Commit Graph

4806 Commits

Author SHA1 Message Date
Miroslav Stampar
58002c5057 Minor cosmetics 2015-07-23 09:55:59 +02:00
Miroslav Stampar
cece2cb12d Minor cosmetics 2015-07-23 00:42:29 +02:00
Miroslav Stampar
358651b19c Fixes #1313 2015-07-23 00:41:03 +02:00
Miroslav Stampar
75ed5f767c Fixes #1309 2015-07-20 17:03:20 +02:00
Miroslav Stampar
2afb5687f6 Fixes #1307 2015-07-20 15:47:27 +02:00
Miroslav Stampar
21e8182ac6 Fixes #1305 2015-07-18 17:01:34 +02:00
Miroslav Stampar
a7c4400cc9 Fixes #1304 2015-07-17 14:20:51 +02:00
Miroslav Stampar
00f190fc92 Fixes #1303 2015-07-17 10:14:35 +02:00
Miroslav Stampar
49212ec920 Fixes #1302 2015-07-17 09:56:24 +02:00
Miroslav Stampar
1aafe85a3a Fixes #1299 2015-07-15 11:15:06 +02:00
Miroslav Stampar
fdc8e664df Updating --beep functionality (ML request) 2015-07-13 23:55:46 +02:00
Miroslav Stampar
16f8e4c8ba Removing unused imports 2015-07-12 12:25:02 +02:00
Miroslav Stampar
a20da7a677 Patch for automatic reporting (GitHub has robots) 2015-07-12 12:05:19 +02:00
Miroslav Stampar
fa303ef8b1 Minor update 2015-07-10 16:39:18 +02:00
Miroslav Stampar
10f8c6a0b6 Introducing --offline switch (to perform session only lookups) 2015-07-10 16:10:24 +02:00
Miroslav Stampar
9bdbdc136f Minor cosmetics update 2015-07-10 11:33:12 +02:00
Miroslav Stampar
0ba264bfa0 Minor patch 2015-07-10 09:51:11 +02:00
Miroslav Stampar
4baaa4a5ad Minor improvement 2015-07-10 09:24:14 +02:00
Miroslav Stampar
9ff115ce71 Minor patch 2015-07-10 01:33:53 +02:00
Miroslav Stampar
02470ea683 Further decreasing number of testing payloads 2015-07-10 01:19:46 +02:00
Miroslav Stampar
48b627f3ff Prevent double tests (e.g. in same final tests where suffix is cut by the comment) 2015-07-10 00:54:02 +02:00
Miroslav Stampar
ca2f63c672 Test speed up in case of boolean based blind 2015-07-10 00:37:59 +02:00
Miroslav Stampar
3a5cc98976 -Z is/are a pseudo-option (just like -H) expanded during the run 2015-07-07 09:27:18 +02:00
Miroslav Stampar
2080fcaa37 Fixes #1293 2015-07-07 09:24:16 +02:00
Miroslav Stampar
f488377001 Fixes #1293 2015-07-07 08:47:07 +02:00
Miroslav Stampar
6a1b3895f9 Patch for an Issue #1285 2015-07-06 11:50:59 +02:00
Miroslav Stampar
96327b6701 Fixes #1290 2015-07-05 01:47:01 +02:00
Miroslav Stampar
166dc98e81 Minor patch 2015-07-05 00:03:29 +02:00
Miroslav Stampar
1f71d809d4 Fixes #1288 2015-07-03 08:55:33 +02:00
Miroslav Stampar
7b95a2d80d Patch for an Issue #1280 2015-06-29 10:05:16 +02:00
Miroslav Stampar
8b63ee9bc3 Minor update for #1281 2015-06-29 01:12:14 +02:00
Miroslav Stampar
97244f5e5e Fixes #1279 2015-06-29 00:20:35 +02:00
Miroslav Stampar
b212321c07 Fixes #1278 2015-06-26 10:30:53 +02:00
Miroslav Stampar
b02be9674f Fixes #1277 2015-06-26 10:11:34 +02:00
Miroslav Stampar
7d418af274 Fix for a bug reported privately by email 2015-06-22 16:28:35 +02:00
Miroslav Stampar
9e5ef094a3 Closes #1270 2015-06-16 22:20:21 +02:00
Miroslav Stampar
e4b23c9beb Minor fix regarding POST redirects (ML) 2015-06-16 12:00:56 +02:00
