Mathieu Deous
3effaee2a1
avoid using global variables, use a "store" class
2013-12-15 00:19:58 +01:00
Mathieu Deous
c70f2a4e6d
unused imports
2013-12-15 00:00:08 +01:00
Mathieu Deous
aa02019638
return file content in a json message when calling download endpoint
2013-12-14 16:33:17 +01:00
Mathieu Deous
c87ad1bab5
make returned values more coherent
2013-12-14 16:22:30 +01:00
Mathieu Deous
72137e85f9
do not reset options when firing a scan
2013-12-14 15:59:47 +01:00
Mathieu Deous
af7ad31182
fix commit method usage (belongs to connection, not cursor)
2013-12-14 15:58:09 +01:00
Mathieu Deous
c5a3f54b89
remove unused imports
2013-12-14 15:47:26 +01:00
Mathieu Deous
8a946509b9
PEP8
2013-12-14 15:44:10 +01:00
Mathieu Deous
c3dd6e1e32
api's get_option function doesn't lookup the right object
2013-12-08 17:46:02 +01:00
Miroslav Stampar
7054586e8a
Update for an Issue #565 (more work TBD - DuckDuckGo has some kind of IP blocking mechanism)
2013-11-25 20:57:07 +01:00
Miroslav Stampar
d7906e8f18
Minor fix
2013-10-15 09:49:27 +02:00
Ben Buchacher
54a6c01005
Fix - Custom objects cannot be serialized in JSON
...
Custom objects cannot be serialized in JSON, convert tasks into list before serializing.
2013-10-10 16:06:29 -07:00
Miroslav Stampar
8e2f4669d8
Removing dependency for bz2 as there are some reported problems with the library on non-standard platforms
2013-10-02 20:32:18 +02:00
Miroslav Stampar
c586559e30
Patch for an Issue #510
2013-08-20 18:54:32 +02:00
Miroslav Stampar
f54082111d
Better way how to deal with required extensions
2013-07-13 19:25:49 +02:00
stamparm
1ae68b9bb3
Update for an Issue #405 (fix for usage of old 'complete' data from previous runs)
2013-07-10 17:18:09 +02:00
stamparm
f6c7b398fd
Update for an Issue #405 (fix for persistent options problem)
2013-07-10 16:57:44 +02:00
stamparm
db536427f0
Adding a question for storing hashes to a temporary file (after a mention of it on Twitter)
2013-07-04 15:34:00 +02:00
stamparm
5ff09aff63
Some more adjustments (Issue #475 )
2013-07-01 12:50:12 +02:00
Miroslav Stampar
a1842f44f5
Fix for an Issue #477
2013-06-29 20:55:48 +02:00
stamparm
a53823f9b7
Minor refactoring
2013-06-19 10:59:26 +02:00
Miroslav Stampar
63d0e9bb12
Adding support for MsSQL >=2012 hash format (based on commit 70107f74f0be5357654f170a3f321e3e55e81881)
2013-06-13 21:50:35 +02:00
stamparm
f4ca4cd6c5
Minor update
2013-05-29 15:49:09 +02:00
stamparm
bc4e1dab19
Getting rid of those ugly warning messages
2013-05-28 11:24:56 +02:00
Miroslav Stampar
4f49dad2ba
Minor cosmetics
2013-05-19 01:19:54 +02:00
Miroslav Stampar
6cfcc1af63
Minor cosmetic
2013-05-19 01:17:22 +02:00
stamparm
cb9ea67c8d
Code refactoring (moving progress.py to lib/utils)
2013-05-13 14:48:39 +02:00
stamparm
2bfdac5ebc
Minor update for crawler
2013-04-30 18:32:46 +02:00
stamparm
ebe8ee3500
Fix for crawler and redirection case
2013-04-30 18:08:26 +02:00
stamparm
3c110b3620
Minor bug fix
2013-04-30 16:40:16 +02:00
stamparm
9d045e14e8
Implementation for an Issue #437
2013-04-18 17:06:45 +02:00
Miroslav Stampar
840ee26a14
If SQLAlchemy is available and it has problems while connecting then it should be smarter to not force the other (standard) method - if available
2013-04-15 18:42:26 +02:00
stamparm
de99717b00
Disable sqlalchemy warnings if applicable
2013-04-15 16:29:08 +02:00
stamparm
1c2197e8de
Minor bug fix for an Issue #361 (removal of that ugly garbage clean warning message after sqlmap ends)
2013-04-15 16:18:40 +02:00
stamparm
6ab2e8eca4
Trivial style update
2013-04-15 16:09:04 +02:00
stamparm
9ccbdb3fdf
Added a check for an Issue #361
2013-04-15 15:36:10 +02:00
stamparm
1c47b33020
Few bug fixes in -d (there were late values in payloads in some cases; sqlalchemy returns RowProxy for tuple)
2013-04-15 15:23:45 +02:00
stamparm
f936746423
Code restyling
2013-04-15 14:31:27 +02:00
stamparm
aed738d6e6
Update for an Issue #361
2013-04-15 14:20:21 +02:00
stamparm
8853e43616
Applying patch from Brandon Perry via ML
2013-04-15 11:01:07 +02:00
stamparm
3e65037a05
Introducing lib/utils/sqlalchemy.py (Issue #361 )
2013-04-15 10:33:25 +02:00
stamparm
8c9da95343
Style and consistency update (url -> URL)
2013-04-09 11:48:42 +02:00
stamparm
3948b527dd
Update for an Issue #429
2013-04-09 11:36:33 +02:00
stamparm
91054099aa
Minor style update
2013-04-09 10:42:58 +02:00
stamparm
d1ae62b22b
Patch for an Issue #422
2013-03-19 12:27:49 +01:00
stamparm
7111cdabe3
Minor cosmetics
2013-03-18 11:41:15 +01:00
Miroslav Stampar
eb08c8d752
Another update for an Issue #352
2013-03-13 19:42:22 +01:00
Miroslav Stampar
9e49d8c68f
Adding support for SHA2 hash functions
2013-03-05 11:04:46 +01:00
Bernardo Damele
63ddeb9008
unnecessary variable
2013-02-15 13:26:28 +00:00
Bernardo Damele
20c5f9a030
consistency fix
2013-02-15 09:29:36 +00:00
Bernardo Damele
87db5d0dab
minor bug fix to avoid duplicates - #297
2013-02-15 00:53:05 +00:00
Bernardo Damele
4b9d8ed673
reverted a previous commit as not all distributions create a link file /usr/bin/python2 to the Python interpreter
2013-02-14 11:32:17 +00:00
Bernardo Damele
cb6d549e57
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-02-14 11:25:12 +00:00
Bernardo Damele
a67ef4117f
make sure to use Python 2 interpreter when default system Python is version 3
2013-02-14 11:25:04 +00:00
Miroslav Stampar
efe1bf0ded
Minor fix (for those multiline cases like in MsSQL)
2013-02-14 12:20:40 +01:00
Miroslav Stampar
9b231f87d6
Minor bug fix (regarding Issue #379 ) - in case that two processes enter the same proc_count decrementing line sqlmap would halt
2013-02-13 15:31:50 +01:00
Miroslav Stampar
8138d1318e
Minor fix
2013-02-13 15:10:49 +01:00
Miroslav Stampar
6a98d375b1
More general except
2013-02-12 14:39:21 +01:00
Miroslav Stampar
ee1017a5a7
Minor fix
2013-02-08 13:46:39 +01:00
Bernardo Damele
b477c56b52
first steps to allow multiple scans on the same taskid - issue #297
2013-02-07 00:05:26 +00:00
Bernardo Damele
dd6c73ea24
fixed --passwords output for API - #297
2013-02-06 21:45:51 +00:00
Bernardo Damele
21afba9571
got the partial output finally properly replaced by complete output in IPC database - #297
2013-02-06 21:32:26 +00:00
Bernardo Damele
2fa2f30d21
slighlty better, still not optimal
2013-02-06 17:45:52 +00:00
Bernardo Damele
e439c3d3f5
minor refactoring - #297
2013-02-06 17:09:43 +00:00
Miroslav Stampar
060eac110a
Cleaner version checking
2013-02-06 10:28:17 +01:00
Miroslav Stampar
b1f31103f9
Removing that ugly disk I/O error in live testing mode
2013-02-05 17:04:42 +01:00
Miroslav Stampar
934808f53b
Fix for an Issue #379
2013-02-05 16:13:45 +01:00
Bernardo Damele
f7d826fee1
first case where partial output is retrievable via RESTful API - issue #297
2013-02-05 14:43:03 +00:00
Miroslav Stampar
4faa5f0f49
Fix for stalling in retrieving international letters (--technique=B)
2013-02-05 10:27:31 +01:00
Miroslav Stampar
74e82b2b53
Removing redundant check
2013-02-04 20:42:28 +01:00
Miroslav Stampar
cf8e5d535d
Minor cleanup
2013-02-04 20:15:44 +01:00
Miroslav Stampar
c5ae967fe0
Potential fix for an Issue #379
2013-02-04 17:43:58 +01:00
Bernardo Damele
9370f96a67
step by step getting there to partial output presentation to restful API (issue #297 ), not quite yet though..
