Miroslav Stampar
f94ac8c69d
Second patch related to the Issue #846
2014-10-09 15:21:26 +02:00
Miroslav Stampar
7e40890f32
Patch for an Issue #815
2014-09-01 16:16:12 +02:00
Miroslav Stampar
d5d01e91ad
Warning message
2014-08-30 22:15:14 +02:00
Miroslav Stampar
79a66ef22c
Minor patch
2014-07-06 09:09:44 +02:00
Miroslav Stampar
1eecabaea8
Patch for an Issue #746
2014-07-02 10:11:31 +02:00
Miroslav Stampar
54be398e83
Patch for an Issue #711
2014-06-04 16:35:07 +02:00
Miroslav Stampar
27ebc02535
Minor fix (user reported problem via email)
2014-05-29 09:33:14 +02:00
Miroslav Stampar
2a55f75f86
Using a more generic XML recognition regex
2014-04-30 21:25:45 +02:00
Miroslav Stampar
ef5ce7e66c
Fix for an Issue #670
2014-04-12 17:22:47 +02:00
Miroslav Stampar
106102bd3c
Fix for an Issue #648
2014-03-21 20:28:29 +01:00
Miroslav Stampar
6369a38ebc
Adding support for JSON-like data with single quote
2014-02-26 08:56:17 +01:00
Miroslav Stampar
465f968be6
Minor cosmetic update
2014-02-26 08:41:23 +01:00
Bernardo Damele
43a4e85749
updated copyright
2014-01-13 17:24:49 +00:00
Miroslav Stampar
d84ddf23bd
Replacing os.sep constructs with os.path.join
2013-11-12 14:08:41 +01:00
Miroslav Stampar
b8d49c2ea2
Minor usability patch
2013-10-12 20:41:25 +02:00
Miroslav Stampar
98d27ef200
Bug fix (missing permissions when creating dump directory)
2013-10-11 21:17:12 +02:00
Miroslav Stampar
4cf49bc0cc
Minor fix for an Issue #517
2013-09-05 09:22:11 +02:00
Miroslav Stampar
b17bb07301
Minor regex update
2013-09-04 19:28:59 +02:00
Miroslav Stampar
bf57f636a3
Fix for an Issue #517
2013-09-04 19:22:24 +02:00
stamparm
e28b056028
Dummy fix
2013-05-29 14:26:00 +02:00
Miroslav Stampar
f3f752d85c
Patch for an Issue #452
2013-05-25 18:52:59 +02:00
stamparm
3e65037a05
Introducing lib/utils/sqlalchemy.py (Issue #361 )
2013-04-15 10:33:25 +02:00
Miroslav Stampar
0b449bb1d9
Fix for an Issue #433
2013-04-10 19:33:31 +02:00
stamparm
f67148a9a4
Update for an Issue #431
2013-04-10 16:43:57 +02:00
stamparm
8c9da95343
Style and consistency update (url -> URL)
2013-04-09 11:48:42 +02:00
Miroslav Stampar
7614c815ed
Minor update/patch
2013-04-07 21:32:03 +02:00
stamparm
0882fe0ce3
Minor update related to the last two
2013-03-26 16:04:56 +01:00
stamparm
eb1bfc20cb
Update related to the last commit
2013-03-26 15:36:44 +01:00
stamparm
2fe6aea0eb
Minor fix
2013-03-26 15:07:14 +01:00
stamparm
7447773237
Update for consistency (all other enums are using _ in between words)
2013-03-20 11:10:24 +01:00
Bernardo Damele
4727589135
code consistency
2013-02-15 00:17:13 +00:00
Miroslav Stampar
368a2fd297
Fix for an Issue #393
2013-02-14 16:18:16 +01:00
Miroslav Stampar
f97f575018
Trivial restyling
2013-02-14 15:41:27 +01:00
Miroslav Stampar
605c5b089e
Minor style update
2013-02-14 15:38:44 +01:00
Miroslav Stampar
06d8547916
Implementation for an Issue #394
2013-02-14 15:38:44 +01:00
Miroslav Stampar
7944684ff2
This was supposed to be a separate commit (going to commit it in next one)
2013-02-14 15:38:44 +01:00
Miroslav Stampar
6c0054bc5f
Putting that ugly parameter xyz is not inside the Cookie into the debug messages
2013-02-14 15:38:44 +01:00
Bernardo Damele
4b9d8ed673
reverted a previous commit as not all distributions create a link file /usr/bin/python2 to the Python interpreter
2013-02-14 11:32:17 +00:00
Bernardo Damele
a67ef4117f
make sure to use Python 2 interpreter when default system Python is version 3
2013-02-14 11:25:04 +00:00
Miroslav Stampar
d78a3e977b
Update (allowing regular char * to be inside SOAP/JSON/XML)
2013-02-13 12:24:42 +01:00
Miroslav Stampar
7c802ed8cc
Minor fix
2013-02-13 11:14:45 +01:00
Miroslav Stampar
c2672e78fc
Support for multiple injection marks inside the same header value (Issue #48 )
2013-02-12 12:06:13 +01:00
Miroslav Stampar
15b0ab1b44
Fix for a 'no parameter found' problem when user says N on 'custom injection mark found in POST...'
