Commit Graph

812 Commits

Author SHA1 Message Date
Miroslav Stampar
3d4f381ab5 Patch for an Issue #169 2013-01-09 15:22:21 +01:00
Bernardo Damele
c44a829b9b pass a pickled options object to sqlmap engine when called from API 2013-01-09 12:34:45 +00:00
Bernardo Damele
1e1892c962 prep for subprocess.. 2013-01-07 11:10:33 +00:00
Miroslav Stampar
e4a3c015e5 Replacing old and deprecated raise Exception style (PEP8) 2013-01-03 23:20:55 +01:00
Miroslav Stampar
cb91729913 Fix for an Issue #324 (crawling when HTML is not well-formed) 2012-12-27 20:55:37 +01:00
Bernardo Damele
832567ecf6 import order 2012-12-21 23:34:37 +00:00
Miroslav Stampar
352e516400 Bottle is a 3rd party tool (not going to extra folder) 2012-12-21 10:18:30 +01:00
Miroslav Stampar
0d5d84edc7 Minor cleanup 2012-12-20 21:03:41 +01:00
Miroslav Stampar
712cf4e4db Fix for an Issue #316 2012-12-20 20:55:59 +01:00
Bernardo Damele
89d8c58fd1 poor attempt at forking a child process for sqlmap engine execution, output is not handled yet 2012-12-20 17:56:53 +00:00
Bernardo Damele
912323c12d minor bug fix (#297) 2012-12-20 17:05:44 +00:00
Bernardo Damele
7adaffa71b fixed options initiation 2012-12-20 16:53:43 +00:00
Bernardo Damele
b0635bddcc adjustments 2012-12-20 15:29:23 +00:00
Bernardo Damele
e9ab33e9dd standalone REST API, code cleanup (#297) 2012-12-20 14:35:02 +00:00
Bernardo Damele
5632279bf7 removed deprecated feature (#287) 2012-12-20 13:21:07 +00:00
Miroslav Stampar
c2c4601d6e Minor restyling 2012-12-20 11:06:52 +01:00
Bernardo Damele
0500712a03 removed unuseful prints 2012-12-17 13:29:19 +00:00
Bernardo Damele
f40c52cc17 comment adjustment 2012-12-17 11:28:03 +00:00
Bernardo Damele
d4a061d0c3 code cleanup - #297 2012-12-15 00:29:35 +00:00
Bernardo Damele
0c3da5c7eb code refactoring and first time logger is handled by a separate file descriptor (issue #297) 2012-12-15 00:12:22 +00:00
Bernardo Damele
2f6a31605c code refactoring (#279) 2012-12-14 22:00:42 +00:00
Bernardo Damele
8dee8355c2 on our way to make it thread safe.. it is a long way actually (issue #297) 2012-12-14 18:13:21 +00:00
Bernardo Damele
21ecffb750 added more comments, improved cleanup method 2012-12-14 17:21:19 +00:00
Bernardo Damele
1421e6a9d4 implemented cleanup and status admin methods 2012-12-14 16:18:45 +00:00
Bernardo Damele
4fa2f400ec minor fix 2012-12-14 15:55:30 +00:00
Bernardo Damele
4c4cb856ff minor bug fix to the /scan/<taskid>output method, forced each taskid to have its own temporary folder for output - issue #297 2012-12-14 15:52:35 +00:00
Bernardo Damele
27906f388f added first methods to interact with sqlmap core, it is now possible to launch a scan from the API, hurray! (issue #297) 2012-12-14 14:51:01 +00:00
Bernardo Damele
f52d81c834 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2012-12-14 13:40:36 +00:00
Bernardo Damele
0b71c85d95 refactoring, code cleanup, more security-related headers and first /scan method implementation (issue #297) 2012-12-14 13:40:25 +00:00
Miroslav Stampar
a3acf72e52 Fix for argparse issue 2012-12-14 14:35:11 +01:00
Bernardo Damele
3d9779ffd4 further improvements to RESTful API: enforce security headers across all HTTP responses properly and make consistent responses across methods (#297) 2012-12-14 12:15:04 +00:00
Bernardo Damele
7b43837238 cleaner solution for imports as standalone client/server (issue #297) 2012-12-14 12:04:44 +00:00
Bernardo Damele
90d5696b25 enhanced RESTful API to support JSON requests and improved standalone client/server skeleton (issue #297) 2012-12-14 12:01:13 +00:00
Bernardo Damele
2e97405ffa bundle bottle library in sqlmap (it is MIT license) - issue #297 2012-12-14 03:00:30 +00:00
Bernardo Damele
0ec420cc70 leftovers 2012-12-14 02:54:16 +00:00
Bernardo Damele
a1b83cd56f added first implementation of REST-JSON API library - issue #297 2012-12-14 02:52:31 +00:00
Bernardo Damele
6e31e87de1 added initial support (hidden from -hh and not yet usable) for REST-JSON API 2012-12-14 02:49:25 +00:00
Miroslav Stampar
c040323821 Minor update 2012-12-13 14:55:20 +01:00
Miroslav Stampar
b78b56d782 Update for an Issue #287 regarding read_output returning values 2012-12-12 17:17:36 +01:00
Miroslav Stampar
e381158058 Hmmm... Let me guess. Update for an Issue #287 2012-12-12 16:31:20 +01:00
Miroslav Stampar
c3f20a136f Minor update for an Issue #287 2012-12-12 14:03:03 +01:00
Miroslav Stampar
32b39c72e4 Minor update 2012-12-12 12:07:56 +01:00
Miroslav Stampar
af52e8e8c2 Minor update for an Issue #287 2012-12-12 12:01:18 +01:00
Miroslav Stampar
a6448e8768 Update for an Issue #287 2012-12-12 11:54:59 +01:00
Miroslav Stampar
ef33729381 Writing only unique hashes to an output file (for eventual cracking with 3rd party tools) 2012-12-12 09:59:24 +01:00
Miroslav Stampar
b9f6fc5f4e First commit (and working one) for an Issue #287 (XML-RPC server) 2012-12-11 16:02:06 +01:00
