Commit Graph

5685 Commits

Author SHA1 Message Date
Miroslav Stampar
a18c69d78b Fixes #1564 2015-11-25 10:21:32 +01:00
Miroslav Stampar
829351421f Minor cosmetics 2015-11-25 10:12:07 +01:00
Miroslav Stampar
5020269f50 Adding extra mark into non-git checkouts 2015-11-24 09:38:28 +01:00
Miroslav Stampar
527dcce08d Better alternative (on Linux getctime() is the time of the last metadata change) 2015-11-24 09:25:11 +01:00
Miroslav Stampar
bdb496eaa5 Fixes #1558 2015-11-23 09:24:30 +01:00
Miroslav Stampar
4d576928a7 Fixes #1554 2015-11-22 16:05:48 +01:00
Miroslav Stampar
376037123b Minor fix 2015-11-22 15:33:00 +01:00
Miroslav Stampar
a5489516eb Fixes #1550 2015-11-20 16:52:59 +01:00
Miroslav Stampar
7fa9c8e938 Patch for an Issue #1546 2015-11-20 11:38:26 +01:00
Miroslav Stampar
efe41fbdc7 Fixes #1547 2015-11-20 11:32:54 +01:00
Miroslav Stampar
19f6eb234b Revert of #58e049a60d250b881af60091215c75daa3f5c01a (I can imagine couple of things that could go wrong) 2015-11-17 08:52:24 +01:00
Miroslav Stampar
58e049a60d More generic approach for number of pre-open sockets (Issue #1540) 2015-11-17 02:45:27 +01:00
Miroslav Stampar
fd2908336a Minor just in case patch 2015-11-17 02:35:53 +01:00
Miroslav Stampar
5be0a83e94 Minor patch 2015-11-17 01:38:43 +01:00
Miroslav Stampar
89abeb0244 Patch for 'Exception in thread Thread-1 (most likely raised during interpreter shutdown)' 2015-11-17 01:09:57 +01:00
Miroslav Stampar
abb1c6a621 Less intensive loop 2015-11-17 00:12:04 +01:00
Miroslav Stampar
41b8dfab86 Implementation for an Issue #1540 2015-11-16 23:46:10 +01:00
Miroslav Stampar
4335ae8330 Patching previous commit 2015-11-16 16:59:54 +01:00
Miroslav Stampar
94639d11a3 Another update related to the #1539 2015-11-16 15:33:05 +01:00
Miroslav Stampar
c1e3431877 Minor patch 2015-11-16 15:32:28 +01:00
Miroslav Stampar
768e5da589 Removing leftover (from 5593bf2fee) 2015-11-16 15:04:09 +01:00
Miroslav Stampar
5593bf2fee Another patch related to #1539 (simplifying unicode bad chars and preventing double encoding of safe chars) 2015-11-16 15:02:30 +01:00
Miroslav Stampar
ca933fcf1d Another patch for #1539 2015-11-16 14:08:43 +01:00
Miroslav Stampar
a212f0c240 Another patch for #1539 2015-11-16 12:56:15 +01:00
Miroslav Stampar
9c69f56a34 Proper patch for an Issue #1539 2015-11-16 11:59:09 +01:00
Miroslav Stampar
fb2cb25afe Bug fix for an Issue #1539 2015-11-16 11:56:15 +01:00
Miroslav Stampar
d772e7e1d5 Fixes #1529 2015-11-11 16:07:11 +01:00
Miroslav Stampar
07b1407345 Patches #1530 2015-11-11 15:55:28 +01:00
Miroslav Stampar
bc215d1b19 I believe that this was a wrong decision. Patching 2015-11-09 14:11:08 +01:00
Miroslav Stampar
17350fb4ec Proper fix for #1146 (/ has been escaped with \/ in output) 2015-11-09 14:05:53 +01:00
Miroslav Stampar
22484c8599 Bug fix (-p Host didn't work, while -p host worked) 2015-11-09 13:19:55 +01:00
Miroslav Stampar
42649005c2 Lots of fixes and refactoring in search department 2015-11-08 16:37:46 +01:00
Miroslav Stampar
b4526a3d51 Bug fix (usage of socks and http proxies in --proxy-file didn't work together) 2015-11-08 02:20:29 +01:00
Miroslav Stampar
193f8190c4 Adding new warning message 2015-11-07 23:30:24 +01:00
Miroslav Stampar
c31e23e514 Patch for an Issue #1516 2015-11-06 11:19:55 +01:00
Miroslav Stampar
5198e4c816 Minor bug fix (based on private user report) 2015-11-04 15:04:38 +01:00
Miroslav Stampar
3451372d4e Fixes #1521 2015-11-04 14:48:40 +01:00
Miroslav Stampar
6adb6eabec Fixes #1517 2015-11-03 14:53:41 +01:00
Miroslav Stampar
064c2a71ed Fixes #1510 2015-11-01 22:56:26 +01:00
Miroslav Stampar
4dc0c05172 Fixes #1505 2015-10-31 10:16:44 +01:00
Miroslav Stampar
04aaa5985b Fixes #1497 2015-10-29 17:02:47 +01:00
Miroslav Stampar
0b64cf803c Fixes #1496 2015-10-29 16:52:17 +01:00
Miroslav Stampar
d41cd53d31 Minor style fix (distinguish form from URL testing when --forms --crawl combo used) 2015-10-28 14:03:21 +01:00
Miroslav Stampar
caafa377a6 Fixes #1495 2015-10-28 10:29:12 +01:00
Miroslav Stampar
8fbac5a99e Patch for --proxy-file 2015-10-25 15:58:43 +01:00
Miroslav Stampar
89e36392f7 Fixes #1486 2015-10-25 15:32:02 +01:00
Miroslav Stampar
1b81084106 Fixes #1484 2015-10-23 23:48:41 +02:00
Miroslav Stampar
2c754b57bb Minor patch 2015-10-23 14:29:48 +02:00
Miroslav Stampar
8f9979c302 Patch for an Issue #541 2015-10-22 20:51:05 +02:00
Miroslav Stampar
5fb8ae9d3c Fixes #1479 2015-10-22 19:59:16 +02:00
Miroslav Stampar
fbec463b49 Adding new bold patterns 2015-10-22 15:44:08 +02:00
Miroslav Stampar
7c1cff6749 Fixing ancient bug (introduced with #6c80f29) - that removes original value when --prefix used 2015-10-22 15:14:12 +02:00
Miroslav Stampar
90ad914c1e Patch related to the #1477 2015-10-22 14:58:06 +02:00
Miroslav Stampar
8aada250f3 Fixes #1471 2015-10-19 11:08:58 +02:00
Miroslav Stampar
3dc8820caa Fixes #1474 2015-10-19 10:38:38 +02:00
Miroslav Stampar
441196f360 Fixes #1470 2015-10-16 23:59:39 +02:00
Miroslav Stampar
f793a26095 Removing ugly duplicating of \ (hidden bugs came - e.g. DNS exfiltration) 2015-10-15 16:00:59 +02:00
Miroslav Stampar
956047b43f Patch for an Issue #1468 2015-10-15 13:07:43 +02:00
Miroslav Stampar
475ca5277a Minor information update regarding #541 2015-10-14 16:11:11 +02:00
Miroslav Stampar
e3ae026077 Fixes #1467 2015-10-14 15:19:44 +02:00
Miroslav Stampar
80aca35dd1 Removing #1450 2015-10-13 15:00:59 +02:00
Miroslav Stampar
c4df6f3a22 Fixes #1465 2015-10-13 13:31:28 +02:00
Miroslav Stampar
570562369b Further fixes for sqlmap to work properly with HSQLDB (WebGoat) 2015-10-13 13:04:59 +02:00
Miroslav Stampar
b9a44555ff Fixes #1462 2015-10-11 15:20:10 +02:00
Miroslav Stampar
47a42c234e Fixes #1459 2015-10-10 19:19:50 +02:00
Miroslav Stampar
9641e84dd9 Bug fixes for HSQLDB 2015-10-09 16:52:13 +02:00
Miroslav Stampar
41db0e0eea range to xrange (leftovers) 2015-10-09 13:48:21 +02:00
Miroslav Stampar
d424d4cdc7 Fixes #1457 2015-10-09 11:54:28 +02:00
Miroslav Stampar
8bf236ce11 Minor patch for SQLite parsing of schemas 2015-10-07 10:01:48 +02:00
Miroslav Stampar
fd686fb691 Patch related to the #1455 2015-10-07 09:43:25 +02:00
Miroslav Stampar
eb7c18d1f8 Fixes #1452 2015-10-07 09:25:14 +02:00
Miroslav Stampar
657d71119b Fixes #1453 2015-10-07 09:22:11 +02:00
Miroslav Stampar
78bbf5d63c Fixes #1451 2015-10-06 14:17:35 +02:00
Miroslav Stampar
551b7e4b45 Patch for an Issue #1450 2015-10-06 13:23:01 +02:00
Miroslav Stampar
95ce5a4a09 Fixes #1444 2015-10-05 16:33:10 +02:00
Miroslav Stampar
b98f84a610 Fixes #1443 2015-10-05 16:26:12 +02:00
Miroslav Stampar
1258b354c3 Minor refactoring 2015-10-05 16:09:58 +02:00
Miroslav Stampar
20c19f33dc Minor update 2015-10-05 15:51:21 +02:00
Miroslav Stampar
1c6e288eb1 Fixes #1447 2015-10-05 15:33:29 +02:00
Miroslav Stampar
acd6b7797f Fixes #1446 2015-10-05 15:18:54 +02:00
Miroslav Stampar
53de0e8949 Implements #1442 2015-10-01 11:57:33 +02:00
Miroslav Stampar
29edb4f75c Fixes #1440 2015-09-30 11:26:56 +02:00
Miroslav Stampar
a1a7161fab Fixes #1441 2015-09-30 10:13:19 +02:00
Miroslav Stampar
5ce4d4d2ec Fixes #1439 2015-09-29 10:10:39 +02:00
Miroslav Stampar
906cb6d3c2 Removing a hard limit to use --start/--stop only for --dump scenarios 2015-09-28 11:11:39 +02:00
Miroslav Stampar
ac467bc453 Fixes #1437 2015-09-28 09:54:41 +02:00
Miroslav Stampar
1fd6b007ab Less critical messages when something goes wrong with connection 2015-09-27 16:36:20 +02:00
Miroslav Stampar
ef22f31fdf Fixes #1433 2015-09-27 16:17:58 +02:00
Miroslav Stampar
5bade7947b Fixes #1435 2015-09-27 16:09:02 +02:00
Miroslav Stampar
5ed106ecea Patch for an Issue #1434 2015-09-27 15:59:17 +02:00
Miroslav Stampar
38541b021a Implementing hidden switch '--force-threads' on request (to force multi-threading in time-based SQLi) 2015-09-26 00:09:17 +02:00
Miroslav Stampar
b68891050d Better word used 2015-09-25 23:41:47 +02:00
Miroslav Stampar
f16389232f Bug fix for --proxy-file (only first element was fetched in case of fail) 2015-09-25 15:23:42 +02:00
Miroslav Stampar
4774795d8c Fixes #1429 2015-09-25 14:59:21 +02:00
Miroslav Stampar
d28c72b6f1 Another fix for Python 2.6 (bug introduced with ff7be9d0eb) 2015-09-24 16:26:52 +02:00
Miroslav Stampar
74294ae105 Bug fix for --common-tables in case of MsSQL/Sybase (safeSQLIdentificatorNaming already used) 2015-09-22 11:28:56 +02:00
Miroslav Stampar
0e22a0ca5f Minor cosmetics 2015-09-21 16:41:54 +02:00
Miroslav Stampar
81caf14b6d Adding switch --skip-waf 2015-09-21 14:57:44 +02:00
Miroslav Stampar
e81e474646 Minor adjustment 2015-09-21 14:46:34 +02:00
Miroslav Stampar
56f0b811a6 Minor patch 2015-09-21 13:23:56 +02:00
Miroslav Stampar
3fca379f29 Minor patch (avoiding message 'can't establish SSL connection' in --check-tor) 2015-09-21 11:25:59 +02:00
Miroslav Stampar