2013-01-22 14:08:19 +01:00
Miroslav Stampar
9ce2395405
Minor refactoring
2013-01-19 18:40:44 +01:00
Miroslav Stampar
bb6b89fe93
Patch for an Issue #360
2013-01-19 18:06:36 +01:00
Bernardo Damele
a43202f3c0
updated copyright
2013-01-18 14:07:51 +00:00
Miroslav Stampar
a38b3e397c
Patch for an Issue #286
2013-01-17 14:17:39 +01:00
Miroslav Stampar
03dd958d96
Implementation for an Issue #48
2013-01-13 16:22:43 +01:00
Miroslav Stampar
ec4e49d771
Minor refactoring
2013-01-10 16:09:28 +01:00
Miroslav Stampar
acfeeb4f51
Restyling old form of urlparse
2013-01-10 15:41:07 +01:00
Miroslav Stampar
ca3d35a878
Some PEP8 related style cleaning
2013-01-10 13:18:44 +01:00
Miroslav Stampar
e4a3c015e5
Replacing old and deprecated raise Exception style (PEP8)
2013-01-03 23:20:55 +01:00
Miroslav Stampar
0795760255
Minor fix
2012-12-30 11:22:23 +01:00
Miroslav Stampar
1f7644a691
Minor fix when user doesn't want custom injection char marker to be processed
2012-12-08 21:23:30 +01:00
Miroslav Stampar
974407396e
Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods)
2012-12-06 14:14:19 +01:00
Miroslav Stampar
ab67344448
Removed unused imports and variables (pyflake-ing)
2012-12-06 11:15:05 +01:00
Miroslav Stampar
6f7f9dd8eb
Patch for an Issue #242
2012-11-13 10:41:13 +01:00
Miroslav Stampar
a52dbc575b
Patch for an Issue #246
2012-11-13 10:21:11 +01:00
Miroslav Stampar
181c3534f0
Patch for an Issue #237
2012-11-08 19:16:37 +01:00
Miroslav Stampar
1ee0d9ce5e
Fix for an Issue #229
2012-11-05 15:58:54 +01:00
Miroslav Stampar
a9094a35fe
Fix for an Issue #227
2012-10-30 00:20:49 +01:00
Miroslav Stampar
4365c48e83
Minor style update
2012-10-23 14:38:24 +02:00
Miroslav Stampar
06f226c494
Fix for an Issue #211
2012-10-23 14:37:45 +02:00
Miroslav Stampar
2cb1b054bb
Implementation for an Issue #79
2012-10-16 12:32:58 +02:00
Miroslav Stampar
098e446ca4
Adding support for generic XML POST data
2012-10-04 18:44:12 +02:00
Miroslav Stampar
d464678e10
Minor update for an Issue #49
2012-10-04 18:01:42 +02:00
Miroslav Stampar
84b05e2d18
Better treating of numeric values (Issue #49 )
2012-10-04 16:08:37 +02:00
Miroslav Stampar
31aa9be1c7
Minor update
2012-10-04 15:40:11 +02:00
Miroslav Stampar
5d2b534908
Minor update (Issue #49 )
2012-10-04 15:23:01 +02:00
Miroslav Stampar
5b59b6feb4
Removing junk part
2012-10-04 12:09:09 +02:00
Miroslav Stampar
d570e25b1b
Minor workflow update
2012-10-04 12:05:59 +02:00
Miroslav Stampar
eddc634ceb
Minor improvement (custom injection marks are now processed in order of appearance)
2012-10-04 11:52:40 +02:00
Miroslav Stampar
461e5ebc5f
Work for Issue #197 and Issue #49
2012-10-04 11:25:44 +02:00
Miroslav Stampar
bcbf0571a5
Implementation for an Issue #49
2012-10-02 14:23:58 +02:00
Miroslav Stampar
9a1fbb8941
Fix for an Issue #185
2012-09-13 14:22:26 +02:00
Miroslav Stampar
a64438fb5c
Minor language update
2012-09-11 19:45:40 +02:00
Miroslav Stampar
05dced5418
Minor language update
2012-09-11 19:43:03 +02:00
Miroslav Stampar
33980adaef
Another update for an Issue #79
2012-08-31 12:46:38 +02:00
Miroslav Stampar
2806185989
Minor refactoring
2012-08-31 10:43:06 +02:00
Miroslav Stampar
74a5d41272
Minor update for an Issue #79
2012-08-31 10:24:47 +02:00
Miroslav Stampar
59078bb1b8
Fix for an Issue #154
2012-08-20 10:05:13 +02:00
Miroslav Stampar
f358ab2e73
Implementation of an Issue #147
2012-08-15 16:37:18 +02:00
Miroslav Stampar
f797a6d813
Fix for an Issue #125
2012-07-31 13:06:45 +02:00
Miroslav Stampar
142fc887f1
Fix for an Issue #129