Miroslav Stampar
75e6d77fbc Minor refactoring 2012-12-07 11:54:34 +01:00
Miroslav Stampar
974407396e Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods) 2012-12-06 14:14:19 +01:00
Miroslav Stampar
baccbd6f48 Implementation for an Issue #283 2012-12-06 11:57:57 +01:00
Miroslav Stampar
ab67344448 Removed unused imports and variables (pyflake-ing) 2012-12-06 11:15:05 +01:00
Miroslav Stampar
b6650add46 Introducing 'new style classes' (idea from Pull request #284) 2012-12-06 10:42:53 +01:00
Miroslav Stampar
0f191f624c Taking some goodies from Pull request #284 2012-12-06 10:21:53 +01:00
Miroslav Stampar
d4b5133df7 Update for an Issue #272 2012-12-04 17:04:32 +01:00
Miroslav Stampar
a14697e8cf Implementation for an Issue #272 2012-12-04 16:47:34 +01:00
Miroslav Stampar
0664e72bea Minor fix for an Issue #230 2012-11-30 12:13:34 +01:00
Miroslav Stampar
181c3534f0 Patch for an Issue #237 2012-11-08 19:16:37 +01:00
Miroslav Stampar
3cf5fc2f5a Fix for an Issue #230 2012-11-05 15:10:49 +01:00
Miroslav Stampar
2de52927f3 Code refactoring (epecially Google search code) 2012-10-30 18:38:10 +01:00
Miroslav Stampar
76b793b199 Fix for an Issue #228 2012-10-30 18:08:25 +01:00
Miroslav Stampar
6e2041bc13 Better language than in last commit 2012-10-30 11:54:21 +01:00
Miroslav Stampar
1bbeb92eb6 Better language (used formation 'not required' in case of help for --dependencies while 'required'->'needs' in a check itself) 2012-10-30 11:19:39 +01:00
Miroslav Stampar
919f75db9b Improvement and fix for pivotDumpTable mechanism 2012-10-28 23:09:35 +01:00
Miroslav Stampar
d7973c3e32 Improvement of pivotDumpTable mechanism (no more fail on first entry) 2012-10-28 22:18:22 +01:00
Miroslav Stampar
c1b8226329 Massive renaming (proper naming is inband = union & error techniques! - query naming stays as they are/in code things like forgeInbandQuery are renamed to forgeUnionQuery) 2012-10-28 00:36:09 +02:00
Miroslav Stampar
a435ba6863 Minor fix 2012-10-28 00:19:00 +02:00
Miroslav Stampar
06805b27f2 Bug fix (time was also meant to be disabled in case of error/inband getvalues) 2012-10-27 23:16:25 +02:00
Miroslav Stampar
7207cf29dd Minor update 2012-10-26 11:05:44 +02:00
Miroslav Stampar
afd82b92dd Patch for an Issue #221 2012-10-25 10:21:36 +02:00
Miroslav Stampar
eb6f17b561 Fix for --dump and -d=mssql 2012-10-23 15:02:43 +02:00
Miroslav Stampar
fccdb824bb Patch for an Issue #193 2012-09-25 11:21:39 +02:00
Miroslav Stampar
12d33c7a38 Fix for Issue #180 and #181 (missing module from an Issue #179) 2012-09-10 22:39:56 +02:00
Miroslav Stampar
f1f6364690 Changing default readInput value on dictionary-based attack depending on conf.multipleTargets 2012-08-22 16:10:38 +02:00
Miroslav Stampar
01f481c332 Minor refactoring of dictionaries 2012-08-21 11:19:15 +02:00
Miroslav Stampar
b7415d36df Minor refactoring 2012-08-21 10:28:25 +02:00
Miroslav Stampar
142fc887f1 Fix for an Issue #129 2012-07-31 11:03:44 +02:00
Miroslav Stampar
cba387a0a0 Minor speed up 2012-07-26 15:42:04 +02:00
Miroslav Stampar
655dd55a6f Implementation of an Issue #105 2012-07-18 13:32:34 +02:00
Miroslav Stampar
41d16e55cb Typo fix (#102) 2012-07-17 09:13:19 +02:00
Miroslav Stampar
c1a14257a4 Removing --disable... switches and making changes in default choice(s) for respectable sections 2012-07-16 11:31:51 +02:00
Miroslav Stampar
87ecf205cb More work for Issue #66 2012-07-14 17:01:04 +02:00
Bernardo Damele
162da75a04 modified homepage address 2012-07-12 18:38:03 +01:00
Miroslav Stampar
bc5025b06c Fix for Issue #59 2012-07-05 12:34:27 +02:00
Miroslav Stampar
8eefe4b71f Getting back revision number - displayed like in GitHub commits (Issue #52) 2012-07-02 13:01:20 +02:00
Miroslav Stampar
2a72fcce2b Fix for Issue #42 2012-06-28 13:55:30 +02:00
jekil
c39e5a85ba Removed $id$ tags 2012-06-27 20:56:43 +02:00
Miroslav Stampar
6c4bd84d18 minor fix (turning back the functionality of kb.suppressResumeInfo) 2012-06-25 16:19:51 +00:00
Miroslav Stampar
ec44e88db8 lots of refactoring regarding removal of already obsolete session file mechanism 2012-06-21 10:09:10 +00:00
Miroslav Stampar
d2dd47fb23 some more refactoring 2012-06-14 13:52:56 +00:00
Miroslav Stampar
75dd1d6a2b minor fix 2012-05-27 21:54:56 +00:00
Miroslav Stampar
00d22f013f some consistency in variable naming at the file level 2012-05-25 10:08:55 +00:00
Miroslav Stampar
e00f4a8934 minor cosmetics 2012-05-08 10:50:04 +00:00
Miroslav Stampar
a121339395 automatically writing uncracked hashes to a file for eventual further processing 2012-05-08 10:46:05 +00:00
Miroslav Stampar
83387d92bb minor bug fix 2012-04-04 23:32:20 +00:00
Miroslav Stampar
5e358b51f9 few fixes related to bug report by Shadow Folder (AttributeError: 'list' object has no attribute 'isdigit') 2012-04-04 09:25:05 +00:00
Miroslav Stampar
