Miroslav Stampar
648d91d790
Distinguishing invalid unicode from safe encoded characters (for proper potential decoding)
2012-12-27 22:43:39 +01:00
Miroslav Stampar
352e516400
Bottle is a 3rd party tool (not going to extra folder)
2012-12-21 10:18:30 +01:00
Miroslav Stampar
2ac99e5021
Minor update
2012-12-20 15:40:56 +01:00
Miroslav Stampar
728e061c53
Preventing double safe char encoding
2012-12-20 12:21:45 +01:00
Bernardo Damele
2e97405ffa
bundle bottle library in sqlmap (it is MIT license) - issue #297
2012-12-14 03:00:30 +00:00
Miroslav Stampar
46885d4c28
New pep8 script
2012-12-13 16:07:49 +01:00
Miroslav Stampar
562044577b
Implementation for an Issue #292
2012-12-11 12:02:06 +01:00
Miroslav Stampar
9e38ccbc3d
Removing unused imports
2012-12-10 17:47:42 +01:00
Miroslav Stampar
6ec536e94d
Removing old shutils script and adding new one
2012-12-10 17:44:55 +01:00
Miroslav Stampar
d013644c65
Minor update
2012-12-10 17:37:43 +01:00
Miroslav Stampar
775e0df04b
Update for an Issue #278
2012-12-05 10:45:17 +01:00
Miroslav Stampar
c636c26acc
Minor update
2012-12-03 17:43:39 +01:00
Miroslav Stampar
d95dd2d16e
Preparation for an Issue #254
2012-11-28 10:58:18 +01:00
Miroslav Stampar
735cfeee26
Update extra/shutils/_sqlmap.py
...
Minor language fix
2012-11-20 14:33:03 +01:00
Vlatko Kosturjak
209a860527
Initial import of zsh completion script
2012-11-20 12:54:07 +01:00
Miroslav Stampar
80120e849f
Minor refactoring and update of sqlharvest.py
2012-08-21 13:37:16 +02:00
Bernardo Damele
224e6376a6
cleanup to README files
2012-07-17 00:32:32 +01:00
Bernardo Damele
4940610f38
removed deprecated metasploit module
2012-07-14 19:27:31 +01:00
Miroslav Stampar
87ecf205cb
More work for Issue #66
2012-07-14 17:01:04 +02:00
Bernardo Damele
162da75a04
modified homepage address
2012-07-12 18:38:03 +01:00
Miroslav Stampar
569c9214bf
Adding support for boldifying important logging messages
2012-07-12 16:30:35 +02:00
Bernardo Damele
64143a146f
no need for bold error and critical messages, red is already enough
2012-07-12 14:54:05 +01:00
Bernardo Damele
44ad9bd0f6
removed unused commented lines
2012-07-11 22:40:05 +01:00
Miroslav Stampar
e673a57311
Fix for that ugly red blank line in CRITICAL messages
2012-07-11 20:49:22 +02:00
Bernardo Damele
105ac8ea77
deleted unnecessary hg file
2012-07-11 17:06:56 +01:00
Bernardo Damele
015ea52284
added colorama library, BSD license, http://pypi.python.org/pypi/colorama
2012-07-11 17:04:52 +01:00
Bernardo Damele
9cfea57b10
added termcolor library, MIT license, http://pypi.python.org/pypi/termcolor
2012-07-11 16:45:18 +01:00
Bernardo Damele
ff6ca6fb1a
colourize the whole log message
2012-07-11 12:18:48 +01:00
Bernardo Damele
115cd3479e
minor import fix
2012-07-10 13:13:21 +01:00
Bernardo Damele
43e58b63ea
modified debug colour - issue #77
2012-07-10 02:58:49 +01:00
Bernardo Damele
a14b7e6b6b
fixed the colors - issue #77
2012-07-10 02:47:35 +01:00
Miroslav Stampar
e948e4d45b
Some more refactoring
2012-07-06 17:18:22 +02:00
Miroslav Stampar
40fc6488bf
Fix for Issue #56 (Google has changed few things for retrieving PR)
2012-07-03 21:00:18 +02:00
Miroslav Stampar
f495cfa139
minor update
2012-06-27 23:32:16 +02:00
jekil
c39e5a85ba
Removed $id$ tags
2012-06-27 20:56:43 +02:00
Bernardo Damele
c0b9cf539f
moved udfhack to its own repository, https://github.com/sqlmapproject/udfhack
2012-06-27 15:15:11 +01:00
Miroslav Stampar
e9f6b00e26
minor fix in a KeepAlive library
2012-05-07 13:36:36 +00:00
Miroslav Stampar
95f89ab63a
updating copyright date
2012-01-11 14:59:46 +00:00
Miroslav Stampar
b604057e54