2012-07-31 11:03:44 +02:00
Miroslav Stampar
b3552494c4
Minor preparation for an Issue #48
2012-07-26 12:26:57 +02:00
Miroslav Stampar
805120ac52
Minor refactoring
2012-07-14 11:01:30 +02:00
Miroslav Stampar
3c81f74823
Minor style update
2012-07-13 12:22:37 +02:00
Miroslav Stampar
6ade007aec
Minor update of language
2012-07-13 12:13:04 +02:00
Bernardo Damele
162da75a04
modified homepage address
2012-07-12 18:38:03 +01:00
Miroslav Stampar
a525dd4336
Fix for Issue #72
2012-07-07 19:02:46 +02:00
jekil
c39e5a85ba
Removed $id$ tags
2012-06-27 20:56:43 +02:00
Miroslav Stampar
ec44e88db8
lots of refactoring regarding removal of already obsolete session file mechanism
2012-06-21 10:09:10 +00:00
Miroslav Stampar
302d782a0f
minor style update
2012-06-19 08:33:51 +00:00
Miroslav Stampar
f94ebe3107
minor fix (credentials were only set for the first target)
2012-06-04 22:30:12 +00:00
Miroslav Stampar
6ebb621228
adding support for (custom) POST injection (marking injection point with '*' in conf.data)
2012-04-17 14:23:00 +00:00
Miroslav Stampar
efd27d7ade
minor renaming
2012-04-17 08:41:19 +00:00
Miroslav Stampar
cbdcbdd786
minor minor update
2012-03-16 11:18:18 +00:00
Miroslav Stampar
cda8815634
introducing safe deprecation mechanism for HashDB versioning
2012-03-12 22:55:57 +00:00
Miroslav Stampar
11c7cc5224
minor temporary fix
2012-03-08 11:08:43 +00:00
Miroslav Stampar
cd28eb6544
minor update regarding --load-cookies
2012-03-08 10:19:34 +00:00
Miroslav Stampar
f142c0f782
minor update
2012-02-28 14:04:13 +00:00
Miroslav Stampar
a9bf0297f6
moving injection data to HashDB
2012-02-27 13:44:07 +00:00
Miroslav Stampar
85125018a1
minor bug fix
2012-02-25 22:54:32 +00:00
Miroslav Stampar
06ab3fa134
minor update
2012-02-25 10:53:38 +00:00
Miroslav Stampar
74b19a0386
minor update
2012-02-25 10:43:10 +00:00
Miroslav Stampar
b3bd4144f5
removing of unused imports together with some general code refactoring
2012-02-22 10:40:11 +00:00
Miroslav Stampar
95f89ab63a
updating copyright date
2012-01-11 14:59:46 +00:00
Miroslav Stampar
22c3fe49bb
some refactoring
2011-12-28 13:50:03 +00:00
Miroslav Stampar
f622995a29
compatibility with partial union and error technique resumed data
2011-12-22 12:20:21 +00:00
Miroslav Stampar
95cd9e2af3
adding support for scanning Host header values (-p host)
2011-12-20 12:52:41 +00:00
Miroslav Stampar
5f7dbec41f
minor patch
2011-12-03 12:11:46 +00:00
Miroslav Stampar
2ed3efba12
speed optimization and bug fix (kb.absFilePaths were not stored previously; also, they are now extracted only in heuristic phase)
2011-11-22 08:39:13 +00:00
Miroslav Stampar
440b7efe55
minor optimization
2011-11-20 20:14:47 +00:00
Miroslav Stampar
c1486ed4be
adding usage of non-encoded/decoded post data (if data is recognized to be already encoded) by user request
2011-10-25 09:53:44 +00:00
Miroslav Stampar
25f0ec3597
some minor range to xrange conversion (where safe to do)
2011-10-21 22:34:27 +00:00
Miroslav Stampar
b3b4459c72
minor fix
2011-09-26 13:01:43 +00:00
Miroslav Stampar
744636a8c1
switching to SQLite resume support (on error and union techniques this moment)
2011-09-25 20:36:32 +00:00
Bernardo Damele
aedcf8c8d7
Changed homepage address
2011-07-07 20:10:03 +00:00
Miroslav Stampar
faa74cd2bc
introducing results file for multiple target mode
2011-05-15 22:21:38 +00:00
Miroslav Stampar
ec4d9178f8
minor update related to the previous commit
2011-05-08 06:28:58 +00:00
Miroslav Stampar
4d6e7c738c
minor update
2011-05-08 06:17:43 +00:00
Bernardo Damele
f56d135438