27707be467 Fixes #1416 2015-09-17 17:09:36 +02:00
Miroslav Stampar
aa2112b360 Update for #1414 2015-09-17 16:18:58 +02:00
Miroslav Stampar
7cfa90830d Merge pull request #1414 from daremon/api-client-2
Added commands stop, kill, list to API client
2015-09-17 15:51:12 +02:00
Miroslav Stampar
65a8f0fe32 Minor enhancement 2015-09-17 15:25:40 +02:00
Miroslav Stampar
2cea977e12 Fixes #1415 2015-09-17 14:58:01 +02:00
daremon
c2fb2161d3 Added flush command 2015-09-16 00:15:16 +03:00
daremon
ff7be9d0eb Fixed list command 2015-09-16 00:01:57 +03:00
Miroslav Stampar
c59ead36ce Patch for Python 2.6 (SyntaxError) 2015-09-15 17:23:59 +02:00
Miroslav Stampar
058870635b Update for an #1414 2015-09-15 14:37:30 +02:00
Miroslav Stampar
ee38574449 Fixes #1411 2015-09-15 13:26:25 +02:00
Miroslav Stampar
5de1825d0c Fixes #1412 2015-09-15 10:48:23 +02:00
daremon
1417decdf1 Added commands stop, kill, list to API client 2015-09-14 17:31:02 +03:00
Miroslav Stampar
f89ce2173f Fixes #1404 2015-09-12 15:13:30 +02:00
Miroslav Stampar
c4f9e66a6f Patch related to the #1403 2015-09-10 16:21:31 +02:00
Miroslav Stampar
c05c0ff435 Minor patch with imports 2015-09-10 15:55:49 +02:00
Miroslav Stampar
f494004f44 Switching to the getSafeExString (where it can be used) 2015-09-10 15:51:33 +02:00
Miroslav Stampar
7a261ef447 Just in case commit related to the aee4c93c8b 2015-09-10 15:19:33 +02:00
Miroslav Stampar
b06a34ab1a Another update for #1402 2015-09-10 15:06:07 +02:00
Miroslav Stampar
2453b02b63 Update for #1402 2015-09-10 15:01:30 +02:00
Miroslav Stampar
b3fdbe24c2 Merge pull request #1402 from daremon/api-client
Minimal API client
2015-09-10 12:03:25 +02:00
Miroslav Stampar
263665637e Minor bug fix 2015-09-10 11:34:03 +02:00
daremon
a29a3a4e5c Minimal API client 2015-09-09 16:14:04 +03:00
Miroslav Stampar
90329a8b01 Minor patch 2015-09-09 11:53:44 +02:00
Miroslav Stampar
b6206692e0 Fixes #1392 2015-09-08 11:53:29 +02:00
Miroslav Stampar
c1f829d131 Removing last remnants of bad handling the exceptions as strings 2015-09-08 11:15:31 +02:00
Miroslav Stampar
e59a220199 Fixes #1393 2015-09-08 11:10:47 +02:00
Miroslav Stampar
924e31c414 Fixes #1394 2015-09-08 11:04:36 +02:00
Miroslav Stampar
28a60f5be2 Fixes #1391 2015-09-06 20:22:07 +02:00
Miroslav Stampar
aee4c93c8b Fixes #1384 2015-09-03 10:32:45 +02:00
Miroslav Stampar
51a4cb04a5 Another minor language patch 2015-09-03 10:26:46 +02:00
Miroslav Stampar
7511023bc2 Fixes #1385 2015-09-03 10:11:36 +02:00
Miroslav Stampar
401564898d Adding support for 'empty' POST body (if forced by --method) 2015-08-31 14:43:41 +02:00
Miroslav Stampar
265a78b455 Fixes #1379 2015-08-31 14:27:47 +02:00
Miroslav Stampar
d70215ad6c Fixes #1237 2015-08-31 10:24:05 +02:00
Miroslav Stampar
d2a9c7584f Minor patch 2015-08-31 09:51:35 +02:00
Miroslav Stampar
50d39d0252 Closes #1372 2015-08-30 23:15:50 +02:00
Miroslav Stampar
89292ce1f9 Closes #1376 2015-08-30 22:52:24 +02:00
Miroslav Stampar
6a01d2e430 Fixes #1366 2015-08-30 02:13:07 +02:00
Miroslav Stampar
737a37bfda Fixes #1367 2015-08-30 01:58:43 +02:00
Miroslav Stampar
06c8704179 Fixes #1365 2015-08-28 15:30:28 +02:00
Miroslav Stampar
43f3900ffe Fixes #1362 2015-08-27 12:25:25 +02:00
Miroslav Stampar
1cf012521d Minor refactoring 2015-08-26 16:18:03 +02:00
Miroslav Stampar
a33b0454cd Implementation for an Issue #1360 2015-08-26 15:26:16 +02:00
Miroslav Stampar
2c2f83f67b Minor code consistency patch 2015-08-26 11:30:48 +02:00
Miroslav Stampar
1f5e6606a7 Fixes #1357 2015-08-25 02:03:56 +02:00
Miroslav Stampar
337eb9861a Fixes #1347 2015-08-23 22:11:59 +02:00
Miroslav Stampar
690347a170 Bug fix (non-ASCII chars in command line caused gibberish in unhandled messages) 2015-08-23 21:48:31 +02:00
Miroslav Stampar
9fb0eb3dd7 Blank removal 2015-08-23 21:41:59 +02:00
Miroslav Stampar
1204141278 Fixes #1350 2015-08-23 21:09:20 +02:00
Miroslav Stampar
fef8f20565 Minor reporting patch 2015-08-23 20:27:14 +02:00
KingX
3ebb3e6f4f fix removeDynamicContent bug
double re.escape() in "findDynamicContent" function and "removeDynamicContent" function leads an bug in finding dynamic content,
2015-08-22 14:05:03 +08:00
Miroslav Stampar
f609158d1b Adding new error message (when short options carry illegal '=') 2015-08-19 21:00:16 +02:00
Miroslav Stampar
383316fcb3 Fixing issues caused by 9ad1d122f4 (better approach) 2015-08-18 22:48:55 +02:00
Miroslav Stampar
8806ce72c1 Patch for an Issue #1341 2015-08-18 22:03:42 +02:00
Miroslav Stampar
54d65328bc Patch for negative logic (e.g. OR) cases (reported privately) 2015-08-18 03:09:01 +02:00
Miroslav Stampar
023def3203 Fixes #1336 2015-08-16 23:47:11 +02:00
Miroslav Stampar
c9d1c4d7b1 Fixes #1337 2015-08-16 23:29:39 +02:00
Miroslav Stampar
713d5384bc Potential patch for an Issue #1337 2015-08-16 23:15:04 +02:00
Miroslav Stampar
310d79b8f1 Adding special variable 'lastPage' to the eval code (by request from ML) 2015-08-14 23:29:31 +02:00
Miroslav Stampar
b010fda695 Switch --save becomes an option (taking file path where to save config file) 2015-08-14 22:49:32 +02:00
flsf
9adefb3ffd Minor change 2015-08-14 16:18:51 +08:00
Miroslav Stampar
2c1cde0f59 Minor fix (reported over ML - ignore saving of conf.saveCmdline) 2015-08-13 17:21:36 +02:00
Miroslav Stampar
8ea8b168b1 Minor cosmetics 2015-08-13 17:10:35 +02:00
Miroslav Stampar
9ad1d122f4 Minor patch (Issue #1327) 2015-08-12 22:09:31 +02:00
Miroslav Stampar
e5863d8b89 Minor patch 2015-08-12 21:43:13 +02:00
Jiang Jie
1ac27e9305 fixed pipe and zoombie problems
1.we don't need stdin here, and it'll cause OSError: too many openfiles problem.
2. after using /scan/taskid/stop , process turned into a zoombie, need add wait()
2015-08-12 16:25:33 +08:00
Miroslav Stampar
62f35698ee Bug fix (ML) - when cookies have blank expiration time 2015-08-06 13:07:16 +02:00
Miroslav Stampar
c5f3c0cc32 Fixes #1324 2015-08-03 17:21:35 +02:00
Miroslav Stampar
e623ee66ad Better approach for #1320 2015-07-30 23:29:31 +02:00
Miroslav Stampar
bcb25823e6 Fixes #1320 2015-07-30 23:19:38 +02:00
Miroslav Stampar
301aca57e6 Fixes #1319 2015-07-29 10:00:15 +02:00
Miroslav Stampar
401905b2dd Minor improvement to UNION file write 2015-07-26 17:02:46 +02:00
Miroslav Stampar
e3553ae893 Missing import 2015-07-26 16:19:44 +02:00
Miroslav Stampar
b0bc3149f9 Fixes #1315 2015-07-26 16:18:41 +02:00
Miroslav Stampar
e7af081447 Minor patch 2015-07-26 16:08:30 +02:00
Miroslav Stampar
314df093f1 Fixes #1314 2015-07-26 16:06:01 +02:00
Miroslav Stampar
b6ea2fdb07 Fixes #1170 2015-07-24 14:56:45 +02:00
Miroslav Stampar
a905b8d8f5 Fixes #1312 2015-07-23 10:07:21 +02:00
Miroslav Stampar
58002c5057 Minor cosmetics 2015-07-23 09:55:59 +02:00
Miroslav Stampar
cece2cb12d Minor cosmetics 2015-07-23 00:42:29 +02:00
Miroslav Stampar
358651b19c Fixes #1313 2015-07-23 00:41:03 +02:00
Miroslav Stampar
75ed5f767c Fixes #1309 2015-07-20 17:03:20 +02:00
Miroslav Stampar
2afb5687f6 Fixes #1307 2015-07-20 15:47:27 +02:00
Miroslav Stampar
21e8182ac6 Fixes #1305 2015-07-18 17:01:34 +02:00
Miroslav Stampar
a7c4400cc9 Fixes #1304 2015-07-17 14:20:51 +02:00
Miroslav Stampar
00f190fc92 Fixes #1303 2015-07-17 10:14:35 +02:00
Miroslav Stampar
49212ec920 Fixes #1302 2015-07-17 09:56:24 +02:00
Miroslav Stampar
1aafe85a3a Fixes #1299 2015-07-15 11:15:06 +02:00
Miroslav Stampar
fdc8e664df Updating --beep functionality (ML request) 2015-07-13 23:55:46 +02:00
Miroslav Stampar
16f8e4c8ba Removing unused imports 2015-07-12 12:25:02 +02:00
Miroslav Stampar
a20da7a677 Patch for automatic reporting (GitHub has robots) 2015-07-12 12:05:19 +02:00
Miroslav Stampar
fa303ef8b1 Minor update 2015-07-10 16:39:18 +02:00
Miroslav Stampar
10f8c6a0b6 Introducing --offline switch (to perform session only lookups) 2015-07-10 16:10:24 +02:00
Miroslav Stampar
9bdbdc136f Minor cosmetics update 2015-07-10 11:33:12 +02:00
Miroslav Stampar
0ba264bfa0 Minor patch 2015-07-10 09:51:11 +02:00
Miroslav Stampar
4baaa4a5ad Minor improvement 2015-07-10 09:24:14 +02:00
Miroslav Stampar
9ff115ce71 Minor patch 2015-07-10 01:33:53 +02:00
Miroslav Stampar
02470ea683 Further decreasing number of testing payloads 2015-07-10 01:19:46 +02:00
Miroslav Stampar
48b627f3ff Prevent double tests (e.g. in same final tests where suffix is cut by the comment) 2015-07-10 00:54:02 +02:00
Miroslav Stampar
ca2f63c672 Test speed up in case of boolean based blind 2015-07-10 00:37:59 +02:00
Miroslav Stampar
3a5cc98976 -Z is/are a pseudo-option (just like -H) expanded during the run 2015-07-07 09:27:18 +02:00
Miroslav Stampar
2080fcaa37 Fixes #1293 2015-07-07 09:24:16 +02:00
Miroslav Stampar
f488377001 Fixes #1293 2015-07-07 08:47:07 +02:00
Miroslav Stampar
6a1b3895f9 Patch for an Issue #1285 2015-07-06 11:50:59 +02:00
Miroslav Stampar
96327b6701 Fixes #1290 2015-07-05 01:47:01 +02:00
Miroslav Stampar