minor update
2011-12-26 16:09:46 +00:00
Miroslav Stampar
068ff92dc4
optimizing a bit pyDes module used in Oracle hash cracking
2011-12-26 15:33:49 +00:00
Miroslav Stampar
8a7b0406c8
minor optimization
2011-12-22 20:08:28 +00:00
Miroslav Stampar
526aacb640
code cleanup
2011-12-21 22:59:23 +00:00
Miroslav Stampar
41b60b26fc
minor refactoring
2011-12-21 14:25:39 +00:00
Miroslav Stampar
0b54553a76
quick fix for AV engines
2011-12-21 10:22:03 +00:00
Miroslav Stampar
0f5d48ff20
minor update
2011-12-05 09:25:56 +00:00
Miroslav Stampar
408d12dc41
minor fix
2011-12-05 08:26:00 +00:00
Miroslav Stampar
3fb22ef80a
another minor update
2011-12-05 00:03:05 +00:00
Miroslav Stampar
a462a9df43
minor update
2011-12-04 23:59:10 +00:00
Miroslav Stampar
b99c157d0f
patching DNS-leakage of SocksiPy extra module
2011-12-04 23:58:22 +00:00
Miroslav Stampar
ef987c6954
adding compatibility support for using --crawl and --forms together
2011-10-29 09:32:20 +00:00
Miroslav Stampar
25f0ec3597
some minor range to xrange conversion (where safe to do)
2011-10-21 22:34:27 +00:00
Bernardo Damele
50f4c4af52
Minor bug fix to parse also MSSQL 2008 R2 signatures
2011-07-24 23:43:01 +00:00
Bernardo Damele
aedcf8c8d7
Changed homepage address
2011-07-07 20:10:03 +00:00
Miroslav Stampar
b8ffcf9495
few fixes here and there and multi-core processing for dictionary based hash attack
2011-07-04 19:58:41 +00:00
Bernardo Damele
6d606d417b
Preparing for PostgreSQL 9.0 DLL (--os-pwn) compilation on Windows 64-bit
2011-06-28 13:41:15 +00:00
Bernardo Damele
1698630bc0
Added PostgreSQL 9.0 shared object for Linux 64-bit
2011-06-28 13:12:18 +00:00
Miroslav Stampar
7c830c2b1a
removing xmlobject
2011-06-22 14:33:03 +00:00
Miroslav Stampar
2a4a284a29
crawler fix (skip binary files)
2011-06-20 22:41:38 +00:00
Miroslav Stampar
d9015ed800
fix for a bug reported by krasn@deventum.com
2011-06-20 13:25:19 +00:00
Miroslav Stampar
07e2c72943
adding Beautifulsoup (BSD) into extras; adding --crawl to options
2011-06-20 11:32:30 +00:00
Miroslav Stampar
84978f16c9
fix for a "problem" reported by Kirill Morozov (nt authority\\network service)
2011-06-11 07:54:59 +00:00
Miroslav Stampar
0d0f2863af
adding one more tamper script
2011-06-09 09:38:07 +00:00
Bernardo Damele
cce3208b35
Cleanup
2011-06-08 14:15:34 +00:00
Miroslav Stampar
0486d1cdaa
minor module update
2011-05-24 10:32:21 +00:00
Miroslav Stampar
25fff8c135
changes in handling --tor (using SOCKS instead of HTTP for handling Tor - more standard way; doesn't require proxy bundle; fixes problems with default proxy ports on Win/Linux)
2011-05-21 11:46:57 +00:00
Miroslav Stampar
48ac9911c0
more graceful fix related to the last commit
2011-05-11 09:42:35 +00:00
Miroslav Stampar
402c623119
minor fix
2011-05-11 09:40:11 +00:00
Miroslav Stampar
53065ee1fb
adding ordered set for kb.targetUrls (now the order of appereance in multiple targets mode will be respected)
2011-05-11 08:55:48 +00:00
Bernardo Damele
28a4ae8eaf
Minor improvement to cleanup script
2011-05-06 13:53:10 +00:00
Bernardo Damele
eea96c5b8d
code cleanup
2011-05-05 08:50:18 +00:00
Bernardo Damele
f56d135438
Minor code restyling
2011-04-30 13:20:05 +00:00
Miroslav Stampar
6bb4dce3aa
minor refactoring
2011-04-29 15:22:32 +00:00
Bernardo Damele
e35f25b2cb
Major recode of --os-pwn functionality. Now the Metasploit shellcode can not be run as a Metasploit generated payload stager anymore. Instead it can be run on the target system either via sys_bineval() (as it was before, anti-forensics mode, all the same) or via shellcodeexec executable. Advantages are that:
...
