02:00
Miroslav Stampar
0f10cdfa4c Minor update 2014-05-29 09:24:09 +02:00
Miroslav Stampar
9e02816cbd Raising number of used md5 digits in hashdb key value because of birthday paradox (Python can handle it - automatically expanding to long if required; SQLite can handle it - it will use 6 bytes per INTEGERs instead of 4) 2014-05-29 09:21:48 +02:00
Miroslav Stampar
680ab10ca6 Patch for an Issue #703 2014-05-27 21:41:07 +02:00
Miroslav Stampar
2d5461d250 Minor fix (related to the unknown encoding reported by ML) 2014-05-22 09:03:14 +02:00
Miroslav Stampar
24954776a5 Patch for an Issue #697 2014-05-20 22:00:26 +02:00
Miroslav Stampar
babe49f086 Minor update (added new warning message) 2014-05-20 17:14:40 +02:00
Miroslav Stampar
c181e909b5 Minor fix 2014-05-16 23:47:00 +02:00
Miroslav Stampar
0f581ccb6c Minor fix 2014-05-13 15:36:28 +02:00
Miroslav Stampar
4e8b41b869 Patch for an Issue #688 2014-05-13 00:50:36 +02:00
Miroslav Stampar
3a2916724c Minor style update 2014-05-11 17:12:15 +02:00
Miroslav Stampar
a72d73804e Revert of 9255174890 (bug was introduced with it) 2014-05-10 01:31:44 +02:00
Miroslav Stampar
93bf8e2a13 Bug fix 2014-05-10 01:11:19 +02:00
Miroslav Stampar
8f0807d7f9 Another fix related to the last commit 2014-05-09 22:55:16 +02:00
Miroslav Stampar
5eae002084 Minor fix 2014-05-09 22:45:43 +02:00
Miroslav Stampar
9255174890 Minor fix 2014-05-09 22:39:56 +02:00
Miroslav Stampar
bc4369be06 Fix for an Issue #687 2014-05-07 09:16:17 +02:00
Miroslav Stampar
2a55f75f86 Using a more generic XML recognition regex 2014-04-30 21:25:45 +02:00
Miroslav Stampar
2e96e3c924 Adding a hidden switch --ignore-401 2014-04-29 23:26:45 +02:00
Miroslav Stampar
eb8e31c23f Adding a failsafe output directory 2014-04-27 22:40:41 +02:00
Miroslav Stampar
b54651b5a2 Minor patch (while saving configuration file) 2014-04-25 09:32:57 +02:00
Miroslav Stampar
ae8b1fe89c Implementation for an Issue #678 2014-04-25 09:17:10 +02:00
Miroslav Stampar
e0fb21c26a Patch for an Issue #673 2014-04-21 21:57:30 +02:00
Miroslav Stampar
f29769b7d0 Minor patch 2014-04-16 09:06:17 +02:00
Miroslav Stampar
ef5ce7e66c Fix for an Issue #670 2014-04-12 17:22:47 +02:00
Miroslav Stampar
fd884ec67b Adding another comment 2014-04-12 17:22:47 +02:00
Miroslav Stampar
b5cca742e4 Adding a comment 2014-04-12 17:22:47 +02:00
Miroslav Stampar
7f371c499d Commit related to the last one 2014-04-10 21:29:59 +02:00
Miroslav Stampar
096ce7881e Minor beauty patch 2014-04-10 21:18:24 +02:00
Miroslav Stampar
0d1690de61 Minor fix 2014-04-10 21:18:24 +02:00
Miroslav Stampar
1e8349eeaa Minor fix 2014-04-10 21:18:24 +02:00
Miroslav Stampar
2d3a74a0fe Patch for an Issue #667 2014-04-07 21:01:40 +02:00
Miroslav Stampar
cb0044b2c4 Minor beauty patch 2014-04-07 20:28:17 +02:00
Miroslav Stampar
fdad787681 Graceful abort in case of an invalid option in configuration file 2014-04-07 20:22:51 +02:00
Miroslav Stampar
e3ccf45503 Graceful abort in case of an invalid configuration file 2014-04-07 20:17:47 +02:00
Miroslav Stampar
bcf754fb17 Consistency patch (to be the same as in help listing) 2014-04-07 20:10:21 +02:00
Miroslav Stampar
b74de19213 Trivial style update 2014-04-07 20:06:03 +02:00
Miroslav Stampar
75f447ccf8 Renaming lib/core/purge to lib/utils/purge 2014-04-07 20:04:07 +02:00
Miroslav Stampar
9c7fbd1a90 Minor refactoring 2014-04-06 18:19:54 +02:00
Miroslav Stampar
4f4c50c4d5 Minor language update 2014-04-06 18:12:59 +02:00
Miroslav Stampar
bf18b025d6 Minor removal of redundant code 2014-04-06 18:09:54 +02:00
Miroslav Stampar
e931344617 More elegant implementation for --random-agent 2014-04-06 18:05:43 +02:00
Miroslav Stampar
9456dc68e7 Minor patch 2014-04-06 17:24:27 +02:00
Miroslav Stampar
1c92d8d51f More generic implementation for --proxy-file (accepting public lists format) 2014-04-06 17:23:13 +02:00
Miroslav Stampar
bbf08a825e Minor language fix 2014-04-06 17:12:43 +02:00
Miroslav Stampar
cf250a0381 Minor patch (it would go boom if special character was inside the --param-del) 2014-04-06 17:02:32 +02:00
Miroslav Stampar
053b0fd0e9 Renaming conf.oDir to conf.outputDir 2014-04-06 16:54:46 +02:00
Miroslav Stampar
7cc4159316 Renaming conf.cDel to conf.cookieDel 2014-04-06 16:50:58 +02:00
Miroslav Stampar
0ae8ac707e Renaming conf.pDel to conf.paramDel 2014-04-06 16:48:46 +02:00
Miroslav Stampar
95e7ca02f0 Minor bug fix (-d was not recognized as one of mandatory in case of config file) 2014-04-06 16:45:25 +02:00
Miroslav Stampar
1b3a98b8ef Trivial update (for consistency sake) 2014-04-06 13:42:15 +02:00
Miroslav Stampar
492a410bcc Minor fix 2014-04-04 16:14:53 +02:00
Miroslav Stampar
15f92c4197 Bug fix (port was not being used properly with Burp exported history) 2014-04-03 09:46:37 +02:00
Miroslav Stampar
1632bec10b Another fix related to the last commit 2014-04-03 09:05:12 +02:00
Miroslav Stampar
e7e8a3965a Minor fix 2014-04-03 09:00:14 +02:00
Miroslav Stampar
80d4426dbd Patch related to the Issue #661 2014-04-02 22:34:37 +02:00
Miroslav Stampar
d8bacc904e Minor language update 2014-04-01 16:38:50 +02:00
Miroslav Stampar
3e024ac8e6 Minor update (consistency patch) 2014-03-30 16:51:31 +02:00
Miroslav Stampar
76b9fad24a Fix for an Issue #656 2014-03-30 16:21:18 +02:00
Miroslav Stampar
b2cc8f00ef Bug fix (ORACLE_OLD on Windows - resulted in multiple entry per line output due to no locking used) 2014-03-28 00:41:22 +01:00
Miroslav Stampar
e8c1c90f2e Whitespace was being double encoded in case of spaceplus (' '->%2B) 2014-03-25 22:02:14 +01:00
Miroslav Stampar
3710a7051b Fix for an Issue #653 2014-03-25 21:26:22 +01:00
Miroslav Stampar
930c3e3c5a Minor update (added check for --limit and --risk) 2014-03-25 09:28:12 +01:00
Miroslav Stampar
f6e1d9e026 Fix for an Issue #650 2014-03-24 10:46:23 +01:00
Miroslav Stampar
106102bd3c Fix for an Issue #648 2014-03-21 20:28:29 +01:00
Bernardo Damele
9f838c3d5b typo fix 2014-03-21 11:37:34 +00:00
Bernardo Damele
8091a88d3e minor code cleanup and bug fix 2014-03-21 11:35:30 +00:00
Bernardo Damele
c211255773 replaced outfile with dumpfile so works even if the original statement outputs blob 2014-03-21 11:01:57 +00:00
Miroslav Stampar
39ab3b9149 Minor fix for meta refresh 2014-03-20 13:13:47 +01:00
Miroslav Stampar
d7f0da5599 Minor patch for an Issue #646 2014-03-20 13:08:28 +01:00