Minor code restyling
2011-04-30 13:20:05 +00:00
Bernardo Damele
edc2d75702
Cosmetics and major bug fix
2011-04-21 21:15:23 +00:00
Miroslav Stampar
6fab44d635
minor refactoring and improving of used regex
2011-04-17 22:37:00 +00:00
Miroslav Stampar
9aae447553
minor update for matching SOAP messages
2011-04-17 22:21:32 +00:00
Miroslav Stampar
a7366bf710
SOAP refactoring
2011-04-17 21:39:00 +00:00
Miroslav Stampar
0387654166
update of copyright string (until year)
2011-04-15 12:33:18 +00:00
Miroslav Stampar
139448eeb9
little stabilization regarding POST url(de/en)coding
2011-03-19 16:53:14 +00:00
Bernardo Damele
6e8ebd35f4
Hide switch -x (XML output format) as it is incomplete and bugged and won't make it for 0.9 stable
2011-02-27 12:17:41 +00:00
Miroslav Stampar
417b311475
minor update
2011-02-13 22:02:47 +00:00
Miroslav Stampar
50d25c3b4d
update regarding explicit testing of ua and referer when using -p
2011-02-13 21:58:48 +00:00
Miroslav Stampar
535eb9f3eb
implementation of referer feature
2011-02-11 23:07:03 +00:00
Miroslav Stampar
f83f1a1e06
minor just in case update
2011-02-04 13:08:54 +00:00
Miroslav Stampar
c69b76776e
minor refactoring
2011-02-04 13:04:19 +00:00
Miroslav Stampar
c19d481bb1
little clean up
2011-02-04 12:25:14 +00:00
Miroslav Stampar
fa58a9c86b
update (now URIs like www.site.com/id82 are automatically treated as possible URI injectable)
2011-01-31 20:36:01 +00:00
Miroslav Stampar
ddf23ba7cc
refactoring
2011-01-30 11:36:03 +00:00
Miroslav Stampar
81722b6881
major bug fix reported by Ahmed Shawky (there was a possibility of double url encoding of parameter values)
2011-01-27 18:36:28 +00:00
Miroslav Stampar
dd7262d9e6
we haven't closed session file for previous target which lead to potentially nasty problems in multi target mode
2011-01-20 17:53:49 +00:00
Miroslav Stampar
fb9d7cdfaa
refactoring, code clearing and removal of obsolete switch --longest-common
2011-01-14 14:37:03 +00:00
Miroslav Stampar
dce9a762f1
important update regarding restoring of potentially changed switch values in multi-target mode and/or missing switch values in resume mode
2011-01-02 10:37:32 +00:00
Miroslav Stampar
e355f92f22
bug fix
2010-12-18 10:02:01 +00:00
Miroslav Stampar
ec5c08ca7a
cosmetics
2010-12-09 09:24:20 +00:00
Miroslav Stampar
db39dc32fc
minor update
2010-12-09 00:59:39 +00:00
Miroslav Stampar
258e9fb50e
fix for a "bug" reported by Spencer J. McIntyre (os.makedirs(conf.outputPath, 0755) -> permission denied)
2010-12-08 21:16:18 +00:00
Bernardo Damele
c8f943f5e4
Now, if the back-end dbms type has been identified by the detection engine, skips the fingerprint phase.
...
Major code refactoring and commenting to detection engine.
Ask user whether or not to proceed to test remaining parameters after an injection point has been identified.
Restore beep at SQL injection find.
Avoid reuse of same variable in DBMS handler code.
Minor adjustment of payloads XML file.
2010-11-30 22:40:25 +00:00
Bernardo Damele
9d7087e2ff
Proper saving and resuming when more than a parameter are injectable.
...
Minor bug fix to --stacked-test
Minor code refactoring.
2010-11-29 01:04:42 +00:00
Miroslav Stampar
a0df36beda
when in multi target mode this should be done (another bug was reported by ToR for using "old" data - kb was not properly cleared)
2010-11-17 15:33:07 +00:00
Miroslav Stampar
36c544f440
update (--forms acts now more like -g switch)
2010-11-15 11:34:57 +00:00
Bernardo Damele
5f46a549ba
Cosmetics for --forms
2010-11-14 21:59:35 +00:00