Miroslav Stampar
1840b0e43b
fix for a bug reported by k1971@live.co.uk (OperationalError: unknown database dbo)
2011-05-03 10:22:38 +00:00
Miroslav Stampar
1e6c2fea74
update regarding warning for --random-agent during connection timeout in connection test phase
2011-05-03 10:05:42 +00:00
Bernardo Damele
6cff3e97f4
cosmetics
2011-05-02 21:48:08 +00:00
Miroslav Stampar
06498796b9
minor cosmetics
2011-05-02 20:51:53 +00:00
Miroslav Stampar
5e9620198c
fix for a privately reported bug ("AttributeError: item is disabled")
2011-05-02 18:18:04 +00:00
Miroslav Stampar
93dee30895
better fix for the previous commit
2011-05-02 13:34:55 +00:00
Miroslav Stampar
20ad1c1f2f
minor update to not confuse users when using -o
2011-05-02 13:24:35 +00:00
Miroslav Stampar
f8c3086d15
minor minor update
2011-05-02 12:37:54 +00:00
Miroslav Stampar
098f53d57a
patch for a problem reported by m.martin2311@yahoo.com (unknown charset 'is0-8859-1')
2011-05-02 12:34:35 +00:00
Bernardo Damele
ac2550535c
Proper fix for --technique=U bug
2011-05-01 23:42:41 +00:00
Miroslav Stampar
900ee0ff93
fix for a major bug reported by k1971@live.co.uk (1..9 99..)
2011-05-01 15:47:00 +00:00
Miroslav Stampar
494503b334
proper way to deal with generic cases
2011-05-01 08:04:08 +00:00
Miroslav Stampar
fcd69ba9c7
fix for a --technique=U
2011-05-01 07:37:22 +00:00
Miroslav Stampar
41fc9f9d54
fix for an issue reported by andrew.gecse@upcmail.hu (unknown web page charset 'hungarian-iso-8859-2')
2011-04-30 22:41:54 +00:00
Bernardo Damele
955dbc85e7
Minor variable rename
2011-04-30 15:29:59 +00:00
Bernardo Damele
b3a0424269
More Backend class method usage refactoring
2011-04-30 15:24:15 +00:00
Bernardo Damele
00f14bec5f
layout adjustment
2011-04-30 15:22:33 +00:00
Bernardo Damele
9a4ae7d9e2
More code refactoring of Backend class methods used
2011-04-30 14:54:29 +00:00
Bernardo Damele
f56d135438
Minor code restyling
2011-04-30 13:20:05 +00:00
Miroslav Stampar
983546d6bf
proper fix
2011-04-30 07:01:21 +00:00
Bernardo Damele
a5968fff3e
Added --count switch to count the number of entries for a specific table (when -T is provided), all database's tables (when only -D is provided) or all databases' tables when neither -D nor -T are provided
2011-04-30 00:22:22 +00:00
Bernardo Damele
956e75e2b5
Minor adjustment to --mobile.
...
Bug fix to --random-agent.
2011-04-29 21:50:48 +00:00
Bernardo Damele
a23ca952e4
Actually brute-force switches make more sense just after their "normal" version. Also, getSchema() method is preferably to be called before getColumns(), see next commit for reason
2011-04-29 21:09:07 +00:00
Miroslav Stampar
46f96f3c4c
removing Kindle from list as it's not really a smartphone
2011-04-29 19:32:30 +00:00
Miroslav Stampar
11124b21f9
implemented --mobile switch
2011-04-29 19:27:23 +00:00
Miroslav Stampar
b299912de4
fix for a bug reported by ahmed@isecur1ty.org (UnicodeDecodeError: 'ascii' codec can't decode byte 0x84 in position 396: ordinal not in range(128)) for multipartpost
2011-04-29 16:56:02 +00:00
Miroslav Stampar
6bb4dce3aa
minor refactoring
2011-04-29 15:22:32 +00:00
Miroslav Stampar
a2bb0d72e8
fix for a bug reported by rdsears@mtu.edu (TypeError: expected string or buffer)
2011-04-29 14:40:28 +00:00
Bernardo Damele
edac0b2558
Added switch --schema to enumerate DBMS schema and now --columns does not require a mandatory table (-T) anymore, instead it will act as an alias for --schema
2011-04-28 23:59:00 +00:00
Bernardo Damele
441c288dd9
cosmeticados
2011-04-25 00:36:09 +00:00
Bernardo Damele
98f9f3e774
Minor bug fix in local shellcodeexec for Windows path
2011-04-25 00:03:12 +00:00
Bernardo Damele
e35f25b2cb
Major recode of --os-pwn functionality. Now the Metasploit shellcode can not be run as a Metasploit generated payload stager anymore. Instead it can be run on the target system either via sys_bineval() (as it was before, anti-forensics mode, all the same) or via shellcodeexec executable. Advantages are that:
...