Miroslav Stampar
97fe5e52c2 Fix for an Issue #644 2014-03-18 16:41:05 +01:00
Miroslav Stampar
97f603af4a Fix for an Issue #641 2014-03-17 20:20:25 +01:00
Miroslav Stampar
0622cdf3d8 Bug fix (credentials used in combination with request file) 2014-03-15 09:29:21 +01:00
Miroslav Stampar
3b47418a1d Fix for an Issue #640 2014-03-14 22:20:20 +01:00
Miroslav Stampar
56d76e6bfd Updating list of extensions to exclude from crawling 2014-03-14 21:34:16 +01:00
Miroslav Stampar
be3fd8bb29 Fix for an Issue #638 2014-03-14 16:44:56 +01:00
Miroslav Stampar
17742df0fa Update for an Issue #636 (to prevent eventual future reports with lack of stack trace) 2014-03-11 21:18:31 +01:00
Miroslav Stampar
2f8846caec Fix for an Issue #636 2014-03-11 21:11:51 +01:00
Miroslav Stampar
d1a6a775f1 Patch for an Issue #636 2014-03-11 21:00:15 +01:00
Miroslav Stampar
f1f53a5841 Minor cosmetic update 2014-03-06 21:08:31 +01:00
Miroslav Stampar
490d51258e Raising number of minimum time responses (15 is statistically too low) 2014-03-03 20:49:58 +01:00
Miroslav Stampar
291a0d772a Update for an Issue #615 2014-02-27 14:23:14 +01:00
Miroslav Stampar
2ffdee5733 Bug fix for PAYLOAD.WHERE.REPLACE payloads containing custom injection marker ([ORIGVALUE] was screwed) 2014-02-26 11:41:48 +01:00
Miroslav Stampar
cc62a8adc9 Bug fix for JSON-like data (proper escaping of quotes) 2014-02-26 09:30:37 +01:00
Miroslav Stampar
6369a38ebc Adding support for JSON-like data with single quote 2014-02-26 08:56:17 +01:00
Miroslav Stampar
465f968be6 Minor cosmetic update 2014-02-26 08:41:23 +01:00
Miroslav Stampar
edc8ef9d5b Patch for an Issue #611 (original page used in case of tamper functions was wrong - e.g. if --tamper=base64encode was used) 2014-02-25 13:48:34 +01:00
Miroslav Stampar
2a423d61ef Raising number of requests for false positive testing in case of higher levels 2014-02-23 19:40:01 +01:00
Miroslav Stampar
d405fc1157 Minor update (for the consistency sake) 2014-02-16 22:04:12 +01:00
Miroslav Stampar
58eac364a2 Bug fix 2014-02-16 21:57:14 +01:00
Miroslav Stampar
dfa727cbc5 Fix for a same bug mentioned in last commit 2014-02-16 21:47:14 +01:00
Miroslav Stampar
43df4efd11 Bug fix (bad idea is to do os.path.join on web URLs - especially on Windows OS) 2014-02-16 21:44:57 +01:00
Miroslav Stampar
d05bfdd7dd Implementing option '--where' (Issue #605) 2014-02-11 16:20:45 +01:00
Bernardo Damele
be6767b3b0 minor fix for command execution via web shell 2014-02-10 09:59:57 +00:00
Miroslav Stampar
fe0ff6e679 Changing 'is injectable' to 'seems to be injectable' for boolean and time-based blind injection cases - for false positive cases 2014-02-09 17:50:16 +01:00
Miroslav Stampar
8521265526 Minor fix 2014-02-07 14:40:43 +01:00
Miroslav Stampar
534c2ee0e6 Minor update 2014-02-01 22:12:00 +01:00
Miroslav Stampar
0e44132778 Removing unused imports 2014-02-01 21:49:12 +01:00
Miroslav Stampar
f97fcb7bb3 Adding a switch --invalid-string 2014-01-23 21:56:06 +01:00
Miroslav Stampar
f88f6dcd7e Changing --invalid-bignum from float producing to int producing 2014-01-23 09:07:25 +01:00
Miroslav Stampar
fc02badf40 Minor update 2014-01-23 08:33:21 +01:00
Bernardo Damele
bc29bf6481 removed comments 2014-01-13 23:57:49 +00:00
Bernardo Damele
1505f1dc74 removed useless sink 2014-01-13 23:55:32 +00:00
Bernardo Damele
124ebefc7f code cleanup 2014-01-13 23:48:15 +00:00
Bernardo Damele
3c79d66569 fixed stderr 2014-01-13 17:34:38 +00:00
Bernardo Damele
43a4e85749 updated copyright 2014-01-13 17:24:49 +00:00
Bernardo Damele
dfa9076a70 fixed and improved web shell upload in MySQL (it was actually broken since fc57b7565d) 2014-01-13 17:12:37 +00:00
Miroslav Stampar
6863436d4e Implementation for an Issue #596 2014-01-13 10:05:56 +01:00
Bernardo Damele
d9e00adfae minor fix 2014-01-10 17:23:16 +00:00
Miroslav Stampar
36f3ab5798 Minor bug fix (for cases when race between thread and main thread is causing server._running to not be set to True) 2014-01-09 15:46:55 +01:00
Miroslav Stampar
cb1f17cb04 Proper patch for an Issue #591 2014-01-02 12:15:56 +01:00
Miroslav Stampar
5437f8bf36 Fix for an Issue #85 2014-01-02 12:09:58 +01:00
Miroslav Stampar
4de83daf03 Minor style update 2014-01-02 11:06:19 +01:00
Miroslav Stampar
e0143e397a Consistency fix (down below we use direct SQL) 2014-01-02 10:59:53 +01:00
Miroslav Stampar
0b4fcb6845 Fix for an Issue #591 2014-01-02 10:55:40 +01:00
Miroslav Stampar
854a55166c Fix for an Issue #588 2014-01-02 10:29:10 +01:00
Miroslav Stampar
9b4b070ecf Minor cosmetics 2014-01-02 10:05:58 +01:00
Miroslav Stampar
192a911b76 Patch for an Issue #28 2013-12-29 16:16:50 +01:00
Miroslav Stampar
41d6c1af82 Patch for an Issue #589 2013-12-28 13:47:40 +01:00
Miroslav Stampar
6c80f2903b Patch for an Issue #564 2013-12-27 11:02:59 +01:00
Miroslav Stampar
cadbddd607 Adding a boundary proposed in Issue #564 2013-12-27 10:46:18 +01:00
Miroslav Stampar
7718edac9b Fix for an Issue #570 2013-12-27 09:40:33 +01:00
Miroslav Stampar
02de2aee6d Patch for an Issue #582 2013-12-26 22:27:04 +01:00
Miroslav Stampar
ab64d385d6 Bug fix (stacked queries as in PgSQL and MsSQL DNS tunneling queries MUST end with the comment - not the recognized underlying technique's suffix) 2013-12-25 22:18:57 +01:00
Miroslav Stampar
2c2667b2be Minor patch for an Issue #575 2013-12-18 00:56:24 +01:00
Miroslav Stampar
fd6dcd8bf5 Merge pull request #583 from mattoufoutu/api
RESTful API improvements
2013-12-17 14:10:19 -08:00
Miroslav Stampar
f18abb1e9c Minor update (proxy can be also a https one (e.g. Burp for HTTPS targets) 2013-12-17 09:30:51 +01:00
Miroslav Stampar
7d8eb148ce Patch for an Issue #565 (DuckDuckGo doesn't like identity encoding) 2013-12-17 09:30:04 +01:00
Miroslav Stampar
4819e19200 Patch for an Issue #584 2013-12-16 22:00:47 +01:00
Mathieu Deous
4c9456dd72 moar logging! 2013-12-15 16:59:47 +01:00
Mathieu Deous
438ad73016 avoid names shadowing 2013-12-15 09:22:01 +01:00
Mathieu Deous
eda9a3da67 all instance attributes should be defined in constructor 2013-12-15 09:16:38 +01:00
Mathieu Deous
3effaee2a1 avoid using global variables, use a "store" class 2013-12-15 00:19:58 +01:00
Mathieu Deous
c70f2a4e6d unused imports 2013-12-15 00:00:08 +01:00
Mathieu Deous