2013-02-03 22:09:33 +00:00
Bernardo Damele
b55555e4e5
minor bug fix
2013-02-03 21:39:26 +00:00
Bernardo Damele
bd1ea13b8d
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-02-03 11:31:12 +00:00
Bernardo Damele
f8bc74758c
improvement to restful API to store to IPC database partial entries, not yet functional (issue #297 )
2013-02-03 11:31:05 +00:00
Miroslav Stampar
6d942f92b5
Removing --check-payload (PHPIDS doesn't update rules lately; also, WAF/IDS/IPS is more than just regexes (unencoding, removing junk, etc.))
2013-02-01 10:03:06 +01:00
Bernardo Damele
e8bd3c9c9f
cosmetics
2013-01-29 17:00:28 +00:00
Bernardo Damele
edd6699ed1
code refactoring and added /status method for scan (issue #297 )
2013-01-29 16:11:25 +00:00
Bernardo Damele
1152cf8958
increased SQLite connection timeout to 3 seconds, the object will now wait for the lock to go away max 3 seconds, no longer 1 only. Relevant code refactoring and minor improvements all over the API library (issue #297 )
2013-01-29 15:38:09 +00:00
Bernardo Damele
f1ab887c55
major enhancement, code refactoring for issue #297
2013-01-29 01:39:27 +00:00
Bernardo Damele
d07881b6c3
apply a little bit of secure coding practices to the API
2013-01-27 12:26:40 +00:00
Bernardo Damele
195d17449e
first test of stdout/stderr redirect to a database when sqlmap is executed from restful API ( #297 )
2013-01-25 17:11:31 +00:00
Bernardo Damele
5b3c8d8991
first implementation of asynchronous inter-protocol communication between the sqlmap RESTful API and the sqlmap engine with SQLite
2013-01-24 12:57:24 +00:00
Miroslav Stampar
601eb1e49a
Unescaping is renamed to escaping
2013-01-18 15:40:37 +01:00
Bernardo Damele
a43202f3c0
updated copyright
2013-01-18 14:07:51 +00:00
Miroslav Stampar
33ea811c6c
Removing some unused stuff (mainly imports)
2013-01-18 11:50:02 +01:00
Bernardo Damele
5e059ab6db
added check for DB2 lib
2013-01-17 14:20:34 +00:00
Miroslav Stampar
7a1d484115
Implementation for an Issue #340
2013-01-15 16:05:33 +01:00
Miroslav Stampar
2cac7e860e
Minor refactoring
2013-01-14 16:27:50 +01:00
Miroslav Stampar
31302eb707
Minor update
2013-01-14 16:26:07 +01:00
Miroslav Stampar
2a86c1cadc
Another cosmetics
2013-01-14 16:24:55 +01:00
Miroslav Stampar
1e1f560d0c
Minor cosmetics
2013-01-14 16:24:28 +01:00
Miroslav Stampar
0c2474cc22
Minor update
2013-01-14 16:21:40 +01:00
Miroslav Stampar
a5a309212a
Fix for an Issue #339
2013-01-14 16:18:03 +01:00
Miroslav Stampar
834be1eddc
Restyling redundant 'except Exception' form
2013-01-10 15:54:28 +01:00
Miroslav Stampar
934d41dac2
Minor style update (PEP8)
2013-01-10 15:02:28 +01:00
Miroslav Stampar
ca3d35a878
Some PEP8 related style cleaning
2013-01-10 13:18:44 +01:00
Bernardo Damele
8093f3950d
properly distinguish stdout from stderr with a separate pipe (tracebacks go to stderr) - issue #297
2013-01-10 00:52:44 +00:00
Bernardo Damele
ef40779ad3
upgraded to use custom subprocessng for non-blocking send and read functions for spawned processes. Added new method to display range of log messages, just in case and improved parsing/unpickling of read log messages
2013-01-10 00:01:28 +00:00
Bernardo Damele
9766f6025e
logging is now handled in a separate file descriptor :) - issue #297
2013-01-09 22:09:50 +00:00
Miroslav Stampar
bf5544903b
Minor style update
2013-01-09 16:10:26 +01:00
Miroslav Stampar
bdd2592848
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-09 15:22:30 +01:00
Miroslav Stampar
3d4f381ab5
Patch for an Issue #169
2013-01-09 15:22:21 +01:00
Bernardo Damele
c44a829b9b
pass a pickled options object to sqlmap engine when called from API
2013-01-09 12:34:45 +00:00
Bernardo Damele
1e1892c962
prep for subprocess..
