Commit Graph

849 Commits

Author SHA1 Message Date
Bernardo Damele
bdb9c37a7e Cosmetics 2010-10-25 15:17:59 +00:00
Bernardo Damele
215175e3b7 Minor code adjustments 2010-10-25 14:11:47 +00:00
Miroslav Stampar
24c5d7b313 code refactoring 2010-10-25 14:06:56 +00:00
Miroslav Stampar
9c94a233a1 conf.md5hash thrown out 2010-10-25 13:52:21 +00:00
Miroslav Stampar
9a3879feba keeping things neat and tidy 2010-10-25 12:33:49 +00:00
Miroslav Stampar
32728d14b7 fix for --union-use with --error-test 2010-10-25 12:25:29 +00:00
Miroslav Stampar
71543092b7 update regarding comparison engine 2010-10-25 12:00:59 +00:00
Miroslav Stampar
8df7c88174 implementation of a new dynamic content removal engine 2010-10-25 10:41:37 +00:00
Miroslav Stampar
db260c44d3 minor update 2010-10-24 22:25:05 +00:00
Miroslav Stampar
aa931efd4d several MySQL fixes/enhancements pointed out by Anton Mogilin 2010-10-24 22:05:14 +00:00
Miroslav Stampar
52f910f752 added --beep (tested on Windows and Linux; for now turned off) switch 2010-10-23 09:38:46 +00:00
Miroslav Stampar
98f5586b87 minor update 2010-10-23 08:05:24 +00:00
Miroslav Stampar
f1e2c1867f Cosmetics 2010-10-22 21:13:12 +00:00
Miroslav Stampar
2194d47782 setting conf.threads when -o switch is used 2010-10-22 19:10:45 +00:00
Miroslav Stampar
e6e48c5556 fix for Bug #204 2010-10-22 18:23:46 +00:00
Bernardo Damele
1288def3b7 Cosmetics 2010-10-22 14:23:14 +00:00
Miroslav Stampar
dec4d858b3 fix for Bug #207 2010-10-22 14:01:48 +00:00
Miroslav Stampar
1b2ec826bf misc fixes regarding new query retrieval format 2010-10-21 23:17:06 +00:00
Miroslav Stampar
a9b50a1e82 minor fix 2010-10-21 23:09:57 +00:00
Miroslav Stampar
bc79eec702 removed queriesfile.py, implemented XMLObject approach (still shell.py and udf.py TODO) 2010-10-21 13:13:12 +00:00
Miroslav Stampar
be443c6947 refactoring regarding __START__,... 2010-10-21 09:51:07 +00:00
Miroslav Stampar
2668c95ef4 added default HTTP version used by httplib and urllib2 2010-10-21 09:10:07 +00:00
Bernardo Damele
7f1aa3b94f Removed unused imports 2010-10-20 22:48:51 +00:00
Bernardo Damele
c60edf7c17 Minor cosmetics 2010-10-20 22:43:02 +00:00
Bernardo Damele
d8bfa76dca Minor possible bug fix 2010-10-20 22:12:53 +00:00
Bernardo Damele
e73e06069b Minor code refactoring 2010-10-20 22:09:03 +00:00
Bernardo Damele
862cc9ac53 Minor cosmetic fixes 2010-10-20 21:58:33 +00:00
Bernardo Damele
3b5c5cc457 Minor possible bug fix 2010-10-20 21:49:05 +00:00
Bernardo Damele
f95098693f Removed unused functions 2010-10-20 21:16:28 +00:00
Bernardo Damele
430bb7478f Minor bug fix 2010-10-20 21:15:06 +00:00
Miroslav Stampar
34f70657ee fix for NULL values 2010-10-20 10:29:18 +00:00
Miroslav Stampar
00449f1402 fix/upgrade/chicken soup 2010-10-20 09:54:17 +00:00
Miroslav Stampar
e24bff0497 nice refactoring 2010-10-20 09:46:57 +00:00
Miroslav Stampar
5d3cbec457 no more regex. web server independent. 2010-10-20 09:35:46 +00:00
Miroslav Stampar
934adb5e8d code refactoring 2010-10-20 09:09:04 +00:00
Miroslav Stampar
b032fdbf74 added randInt to error injection vectors 2010-10-20 08:56:58 +00:00
Miroslav Stampar
dabbcf9e23 fix for that 'Subquery returns more than 1 row' 2010-10-20 08:50:05 +00:00
Miroslav Stampar
82f44989ce update of error based injection and bug fix for --roles on MSSQL server 2010-10-20 06:40:33 +00:00
Bernardo Damele