Miroslav Stampar
04c1d439a7 Minor patch for #1260 2015-06-05 17:18:21 +02:00
Miroslav Stampar
8d7e915af7 Minor patch for #1260 2015-06-05 17:02:56 +02:00
Miroslav Stampar
ec87d8ebda Adding a support for SNI (Issue #1256) 2015-06-01 10:45:16 +02:00
Miroslav Stampar
341d2a6028 Minor fix for (hidden) switch '--dummy' 2015-05-29 17:30:02 +02:00
Miroslav Stampar
08caca387b Minor patch of automatic WAF heuristic check 2015-05-29 16:01:41 +02:00
Miroslav Stampar
699c965bc0 Fixes #1248 2015-05-19 18:40:45 +02:00
Miroslav Stampar
17bfda1b9c Adding new switch ('--skip-static') 2015-05-18 20:57:15 +02:00
Miroslav Stampar
e8f87bfa41 Minor patches related to the #1206 2015-05-11 11:01:21 +02:00
Miroslav Stampar
91bc02e3ba Fixes related to the #1206 2015-05-11 10:56:10 +02:00
Miroslav Stampar
9010e157e9 Conflict fix 2015-05-11 10:11:33 +02:00
Miroslav Stampar
5b8df7984c Minor update (for Windows-31j charset) 2015-05-09 14:32:55 +02:00
Miroslav Stampar
4b2ff4339a Fixes #1243 2015-05-07 12:36:23 +02:00
Miroslav Stampar
18e62fd507 Fix for an Issue #1240 2015-05-05 14:36:21 +02:00
Miroslav Stampar
84ba3d45c1 Patch for an Issue #1238 2015-05-04 21:47:10 +02:00
Miroslav Stampar
5ee7fd785a Fixes #1235 2015-05-01 00:48:08 +02:00
Miroslav Stampar
03f32ae2b6 Merge of an Issue #1227 2015-04-22 17:21:55 +02:00
Miroslav Stampar
a94dcf94e9 Patch for an Issue #1226đ 2015-04-22 16:41:20 +02:00
Miroslav Stampar
bb98894dc1 Adding option --safe-req 2015-04-22 16:28:54 +02:00
Miroslav Stampar
4ded9a9966 Small patch for existing option validation 2015-04-22 15:32:14 +02:00
Miroslav Stampar
77c96de4ea Minor patch related to the last commit 2015-04-22 10:33:22 +02:00
Miroslav Stampar
95b52a02ec Minor patch for custom injection into HTTP Authorization header 2015-04-22 10:28:16 +02:00
Miroslav Stampar
c5138d4696 Minor refactoring 2015-04-21 00:02:47 +02:00
Miroslav Stampar
349dfbf2ae Adding an option --safe-post 2015-04-20 23:55:59 +02:00
Miroslav Stampar
7517db76d1 Minor fix for SQLite's schema parsing 2015-04-16 18:40:43 +02:00
Miroslav Stampar
dbfa8f1cfc Fix for a bug reported by the user (conf.scheme/conf.hostname/conf.port were None in multiple targets mode) 2015-04-14 11:05:17 +02:00
Miroslav Stampar
0e4800f73c Changing default answer for sitemap checking to N 2015-04-14 09:30:01 +02:00
Miroslav Stampar
1e7f2d6da2 Implements #1215 2015-04-06 22:07:22 +02:00
Miroslav Stampar
c35fa63a48 Fixes #1212 2015-03-30 11:58:09 +02:00
Miroslav Stampar
99c1cc9937 Fixes #1208 2015-03-26 17:17:46 +01:00
Miroslav Stampar
a19bccc84f Fixes #1205 2015-03-26 15:31:29 +01:00
Miroslav Stampar
770cfb6102 Removing test print 2015-03-26 15:20:54 +01:00
Miroslav Stampar
fc0186e029 Minor update 2015-03-26 12:39:44 +01:00
Miroslav Stampar
5dfd3ef1e4 Another update 2015-03-26 12:25:32 +01:00
Miroslav Stampar
3be7a447a5 Update 2015-03-26 12:22:49 +01:00
Miroslav Stampar
7587528ebd Fixes #1202 2015-03-26 11:40:19 +01:00
ricterz