b0787f193c getting rid of obsolete getCompiledRegex (in newer versions of Python regexes are already cached) 2012-04-03 14:34:15 +00:00
Miroslav Stampar
1e01203562 few just in case "patches" 2012-04-02 12:58:10 +00:00
Miroslav Stampar
b4cf8b05b3 added switch --load-cookies 2012-03-07 14:48:45 +00:00
Miroslav Stampar
8b9c5c66cc code refactoring regarding charsetType inside inference/bisection 2012-02-29 14:36:23 +00:00
Miroslav Stampar
3909658fc2 few minor just in case updates 2012-02-27 11:15:53 +00:00
Miroslav Stampar
f94b91ad87 added helper function for HashDB data storing/retrieval 2012-02-24 13:07:20 +00:00
Miroslav Stampar
b3bd4144f5 removing of unused imports together with some general code refactoring 2012-02-22 10:40:11 +00:00
Miroslav Stampar
bc4dd7c0dd fix for -g 2012-02-20 10:02:19 +00:00
Miroslav Stampar
aee269cc14 gazillion changes, nothing will work, muhahaha 2012-02-17 14:22:48 +00:00
Miroslav Stampar
e1f86c97c4 minor refactoring 2012-02-16 09:46:41 +00:00
Miroslav Stampar
95f89ab63a updating copyright date 2012-01-11 14:59:46 +00:00
Miroslav Stampar
18930539cd more concise language 2012-01-07 17:45:45 +00:00
Miroslav Stampar
29f502fe29 some refactoring 2011-12-28 16:27:17 +00:00
Miroslav Stampar
22c3fe49bb some refactoring 2011-12-28 13:50:03 +00:00
Miroslav Stampar
dda979a15a minor refactoring 2011-12-27 12:31:29 +00:00
Miroslav Stampar
89d2c7c042 minor update 2011-12-22 20:54:20 +00:00
Miroslav Stampar
9f68e54fff minor cleanup 2011-12-22 10:59:28 +00:00
Miroslav Stampar
526aacb640 code cleanup 2011-12-21 22:59:23 +00:00
Miroslav Stampar
81bd9a201b minor refactoring 2011-12-21 11:50:49 +00:00
Miroslav Stampar
113ebf5e9d minor update 2011-12-20 16:08:17 +00:00
Miroslav Stampar
bdc724cb46 minor bug fix 2011-12-20 10:34:28 +00:00
Miroslav Stampar
14e8ca6d41 minor fix 2011-11-23 14:26:40 +00:00
Miroslav Stampar
9b99530add minor bug fix 2011-11-23 08:14:20 +00:00
Miroslav Stampar
e33f70269b minor optimization 2011-11-22 12:44:28 +00:00
Miroslav Stampar
ac041399f0 minor patch 2011-11-22 11:04:43 +00:00
Miroslav Stampar
9697e80013 some more optimizations 2011-11-22 10:54:29 +00:00
Miroslav Stampar
267d67b024 minor update 2011-11-22 10:41:56 +00:00
Miroslav Stampar
b117c40aa5 major improvement of HashDB speed in multi-threaded mode 2011-11-22 10:09:35 +00:00
Miroslav Stampar
f1f0828b28 minor update 2011-11-21 22:27:47 +00:00
Miroslav Stampar
704e1a4e74 minor minor update 2011-11-21 22:19:52 +00:00
Miroslav Stampar
fcac3d494b minor beautification 2011-11-21 22:18:04 +00:00
Miroslav Stampar
753dcb3450 minor update 2011-11-21 22:12:24 +00:00
Miroslav Stampar
da51e8a9d1 minor fix 2011-11-21 21:55:05 +00:00
Miroslav Stampar
440b7efe55 minor optimization 2011-11-20 20:14:47 +00:00
Miroslav Stampar
e1a92d59de implementing WordPress phpass hash cracking routine 2011-11-20 19:10:46 +00:00
Miroslav Stampar
6c07573e30 minor update 2011-11-06 11:42:02 +00:00
Miroslav Stampar
030c57a0c8 minor update 2011-11-06 11:18:16 +00:00
Miroslav Stampar
2dbd51e357 fix for google searches 2011-11-06 08:55:09 +00:00
Miroslav Stampar
24bda96d9e adding items from John the Ripper's word list to the dictionary for Oracle cracking 2011-11-02 11:21:49 +00:00
Miroslav Stampar
ea125d820d some more speed ups for hash cracking 2011-11-02 09:57:42 +00:00
Miroslav Stampar
2f355db230 minor fix 2011-11-02 09:32:15 +00:00
Miroslav Stampar
0e96af65e6 minor update 2011-11-02 07:06:07 +00:00
Miroslav Stampar
d735582536 major speed improvement of hash cracking 2011-11-02 06:53:43 +00:00
Miroslav Stampar
b3a57391e4 minor update 2011-11-01 20:39:22 +00:00
Miroslav Stampar
3e3f037f1e improvement of hash cracking routine 2011-11-01 19:58:22 +00:00
Miroslav Stampar
4cafc5f31b language update 2011-11-01 19:09:17 +00:00
Miroslav Stampar
f9bb762d1d minor improvement (resuming of already cracked values) 2011-11-01 19:00:34 +00:00
Miroslav Stampar
ef987c6954 adding compatibility support for using --crawl and --forms together 2011-10-29 09:32:20 +00:00
Miroslav Stampar
3c31ccd16e minor update 2011-10-26 22:37:04 +00:00
Miroslav Stampar
9d31230d5e minor update 2011-10-26 21:56:26 +00:00
Miroslav Stampar
d64c0af461 minor update 2011-10-26 14:31:00 +00:00
Miroslav Stampar
9c1d1ca5d8 minor update 2011-10-26 14:13:38 +00:00
Miroslav Stampar
2a72c1ae68 minor fix 2011-10-26 11:30:10 +00:00
Miroslav Stampar
a99547363f some fixes 2011-10-26 11:24:15 +00:00
Miroslav Stampar
3d883a2218 minor update 2011-10-26 11:10:15 +00:00
Miroslav Stampar
d467b40ff6 minor fix 2011-10-26 10:54:43 +00:00
Miroslav Stampar
8d668b1833 some updates regarding hash attack 2011-10-26 10:30:32 +00:00
Miroslav Stampar
f41ae9cf49 minor update 2011-10-26 09:40:47 +00:00
Miroslav Stampar
0b68144c8f minor fixes for hash cracking 2011-10-26 09:29:41 +00:00
Miroslav Stampar
18affca0bc minor update 2011-10-26 09:14:18 +00:00
Miroslav Stampar
eaaf6041b9 minor fix 2011-10-25 11:20:42 +00:00