166dc98e81 Minor patch 2015-07-05 00:03:29 +02:00
Miroslav Stampar
1f71d809d4 Fixes #1288 2015-07-03 08:55:33 +02:00
Miroslav Stampar
7b95a2d80d Patch for an Issue #1280 2015-06-29 10:05:16 +02:00
Miroslav Stampar
8b63ee9bc3 Minor update for #1281 2015-06-29 01:12:14 +02:00
Miroslav Stampar
97244f5e5e Fixes #1279 2015-06-29 00:20:35 +02:00
Miroslav Stampar
b212321c07 Fixes #1278 2015-06-26 10:30:53 +02:00
Miroslav Stampar
b02be9674f Fixes #1277 2015-06-26 10:11:34 +02:00
Miroslav Stampar
7d418af274 Fix for a bug reported privately by email 2015-06-22 16:28:35 +02:00
Miroslav Stampar
9e5ef094a3 Closes #1270 2015-06-16 22:20:21 +02:00
Miroslav Stampar
e4b23c9beb Minor fix regarding POST redirects (ML) 2015-06-16 12:00:56 +02:00
Miroslav Stampar
04c1d439a7 Minor patch for #1260 2015-06-05 17:18:21 +02:00
Miroslav Stampar
8d7e915af7 Minor patch for #1260 2015-06-05 17:02:56 +02:00
Miroslav Stampar
ec87d8ebda Adding a support for SNI (Issue #1256) 2015-06-01 10:45:16 +02:00
Miroslav Stampar
341d2a6028 Minor fix for (hidden) switch '--dummy' 2015-05-29 17:30:02 +02:00
Miroslav Stampar
08caca387b Minor patch of automatic WAF heuristic check 2015-05-29 16:01:41 +02:00
Miroslav Stampar
699c965bc0 Fixes #1248 2015-05-19 18:40:45 +02:00
Miroslav Stampar
17bfda1b9c Adding new switch ('--skip-static') 2015-05-18 20:57:15 +02:00
Miroslav Stampar
e8f87bfa41 Minor patches related to the #1206 2015-05-11 11:01:21 +02:00
Miroslav Stampar
91bc02e3ba Fixes related to the #1206 2015-05-11 10:56:10 +02:00
Miroslav Stampar
9010e157e9 Conflict fix 2015-05-11 10:11:33 +02:00
Miroslav Stampar
5b8df7984c Minor update (for Windows-31j charset) 2015-05-09 14:32:55 +02:00
Miroslav Stampar
4b2ff4339a Fixes #1243 2015-05-07 12:36:23 +02:00
Miroslav Stampar
18e62fd507 Fix for an Issue #1240 2015-05-05 14:36:21 +02:00
Miroslav Stampar
84ba3d45c1 Patch for an Issue #1238 2015-05-04 21:47:10 +02:00
Miroslav Stampar
5ee7fd785a Fixes #1235 2015-05-01 00:48:08 +02:00
Miroslav Stampar
03f32ae2b6 Merge of an Issue #1227 2015-04-22 17:21:55 +02:00
Miroslav Stampar
a94dcf94e9 Patch for an Issue #1226đ 2015-04-22 16:41:20 +02:00
Miroslav Stampar
bb98894dc1 Adding option --safe-req 2015-04-22 16:28:54 +02:00
Miroslav Stampar
4ded9a9966 Small patch for existing option validation 2015-04-22 15:32:14 +02:00
Miroslav Stampar
77c96de4ea Minor patch related to the last commit 2015-04-22 10:33:22 +02:00
Miroslav Stampar
95b52a02ec Minor patch for custom injection into HTTP Authorization header 2015-04-22 10:28:16 +02:00
Miroslav Stampar
c5138d4696 Minor refactoring 2015-04-21 00:02:47 +02:00
Miroslav Stampar
349dfbf2ae Adding an option --safe-post 2015-04-20 23:55:59 +02:00
Miroslav Stampar
7517db76d1 Minor fix for SQLite's schema parsing 2015-04-16 18:40:43 +02:00
Miroslav Stampar
dbfa8f1cfc Fix for a bug reported by the user (conf.scheme/conf.hostname/conf.port were None in multiple targets mode) 2015-04-14 11:05:17 +02:00
Miroslav Stampar
0e4800f73c Changing default answer for sitemap checking to N 2015-04-14 09:30:01 +02:00
Miroslav Stampar
1e7f2d6da2 Implements #1215 2015-04-06 22:07:22 +02:00
Miroslav Stampar
c35fa63a48 Fixes #1212 2015-03-30 11:58:09 +02:00
Miroslav Stampar
99c1cc9937 Fixes #1208 2015-03-26 17:17:46 +01:00
Miroslav Stampar
a19bccc84f Fixes #1205 2015-03-26 15:31:29 +01:00
Miroslav Stampar
770cfb6102 Removing test print 2015-03-26 15:20:54 +01:00
Miroslav Stampar
fc0186e029 Minor update 2015-03-26 12:39:44 +01:00
Miroslav Stampar
5dfd3ef1e4 Another update 2015-03-26 12:25:32 +01:00
Miroslav Stampar
3be7a447a5 Update 2015-03-26 12:22:49 +01:00
Miroslav Stampar
7587528ebd Fixes #1202 2015-03-26 11:40:19 +01:00
ricterz
bbfdb02a0e fix mandatorily depend of websocket #1198 2015-03-24 22:25:16 +08:00
ricterz
811f5c11c6 remove Host header field and add cookie support #1198 2015-03-24 18:50:57 +08:00
ricterz
9b5dcbbbb2 modified error handle #1198 2015-03-24 18:21:50 +08:00
ricterz
78dbe080d7 determine whether it's websocket when connect #1198 2015-03-24 17:19:37 +08:00
ricterz
50fd6ce7f7 add websocket support for parse url #1198 2015-03-24 10:30:38 +08:00
Miroslav Stampar
05a496c275 Fixes #1196 2015-03-20 00:56:52 +01:00
Miroslav Stampar
25b23750e8 Bug fix for crawling over non-80 port 2015-03-12 11:49:52 +01:00
Miroslav Stampar
adc8ac267d Fixes #1190 2015-03-10 09:23:26 +01:00
Miroslav Stampar
9bd41ed99d Fixes #1189 2015-03-09 22:02:20 +01:00
Christ van Willegen
80fb2e29cc Fix some spelling errors in help texts (through -> thorough) 2015-03-04 13:31:29 +01:00
Miroslav Stampar
3347fc25ca Fixes #1185 2015-03-03 15:10:06 +01:00
Miroslav Stampar
3f6c3b40dd Minor update (not overriding user given 'Accept-Encoding' header value) 2015-03-03 14:37:36 +01:00
Bernardo Damele
8281fe48e5 bug fix: test for boundaries with high levels if the test was extended 2015-03-01 11:02:05 +00:00
Bernardo Damele
260643241a prioritized fingerprinted DBMS to error-based and user provided one 2015-02-27 14:19:30 +00:00
Bernardo Damele
2f08c8b666 bug fix: do not skil heuristic check if previous page (test for dynamicity) had DBMS message. Code cleanup 2015-02-27 13:57:28 +00:00
Miroslav Stampar
dde400ab8f More suitable version of 6bcc95a (suggested by user) 2015-02-25 10:19:51 +01:00
Miroslav Stampar
6bcc95a20d Restricting evaluated code variable names to Python valid characters ([_0-9a-zA-Z]) 2015-02-24 15:05:44 +01:00
Miroslav Stampar
e35c7fbb7a Fixes #1172 2015-02-22 13:41:54 +01:00
Bernardo Damele
475cc8b24b trivial code cleanup 2015-02-21 13:12:30 +00:00
Bernardo Damele
383929c0c2 if the user forces the DBMS, then sort the tests accordingly to perform first the DBMS-specific tests, then the others 2015-02-21 13:12:03 +00:00
Bernardo Damele
d235ee375b code cleanup 2015-02-21 12:59:44 +00:00
Bernardo Damele
8be24d3e9b minor enhancement, prefer intersect() each time DBMS values are comfronted 2015-02-21 12:59:27 +00:00
Bernardo Damele
388c0dfd77 trivial layout fix 2015-02-21 12:57:49 +00:00
Bernardo Damele
52dd92748a rework some of the logic of the detection phase based on identified DBMS along the way 2015-02-21 02:23:42 +00:00
Bernardo Damele
4f939b5719 avoid false positive message when extensive heuristic check is performed following detection of boolean blind injection detection: do only heuristic DBMS fingerprint for DBMS specific tables 2015-02-20 18:36:34 +00:00
Bernardo Damele
1ecb921ba7 Consistency in enums 2015-02-20 18:31:47 +00:00
Bernardo Damele
214b9360e9 Minor fix to check for inline query payloads regardless of previously identified payloads and code cleanup 2015-02-20 18:30:42 +00:00
Bernardo Damele
79d4d970a5 trivial code cleanup 2015-02-20 15:42:28 +00:00
Bernardo Damele
201b605f9b Minor fix and consistency: do not ask to include all tests if level and risk are at the max settings already 2015-02-20 10:21:44 +00:00
Bernardo Damele
daa8e0d8c5 minor fix 2015-02-18 10:13:28 +00:00
Miroslav Stampar
1636088b75 Minor update 2015-02-16 11:48:53 +01:00
Bernardo Damele
e17d212c23 bug fix introduced with 863d5a6281 2015-02-15 20:07:52 +00:00
Bernardo Damele
32ab52b8ca code refactoring: split boundaries and payloads XML files 2015-02-15 16:31:35 +00:00
Bernardo Damele
863d5a6281 --test-filter now ignores values of --risk and --level 2015-02-15 16:28:37 +00:00
Miroslav Stampar
2e5c11e427 Closes #1163 2015-02-13 10:59:03 +01:00
Miroslav Stampar
247384858e Patch for an Issue #1159 (undo commit with single-quotes problem on windows) 2015-02-04 16:21:21 +01:00
Miroslav Stampar
38011743bb Patch for an Issue #1157 2015-02-04 15:01:19 +01:00
Miroslav Stampar
eecc0b924b Patch for an Issue #1148 2015-02-03 10:06:00 +01:00
Miroslav Stampar
2af2aef43e Minor patch for masking sensitive information (when formation -u=... is used) 2015-02-03 09:48:05 +01:00
Miroslav Stampar
59f0da369d Patch for a bug reported via ML (Accept header ignored in --headers) 2015-02-02 22:07:16 +01:00
Miroslav Stampar
8b135e45bd Patch for an Issue #1147 2015-02-02 22:05:31 +01:00
Miroslav Stampar
bf1c08a8a6 Bug fix 2015-01-30 22:43:40 +01:00
Miroslav Stampar
2e9bf47703 Heuristic check for WAF/IDS/IPS is now prone to tamper functions (Issue #1145) 2015-01-30 22:12:35 +01:00
Miroslav Stampar
9e90e357cf Patch for an Issue #1146 2015-01-30 21:59:03 +01:00
Miroslav Stampar
9563e429d3 Removal of fun code 2015-01-30 21:49:22 +01:00
Miroslav Stampar
9f679a952f Minor update 2015-01-29 10:44:36 +01:00
Miroslav Stampar
024c500d8e Minor fix 2015-01-28 00:54:39 +01:00
Miroslav Stampar
5400bb2c95 Patch for an Issue #1142 2015-01-28 00:52:40 +01:00
Miroslav Stampar
fd632e5ada Update for unhandled exception mechanism (BADA) 2015-01-26 09:09:38 +01:00
Miroslav Stampar
eb548959b3 Minor update 2015-01-26 08:59:10 +01:00
Miroslav Stampar
