Miroslav Stampar
c293a6a25a
Fixes #2229 and #2230
2016-10-15 09:53:12 +02:00
Miroslav Stampar
b1175017f9
Minor update regarding to the last commit
2016-10-15 00:54:32 +02:00
Miroslav Stampar
75c9f91f11
Fixes #2226
2016-10-15 00:51:35 +02:00
Miroslav Stampar
9ff2dcf1c1
Fixes #2228
2016-10-15 00:16:53 +02:00
Miroslav Stampar
6c4e9ae427
Updating SocksiPy to PySocks (updated fork)
2016-10-14 23:16:26 +02:00
Miroslav Stampar
748e94dcee
Minor update for #2224
2016-10-13 23:25:46 +02:00
Miroslav Stampar
f389bd71c0
Implementation for an Issue #2224
2016-10-13 23:17:54 +02:00
Miroslav Stampar
1126ff86ce
Fixes #2223
2016-10-13 23:07:11 +02:00
Miroslav Stampar
79377fedab
Minor update
2016-10-13 23:06:04 +02:00
Miroslav Stampar
5d2972f362
Implementation for an Issue #2221
2016-10-11 17:33:36 +02:00
Miroslav Stampar
ae465bbaf8
Minor revert of leftover
2016-10-11 01:09:30 +02:00
Miroslav Stampar
1b95dd2d9d
Fix for a bug reported privately by user (in some cases data has not been retrieved)
2016-10-11 01:07:31 +02:00
Miroslav Stampar
6130185ac6
Minor consistency update with the wiki
2016-10-11 00:35:39 +02:00
Miroslav Stampar
c92fde120d
Implements #2220
2016-10-10 23:27:41 +02:00
Miroslav Stampar
7eab1bcbf9
Automating even more switch --tor
2016-10-10 14:19:44 +02:00
Miroslav Stampar
4c05307357
Disabling socket pre-connect in case of --tor, --proxy and --proxy-file
2016-10-10 01:57:55 +02:00
Miroslav Stampar
0037c28e9e
Preventing obnoxious 'install git' on MacOS
2016-10-10 01:35:22 +02:00
Miroslav Stampar
2b279233b6
Fixes #2219
2016-10-09 14:19:40 +02:00
Miroslav Stampar
b51b80b174
Fix for a privately reported bug
2016-10-08 21:11:43 +02:00
Miroslav Stampar
e4b0ac9ae5
Minor update of common user columns
2016-10-07 14:48:05 +02:00
Miroslav Stampar
7f416846b7
Minor revisit of MsSQL error-based payloads
2016-10-06 23:50:32 +02:00
Miroslav Stampar
5b7254af96
Minor patch
2016-10-06 22:27:29 +02:00
Miroslav Stampar
c83d417298
Fixes #2212
2016-10-05 23:02:20 +02:00
Miroslav Stampar
b42dc6e7a5
Update of Oracle and PostgreSQL system databases/schemas
2016-10-05 17:58:35 +02:00
Miroslav Stampar
8124fe391d
Bug fix for using --search in combination with -D CD
2016-10-05 17:43:57 +02:00
Miroslav Stampar
833ca4b640
Minor refactoring
2016-10-05 17:41:02 +02:00
Miroslav Stampar
3b244858f8
Adding performance_schema as one more of MySQL's system database
2016-10-05 17:33:24 +02:00
Miroslav Stampar
6107696e25
Minor patch (--help should display basic help)
2016-10-05 17:01:58 +02:00
Miroslav Stampar
af1c9c7fb2
Related to the last commit
2016-10-04 23:48:09 +02:00
Miroslav Stampar
06b54ab134
Better choice of used table (INFORMATION_SCHEMA.CHARACTER_SETS can also be found in MsSQL and PgSQL; mysql.db can have permission problems)
2016-10-04 23:43:00 +02:00
Miroslav Stampar
fee5c7bd7c
Adding two new payloads and minor cosmetics
2016-10-04 23:39:18 +02:00
Miroslav Stampar
fb8afc6add
Adding a new payload (Oracle boolean based on error response)
2016-10-04 22:12:00 +02:00
Miroslav Stampar
6c372a09bd
Minor update
2016-10-04 11:55:16 +02:00
Miroslav Stampar
171cf6f54d
Minor fine tuning for SQLi heuristic check
2016-10-04 11:32:06 +02:00
Miroslav Stampar
029bb5554d
Minor cleanup of user-agents
2016-10-04 10:48:10 +02:00
Miroslav Stampar
c69cb79d66
Fixes #2208
2016-10-04 10:39:28 +02:00
Miroslav Stampar
dc8301689e
Implementation for an Issue #2204
2016-10-02 11:13:40 +02:00
Miroslav Stampar
d1680b04f3
Minor code consistency update
2016-09-29 21:26:47 +02:00
Miroslav Stampar
b3b49b3492
Minor patch for --parse-errors
2016-09-29 18:07:00 +02:00
Miroslav Stampar
7a89433251
Minor patch
2016-09-29 18:02:20 +02:00
Miroslav Stampar
ced6711128
Playing a bit with logo
2016-09-29 15:59:28 +02:00
Miroslav Stampar
bdf76f8d4d
Revisiting user-agents (newer versions of mainstream browsers)
2016-09-29 15:21:32 +02:00
Miroslav Stampar
571ae174bd
Minor language update
2016-09-29 14:55:43 +02:00
Miroslav Stampar
332726356c
Minor language update
2016-09-29 14:03:46 +02:00
Miroslav Stampar
4ea9d3b884
Replacing generic concatenation || with CONCAT (far better choice)
2016-09-29 13:35:16 +02:00
Miroslav Stampar
3409953538
Revisiting default level 1 payloads (MySQL stacked queries are as frequent as double rainbows)
2016-09-29 12:59:51 +02:00
Miroslav Stampar
3b3ab072e6
Adding short option(s) for setting verbosity (e.g. -vvv)
2016-09-29 11:19:25 +02:00
Miroslav Stampar
fef407e09c
Making HTTP requests up to 20% smaller (fine tuning the request headers)
2016-09-29 10:44:00 +02:00
Miroslav Stampar
5afccce3c6
Minor patch
2016-09-28 16:56:47 +02:00
Miroslav Stampar
e439095593
Bug fix for MySQL's --os-pwn
2016-09-28 15:39:34 +02:00
Miroslav Stampar
e77126e847
Removing obsolete functionality
2016-09-28 15:00:26 +02:00
Miroslav Stampar
3ef01f0e31
Minor update
2016-09-28 14:48:33 +02:00
Miroslav Stampar