aa02019638 return file content in a json message when calling download endpoint 2013-12-14 16:33:17 +01:00
Mathieu Deous
c87ad1bab5 make returned values more coherent 2013-12-14 16:22:30 +01:00
Mathieu Deous
72137e85f9 do not reset options when firing a scan 2013-12-14 15:59:47 +01:00
Mathieu Deous
af7ad31182 fix commit method usage (belongs to connection, not cursor) 2013-12-14 15:58:09 +01:00
Mathieu Deous
c5a3f54b89 remove unused imports 2013-12-14 15:47:26 +01:00
Mathieu Deous
8a946509b9 PEP8 2013-12-14 15:44:10 +01:00
Miroslav Stampar
5b2ded0b18 Fix for an Issue #577 2013-12-13 21:00:26 +01:00
Miroslav Stampar
437278e32d Fix for an Issue #580 2013-12-13 19:48:05 +01:00
Mathieu Deous
c3dd6e1e32 api's get_option function doesn't lookup the right object 2013-12-08 17:46:02 +01:00
Miroslav Stampar
b0ca34ff27 Bug fix (payload character '=' was not being url-encoded in custom (user) post cases - when posthint was None) 2013-12-04 10:09:54 +01:00
Miroslav Stampar
bf3fbb0ae0 Ignore Google analytics cookies 2013-12-04 09:56:37 +01:00
Miroslav Stampar
dd2ddec79a Minor fix (better extraction of original value in case of replacement and custom POST injection mark) 2013-12-03 13:37:04 +01:00
Miroslav Stampar
59d667d94c Minor update 2013-12-01 22:25:12 +01:00
Miroslav Stampar
7054586e8a Update for an Issue #565 (more work TBD - DuckDuckGo has some kind of IP blocking mechanism) 2013-11-25 20:57:07 +01:00
Miroslav Stampar
cda27ec20b Patch for an Issue #563 2013-11-24 15:01:51 +01:00
Bernardo Damele
59b6791faa minor improvement 2013-11-19 00:24:47 +00:00
Bernardo Damele
c37ad88283 minor bug fix 2013-11-13 14:34:19 +00:00
Miroslav Stampar
3c67ba08c5 Minor fix 2013-11-12 14:53:05 +01:00
Miroslav Stampar
354aaeae5b Removing unused imports 2013-11-12 14:11:07 +01:00
Miroslav Stampar
d84ddf23bd Replacing os.sep constructs with os.path.join 2013-11-12 14:08:41 +01:00
Miroslav Stampar
2f1607b4d5 Minor fix for dumping non-alphanumeric database names 2013-11-12 13:13:47 +01:00
Miroslav Stampar
0a4512e9ae Implementation for an Issue #557 2013-11-08 09:23:38 +01:00
Miroslav Stampar
48bd2e75e9 Minor patch 2013-10-28 13:59:38 +01:00
Miroslav Stampar
7ed05f01b3 Minor update 2013-10-27 00:24:57 +02:00
Miroslav Stampar
fabbe63f00 Proper fix for re.sub() call with repl value containing backslash 2013-10-23 18:07:38 +02:00
Miroslav Stampar
28529a92a7 Minor fix (for parameters with \ in value) 2013-10-23 10:49:50 +02:00
Miroslav Stampar
9f21406a4b Using cPickle in BigArray (faster and potentially less memory used) 2013-10-21 20:48:00 +02:00
Miroslav Stampar
8dac47f7e5 Minor patch (for recognition of x-mac-turkish codec) 2013-10-21 20:04:48 +02:00
Miroslav Stampar
e197720def Fix for an Issue #546 2013-10-19 20:54:52 +02:00
Miroslav Stampar
777d999e71 Minor update 2013-10-18 15:39:46 +02:00
Miroslav Stampar
6ff2b931ff Another patch for an Issue #545 2013-10-17 23:42:51 +02:00
Miroslav Stampar
334c698d53 Adding change verbosity level in testing phase when Ctrl+C pressed 2013-10-17 16:54:53 +02:00
Miroslav Stampar
304c9822bd Patch for an Issue #545 2013-10-17 16:38:07 +02:00
Miroslav Stampar
5b8d631dc0 Minor update 2013-10-16 11:48:00 +02:00
Miroslav Stampar
04dbee3bec Update for a more generic JSON recognition regex 2013-10-16 11:39:04 +02:00
Moshe Kaplan
8cd641a2a6 minor typos corrected
"choosen" -> "chosen"
2013-10-15 13:26:24 -04:00
Miroslav Stampar
d7906e8f18 Minor fix 2013-10-15 09:49:27 +02:00
Miroslav Stampar
344d3f4b5f Minor patch 2013-10-12 21:05:18 +02:00
Miroslav Stampar
b8d49c2ea2 Minor usability patch 2013-10-12 20:41:25 +02:00
Miroslav Stampar
98d27ef200 Bug fix (missing permissions when creating dump directory) 2013-10-11 21:17:12 +02:00
Ben Buchacher
54a6c01005 Fix - Custom objects cannot be serialized in JSON
Custom objects cannot be serialized in JSON, convert tasks into list before serializing.
2013-10-10 16:06:29 -07:00
Miroslav Stampar
2dc570d7a8 Minor patch (for ORDER BY 'col' cases) 2013-10-10 23:08:20 +02:00
Miroslav Stampar
dd87233fe4 Minor patch (to accept * inside urls in request files too) 2013-10-10 15:04:48 +02:00
Miroslav Stampar
369006ca73 Bug fix 2013-10-07 12:54:25 +02:00
Miroslav Stampar
18d9e1dbc3 Minor update due to reported (debug) problems with SSLv23 2013-10-04 10:53:49 +02:00
Miroslav Stampar
a944028114 Revert of last commit 2013-10-02 22:14:50 +02:00
Miroslav Stampar
9ceb518a50 Minor patch 2013-10-02 22:03:53 +02:00
Miroslav Stampar
8e2f4669d8 Removing dependency for bz2 as there are some reported problems with the library on non-standard platforms 2013-10-02 20:32:18 +02:00
Miroslav Stampar
45c88b36c6 Fix for an Issue #532 2013-09-30 09:33:39 +02:00
Miroslav Stampar
2fbd7e8929 Minor fix 2013-09-24 21:56:40 +02:00
Miroslav Stampar
df9b1d72de Minor update 2013-09-24 21:44:59 +02:00
Miroslav Stampar
f11e15a180 Minor update 2013-09-11 23:22:10 +02:00
Miroslav Stampar
a3defc175d Fix (we are not using certificate but PEM private key file in this particular authentication; also, auxiliary cert_file is holding certificate chain that is ignored by python itself) 2013-09-11 23:17:18 +02:00
Miroslav Stampar
176f744ac6 Minor cosmetic update 2013-09-11 15:05:37 +02:00
Miroslav Stampar
696fb6530e Cosmetic fix (Kali shows ugly 'python ./sqlmap.py' in usage) 2013-09-11 14:57:38 +02:00
Miroslav Stampar
4cf49bc0cc Minor fix for an Issue #517 2013-09-05 09:22:11 +02:00
Miroslav Stampar
b17bb07301 Minor regex update 2013-09-04 19:28:59 +02:00
Miroslav Stampar
bf57f636a3 Fix for an Issue #517 2013-09-04 19:22:24 +02:00
Miroslav Stampar
81409ce6da Minor patch 2013-09-02 10:54:32 +02:00
Miroslav Stampar
dd39913cf6 Improvement for an --eval mechanism 2013-08-31 00:28:51 +02:00
Miroslav Stampar
3a57af1452 Minor fix 2013-08-30 15:26:03 +02:00
Miroslav Stampar
9e975210ac Implementation for an Issue #515 2013-08-30 10:22:43 +02:00
Miroslav Stampar
e0bfb0503c Minor language update 2013-08-30 09:55:57 +02:00
Miroslav Stampar
28eca2116f Fix for an Issue #513 2013-08-27 13:55:38 +02:00
Miroslav Stampar
7cb3ea20dd Minor patch for a problem noticed yesterday too (in some cases if Ctrl-C is pressed sent is most probably a None value) 2013-08-23 11:59:58 +02:00
Miroslav Stampar
88b992ad83 Fixing a bug noticed during the yesterday's AppSecEU presentation (--headers='user-agent:foobar*' was not working properly) 2013-08-23 11:54:08 +02:00