2013-01-07 11:10:33 +00:00
Miroslav Stampar
e4a3c015e5
Replacing old and deprecated raise Exception style (PEP8)
2013-01-03 23:20:55 +01:00
Miroslav Stampar
cb91729913
Fix for an Issue #324 (crawling when HTML is not well-formed)
2012-12-27 20:55:37 +01:00
Bernardo Damele
832567ecf6
import order
2012-12-21 23:34:37 +00:00
Miroslav Stampar
352e516400
Bottle is a 3rd party tool (not going to extra folder)
2012-12-21 10:18:30 +01:00
Miroslav Stampar
0d5d84edc7
Minor cleanup
2012-12-20 21:03:41 +01:00
Miroslav Stampar
712cf4e4db
Fix for an Issue #316
2012-12-20 20:55:59 +01:00
Bernardo Damele
89d8c58fd1
poor attempt at forking a child process for sqlmap engine execution, output is not handled yet
2012-12-20 17:56:53 +00:00
Bernardo Damele
912323c12d
minor bug fix ( #297 )
2012-12-20 17:05:44 +00:00
Bernardo Damele
7adaffa71b
fixed options initiation
2012-12-20 16:53:43 +00:00
Bernardo Damele
b0635bddcc
adjustments
2012-12-20 15:29:23 +00:00
Bernardo Damele
e9ab33e9dd
standalone REST API, code cleanup ( #297 )
2012-12-20 14:35:02 +00:00
Bernardo Damele
5632279bf7
removed deprecated feature ( #287 )
2012-12-20 13:21:07 +00:00
Miroslav Stampar
c2c4601d6e
Minor restyling
2012-12-20 11:06:52 +01:00
Bernardo Damele
0500712a03
removed unuseful prints
2012-12-17 13:29:19 +00:00
Bernardo Damele
f40c52cc17
comment adjustment
2012-12-17 11:28:03 +00:00
Bernardo Damele
d4a061d0c3
code cleanup - #297
2012-12-15 00:29:35 +00:00
Bernardo Damele
0c3da5c7eb
code refactoring and first time logger is handled by a separate file descriptor (issue #297 )
2012-12-15 00:12:22 +00:00
Bernardo Damele
2f6a31605c
code refactoring ( #279 )
2012-12-14 22:00:42 +00:00
Bernardo Damele
8dee8355c2
on our way to make it thread safe.. it is a long way actually (issue #297 )
2012-12-14 18:13:21 +00:00
Bernardo Damele
21ecffb750
added more comments, improved cleanup method
2012-12-14 17:21:19 +00:00
Bernardo Damele
1421e6a9d4
implemented cleanup and status admin methods
2012-12-14 16:18:45 +00:00
Bernardo Damele
4fa2f400ec
minor fix
2012-12-14 15:55:30 +00:00
Bernardo Damele
4c4cb856ff
minor bug fix to the /scan/<taskid>output method, forced each taskid to have its own temporary folder for output - issue #297
2012-12-14 15:52:35 +00:00
Bernardo Damele
27906f388f
added first methods to interact with sqlmap core, it is now possible to launch a scan from the API, hurray! (issue #297 )
2012-12-14 14:51:01 +00:00
Bernardo Damele
f52d81c834
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2012-12-14 13:40:36 +00:00
Bernardo Damele
0b71c85d95
refactoring, code cleanup, more security-related headers and first /scan method implementation (issue #297 )
2012-12-14 13:40:25 +00:00
Miroslav Stampar
a3acf72e52
Fix for argparse issue
2012-12-14 14:35:11 +01:00
Bernardo Damele
3d9779ffd4
further improvements to RESTful API: enforce security headers across all HTTP responses properly and make consistent responses across methods ( #297 )
2012-12-14 12:15:04 +00:00
Bernardo Damele
7b43837238
cleaner solution for imports as standalone client/server (issue #297 )
2012-12-14 12:04:44 +00:00
Bernardo Damele
90d5696b25
enhanced RESTful API to support JSON requests and improved standalone client/server skeleton (issue #297 )
2012-12-14 12:01:13 +00:00
Bernardo Damele
2e97405ffa
bundle bottle library in sqlmap (it is MIT license) - issue #297
2012-12-14 03:00:30 +00:00
Bernardo Damele
0ec420cc70
leftovers
2012-12-14 02:54:16 +00:00
Bernardo Damele
a1b83cd56f
added first implementation of REST-JSON API library - issue #297
2012-12-14 02:52:31 +00:00
Bernardo Damele
6e31e87de1
added initial support (hidden from -hh and not yet usable) for REST-JSON API
2012-12-14 02:49:25 +00:00
Miroslav Stampar
c040323821
Minor update
2012-12-13 14:55:20 +01:00
Miroslav Stampar
b78b56d782
Update for an Issue #287 regarding read_output returning values
2012-12-12 17:17:36 +01:00
Miroslav Stampar
e381158058
Hmmm... Let me guess. Update for an Issue #287
2012-12-12 16:31:20 +01:00
Miroslav Stampar
c3f20a136f
Minor update for an Issue #287
2012-12-12 14:03:03 +01:00
Miroslav Stampar
32b39c72e4
Minor update
2012-12-12 12:07:56 +01:00
Miroslav Stampar
af52e8e8c2
Minor update for an Issue #287
2012-12-12 12:01:18 +01:00
Miroslav Stampar
a6448e8768
Update for an Issue #287
2012-12-12 11:54:59 +01:00
Miroslav Stampar
ef33729381
Writing only unique hashes to an output file (for eventual cracking with 3rd party tools)
2012-12-12 09:59:24 +01:00
Miroslav Stampar
b9f6fc5f4e
First commit (and working one) for an Issue #287 (XML-RPC server)
2012-12-11 16:02:06 +01:00
Miroslav Stampar
75e6d77fbc
Minor refactoring
2012-12-07 11:54:34 +01:00
Miroslav Stampar
974407396e
Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods)
2012-12-06 14:14:19 +01:00
Miroslav Stampar
baccbd6f48
Implementation for an Issue #283
2012-12-06 11:57:57 +01:00
Miroslav Stampar
ab67344448
Removed unused imports and variables (pyflake-ing)
2012-12-06 11:15:05 +01:00
Miroslav Stampar
b6650add46
Introducing 'new style classes' (idea from Pull request #284 )
2012-12-06 10:42:53 +01:00
Miroslav Stampar
0f191f624c
Taking some goodies from Pull request #284
2012-12-06 10:21:53 +01:00
Miroslav Stampar
d4b5133df7
Update for an Issue #272
2012-12-04 17:04:32 +01:00
Miroslav Stampar
a14697e8cf
Implementation for an Issue #272
2012-12-04 16:47:34 +01:00
Miroslav Stampar
0664e72bea
Minor fix for an Issue #230
2012-11-30 12:13:34 +01:00
Miroslav Stampar
181c3534f0
Patch for an Issue #237
2012-11-08 19:16:37 +01:00
Miroslav Stampar
3cf5fc2f5a
Fix for an Issue #230
2012-11-05 15:10:49 +01:00
Miroslav Stampar
2de52927f3
Code refactoring (epecially Google search code)
2012-10-30 18:38:10 +01:00
Miroslav Stampar
76b793b199
Fix for an Issue #228
2012-10-30 18:08:25 +01:00
Miroslav Stampar
6e2041bc13
Better language than in last commit
2012-10-30 11:54:21 +01:00
Miroslav Stampar
1bbeb92eb6