d36b5c0a4b
Adding time-based blind (heavy query) payloads for Informix (Issue #552 )
2016-09-28 10:30:09 +02:00
Miroslav Stampar
e5a758bdf4
Fixes #2192
2016-09-28 09:55:14 +02:00
Miroslav Stampar
617509869d
Minor patch for Informix --parse-errors
2016-09-27 14:58:10 +02:00
Miroslav Stampar
5079c42788
Adding Informix parameter replacement payloads (Issue #552 )
2016-09-27 14:39:17 +02:00
Miroslav Stampar
bc7ab01066
Bug fix for generic parameter replacement (CASE)
2016-09-27 14:29:18 +02:00
Miroslav Stampar
212c1ec1f2
Couple of fixes and some testing stuff
2016-09-27 14:03:59 +02:00
Miroslav Stampar
381deb68ff
Implementation for an Issue #2137
2016-09-27 13:26:11 +02:00
Miroslav Stampar
ba0facb5eb
Removal of unused imports
2016-09-27 11:23:31 +02:00
Miroslav Stampar
7151df16f6
Adding extra validation step in case of boolean-based blind (e.g. if unexpected 500 occurs)
2016-09-27 11:21:12 +02:00
Miroslav Stampar
8994bf2dba
Further dealing with time-based SQLi (Issue #1973 )
2016-09-27 10:32:22 +02:00
Miroslav Stampar
09617c8243
Introducing extra validation property in case of time-based SQLi (HTTP code) - Issue #1973
2016-09-27 10:20:36 +02:00
Miroslav Stampar
556b4d289e
Minor cosmetic patch (removing multiple same content '...appears...' messages)
2016-09-26 17:02:40 +02:00
Miroslav Stampar
978f56ad10
One more commit for #552 (--passwords)
2016-09-26 16:38:03 +02:00
Miroslav Stampar
aa0b97b562
Support for Informix --roles/--privileges (Issue #552 )
2016-09-26 14:20:04 +02:00
Miroslav Stampar
df645d7d3d
Update for column types (Issue #552 )
2016-09-23 18:03:31 +02:00
Miroslav Stampar
035137ef4e
Bug fix in detection engine (abstract URI header sometimes caused problems - e.g. when automatic --string used)
2016-09-23 17:38:14 +02:00
Miroslav Stampar
484d9a4825
Implementation of --dump for Informix (Issue #552 )
2016-09-23 17:21:48 +02:00
Miroslav Stampar
65c305cff0
Fixes #2174
2016-09-23 15:41:12 +02:00
Miroslav Stampar
9a5fc5ccf4
New auxiliary (extra) file (for administration purposes)
2016-09-23 13:57:18 +02:00
Miroslav Stampar
51a1973224
Stripping PostgreSQL .so files for size issues (Issue #2173 )
2016-09-23 13:52:57 +02:00
Miroslav Stampar
2f2a63334a
Minor cleanup
2016-09-23 13:39:27 +02:00
Miroslav Stampar
23afeb4c7a
Fixes #2176
2016-09-23 13:37:44 +02:00
Miroslav Stampar
b387fb219d
Fixes #2175
2016-09-23 12:45:06 +02:00
Miroslav Stampar
1b48ff223d
Adding initial support for Informix (Issue #552 )
2016-09-23 12:33:27 +02:00
Miroslav Stampar
640e605412
More CTF friendly (common column and table name flag :)
2016-09-23 12:31:28 +02:00
Miroslav Stampar
e10bb42597
Minor tweak
2016-09-22 10:22:48 +02:00
Miroslav Stampar
9902018cab
Implementation for an Issue #2172
2016-09-21 15:45:55 +02:00
Miroslav Stampar
56a918c408
Minor refactoring
2016-09-20 10:03:00 +02:00
Miroslav Stampar
bcd62ecc5b
Minor optimization (avoiding unnecessary deepcopies)
2016-09-20 09:56:08 +02:00
Miroslav Stampar
e519484230
Patching live-testing
2016-09-19 15:51:28 +02:00
Miroslav Stampar
a2c8f1deb1
Update PgSQL fingerprinting payloads
2016-09-19 14:23:51 +02:00
Miroslav Stampar
12dc53f687
Minor update
2016-09-19 13:54:06 +02:00
Miroslav Stampar
b3b5bd267d
Adding new tamper script (on request from @MilanGabor)
2016-09-15 17:59:01 +02:00
Miroslav Stampar
921a53e314
Patch for counter in --smoke-test
2016-09-09 14:59:22 +02:00
Miroslav Stampar
32dd4a938c
Minor patch of message
2016-09-09 11:37:16 +02:00
Miroslav Stampar
9930f1b55b
Speed optimization(s)
2016-09-09 11:06:38 +02:00
Miroslav Stampar
8581d9e2ca
Minor improvement of SELECT_FROM_TABLE_REGEX
2016-09-09 09:45:48 +02:00
Miroslav Stampar
1a613ed9a8
Minor update
2016-09-08 14:08:14 +02:00
Miroslav Stampar
78e398d9c4
Fixes #2136
2016-09-06 15:03:17 +02:00
Miroslav Stampar
e3c3c2c185
Fixes #2148
2016-09-06 14:25:29 +02:00
Miroslav Stampar
4e36bbaff9
Update related to the last commit
2016-09-04 03:09:28 +02:00
Miroslav Stampar
603e9739ae
Fixes #2146
2016-09-04 01:33:52 +02:00
Miroslav Stampar
6b91b7b7fa
Minor cosmetics
2016-09-02 16:10:11 +02:00
Miroslav Stampar
2e62fda57d
Minor update
2016-09-02 15:55:33 +02:00
Miroslav Stampar
5ad27264a2
Patches #2143
2016-09-02 15:52:07 +02:00
Miroslav Stampar
c4d8cab50c
Version string bug fix
2016-09-02 14:25:56 +02:00
Miroslav Stampar
577e346774
Fixes #2144
2016-09-02 14:20:17 +02:00
Miroslav Stampar
375abd50ee
Minor update for #2134
2016-08-30 12:36:32 +02:00
Miroslav Stampar
4a815ab56f
Patch for an Issue #1250
2016-08-27 23:54:09 +02:00
Miroslav Stampar
6564adc984
Minor patch for buffered write into checksum.md5
2016-08-27 23:34:12 +02:00
Miroslav Stampar
ad5b8017f5
Minor refactoring
2016-08-26 12:28:35 +02:00
Miroslav Stampar
72e5a79288
Fixes #2106
2016-08-19 11:07:42 +02:00
Miroslav Stampar
63f4b3462f
Fixes #2105
2016-08-15 18:35:04 +02:00
Miroslav Stampar
a45a90df94