f0eac38ab4 Minor fix 2015-01-26 08:48:37 +01:00
Miroslav Stampar
32bf2dbe6d Patch for an Issue #1133 2015-01-23 23:00:28 +01:00
Miroslav Stampar
779db7cbc3 Minor enhancement 2015-01-22 09:17:45 +01:00
Miroslav Stampar
b7cfaa6ca5 Minor style update 2015-01-22 08:55:37 +01:00
Miroslav Stampar
2655b078d0 Patch for an Issue #1127 2015-01-22 08:52:15 +01:00
Miroslav Stampar
02b3eb941f Patch for an Issue #1124 2015-01-21 09:26:30 +01:00
Miroslav Stampar
cd743ab098 Minor update 2015-01-21 09:12:12 +01:00
Miroslav Stampar
9f4a32ca2b Automatically checking for sitemap existence in case of --crawl 2015-01-20 10:03:35 +01:00
Miroslav Stampar
a603002acd Adding a choice to automatically turn on --identify-waf if protection has been detected 2015-01-20 09:38:18 +01:00
Miroslav Stampar
a66b0c91bb Patch for an Issue #1120 2015-01-19 09:19:30 +01:00
Miroslav Stampar
393659ffbf Patch for an Issue #1121 2015-01-19 09:17:16 +01:00
Miroslav Stampar
e73ac6c8e3 Minor patch on request of an user 2015-01-17 21:47:57 +01:00
Miroslav Stampar
c2b2ccd2b5 Minor bug fix 2015-01-17 17:31:00 +01:00
Miroslav Stampar
da737d23ed Fixing a leftover for #1117 2015-01-15 17:34:14 +01:00
Miroslav Stampar
20a9d94f56 Patch for an Issue #1117 2015-01-15 17:32:07 +01:00
Miroslav Stampar
1dd2b7aceb Important fix for dumping location of databases/tables with international letters 2015-01-15 14:01:19 +01:00
Miroslav Stampar
ccbe424e23 Patch for an Issue #1115 2015-01-15 12:42:32 +01:00
Miroslav Stampar
54e9a1fb2d Minor style update 2015-01-14 16:11:55 +01:00
Miroslav Stampar
570d30789b Patch for an Issue #1113 2015-01-14 14:20:33 +01:00
nixawk
7388c3bf49 datatype.py 2015-01-14 09:40:24 +00:00
Miroslav Stampar
7e7513aa5e Patch for an Issue #1107 2015-01-14 05:30:08 +01:00
Miroslav Stampar
f9a9ededb1 Patch for an Issue #1106 2015-01-14 05:16:32 +01:00
Miroslav Stampar
06ff8b3a16 Patch for an Issue #1105 2015-01-13 10:33:51 +01:00
Miroslav Stampar
8e03f4db0f Patch for an Issue #1062 2015-01-09 15:33:53 +01:00
Miroslav Stampar
f96f33a984 Fix for an Issue #1100 2015-01-08 22:15:04 +01:00
Miroslav Stampar
7bcb3ce599 Patch for an Issue #1099 2015-01-08 09:22:47 +01:00
Miroslav Stampar
0c4d63fb00 Bug fix (reported by user over ML) 2015-01-08 09:00:21 +01:00
Miroslav Stampar
c8d4df6eba Adding names to parameters in structured POST requests (e.g. JSON) 2015-01-07 22:09:40 +01:00
Miroslav Stampar
49982bce9c Trivial update 2015-01-07 16:03:37 +01:00
Miroslav Stampar
450b3c93cb Potential patch for an Issue #1093 2015-01-07 11:40:11 +01:00
Miroslav Stampar
30b9f3d556 Minor update 2015-01-07 10:53:57 +01:00
Miroslav Stampar
47af7dfe6a Another minor patch 2015-01-07 10:49:15 +01:00
Miroslav Stampar
83add9fd9b Minor patch 2015-01-07 10:46:06 +01:00
Miroslav Stampar
c4c4ac13fe Better patch for an Issue #1095 2015-01-07 09:21:02 +01:00
Miroslav Stampar
2030311d50 Patch for an Issue #1095 2015-01-07 02:04:10 +01:00
Miroslav Stampar
5920d16cf6 Adding a warning message for deprecated switch '--check-waf+ 2015-01-06 15:25:24 +01:00
Miroslav Stampar
45bdefd29b Update of copyright 2015-01-06 15:02:16 +01:00
Miroslav Stampar
3d5ca1b25a Minor update 2015-01-06 14:36:51 +01:00
Miroslav Stampar
6fc41ca940 Heuristically checking for WAF/IDS/IPS by default 2015-01-06 14:01:47 +01:00
Miroslav Stampar
c474c16b4a Removing ML email address 2015-01-06 12:30:49 +01:00
Miroslav Stampar
7b144f03ea Fix for an Issue #1092 2015-01-05 01:31:06 +01:00
Miroslav Stampar
beffe85d6c Patch for an Issue #1085 2015-01-03 22:30:21 +01:00
Miroslav Stampar
f042a7392d Patch for an Issue #1083 2014-12-31 17:10:45 +01:00
Miroslav Stampar
2985050fce Minor patch 2014-12-30 16:07:08 +00:00
Miroslav Stampar
33508e3bae Patch for an Issue #1077 2014-12-30 16:11:33 +01:00
Miroslav Stampar
41c2f889b2 Fix related to the SSLv3 disabling 2014-12-30 15:44:55 +01:00
Miroslav Stampar
d3c6cf1932 Patch for an Issue #1079 2014-12-30 14:14:47 +00:00
Miroslav Stampar
4f602daa5b Minor patch 2014-12-30 09:35:56 +00:00
Miroslav Stampar
e383df8e29 Patch for an Issue #1073 2014-12-30 09:16:50 +00:00
Miroslav Stampar
02d20ccd13 Patch for an Issue #1078 2014-12-30 08:48:50 +00:00
Miroslav Stampar
1e014de6be Patch for an Issue #1066 2014-12-26 22:24:28 +01:00
Miroslav Stampar
bc91884c4d Fix for an Issue #1065 2014-12-25 23:05:34 +01:00
Miroslav Stampar
45886cb9ca Patch for an Issue #1060 2014-12-23 22:04:23 +01:00
Miroslav Stampar
483158c371 Minor style update 2014-12-23 09:07:33 +01:00
Miroslav Stampar
3c23d616e7 Adding a more user friendly (copy-pastable) client example for sqlmapapi client 2014-12-23 09:01:29 +01:00
Miroslav Stampar
59a3407322 Patch for an Issue #1057 2014-12-23 08:36:00 +01:00
Miroslav Stampar
f93bca4564 Patch for an Issue #1058 2014-12-23 08:23:40 +01:00
Miroslav Stampar
fc7dd2a9b9 Patch for an Issue #1056 2014-12-22 06:02:39 +01:00
Miroslav Stampar
76f79ece13 run like --threads=20! will skip the maximum number of threads check 2014-12-21 05:15:42 +01:00
Miroslav Stampar
4f122ee008 Bug fix regarding a problem reported by user @blink2014 2014-12-20 00:23:31 +01:00
Miroslav Stampar
6cb76bcf85 Adding one new smart ass warning message 2014-12-19 15:48:54 +01:00
Miroslav Stampar
1ea2f5bfe2 Patch for an Issue #1052 2014-12-19 09:37:06 +01:00
Miroslav Stampar
cf3b02ee04 Proper fix for #1053 2014-12-19 09:26:01 +01:00
Miroslav Stampar
6972020faf Bug fix for login-like SQLi (OR with 500 result) 2014-12-18 15:58:19 +01:00
Miroslav Stampar
0cb7852754 Patch for an Issue #1046 2014-12-17 10:02:36 +01:00
Miroslav Stampar
180ede0cb3 Minor patch 2014-12-15 14:07:28 +01:00
Miroslav Stampar
9d06b71862 Minor revert 2014-12-15 13:51:00 +01:00
Miroslav Stampar
e6de92ce88 Minor patch (unicode related) 2014-12-15 13:36:08 +01:00
Miroslav Stampar
35c8e016a8 Minor patch 2014-12-15 13:26:15 +01:00
Miroslav Stampar
3f3a873b10 Merge pull request #1037 from flsf/master
fix comments error
2014-12-15 13:23:39 +01:00
flsf
21837f236f fix comments error 2014-12-15 20:07:38 +08:00
Miroslav Stampar
4c6331daa6 Patch for an Issue #1028 2014-12-15 09:30:54 +01:00
Miroslav Stampar
e794c7f246 Patch for an Issue #1027 2014-12-15 09:13:13 +01:00
Miroslav Stampar
eb15a19532 Patch for an Issue #1032 2014-12-15 09:11:40 +01:00
Miroslav Stampar
ecbba4ea20 Patch for an Issue #1030 2014-12-15 07:18:47 +01:00
Miroslav Stampar
e17e703e3e Minor bug fix (for Windows nagging message about Unicode data) 2014-12-14 00:17:43 +01:00
Miroslav Stampar
fb645b90f7 Minor update 2014-12-14 00:14:18 +01:00
Miroslav Stampar
5166675ff5 Patch for an Issue #1024 2014-12-13 23:32:18 +01:00
Miroslav Stampar
9c225557d1 Patch for an Issue #1020 2014-12-13 14:08:37 +01:00
Miroslav Stampar
25196b4572 Patch for an Issue #1021 2014-12-13 13:48:50 +01:00
Miroslav Stampar
84ba5f35ac Minor update for #1022 2014-12-13 13:41:39 +01:00
Miroslav Stampar
fe58aff26c Patch for an Issue #1019 2014-12-13 00:08:18 +01:00
Miroslav Stampar
650dfe9526 Patch for an Issue #1018 2014-12-12 14:54:47 +01:00
Miroslav Stampar
23d33bb5b5 Patch for an Issue #1017 2014-12-12 09:58:42 +01:00
Miroslav Stampar
bb4ac41ff7 Patch for an Issue #1016 2014-12-12 04:40:44 +01:00
Miroslav Stampar
785e3d0317 Patch for an Issue #1014 2014-12-11 13:29:42 +01:00
Miroslav Stampar
1e06e7c386 Adding a debug message during name resolution 2014-12-11 13:29:26 +01:00
Miroslav Stampar
6f211f9d3e Patch for an Issue #1013 2014-12-11 00:35:51 +01:00
Miroslav Stampar
6d13b67822 Patch for an Issue #1012 2014-12-11 00:32:26 +01:00
Miroslav Stampar
2bcaae3a0b Another just in case update for an Issue #1011 2014-12-11 00:14:35 +01:00
Miroslav Stampar
763f720675 Patch for an Issue #1011 2014-12-11 00:11:52 +01:00
Miroslav Stampar
10ed97b0df Patch for an Issue #1010 2014-12-10 13:50:29 +01:00
Miroslav Stampar
ee20d98bca Minor fix for --forms 2014-12-10 12:13:37 +01:00
Miroslav Stampar
d700e50b36 Minor update related to the Issue #993 2014-12-10 06:37:17 +01:00
Miroslav Stampar
a7b21a2f62 Rerun advice update 2014-12-09 09:02:06 +01:00
Miroslav Stampar
20c272b77d More generic patch for an Issue #994 2014-12-07 16:14:48 +01:00
Miroslav Stampar
4e7f835eae Patch for an Issue #994 2014-12-07 16:11:07 +01:00
Miroslav Stampar
0d931a7b09 Fix for an Issue #999 2014-12-07 15:55:22 +01:00
Miroslav Stampar
bd99470a4a Minor update to cleanup properly new xp_cmdshell 2014-12-05 22:01:59 +01:00
Miroslav Stampar
d726050bc4 Patch for an Issue #991 2014-12-05 11:46:03 +01:00
Miroslav Stampar
034fae0f47 Patch for an Issue #992 2014-12-05 11:24:43 +01:00
Miroslav Stampar
7673f3e045 Minor style update 2014-12-05 11:15:33 +01:00
Miroslav Stampar
56965e3608 Patch for an Issue #990 2014-12-04 13:36:41 +01:00
Miroslav Stampar
9b32e69f26 Adding new WAF script (UrlScan) 2014-12-04 10:06:15 +01:00
Miroslav Stampar