Better language (used formation 'not required' in case of help for --dependencies while 'required'->'needs' in a check itself)
2012-10-30 11:19:39 +01:00
Miroslav Stampar
919f75db9b
Improvement and fix for pivotDumpTable mechanism
2012-10-28 23:09:35 +01:00
Miroslav Stampar
d7973c3e32
Improvement of pivotDumpTable mechanism (no more fail on first entry)
2012-10-28 22:18:22 +01:00
Miroslav Stampar
c1b8226329
Massive renaming (proper naming is inband = union & error techniques! - query naming stays as they are/in code things like forgeInbandQuery are renamed to forgeUnionQuery)
2012-10-28 00:36:09 +02:00
Miroslav Stampar
a435ba6863
Minor fix
2012-10-28 00:19:00 +02:00
Miroslav Stampar
06805b27f2
Bug fix (time was also meant to be disabled in case of error/inband getvalues)
2012-10-27 23:16:25 +02:00
Miroslav Stampar
7207cf29dd
Minor update
2012-10-26 11:05:44 +02:00
Miroslav Stampar
afd82b92dd
Patch for an Issue #221
2012-10-25 10:21:36 +02:00
Miroslav Stampar
eb6f17b561
Fix for --dump and -d=mssql
2012-10-23 15:02:43 +02:00
Miroslav Stampar
fccdb824bb
Patch for an Issue #193
2012-09-25 11:21:39 +02:00
Miroslav Stampar
12d33c7a38
Fix for Issue #180 and #181 (missing module from an Issue #179 )
2012-09-10 22:39:56 +02:00
Miroslav Stampar
f1f6364690
Changing default readInput value on dictionary-based attack depending on conf.multipleTargets
2012-08-22 16:10:38 +02:00
Miroslav Stampar
01f481c332
Minor refactoring of dictionaries
2012-08-21 11:19:15 +02:00
Miroslav Stampar
b7415d36df
Minor refactoring
2012-08-21 10:28:25 +02:00
Miroslav Stampar
142fc887f1
Fix for an Issue #129
2012-07-31 11:03:44 +02:00
Miroslav Stampar
cba387a0a0
Minor speed up
2012-07-26 15:42:04 +02:00
Miroslav Stampar
655dd55a6f
Implementation of an Issue #105
2012-07-18 13:32:34 +02:00
Miroslav Stampar
41d16e55cb
Typo fix ( #102 )
2012-07-17 09:13:19 +02:00
Miroslav Stampar
c1a14257a4
Removing --disable... switches and making changes in default choice(s) for respectable sections
2012-07-16 11:31:51 +02:00
Miroslav Stampar
87ecf205cb
More work for Issue #66
2012-07-14 17:01:04 +02:00
Bernardo Damele
162da75a04
modified homepage address
2012-07-12 18:38:03 +01:00
Miroslav Stampar
bc5025b06c
Fix for Issue #59
2012-07-05 12:34:27 +02:00
Miroslav Stampar
8eefe4b71f
Getting back revision number - displayed like in GitHub commits (Issue #52 )
2012-07-02 13:01:20 +02:00
Miroslav Stampar
2a72fcce2b
Fix for Issue #42
2012-06-28 13:55:30 +02:00
jekil
c39e5a85ba
Removed $id$ tags
2012-06-27 20:56:43 +02:00
Miroslav Stampar
6c4bd84d18
minor fix (turning back the functionality of kb.suppressResumeInfo)
2012-06-25 16:19:51 +00:00
Miroslav Stampar
ec44e88db8
lots of refactoring regarding removal of already obsolete session file mechanism
2012-06-21 10:09:10 +00:00
Miroslav Stampar
d2dd47fb23
some more refactoring
2012-06-14 13:52:56 +00:00
Miroslav Stampar
75dd1d6a2b
minor fix
2012-05-27 21:54:56 +00:00
Miroslav Stampar
00d22f013f
some consistency in variable naming at the file level
2012-05-25 10:08:55 +00:00
Miroslav Stampar
e00f4a8934
minor cosmetics
2012-05-08 10:50:04 +00:00
Miroslav Stampar
a121339395
automatically writing uncracked hashes to a file for eventual further processing
2012-05-08 10:46:05 +00:00
Miroslav Stampar
83387d92bb
minor bug fix
2012-04-04 23:32:20 +00:00
Miroslav Stampar
5e358b51f9
few fixes related to bug report by Shadow Folder (AttributeError: 'list' object has no attribute 'isdigit')
2012-04-04 09:25:05 +00:00
Miroslav Stampar
b0787f193c
getting rid of obsolete getCompiledRegex (in newer versions of Python regexes are already cached)
2012-04-03 14:34:15 +00:00
Miroslav Stampar
1e01203562
few just in case "patches"
2012-04-02 12:58:10 +00:00
Miroslav Stampar
b4cf8b05b3
added switch --load-cookies
2012-03-07 14:48:45 +00:00
Miroslav Stampar
8b9c5c66cc
code refactoring regarding charsetType inside inference/bisection
2012-02-29 14:36:23 +00:00
Miroslav Stampar
3909658fc2
few minor just in case updates
2012-02-27 11:15:53 +00:00
Miroslav Stampar
f94b91ad87
added helper function for HashDB data storing/retrieval
2012-02-24 13:07:20 +00:00
Miroslav Stampar
b3bd4144f5
removing of unused imports together with some general code refactoring
2012-02-22 10:40:11 +00:00
Miroslav Stampar
bc4dd7c0dd
fix for -g
2012-02-20 10:02:19 +00:00
Miroslav Stampar
aee269cc14
gazillion changes, nothing will work, muhahaha
2012-02-17 14:22:48 +00:00
Miroslav Stampar
e1f86c97c4
minor refactoring
2012-02-16 09:46:41 +00:00
Miroslav Stampar
95f89ab63a
updating copyright date
2012-01-11 14:59:46 +00:00
Miroslav Stampar
18930539cd
more concise language
2012-01-07 17:45:45 +00:00
Miroslav Stampar
29f502fe29
some refactoring
2011-12-28 16:27:17 +00:00
Miroslav Stampar
22c3fe49bb
some refactoring
2011-12-28 13:50:03 +00:00
Miroslav Stampar
dda979a15a
minor refactoring
2011-12-27 12:31:29 +00:00
Miroslav Stampar
89d2c7c042
minor update
2011-12-22 20:54:20 +00:00
Miroslav Stampar
9f68e54fff
minor cleanup
2011-12-22 10:59:28 +00:00
Miroslav Stampar
526aacb640
code cleanup
2011-12-21 22:59:23 +00:00
Miroslav Stampar
81bd9a201b
minor refactoring
2011-12-21 11:50:49 +00:00
Miroslav Stampar
113ebf5e9d
minor update
2011-12-20 16:08:17 +00:00
Miroslav Stampar
bdc724cb46
minor bug fix
2011-12-20 10:34:28 +00:00
Miroslav Stampar
14e8ca6d41
minor fix
2011-11-23 14:26:40 +00:00
Miroslav Stampar
9b99530add
minor bug fix
2011-11-23 08:14:20 +00:00
Miroslav Stampar
e33f70269b
minor optimization
2011-11-22 12:44:28 +00:00
Miroslav Stampar
ac041399f0
minor patch
2011-11-22 11:04:43 +00:00
Miroslav Stampar
9697e80013
some more optimizations
2011-11-22 10:54:29 +00:00
Miroslav Stampar
267d67b024
minor update
2011-11-22 10:41:56 +00:00
Miroslav Stampar
b117c40aa5
major improvement of HashDB speed in multi-threaded mode
2011-11-22 10:09:35 +00:00
Miroslav Stampar
f1f0828b28
minor update
2011-11-21 22:27:47 +00:00
Miroslav Stampar
704e1a4e74
minor minor update
2011-11-21 22:19:52 +00:00
Miroslav Stampar
fcac3d494b
minor beautification
2011-11-21 22:18:04 +00:00