0817d1b78d Cosmetics 2010-10-19 23:09:30 +00:00
Miroslav Stampar
8776db872c minor refactoring 2010-10-19 23:05:24 +00:00
Miroslav Stampar
1b376c99a6 removed temp dictionary and replaced with kb.misc 2010-10-19 23:00:19 +00:00
Bernardo Damele
813f44da16 Minor bug fix for MSSQL connector --tables option 2010-10-19 22:11:17 +00:00
Miroslav Stampar
7927e97007 update 2010-10-19 18:34:57 +00:00
Miroslav Stampar
415524bd5a remove --error, now it's only --error-test (it needs to return True to be able to use it) 2010-10-19 18:34:14 +00:00
Miroslav Stampar
8d9201a3dc minor update 2010-10-19 18:23:21 +00:00
Miroslav Stampar
4009ef385e more update regarding error based injection support 2010-10-19 18:17:34 +00:00
Miroslav Stampar
b2e0b615f8 fix for that MySQL checking 2010-10-19 17:38:39 +00:00
Miroslav Stampar
34d7de1d46 cosmetics 2010-10-19 15:28:54 +00:00
Miroslav Stampar
d7622bb9cf major fix for MySQL error based injections 2010-10-19 15:17:16 +00:00
Miroslav Stampar
80505de15b now --users work on Oracle and Postgre (tested) 2010-10-19 14:56:57 +00:00
Miroslav Stampar
4bc541ec3c error based update 2010-10-19 14:47:13 +00:00
Miroslav Stampar
d0ebe428da i've left error flag 2010-10-19 14:12:34 +00:00
Miroslav Stampar
bf850af2d8 fix for Oracle error based query "space" problem 2010-10-19 14:10:09 +00:00
Miroslav Stampar
6a8b1046d4 first successfull run of error based sqlmap in history :). tested --banner, --current-user, --current-db on 4 major DBMSes. still hidden from users (turn on flag error in getValue() in inject.py) 2010-10-19 12:02:04 +00:00
Miroslav Stampar
ccda92536f added header 2010-10-19 09:13:30 +00:00
Miroslav Stampar
264e0a6fda added support for displaying revision number at unhandled exception message 2010-10-19 08:55:14 +00:00
Miroslav Stampar
9a7fd29d4f using pushValue and popValue 2010-10-18 22:22:41 +00:00
Miroslav Stampar
a97319656c optimization - now if DBMS was detected by error based HTML parser, then it's moved at the first place for testing 2010-10-18 21:47:11 +00:00
Miroslav Stampar
729156e91c proper fix 2010-10-18 21:39:46 +00:00
Miroslav Stampar
3d5494845c minor bug fix 2010-10-18 21:32:50 +00:00
Miroslav Stampar
8b8fff41fe cosmetics (adding html parsed DBMS) regarding heuristic check 2010-10-18 12:11:16 +00:00
Bernardo Damele
1d74036ee3 Minor cosmetic fixes 2010-10-18 11:34:53 +00:00
Bernardo Damele
36bc410333 Minor bug fix 2010-10-18 09:50:23 +00:00
Miroslav Stampar
6b70dadfb2 minor cosmetics 2010-10-18 09:09:22 +00:00
Miroslav Stampar
149837ebf5 added the same for proxy authorization header 2010-10-18 09:02:56 +00:00
Miroslav Stampar
aaebb4336e fix for Bug #202 2010-10-18 08:54:08 +00:00
Bernardo Damele
683184cc8f Minor refactoring 2010-10-17 21:06:52 +00:00
Bernardo Damele
cd0fe8dde0 Updated sample configuration file and cmdline help 2010-10-17 00:07:53 +00:00
Bernardo Damele
64b9f94fcf Renamed --common-prediction switch to --predict-output 2010-10-16 23:50:13 +00:00
Bernardo Damele
f54c134d22 Minor adjustment 2010-10-16 22:43:05 +00:00
Bernardo Damele
6211915da5 Cosmetic fix 2010-10-16 22:31:16 +00:00
Bernardo Damele
7b71262de6 Cosmetic fix 2010-10-16 22:07:29 +00:00
Bernardo Damele
a2997a6dce Minor bug fix to --tamper 2010-10-16 21:55:34 +00:00
Bernardo Damele
2129935e06 Split character for tamper scripts (--tamper option) is now comma, not semi-colon.