Miroslav Stampar
25f0ec3597 some minor range to xrange conversion (where safe to do) 2011-10-21 22:34:27 +00:00
Miroslav Stampar
7956390631 minor update 2011-10-11 22:27:49 +00:00
Miroslav Stampar
dacfeafc5f minor optimization 2011-10-10 17:45:16 +00:00
Miroslav Stampar
47b27a5988 minor improvement of HashDB 2011-10-10 14:23:17 +00:00
Miroslav Stampar
fd9acfd7d2 fix 2011-09-26 13:36:08 +00:00
Miroslav Stampar
744636a8c1 switching to SQLite resume support (on error and union techniques this moment) 2011-09-25 20:36:32 +00:00
Bernardo Damele
c15439ab7f Minor improvement to --passwords output 2011-08-02 09:04:34 +00:00
Miroslav Stampar
457f501bbd proper fix 2011-08-01 23:48:38 +00:00
Miroslav Stampar
93ae1dfa2b minor bug fix 2011-07-31 08:52:48 +00:00
Miroslav Stampar
3fc603843e minor fix 2011-07-27 23:26:36 +00:00
Miroslav Stampar
f7eaffcec5 i believe that this could be ok 2011-07-26 21:28:48 +00:00
Miroslav Stampar
5770c08784 minor optimization and refactoring 2011-07-25 20:17:44 +00:00
Miroslav Stampar
ec1bc0219c hello big tables, this is sqlmap, sqlmap this is big tables 2011-07-24 09:19:33 +00:00
Miroslav Stampar
7881ded60d quick fix (this other library was doing problems) 2011-07-20 22:20:16 +00:00
Miroslav Stampar
9d996c07fb another quick fix 2011-07-20 13:00:34 +00:00
Miroslav Stampar
fad77dd078 fix for a ImportError bug reported by g@brindi.si 2011-07-20 12:18:36 +00:00
Miroslav Stampar
9cf33ec997 now status is no longer represented in percentage (impossible in cases where we need to support too small and too large dictionaries - technical issues regarding counting) but by the rotating char 2011-07-15 13:24:13 +00:00
Bernardo Damele
cda25cda2f Cosmetics 2011-07-12 20:49:27 +00:00
Miroslav Stampar
3583d6dd1b quick fixes, more work to do 2011-07-12 20:32:19 +00:00
Miroslav Stampar
0126b8eb0e minor revert (it's illegal to use append for updating one array with another array) 2011-07-12 19:34:54 +00:00
Bernardo Damele
48b7245a33 Minor bug fix 2011-07-12 15:47:04 +00:00
Bernardo Damele
0b8c6e4c81 Minor bug fix 2011-07-12 15:30:40 +00:00
Miroslav Stampar
1f826684f6 disabling multiprocessing (maybe permanently) support for Windows as of complications with sharing dictionary iterator 2011-07-11 13:16:59 +00:00
Miroslav Stampar
7bc6280d53 possible fix for a multi-processing "problem" reported by christopher.oakley@gmail.com 2011-07-11 11:40:27 +00:00
Miroslav Stampar
f5e45bf113 quick fix for a bug reported by jovon.itwaru@gmail.com 2011-07-11 08:54:39 +00:00
Bernardo Damele
aedcf8c8d7 Changed homepage address 2011-07-07 20:10:03 +00:00
Miroslav Stampar
93b296e02c few bug fixes (NTLM credential parsing was wrong), some switch reordering (few Misc to General), implemented --check-waf switch (irony is that this will also be called highly experimental/unstable while other things will be called "major/turbo/super bug fix/implementation") 2011-07-06 05:44:47 +00:00
Miroslav Stampar
b8ffcf9495 few fixes here and there and multi-core processing for dictionary based hash attack 2011-07-04 19:58:41 +00:00
Bernardo Damele
861cdb1b14 cosmetics 2011-07-01 10:04:34 +00:00
Miroslav Stampar
4513ef409e massive (like really massive) dictionary support 2011-06-30 23:44:49 +00:00
Miroslav Stampar
43db6b03a7 update with a feature request (file with list of wordlist files) 2011-06-30 08:42:43 +00:00
Miroslav Stampar
e00cf81f7e minor update 2011-06-24 19:50:13 +00:00
Miroslav Stampar
e9286ddd5b fix for a bug reported by g@brindi.si (UnicodeDecodeError: 'ascii' codec can't decode byte 0xc2 in position
47: ordinal not in range(128))
2011-06-24 19:24:11 +00:00
Miroslav Stampar
eaa2a4202f changing to: --crawl=CRAWLDEPTH 2011-06-24 05:40:03 +00:00
Bernardo Damele
1cb12ea659 replaced third-party library python-mysql with python pymysql, http://code.google.com/p/pymysql/ (MIT license) 2011-06-22 13:31:07 +00:00
Miroslav Stampar
dfc02d8c3c sorry Bernardo, i hope your mobile is turned off :))) 2011-06-20 22:47:24 +00:00
Miroslav Stampar
2a4a284a29 crawler fix (skip binary files) 2011-06-20 22:41:38 +00:00
Miroslav Stampar
20bb1a685b really minor update 2011-06-20 21:57:53 +00:00
Miroslav Stampar
812cd2f19b minor update 2011-06-20 21:47:03 +00:00
Miroslav Stampar
e8ac7414f2 bug fix 2011-06-20 21:36:15 +00:00
Miroslav Stampar
d6062e8fc9 minor fix for crawler and far less message overlaps in future 2011-06-20 21:18:12 +00:00
Miroslav Stampar
8968c708a0 minor update 2011-06-20 14:27:24 +00:00
Miroslav Stampar
17fac6f67f minor update 2011-06-20 13:53:39 +00:00
Miroslav Stampar
4d1fa5596b added support for --scope in --crawl mode 2011-06-20 12:37:51 +00:00
Miroslav Stampar
42746cc706 bug fix 2011-06-20 12:18:46 +00:00
Miroslav Stampar
cda39ca350 minor update 2011-06-20 11:46:23 +00:00
Miroslav Stampar
07e2c72943 adding Beautifulsoup (BSD) into extras; adding --crawl to options 2011-06-20 11:32:30 +00:00