Adding new WAF script (Yunsuo)
2016-08-12 14:32:03 +02:00
Miroslav Stampar
ec1ac81e0a
Minor refactoring
2016-08-08 16:08:16 +02:00
Miroslav Stampar
6ba46bf7cf
Update for #2086 (lowercasing only the command)
2016-08-08 15:55:39 +02:00
Miroslav Stampar
b92fc840fe
Adding pypi script to the repository
2016-08-02 13:21:05 +02:00
Miroslav Stampar
ef79bbf7d2
Minor patch
2016-08-02 12:38:57 +02:00
Miroslav Stampar
fba1199cd2
Minor consistency update
2016-08-02 12:05:39 +02:00
Miroslav Stampar
4022a68523
Removing last debug commit
2016-08-02 12:01:49 +02:00
Miroslav Stampar
67bc3ed359
Trying out the last commit
2016-08-02 12:01:02 +02:00
Miroslav Stampar
a0ddd99087
Minor update for automatic PyPI packaging
2016-08-02 12:00:21 +02:00
Miroslav Stampar
2a7ef58c9f
Minor refactoring
2016-08-02 11:55:11 +02:00
Miroslav Stampar
35010006a1
Some cosmetic changes
2016-08-02 11:50:42 +02:00
Miroslav Stampar
acfe788c95
Preparing for #1250
2016-08-02 00:17:59 +02:00
Miroslav Stampar
5ccb73a1ee
Minor patch for Python3 check
2016-07-29 15:30:59 +02:00
Miroslav Stampar
6ac5b6b759
Minor refactoring
2016-07-28 17:04:15 +02:00
Miroslav Stampar
d82f20abc4
Fixes #2068
2016-07-28 17:02:27 +02:00
Miroslav Stampar
10eafa35fd
Adding CloudFlare CAPTCHA warning
2016-07-23 23:02:15 +02:00
Miroslav Stampar
9105f259cd
Fixes #2060 (ParseError has been added in Python 2.7)
2016-07-23 15:27:25 +02:00
Miroslav Stampar
7cca56edfa
Fixes #2052
2016-07-21 09:38:52 +02:00
Miroslav Stampar
e21d751834
Fixes #2049
2016-07-20 20:04:44 +02:00
Miroslav Stampar
ebb73b71fa
Fixes #2045
2016-07-20 16:49:27 +02:00
Miroslav Stampar
1ca633ae64
Fixes #2031
2016-07-17 23:30:40 +02:00
Miroslav Stampar
3e22cbfed7
Minor update
2016-07-17 00:34:14 +02:00
Miroslav Stampar
c7f615f707
Renaming payload files (consistency with the rest of the project)
2016-07-17 00:21:16 +02:00
Miroslav Stampar
b83ee92cd1
Minor modification
2016-07-17 00:09:09 +02:00
Miroslav Stampar
571d669a09
Minor modification
2016-07-17 00:07:58 +02:00
Miroslav Stampar
e485531b71
Adding integrity checks in case of unhandled exceptions
2016-07-17 00:04:30 +02:00
Miroslav Stampar
7427b554e3
Adding support for integrity checks
2016-07-16 23:25:13 +02:00
Miroslav Stampar
1a818ceccd
Adding error message regarding #2030
2016-07-16 22:47:16 +02:00
Miroslav Stampar
7fea8d608e
Fixes #2028
2016-07-16 22:42:15 +02:00
Miroslav Stampar
1e6191e3b1
Fixes #2026
2016-07-16 15:51:09 +02:00
Miroslav Stampar
c10b2825d7
Patch for --os-shell against Windows/MySQL where resulting \r caused trouble
2016-07-15 11:56:51 +02:00
Miroslav Stampar
c200b2cb19
Another fix (related to the last commit)
2016-07-15 11:45:59 +02:00
Miroslav Stampar
071f4c8a2b
Bug fix (reported privately) - better parsing of file paths (especially for Windows cases)
2016-07-15 11:13:47 +02:00
Miroslav Stampar
5097a2c79e
Less timeout error messages (because of server dropping of non-active connections)
2016-07-15 00:33:33 +02:00
Miroslav Stampar
bce9db1af5
Adding support for --columns too (Issue #2025 )
2016-07-15 00:10:41 +02:00
Miroslav Stampar
ca67456dbe
Removing a debugging leftover (Issue #2025 )
2016-07-14 23:39:44 +02:00
Miroslav Stampar
6df4d73b09
Implementation for an Issue #2025
2016-07-14 23:18:28 +02:00
Miroslav Stampar
2aaa486f7a
Minor code style update
2016-07-13 14:09:33 +02:00
Miroslav Stampar
47ba7d4705
Minor update
2016-07-07 10:37:00 +02:00
Miroslav Stampar
2e42afea6f
Update of sucury WAF script
2016-07-06 23:43:21 +02:00
Miroslav Stampar
292a28131d
Minor updates
2016-07-06 23:43:10 +02:00
Miroslav Stampar
2e775fbb75
(e.g.) ASPx MsSQL Chinese exception messages don't start with 'Exception: string'
2016-07-06 14:06:18 +02:00
Miroslav Stampar
e1d7641b8a
Good for different generic OleDB-alike connectors
2016-07-06 13:48:35 +02:00
Miroslav Stampar
6b0951d1ee
Switching default Tor type to SOCKS5 (various bundles are discontinued)
2016-07-06 13:30:46 +02:00
Miroslav Stampar
db1fc621b5
Update for SonicWALL WAF script; lesser false positives with ModSecurity WAF script
2016-07-06 13:19:51 +02:00
Miroslav Stampar
9351756c36
Minor update of format exception strings
2016-07-05 16:02:34 +02:00
Miroslav Stampar
63b645c64c
Removing a debugging leftover
2016-07-05 09:32:30 +02:00
Miroslav Stampar
7ad49f4185
Less problematic regexes for MsSQL errors
2016-07-05 09:32:08 +02:00
Miroslav Stampar
d9315830f9
Less problematic regex for MsSQL errors
2016-07-05 09:20:04 +02:00
Miroslav Stampar
2e2c62b6a7
More error regexes
2016-07-04 17:24:17 +02:00
Miroslav Stampar
53289b0234
Some more Informix error regexes
2016-07-04 10:03:36 +02:00
Miroslav Stampar
dd082ef79d
Minor update (new error regex for Informix)
2016-07-04 09:49:18 +02:00
Miroslav Stampar
2c968f9a35
Closes #2007
2016-07-04 09:12:30 +02:00
Miroslav Stampar
74d0315fef
Update related to the last commit
2016-07-03 02:14:23 +02:00
Miroslav Stampar