* It is stealthier as the shellcode itself does not touch the filesystem, it's an argument passed to shellcodeexec at runtime.
* shellcodeexec is not (yet) recognized as malicious by any (Avast excluded) AV product.
* shellcodeexec binary size is significantly smaller than a Metasploit payload stager (even when packed with UPX).
* UPX now is not needed anymore, so sqlmap package is also way smaller and less likely to be detected itself as malicious by your AV software.
shellcodeexec source code, compilation files and binaries are in extra/shellcodeexec/ folder now - copied over from https://github.com/inquisb/shellcodeexec .
Minor code refactoring.
2011-04-24 23:01:21 +00:00
Bernardo Damele
d0dff82ce0
Minor code refactoring relating set/get back-end DBMS operating system and minor bug fix to properly enforce OS value with --os switch
2011-04-23 16:25:09 +00:00
Miroslav Stampar
75142b383d
huge speed up (4x times faster)
2011-04-22 21:00:42 +00:00
Miroslav Stampar
f88aa4b165
implemented suppressResumeInfo mechanism (huge slowdown on large tables)
2011-04-22 19:58:10 +00:00
Miroslav Stampar
493b9adf8e
speed up of resume values (compiled regexes used)
2011-04-22 19:27:41 +00:00
Miroslav Stampar
7b3b9e6a87
it seems that this was indeed not meant to be here
2011-04-22 15:07:09 +00:00
Miroslav Stampar
304500a2e8
implemented checkFalsePositives method (simple Turing like tests)
2011-04-22 12:24:16 +00:00
Bernardo Damele
f3088079c0
error message adjustment
2011-04-21 22:31:02 +00:00
Bernardo Damele
eabb5a2ba7
More adjustments to the error message when no sql injections are detected
2011-04-21 22:04:20 +00:00
Bernardo Damele
6d07dddf60
updated doc and minor layout adjustments
2011-04-21 21:53:35 +00:00
Bernardo Damele
06a00fe85e
For development version, print also the revision number in the banner
2011-04-21 21:34:57 +00:00
Bernardo Damele
770b1523ff
More verbose output when no SQL injections are detected
2011-04-21 21:31:16 +00:00
Bernardo Damele
edc2d75702
Cosmetics and major bug fix
2011-04-21 21:15:23 +00:00
Bernardo Damele
d2f102f5a1
cosmetics
2011-04-21 20:21:37 +00:00
Bernardo Damele
b667c50588
store/resume info on xp_cmd available in session file
2011-04-21 14:25:04 +00:00
Miroslav Stampar
930872cf3b
fix
2011-04-21 14:20:09 +00:00
Bernardo Damele
a313df4d37
Allow user to force temporary folder with --tmp-path even if it has been saved one in the session file
2011-04-21 14:05:37 +00:00
Bernardo Damele
fbe5ba5394
cosmetics
2011-04-21 10:54:12 +00:00
Miroslav Stampar
e1a8d268d8
fix for UPX linux/macos
2011-04-21 10:52:34 +00:00
Bernardo Damele
8d8fc2bbd8
cosmetics
2011-04-21 10:17:41 +00:00
Bernardo Damele
11ecd16099
cosmetics
2011-04-21 10:08:38 +00:00
Miroslav Stampar
9ccf720c05
removing funny remark
2011-04-21 10:06:13 +00:00
Bernardo Damele
a91e6a8440
layout
2011-04-21 10:03:18 +00:00
Miroslav Stampar
cbfe743bad
added a comment
2011-04-21 10:01:58 +00:00
Miroslav Stampar
c84c4d835f
minor update
2011-04-21 09:31:35 +00:00
Miroslav Stampar
e4d3190f41
reverting back to NVARCHAR because of error technique
2011-04-20 12:59:23 +00:00
Miroslav Stampar
3607f03a9e
fix of a minor typo
2011-04-20 12:42:35 +00:00
Miroslav Stampar
1286cc0913
now showing trimmed output in for of warning message (UNION and ERROR techniques affected)
2011-04-20 12:41:58 +00:00
Miroslav Stampar
7993f3f12d
way better for storing bulk of data (like BLOB on mysql)
2011-04-20 11:44:52 +00:00
Miroslav Stampar
04653684cd
revert
2011-04-20 10:34:34 +00:00
Miroslav Stampar
4fadcf0615
improvement for UNION/ERROR case
2011-04-20 10:17:42 +00:00
Miroslav Stampar
1c1c20fb64
minor update
2011-04-20 09:34:00 +00:00
Miroslav Stampar
4b6c524d4c
one more minor update regarding last commit
2011-04-20 09:26:03 +00:00
Miroslav Stampar
44926757da