Miroslav Stampar
0cf2bdeb1c Minor language update 2013-08-22 11:11:30 +02:00
Miroslav Stampar
bc19f40d09 Minor update 2013-08-22 10:44:21 +02:00
Miroslav Stampar
23f2c5f166 Finishing implementation for an Issue #58 2013-08-20 19:35:49 +02:00
Miroslav Stampar
c586559e30 Patch for an Issue #510 2013-08-20 18:54:32 +02:00
Miroslav Stampar
6cc0cf3702 Minor comment update 2013-08-20 18:36:31 +02:00
Miroslav Stampar
1f2c8fbf59 Fix for an Issue #500 2013-08-13 20:40:36 +02:00
Miroslav Stampar
38ee95e2c9 Minor language update 2013-08-13 18:58:24 +02:00
Miroslav Stampar
52a71546d0 Implementation for an Issue #507 2013-08-13 18:55:23 +02:00
Miroslav Stampar
4929cff0c0 Minor update 2013-08-13 06:42:49 +02:00
bladeswords
6d756317c3 Remove debugging which prevents sqlmap from running smoothly 2013-08-13 13:58:45 +10:00
Miroslav Stampar
b2855e0281 Minor patch 2013-08-12 14:25:51 +02:00
Miroslav Stampar
a711c9ed36 Minor cleanup and initial work for #58 2013-08-09 14:13:48 +02:00
Miroslav Stampar
4beef0900d Minor language fix (we support SOCKS proxy settings too) 2013-08-09 13:58:42 +02:00
Miroslav Stampar
1088011bf0 Adding new binary file formats for excluding in crawling 2013-08-02 23:07:13 +02:00
Miroslav Stampar
32c1cb20f5 Fix for an Issue #497 2013-08-01 19:48:20 +02:00
Miroslav Stampar
953b5815d8 Implementation for an Issue #496 2013-07-31 21:15:03 +02:00
Miroslav Stampar
6b826ef64d Reintroducing option --cookie-del 2013-07-31 20:41:19 +02:00
Miroslav Stampar
ca44b23d20 Implementation for --eval to support cookies 2013-07-31 17:29:16 +02:00
Miroslav Stampar
eaacbe0b12 Minor language fix 2013-07-31 09:24:34 +02:00
Miroslav Stampar
941b2387c0 Minor fix 2013-07-31 09:22:45 +02:00
Miroslav Stampar
4f58e0af0c Minor fix 2013-07-31 08:45:04 +02:00
Miroslav Stampar
a585aa4bff Adding support for ~ 2013-07-29 20:42:29 +02:00
Miroslav Stampar
de31688c4f Update for an Issue #481 2013-07-29 18:25:27 +02:00
Miroslav Stampar
b921ff0729 Fix for an Issue #495 2013-07-27 11:20:43 +02:00
stamparm
dbb0d7f700 Important fix (Issue #489) - we had a bad presumption than only public schema could be used for enumeration (while all schemas inside a current db could be used) 2013-07-19 13:24:35 +02:00
stamparm
28cd50b2f1 Patch for an Issue #490 2013-07-16 14:08:32 +02:00
stamparm
e6f71c2130 Making 10% less requests in futile higher level/risk runs (using static template payloads for where==NEGATIVE) 2013-07-15 16:24:49 +02:00
stamparm
c9d3974205 Minor fix (templatePayload had duplicate string patterns for where==NEGATIVE) 2013-07-15 13:54:02 +02:00
stamparm
ac2d40e259 Revert of last commit (there is a chance that that big integer value is really valid :) 2013-07-15 13:34:38 +02:00
stamparm
a097ee1505 Switching --invalid-bignum to a pure integer constant (more generic - more statements require pure integer constant) 2013-07-15 13:31:56 +02:00
Miroslav Stampar
f54082111d Better way how to deal with required extensions 2013-07-13 19:25:49 +02:00
Miroslav Stampar
3f6d4083a7 Minor language update 2013-07-13 17:19:16 +02:00
Miroslav Stampar
31efabfca1 Appropriate error messaging when one of core libraries are missing due to erroneous Python build 2013-07-13 16:07:36 +02:00
Miroslav Stampar
4d9f8ad0dd Commit related to the last one 2013-07-13 12:00:03 +02:00
stamparm
dc1623a40f Fix for a bug reported over ML (error: unbalanced parenthesis) 2013-07-11 10:20:58 +02:00
stamparm
01159575b2 Fix for an Issue #488 2013-07-11 10:11:43 +02:00
stamparm
1ae68b9bb3 Update for an Issue #405 (fix for usage of old 'complete' data from previous runs) 2013-07-10 17:18:09 +02:00
stamparm
f6c7b398fd Update for an Issue #405 (fix for persistent options problem) 2013-07-10 16:57:44 +02:00
stamparm
aad102378a Fix for an Issue #487 2013-07-09 11:00:43 +02:00
stamparm
be5ce760b6 Fix for an Issue #485 (failing back to single-thread mode if over some bisection length) 2013-07-09 10:24:48 +02:00
stamparm
d7c0805e7c Removing leftover 2013-07-08 12:45:02 +02:00
stamparm
a548eb5c70 Minor text update 2013-07-08 12:44:14 +02:00
stamparm
d0e79a4d15 Minor text update 2013-07-08 12:38:36 +02:00
stamparm
a530817727 Minor typo fix 2013-07-08 11:52:46 +02:00
stamparm
8d3435ab0b Removing reflective warning for parsing heuristic test 2013-07-08 11:48:33 +02:00
stamparm
db536427f0 Adding a question for storing hashes to a temporary file (after a mention of it on Twitter) 2013-07-04 15:34:00 +02:00
stamparm
f97b35dcc1 Patch for an Issue #475 2013-07-01 13:43:38 +02:00
stamparm
017ce22a2f Minor consistency patch (Issue #475) 2013-07-01 13:01:53 +02:00
stamparm
5ff09aff63 Some more adjustments (Issue #475) 2013-07-01 12:50:12 +02:00
stamparm
04046f38eb Minor update (Issue #475) 2013-07-01 12:26:57 +02:00
stamparm
f7d15cb465 Official naming is HSQLDB (and/or HyperSQL) 2013-07-01 11:57:47 +02:00
Miroslav Stampar
aeb83ba651 Merge pull request #475 from Meatballs1/hsql_clean
HSQL Payloads and Query Support
2013-07-01 02:38:04 -07:00
Miroslav Stampar
a1842f44f5 Fix for an Issue #477 2013-06-29 20:55:48 +02:00
stamparm
fd5b665f7d Removing arithmetic operations from false positive checking to minimize affect of character filtering ('>' and '=' have to stay because those are minimal requirements) 2013-06-26 10:55:34 +02:00
Meatballs
4595b2c287 decodeHexValue 2013-06-24 23:45:39 +01:00
Meatballs
09e1dc814d Fix concat 2013-06-24 23:20:34 +01:00
Meatballs
ed40a76c9d Fix dummy table 2013-06-24 23:18:47 +01:00
Meatballs
9212b05eeb Add call to execute statements 2013-06-24 15:01:44 +01:00
Meatballs
62000c6406 Remaining files 2013-06-24 14:42:58 +01:00
Meatballs
7b6cc3d183 Add hsql settings 2013-06-24 14:38:44 +01:00
Meatballs
20a5d9a16e Include HSQL dummy table 2013-06-24 14:37:42 +01:00
Miroslav Stampar
0355e29b7c Minor fix (NoneType has no attribute split) 2013-06-24 14:49:53 +02:00
Miroslav Stampar
95ed6b7203 Minor patch (Issue #470) 2013-06-24 14:37:45 +02:00
Miroslav Stampar
fca6772df6 Implementation for an Issue #468 2013-06-22 00:13:46 +02:00
Bernardo Damele
a72096a345 slightly more appropriate definition of output variable 2013-06-19 20:25:01 +01:00
Bernardo Damele
cae108d9fc careful at merging pull requests with TABs (#466) 2013-06-19 19:49:53 +01:00
stamparm