a3507d65fd Minor update 2014-12-04 09:34:37 +01:00
Miroslav Stampar
d3060f20d7 Minor improvement 2014-12-03 13:22:55 +01:00
Miroslav Stampar
aa95a05477 Minor update 2014-12-03 13:14:06 +01:00
Miroslav Stampar
17db587e2c Adding some friendly warning messages (regarding blocking) 2014-12-03 10:06:21 +01:00
Miroslav Stampar
e4b00bdbcb Patch for an Issue #983 2014-12-02 10:57:50 +01:00
Miroslav Stampar
2358e34bb8 Minor refactoring 2014-12-02 10:50:15 +01:00
Miroslav Stampar
e03aaa7542 Patch for an Issue #982 2014-12-02 10:23:10 +01:00
Miroslav Stampar
7a04595f5e Added a reference url (http charset priority) 2014-12-01 11:15:45 +01:00
Miroslav Stampar
f71a65a9a0 Patch for an Issue #979 2014-12-01 00:29:25 +01:00
Miroslav Stampar
56b6bf72f4 Patch for an Issue #978 2014-11-29 23:33:24 +01:00
Miroslav Stampar
605b126758 Patch for an Issue #976 2014-11-26 13:38:21 +01:00
Miroslav Stampar
8cd40f8917 Patch for an Issue #971 2014-11-25 13:54:26 +01:00
Miroslav Stampar
a0d95a8ec4 Refactoring of #952 2014-11-24 12:56:39 +01:00
Miroslav Stampar
27cd9e7064 Merge pull request #952 from Rexikon/patch-1
Update httpshandler.py, AttributeError PROTOCOL_SSLv3
2014-11-24 12:52:27 +01:00
Miroslav Stampar
816348f1ab Patch for an Issue #963 2014-11-24 11:54:04 +01:00
Miroslav Stampar
05f7b1f121 Patch for an Issue #970 2014-11-24 10:55:19 +01:00
Miroslav Stampar
2f744139fc Patch for an Issue #968 2014-11-24 10:13:56 +01:00
Miroslav Stampar
2284535267 Update for an Issue #963 2014-11-24 05:44:38 +01:00
Miroslav Stampar
69cdad4148 Patch for an Issue #958 2014-11-23 15:55:12 +01:00
Miroslav Stampar
28d6af6237 Minor update 2014-11-23 15:42:41 +01:00
Miroslav Stampar
f853f8973f Minor refactorign 2014-11-23 15:41:24 +01:00
Miroslav Stampar
080a873922 Patch for an Issue #964 2014-11-23 15:39:08 +01:00
Miroslav Stampar
5c182a0ec4 Update for an Issue #431 2014-11-21 11:33:57 +01:00
Miroslav Stampar
f0802c6fb9 Update for an Issue #431 2014-11-21 11:20:54 +01:00
Miroslav Stampar
1fc4d0e3c4 Update for an Issue #431 2014-11-21 10:31:55 +01:00
Miroslav Stampar
cf2d5fd453 Update for an Issue #431 2014-11-21 09:41:49 +01:00
Miroslav Stampar
34ce774acd Patch for an Issue #956 2014-11-21 09:41:49 +01:00
Miroslav Stampar
1a8b58fca6 Minor update 2014-11-20 16:42:06 +01:00
Miroslav Stampar
f8a8cbf9a6 Storing crawling results to a temporary file (for eventual further processing) 2014-11-20 16:29:17 +01:00
Miroslav Stampar
d3551631c4 Minor update 2014-11-20 16:10:25 +01:00
Miroslav Stampar
484fa61afc Patch for an Issue #954 2014-11-20 15:08:08 +01:00
Miroslav Stampar
ee8b3ee664 Patch for an Issue #953 2014-11-20 09:49:04 +01:00
Rexikon
4da20679ee Update httpshandler.py
ssl.PROTOCOL_SSLv3 removed
affecting error: AttributeError: 'module' object has no attribute 'PROTOCOL_SSLv3'
2014-11-19 16:36:30 +01:00
Miroslav Stampar
05d5342f20 Update and patch for an Issue #2 2014-11-17 11:50:05 +01:00
Miroslav Stampar
733e06e31f Patch for an Issue #944 2014-11-16 14:25:44 +01:00
Miroslav Stampar
bb56eb583a Minor update 2014-11-16 13:34:35 +01:00
Miroslav Stampar
d8d9678947 Patch for an Issue #935 2014-11-14 00:21:04 +01:00
Miroslav Stampar
74eacf95fd Patch for an Issue #929 2014-11-13 10:52:33 +01:00
Miroslav Stampar
671facc6d9 Patch for an Issue #930 2014-11-13 10:28:38 +01:00
Miroslav Stampar
d0afa7f325 Bug fix for not displaying proper version in unhandled exception win cases 2014-11-12 11:53:42 +01:00
Miroslav Stampar
06e6d2aaeb Patch for an Issue #921 2014-11-11 11:38:14 +01:00
Miroslav Stampar
c5df45a14f Minor bug fix (skipping HTML decoding in heuristic mode) 2014-11-11 11:23:14 +01:00
Miroslav Stampar
dfa8e0456d Potential patch for an Issue #914 2014-11-10 14:51:31 +01:00
Miroslav Stampar
cdbfb17408 Patch for an Issue #919 2014-11-10 13:41:53 +01:00
Miroslav Stampar
06bb957d13 Preventing a run of duplicate issues 2014-11-09 22:07:11 +01:00
Miroslav Stampar
de1cf26fe6 Minor patch 2014-11-09 18:58:25 +01:00
Miroslav Stampar
80af465ce3 Fix for an Issue #911 2014-11-09 18:40:49 +01:00
Miroslav Stampar
9fe6ab749b Bug fix for occureance of ANSI color codes in multiprocessing hash cracking on Windows OS 2014-11-09 15:08:44 +01:00
Miroslav Stampar
62a73bf30b Minor fix for automatic removal of temporary files 2014-11-09 14:52:50 +01:00
Miroslav Stampar
5e9c73f9c1 Just in case update (for unhandled exceptions happening too soon) 2014-11-08 21:44:46 +01:00
Miroslav Stampar
3b06665c9f Patch for an Issue #910 2014-11-08 21:22:03 +01:00
Miroslav Stampar
8fdf9ff746 Probable fix for an Issue #908 2014-11-07 15:47:42 +01:00
Miroslav Stampar
31f8d6e612 Fix for an Issue #904 2014-11-06 11:19:05 +01:00
Miroslav Stampar
a91fb4149b Minor update (using lower frequency alphabet for kb.chars) 2014-11-05 10:56:30 +01:00
Miroslav Stampar
a074efe75e Minor improvement of error-based SQLi when trimmed output is detected (trying to reconstruct) 2014-11-05 10:46:11 +01:00
Miroslav Stampar
71c43be53a Patch for an Issue #901 2014-11-05 10:03:19 +01:00
Miroslav Stampar
78cc3853b6 Fix for an Issue #902 2014-11-05 09:56:50 +01:00
Miroslav Stampar
97cc679f9c Fix for an Issue #900 2014-11-04 15:15:58 +01:00
Miroslav Stampar
4d5b48b2ae Patch for an Issue #896 2014-11-04 00:34:35 +01:00
Miroslav Stampar
6f45596f28 Minor style update 2014-11-03 23:48:44 +01:00
Miroslav Stampar
05b446b95d Patch for an Issue #893 2014-11-02 23:38:52 +01:00
Miroslav Stampar
9652e41226 Path for an Issue #891 2014-11-02 23:32:19 +01:00
Miroslav Stampar
1ef2c4006d Patch for an Issue #892 2014-11-02 11:01:46 +01:00
Miroslav Stampar
a4d058d70c More anonymization of unhanded exception data 2014-11-02 10:55:38 +01:00
Miroslav Stampar
baf9ada28d Fix for an Issue #889 2014-11-01 17:13:33 +01:00
Miroslav Stampar
4e0e64d06b Bug fix for DNS Exfiltration in PgSQL case ('invalid URI') 2014-10-31 20:28:37 +01:00
Miroslav Stampar
49d3860b1f Minor fix 2014-10-31 20:22:15 +01:00
Miroslav Stampar
ab269f315f Fix for an Issue #886 2014-10-31 18:58:30 +01:00
Miroslav Stampar
c33e493e0d Fix for an Issue #885 2014-10-31 17:06:09 +01:00
Miroslav Stampar
38978c3e54 Fix for an Issue #884 2014-10-31 16:45:26 +01:00
Miroslav Stampar
0feb379b47 Fix for an Issue #887 2014-10-31 16:39:29 +01:00
Miroslav Stampar
5b0d74146e Fix for an Issue #883 2014-10-31 01:01:35 +01:00
Miroslav Stampar
8ea22c5124 Fix for an Issue #878 2014-10-28 15:34:53 +01:00
Miroslav Stampar
455ea9922c Minor update 2014-10-28 15:26:28 +01:00
Miroslav Stampar
258a700b2e More anonymization of unhandled exception messages 2014-10-28 15:14:41 +01:00
Miroslav Stampar
df73be32f1 Fix for an Issue #876 2014-10-28 14:41:21 +01:00
Miroslav Stampar
725c3a6a95 Minor update 2014-10-28 14:08:06 +01:00
Miroslav Stampar
3b3b8d4ef2 Potential bug fix (escaping formatted regular expressions) 2014-10-28 14:02:55 +01:00
Miroslav Stampar
268e774087 Minor refactoring 2014-10-28 13:44:55 +01:00
Miroslav Stampar
f89e94fb8c Minor refactoring 2014-10-28 13:42:13 +01:00
Miroslav Stampar
e08c8f272a Fix for an Issue #875 2014-10-28 13:10:07 +01:00
Miroslav Stampar
19aed90ae5 Implementation for an Issue #874 2014-10-27 00:37:46 +01:00
Miroslav Stampar
6448d3caf4 Implementing support for csrfcookie (Issue #2) 2014-10-24 09:37:51 +02:00
Miroslav Stampar
5e31229d48 Minor cosmetic update 2014-10-23 15:18:22 +02:00
Miroslav Stampar
abbd352392 Support for X-CSRF-TOKEN header (Issue #2) 2014-10-23 14:33:22 +02:00
Miroslav Stampar
95f2e61ca1 Minor fix related to the Issue #2 2014-10-23 14:23:01 +02:00
Miroslav Stampar
01f4b76817 Minor update for the Issue #2 2014-10-23 14:03:44 +02:00
Miroslav Stampar
7143e61619 Minor update 2014-10-23 14:00:53 +02:00
Miroslav Stampar
32bcca0aae Basic options check for Issue #2 2014-10-23 11:54:29 +02:00
Miroslav Stampar
7fc9e82d28 Minor style update 2014-10-23 11:44:38 +02:00
Miroslav Stampar
780dbd1c64 Update for an Issue #2 2014-10-23 11:42:30 +02:00
Miroslav Stampar
a52c8811e6 Minor style update 2014-10-23 11:25:44 +02:00
Miroslav Stampar
fc1b05bec9 Implementation for an Issue #2 2014-10-23 11:23:53 +02:00
Miroslav Stampar
8dcad46805 Update basic.py 2014-10-22 23:16:46 +02:00
Miroslav Stampar
73a3db67eb Fix for an Issue #862 2014-10-22 14:54:49 +02:00
Miroslav Stampar
60f2764c3d Minor style update 2014-10-22 13:53:18 +02:00
Miroslav Stampar
34aed7cde0 Bug fix (now it's possible to use multiple parsed requests without mixing associated headers) 2014-10-22 13:49:29 +02:00
Miroslav Stampar
2f18df345e Minor patch 2014-10-22 13:41:36 +02:00
Miroslav Stampar
268095495e Minor patch 2014-10-22 13:32:49 +02:00
Miroslav Stampar
e239fefe67 Minor patch for JSON requests 2014-10-22 10:38:49 +02:00
Miroslav Stampar
a2f578dbf4 Patch to also include JSON array elements into automatic recognition 2014-10-22 10:28:10 +02:00
Miroslav Stampar