bbfdb02a0e fix mandatorily depend of websocket #1198 2015-03-24 22:25:16 +08:00
ricterz
811f5c11c6 remove Host header field and add cookie support #1198 2015-03-24 18:50:57 +08:00
ricterz
9b5dcbbbb2 modified error handle #1198 2015-03-24 18:21:50 +08:00
ricterz
78dbe080d7 determine whether it's websocket when connect #1198 2015-03-24 17:19:37 +08:00
ricterz
50fd6ce7f7 add websocket support for parse url #1198 2015-03-24 10:30:38 +08:00
Miroslav Stampar
05a496c275 Fixes #1196 2015-03-20 00:56:52 +01:00
Miroslav Stampar
25b23750e8 Bug fix for crawling over non-80 port 2015-03-12 11:49:52 +01:00
Miroslav Stampar
adc8ac267d Fixes #1190 2015-03-10 09:23:26 +01:00
Miroslav Stampar
9bd41ed99d Fixes #1189 2015-03-09 22:02:20 +01:00
Christ van Willegen
80fb2e29cc Fix some spelling errors in help texts (through -> thorough) 2015-03-04 13:31:29 +01:00
Miroslav Stampar
3347fc25ca Fixes #1185 2015-03-03 15:10:06 +01:00
Miroslav Stampar
3f6c3b40dd Minor update (not overriding user given 'Accept-Encoding' header value) 2015-03-03 14:37:36 +01:00
Bernardo Damele
8281fe48e5 bug fix: test for boundaries with high levels if the test was extended 2015-03-01 11:02:05 +00:00
Bernardo Damele
260643241a prioritized fingerprinted DBMS to error-based and user provided one 2015-02-27 14:19:30 +00:00
Bernardo Damele
2f08c8b666 bug fix: do not skil heuristic check if previous page (test for dynamicity) had DBMS message. Code cleanup 2015-02-27 13:57:28 +00:00
Miroslav Stampar
dde400ab8f More suitable version of 6bcc95a (suggested by user) 2015-02-25 10:19:51 +01:00
Miroslav Stampar
6bcc95a20d Restricting evaluated code variable names to Python valid characters ([_0-9a-zA-Z]) 2015-02-24 15:05:44 +01:00
Miroslav Stampar
e35c7fbb7a Fixes #1172 2015-02-22 13:41:54 +01:00
Bernardo Damele
475cc8b24b trivial code cleanup 2015-02-21 13:12:30 +00:00
Bernardo Damele
383929c0c2 if the user forces the DBMS, then sort the tests accordingly to perform first the DBMS-specific tests, then the others 2015-02-21 13:12:03 +00:00
Bernardo Damele
d235ee375b code cleanup 2015-02-21 12:59:44 +00:00
Bernardo Damele
8be24d3e9b minor enhancement, prefer intersect() each time DBMS values are comfronted 2015-02-21 12:59:27 +00:00
Bernardo Damele
388c0dfd77 trivial layout fix 2015-02-21 12:57:49 +00:00
Bernardo Damele
52dd92748a rework some of the logic of the detection phase based on identified DBMS along the way 2015-02-21 02:23:42 +00:00
Bernardo Damele
4f939b5719 avoid false positive message when extensive heuristic check is performed following detection of boolean blind injection detection: do only heuristic DBMS fingerprint for DBMS specific tables 2015-02-20 18:36:34 +00:00
Bernardo Damele
1ecb921ba7 Consistency in enums 2015-02-20 18:31:47 +00:00
Bernardo Damele
214b9360e9 Minor fix to check for inline query payloads regardless of previously identified payloads and code cleanup 2015-02-20 18:30:42 +00:00
Bernardo Damele
79d4d970a5 trivial code cleanup 2015-02-20 15:42:28 +00:00