Miroslav Stampar
753dcb3450
minor update
2011-11-21 22:12:24 +00:00
Miroslav Stampar
da51e8a9d1
minor fix
2011-11-21 21:55:05 +00:00
Miroslav Stampar
440b7efe55
minor optimization
2011-11-20 20:14:47 +00:00
Miroslav Stampar
e1a92d59de
implementing WordPress phpass hash cracking routine
2011-11-20 19:10:46 +00:00
Miroslav Stampar
6c07573e30
minor update
2011-11-06 11:42:02 +00:00
Miroslav Stampar
030c57a0c8
minor update
2011-11-06 11:18:16 +00:00
Miroslav Stampar
2dbd51e357
fix for google searches
2011-11-06 08:55:09 +00:00
Miroslav Stampar
24bda96d9e
adding items from John the Ripper's word list to the dictionary for Oracle cracking
2011-11-02 11:21:49 +00:00
Miroslav Stampar
ea125d820d
some more speed ups for hash cracking
2011-11-02 09:57:42 +00:00
Miroslav Stampar
2f355db230
minor fix
2011-11-02 09:32:15 +00:00
Miroslav Stampar
0e96af65e6
minor update
2011-11-02 07:06:07 +00:00
Miroslav Stampar
d735582536
major speed improvement of hash cracking
2011-11-02 06:53:43 +00:00
Miroslav Stampar
b3a57391e4
minor update
2011-11-01 20:39:22 +00:00
Miroslav Stampar
3e3f037f1e
improvement of hash cracking routine
2011-11-01 19:58:22 +00:00
Miroslav Stampar
4cafc5f31b
language update
2011-11-01 19:09:17 +00:00
Miroslav Stampar
f9bb762d1d
minor improvement (resuming of already cracked values)
2011-11-01 19:00:34 +00:00
Miroslav Stampar
ef987c6954
adding compatibility support for using --crawl and --forms together
2011-10-29 09:32:20 +00:00
Miroslav Stampar
3c31ccd16e
minor update
2011-10-26 22:37:04 +00:00
Miroslav Stampar
9d31230d5e
minor update
2011-10-26 21:56:26 +00:00
Miroslav Stampar
d64c0af461
minor update
2011-10-26 14:31:00 +00:00
Miroslav Stampar
9c1d1ca5d8
minor update
2011-10-26 14:13:38 +00:00
Miroslav Stampar
2a72c1ae68
minor fix
2011-10-26 11:30:10 +00:00
Miroslav Stampar
a99547363f
some fixes
2011-10-26 11:24:15 +00:00
Miroslav Stampar
3d883a2218
minor update
2011-10-26 11:10:15 +00:00
Miroslav Stampar
d467b40ff6
minor fix
2011-10-26 10:54:43 +00:00
Miroslav Stampar
8d668b1833
some updates regarding hash attack
2011-10-26 10:30:32 +00:00
Miroslav Stampar
f41ae9cf49
minor update
2011-10-26 09:40:47 +00:00
Miroslav Stampar
0b68144c8f
minor fixes for hash cracking
2011-10-26 09:29:41 +00:00
Miroslav Stampar
18affca0bc
minor update
2011-10-26 09:14:18 +00:00
Miroslav Stampar
eaaf6041b9
minor fix
2011-10-25 11:20:42 +00:00
Miroslav Stampar
25f0ec3597
some minor range to xrange conversion (where safe to do)
2011-10-21 22:34:27 +00:00
Miroslav Stampar
7956390631
minor update
2011-10-11 22:27:49 +00:00
Miroslav Stampar
dacfeafc5f
minor optimization
2011-10-10 17:45:16 +00:00
Miroslav Stampar
47b27a5988
minor improvement of HashDB
2011-10-10 14:23:17 +00:00
Miroslav Stampar
fd9acfd7d2
fix
2011-09-26 13:36:08 +00:00
Miroslav Stampar
744636a8c1
switching to SQLite resume support (on error and union techniques this moment)
2011-09-25 20:36:32 +00:00
Bernardo Damele
c15439ab7f
Minor improvement to --passwords output
2011-08-02 09:04:34 +00:00
Miroslav Stampar
457f501bbd
proper fix
2011-08-01 23:48:38 +00:00
Miroslav Stampar
93ae1dfa2b
minor bug fix
2011-07-31 08:52:48 +00:00
Miroslav Stampar
3fc603843e
minor fix
2011-07-27 23:26:36 +00:00
Miroslav Stampar
f7eaffcec5
i believe that this could be ok
2011-07-26 21:28:48 +00:00
Miroslav Stampar
5770c08784
minor optimization and refactoring
2011-07-25 20:17:44 +00:00
Miroslav Stampar
ec1bc0219c
hello big tables, this is sqlmap, sqlmap this is big tables
2011-07-24 09:19:33 +00:00
Miroslav Stampar
7881ded60d
quick fix (this other library was doing problems)
2011-07-20 22:20:16 +00:00
Miroslav Stampar
9d996c07fb
another quick fix
2011-07-20 13:00:34 +00:00
Miroslav Stampar
fad77dd078
fix for a ImportError bug reported by g@brindi.si
2011-07-20 12:18:36 +00:00
Miroslav Stampar
9cf33ec997
now status is no longer represented in percentage (impossible in cases where we need to support too small and too large dictionaries - technical issues regarding counting) but by the rotating char
2011-07-15 13:24:13 +00:00
Bernardo Damele
cda25cda2f
Cosmetics
2011-07-12 20:49:27 +00:00
Miroslav Stampar
3583d6dd1b
quick fixes, more work to do
2011-07-12 20:32:19 +00:00
Miroslav Stampar
0126b8eb0e
minor revert (it's illegal to use append for updating one array with another array)
2011-07-12 19:34:54 +00:00
Bernardo Damele
48b7245a33
Minor bug fix
2011-07-12 15:47:04 +00:00
Bernardo Damele
0b8c6e4c81
Minor bug fix
2011-07-12 15:30:40 +00:00
Miroslav Stampar
1f826684f6
disabling multiprocessing (maybe permanently) support for Windows as of complications with sharing dictionary iterator
2011-07-11 13:16:59 +00:00
Miroslav Stampar
7bc6280d53
possible fix for a multi-processing "problem" reported by christopher.oakley@gmail.com
2011-07-11 11:40:27 +00:00
Miroslav Stampar
f5e45bf113
quick fix for a bug reported by jovon.itwaru@gmail.com
2011-07-11 08:54:39 +00:00
Bernardo Damele
aedcf8c8d7
Changed homepage address
2011-07-07 20:10:03 +00:00
Miroslav Stampar
93b296e02c
few bug fixes (NTLM credential parsing was wrong), some switch reordering (few Misc to General), implemented --check-waf switch (irony is that this will also be called highly experimental/unstable while other things will be called "major/turbo/super bug fix/implementation")
2011-07-06 05:44:47 +00:00
Miroslav Stampar
b8ffcf9495
few fixes here and there and multi-core processing for dictionary based hash attack
2011-07-04 19:58:41 +00:00
Bernardo Damele
861cdb1b14
cosmetics
2011-07-01 10:04:34 +00:00
Miroslav Stampar
4513ef409e
massive (like really massive) dictionary support
2011-06-30 23:44:49 +00:00
Miroslav Stampar
43db6b03a7
update with a feature request (file with list of wordlist files)
2011-06-30 08:42:43 +00:00
Miroslav Stampar
e00cf81f7e
minor update
2011-06-24 19:50:13 +00:00
Miroslav Stampar
e9286ddd5b
fix for a bug reported by g@brindi.si (UnicodeDecodeError: 'ascii' codec can't decode byte 0xc2 in position
...