ae98159130
Automatic monthly tagging
2016-07-03 02:03:30 +02:00
Miroslav Stampar
3a9e36c52b
Reintroducing stacked queries removed in 79d08906a4
(good for WAF bypass)
2016-07-03 02:03:30 +02:00
Miroslav Stampar
cb43c03712
Definite patch for MemoryError(s) ( fixes #1991 )
2016-06-30 14:57:56 +02:00
Miroslav Stampar
65a0f15f69
Minor update (error regex for PHP's sqlsrv module)
2016-06-28 15:13:37 +02:00
Miroslav Stampar
98b77d32cc
Minor update
2016-06-27 11:16:41 +02:00
Miroslav Stampar
86a3569ccb
New WAF script (SonicWALL)
2016-06-26 16:42:05 +02:00
Miroslav Stampar
17fca351d3
Minor update
2016-06-26 16:26:13 +02:00
Miroslav Stampar
2614e7bec1
Minor update
2016-06-26 16:23:39 +02:00
Miroslav Stampar
832c6e806f
Revert of last commit
2016-06-26 15:59:35 +02:00
Miroslav Stampar
7b334b0808
'Conversion failed' happens in regular SQLi on MsSQL
2016-06-26 15:57:11 +02:00
Miroslav Stampar
aa9151785e
Minor update
2016-06-26 15:37:30 +02:00
Miroslav Stampar
6bdef1b7da
Minor update
2016-06-26 01:46:49 +02:00
Miroslav Stampar
8b4367d354
Revert of last commit
2016-06-26 01:42:21 +02:00
Miroslav Stampar
0a9d69a7d0
Minor patch
2016-06-26 01:10:47 +02:00
Miroslav Stampar
a4b60dc00f
New error regex for MsSQL
2016-06-26 00:40:54 +02:00
Miroslav Stampar
f91ae32284
Minor update (to not confuse S3 vs Cloudfront)
2016-06-24 13:39:13 +02:00
Miroslav Stampar
53fc9d6720
Fixes #1990
2016-06-24 13:31:19 +02:00
Miroslav Stampar
0b31568306
Minor update
2016-06-24 13:28:08 +02:00
Miroslav Stampar
e9407cf791
Cleaning some garbage boundaries (it doesn't make any sense to use %00 as prefix)
2016-06-23 22:57:59 +02:00
Miroslav Stampar
0175acd028
Bug fix (in some cases lack of warning message for SQLi appearing)
2016-06-23 17:52:37 +02:00
Miroslav Stampar
733a32de32
Minor patch
2016-06-23 12:09:51 +02:00
Miroslav Stampar
1b863ecf93
Far better detection of SecureIIS (WAF)
2016-06-23 12:03:05 +02:00
Miroslav Stampar
ec06037335
Update of bigip waf script
2016-06-23 11:41:49 +02:00
Miroslav Stampar
0cdb62a1b5
Adding new waf script (armor)
2016-06-23 11:15:31 +02:00
Miroslav Stampar
99454198b8
Minor refactoring
2016-06-20 10:01:57 +02:00
Miroslav Stampar
dd6287ace8
Fixes #1972
2016-06-20 09:59:50 +02:00
Miroslav Stampar
786460e3b4
Minor just in case patch
2016-06-19 17:44:47 +02:00
Miroslav Stampar
419cf979f1
Showing again the 'shutting down at ...' message
2016-06-19 17:17:01 +02:00
Miroslav Stampar
30be875304
Patch for an Issue #1968
2016-06-18 01:21:57 +02:00
Miroslav Stampar
7d011bc811
Fixes #1964
2016-06-17 17:07:44 +02:00
Miroslav Stampar
b2c4a3b247
Fixes #1960
2016-06-17 16:54:23 +02:00
Miroslav Stampar
9d9592a69b
Fixes #1963
2016-06-17 16:51:23 +02:00
Miroslav Stampar
cb42294a7e
Minor message update
2016-06-15 07:57:10 +02:00
Miroslav Stampar
146762c109
Minor update
2016-06-15 07:54:47 +02:00
Miroslav Stampar
494b9d1586
Fixes #1943
2016-06-13 15:30:38 +02:00
Miroslav Stampar
2e95fdb52d
Fixes #1947
2016-06-13 14:50:44 +02:00
Miroslav Stampar
46736cac7b
Fixes #1931
2016-06-10 18:41:41 +02:00
Miroslav Stampar
041213f22d
Fixes #1935
2016-06-10 18:18:48 +02:00
Miroslav Stampar
8ca45c5678
Fixes #1936
2016-06-10 18:02:24 +02:00
Miroslav Stampar
c6eec8db97
Fixes #1938
2016-06-10 17:52:22 +02:00
Miroslav Stampar
98fdc493f4
Proper patch for #1923 ( Fixes #1940 , #1941 )
2016-06-10 17:42:11 +02:00
Miroslav Stampar
91372bff87
Fixes #1932
2016-06-08 08:20:54 +02:00
Miroslav Stampar
7fb9db42a7
Performing a backup of old dump file (Issue #841 )
2016-06-05 12:37:19 +02:00
Miroslav Stampar
82382957f9
Minor refactoring
2016-06-05 12:25:42 +02:00
Miroslav Stampar
f034122bd0
Fixes #1920
2016-06-05 12:14:01 +02:00
Miroslav Stampar
0df2456f34
Fixes #1923
2016-06-03 16:06:29 +02:00
Miroslav Stampar
78fdb27a0b
More improvements
2016-06-03 15:51:52 +02:00
Miroslav Stampar
350baf0a0a
Minor update
2016-06-03 14:29:32 +02:00
Miroslav Stampar
9886b646eb
Proper update regarding the last commit
2016-06-03 14:18:28 +02:00
Miroslav Stampar
c5197b99a0
Minor patch and minor improvement
2016-06-03 13:59:32 +02:00
Miroslav Stampar
cc313280af
Payload that never ever worked (now fixed)
2016-06-03 13:16:00 +02:00
Miroslav Stampar
f06ff42c58
This never worked. Not sure who incorporated it (WAITFOR DELAY can't go to SELECT/CASE)
2016-06-03 10:42:57 +02:00
Miroslav Stampar
4bc1cf4518
Vastly better patch for MsSQL payloads
2016-06-03 10:29:04 +02:00
Miroslav Stampar
0e65043c84
Minor adjustment
2016-06-03 09:48:49 +02:00
Miroslav Stampar
d7d565415a
Patch for MySQL fingerprinting
2016-06-03 02:31:31 +02:00
Miroslav Stampar
0986ec8948
Update for Oracle fingerprinting
2016-06-03 02:27:59 +02:00
Miroslav Stampar
50bced511f
Adding support for fingerprinting MsSQL 2014 and 2016
2016-06-03 02:24:19 +02:00
Miroslav Stampar
e275e8c0b0
Fixes #1921
2016-06-03 02:02:11 +02:00
Miroslav Stampar
77dea38ac1
Fixes #1918