Minor enhancement
2010-10-16 21:52:16 +00:00
Bernardo Damele
2dae934a2b Minor bug fixes, code refactoring and enhanced --tamper functionality 2010-10-16 21:33:15 +00:00
Bernardo Damele
84ed7f192a Cosmetic fixes 2010-10-16 15:10:48 +00:00
Miroslav Stampar
1336b97c2c removed --useBetween switch and added new tampering module ./tamper/between.py 2010-10-15 23:48:07 +00:00
Miroslav Stampar
1ae4d0fc2a added optimization group 2010-10-15 23:26:48 +00:00
Bernardo Damele
e7c8be1d45 Minor layout adjustments 2010-10-15 15:37:15 +00:00
Miroslav Stampar
c9f0c75030 removed --space (usage of tampering modules is now a prefered way to do it) 2010-10-15 12:52:33 +00:00
Miroslav Stampar
d0514d18ec removed that spaces from URI payloads 2010-10-15 12:49:03 +00:00
Bernardo Damele
bf56f8c63c Cosmetic fix 2010-10-15 12:46:41 +00:00
Miroslav Stampar
dcb9c2103a just in case update 2010-10-15 11:20:19 +00:00
Bernardo Damele
5f6d88a418 Minor comment 2010-10-15 11:17:17 +00:00
Miroslav Stampar
2fa8836c01 bug fix 2010-10-15 11:14:59 +00:00
Miroslav Stampar
d50684a057 added one more check 2010-10-15 11:05:50 +00:00
Miroslav Stampar
2b476e078c minor cosmetics 2010-10-15 10:36:29 +00:00
Bernardo Damele
a80f6110cd don't call variables 'file', it's a reserved word :) 2010-10-15 10:29:24 +00:00
Bernardo Damele
c5e385f77a More layout adjustments 2010-10-15 10:28:34 +00:00
Bernardo Damele
9fcab68700 Minor adjustments 2010-10-15 10:28:06 +00:00
Bernardo Damele
48cc8a308d More verbose messages on successful --null-connection 2010-10-15 10:24:54 +00:00
Miroslav Stampar
0f48dd6f73 fix for skipping non-GET urls 2010-10-15 09:54:29 +00:00
Miroslav Stampar
207bef7f19 fix for that SQLite3 vs SQLite2 issue 2010-10-15 09:39:41 +00:00
Miroslav Stampar
d0df8cdac9 fix for that duplicates 2010-10-15 00:34:16 +00:00
Miroslav Stampar
4f7f20b94f sorry, cosmetics 2010-10-14 23:18:29 +00:00
Bernardo Damele
1674142d82 Minor cosmetic fixes 2010-10-14 15:28:54 +00:00
Miroslav Stampar
2bbe0c9ba6 bug fix for Ctrl+C 2010-10-14 15:23:42 +00:00
Miroslav Stampar
8b48833136 large commit with copyright header modifications 2010-10-14 14:41:14 +00:00
Miroslav Stampar
f07608ef4d show static words in a sorted manner 2010-10-14 12:38:06 +00:00
Miroslav Stampar
162d01abed commit of all sorts (bug fix for heuristics and URI injections, fine tunning of tampering modules with SQL keywords,...) 2010-10-14 11:06:28 +00:00
Miroslav Stampar
7e1f784eaa cosmetic update 2010-10-14 06:00:10 +00:00
Miroslav Stampar
dc50543ea4 major bug fix for --keep-alive option in multithreading mode (that 'shitty' _headers = {} made a one shared object for all connection objects) 2010-10-13 23:01:23 +00:00
Miroslav Stampar
36ef8ca575 bug fix 2010-10-13 22:42:48 +00:00
Miroslav Stampar
02a14d4c45 added Referer (part of Feature #37) 2010-10-13 22:08:09 +00:00
Miroslav Stampar
43a3ac2c3a some bug fixes 2010-10-13 20:54:18 +00:00
Miroslav Stampar
f700692c74 added missing files for Sybase 2010-10-13 18:55:17 +00:00
Miroslav Stampar
562df9c107 temporary fix (files left at home) 2010-10-13 07:39:48 +00:00
Miroslav Stampar
34580f56fc added --tamper option 2010-10-12 22:45:25 +00:00
Miroslav Stampar
9a08f7feb8 minor update 2010-10-12 20:01:59 +00:00
Miroslav Stampar
d2ec132469 added --text-only switch 2010-10-12 19:41:29 +00:00
Miroslav Stampar