47: ordinal not in range(128))
2011-06-24 19:24:11 +00:00
Miroslav Stampar
eaa2a4202f
changing to: --crawl=CRAWLDEPTH
2011-06-24 05:40:03 +00:00
Bernardo Damele
1cb12ea659
replaced third-party library python-mysql with python pymysql, http://code.google.com/p/pymysql/ (MIT license)
2011-06-22 13:31:07 +00:00
Miroslav Stampar
dfc02d8c3c
sorry Bernardo, i hope your mobile is turned off :)))
2011-06-20 22:47:24 +00:00
Miroslav Stampar
2a4a284a29
crawler fix (skip binary files)
2011-06-20 22:41:38 +00:00
Miroslav Stampar
20bb1a685b
really minor update
2011-06-20 21:57:53 +00:00
Miroslav Stampar
812cd2f19b
minor update
2011-06-20 21:47:03 +00:00
Miroslav Stampar
e8ac7414f2
bug fix
2011-06-20 21:36:15 +00:00
Miroslav Stampar
d6062e8fc9
minor fix for crawler and far less message overlaps in future
2011-06-20 21:18:12 +00:00
Miroslav Stampar
8968c708a0
minor update
2011-06-20 14:27:24 +00:00
Miroslav Stampar
17fac6f67f
minor update
2011-06-20 13:53:39 +00:00
Miroslav Stampar
4d1fa5596b
added support for --scope in --crawl mode
2011-06-20 12:37:51 +00:00
Miroslav Stampar
42746cc706
bug fix
2011-06-20 12:18:46 +00:00
Miroslav Stampar
cda39ca350
minor update
2011-06-20 11:46:23 +00:00
Miroslav Stampar
07e2c72943
adding Beautifulsoup (BSD) into extras; adding --crawl to options
2011-06-20 11:32:30 +00:00
Miroslav Stampar
d55a242908
minor improvement. messages are now warnings (not errors because lots of them are not causing problems for a normal usage) and most of all it's being checked only if the --dependencies is used (until now this switch has been ignored and turned on by default - always)
2011-06-14 19:38:35 +00:00
Miroslav Stampar
1e17c0d4a1
switching to debug mode for missing dependencies
2011-06-14 08:47:06 +00:00
Bernardo Damele
8978fded03
typo fix
2011-06-13 19:00:27 +00:00
Bernardo Damele
7152a1ed3b
Added --dependences to show which sqlmap dependences are not available
2011-06-13 18:44:02 +00:00
Miroslav Stampar
6b81eef65a
refactoring
2011-06-08 14:30:12 +00:00
Bernardo Damele
9a4ae7d9e2
More code refactoring of Backend class methods used
2011-04-30 14:54:29 +00:00
Bernardo Damele
f56d135438
Minor code restyling
2011-04-30 13:20:05 +00:00
Miroslav Stampar
75142b383d
huge speed up (4x times faster)
2011-04-22 21:00:42 +00:00
Miroslav Stampar
f88aa4b165
implemented suppressResumeInfo mechanism (huge slowdown on large tables)
2011-04-22 19:58:10 +00:00
Miroslav Stampar
493b9adf8e
speed up of resume values (compiled regexes used)
2011-04-22 19:27:41 +00:00
Miroslav Stampar
b5aef9bcf9
fix for a bug reported by nightman (TypeError: unsupported operand type(s) for +: 'NoneType' and 'str')
2011-04-18 10:16:38 +00:00
Miroslav Stampar
0387654166
update of copyright string (until year)
2011-04-15 12:33:18 +00:00
Miroslav Stampar
bf55b0b77a
more restrictions on crypt(3) hash recognition to prevent false positives
2011-04-13 14:40:23 +00:00
Miroslav Stampar
0ae74f27e4
avoiding annoying "payload 'None' possibly..." in case where payload is not specified
2011-04-11 15:24:52 +00:00
Bernardo Damele
beb98140b3
Minor improvement to --check-payload
2011-04-08 14:34:00 +00:00
Bernardo Damele
5b21352656
cosmeticados ;)
2011-04-08 10:39:07 +00:00
Miroslav Stampar
fdef6726cf
minor update
2011-04-06 08:30:50 +00:00
Bernardo Damele
d436ba2da5
Minor "fix" when reading hashes from a local sqlite3 (result of --replicate) and there is an int as value
2011-04-06 08:19:56 +00:00
Bernardo Damele
c3b54cc222
Cosmetics
2011-04-01 16:40:28 +00:00
Miroslav Stampar
ee15988878
another minor update related to previous commit
2011-03-31 17:34:07 +00:00
Miroslav Stampar
220366b6e8
minor update (ip addresses will not be confused any more for crypt_generic hashes)
2011-03-31 16:56:26 +00:00
Miroslav Stampar
7cf4ba83dc
minor refactoring and comment update
2011-03-29 12:08:07 +00:00
Miroslav Stampar
1821a008af
Ctrl+C in dictionary attack phase will now not abort the whole enumeration; also, question for common suffixes will now be asked only once
2011-03-29 12:00:29 +00:00
Miroslav Stampar
a9f5d828c6
minor fix avoiding problems with hashing strange characters in usernames
2011-03-29 07:50:07 +00:00
Miroslav Stampar
dba32306b0
minor update
2011-03-26 22:03:46 +00:00
Miroslav Stampar
d8f7c4bc4c
minor update regarding support for crypt(3)
2011-03-26 21:41:37 +00:00
Miroslav Stampar
4f00b9fa4b
minor fix
2011-03-26 21:10:31 +00:00
Miroslav Stampar
afe2be6a9f
implementation of Standard DES hashing (crypt)
2011-03-26 20:46:25 +00:00
Miroslav Stampar
ecbbfeba6e
introduction of --fresh-queries
2011-03-24 10:08:47 +00:00
Miroslav Stampar
d79fae724c
minor refactoring
2011-03-24 09:16:21 +00:00
Miroslav Stampar
0bb08d09d2
fix for a bug reported by Kirill (value is None in attack table phase) and minor fix for loading request file
2011-03-24 08:43:40 +00:00
Miroslav Stampar
1879a49506
fix for a bug reported by andreoaz@gmail.com
2011-03-10 20:40:12 +00:00
Bernardo Damele
0a81415f2f
Minor code cleanup
2011-02-08 00:02:54 +00:00
Bernardo Damele
6a71629575
Converted from DOS format (\n\r to \n only)
2011-02-06 23:25:55 +00:00
Miroslav Stampar
fa58a9c86b
update (now URIs like www.site.com/id82 are automatically treated as possible URI injectable)
2011-01-31 20:36:01 +00:00
Miroslav Stampar
ddf23ba7cc
refactoring
2011-01-30 11:36:03 +00:00
Miroslav Stampar
367d0639f0
refactoring (class names should always be Capital cased)
2011-01-28 16:36:09 +00:00
Miroslav Stampar
0f4fb156d3
major bug fix
2011-01-28 14:09:28 +00:00
Bernardo Damele
e734efcda7
Removed deprecated code
2011-01-20 21:50:58 +00:00
Bernardo Damele
bade0e3124
Major code refactoring - centralized all kb.dbms* info for both retrieval and set.
2011-01-19 23:06:15 +00:00
Miroslav Stampar
99a3a3b89c
minor fix (break if all found)
2011-01-17 09:41:25 +00:00
Miroslav Stampar
0fcca671bd
information update regarding common password suffixes
2011-01-17 09:28:25 +00:00
Miroslav Stampar
3873d204bb
important update for dictionary attack
2011-01-15 15:56:11 +00:00
Miroslav Stampar
5bdb50c224
code review part 3
2011-01-15 13:15:10 +00:00
Bernardo Damele
2ac8debea0
Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS.
...
Minor bug fixes thanks to previous refactoring too.
2011-01-13 17:36:54 +00:00
Miroslav Stampar
e3146464da
minor fix for a bug reported by nightman
2011-01-11 12:27:22 +00:00
Miroslav Stampar
643c464268
minor fix
2011-01-11 12:16:20 +00:00
Miroslav Stampar
e3899f7467
fix of a fix
2011-01-07 18:07:18 +00:00
Miroslav Stampar
8e83a26acf
minor fix
2011-01-07 17:53:17 +00:00
Miroslav Stampar
ed2aed972f
minor fix
2011-01-07 17:38:28 +00:00
Bernardo Damele
27628dca42
cosmetics
2011-01-07 17:25:22 +00:00
Miroslav Stampar
b313a20a3f
some fixes
2011-01-07 16:39:47 +00:00
Miroslav Stampar
fdc463d08b
fix for a bug reported by deep_freeze@mail.ru (IndexError: list index out of range)
2011-01-03 23:36:35 +00:00
Miroslav Stampar
0eabca9fd4
update for a previous update (putting conf.dataEncoding in getUnicode wherever we know that data won't be 'touched' or 'used' in anyway related to the current web page - if not sure, just leave it as it is)
2011-01-03 22:31:29 +00:00
Miroslav Stampar
ce48ea75d0
noticed that google search page sometimes contain double html escaped links - double htmlunescape solves the problem, while dealing no harm to single html escaped links
2011-01-03 14:39:23 +00:00
Miroslav Stampar
92e4cdb241
raising critical when google detects strange traffic and also removing obsolete sqlmapSiteTooDynamic
2011-01-03 14:21:41 +00:00
Miroslav Stampar
79e97824ef
adding user names to the attack dictionary
2010-12-29 00:37:53 +00:00
Miroslav Stampar
c8f8dbf0a7
minor update
2010-12-27 15:39:27 +00:00
Miroslav Stampar
51a492e17d
pretty important commit (now dumped tables are prone to dictionary attack)
2010-12-27 10:56:28 +00:00
Miroslav Stampar
39a13077c4
minor bug fix
2010-12-21 23:09:41 +00:00
Miroslav Stampar
21d083272e
minor minor fix
2010-12-18 14:31:41 +00:00
Miroslav Stampar
4f73feec2f
now dictionary attack on multiple hash formats is supported (like mysql_passwd and mysql_old_passwd in one database)
2010-12-18 14:11:49 +00:00
Miroslav Stampar
5764816891
minor cosmetics
2010-12-03 22:28:09 +00:00
Bernardo Damele
b0928e02c6
Proper comment
2010-12-03 10:39:36 +00:00
Bernardo Damele
09b265a1ea
Got rid of conf.logic for the moment, haven't decided yet what to do with parenthesis check
2010-12-01 23:32:02 +00:00
Bernardo Damele
7e3b24afe6
Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own.