2016-06-03 00:37:18 +02:00
Miroslav Stampar
7dc2ec5fd8
Minor touch
2016-06-01 20:42:09 +02:00
Miroslav Stampar
4bf2e3b139
Minor update
2016-06-01 20:37:05 +02:00
Miroslav Stampar
8114c14755
Removing leftover
2016-06-01 16:32:22 +02:00
Miroslav Stampar
ec8cf6aadc
Adding support for detecting CAPTCHA
2016-06-01 15:48:04 +02:00
Miroslav Stampar
d326965966
Reordering MySQL's error-based payloads (BIGINT and EXP have crazy bigger chunk lenghts)
2016-06-01 14:12:22 +02:00
Miroslav Stampar
030df0353d
Removing ugly legacy code (e.g. showing MySQL 5.0 when it is e.g. '5.7.8')
2016-06-01 13:47:20 +02:00
Miroslav Stampar
5038d7a70a
Removing ugly boolean check results (0 or 1) in output of UNION and ERROR SQLi
2016-06-01 13:39:40 +02:00
Miroslav Stampar
f0b8fbb7fd
Implemented support for JSON_KEYS error-based SQLi (and tons of fixes for MySQL 'ORDER BY,GROUP BY' payloads)
2016-06-01 13:23:41 +02:00
Miroslav Stampar
5810c2b199
Minor patch
2016-06-01 11:30:27 +02:00
Miroslav Stampar
77f0b5dfa8
Fixes #1919
2016-06-01 10:56:42 +02:00
Miroslav Stampar
b0ea74dc63
Minor warning message update
2016-06-01 10:53:32 +02:00
Miroslav Stampar
0c07c8942c
Automatic monthly tagging
2016-06-01 10:44:08 +02:00
Miroslav Stampar
7d1bdb35ca
Update of parsed versions
2016-06-01 10:44:08 +02:00
Miroslav Stampar
e823889819
Update for JSP exceptions
2016-05-31 15:35:10 +02:00
Miroslav Stampar
680aedaefc
Adding option --tmp-dir
2016-05-31 14:55:56 +02:00
Miroslav Stampar
afdca09ced
Minor patches (proper user warnings in case of output directory permissions)
2016-05-31 14:05:35 +02:00
Miroslav Stampar
ac89ee71c3
Minor improvement
2016-05-31 13:29:43 +02:00
Miroslav Stampar
af7c8cff92
Bug fix (previously removing temporary directory even if it is needed afterwards)
2016-05-31 13:21:08 +02:00
Miroslav Stampar
26d4dec5fb
Minor refactoring
2016-05-31 13:02:26 +02:00
Miroslav Stampar
cf31d12528
Adding support for python's cgitb tracebacks
2016-05-31 12:33:56 +02:00
Miroslav Stampar
b4c730f8c0
Minor refactoring
2016-05-31 12:23:59 +02:00
Miroslav Stampar
fba1720b31
Minor patch
2016-05-31 11:16:13 +02:00
Miroslav Stampar
9fad72f28b
Adding support for MsAccess usage of parsed FROM table names (e.g. in case of ColdFusion)
2016-05-31 11:08:23 +02:00
Miroslav Stampar
1782bf8e64
Adding support for parsing ODBC/JDBC error messages
2016-05-31 10:49:34 +02:00
Miroslav Stampar
2d59a10515
Better patch than last commit
2016-05-31 10:25:01 +02:00
Miroslav Stampar
21a25c4f00
Bug for fix comments in case of MsAccess
2016-05-31 10:24:13 +02:00
Miroslav Stampar
6b5c16c22c
Minor update for ColdFusion error messages
2016-05-31 09:54:14 +02:00
Miroslav Stampar
2c6621c26a
Minor upgrade for WAF/IDS/IPS detection
2016-05-31 09:49:50 +02:00
Miroslav Stampar
f0500b1d2f
Minor update for ColdFusion path regexes
2016-05-31 09:35:58 +02:00
Miroslav Stampar
6a033bb58c
Minor update for ColdFusion type casting
2016-05-31 09:31:32 +02:00
Miroslav Stampar
2fa4b22645
Patch for URL encoding cookie values (asking the user to choose)
2016-05-30 17:47:08 +02:00
Miroslav Stampar
229d3a7dd0
Patch for cases when error page looks more like original, than the False one does
2016-05-30 16:46:23 +02:00
Miroslav Stampar
b965e5bf1c
Minor refactoring
2016-05-30 16:06:39 +02:00
Miroslav Stampar
3bd74c5351
Minor patch
2016-05-30 15:20:21 +02:00
Miroslav Stampar
55624ec1a2
Minor message update
2016-05-30 14:40:22 +02:00
Miroslav Stampar
6885afe8c3
Minor update for requestvalidationmode.py waf script
2016-05-30 14:26:55 +02:00
Miroslav Stampar
acc1277246
Minor update
2016-05-30 14:13:57 +02:00
Miroslav Stampar
935cb9c8cb
Patch for a custom header cookie urlencoding
2016-05-30 14:09:53 +02:00
Miroslav Stampar
17a4ddad63
Fixes #1916
2016-05-30 13:10:25 +02:00
Miroslav Stampar
5264671f5b
Dump formatting patch for MsAccess
2016-05-30 12:03:33 +02:00
Miroslav Stampar
b4ebbae354
New payload(s)
2016-05-30 11:25:24 +02:00
Miroslav Stampar
510197c39e
Minor text update
2016-05-30 10:52:30 +02:00
Miroslav Stampar
b6a4bd91fe
Minor text update
2016-05-30 10:51:35 +02:00
Miroslav Stampar
83b82a5e98
Bug fix (wrong handler used in case of DBMS resolution)
2016-05-30 10:32:49 +02:00
Miroslav Stampar
0b1efc0759
Minor update (for newer versions of MsSQL)
2016-05-30 01:38:34 +02:00
Miroslav Stampar
2b506d744d
Minor update
2016-05-30 01:29:40 +02:00
Miroslav Stampar
79d08906a4
Cleaning some redundant payload(s)
2016-05-27 23:59:48 +02:00
Miroslav Stampar
6327063bd0
Minor patch
2016-05-27 16:43:01 +02:00
Miroslav Stampar
69fd900108
Adding waf script for detection of generic/unknown
2016-05-27 16:34:41 +02:00
Miroslav Stampar
f9d01f682b
Cloudflare has tons of HTTP error codes while detecting SQLi
2016-05-27 15:58:16 +02:00
Miroslav Stampar
d7d3db415b
Minor update
2016-05-27 15:32:30 +02:00
Miroslav Stampar
31850e4544
Minor bug fixes
2016-05-27 13:58:18 +02:00