3ebc5faa34 Falling back to partial UNION if large dump connects out 2014-10-21 09:23:34 +02:00
Miroslav Stampar
006d9d1859 Bug fix for a problem reported by a user via ML (--os-shell) 2014-10-13 12:00:34 +02:00
Miroslav Stampar
fb65caabd2 Unhidding switch --ignore-401 2014-10-13 09:19:25 +02:00
Miroslav Stampar
4e3a4eb0ff Added a prompt for choosing a number of threads when in crawling mode 2014-10-10 12:09:08 +02:00
Miroslav Stampar
2aadfc0fd3 Fix for an Issue #851 2014-10-10 10:38:17 +02:00
Miroslav Stampar
d4610890ca Minor patch (flushing log file output at the end of program run) 2014-10-10 10:07:17 +02:00
Miroslav Stampar
7811a958ae Another minor patch for Issue #846 2014-10-09 15:42:44 +02:00
Miroslav Stampar
f94ac8c69d Second patch related to the Issue #846 2014-10-09 15:21:26 +02:00
Miroslav Stampar
c823c58d47 One patch related to the Issue #846 2014-10-09 14:39:54 +02:00
Miroslav Stampar
70215a95a1 Patch for an Issue #847 2014-10-07 13:02:47 +02:00
Miroslav Stampar
c6a8feea8a Fix for an Issue #831 2014-10-07 12:00:11 +02:00
Miroslav Stampar
2ab4558859 Potential fix for an Issue #846 2014-10-07 11:49:53 +02:00
Miroslav Stampar
ddfec1c668 Initial patch for an Issue #846 2014-10-07 11:34:47 +02:00
Miroslav Stampar
2de12ef4a2 Potential fix for an Issue #843 2014-10-05 00:20:42 +02:00
Miroslav Stampar
fdef53aa67 Minor update of unhandled exception message 2014-10-01 14:23:45 +02:00
Miroslav Stampar
a2b059123a Minor update of format exception strings 2014-10-01 14:12:30 +02:00
Miroslav Stampar
e81168af0f Minor adjustment 2014-10-01 13:59:51 +02:00
Miroslav Stampar
f67a38dba9 Minor adjustment 2014-10-01 13:42:10 +02:00
Miroslav Stampar
a9454fbb43 Minor commit related to the last one (bypassing DBMS error trimming problem) 2014-10-01 13:35:20 +02:00
Miroslav Stampar
8c9014c39f Adding a dummy (auxiliary) XSS check 2014-10-01 13:31:48 +02:00
Miroslav Stampar
4d23744430 Bug fix (there was a problem using --tamper=varnish with --identify-waf because of same named modules) 2014-09-30 09:58:02 +02:00
Miroslav Stampar
ff42720c62 Minor fix 2014-09-29 14:07:59 +02:00
Miroslav Stampar
1e636fb925 Minor patch regarding Issue #840 2014-09-28 13:38:09 +02:00
Miroslav Stampar
767c278a0f Fix for an Issue #838 2014-09-26 17:00:50 +02:00
Miroslav Stampar
00fc842c6f Update agent.py 2014-09-20 10:20:57 +02:00
Miroslav Stampar
69701ba08c Minor refactoring 2014-09-17 18:29:01 +02:00
Miroslav Stampar
09064a4a24 Minor just in case patch 2014-09-17 18:25:24 +02:00
Miroslav Stampar
bbc6dd9ac8 Minor fix 2014-09-17 10:28:18 +02:00
Miroslav Stampar
6888d2fc34 Minor cosmetic update 2014-09-16 16:32:54 +02:00
Miroslav Stampar
0e8090381c Minor cosmetic update 2014-09-16 16:21:29 +02:00
Miroslav Stampar
c5294f2cbb Minor patch for an Issue #832 2014-09-16 16:18:13 +02:00
Miroslav Stampar
5b0732e9f9 Minor update for Issue #832 2014-09-16 15:17:50 +02:00
Miroslav Stampar
7278af01ee Implementation for an Issue #832 2014-09-16 14:12:43 +02:00
Miroslav Stampar
57eb19377e Minor code refactoring 2014-09-16 09:07:31 +02:00
Miroslav Stampar
45f5548113 Minor update regarding shell history file 2014-09-16 08:58:25 +02:00
Miroslav Stampar
637d3cbaf7 Fix for cases when parameter name is urlencoded 2014-09-12 13:29:30 +02:00
Miroslav Stampar
bfc8ab0e35 Language update 2014-09-08 14:48:31 +02:00
Miroslav Stampar
53d0d5bf8b Minor update (adding a warning message about potential dropping of requests because of protection mechanisms involved) 2014-09-08 14:33:13 +02:00
Miroslav Stampar
055b759145 Minor update 2014-09-03 23:13:57 +02:00
Miroslav Stampar
bbf0be1f8d Bug fix (Issue #813) 2014-09-03 22:09:12 +02:00
Miroslav Stampar
112a0cb1ae Patch for output directory (using unicode for international support) 2014-09-03 21:49:30 +02:00
Miroslav Stampar
7e40890f32 Patch for an Issue #815 2014-09-01 16:16:12 +02:00
Miroslav Stampar
25c6fca20e Minor fix 2014-09-01 15:48:00 +02:00
Miroslav Stampar
d5d01e91ad Warning message 2014-08-30 22:15:14 +02:00
Miroslav Stampar
20ff402103 Minor patch 2014-08-30 22:04:55 +02:00
Miroslav Stampar
dc2ee8bfa0 Minor update 2014-08-30 21:53:09 +02:00
Miroslav Stampar
177fc0376d Minor fix for HSQLDB 2014-08-30 21:37:38 +02:00
Miroslav Stampar
1a9a331422 Bug fix (proper extending of tests when dbms is known) 2014-08-30 21:34:23 +02:00
Miroslav Stampar
e501b2a80b Minor patch 2014-08-30 20:58:59 +02:00
Miroslav Stampar
03c8e7b7a2 Patch for an Issue #810 2014-08-30 17:13:02 +02:00
Miroslav Stampar
77cb35dcf6 Fix for an Issue #804 2014-08-28 14:26:55 +02:00
Miroslav Stampar
9476359255 Bug fix 2014-08-28 12:50:39 +02:00
Miroslav Stampar
834f8e18c8 Minor patch for an Issue #802 2014-08-28 00:45:57 +02:00
Miroslav Stampar
b77d8d617b Minor patch for an Issue #800 2014-08-28 00:31:49 +02:00
Miroslav Stampar
7595f2b73e Minor fix 2014-08-28 00:13:27 +02:00
Miroslav Stampar
fce671c899 Patch for an Issue #801 2014-08-28 00:00:16 +02:00
Miroslav Stampar
fd36250026 Proper fix for an Issue #757 2014-08-26 23:36:04 +02:00
Miroslav Stampar
2a268199d4 Patch for an Issue #798 2014-08-26 23:11:44 +02:00
Miroslav Stampar
e68326c0fe expandAsteriskForColumns changes value of conf.db and conf.tbl potentially causing problems in further work 2014-08-26 22:57:08 +02:00
Miroslav Stampar
decd092b2a Minor patch 2014-08-26 22:40:50 +02:00
Miroslav Stampar
2be0ebd883 Minor fix (e.g. Oracle identifier names can contain character $) 2014-08-26 22:40:15 +02:00
Miroslav Stampar
dcaad75a1e Fix for an Issue #794 2014-08-22 15:08:05 +02:00
Miroslav Stampar
d74b803306 Minor patch 2014-08-22 14:45:23 +02:00
Miroslav Stampar
e0a8b89069 Minor patch when trailing space is used with comma to split option items (e.g. '-C id, name') 2014-08-22 14:19:53 +02:00
Miroslav Stampar
e3a0f25db0 Patch for an Issue #795 2014-08-22 14:11:23 +02:00
Miroslav Stampar
2ce3ccac46 Patch for an Issue #797 (switching to greedy because of performance; it shouldn't be a problem because it was a single line replacement in the first place) 2014-08-22 13:06:53 +02:00
Miroslav Stampar
77513e1de9 Minor style update 2014-08-21 01:19:10 +02:00
Miroslav Stampar
c5b71cff10 Some filtering 2014-08-21 01:12:44 +02:00
Miroslav Stampar
3cfdb5ff0f Removing / from auto directories (it doesn't make sense to auto-test for uploading to /) 2014-08-21 00:43:37 +02:00
Miroslav Stampar
acb3b1d1fe Bug fix for common table/column existence check 2014-08-21 00:12:19 +02:00
Miroslav Stampar
074b57804e Minor style update 2014-08-21 00:03:46 +02:00
Miroslav Stampar
58d93ffb2b Fix for falling back to partial union (excluding scalar queries) 2014-08-20 23:53:15 +02:00
Miroslav Stampar
90882f081d Language update 2014-08-20 23:47:57 +02:00
Miroslav Stampar
0296081692 Minor refactoring 2014-08-20 23:42:40 +02:00
Miroslav Stampar
f51ea20bbd Minor style update 2014-08-20 22:50:00 +02:00
Miroslav Stampar
5d10bae31f Removing trailing blank lines 2014-08-20 21:07:19 +02:00
Miroslav Stampar
e0216771ed Minor update 2014-08-20 15:23:07 +02:00
Miroslav Stampar
c97782cfed Minor update of banner 2014-08-20 15:10:21 +02:00
Miroslav Stampar
07f881e711 Minor fix 2014-08-20 14:02:04 +02:00
Miroslav Stampar
b4fbb9cafe Minor upgrade 2014-08-20 13:52:48 +02:00
Miroslav Stampar
7828f61642 Minor style update 2014-08-20 13:35:41 +02:00
Miroslav Stampar
dfa426fbb5 Minor style update 2014-08-20 13:32:32 +02:00
Miroslav Stampar
6795b51c7e Another minor update 2014-08-20 01:59:30 +02:00
Miroslav Stampar
d08c1b7c04 Minor update 2014-08-20 01:45:42 +02:00
Miroslav Stampar
6caccc3d93 Bug fix for ultra-slow processing of binary data 2014-08-20 01:38:01 +02:00
Miroslav Stampar
ebc964267f Better reporting on filtered-chars cases 2014-08-20 01:11:26 +02:00
Miroslav Stampar
c12e51173a Minor style update 2014-08-20 00:28:33 +02:00
Miroslav Stampar
5a05271097 Minor fix 2014-08-19 22:34:07 +02:00
Miroslav Stampar
b0465a6a76 Adding a revision scheme for nongit checkouts 2014-08-19 22:32:16 +02:00
Miroslav Stampar
cd92de1702 Adding colorful banner 2014-08-19 22:19:22 +02:00
Miroslav Stampar
7d578d395f Minor update for Apache on Windows 2014-08-16 16:01:18 +02:00
Miroslav Stampar
a8b4b96cd9 Extending list for brute forcing doc root 2014-08-16 15:16:03 +02:00
Miroslav Stampar
0fb576724e Implementation for cases when there are multiple copies/variations of the same result(s) in response for partial UNION SQLi 2014-08-13 22:50:42 +02:00
Miroslav Stampar
0809a61fc3 Bug fix (whole page output as a result of partial union runs) 2014-08-13 15:18:11 +02:00
Miroslav Stampar
0a74ae736f Probable fix for an Issue #788 2014-08-13 14:01:57 +02:00
Miroslav Stampar
658110e644 Minor fix 2014-08-11 12:46:37 +02:00
hydhyd
e7ffe92d8c Update settings.py
Modified BRUTE_DOC_PREFIXES to include "/srv/www" used by default in OpenSUSE.