a53823f9b7 Minor refactoring 2013-06-19 10:59:26 +02:00
stamparm
690645f6c7 Cosmetic fix 2013-06-19 10:50:00 +02:00
stamparm
a7787e83b8 Minor fix for case-insensitive union duplicates 2013-06-18 12:52:36 +02:00
Miroslav Stampar
aff7092736 Merge pull request #466 from Meatballs1/xp_cmdshell_output
Unable to retrieve XP_Cmdshell Output
2013-06-18 00:47:08 -07:00
stamparm
9a6f5a95f5 Minor patch for SQLAlchemy/MSSQL 2013-06-18 09:36:09 +02:00
Meatballs
c5087399c1 Fix exception if init technique not available 2013-06-16 10:47:27 +01:00
Meatballs
2c98507f1e Add better error msg 2013-06-16 10:27:08 +01:00
Meatballs
caa326774c Fallback to blind 2013-06-16 10:22:20 +01:00
Miroslav Stampar
63d0e9bb12 Adding support for MsSQL >=2012 hash format (based on commit 70107f74f0be5357654f170a3f321e3e55e81881) 2013-06-13 21:50:35 +02:00
Miroslav Stampar
f185e5cdd5 Fix for an Issue #463 2013-06-10 22:26:34 +02:00
Miroslav Stampar
cdb434805a Using alpha character as a boundary in union/error techniques (instead of ':') to support wider range of (output filtering) cases 2013-06-10 22:14:45 +02:00
Miroslav Stampar
6f49b96a2d Fix for an Issue #462 2013-06-10 12:20:58 +02:00
Miroslav Stampar
3583f45ee7 Fix for an Issue #461 2013-06-10 11:44:56 +02:00
Miroslav Stampar
39612b5d87 Fix for an Issue #457 2013-06-04 23:46:39 +02:00
Miroslav Stampar
c1592e8508 Code refactoring (moving import ctypes to be used only when needed) 2013-06-04 22:23:44 +02:00
Miroslav Stampar
3e0f747fad Minor fix 2013-06-04 00:05:25 +02:00
Miroslav Stampar
213d0ecfb9 Minor fix 2013-06-03 23:32:57 +02:00
Miroslav Stampar
edc9da1226 Minor refactoring 2013-06-03 15:14:56 +02:00
Miroslav Stampar
351c70b390 Locale module screws string.letters, etc. in some cases (e.g. IDLE run) 2013-06-01 14:06:58 +02:00
Miroslav Stampar
b7989f93c5 Trivial update regarding last commit 2013-05-30 12:04:56 +02:00
Miroslav Stampar
ed8f16e754 Minor update on user's request 2013-05-30 12:01:13 +02:00
Miroslav Stampar
12870e6ff3 Minor fix 2013-05-30 11:42:27 +02:00
Miroslav Stampar
793a8ad349 Minor fix 2013-05-30 11:38:24 +02:00
stamparm
f4ca4cd6c5 Minor update 2013-05-29 15:49:09 +02:00
stamparm
c3038fcb65 Minor cosmetic update 2013-05-29 15:46:59 +02:00
stamparm
8fbf4b11d2 Trivial update regarding last commit 2013-05-29 15:45:13 +02:00
stamparm
dfd6ee20bb Patch for an Issue #454 2013-05-29 15:26:11 +02:00
stamparm
60df3e9d1e Minor cosmetic update (displaying 'Technique: DIRECT' instead of 'Technique: None' in case of direct access) 2013-05-29 15:04:14 +02:00
stamparm
e28b056028 Dummy fix 2013-05-29 14:26:00 +02:00
stamparm
6b280d8da4 Putting 2 decimal places for debug messages with performed queries (e.g. to handle a problem with 0 seconds roundup) 2013-05-28 14:40:45 +02:00
stamparm
bc4e1dab19 Getting rid of those ugly warning messages 2013-05-28 11:24:56 +02:00
stamparm
659c0bb418 Minor fix 2013-05-27 10:38:47 +02:00
Miroslav Stampar
f3f752d85c Patch for an Issue #452 2013-05-25 18:52:59 +02:00
Miroslav Stampar
a85a0e53de Fix for an Issue 'ValueError: Invalid IPv6 URL' 2013-05-25 18:00:21 +02:00
Miroslav Stampar
e18796dbe1 Minor style update 2013-05-25 18:00:20 +02:00
Miroslav Stampar
e7ddc2fcab Minor fix 2013-05-23 12:57:33 +04:00
Miroslav Stampar
eb8e12b7c2 Minor adjustment (for headers like 'name:http://asdas') 2013-05-23 11:29:43 +04:00
stamparm
1b3f1a4016 More appropriate naming (also, preventing ambiguities with --smart) 2013-05-22 23:21:43 +04:00
stamparm
4b2cf07262 Minor style update 2013-05-20 16:15:35 +02:00
Miroslav Stampar
1a4ea186ca Consistency fix 2013-05-19 23:00:40 +02:00
Miroslav Stampar
d3ad408a21 Minor cosmetics 2013-05-19 22:17:53 +02:00
Miroslav Stampar
4f49dad2ba Minor cosmetics 2013-05-19 01:19:54 +02:00
Miroslav Stampar
6cfcc1af63 Minor cosmetic 2013-05-19 01:17:22 +02:00
Miroslav Stampar
ea5c742595 Update (lagging checking is now always done once when time based compare is done; not only in case if statistical model is being filled) 2013-05-18 21:30:21 +02:00
Miroslav Stampar
980a0e3adb Trivial update 2013-05-18 21:00:53 +02:00
Miroslav Stampar
1ff98c2ff9 Another minor text update 2013-05-18 21:00:11 +02:00
Miroslav Stampar
967513e1bb Minor message update 2013-05-18 20:59:23 +02:00
Miroslav Stampar
caa4ee96cd Minor cosmetic update 2013-05-18 18:28:44 +02:00
Miroslav Stampar
6608410320 Adding a question after WAF has been identified 2013-05-18 18:26:40 +02:00
Miroslav Stampar
b2b3b3b5a6 Minor bug fix (level names not properly used in non-logger output) 2013-05-18 16:44:21 +02:00
Miroslav Stampar
f24c8c6b6b Changing logging type to warning for parsed error messages 2013-05-18 16:17:56 +02:00
Miroslav Stampar
dcea745576 Minor update (not displaying safe enclosings in table dumps) 2013-05-18 16:13:34 +02:00
Miroslav Stampar
e528ea8208 Minor language fix 2013-05-18 16:02:34 +02:00
stamparm
03732d2592 Minor fix 2013-05-17 16:04:05 +02:00
stamparm
b26ecfe087 Patch for an Issue #449 2013-05-17 15:14:51 +02:00
stamparm
76b4e1ccb9 Implementation for an Issue #450 2013-05-17 15:04:25 +02:00
stamparm
7ba9e75c97 Minor update related to the last commit 2013-05-16 15:23:20 +02:00
stamparm
7ea8dd9428 MySQL is specific (types are automatically being converted without any warning/error) 2013-05-16 15:12:36 +02:00
stamparm
f1f34a65a2 Minor update 2013-05-15 13:38:26 +02:00
stamparm
41f0e91662 Minor update (related to last commit) 2013-05-13 14:50:03 +02:00
stamparm
cb9ea67c8d Code refactoring (moving progress.py to lib/utils) 2013-05-13 14:48:39 +02:00
stamparm
936815128d Minor fix 2013-05-13 13:42:43 +02:00
Miroslav Stampar
034e123b0c Minor fix (to accept -p cookie without need for raising --level / as it's already done for referer and user_agent) 2013-05-12 16:24:13 +02:00
Miroslav Stampar
6676eaf88f Minor fix 2013-05-12 14:02:50 +02:00
Miroslav Stampar
f8cef1fc6f Minor fix for a test case 211 2013-05-09 21:20:17 +02:00
stamparm
8b64709c17 Completing implementation for an Issue #189 (union) 2013-05-09 16:36:03 +02:00
stamparm
3873805dab Partial implementation for an Issue #189 (error-based; still partial union left) 2013-05-09 16:23:57 +02:00
stamparm
9fe5a8832f Update for an Issue #189 (code refactoring of ProgressBar so it could be ready for usage in non-inference cases out of box) 2013-05-09 15:52:18 +02:00