Miroslav Stampar
de9f23939f
Major bug fix in WAF/IDS/IPS detection (question 'do you want..to try to detect backend WAF/IPS/IDS' never worked)
2016-05-27 13:41:03 +02:00
Miroslav Stampar
154ed2c4e2
Minor patch
2016-05-27 13:33:14 +02:00
Miroslav Stampar
89dfe4e1ac
Adding wallarm WAF script (and couple of other WAF script updates)
2016-05-27 11:58:18 +02:00
Miroslav Stampar
b41b07ddd8
Updates for 360 and jiasule WAF scripts
2016-05-27 11:02:05 +02:00
Miroslav Stampar
e36fc02282
Adding sophos WAF script
2016-05-27 10:17:42 +02:00
Miroslav Stampar
49b41c1eca
Minor update for cloudflare waf script
2016-05-27 09:43:54 +02:00
Miroslav Stampar
4cd9fdb7df
Minor update for F5 waf script
2016-05-27 09:27:45 +02:00
Miroslav Stampar
5aab2d8fb5
Update for Akamai Kona WAF script
2016-05-27 09:22:39 +02:00
Miroslav Stampar
210b65c02d
Couple of fixes for --identify-waf
2016-05-27 02:24:59 +02:00
Miroslav Stampar
7a2ac23f0b
Adding new waf script (sitelock)
2016-05-27 02:13:01 +02:00
Miroslav Stampar
e435fb2e9e
Adding new waf script (comodo)
2016-05-27 01:23:20 +02:00
Miroslav Stampar
6892c94595
Minor update
2016-05-27 01:10:37 +02:00
Miroslav Stampar
831c960216
Update for an Issue #1899
2016-05-26 16:47:38 +02:00
Miroslav Stampar
43af2a4aee
Fixes #1899
2016-05-26 16:08:59 +02:00
Miroslav Stampar
1de6996c26
Fixes #1893
2016-05-25 15:43:39 +02:00
Miroslav Stampar
304f2ed308
Minor language patch
2016-05-25 15:32:17 +02:00
Miroslav Stampar
148b35da4f
Better extraction of absolute file paths
2016-05-25 15:29:25 +02:00
Miroslav Stampar
3865b3a398
Minor improvement in case of technique E (when waiting for large entry - lots of chunks)
2016-05-25 12:50:53 +02:00
Miroslav Stampar
d6bcbbae1d
Minor patch for E technique to be more compatible with output of U technique
2016-05-25 12:42:15 +02:00
Miroslav Stampar
04b3aefc5d
Patch for special character output in U and E techniques
2016-05-25 12:24:36 +02:00
Miroslav Stampar
a5f8cae599
Fixes #1892
2016-05-24 17:58:35 +02:00
Miroslav Stampar
29c3037512
Better asciinema recording (shorter width)
2016-05-24 17:26:10 +02:00
Miroslav Stampar
d0d7d3a205
Update of location of a sample run
2016-05-24 17:12:44 +02:00
Miroslav Stampar
7ce36ea1b6
Removal of unused imports
2016-05-24 16:40:44 +02:00
Miroslav Stampar
6f97f4796b
Fixes #1891
2016-05-24 16:34:07 +02:00
Miroslav Stampar
39fe96009f
Minor improvement (related to the last commit)
2016-05-24 16:20:39 +02:00
Miroslav Stampar
b475a38895
Better ORDER BY detection
2016-05-24 15:46:06 +02:00
Miroslav Stampar
42de887b05
Language update
2016-05-24 15:18:19 +02:00
Miroslav Stampar
28576bf08e
Minor output update
2016-05-24 15:08:04 +02:00
Miroslav Stampar
c395958dff
Fixes #1888
2016-05-24 14:55:19 +02:00
Miroslav Stampar
798b539eec
Minor update
2016-05-24 14:50:56 +02:00
Miroslav Stampar
70cf8edc75
Fixes #1887
2016-05-24 14:17:00 +02:00
Miroslav Stampar
a81ea88eb0
Fixes #1889
2016-05-24 13:59:34 +02:00
Miroslav Stampar
023dda26fc
Minor update for --os-shell directories
2016-05-24 12:53:21 +02:00
Miroslav Stampar
3e76895155
Minor update
2016-05-24 12:30:01 +02:00
Miroslav Stampar
2c1bd7f034
Update for an Issue #1531 (MySQL quirk with international letters)
2016-05-24 12:01:02 +02:00
Miroslav Stampar
f7cae68378
More formal language
2016-05-22 21:44:17 +02:00
Miroslav Stampar
f6ff1a115a
Better (automatic) picking of a --string candidate (especially in case of international pages)
2016-05-22 21:29:08 +02:00
Miroslav Stampar
32ee586e2a
Minor language update
2016-05-22 14:30:32 +02:00
Miroslav Stampar
b9e5655e3c
Proper naming
2016-05-22 14:26:36 +02:00
Miroslav Stampar
6623c3f877
Pesky bug fix (nobody noticed :)
2016-05-22 14:22:31 +02:00
Miroslav Stampar
30a4173249
I like users which don't know the difference between detection and identification
2016-05-22 12:40:23 +02:00
Miroslav Stampar
dbbe4c6ddd
Fixes #1884
2016-05-22 11:44:21 +02:00
Miroslav Stampar
633e4dfe48
Fixes #1886
2016-05-22 11:37:27 +02:00
Miroslav Stampar
5e8b105677
Fixes #1880
2016-05-19 19:46:12 +02:00
Miroslav Stampar
414dd96bbd
Minor update (warning on negative integer values provided)
2016-05-19 18:04:25 +02:00
Miroslav Stampar
e857c2a88a
Update for an Issue #1879
2016-05-19 13:50:31 +02:00
Miroslav Stampar
e7aaea2b8e
Update for an Issue #1826
2016-05-17 14:10:49 +02:00
Miroslav Stampar
63d7cd607e
Minor patch (for late threading issues)
2016-05-17 13:54:42 +02:00
Miroslav Stampar
d886b08dd9
Update for an Issue #1826
2016-05-17 13:45:03 +02:00
Miroslav Stampar
72f3185ae7
Fixes #1878
2016-05-17 10:47:17 +02:00
Miroslav Stampar
03be9f9b65
Minor removal of blank lines
2016-05-17 10:43:16 +02:00
Miroslav Stampar
d9d0865c13
Another patch for an Issue #1874
2016-05-16 17:09:05 +02:00
Miroslav Stampar
e3f54bc226
Minor patch for #1874
2016-05-16 16:53:28 +02:00
Miroslav Stampar
9662f4a56a
Minor update