2014-08-06 12:59:18 +04:00
Miroslav Stampar
8599005115 Implementation for an Issue #771 2014-08-01 14:19:32 +02:00
Miroslav Stampar
208d51e0e9 Revert of last trigger happy commit 2014-08-01 13:57:43 +02:00
Miroslav Stampar
d300f99b0b Removing a redundant code (similar check is being done upper in code) 2014-08-01 13:57:07 +02:00
Miroslav Stampar
8bc6154f06 Removing a redundant code (similar check is being done upper in code) 2014-08-01 13:53:22 +02:00
Miroslav Stampar
b31e141012 Fix for an Issue #772 2014-07-29 14:37:48 +02:00
Miroslav Stampar
20d75cc52e Patch for an Issue #767 2014-07-29 13:32:26 +02:00
Miroslav Stampar
9fff88d6e4 Minor update 2014-07-19 23:23:55 +02:00
Miroslav Stampar
3cfa63646b Minor bug fix 2014-07-19 23:17:23 +02:00
Miroslav Stampar
0eb5fb1e5a Update for an Issue #757 2014-07-19 23:02:14 +02:00
Miroslav Stampar
cd1c100cc0 Another patch for an Issue #757 2014-07-14 21:10:45 +02:00
Miroslav Stampar
e66a81ab4e Fix for an Issue #757 2014-07-11 16:24:57 +02:00
Miroslav Stampar
32af0b17b0 Update for an Issue #760 2014-07-10 08:49:20 +02:00
Miroslav Stampar
33b6d189cd Bug fix for some cases (in cases of working where=ORIGINAL, workflow switched to where=NEGATIVE because of false assumptions that it would be better than ORIGINAL; this kind of behaviour caused reported problems) 2014-07-07 22:22:56 +02:00
Miroslav Stampar
79a66ef22c Minor patch 2014-07-06 09:09:44 +02:00
Miroslav Stampar
b5838ae7a4 Adding missing module (Issue #674 and Issue #747) 2014-07-03 00:29:20 +02:00
Miroslav Stampar
9d571c7800 Minor language update 2014-07-02 22:31:18 +02:00
Miroslav Stampar
e6d0d5a1c7 Implementation for an Issue #674 2014-07-02 22:27:51 +02:00
Miroslav Stampar
1eecabaea8 Patch for an Issue #746 2014-07-02 10:11:31 +02:00
Bernardo Damele
4e909a2a05 code cleanup 2014-07-01 00:58:49 +01:00
Bernardo Damele
018748f52e increase the timeout for the Metasploit session initialization to 5 minutes, better on slow speed connections 2014-07-01 00:34:09 +01:00
Conny Brunnkvist
f0e23c9441 Use the selected random User-Agent 2014-07-01 00:27:14 +07:00
Miroslav Stampar
c2f14e57e7 Patch for an Issue #740 2014-06-29 00:27:23 +02:00
Miroslav Stampar
686fe4d0e9 Another patch for DNS exfiltration and boolean checks 2014-06-27 14:22:00 +02:00
Miroslav Stampar
8e660e6911 Minor fix 2014-06-27 14:14:29 +02:00
Miroslav Stampar
2f8d17bcb7 Appendix to last commit 2014-06-27 13:45:40 +02:00
Miroslav Stampar
75279ea75a Fix for DNS exfiltration of boolean checks 2014-06-27 13:07:34 +02:00
Miroslav Stampar
5b5a765f96 Patch for an Issue #734 2014-06-23 12:24:08 +02:00
Miroslav Stampar
a47072eced Patch for an Issue #732 2014-06-22 00:09:08 +02:00
Miroslav Stampar
2a88436417 Patch for an Issue #724 2014-06-16 09:51:24 +02:00
Miroslav Stampar
f558b800ac Patch for an Issue #719 2014-06-12 09:08:55 +02:00
Miroslav Stampar
c50560c3a6 Patch for an Issue #716 2014-06-10 21:57:54 +02:00
Miroslav Stampar
5e9334ab79 Implementation for an Issue #715 2014-06-08 23:55:15 +02:00
Miroslav Stampar
54be398e83 Patch for an Issue #711 2014-06-04 16:35:07 +02:00
Miroslav Stampar
27ebc02535 Minor fix (user reported problem via email) 2014-05-29 09:33:14 +02:00
Miroslav Stampar
0f10cdfa4c Minor update 2014-05-29 09:24:09 +02:00
Miroslav Stampar
9e02816cbd Raising number of used md5 digits in hashdb key value because of birthday paradox (Python can handle it - automatically expanding to long if required; SQLite can handle it - it will use 6 bytes per INTEGERs instead of 4) 2014-05-29 09:21:48 +02:00
Miroslav Stampar
680ab10ca6 Patch for an Issue #703 2014-05-27 21:41:07 +02:00
Miroslav Stampar
2d5461d250 Minor fix (related to the unknown encoding reported by ML) 2014-05-22 09:03:14 +02:00
Miroslav Stampar
24954776a5 Patch for an Issue #697 2014-05-20 22:00:26 +02:00
Miroslav Stampar
babe49f086 Minor update (added new warning message) 2014-05-20 17:14:40 +02:00
Miroslav Stampar
c181e909b5 Minor fix 2014-05-16 23:47:00 +02:00
Miroslav Stampar
0f581ccb6c Minor fix 2014-05-13 15:36:28 +02:00
Miroslav Stampar
4e8b41b869 Patch for an Issue #688 2014-05-13 00:50:36 +02:00
Miroslav Stampar
3a2916724c Minor style update 2014-05-11 17:12:15 +02:00
Miroslav Stampar
a72d73804e Revert of 9255174890 (bug was introduced with it) 2014-05-10 01:31:44 +02:00
Miroslav Stampar
93bf8e2a13 Bug fix 2014-05-10 01:11:19 +02:00
Miroslav Stampar
8f0807d7f9 Another fix related to the last commit 2014-05-09 22:55:16 +02:00
Miroslav Stampar
5eae002084 Minor fix 2014-05-09 22:45:43 +02:00
Miroslav Stampar
9255174890 Minor fix 2014-05-09 22:39:56 +02:00
Miroslav Stampar
bc4369be06 Fix for an Issue #687 2014-05-07 09:16:17 +02:00
Miroslav Stampar
2a55f75f86 Using a more generic XML recognition regex 2014-04-30 21:25:45 +02:00
Miroslav Stampar
2e96e3c924 Adding a hidden switch --ignore-401 2014-04-29 23:26:45 +02:00
Miroslav Stampar
eb8e31c23f Adding a failsafe output directory 2014-04-27 22:40:41 +02:00
Miroslav Stampar
b54651b5a2 Minor patch (while saving configuration file) 2014-04-25 09:32:57 +02:00
Miroslav Stampar
ae8b1fe89c Implementation for an Issue #678 2014-04-25 09:17:10 +02:00
Miroslav Stampar
e0fb21c26a Patch for an Issue #673 2014-04-21 21:57:30 +02:00
Miroslav Stampar
f29769b7d0 Minor patch 2014-04-16 09:06:17 +02:00
Miroslav Stampar
ef5ce7e66c Fix for an Issue #670 2014-04-12 17:22:47 +02:00
Miroslav Stampar
fd884ec67b Adding another comment 2014-04-12 17:22:47 +02:00
Miroslav Stampar
b5cca742e4 Adding a comment 2014-04-12 17:22:47 +02:00
Miroslav Stampar
7f371c499d Commit related to the last one 2014-04-10 21:29:59 +02:00
Miroslav Stampar
096ce7881e Minor beauty patch 2014-04-10 21:18:24 +02:00
Miroslav Stampar
0d1690de61 Minor fix 2014-04-10 21:18:24 +02:00
Miroslav Stampar
1e8349eeaa Minor fix 2014-04-10 21:18:24 +02:00
Miroslav Stampar
2d3a74a0fe Patch for an Issue #667 2014-04-07 21:01:40 +02:00
Miroslav Stampar
cb0044b2c4 Minor beauty patch 2014-04-07 20:28:17 +02:00
Miroslav Stampar
fdad787681 Graceful abort in case of an invalid option in configuration file 2014-04-07 20:22:51 +02:00
Miroslav Stampar
e3ccf45503 Graceful abort in case of an invalid configuration file 2014-04-07 20:17:47 +02:00
Miroslav Stampar
bcf754fb17 Consistency patch (to be the same as in help listing) 2014-04-07 20:10:21 +02:00
Miroslav Stampar
b74de19213 Trivial style update 2014-04-07 20:06:03 +02:00
Miroslav Stampar
75f447ccf8 Renaming lib/core/purge to lib/utils/purge 2014-04-07 20:04:07 +02:00
Miroslav Stampar
9c7fbd1a90 Minor refactoring 2014-04-06 18:19:54 +02:00
Miroslav Stampar
4f4c50c4d5 Minor language update 2014-04-06 18:12:59 +02:00
Miroslav Stampar
bf18b025d6 Minor removal of redundant code 2014-04-06 18:09:54 +02:00
Miroslav Stampar
e931344617 More elegant implementation for --random-agent 2014-04-06 18:05:43 +02:00
Miroslav Stampar
9456dc68e7 Minor patch 2014-04-06 17:24:27 +02:00
Miroslav Stampar
1c92d8d51f More generic implementation for --proxy-file (accepting public lists format) 2014-04-06 17:23:13 +02:00
Miroslav Stampar
bbf08a825e Minor language fix 2014-04-06 17:12:43 +02:00
Miroslav Stampar
cf250a0381 Minor patch (it would go boom if special character was inside the --param-del) 2014-04-06 17:02:32 +02:00
Miroslav Stampar
053b0fd0e9 Renaming conf.oDir to conf.outputDir 2014-04-06 16:54:46 +02:00
Miroslav Stampar
7cc4159316 Renaming conf.cDel to conf.cookieDel 2014-04-06 16:50:58 +02:00
Miroslav Stampar
0ae8ac707e Renaming conf.pDel to conf.paramDel 2014-04-06 16:48:46 +02:00
Miroslav Stampar
95e7ca02f0 Minor bug fix (-d was not recognized as one of mandatory in case of config file) 2014-04-06 16:45:25 +02:00
Miroslav Stampar
1b3a98b8ef Trivial update (for consistency sake) 2014-04-06 13:42:15 +02:00
Miroslav Stampar
492a410bcc Minor fix 2014-04-04 16:14:53 +02:00
Miroslav Stampar
15f92c4197 Bug fix (port was not being used properly with Burp exported history) 2014-04-03 09:46:37 +02:00
Miroslav Stampar
1632bec10b Another fix related to the last commit 2014-04-03 09:05:12 +02:00
Miroslav Stampar
e7e8a3965a Minor fix 2014-04-03 09:00:14 +02:00
Miroslav Stampar
80d4426dbd Patch related to the Issue #661 2014-04-02 22:34:37 +02:00
Miroslav Stampar
d8bacc904e Minor language update 2014-04-01 16:38:50 +02:00
Miroslav Stampar
3e024ac8e6 Minor update (consistency patch) 2014-03-30 16:51:31 +02:00
Miroslav Stampar
76b9fad24a Fix for an Issue #656 2014-03-30 16:21:18 +02:00
Miroslav Stampar
b2cc8f00ef Bug fix (ORACLE_OLD on Windows - resulted in multiple entry per line output due to no locking used) 2014-03-28 00:41:22 +01:00
Miroslav Stampar
e8c1c90f2e Whitespace was being double encoded in case of spaceplus (' '->%2B) 2014-03-25 22:02:14 +01:00
Miroslav Stampar
3710a7051b Fix for an Issue #653 2014-03-25 21:26:22 +01:00
Miroslav Stampar
930c3e3c5a Minor update (added check for --limit and --risk) 2014-03-25 09:28:12 +01:00
Miroslav Stampar
f6e1d9e026 Fix for an Issue #650 2014-03-24 10:46:23 +01:00
Miroslav Stampar
106102bd3c Fix for an Issue #648 2014-03-21 20:28:29 +01:00
Bernardo Damele
9f838c3d5b typo fix 2014-03-21 11:37:34 +00:00
Bernardo Damele
8091a88d3e minor code cleanup and bug fix 2014-03-21 11:35:30 +00:00
Bernardo Damele
c211255773 replaced outfile with dumpfile so works even if the original statement outputs blob 2014-03-21 11:01:57 +00:00