Miroslav Stampar
d55a242908 minor improvement. messages are now warnings (not errors because lots of them are not causing problems for a normal usage) and most of all it's being checked only if the --dependencies is used (until now this switch has been ignored and turned on by default - always) 2011-06-14 19:38:35 +00:00
Miroslav Stampar
1e17c0d4a1 switching to debug mode for missing dependencies 2011-06-14 08:47:06 +00:00
Bernardo Damele
8978fded03 typo fix 2011-06-13 19:00:27 +00:00
Bernardo Damele
7152a1ed3b Added --dependences to show which sqlmap dependences are not available 2011-06-13 18:44:02 +00:00
Miroslav Stampar
6b81eef65a refactoring 2011-06-08 14:30:12 +00:00
Bernardo Damele
9a4ae7d9e2 More code refactoring of Backend class methods used 2011-04-30 14:54:29 +00:00
Bernardo Damele
f56d135438 Minor code restyling 2011-04-30 13:20:05 +00:00
Miroslav Stampar
75142b383d huge speed up (4x times faster) 2011-04-22 21:00:42 +00:00
Miroslav Stampar
f88aa4b165 implemented suppressResumeInfo mechanism (huge slowdown on large tables) 2011-04-22 19:58:10 +00:00
Miroslav Stampar
493b9adf8e speed up of resume values (compiled regexes used) 2011-04-22 19:27:41 +00:00
Miroslav Stampar
b5aef9bcf9 fix for a bug reported by nightman (TypeError: unsupported operand type(s) for +: 'NoneType' and 'str') 2011-04-18 10:16:38 +00:00
Miroslav Stampar
0387654166 update of copyright string (until year) 2011-04-15 12:33:18 +00:00
Miroslav Stampar
bf55b0b77a more restrictions on crypt(3) hash recognition to prevent false positives 2011-04-13 14:40:23 +00:00
Miroslav Stampar
0ae74f27e4 avoiding annoying "payload 'None' possibly..." in case where payload is not specified 2011-04-11 15:24:52 +00:00
Bernardo Damele
beb98140b3 Minor improvement to --check-payload 2011-04-08 14:34:00 +00:00
Bernardo Damele
5b21352656 cosmeticados ;) 2011-04-08 10:39:07 +00:00
Miroslav Stampar
fdef6726cf minor update 2011-04-06 08:30:50 +00:00
Bernardo Damele
d436ba2da5 Minor "fix" when reading hashes from a local sqlite3 (result of --replicate) and there is an int as value 2011-04-06 08:19:56 +00:00
Bernardo Damele
c3b54cc222 Cosmetics 2011-04-01 16:40:28 +00:00
Miroslav Stampar
ee15988878 another minor update related to previous commit 2011-03-31 17:34:07 +00:00
Miroslav Stampar
220366b6e8 minor update (ip addresses will not be confused any more for crypt_generic hashes) 2011-03-31 16:56:26 +00:00
Miroslav Stampar
7cf4ba83dc minor refactoring and comment update 2011-03-29 12:08:07 +00:00
Miroslav Stampar
1821a008af Ctrl+C in dictionary attack phase will now not abort the whole enumeration; also, question for common suffixes will now be asked only once 2011-03-29 12:00:29 +00:00
Miroslav Stampar
a9f5d828c6 minor fix avoiding problems with hashing strange characters in usernames 2011-03-29 07:50:07 +00:00
Miroslav Stampar
dba32306b0 minor update 2011-03-26 22:03:46 +00:00
Miroslav Stampar
d8f7c4bc4c minor update regarding support for crypt(3) 2011-03-26 21:41:37 +00:00
Miroslav Stampar
4f00b9fa4b minor fix 2011-03-26 21:10:31 +00:00
Miroslav Stampar
afe2be6a9f implementation of Standard DES hashing (crypt) 2011-03-26 20:46:25 +00:00
Miroslav Stampar
ecbbfeba6e introduction of --fresh-queries 2011-03-24 10:08:47 +00:00
Miroslav Stampar
d79fae724c minor refactoring 2011-03-24 09:16:21 +00:00
Miroslav Stampar
0bb08d09d2 fix for a bug reported by Kirill (value is None in attack table phase) and minor fix for loading request file 2011-03-24 08:43:40 +00:00
Miroslav Stampar
1879a49506 fix for a bug reported by andreoaz@gmail.com 2011-03-10 20:40:12 +00:00
Bernardo Damele
0a81415f2f Minor code cleanup 2011-02-08 00:02:54 +00:00
Bernardo Damele
6a71629575 Converted from DOS format (\n\r to \n only) 2011-02-06 23:25:55 +00:00
Miroslav Stampar
fa58a9c86b update (now URIs like www.site.com/id82 are automatically treated as possible URI injectable) 2011-01-31 20:36:01 +00:00
Miroslav Stampar
ddf23ba7cc refactoring 2011-01-30 11:36:03 +00:00
Miroslav Stampar
367d0639f0 refactoring (class names should always be Capital cased) 2011-01-28 16:36:09 +00:00
Miroslav Stampar
0f4fb156d3 major bug fix 2011-01-28 14:09:28 +00:00
Bernardo Damele
e734efcda7 Removed deprecated code 2011-01-20 21:50:58 +00:00
Bernardo Damele
bade0e3124 Major code refactoring - centralized all kb.dbms* info for both retrieval and set. 2011-01-19 23:06:15 +00:00
Miroslav Stampar
99a3a3b89c minor fix (break if all found) 2011-01-17 09:41:25 +00:00
Miroslav Stampar
0fcca671bd information update regarding common password suffixes 2011-01-17 09:28:25 +00:00
Miroslav Stampar
3873d204bb important update for dictionary attack 2011-01-15 15:56:11 +00:00
Miroslav Stampar
5bdb50c224 code review part 3 2011-01-15 13:15:10 +00:00
Bernardo Damele
2ac8debea0 Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS.