2016-05-16 16:47:29 +02:00
Miroslav Stampar
fea5cc8579
Minor patch
2016-05-16 15:37:49 +02:00
Miroslav Stampar
94091cd0e9
Fixes #1871
2016-05-15 09:37:45 +02:00
Miroslav Stampar
cc9f4b6102
Minor refactoring for MariaDB
2016-05-14 15:05:50 +02:00
Miroslav Stampar
cd7c99c752
Minor revert (it was not necessary - caused other problems)
2016-05-14 14:48:17 +02:00
Miroslav Stampar
75478c1181
Fixes #1868
2016-05-14 14:18:34 +02:00
Miroslav Stampar
ad0ca69579
Fixes #1865
2016-05-13 15:14:56 +02:00
Miroslav Stampar
2d801b7122
Minor patch for an Issue #1861
2016-05-12 17:16:55 +02:00
Miroslav Stampar
1e07269fe3
Patch for an Issue #1860
2016-05-12 16:42:12 +02:00
Miroslav Stampar
3b74e99576
Minor update (support for MariaDB)
2016-05-11 15:47:35 +02:00
Miroslav Stampar
439fff684e
Minor update (MSSQL CONCAT payload)
2016-05-11 09:42:54 +02:00
Miroslav Stampar
72cf06119c
Patch for an Issue #1852
2016-05-10 09:55:03 +02:00
Miroslav Stampar
808068d70a
Minor update
2016-05-10 09:19:59 +02:00
Miroslav Stampar
f09072b2b6
Fixes #1853
2016-05-09 13:13:02 +02:00
Miroslav Stampar
be9381abc5
Implements #1845
2016-05-06 13:06:59 +02:00
Miroslav Stampar
5d09f7b85f
Fixes #1822
2016-05-06 10:32:16 +02:00
Miroslav Stampar
8bbfee7591
Cleaning a leftover from be26392057
2016-05-06 10:30:58 +02:00
Miroslav Stampar
be26392057
Update for an Issue #1846
2016-05-06 10:23:57 +02:00
Miroslav Stampar
263730f4ee
Fixes #1840
2016-05-04 13:23:59 +02:00
Miroslav Stampar
5d7e1782d9
Fixes #1839
2016-05-04 11:14:42 +02:00
Miroslav Stampar
e27f590c2c
Fixes #1838
2016-05-04 11:11:58 +02:00
Miroslav Stampar
7afe655561
Another minor update for #1836
2016-05-03 12:52:46 +02:00
Miroslav Stampar
3bf08290a4
Update for an Issue #1836
2016-05-03 12:37:10 +02:00
Miroslav Stampar
34c2172391
Fixes #1837
2016-05-03 11:38:47 +02:00
Miroslav Stampar
48044f7a46
Minor update of IDS_WAF_CHECK_PAYLOAD
2016-05-03 00:19:19 +02:00
Miroslav Stampar
04e666182f
Minor update of FORMAT_EXCEPTION_STRINGS
2016-05-02 23:44:43 +02:00
Miroslav Stampar
c797129956
Fixes #1833
2016-05-02 11:10:12 +02:00
Miroslav Stampar
6928dae956
Minor patch
2016-05-02 10:45:50 +02:00
Miroslav Stampar
6db3bcbb51
Minor update for UrlScan
2016-05-02 10:12:19 +02:00
Miroslav Stampar
d7f0b3566d
Automatic monthly tagging
2016-05-02 10:06:30 +02:00
Miroslav Stampar
0c67a90cc0
Minor bug fix
2016-05-02 10:06:30 +02:00
Miroslav Stampar
f06e498fb0
Implementation for an Issue #1826
2016-04-29 14:19:32 +02:00
Miroslav Stampar
ad612bf9e4
Patch for Windows banner display
2016-04-29 00:51:20 +02:00
Miroslav Stampar
9dd5cd8eb6
Removing CloudFlare check
2016-04-29 00:17:07 +02:00
Miroslav Stampar
5ed3cdc819
Minor update
2016-04-22 10:54:55 +02:00
Miroslav Stampar
0c5965c7b8
Minor patches
2016-04-19 13:13:37 +02:00
Miroslav Stampar
aa21550712
Minor patch for integer casting heuristics (circumvent auto-casting by DBMS itself)
2016-04-15 13:47:19 +02:00
Miroslav Stampar
66061e8c5f
Fixes #1811
2016-04-15 12:04:54 +02:00
Miroslav Stampar
c4b74c2e01
Fixes #1810
2016-04-12 22:37:14 +02:00
Miroslav Stampar
55b23e78ee
Fixes #1809
2016-04-12 22:10:26 +02:00
Miroslav Stampar
a9526bda92
Minor patch
2016-04-11 22:38:44 +02:00
Miroslav Stampar
0901da3f83
Update for an Issue #1807
2016-04-11 09:43:50 +02:00
Miroslav Stampar
8004652f7b
Some more optimization
2016-04-08 15:30:25 +02:00
Miroslav Stampar
c9b410c97f
Minor update
2016-04-08 14:59:52 +02:00
Miroslav Stampar
814d710320
Minor speed up
2016-04-08 14:41:34 +02:00
Miroslav Stampar
38fcc5a35a
Update for pre-WHERE payloads
2016-04-08 13:19:42 +02:00
Miroslav Stampar
674d516f3e
Minor patch
2016-04-08 11:40:09 +02:00
Miroslav Stampar
8ceb4907a5
Another update for Issue #1800
2016-04-08 11:37:38 +02:00
Miroslav Stampar
ce3749622a
Minor revisit of payload boundaries (Issue #1800 )
2016-04-08 11:28:17 +02:00
Miroslav Stampar
bcfae99701
Adding new WAF script
2016-04-08 10:32:18 +02:00
Miroslav Stampar
44c1c2c6f0
Minor update (reported via email)
2016-04-06 11:43:53 +02:00
Miroslav Stampar
ac08db82b2
Including one more error regex (based on testasp[.]vulnweb[.]com)
2016-04-04 16:14:30 +02:00
Miroslav Stampar
305bfd9d30
Implements #1763
2016-04-04 13:50:10 +02:00
Miroslav Stampar
f9aaec7b4a
Minor patch (binary extensions)
2016-04-04 12:43:53 +02:00
Miroslav Stampar
d881a92ee7
Automatic monthly tagging
2016-04-04 12:38:37 +02:00
Miroslav Stampar
60ada89347
Trying once again
2016-04-04 12:38:37 +02:00
Miroslav Stampar
171bfa33a7
Automatic monthly tagging
2016-04-04 12:34:19 +02:00
Miroslav Stampar
acaef90c7b
Minor tuning of auto tagging
2016-04-04 12:34:19 +02:00
Miroslav Stampar
31d7021d4c
Fixes #1794
2016-04-04 12:25:07 +02:00
Miroslav Stampar
e83d8f6143
Updating colorama (Issue #1784 )
2016-03-30 15:11:34 +02:00
Miroslav Stampar
ad3b766b65
Adding in-table name boundaries
2016-03-26 09:39:28 +01:00
Miroslav Stampar