stamparm
fc57b7565d Implementation for an Issue #432 2013-05-09 14:26:29 +02:00
stamparm
03be419d5d Fix for an Issue #447 2013-05-07 13:25:30 +02:00
stamparm
2bfdac5ebc Minor update for crawler 2013-04-30 18:32:46 +02:00
stamparm
887109a12d Minor bug fix (for not displaying heuristic detected page charset None) 2013-04-30 18:16:32 +02:00
stamparm
ebe8ee3500 Fix for crawler and redirection case 2013-04-30 18:08:26 +02:00
stamparm
09e7f4f697 Minor bug fix regarding traffic logging of redirected requests 2013-04-30 17:46:26 +02:00
stamparm
3c110b3620 Minor bug fix 2013-04-30 16:40:16 +02:00
stamparm
bdb9219e9b Minor revert 2013-04-30 14:41:38 +02:00
stamparm
d2a5548889 Some more reordering 2013-04-30 14:32:11 +02:00
stamparm
16866119b8 Another minor update 2013-04-30 14:11:56 +02:00
stamparm
08fbfda5d2 Minor update 2013-04-30 14:06:04 +02:00
stamparm
69e3a2cb9e Minor update 2013-04-30 14:06:04 +02:00
stamparm
03c4eb8338 Minor update 2013-04-30 14:06:04 +02:00
stamparm
214d9aaf4b Language fix 2013-04-30 14:06:04 +02:00
stamparm
3266c6c1f1 Language fix 2013-04-30 14:06:04 +02:00
Bernardo Damele
9f1e644f23 language fixes 2013-04-30 11:44:47 +01:00
stamparm
46557198a5 Minor update of doc root names 2013-04-29 11:29:59 +02:00
stamparm
1035ee9c3d Patch for an Issue #442 2013-04-26 14:49:24 +02:00
Miroslav Stampar
beab72a180 Minor language update 2013-04-25 19:55:45 +02:00
stamparm
63d7707346 Adding support for appending to the existing table dump if --start/--stop is used 2013-04-24 16:08:40 +02:00
stamparm
e3a02f56e6 Just in case for --force-ssl (if url is returned in e.g. refresh toward the target) 2013-04-24 12:35:39 +02:00
stamparm
42a73d8e0b Minor language update 2013-04-24 12:10:06 +02:00
stamparm
8d382f00e8 Minor style update 2013-04-22 11:38:47 +02:00
Miroslav Stampar
a475116853 Minor check 2013-04-21 21:42:23 +02:00
stamparm
0d92145fc6 Minor bug fix 2013-04-19 15:40:25 +02:00
stamparm
0cb3ce5765 Bug fix (maybe it will have repercusions in future as this was a silent bug) 2013-04-19 10:10:06 +02:00
stamparm
b7d4afcc63 Moving '--pivot-column' to a General section (Issue #437) 2013-04-18 17:12:32 +02:00
stamparm
9d045e14e8 Implementation for an Issue #437 2013-04-18 17:06:45 +02:00
stamparm
2defc30dc6 From now on --dbms-cred can be used also in combination with -d (more flexibility as spotted that one user used in that way on ML) 2013-04-17 11:12:15 +02:00
stamparm
feed2274c3 Patch for an Issue #435 2013-04-17 10:48:17 +02:00
stamparm
c73489aff3 Adding a couple of new option validation checks 2013-04-16 14:31:10 +02:00
stamparm
7204ec5616 Adding a basic validation check (-d with --url) 2013-04-16 14:23:27 +02:00
stamparm
6fed1921ed Bug fix (there are cases when provided kwargs containing explicit None values while we want to use the alternative in those kind of cases; there was an intention in original code, while the implementation was buggy) 2013-04-16 14:17:41 +02:00
Miroslav Stampar
840ee26a14 If SQLAlchemy is available and it has problems while connecting then it should be smarter to not force the other (standard) method - if available 2013-04-15 18:42:26 +02:00
stamparm
de99717b00 Disable sqlalchemy warnings if applicable 2013-04-15 16:29:08 +02:00
stamparm
1c2197e8de Minor bug fix for an Issue #361 (removal of that ugly garbage clean warning message after sqlmap ends) 2013-04-15 16:18:40 +02:00
stamparm
6ab2e8eca4 Trivial style update 2013-04-15 16:09:04 +02:00
stamparm
a3d36fcb73 Minor update 2013-04-15 16:07:27 +02:00
stamparm
140cffbde2 Patch for an Issue #434 2013-04-15 15:57:28 +02:00
stamparm
9ccbdb3fdf Added a check for an Issue #361 2013-04-15 15:36:10 +02:00
stamparm
1c47b33020 Few bug fixes in -d (there were late values in payloads in some cases; sqlalchemy returns RowProxy for tuple) 2013-04-15 15:23:45 +02:00
stamparm
f936746423 Code restyling 2013-04-15 14:31:27 +02:00
stamparm
aed738d6e6 Update for an Issue #361 2013-04-15 14:20:21 +02:00
stamparm
a9a0d1a3f9 Minor update 2013-04-15 11:56:19 +02:00
stamparm
10fbeaed7b Code refactoring 2013-04-15 11:49:11 +02:00
stamparm
349f885f08 Minor patch 2013-04-15 11:41:53 +02:00
stamparm
8853e43616 Applying patch from Brandon Perry via ML 2013-04-15 11:01:07 +02:00
stamparm
3e65037a05 Introducing lib/utils/sqlalchemy.py (Issue #361) 2013-04-15 10:33:25 +02:00
Miroslav Stampar
b6fee638ef Neutralizing time of cookie expiration (in case of --load-cookies) 2013-04-14 01:13:08 +02:00
Miroslav Stampar
ed5599f489 In case that cookie file is given and cookie header inside request file clashes with one of contained cookies, give cookie file greater priority 2013-04-12 19:20:33 +02:00
stamparm
7edd7ee2aa Trivial code change 2013-04-12 16:25:24 +02:00
Miroslav Stampar
73917fc9c8 Minor update (same, but safer) 2013-04-11 21:25:44 +02:00
Miroslav Stampar
0b449bb1d9 Fix for an Issue #433 2013-04-10 19:33:31 +02:00
stamparm
f67148a9a4 Update for an Issue #431 2013-04-10 16:43:57 +02:00
stamparm
661b44135d Minor bug fix 2013-04-10 11:59:07 +02:00
stamparm
8c9da95343 Style and consistency update (url -> URL) 2013-04-09 11:48:42 +02:00
stamparm
3948b527dd Update for an Issue #429 2013-04-09 11:36:33 +02:00
stamparm
91054099aa Minor style update 2013-04-09 10:42:58 +02:00
stamparm
cce541cc33 Patch for an Issue #429 2013-04-09 10:39:20 +02:00
stamparm
33e9b3c451 Minor style update 2013-04-09 10:39:20 +02:00
Miroslav Stampar
7614c815ed Minor update/patch 2013-04-07 21:32:03 +02:00
Miroslav Stampar
240e9f3f7e Minor patch 2013-04-07 11:02:43 +02:00
Miroslav Stampar
50ac3aab7a Minor patch 2013-04-06 01:56:24 +02:00
stamparm
a75d3ed0b8 Minor style update 2013-04-06 01:56:23 +02:00
Miroslav Stampar
df4fd82515 Minor update 2013-04-03 23:27:27 +02:00
Miroslav Stampar
c75a2d0c40 Minor patch 2013-04-03 21:31:37 +02:00
Miroslav Stampar
153aa10b77 Minor cosmetic update 2013-04-03 19:00:54 +02:00
Miroslav Stampar
f387333415 Minor cosmetics 2013-04-02 17:34:56 +02:00
Miroslav Stampar
4b5335a323 Moving --force-ssl from [Request] to [General] options 2013-04-02 17:18:21 +02:00
Miroslav Stampar
76a0d20799 Minor patch 2013-04-01 22:18:41 +02:00
Miroslav Stampar
b67f342975 Minor patch 2013-04-01 17:32:16 +02:00
stamparm
a371f182ac Minor patch (previous combination is not working well with oriental characters - 0 length normalized unicode string is being returned) 2013-03-28 15:37:14 +01:00