Minor bug fixes thanks to previous refactoring too.
2011-01-13 17:36:54 +00:00
Miroslav Stampar
e3146464da minor fix for a bug reported by nightman 2011-01-11 12:27:22 +00:00
Miroslav Stampar
643c464268 minor fix 2011-01-11 12:16:20 +00:00
Miroslav Stampar
e3899f7467 fix of a fix 2011-01-07 18:07:18 +00:00
Miroslav Stampar
8e83a26acf minor fix 2011-01-07 17:53:17 +00:00
Miroslav Stampar
ed2aed972f minor fix 2011-01-07 17:38:28 +00:00
Bernardo Damele
27628dca42 cosmetics 2011-01-07 17:25:22 +00:00
Miroslav Stampar
b313a20a3f some fixes 2011-01-07 16:39:47 +00:00
Miroslav Stampar
fdc463d08b fix for a bug reported by deep_freeze@mail.ru (IndexError: list index out of range) 2011-01-03 23:36:35 +00:00
Miroslav Stampar
0eabca9fd4 update for a previous update (putting conf.dataEncoding in getUnicode wherever we know that data won't be 'touched' or 'used' in anyway related to the current web page - if not sure, just leave it as it is) 2011-01-03 22:31:29 +00:00
Miroslav Stampar
ce48ea75d0 noticed that google search page sometimes contain double html escaped links - double htmlunescape solves the problem, while dealing no harm to single html escaped links 2011-01-03 14:39:23 +00:00
Miroslav Stampar
92e4cdb241 raising critical when google detects strange traffic and also removing obsolete sqlmapSiteTooDynamic 2011-01-03 14:21:41 +00:00
Miroslav Stampar
79e97824ef adding user names to the attack dictionary 2010-12-29 00:37:53 +00:00
Miroslav Stampar
c8f8dbf0a7 minor update 2010-12-27 15:39:27 +00:00
Miroslav Stampar
51a492e17d pretty important commit (now dumped tables are prone to dictionary attack) 2010-12-27 10:56:28 +00:00
Miroslav Stampar
39a13077c4 minor bug fix 2010-12-21 23:09:41 +00:00
Miroslav Stampar
21d083272e minor minor fix 2010-12-18 14:31:41 +00:00
Miroslav Stampar
4f73feec2f now dictionary attack on multiple hash formats is supported (like mysql_passwd and mysql_old_passwd in one database) 2010-12-18 14:11:49 +00:00
Miroslav Stampar
5764816891 minor cosmetics 2010-12-03 22:28:09 +00:00
Bernardo Damele
b0928e02c6 Proper comment 2010-12-03 10:39:36 +00:00
Bernardo Damele
09b265a1ea Got rid of conf.logic for the moment, haven't decided yet what to do with parenthesis check 2010-12-01 23:32:02 +00:00
Bernardo Damele
7e3b24afe6 Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own.
All (hopefully) functionalities should still be working.
Added two switches, --level and --risk to specify which injection tests and boundaries to use.
The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!
2010-11-28 18:10:54 +00:00
Miroslav Stampar
c54c9ee5d1 minor update 2010-11-23 22:33:00 +00:00
Miroslav Stampar
57ad59206b cosmetics as it's best 2010-11-23 22:09:10 +00:00
Miroslav Stampar
7a147041c4 cosmetics 2010-11-23 21:44:58 +00:00
Miroslav Stampar
f4f0bc9db3 minor fix 2010-11-23 21:17:01 +00:00
Miroslav Stampar
7877a931d5 more cosmetics regarding dictionary attack 2010-11-23 20:54:40 +00:00
Miroslav Stampar
e3b3e05748 minor update 2010-11-23 19:21:30 +00:00
Miroslav Stampar
0d24a15182 more cosmetics 2010-11-23 19:10:34 +00:00
Miroslav Stampar
836a1c214a los cosmeticados (of hash dictionary attack) 2010-11-23 18:57:00 +00:00
Miroslav Stampar
b41ee8d0d0 minor refactoring 2010-11-23 14:57:36 +00:00
Miroslav Stampar
aa5d038f18 more code refactoring 2010-11-23 14:50:47 +00:00
Miroslav Stampar
3cae76627c code refactoring regarding dictionary attack 2010-11-23 13:58:01 +00:00
Miroslav Stampar
ba4ea32603 first working version of dictionary attack 2010-11-23 13:24:02 +00:00
Miroslav Stampar
bfc9378542 sorry, even more proper naming should be like this (passwd is a standard naming for this kind of function(s)) 2010-11-20 13:22:59 +00:00
Miroslav Stampar
db59faedb9 more proper naming 2010-11-20 13:20:28 +00:00
Miroslav Stampar
1f8a9fe033 foundations for dictionary attack support combined with the sqlmap's password/hash retrieval functionality (--password switch) 2010-11-20 13:14:13 +00:00
Miroslav Stampar
71107e4e9e quick fix for google searches 2010-11-19 21:38:20 +00:00
Miroslav Stampar
df88280681 minor update of google regex (that * was a junky one) 2010-11-19 10:04:29 +00:00
Miroslav Stampar
e8bef28337 updating google parsing regex (for the better, of course) 2010-11-19 10:00:29 +00:00
Bernardo Damele
17486e472a Proper english (--postfix is now --suffix) and --string/--regexp does not necessarily need to match into the original response body, it might well be in the injected True condition only! 2010-11-17 22:00:09 +00:00
Miroslav Stampar
862395ced1 further refactoring (all enumerations are now put into enums.py) 2010-11-08 09:20:02 +00:00
Bernardo Damele
b6da946883 Added one new verbose level, -v 3 now shows the full injected payload.