* It is stealthier as the shellcode itself does not touch the filesystem, it's an argument passed to shellcodeexec at runtime.
* shellcodeexec is not (yet) recognized as malicious by any (Avast excluded) AV product.
* shellcodeexec binary size is significantly smaller than a Metasploit payload stager (even when packed with UPX).
* UPX now is not needed anymore, so sqlmap package is also way smaller and less likely to be detected itself as malicious by your AV software.
shellcodeexec source code, compilation files and binaries are in extra/shellcodeexec/ folder now - copied over from https://github.com/inquisb/shellcodeexec .
Minor code refactoring.
2011-04-24 23:01:21 +00:00
Miroslav Stampar
41924a6ead
fix for a bug reported by saccurso@skygear.com.ar (UnicodeDecodeError: 'ascii' codec can't decode byte 0xe9 in position 0: ordinal
...
not in range(128))
2011-04-21 23:17:16 +00:00
Bernardo Damele
8e2e06a7a3
layout adjustment
2011-04-21 09:25:42 +00:00
Miroslav Stampar
354a2ce249
'chardet' heuristic engine added to the project
2011-04-18 13:38:46 +00:00
Bernardo Damele
79d5804519
added propset
2011-04-15 16:28:48 +00:00
Bernardo Damele
48f916d5a4
Fixed a minor bug
2011-04-15 16:25:42 +00:00
Miroslav Stampar
c461fdca54
some refactoring
2011-04-15 13:51:06 +00:00
Miroslav Stampar
bf6ea35145
adding new tool safe2bin for decoding safe encoded values
2011-04-15 13:41:50 +00:00
Miroslav Stampar
a883316e22
i was on some heavy drugs (sys.stdout = fpOut)
2011-04-15 12:58:56 +00:00
Miroslav Stampar
0387654166
update of copyright string (until year)
2011-04-15 12:33:18 +00:00
Bernardo Damele
7c61931b96
Added notes on how to compile and get small shared libraries for UDF
2011-04-12 09:53:52 +00:00
Miroslav Stampar
305115a68b
important improvement of data handling (POST data and header values)
2011-04-03 15:02:52 +00:00
Miroslav Stampar
cd7e4f5afc
improvement for lots of multiple-selection forms (now by default the first one is selected - till now it was left unchecked which lead to blank get/post data for the whole form)
2011-04-01 22:12:24 +00:00
Miroslav Stampar
d8f7c4bc4c
minor update regarding support for crypt(3)
2011-03-26 21:41:37 +00:00
Miroslav Stampar
63b8156c00
some update (if header key is non-unicode comformant)
2011-02-25 09:43:04 +00:00
Miroslav Stampar
2bbbc9a41e
few updates
2011-02-25 09:35:24 +00:00
Bernardo Damele
156d8cd99b
Directory restyling
2011-02-08 00:15:02 +00:00
Bernardo Damele
0a81415f2f
Minor code cleanup
2011-02-08 00:02:54 +00:00
Bernardo Damele
6a71629575
Converted from DOS format (\n\r to \n only)
2011-02-06 23:25:55 +00:00
Miroslav Stampar
4df8a03c04
using OrderedDict to store parameters in order of appearance
2011-02-04 18:07:21 +00:00
Miroslav Stampar
a8fea8e4a8
fix for a bug noticed when using --keep-alive --threads on IIS/MSSQL
2011-02-03 15:09:53 +00:00
Bernardo Damele
06bb369da5
GCC 4.3 makes Linux/MySQL shared objects smaller
2011-02-03 14:59:31 +00:00
Bernardo Damele
8cf88dd0da
Ready with PgSQL/Linux/32bit shared object too now
2011-02-03 12:28:00 +00:00
Miroslav Stampar