stamparm
e1ffdde532 Little cleaning a mess with url encoding and post hint types 2013-03-27 13:39:27 +01:00
Miroslav Stampar
c19a283434 Minor patch 2013-03-26 20:06:50 +01:00
stamparm
7accba4cf9 Minor update 2013-03-26 16:10:41 +01:00
stamparm
0882fe0ce3 Minor update related to the last two 2013-03-26 16:04:56 +01:00
stamparm
eb1bfc20cb Update related to the last commit 2013-03-26 15:36:44 +01:00
stamparm
2fe6aea0eb Minor fix 2013-03-26 15:07:14 +01:00
stamparm
825aa4b8dd Minor language update 2013-03-26 14:27:51 +01:00
stamparm
5dd2529b02 Minor language update 2013-03-26 14:18:37 +01:00
stamparm
4d2b77dde3 Minor language update 2013-03-26 14:15:40 +01:00
stamparm
473a39b820 Minor language fix 2013-03-26 14:11:17 +01:00
stamparm
3f8dafedae Minor text update 2013-03-26 14:08:35 +01:00
stamparm
ad039c335d Implementation for an Issue #423 2013-03-21 11:28:44 +01:00
stamparm
3740a97cc9 Adding a --version switch like all command line programs have 2013-03-20 11:44:09 +01:00
stamparm
7447773237 Update for consistency (all other enums are using _ in between words) 2013-03-20 11:10:24 +01:00
stamparm
ae6ce7db30 Removal of unused imports 2013-03-20 10:44:15 +01:00
Miroslav Stampar
8acf033715 Code refactoring 2013-03-19 19:24:14 +01:00
Miroslav Stampar
a3d9a7b1ff Minor fix 2013-03-19 19:06:51 +01:00
stamparm
d1ae62b22b Patch for an Issue #422 2013-03-19 12:27:49 +01:00
stamparm
6969874c02 Switch --no-cast is incompatible with switch --hex (integer values are not being casted in case of --no-cast --hex which is causing unwanted decodings of returned values) 2013-03-19 10:52:37 +01:00
stamparm
10e6c70c22 Trivial style update (undoing last dummy commit) 2013-03-19 10:43:29 +01:00
stamparm
70265fd3b5 Trivial style update 2013-03-19 10:43:03 +01:00
stamparm
5adac57ca9 Trivial style update 2013-03-19 10:42:50 +01:00
stamparm
558ef0aaff Minor fix 2013-03-19 10:42:20 +01:00
stamparm
e226006766 Trivial fix 2013-03-18 13:29:55 +01:00
stamparm
5e02bcbd58 Minor adjustment 2013-03-18 12:16:16 +01:00
stamparm
7111cdabe3 Minor cosmetics 2013-03-18 11:41:15 +01:00
Miroslav Stampar
5df1f5528e More general update for an Issue #421 2013-03-15 22:49:09 +01:00
Miroslav Stampar
f0a419bdec Patch for an Issue #421 2013-03-15 22:08:15 +01:00
Miroslav Stampar
596cf95040 Minor fix 2013-03-15 17:22:33 +01:00
Miroslav Stampar
ff4e62ff90 Minor cosmetics 2013-03-15 17:00:01 +01:00
Miroslav Stampar
4010df307e Trivial cosmetics 2013-03-15 16:37:52 +01:00
Miroslav Stampar
4cb378ce3e Another update for an Issue #352 and couple of fixes 2013-03-13 21:57:09 +01:00
Miroslav Stampar
b35122a42c Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-03-13 19:52:17 +01:00
Miroslav Stampar
eb08c8d752 Another update for an Issue #352 2013-03-13 19:42:22 +01:00
Bernardo Damele
dea62189b2 fixes #420 2013-03-12 22:16:42 +00:00
Miroslav Stampar
2f43c3eb9b Minor fix (digest live test case) and some refactoring 2013-03-12 21:16:44 +01:00
Miroslav Stampar
65306f1ac1 Update for an Issue #352 2013-03-12 20:10:32 +01:00
Miroslav Stampar
db0a1e58b9 Update for an Issue #352 2013-03-11 14:58:05 +01:00
Miroslav Stampar
d6fc10092f Minor refactoring 2013-03-11 13:31:50 +01:00
Miroslav Stampar
84a5bdb9cf Trivial cosmetics 2013-03-09 19:41:24 +01:00
Miroslav Stampar
79d6a0e9c9 Using binary data in dummy mode 2013-03-09 19:40:24 +01:00
Miroslav Stampar
1e731f87a4 Patch for an Issue #419 (Authentication header is now properly being cached - no more one reauth per each request) 2013-03-09 19:33:04 +01:00
Miroslav Stampar
8e6692d793 Minor fix (for JSON values with :) 2013-03-05 20:12:24 +01:00
Miroslav Stampar
e9b86350f1 Patch for an Issue #403 2013-03-05 18:32:31 +01:00
Miroslav Stampar
62980d7d5a Automatically decoding url encoded data in response 2013-03-05 17:32:10 +01:00
Miroslav Stampar
9e49d8c68f Adding support for SHA2 hash functions 2013-03-05 11:04:46 +01:00
Miroslav Stampar
2ada9e9b84 Patch for an Issue Issue #416 2013-03-04 18:05:40 +01:00
Miroslav Stampar
084cfc797a Fix for an Issue #415 2013-03-02 09:55:12 +01:00
Martin Bjerregaard Jepsen
d7a77c79ad Fixed incorrect call to checkBooleanExpression when testing for false positives 2013-03-01 22:51:34 +01:00
stamparm
3a3f9c5ea1 Trivial commit related to the last one 2013-03-01 12:09:03 +01:00
stamparm
55f33da85a Fix for invalid logical test cases 2013-03-01 12:04:49 +01:00
stamparm
440b484bf6 Minor update (one more just in case dummy request in false positive check for time-based injections - when DBMS could be unresponsive a bit due to previous heavy-queries) 2013-03-01 10:59:04 +01:00
Miroslav Stampar
e42350ddce Minor style update 2013-02-28 20:28:34 +01:00
Miroslav Stampar
0e89cc62a2 Adding a hidden switch --dummy used for dummy runs (getPage() returns random data) - usefull for testing purposes for skipping connections 2013-02-28 20:20:08 +01:00
stamparm
9ef79df23d Cleaning up cases with Set-Cookie (conf.cj is handling it automatically; also, default redirector needed to be patched) 2013-02-28 13:51:08 +01:00
stamparm
be50192d8d Refactoring WAF scripts 2013-02-26 15:54:50 +01:00
stamparm
e5835dc74f Update for WAF scripts 2013-02-26 15:30:11 +01:00
stamparm
17fa0f568c Minor patch for an Issue #404 2013-02-26 12:55:09 +01:00
stamparm
ecbcd4afe6 Minor update 2013-02-26 12:55:09 +01:00
stamparm
af4762ace2 Minor style update 2013-02-26 11:16:09 +01:00
stamparm
f6b43b4b13 Minor update for an Issue #290 2013-02-26 11:08:06 +01:00
stamparm
e5e39bc682 Fix for an Issue #410 2013-02-25 11:07:30 +01:00
stamparm
6fbd902265 Minor refactoring (Issue #411) 2013-02-25 10:44:04 +01:00
stamparm
7127869ede Minor bug fix (live test specific verbosity should be valid only inside of it) 2013-02-22 17:26:48 +01:00
stamparm
68ce51bfd4 Changing from warn to info for no WAF found 2013-02-22 12:15:38 +01:00
stamparm
ad471368f5 Fixing a display bug (cases where messages are just appended after the readInput line in batch mode) introduced with b472d9809a 2013-02-22 11:42:09 +01:00
stamparm
0bbbfc2eac Adding a small warning message (related to the Issue #407) 2013-02-22 11:12:41 +01:00
stamparm
42cbd94fa4 Better update regarding 6acb2480b8 2013-02-22 10:49:45 +01:00
stamparm