Fixed also -d verbose output.
2010-11-07 22:34:29 +00:00
Miroslav Stampar
d3e7e89e60 major improvement with display of payloads (all payloads are displayed now) and removal of "pesky" spaces 2010-11-07 21:18:09 +00:00
Miroslav Stampar
6adee3792a removed all trailing spaces from blank lines 2010-11-03 10:08:27 +00:00
Miroslav Stampar
70f6eab715 minor update 2010-11-02 12:08:28 +00:00
Bernardo Damele
46be570463 Proper HTTP version display 2010-10-31 15:41:28 +00:00
Miroslav Stampar
f7d42af046 some fixes regarding --check-payload 2010-10-29 11:00:23 +00:00
Miroslav Stampar
228ac0cde5 refactoring regarding --check-payload 2010-10-25 18:38:54 +00:00
Miroslav Stampar
378653a1ec added IDS payload testing 2010-10-25 15:37:43 +00:00
Miroslav Stampar
bc79eec702 removed queriesfile.py, implemented XMLObject approach (still shell.py and udf.py TODO) 2010-10-21 13:13:12 +00:00
Miroslav Stampar
be443c6947 refactoring regarding __START__,... 2010-10-21 09:51:07 +00:00
Miroslav Stampar
4f7f20b94f sorry, cosmetics 2010-10-14 23:18:29 +00:00
Miroslav Stampar
2bbe0c9ba6 bug fix for Ctrl+C 2010-10-14 15:23:42 +00:00
Miroslav Stampar
8b48833136 large commit with copyright header modifications 2010-10-14 14:41:14 +00:00
Miroslav Stampar
43a3ac2c3a some bug fixes 2010-10-13 20:54:18 +00:00
Miroslav Stampar
18d27cabc5 more changes 2010-10-07 15:34:17 +00:00
Miroslav Stampar
440ff639bb more refactoring 2010-10-07 14:05:34 +00:00
Miroslav Stampar
e80a66acc5 minor update 2010-10-07 12:21:59 +00:00
Miroslav Stampar
1bf8939e2f further updates 2010-10-06 22:43:04 +00:00
Miroslav Stampar
0ad8090ad8 fix for a google bug reported by Brandon E. 2010-10-01 08:03:39 +00:00
Miroslav Stampar
c6bf0e43af minor update 2010-09-27 13:41:18 +00:00
Miroslav Stampar
c39d819dd2 fix for a resume bug reported by Augusto Urbieta 2010-07-20 08:13:02 +00:00
Bernardo Damele
9bce22683b Minor bug fix and adjustment to deal with Keep-Alive also against Google (-g) 2010-06-11 10:08:19 +00:00
Miroslav Stampar
12a5ec9f3d more unicode refactoring 2010-06-02 12:45:40 +00:00
Bernardo Damele
89c721a451 More replacements from open() to codecs.open(). conf.dataEncoding has to be used only for non-binary files. 2010-05-29 10:10:28 +00:00
Miroslav Stampar
a3db3c03c1 str() -> unicode() 2010-05-28 13:05:02 +00:00
Miroslav Stampar
20d05cc404 way to handle re.I (ignore case) while using getCompiledRegex 2010-05-21 15:03:40 +00:00
Miroslav Stampar
5d5ebd49b6 introducing regex caching mechanism 2010-05-21 14:42:59 +00:00
Miroslav Stampar
e938331d8e better regex used avoiding garbage google images 2010-05-15 22:02:28 +00:00
Miroslav Stampar
d20b99ed65 fix (google is changing that class r to class "r") 2010-05-15 21:51:31 +00:00
Miroslav Stampar
b8a5a54395 minor update 2010-05-15 20:44:08 +00:00
Miroslav Stampar
ca3e12ae73 added calculateDeltaSeconds method for dealing with non-deterministic time behaviour in some cases (e.g. WAITFOR DELAY in case of MSSQL) 2010-05-13 11:05:35 +00:00
Bernardo Damele
457d32c73e Proper displaying of debug messages (-v >= 2) 2010-05-11 13:58:53 +00:00
Miroslav Stampar
6752e66164 added charsetType=2 (integer) to queryOutputLength 2010-05-11 12:23:38 +00:00
Bernardo Damele
758a858785 Minor adjustments 2010-04-06 20:40:14 +00:00
Miroslav Stampar
3fe9f9cac9 another fix 2010-04-06 15:28:34 +00:00
Miroslav Stampar
a6a2e993cc minor update 2010-04-06 15:24:56 +00:00
Miroslav Stampar
e2810003ae more update 2010-04-06 15:12:52 +00:00
Miroslav Stampar
c24f1cc07c some update 2010-04-06 14:59:31 +00:00
Miroslav Stampar
60f04f0a41 new module for interruptable threads 2010-04-06 14:33:57 +00:00
Miroslav Stampar
5a6a01f24c added socket timeout exception handling regarding that timeout message from Fahad Al Shunaiber 2010-03-26 11:51:23 +00:00
Bernardo Damele
f9a135e232 Minor bug fix and layout adjustment regarding --threading and standard output 2010-03-22 17:38:19 +00:00
Bernardo Damele
d00e4a458a Code cleanup 2010-03-21 00:39:44 +00:00
Miroslav Stampar
a6ab42c873 new file with getch() method which we'll use for good samaritan feature 2010-03-13 17:28:23 +00:00
Bernardo Damele
e8d76994ba Minor bug fix to avoid resuming data filled into the sqlmap support tables 2010-03-12 14:30:21 +00:00
Bernardo Damele
fdf417f57e Minor adjustment and bug fix 2010-03-10 22:08:11 +00:00
Miroslav Stampar
3f3ddd5437 fix for that SELECT DISTINCT(LENGTH(...)) "misbehavior" 2010-03-09 13:14:43 +00:00
Bernardo Damele
7136c17f19 Minor log adjustments 2010-03-05 14:59:33 +00:00
Miroslav Stampar
6fd1f7f77c update 2010-03-05 14:06:03 +00:00
Bernardo Damele
156fdd96ef Updated copyright 2010-03-03 15:26:27 +00:00
Miroslav Stampar
645afee359 some changes 2010-01-28 00:25:36 +00:00
Miroslav Stampar
3197fada59 update of IDS checking method 2010-01-25 10:06:52 +00:00