...
All (hopefully) functionalities should still be working.
Added two switches, --level and --risk to specify which injection tests and boundaries to use.
The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!
2010-11-28 18:10:54 +00:00
Miroslav Stampar
c54c9ee5d1
minor update
2010-11-23 22:33:00 +00:00
Miroslav Stampar
57ad59206b
cosmetics as it's best
2010-11-23 22:09:10 +00:00
Miroslav Stampar
7a147041c4
cosmetics
2010-11-23 21:44:58 +00:00
Miroslav Stampar
f4f0bc9db3
minor fix
2010-11-23 21:17:01 +00:00
Miroslav Stampar
7877a931d5
more cosmetics regarding dictionary attack
2010-11-23 20:54:40 +00:00
Miroslav Stampar
e3b3e05748
minor update
2010-11-23 19:21:30 +00:00
Miroslav Stampar
0d24a15182
more cosmetics
2010-11-23 19:10:34 +00:00
Miroslav Stampar
836a1c214a
los cosmeticados (of hash dictionary attack)
2010-11-23 18:57:00 +00:00
Miroslav Stampar
b41ee8d0d0
minor refactoring
2010-11-23 14:57:36 +00:00
Miroslav Stampar
aa5d038f18
more code refactoring
2010-11-23 14:50:47 +00:00
Miroslav Stampar
3cae76627c
code refactoring regarding dictionary attack
2010-11-23 13:58:01 +00:00
Miroslav Stampar
ba4ea32603
first working version of dictionary attack
2010-11-23 13:24:02 +00:00
Miroslav Stampar
bfc9378542
sorry, even more proper naming should be like this (passwd is a standard naming for this kind of function(s))
2010-11-20 13:22:59 +00:00
Miroslav Stampar
db59faedb9
more proper naming
2010-11-20 13:20:28 +00:00
Miroslav Stampar
1f8a9fe033
foundations for dictionary attack support combined with the sqlmap's password/hash retrieval functionality (--password switch)
2010-11-20 13:14:13 +00:00
Miroslav Stampar
71107e4e9e
quick fix for google searches
2010-11-19 21:38:20 +00:00
Miroslav Stampar
df88280681
minor update of google regex (that * was a junky one)
2010-11-19 10:04:29 +00:00
Miroslav Stampar
e8bef28337
updating google parsing regex (for the better, of course)
2010-11-19 10:00:29 +00:00
Bernardo Damele
17486e472a
Proper english (--postfix is now --suffix) and --string/--regexp does not necessarily need to match into the original response body, it might well be in the injected True condition only!
2010-11-17 22:00:09 +00:00
Miroslav Stampar
862395ced1
further refactoring (all enumerations are now put into enums.py)
2010-11-08 09:20:02 +00:00
Bernardo Damele
b6da946883
Added one new verbose level, -v 3 now shows the full injected payload.
...
Fixed also -d verbose output.
2010-11-07 22:34:29 +00:00
Miroslav Stampar
d3e7e89e60
major improvement with display of payloads (all payloads are displayed now) and removal of "pesky" spaces
2010-11-07 21:18:09 +00:00
Miroslav Stampar
6adee3792a
removed all trailing spaces from blank lines
2010-11-03 10:08:27 +00:00
Miroslav Stampar
70f6eab715
minor update
2010-11-02 12:08:28 +00:00
Bernardo Damele
46be570463
Proper HTTP version display
2010-10-31 15:41:28 +00:00
Miroslav Stampar
f7d42af046
some fixes regarding --check-payload
2010-10-29 11:00:23 +00:00
Miroslav Stampar
228ac0cde5
refactoring regarding --check-payload
2010-10-25 18:38:54 +00:00
Miroslav Stampar
378653a1ec
added IDS payload testing
2010-10-25 15:37:43 +00:00
Miroslav Stampar
bc79eec702
removed queriesfile.py, implemented XMLObject approach (still shell.py and udf.py TODO)
2010-10-21 13:13:12 +00:00
Miroslav Stampar
be443c6947
refactoring regarding __START__,...
2010-10-21 09:51:07 +00:00
Miroslav Stampar
4f7f20b94f
sorry, cosmetics
2010-10-14 23:18:29 +00:00
Miroslav Stampar
2bbe0c9ba6
bug fix for Ctrl+C
2010-10-14 15:23:42 +00:00
Miroslav Stampar
8b48833136
large commit with copyright header modifications
2010-10-14 14:41:14 +00:00
Miroslav Stampar
43a3ac2c3a
some bug fixes
2010-10-13 20:54:18 +00:00
Miroslav Stampar
18d27cabc5
more changes
2010-10-07 15:34:17 +00:00
Miroslav Stampar
440ff639bb
more refactoring
2010-10-07 14:05:34 +00:00
Miroslav Stampar
e80a66acc5
minor update
2010-10-07 12:21:59 +00:00
Miroslav Stampar
1bf8939e2f
further updates
2010-10-06 22:43:04 +00:00
Miroslav Stampar
0ad8090ad8
fix for a google bug reported by Brandon E.
2010-10-01 08:03:39 +00:00
Miroslav Stampar
c6bf0e43af
minor update
2010-09-27 13:41:18 +00:00
Miroslav Stampar
c39d819dd2
fix for a resume bug reported by Augusto Urbieta
2010-07-20 08:13:02 +00:00
Bernardo Damele
9bce22683b
Minor bug fix and adjustment to deal with Keep-Alive also against Google (-g)
2010-06-11 10:08:19 +00:00
Miroslav Stampar
12a5ec9f3d
more unicode refactoring
2010-06-02 12:45:40 +00:00
Bernardo Damele
89c721a451
More replacements from open() to codecs.open(). conf.dataEncoding has to be used only for non-binary files.