f9f79ffbaf basic stuff for sybase 2010-10-12 19:05:12 +00:00
Miroslav Stampar
9ffa928783 added some user interaction when page is dynamic 2010-10-12 15:49:04 +00:00
Miroslav Stampar
b748e6ea44 minor update 2010-10-12 12:52:06 +00:00
Miroslav Stampar
73b77255e3 minor cosmetic update 2010-10-12 12:32:02 +00:00
Miroslav Stampar
6dcd05c39c minor update 2010-10-11 14:38:04 +00:00
Miroslav Stampar
e2bbfbe650 bug fix 2010-10-11 14:32:02 +00:00
Miroslav Stampar
1369529103 minor cosmetic update 2010-10-11 13:52:32 +00:00
Miroslav Stampar
43892cddbb some updates 2010-10-11 12:26:35 +00:00
Miroslav Stampar
8b0a132fa9 minor update 2010-10-11 11:47:07 +00:00
Miroslav Stampar
2198a60684 bug fix (reported by james@ev6.net) 2010-10-10 20:51:11 +00:00
Miroslav Stampar
7a5bb2b0d6 update 2010-10-10 19:50:10 +00:00
Miroslav Stampar
8fcad29bbf new feature --forms (still unfinished) 2010-10-10 18:56:43 +00:00
Miroslav Stampar
18d27cabc5 more changes 2010-10-07 15:34:17 +00:00
Miroslav Stampar
440ff639bb more refactoring 2010-10-07 14:05:34 +00:00
Miroslav Stampar
e80a66acc5 minor update 2010-10-07 12:21:59 +00:00
Miroslav Stampar
1e9ae40397 major refactoring 2010-10-07 12:12:26 +00:00
Miroslav Stampar
1bf8939e2f further updates 2010-10-06 22:43:04 +00:00
Miroslav Stampar
de6fa1247b moved injections to xml format 2010-10-06 22:29:52 +00:00
Miroslav Stampar
adf2231edb minor update 2010-10-06 13:38:03 +00:00
Miroslav Stampar
56dbf0038f minor update (for future implementation of more advanced error page logic) 2010-10-06 12:10:00 +00:00
Miroslav Stampar
cbe7c902c1 just a development start of an error based injection support 2010-10-04 13:05:51 +00:00
Miroslav Stampar
0ad8090ad8 fix for a google bug reported by Brandon E. 2010-10-01 08:03:39 +00:00
Miroslav Stampar
49915f3c33 minor update 2010-09-30 19:49:14 +00:00
Miroslav Stampar
8abcdae1b5 some update 2010-09-30 19:45:23 +00:00
Miroslav Stampar
87abec16bd probable fix for a bug reported by Prashant Jadhav 2010-09-30 18:52:33 +00:00
Miroslav Stampar
cf8e92699c changes regarding EXISTS feature 2010-09-30 12:35:45 +00:00
Miroslav Stampar
c6bf0e43af minor update 2010-09-27 13:41:18 +00:00
Miroslav Stampar
cf17debf79 changed connection message priority to critical (when verbose=0 it's displayed too) 2010-09-27 13:34:52 +00:00
Miroslav Stampar
3cd15960a0 more updates 2010-09-27 13:26:46 +00:00
Miroslav Stampar
1da672e3c5 added default="False" to "store_true" parameters as it's a prefered way by http://docs.python.org/library/optparse.html 2010-09-27 13:23:29 +00:00
Miroslav Stampar
3b9fe3e1c8 everything is ready for testing (smoke and live) 2010-09-27 11:20:48 +00:00
Miroslav Stampar
dc11ae0d65 update 2010-09-26 14:56:55 +00:00
Miroslav Stampar
35f35605df changes regarding Feature #160 2010-09-26 14:02:13 +00:00
Miroslav Stampar
99d9f9e624 update for smoke testing 2010-09-26 10:47:04 +00:00
Miroslav Stampar
2e5f269650 update regarding --space option 2010-09-24 22:35:32 +00:00
Miroslav Stampar
9cd5d3bde7 added new option --space 2010-09-24 21:59:03 +00:00
Miroslav Stampar
327bfcbe97 update regarding Feature #61 2010-09-24 14:34:05 +00:00
Miroslav Stampar
b6ff03690f update regarding Feature #61 2010-09-24 13:34:46 +00:00
Miroslav Stampar
abe1289016 minor update 2010-09-24 13:20:51 +00:00
Miroslav Stampar
48e0261e68 update for Feature #61 2010-09-24 13:19:35 +00:00