44a46d2b10 Fix for an Issue #409 2013-02-22 10:18:22 +01:00
Miroslav Stampar
6acb2480b8 Adding WAF script for SecureIIS 2013-02-21 21:34:26 +01:00
Miroslav Stampar
229e4e167b Minor cosmetics 2013-02-21 21:06:31 +01:00
stamparm
3a8c0cd3a2 Minor style update 2013-02-21 14:52:56 +01:00
stamparm
29ba43ee6c Unhidding switch '--identify-waf' (Issue #290) 2013-02-21 14:48:19 +01:00
stamparm
08f0670aca Minor refactoring for an Issue #290 2013-02-21 14:39:22 +01:00
stamparm
8e49872d7c Finalizing implementation for an Issue #290 2013-02-21 14:33:12 +01:00
stamparm
6b2981ef4e Update for an Issue #290 (adding tamper-like scripts into (new) directory waf) 2013-02-21 11:14:57 +01:00
stamparm
69063947b6 Debug message should go with logging.DEBUG 2013-02-19 09:46:51 +01:00
Bernardo Damele
d7247a51ee do not prompt constantly if the page is not found 2013-02-18 18:08:20 +00:00
Miroslav Stampar
7f293afe74 Proper escaping for SQL identificators in Oracle (also, revert for 9b5f33560b) 2013-02-18 15:18:53 +01:00
Miroslav Stampar
5c099efccc Fix for an Issue #401 2013-02-18 11:38:18 +01:00
Miroslav Stampar
9b5f33560b Oracle is too specific (only column names can be enclosed) - removing it 2013-02-15 17:36:58 +01:00
Miroslav Stampar
bf82506c1b Oracle can't enclose table names with double quotations 2013-02-15 17:36:58 +01:00
Miroslav Stampar
1b3d749488 Proper fix related to the last commit/revert 2013-02-15 17:36:58 +01:00
Miroslav Stampar
5a793cbc7c Minor revert 2013-02-15 17:36:58 +01:00
Miroslav Stampar
799bd51c2e Minor fix when two readInput/dataToStdout are called one at a time 2013-02-15 17:36:58 +01:00
Miroslav Stampar
97c06854a4 Minor fixes 2013-02-15 17:36:58 +01:00
Bernardo Damele
0e7f771be6 minor adjustment 2013-02-15 16:28:09 +00:00
Bernardo Damele
35aa785870 bug fix to make --predict-output work also with time-based technique 2013-02-15 16:25:33 +00:00
Miroslav Stampar
014e4e0055 Minor represenation fix 2013-02-15 14:48:24 +01:00
Bernardo Damele
63ddeb9008 unnecessary variable 2013-02-15 13:26:28 +00:00
Miroslav Stampar
345d10a9e0 Consistency fix (everywhere else we show unsafe format of identificator names) 2013-02-15 14:05:14 +01:00
Bernardo Damele
b472d9809a another consistency fix to readInput() 2013-02-15 09:35:09 +00:00
Bernardo Damele
32c8c67888 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-02-15 09:29:41 +00:00
Bernardo Damele
20c5f9a030 consistency fix 2013-02-15 09:29:36 +00:00
Miroslav Stampar
11bcf28d86 Fix for an Issue #399 2013-02-15 10:04:13 +01:00
Bernardo Damele
87db5d0dab minor bug fix to avoid duplicates - #297 2013-02-15 00:53:05 +00:00
Bernardo Damele
c3f1e196e1 added missing parameter 2013-02-15 00:43:46 +00:00
Bernardo Damele
4727589135 code consistency 2013-02-15 00:17:13 +00:00
Miroslav Stampar
515be4ee0b Minor just in case commit related to the last one 2013-02-14 19:58:10 +01:00
Miroslav Stampar
fef60b73f4 Minor update for proper display of [PAYLOAD] in JSON/XML/SOAP cases 2013-02-14 19:53:26 +01:00
Bernardo Damele
0c79d7b1e2 unnecessary import 2013-02-14 18:33:47 +00:00
Bernardo Damele
614ff6029d working on #396 - handle the case when we dont have a web backdoor/file stager for the language API, added a few more log messages to give further information about what is going on, minor bug fix to docRoot 2013-02-14 18:31:14 +00:00
Bernardo Damele
3b38b20176 working on #396 - adaptation for the verification phase 2013-02-14 18:29:55 +00:00
Bernardo Damele
261db6ed4f working on #396 - verify shellcodeexec executable has been properly uploaded 2013-02-14 18:29:35 +00:00
Bernardo Damele
4d5ecc3b03 working on #396 - verify icmpsh executable has been properly uploaded 2013-02-14 18:28:48 +00:00
Bernardo Damele
66cee83ca4 if needed, allow to reinitialize the environment for takeover - issue #396 2013-02-14 17:39:19 +00:00
Bernardo Damele
d91530f885 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-02-14 17:16:55 +00:00
Bernardo Damele
52264f544e minor fix for Windows file paths, do not strip the windows drive letter 2013-02-14 17:16:49 +00:00
Miroslav Stampar
fdf00e4842 Fix for an Issue #397 2013-02-14 17:14:36 +01:00
Miroslav Stampar
368a2fd297 Fix for an Issue #393 2013-02-14 16:18:16 +01:00
Miroslav Stampar
f97f575018 Trivial restyling 2013-02-14 15:41:27 +01:00
Miroslav Stampar
605c5b089e Minor style update 2013-02-14 15:38:44 +01:00
Miroslav Stampar
06d8547916 Implementation for an Issue #394 2013-02-14 15:38:44 +01:00
Miroslav Stampar
7944684ff2 This was supposed to be a separate commit (going to commit it in next one) 2013-02-14 15:38:44 +01:00
Miroslav Stampar
6c0054bc5f Putting that ugly parameter xyz is not inside the Cookie into the debug messages 2013-02-14 15:38:44 +01:00
Bernardo Damele
d42d28392a avoid tracebacks because the parameter does not exist 2013-02-14 13:18:33 +00:00
Bernardo Damele
646df37884 minor bug fix for --reg-read 2013-02-14 13:17:30 +00:00
Miroslav Stampar
c72353321d Minor update for an Issue #392 2013-02-14 13:36:33 +01:00
Bernardo Damele
4b9d8ed673 reverted a previous commit as not all distributions create a link file /usr/bin/python2 to the Python interpreter 2013-02-14 11:32:17 +00:00
Bernardo Damele
2267dd8f47 working on #392 to fix --os-cmd and --os-shell output parsing 2013-02-14 11:31:20 +00:00
Bernardo Damele
cb6d549e57 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-02-14 11:25:12 +00:00
Bernardo Damele
a67ef4117f make sure to use Python 2 interpreter when default system Python is version 3 2013-02-14 11:25:04 +00:00
Miroslav Stampar
efe1bf0ded Minor fix (for those multiline cases like in MsSQL) 2013-02-14 12:20:40 +01:00
Miroslav Stampar
6629233de5 Minor update 2013-02-14 10:18:40 +01:00
Miroslav Stampar
a0b44da5d8 Minor fix for --threads>1 --binary-fields 2013-02-13 20:47:27 +01:00
Miroslav Stampar
0a4605644e Minor fix for previous commit 2013-02-13 16:31:03 +01:00
Miroslav Stampar
2b121c938b Minor fix 2013-02-13 16:24:21 +01:00
Miroslav Stampar
9b231f87d6 Minor bug fix (regarding Issue #379) - in case that two processes enter the same proc_count decrementing line sqlmap would halt 2013-02-13 15:31:50 +01:00
Miroslav Stampar
8138d1318e Minor fix 2013-02-13 15:10:49 +01:00
Miroslav Stampar
c6d29e093e Fixing issue with newlines after the data in -r mode 2013-02-13 12:36:01 +01:00