2010-05-29 10:10:28 +00:00
Miroslav Stampar
a3db3c03c1
str() -> unicode()
2010-05-28 13:05:02 +00:00
Miroslav Stampar
20d05cc404
way to handle re.I (ignore case) while using getCompiledRegex
2010-05-21 15:03:40 +00:00
Miroslav Stampar
5d5ebd49b6
introducing regex caching mechanism
2010-05-21 14:42:59 +00:00
Miroslav Stampar
e938331d8e
better regex used avoiding garbage google images
2010-05-15 22:02:28 +00:00
Miroslav Stampar
d20b99ed65
fix (google is changing that class r to class "r")
2010-05-15 21:51:31 +00:00
Miroslav Stampar
b8a5a54395
minor update
2010-05-15 20:44:08 +00:00
Miroslav Stampar
ca3e12ae73
added calculateDeltaSeconds method for dealing with non-deterministic time behaviour in some cases (e.g. WAITFOR DELAY in case of MSSQL)
2010-05-13 11:05:35 +00:00
Bernardo Damele
457d32c73e
Proper displaying of debug messages (-v >= 2)
2010-05-11 13:58:53 +00:00
Miroslav Stampar
6752e66164
added charsetType=2 (integer) to queryOutputLength
2010-05-11 12:23:38 +00:00
Bernardo Damele
758a858785
Minor adjustments
2010-04-06 20:40:14 +00:00
Miroslav Stampar
3fe9f9cac9
another fix
2010-04-06 15:28:34 +00:00
Miroslav Stampar
a6a2e993cc
minor update
2010-04-06 15:24:56 +00:00
Miroslav Stampar
e2810003ae
more update
2010-04-06 15:12:52 +00:00
Miroslav Stampar
c24f1cc07c
some update
2010-04-06 14:59:31 +00:00
Miroslav Stampar
60f04f0a41
new module for interruptable threads
2010-04-06 14:33:57 +00:00
Miroslav Stampar
5a6a01f24c
added socket timeout exception handling regarding that timeout message from Fahad Al Shunaiber
2010-03-26 11:51:23 +00:00
Bernardo Damele
f9a135e232
Minor bug fix and layout adjustment regarding --threading and standard output
2010-03-22 17:38:19 +00:00
Bernardo Damele
d00e4a458a
Code cleanup
2010-03-21 00:39:44 +00:00
Miroslav Stampar
a6ab42c873
new file with getch() method which we'll use for good samaritan feature
2010-03-13 17:28:23 +00:00
Bernardo Damele
e8d76994ba
Minor bug fix to avoid resuming data filled into the sqlmap support tables
2010-03-12 14:30:21 +00:00
Bernardo Damele
fdf417f57e
Minor adjustment and bug fix
2010-03-10 22:08:11 +00:00
Miroslav Stampar
3f3ddd5437
fix for that SELECT DISTINCT(LENGTH(...)) "misbehavior"
2010-03-09 13:14:43 +00:00
Bernardo Damele
7136c17f19
Minor log adjustments
2010-03-05 14:59:33 +00:00
Miroslav Stampar
6fd1f7f77c
update
2010-03-05 14:06:03 +00:00
Bernardo Damele
156fdd96ef
Updated copyright
2010-03-03 15:26:27 +00:00
Miroslav Stampar
645afee359
some changes
2010-01-28 00:25:36 +00:00
Miroslav Stampar
3197fada59
update of IDS checking method
2010-01-25 10:06:52 +00:00
Bernardo Damele
952c280083
Added svn keyword
2010-01-25 09:21:39 +00:00
Miroslav Stampar
e689c2ec99
another minor fix (svn header comment)
2010-01-25 00:29:19 +00:00
Miroslav Stampar
44a74ccee8
minor grammar fix
2010-01-25 00:26:51 +00:00
Miroslav Stampar
b183b9cbb4
contains method for detecting if the generated payload is detectable by the PHPIDS filter rules
2010-01-25 00:25:58 +00:00
Bernardo Damele
4ce3abc56d
Minor adjustments
2010-01-15 17:42:46 +00:00
Miroslav Stampar
5f171340f5
introduced safe string formatting
2010-01-15 16:06:59 +00:00
Bernardo Damele
df36eb6d11
Minor bug fix in --resume functionality
2010-01-11 14:16:37 +00:00
Bernardo Damele
ce022a3b6e
sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup.
2010-01-02 02:02:12 +00:00
Bernardo Damele
d55175a340
Fixed resume functionality on --read-file when using MySQL's LOAD_FILE() via blind SQL injection.
2010-01-02 01:35:13 +00:00
Bernardo Damele
89c43893d4
Merged back from personal branch to trunk (svn merge -r846:940 ...)
...
Changes:
* Major enhancement to the Microsoft SQL Server stored procedure
heap-based buffer overflow exploit (--os-bof) to automatically bypass
DEP memory protection.
* Added support for MySQL and PostgreSQL to execute Metasploit shellcode
via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an
option instead of uploading the standalone payload stager executable.
* Added options for MySQL, PostgreSQL and Microsoft SQL Server to
read/add/delete Windows registry keys.
* Added options for MySQL and PostgreSQL to inject custom user-defined
functions.
* Added support for --first and --last so the user now has even more
granularity in what to enumerate in the query output.
* Minor enhancement to save the session by default in
'output/hostname/session' file if -s option is not specified.
* Minor improvement to automatically remove sqlmap created temporary
files from the DBMS underlying file system.
* Minor bugs fixed.
* Major code refactoring.
2009-09-25 23:03:45 +00:00
Bernardo Damele
16b4530bbe
Minor bug fixes to --os-shell (altought web backdoor functionality still to be reviewed).
...
Minor common library code refactoring.
Code cleanup.
Set back the default User-Agent to sqlmap for comparison algorithm reasons.
Updated THANKS.
2009-04-27 23:05:11 +00:00
Bernardo Damele
8c0ac767f4
Updated to sqlmap 0.7 release candidate 1
2009-04-22 11:48:07 +00:00
Bernardo Damele
5560f0b68a
Updated the copyright
2009-01-12 21:35:38 +00:00
Bernardo Damele
8d06975142
Major enhancement to make the comparison algorithm work properly also
...
on url not stables automatically by using the difflib SequenceMatcher
object: this changed a lot into the structure of the code, has to be
extensively beta-tested!
Please, do report bugs on sqlmap-users mailing list if you scout them.
Cheers,
Bernardo
2008-12-20 01:54:08 +00:00
Bernardo Damele
bf2a857b9a
Minor adjustments and minor bug fixes. Documentation almost complete for sqlmap 0.6.3.
2008-12-12 19:06:31 +00:00
Bernardo Damele
9dbad512f1
sqlmap 0.6.3-rc4: minor enhancement to be able to specify extra HTTP headers
...
by providing option --headers. By default Accept, Accept-Language and
Accept-Charset headers are set.
Added support to get the injection payload prefix and postfix from user.
Minor bug fix to exclude image files when parsing (-l) proxies log files.
Minor code adjustments.
Updated documentation.
2008-12-08 21:24:24 +00:00
Bernardo Damele
6e548eb2ec
Completed support to get the list of targets from WebScarab/Burp proxies
...
log file and updated the documentation
2008-11-27 22:33:33 +00:00
Bernardo Damele
9be844cf3e
Adapted the code to support a list of targets from a text file (Burp log file) or from a directory (WebScarab conversations folder) with command line option -l.
2008-11-20 17:56:09 +00:00
Bernardo Damele
66fb3c3033
Minor enhancement to show the DBMS operating system (if fingerprinted)
...
also when only -b option is provided since it's an information that
sqlmap get parsing the DBMS banner.
Got rid completely of useless passive fuzzing.
2008-11-17 11:22:03 +00:00
Bernardo Damele
ecc4a98071
Properly moved and improved inject.goStacked() function and newly
...
implemented Time based blind SQL injection now is a single test file
within the lib/techniques/ folder.
Renamed lib/techniques/inference to lib/techniques/blind, it is more
approriate and adapted the rest of the libraries.
Updated ChangeLog file.
2008-11-12 23:44:09 +00:00
Bernardo Damele
a5b2366033
Implemented a better way to deal with % characters in parameters' value. Minor code restyle.
2008-10-16 15:31:02 +00:00
Bernardo Damele
892a7b2f8a
propsets..
2008-10-15 15:56:32 +00:00
Bernardo Damele
8e3eb45510
After the storm, a restore..
2008-10-15 15:38:22 +00:00