6393495eb0
comment added
2011-01-31 11:58:35 +00:00
Miroslav Stampar
1b4d68c844
minor update
2011-01-31 11:56:20 +00:00
Miroslav Stampar
fb3513650d
adding ID properties
2011-01-31 11:41:28 +00:00
Miroslav Stampar
f9eac97fe8
refactoring of MSSQL XML banner parsing
2011-01-31 11:38:00 +00:00
Miroslav Stampar
367d0639f0
refactoring (class names should always be Capital cased)
2011-01-28 16:36:09 +00:00
Miroslav Stampar
b1c7a17163
fix for a bug reported by malice.anon@gmail.com (UnicodeEncodeError..self.sock.sendall(str))
2011-01-28 13:26:20 +00:00
Miroslav Stampar
bb6e36fb02
minor updates
2011-01-27 12:38:39 +00:00
Miroslav Stampar
20df2bbd10
minor fix
2011-01-25 15:44:45 +00:00
Miroslav Stampar
c7f260a8bc
minor update
2011-01-25 12:54:49 +00:00
Miroslav Stampar
98e48bd682
new script
2011-01-25 12:48:50 +00:00
Miroslav Stampar
bd2e036412
minor fix
2011-01-20 22:00:16 +00:00
Bernardo Damele
1d06c64149
Indentation fix
2011-01-20 21:56:38 +00:00
Bernardo Damele
aa8a20d241
Minor bug fix for a traceback
2011-01-20 21:50:21 +00:00
Miroslav Stampar
44504746cf
minor update
2011-01-15 13:43:08 +00:00
Miroslav Stampar
6942c9a001
same thing with mysql as in last commit
2011-01-05 14:41:38 +00:00
Miroslav Stampar
a136915ab6
bug fix for postgre's --os-shell (when there was an error in command executed and/or no output chars, garbled output was returned)
2011-01-05 14:36:41 +00:00
Miroslav Stampar
5c6c870db4
removed some problematic user agents (google won't work with them) and added page rank next to tested item in multi target mode
2011-01-02 08:43:38 +00:00
Miroslav Stampar
6b37ddada4
removed some blank trailing spaces (with extra/shutils/blanks.sh)
2010-12-21 10:31:56 +00:00
Miroslav Stampar
b26e09fc71
another minor update
2010-12-09 12:49:29 +00:00
Miroslav Stampar
f712d2477e
removed duplicate entries inside common wordlists (tables & columns) and added a script which does that automatically
2010-12-09 12:41:16 +00:00
Miroslav Stampar
06395b5408
update
2010-12-09 12:03:10 +00:00
Miroslav Stampar
1f8a9fe033
foundations for dictionary attack support combined with the sqlmap's password/hash retrieval functionality (--password switch)
2010-11-20 13:14:13 +00:00
Miroslav Stampar
ef1809464d
bug fix for that BadStatusLine ( http://bugs.python.org/issue8450 )
2010-11-05 11:58:20 +00:00
Miroslav Stampar
effd712ecf
added new directory with shell utils needed here and there for project maintanence
2010-11-03 10:19:31 +00:00
Miroslav Stampar
6adee3792a
removed all trailing spaces from blank lines
2010-11-03 10:08:27 +00:00
Miroslav Stampar
cd0d4135ac
implemented --banner for MaxDB and some minor fixes
2010-11-02 20:51:55 +00:00
Bernardo Damele
963fcb57b6
Minor bug fix
2010-10-29 12:36:37 +00:00
Bernardo Damele
72a901347d
Adjustments
2010-10-29 10:06:28 +00:00
Miroslav Stampar
53e735ea9d
cosmetics
2010-10-29 10:03:44 +00:00
Miroslav Stampar
cc6efc4015
new extra added
2010-10-29 09:59:18 +00:00
Bernardo Damele
2b2634e92c
As fcntl is only supported on Posix systems (no Windows) we need to check for the OS beforehand.
