Commit Graph

111 Commits

Author SHA1 Message Date
Bernardo Damele
2129935e06 Split character for tamper scripts (--tamper option) is now comma, not semi-colon.
Minor enhancement
2010-10-16 21:52:16 +00:00
Miroslav Stampar
1336b97c2c removed --useBetween switch and added new tampering module ./tamper/between.py 2010-10-15 23:48:07 +00:00
Miroslav Stampar
1ae4d0fc2a added optimization group 2010-10-15 23:26:48 +00:00
Miroslav Stampar
c9f0c75030 removed --space (usage of tampering modules is now a prefered way to do it) 2010-10-15 12:52:33 +00:00
Bernardo Damele
c5e385f77a More layout adjustments 2010-10-15 10:28:34 +00:00
Miroslav Stampar
4f7f20b94f sorry, cosmetics 2010-10-14 23:18:29 +00:00
Miroslav Stampar
8b48833136 large commit with copyright header modifications 2010-10-14 14:41:14 +00:00
Miroslav Stampar
43a3ac2c3a some bug fixes 2010-10-13 20:54:18 +00:00
Miroslav Stampar
34580f56fc added --tamper option 2010-10-12 22:45:25 +00:00
Miroslav Stampar
d2ec132469 added --text-only switch 2010-10-12 19:41:29 +00:00
Miroslav Stampar
43892cddbb some updates 2010-10-11 12:26:35 +00:00
Miroslav Stampar
8fcad29bbf new feature --forms (still unfinished) 2010-10-10 18:56:43 +00:00
Miroslav Stampar
adf2231edb minor update 2010-10-06 13:38:03 +00:00
Miroslav Stampar
56dbf0038f minor update (for future implementation of more advanced error page logic) 2010-10-06 12:10:00 +00:00
Miroslav Stampar
cf8e92699c changes regarding EXISTS feature 2010-09-30 12:35:45 +00:00
Miroslav Stampar
1da672e3c5 added default="False" to "store_true" parameters as it's a prefered way by http://docs.python.org/library/optparse.html 2010-09-27 13:23:29 +00:00
Miroslav Stampar
2e5f269650 update regarding --space option 2010-09-24 22:35:32 +00:00
Miroslav Stampar
9cd5d3bde7 added new option --space 2010-09-24 21:59:03 +00:00
Miroslav Stampar
abe1289016 minor update 2010-09-24 13:20:51 +00:00
Miroslav Stampar
48e0261e68 update for Feature #61 2010-09-24 13:19:35 +00:00
Miroslav Stampar
4fd7db52dd minor update 2010-09-16 10:23:51 +00:00
Miroslav Stampar
6259114c02 added optimization switch (-o) 2010-09-16 10:12:53 +00:00
Miroslav Stampar
bfffd5e333 added --null-connection as an experimental option 2010-09-16 10:01:33 +00:00
Miroslav Stampar
9a72a25704 again minor update 2010-09-15 13:59:55 +00:00
Miroslav Stampar
798ab4989b fix for a Bug #200 2010-09-14 10:35:01 +00:00
Miroslav Stampar
8aa12db425 added option --proxy-cred for setting proxy credentials (Feature #195) 2010-08-18 22:45:00 +00:00
Miroslav Stampar
057ec8a6b2 added --ratio option for direct manipulation of conf.matchRatio parameter 2010-08-10 19:53:29 +00:00
Miroslav Stampar
092829c189 implemented basic smoke testing mechanism 2010-07-30 12:49:25 +00:00
Bernardo Damele
d40a238335 Make --keep-alive public 2010-06-30 11:29:35 +00:00
Miroslav Stampar
eb94edc48c added keepalive module 2010-06-01 12:21:10 +00:00
Bernardo Damele
b798222dd7 Minor fixes 2010-05-30 14:53:13 +00:00
Bernardo Damele
10521b68eb Major bug fix in multipartpost and minor adjustments elsewhere 2010-05-28 23:12:20 +00:00
Bernardo Damele
06af405efd Adapted and merged in patch to support XML output (-x switch) - still in beta.
Minor bug fixes and adjustments.
2010-05-28 16:43:04 +00:00