Miroslav Stampar
39ab3b9149 Minor fix for meta refresh 2014-03-20 13:13:47 +01:00
Miroslav Stampar
d7f0da5599 Minor patch for an Issue #646 2014-03-20 13:08:28 +01:00
Miroslav Stampar
97fe5e52c2 Fix for an Issue #644 2014-03-18 16:41:05 +01:00
Miroslav Stampar
97f603af4a Fix for an Issue #641 2014-03-17 20:20:25 +01:00
Miroslav Stampar
0622cdf3d8 Bug fix (credentials used in combination with request file) 2014-03-15 09:29:21 +01:00
Miroslav Stampar
3b47418a1d Fix for an Issue #640 2014-03-14 22:20:20 +01:00
Miroslav Stampar
56d76e6bfd Updating list of extensions to exclude from crawling 2014-03-14 21:34:16 +01:00
Miroslav Stampar
be3fd8bb29 Fix for an Issue #638 2014-03-14 16:44:56 +01:00
Miroslav Stampar
17742df0fa Update for an Issue #636 (to prevent eventual future reports with lack of stack trace) 2014-03-11 21:18:31 +01:00
Miroslav Stampar
2f8846caec Fix for an Issue #636 2014-03-11 21:11:51 +01:00
Miroslav Stampar
d1a6a775f1 Patch for an Issue #636 2014-03-11 21:00:15 +01:00
Miroslav Stampar
f1f53a5841 Minor cosmetic update 2014-03-06 21:08:31 +01:00
Miroslav Stampar
490d51258e Raising number of minimum time responses (15 is statistically too low) 2014-03-03 20:49:58 +01:00
Miroslav Stampar
291a0d772a Update for an Issue #615 2014-02-27 14:23:14 +01:00
Miroslav Stampar
2ffdee5733 Bug fix for PAYLOAD.WHERE.REPLACE payloads containing custom injection marker ([ORIGVALUE] was screwed) 2014-02-26 11:41:48 +01:00
Miroslav Stampar
cc62a8adc9 Bug fix for JSON-like data (proper escaping of quotes) 2014-02-26 09:30:37 +01:00
Miroslav Stampar
6369a38ebc Adding support for JSON-like data with single quote 2014-02-26 08:56:17 +01:00
Miroslav Stampar
465f968be6 Minor cosmetic update 2014-02-26 08:41:23 +01:00
Miroslav Stampar
edc8ef9d5b Patch for an Issue #611 (original page used in case of tamper functions was wrong - e.g. if --tamper=base64encode was used) 2014-02-25 13:48:34 +01:00
Miroslav Stampar
2a423d61ef Raising number of requests for false positive testing in case of higher levels 2014-02-23 19:40:01 +01:00
Miroslav Stampar
d405fc1157 Minor update (for the consistency sake) 2014-02-16 22:04:12 +01:00
Miroslav Stampar
58eac364a2 Bug fix 2014-02-16 21:57:14 +01:00
Miroslav Stampar
dfa727cbc5 Fix for a same bug mentioned in last commit 2014-02-16 21:47:14 +01:00
Miroslav Stampar
43df4efd11 Bug fix (bad idea is to do os.path.join on web URLs - especially on Windows OS) 2014-02-16 21:44:57 +01:00
Miroslav Stampar
d05bfdd7dd Implementing option '--where' (Issue #605) 2014-02-11 16:20:45 +01:00
Bernardo Damele
be6767b3b0 minor fix for command execution via web shell 2014-02-10 09:59:57 +00:00
Miroslav Stampar
fe0ff6e679 Changing 'is injectable' to 'seems to be injectable' for boolean and time-based blind injection cases - for false positive cases 2014-02-09 17:50:16 +01:00
Miroslav Stampar
8521265526 Minor fix 2014-02-07 14:40:43 +01:00
Miroslav Stampar
534c2ee0e6 Minor update 2014-02-01 22:12:00 +01:00
Miroslav Stampar
0e44132778 Removing unused imports 2014-02-01 21:49:12 +01:00
Miroslav Stampar
f97fcb7bb3 Adding a switch --invalid-string 2014-01-23 21:56:06 +01:00
Miroslav Stampar
f88f6dcd7e Changing --invalid-bignum from float producing to int producing 2014-01-23 09:07:25 +01:00
Miroslav Stampar
fc02badf40 Minor update 2014-01-23 08:33:21 +01:00
Bernardo Damele
bc29bf6481 removed comments 2014-01-13 23:57:49 +00:00
Bernardo Damele
1505f1dc74 removed useless sink 2014-01-13 23:55:32 +00:00
Bernardo Damele
124ebefc7f code cleanup 2014-01-13 23:48:15 +00:00
Bernardo Damele
3c79d66569 fixed stderr 2014-01-13 17:34:38 +00:00
Bernardo Damele
43a4e85749 updated copyright 2014-01-13 17:24:49 +00:00
Bernardo Damele
dfa9076a70 fixed and improved web shell upload in MySQL (it was actually broken since fc57b7565d) 2014-01-13 17:12:37 +00:00
Miroslav Stampar
6863436d4e Implementation for an Issue #596 2014-01-13 10:05:56 +01:00
Bernardo Damele
d9e00adfae minor fix 2014-01-10 17:23:16 +00:00
Miroslav Stampar
36f3ab5798 Minor bug fix (for cases when race between thread and main thread is causing server._running to not be set to True) 2014-01-09 15:46:55 +01:00
Miroslav Stampar
cb1f17cb04 Proper patch for an Issue #591 2014-01-02 12:15:56 +01:00
Miroslav Stampar
5437f8bf36 Fix for an Issue #85 2014-01-02 12:09:58 +01:00
Miroslav Stampar
4de83daf03 Minor style update 2014-01-02 11:06:19 +01:00
Miroslav Stampar
e0143e397a Consistency fix (down below we use direct SQL) 2014-01-02 10:59:53 +01:00
Miroslav Stampar
0b4fcb6845 Fix for an Issue #591 2014-01-02 10:55:40 +01:00
Miroslav Stampar
854a55166c Fix for an Issue #588 2014-01-02 10:29:10 +01:00
Miroslav Stampar
9b4b070ecf Minor cosmetics 2014-01-02 10:05:58 +01:00
Miroslav Stampar
192a911b76 Patch for an Issue #28 2013-12-29 16:16:50 +01:00
Miroslav Stampar
41d6c1af82 Patch for an Issue #589 2013-12-28 13:47:40 +01:00
Miroslav Stampar
6c80f2903b Patch for an Issue #564 2013-12-27 11:02:59 +01:00
Miroslav Stampar
cadbddd607 Adding a boundary proposed in Issue #564 2013-12-27 10:46:18 +01:00
Miroslav Stampar
7718edac9b Fix for an Issue #570 2013-12-27 09:40:33 +01:00
Miroslav Stampar
02de2aee6d Patch for an Issue #582 2013-12-26 22:27:04 +01:00
Miroslav Stampar
ab64d385d6 Bug fix (stacked queries as in PgSQL and MsSQL DNS tunneling queries MUST end with the comment - not the recognized underlying technique's suffix) 2013-12-25 22:18:57 +01:00
Miroslav Stampar
2c2667b2be Minor patch for an Issue #575 2013-12-18 00:56:24 +01:00
Miroslav Stampar
fd6dcd8bf5 Merge pull request #583 from mattoufoutu/api
RESTful API improvements
2013-12-17 14:10:19 -08:00
Miroslav Stampar
f18abb1e9c Minor update (proxy can be also a https one (e.g. Burp for HTTPS targets) 2013-12-17 09:30:51 +01:00
Miroslav Stampar
7d8eb148ce Patch for an Issue #565 (DuckDuckGo doesn't like identity encoding) 2013-12-17 09:30:04 +01:00
Miroslav Stampar
4819e19200 Patch for an Issue #584 2013-12-16 22:00:47 +01:00
Mathieu Deous
4c9456dd72 moar logging! 2013-12-15 16:59:47 +01:00
Mathieu Deous
438ad73016 avoid names shadowing 2013-12-15 09:22:01 +01:00
Mathieu Deous
eda9a3da67 all instance attributes should be defined in constructor 2013-12-15 09:16:38 +01:00
Mathieu Deous
3effaee2a1 avoid using global variables, use a "store" class 2013-12-15 00:19:58 +01:00
Mathieu Deous
c70f2a4e6d unused imports 2013-12-15 00:00:08 +01:00
Mathieu Deous
aa02019638 return file content in a json message when calling download endpoint 2013-12-14 16:33:17 +01:00
Mathieu Deous
c87ad1bab5 make returned values more coherent 2013-12-14 16:22:30 +01:00
Mathieu Deous
72137e85f9 do not reset options when firing a scan 2013-12-14 15:59:47 +01:00
Mathieu Deous
af7ad31182 fix commit method usage (belongs to connection, not cursor) 2013-12-14 15:58:09 +01:00
Mathieu Deous
c5a3f54b89 remove unused imports 2013-12-14 15:47:26 +01:00
Mathieu Deous
8a946509b9 PEP8 2013-12-14 15:44:10 +01:00
Miroslav Stampar
5b2ded0b18 Fix for an Issue #577 2013-12-13 21:00:26 +01:00
Miroslav Stampar
437278e32d Fix for an Issue #580 2013-12-13 19:48:05 +01:00
Mathieu Deous
c3dd6e1e32 api's get_option function doesn't lookup the right object 2013-12-08 17:46:02 +01:00
Miroslav Stampar
b0ca34ff27 Bug fix (payload character '=' was not being url-encoded in custom (user) post cases - when posthint was None) 2013-12-04 10:09:54 +01:00
Miroslav Stampar
bf3fbb0ae0 Ignore Google analytics cookies 2013-12-04 09:56:37 +01:00
Miroslav Stampar
dd2ddec79a Minor fix (better extraction of original value in case of replacement and custom POST injection mark) 2013-12-03 13:37:04 +01:00
Miroslav Stampar
59d667d94c Minor update 2013-12-01 22:25:12 +01:00
Miroslav Stampar
7054586e8a Update for an Issue #565 (more work TBD - DuckDuckGo has some kind of IP blocking mechanism) 2013-11-25 20:57:07 +01:00
Miroslav Stampar
cda27ec20b Patch for an Issue #563 2013-11-24 15:01:51 +01:00
Bernardo Damele
59b6791faa minor improvement 2013-11-19 00:24:47 +00:00
Bernardo Damele
c37ad88283 minor bug fix 2013-11-13 14:34:19 +00:00
Miroslav Stampar
3c67ba08c5 Minor fix 2013-11-12 14:53:05 +01:00
Miroslav Stampar
354aaeae5b Removing unused imports 2013-11-12 14:11:07 +01:00
Miroslav Stampar
d84ddf23bd Replacing os.sep constructs with os.path.join 2013-11-12 14:08:41 +01:00
Miroslav Stampar
2f1607b4d5 Minor fix for dumping non-alphanumeric database names 2013-11-12 13:13:47 +01:00
Miroslav Stampar
0a4512e9ae Implementation for an Issue #557 2013-11-08 09:23:38 +01:00
Miroslav Stampar
48bd2e75e9 Minor patch 2013-10-28 13:59:38 +01:00
Miroslav Stampar
7ed05f01b3 Minor update 2013-10-27 00:24:57 +02:00
Miroslav Stampar
fabbe63f00 Proper fix for re.sub() call with repl value containing backslash 2013-10-23 18:07:38 +02:00
Miroslav Stampar
28529a92a7 Minor fix (for parameters with \ in value) 2013-10-23 10:49:50 +02:00
Miroslav Stampar
9f21406a4b Using cPickle in BigArray (faster and potentially less memory used) 2013-10-21 20:48:00 +02:00
Miroslav Stampar
8dac47f7e5 Minor patch (for recognition of x-mac-turkish codec) 2013-10-21 20:04:48 +02:00
Miroslav Stampar
e197720def Fix for an Issue #546 2013-10-19 20:54:52 +02:00
Miroslav Stampar
777d999e71 Minor update 2013-10-18 15:39:46 +02:00