...
Added proper check for impacket library too.
2010-10-29 09:50:41 +00:00
Miroslav Stampar
1f5224f1ac
update
2010-10-28 23:13:30 +00:00
Bernardo Damele
4f8e9da1b6
Minor bug fix to properly delete sqlmap temporary files on the database server file system at shutdown.
...
Minor improvements at ICMPsh tunnel to cleanup properly the dbms at shutdown and avoid checking/writing sys_bineval() UDF as it's a PE and needs to be called by sys_exec() only.
Got rid of useless doubleslash param in delRemoteFile() method.
Major code refactoring to xp_cmdshell.py methods and parent calls.
2010-10-28 00:19:40 +00:00
Bernardo Damele
56c16cb471
Minor bug fixes and enhancements to ICMPsh tunnel
2010-10-27 23:01:17 +00:00
Bernardo Damele
26cf6c2136
Adjusted impacket import check
2010-10-27 21:10:56 +00:00
Bernardo Damele
1870e17e5d
Written from scratch in Python the icmpsh master
2010-10-27 20:54:46 +00:00
Bernardo Damele
6075752c47
Added icmpsh from Nico Leidecker for future enhancement to --os-cmd and --os-pwn to make the user able to choose between TCP (Metasploit payloads) and ICMP (icmpsh software).
2010-10-27 14:36:45 +00:00
Miroslav Stampar
c5fb4edf3e
update of THANKS
2010-10-23 09:25:34 +00:00
Miroslav Stampar
2de3081b50
minor update
2010-10-21 23:03:42 +00:00
Miroslav Stampar
bc79eec702
removed queriesfile.py, implemented XMLObject approach (still shell.py and udf.py TODO)
2010-10-21 13:13:12 +00:00
Miroslav Stampar
73ececd903
added that "default" "Connection: keep-alive" header
2010-10-17 06:44:54 +00:00
Miroslav Stampar
5c3d21065a
bug fix (reported by nightman)
2010-10-16 21:29:35 +00:00
Miroslav Stampar
4f7f20b94f
sorry, cosmetics
2010-10-14 23:18:29 +00:00
Miroslav Stampar
8b48833136
large commit with copyright header modifications
2010-10-14 14:41:14 +00:00
Miroslav Stampar
dc50543ea4
major bug fix for --keep-alive option in multithreading mode (that 'shitty' _headers = {} made a one shared object for all connection objects)
2010-10-13 23:01:23 +00:00
Miroslav Stampar
6dcd05c39c
minor update
2010-10-11 14:38:04 +00:00
Miroslav Stampar
8fcad29bbf
new feature --forms (still unfinished)
2010-10-10 18:56:43 +00:00
Miroslav Stampar
1e9ae40397
major refactoring
2010-10-07 12:12:26 +00:00
Miroslav Stampar
4edf6ebe00
update for smoke tests
2010-08-20 21:01:51 +00:00
Miroslav Stampar
092829c189
implemented basic smoke testing mechanism
2010-07-30 12:49:25 +00:00
Miroslav Stampar
f033943815
new file added
2010-07-30 11:47:32 +00:00
Bernardo Damele
fa1357b40f
Alignment of UDF source code
2010-07-01 15:44:47 +00:00
Miroslav Stampar
6f03a9ab5c
update
2010-06-11 08:46:40 +00:00
Bernardo Damele
2835ad667e
Minor exception adjustment
2010-06-10 21:11:14 +00:00
Miroslav Stampar
0e1bbf6375
patching and patching and patching
2010-06-10 17:05:13 +00:00