minor update
2011-04-20 09:23:08 +00:00
Miroslav Stampar
52c98afe93
minor fix
2011-04-20 08:38:46 +00:00
Miroslav Stampar
24435a2c20
implemented "break a tie" request by Andres Riancho
2011-04-20 08:35:47 +00:00
Miroslav Stampar
df0331fe9b
some more refactoring
2011-04-19 23:04:10 +00:00
Miroslav Stampar
3b133303bf
refactoring
2011-04-19 22:54:13 +00:00
Miroslav Stampar
de2479b864
dealing with http://bugs.python.org/issue1602
2011-04-19 22:33:03 +00:00
Miroslav Stampar
9a9838f1e6
cleaning a mess with UPX and virus scanners
2011-04-19 21:57:04 +00:00
Miroslav Stampar
44bbef42f8
minor cosmetics
2011-04-19 20:23:08 +00:00
Miroslav Stampar
b7efa255d6
minor update of usage string
2011-04-19 20:14:56 +00:00
Miroslav Stampar
fc90974940
revert of last commit because of the situation in detection phase where payload is made at the starting point (can't change conf.timeSec in that phase)
2011-04-19 14:50:09 +00:00
Miroslav Stampar
7abbd0c029
removing a leftover
2011-04-19 14:29:51 +00:00
Miroslav Stampar
96b5fede5a
automatic increasing of time delay on lagging connections
2011-04-19 14:28:51 +00:00
Miroslav Stampar
13f8c001a7
minor update
2011-04-19 11:13:53 +00:00
Miroslav Stampar
7a06af9a92
added "lagging" critical message
2011-04-19 10:37:20 +00:00
Miroslav Stampar
9b0db33cc5
initial page request can result in unwanted lag (e.g. slow DNS response,...), hence it's response time shouldn't be a part of response time statistical model
2011-04-19 08:55:38 +00:00
Miroslav Stampar
a7c26366b4
doing that auto default value for --time-sec only for --tor
2011-04-19 08:43:29 +00:00
Miroslav Stampar
4d48ac54dc
automatically increasing default --time-sec value when --tor/--proxy used (not touching anything if explicit --time-sec set)
2011-04-19 08:34:21 +00:00
Miroslav Stampar
b79d4f70f3
cleaner solution for the problem solved with last commit
2011-04-18 14:51:48 +00:00
Miroslav Stampar
f5cff067c6
little hack for --time-sec
2011-04-18 14:46:18 +00:00
Miroslav Stampar
6463cad8c5
minor update for SOAP payloads
2011-04-18 14:29:52 +00:00
Miroslav Stampar
da9ec67869
removing leftover
2011-04-18 13:43:22 +00:00
Miroslav Stampar
354a2ce249
'chardet' heuristic engine added to the project
2011-04-18 13:38:46 +00:00
Miroslav Stampar
b5aef9bcf9
fix for a bug reported by nightman (TypeError: unsupported operand type(s) for +: 'NoneType' and 'str')
2011-04-18 10:16:38 +00:00
Miroslav Stampar
6fab44d635
minor refactoring and improving of used regex
2011-04-17 22:37:00 +00:00
Miroslav Stampar
76d1f09b0a
minor cosmetics
2011-04-17 22:25:25 +00:00
Miroslav Stampar
9aae447553
minor update for matching SOAP messages
2011-04-17 22:21:32 +00:00
Miroslav Stampar
4fa00121e4
that CONSTANT_RATIO was a pure black magic for dynamic pages. now we have better injection detection workflow than before (False, True, False) and it was just a matter of time for removing this one
2011-04-17 21:58:34 +00:00
Miroslav Stampar
a7366bf710
SOAP refactoring
2011-04-17 21:39:00 +00:00
Miroslav Stampar
c7ff5dcbeb
minor update
2011-04-17 08:48:13 +00:00
Miroslav Stampar
ee88ccf0ac
well, this could be important :)
2011-04-17 08:33:46 +00:00
Miroslav Stampar
29ee760021
improving time based data retrieval mechanism
2011-04-17 07:24:18 +00:00
Miroslav Stampar
5e70eac98c
fix for a "popular" typo 'iso-5889-1' reported by David Guimaraes
2011-04-16 06:44:29 +00:00
Miroslav Stampar
88c76147e1
removed few trailing whitespace lines
2011-04-15 20:52:08 +00:00
Miroslav Stampar
3b6f9945ae
minor fix regarding report from nightman@email.de (...from time to time sqlmap lost the connection...)
2011-04-15 14:15:29 +00:00
Miroslav Stampar
c461fdca54
some refactoring
2011-04-15 13:51:06 +00:00
Miroslav Stampar
0387654166
update of copyright string (until year)
2011-04-15 12:33:18 +00:00