Bernardo Damele
a138dbe5f6 Minor bug fixes and code refactoring 2010-05-28 15:57:43 +00:00
Miroslav Stampar
0f5768cddf more and more fixes 2010-05-28 14:04:34 +00:00
Bernardo Damele
7e78876f6a Minor bug fix to parse properly also unicode characters from configuration file 2010-05-28 12:07:30 +00:00
Miroslav Stampar
37b8d0c480 utf8 decoding of program arguments 2010-05-28 11:48:44 +00:00
Bernardo Damele
7e925bcfe8 Adapted code following last commit 2010-05-27 16:46:17 +00:00
Miroslav Stampar
5d5ebd49b6 introducing regex caching mechanism 2010-05-21 14:42:59 +00:00
Miroslav Stampar
68e13c3872 periodical commit 2010-05-21 09:35:36 +00:00
Miroslav Stampar
893bc04fe4 changes regarding Feature #157 (Evaluate BETWEEN for inference algorithm) 2010-05-12 11:30:32 +00:00
Bernardo Damele
65a05452f7 Added option --search to work in conjunction with -D (done), -T (soon) or -C (replaces --dump -C) - See #190:
* --search -D foobar: searches all database names like the ones provided
* --search -T foobar: searches all databases' table names like the ones provided (soon)
* --search -C foobar: replaces --dump -C
2010-05-07 13:40:57 +00:00
Miroslav Stampar
915d3441e9 some code refactoring 2010-04-16 19:57:00 +00:00
Miroslav Stampar
1bdf94f236 fix for Bug #164 (Proper usage of special characters in paths) 2010-04-16 15:46:31 +00:00
Miroslav Stampar
bece99908c fix regarding Bug #164 (Proper usage of special characters in paths) - not clear if that's all 2010-04-16 15:12:42 +00:00
Miroslav Stampar
1aeaa5db47 implementation of Feature #176 (Safe URL: avoid being kicked out after N unsuccessful requests) 2010-04-16 12:44:47 +00:00
Bernardo Damele
1416cd0d86 Major enhancement to directly connect to the dbms without passing via a sql injection: adapted code accordingly - see #158. This feature relies on python third-party libraries to be able to connect to the database. For the moment it has been implemented for MySQL (with python-mysqldb module) and PostgreSQL (with python-psycopg2 module).
Minor layout adjustments.
2010-03-26 23:23:25 +00:00
Bernardo Damele
2aadc5c939 Added support for --roles (for Oracle ROLE_PRIVS). Enhanced Oracle --privileges to fall-back to USER_SYS_PRIVS if DBA_SYS_PRIVS is not accessible (so session user is not DBA) - Fixes ticket #180.
Minor enhancement to Firebird to determine if a DB user is a DBA.
Minor code refactoring.
2010-03-25 15:46:06 +00:00
Bernardo Damele
0d559d14df Initial support for SQLite (90% approx).
Initial support for Firebird (30% approx).
Initial support for Access (10% approx).
Shared libraries code/installation scripts ported to 64bit, directory structure adapted.
Minor code adjustments.
2010-03-18 17:20:54 +00:00
Bernardo Damele
7d8cc1a482 Get rid of Churrasco (Token kidnapping technique to --priv-esc). Reasons why:
1. there's kitrap0d (MS10-015) which is far more reliable, just recently fixed
2. works only to priv esc basically on MSSQL when it runs as NETWORK SERVICE and the machine is not patched against MS09-012 which is "rare" (hopefully) nowadays.
Now sqlmap relies on kitrap0d and incognito to privilege escalate the database process' user privileges to SYSTEM, both via Meterpreter.

Minor layout adjustments.
2010-03-12 22:43:35 +00:00