Bernardo Damele
952c280083 Added svn keyword 2010-01-25 09:21:39 +00:00
Miroslav Stampar
e689c2ec99 another minor fix (svn header comment) 2010-01-25 00:29:19 +00:00
Miroslav Stampar
44a74ccee8 minor grammar fix 2010-01-25 00:26:51 +00:00
Miroslav Stampar
b183b9cbb4 contains method for detecting if the generated payload is detectable by the PHPIDS filter rules 2010-01-25 00:25:58 +00:00
Bernardo Damele
4ce3abc56d Minor adjustments 2010-01-15 17:42:46 +00:00
Miroslav Stampar
5f171340f5 introduced safe string formatting 2010-01-15 16:06:59 +00:00
Bernardo Damele
df36eb6d11 Minor bug fix in --resume functionality 2010-01-11 14:16:37 +00:00
Bernardo Damele
ce022a3b6e sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup. 2010-01-02 02:02:12 +00:00
Bernardo Damele
d55175a340 Fixed resume functionality on --read-file when using MySQL's LOAD_FILE() via blind SQL injection. 2010-01-02 01:35:13 +00:00
Bernardo Damele
89c43893d4 Merged back from personal branch to trunk (svn merge -r846:940 ...)
Changes:
* Major enhancement to the Microsoft SQL Server stored procedure
heap-based buffer overflow exploit (--os-bof) to automatically bypass
DEP memory protection.
* Added support for MySQL and PostgreSQL to execute Metasploit shellcode
via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an
option instead of uploading the standalone payload stager executable.
* Added options for MySQL, PostgreSQL and Microsoft SQL Server to
read/add/delete Windows registry keys.
* Added options for MySQL and PostgreSQL to inject custom user-defined
functions.
* Added support for --first and --last so the user now has even more
granularity in what to enumerate in the query output.
* Minor enhancement to save the session by default in
'output/hostname/session' file if -s option is not specified.
* Minor improvement to automatically remove sqlmap created temporary
files from the DBMS underlying file system.
* Minor bugs fixed.
* Major code refactoring.
2009-09-25 23:03:45 +00:00
Bernardo Damele
16b4530bbe Minor bug fixes to --os-shell (altought web backdoor functionality still to be reviewed).
Minor common library code refactoring.
Code cleanup.
Set back the default User-Agent to sqlmap for comparison algorithm reasons.
Updated THANKS.
2009-04-27 23:05:11 +00:00
Bernardo Damele
8c0ac767f4 Updated to sqlmap 0.7 release candidate 1 2009-04-22 11:48:07 +00:00
Bernardo Damele
5560f0b68a Updated the copyright 2009-01-12 21:35:38 +00:00
Bernardo Damele
8d06975142 Major enhancement to make the comparison algorithm work properly also
on url not stables automatically by using the difflib SequenceMatcher
object: this changed a lot into the structure of the code, has to be
extensively beta-tested!
Please, do report bugs on sqlmap-users mailing list if you scout them.
Cheers,
Bernardo
2008-12-20 01:54:08 +00:00
Bernardo Damele
bf2a857b9a Minor adjustments and minor bug fixes. Documentation almost complete for sqlmap 0.6.3. 2008-12-12 19:06:31 +00:00
Bernardo Damele
9dbad512f1 sqlmap 0.6.3-rc4: minor enhancement to be able to specify extra HTTP headers
by providing option --headers. By default Accept, Accept-Language and
Accept-Charset headers are set.
Added support to get the injection payload prefix and postfix from user.
Minor bug fix to exclude image files when parsing (-l) proxies log files.
Minor code adjustments.
Updated documentation.
2008-12-08 21:24:24 +00:00
Bernardo Damele
6e548eb2ec Completed support to get the list of targets from WebScarab/Burp proxies
log file and updated the documentation
2008-11-27 22:33:33 +00:00
Bernardo Damele
9be844cf3e Adapted the code to support a list of targets from a text file (Burp log file) or from a directory (WebScarab conversations folder) with command line option -l. 2008-11-20 17:56:09 +00:00
Bernardo Damele
66fb3c3033 Minor enhancement to show the DBMS operating system (if fingerprinted)
also when only -b option is provided since it's an information that
sqlmap get parsing the DBMS banner.
Got rid completely of useless passive fuzzing.
2008-11-17 11:22:03 +00:00
Bernardo Damele
ecc4a98071 Properly moved and improved inject.goStacked() function and newly
implemented Time based blind SQL injection now is a single test file
within the lib/techniques/ folder.
Renamed lib/techniques/inference to lib/techniques/blind, it is more
approriate and adapted the rest of the libraries.
Updated ChangeLog file.
2008-11-12 23:44:09 +00:00
Bernardo Damele
a5b2366033 Implemented a better way to deal with % characters in parameters' value. Minor code restyle. 2008-10-16 15:31:02 +00:00
Bernardo Damele
892a7b2f8a propsets.. 2008-10-15 15:56:32 +00:00
Bernardo Damele
8e3eb45510 After the storm, a restore.. 2008-10-15 15:38:22 +00:00