074fbbcea5
Implementation for an Issue #1776
2016-03-23 15:45:49 +01:00
Miroslav Stampar
5b0d5970cc
Another patch related to the #1773
2016-03-23 10:33:32 +01:00
Miroslav Stampar
6c2f9859be
Potential patch for #1773
2016-03-23 10:26:22 +01:00
Miroslav Stampar
d496d99943
Fixes #1774
2016-03-22 13:24:54 +01:00
Miroslav Stampar
d20e9febf2
Fixes #1770
2016-03-19 17:40:05 +01:00
Miroslav Stampar
d76ee8f534
Further update for #1765
2016-03-17 17:06:11 +01:00
Miroslav Stampar
5b88e3e1ad
Minor update of version comment
2016-03-17 16:38:39 +01:00
Miroslav Stampar
a68848faf7
(Auto) adjusting micro version (to current month)
2016-03-17 16:31:34 +01:00
Miroslav Stampar
a4f21399e7
Fixes #1760
2016-03-17 16:23:28 +01:00
Miroslav Stampar
e03b2df58f
Fixes #1761
2016-03-14 17:21:35 +01:00
Miroslav Stampar
252eb97198
Patch related to the #1755
2016-03-12 19:28:28 +01:00
Miroslav Stampar
67ae620182
Another patch related to the #1752
2016-03-12 15:04:19 +01:00
Miroslav Stampar
13366aeb48
Fixes #1752
2016-03-12 12:26:30 +01:00
Miroslav Stampar
e1ce16144a
Fixes #1753
2016-03-10 15:42:01 +01:00
Miroslav Stampar
3307918389
Fixes #1750
2016-03-10 14:48:05 +01:00
Miroslav Stampar
c50849707f
Fixes #1748
2016-03-08 14:35:16 +01:00
Miroslav Stampar
06296bd251
Fixes #1743
2016-03-06 20:04:45 +01:00
Miroslav Stampar
0f6e529fb9
Fixes #1745
2016-03-06 12:14:20 +01:00
Miroslav Stampar
242800c085
Minor update related to the #1740
2016-03-01 15:40:34 +01:00
Miroslav Stampar
679f0cf772
Fixes #1738
2016-03-01 15:36:00 +01:00
Miroslav Stampar
1b5a4651a9
Trivial refactoring
2016-03-01 14:48:53 +01:00
Miroslav Stampar
05fa7eb7c6
Minor update
2016-03-01 11:56:56 +01:00
Miroslav Stampar
336169e181
Update of version display
2016-02-29 08:12:38 +01:00
Miroslav Stampar
b2bc3d49fd
Minor update
2016-02-29 00:52:46 +01:00
Miroslav Stampar
71aa7deefe
Minor beautification
2016-02-29 00:49:45 +01:00
Miroslav Stampar
cf5ae507c8
Minor update of READMEs
2016-02-29 00:44:08 +01:00
Miroslav Stampar
4898a2c332
Dummy commit
2016-02-29 00:30:37 +01:00
Miroslav Stampar
151dcee32e
Minor update
2016-02-29 00:23:59 +01:00
Miroslav Stampar
73f1155847
Adding new shutils file
2016-02-29 00:20:58 +01:00
Miroslav Stampar
adfcb1ad67
Adjusting version number
2016-02-27 15:59:52 +01:00
Miroslav Stampar
ee0439cf11
Update for #1678
2016-01-27 10:03:30 +01:00
Miroslav Stampar
c6c5a937f9
Minor style update
2016-01-21 10:17:17 +01:00
Miroslav Stampar
574b3a79aa
Adding support for detection of CloudFlare responses
2016-01-21 10:16:23 +01:00
Miroslav Stampar
8d42a93fdc
Fixes #1665
2016-01-16 08:13:56 +01:00
Miroslav Stampar
59695af101
Minor improvement of heuristic checks
2016-01-14 22:21:47 +01:00
Miroslav Stampar
4c1fc095d8
Adding heuristic check for FI vulnerability
2016-01-14 09:59:13 +01:00
Miroslav Stampar
6b40e0aa8c
Minor style update (nongit-version)
2016-01-10 02:08:23 +01:00
Miroslav Stampar
5908964db4
Another (better) patch for #1636
2016-01-09 17:32:19 +01:00
Miroslav Stampar
d0d676ccce
Update of copyright string
2016-01-06 00:06:12 +01:00
Miroslav Stampar
dc7f2a71d2
Minor refactoring
2015-12-12 23:48:30 +01:00
Miroslav Stampar
663c976a3b
Fixes #1600
2015-12-09 19:53:48 +01:00
Miroslav Stampar
1c5c937507
Minor update
2015-12-09 10:14:13 +01:00
Miroslav Stampar
5020269f50
Adding extra mark into non-git checkouts
2015-11-24 09:38:28 +01:00
Miroslav Stampar
527dcce08d
Better alternative (on Linux getctime() is the time of the last metadata change)
2015-11-24 09:25:11 +01:00
Miroslav Stampar
19f6eb234b
Revert of #58e049a60d250b881af60091215c75daa3f5c01a (I can imagine couple of things that could go wrong)
2015-11-17 08:52:24 +01:00
Miroslav Stampar
58e049a60d
More generic approach for number of pre-open sockets (Issue #1540 )
2015-11-17 02:45:27 +01:00
Miroslav Stampar
41b8dfab86
Implementation for an Issue #1540
2015-11-16 23:46:10 +01:00
Miroslav Stampar
4335ae8330
Patching previous commit
2015-11-16 16:59:54 +01:00
Miroslav Stampar
94639d11a3
Another update related to the #1539
2015-11-16 15:33:05 +01:00
Miroslav Stampar
5593bf2fee
Another patch related to #1539 (simplifying unicode bad chars and preventing double encoding of safe chars)
2015-11-16 15:02:30 +01:00
Miroslav Stampar
42649005c2
Lots of fixes and refactoring in search department
2015-11-08 16:37:46 +01:00
Miroslav Stampar
fbec463b49
Adding new bold patterns
2015-10-22 15:44:08 +02:00
Miroslav Stampar
80aca35dd1
Removing #1450
2015-10-13 15:00:59 +02:00
Miroslav Stampar
9641e84dd9
Bug fixes for HSQLDB
2015-10-09 16:52:13 +02:00
Miroslav Stampar
551b7e4b45
Patch for an Issue #1450
2015-10-06 13:23:01 +02:00
Miroslav Stampar
56f0b811a6
Minor patch
2015-09-21 13:23:56 +02:00
Miroslav Stampar
265a78b455
Fixes #1379
2015-08-31 14:27:47 +02:00
Miroslav Stampar
d70215ad6c
Fixes #1237
2015-08-31 10:24:05 +02:00
Miroslav Stampar
a33b0454cd
Implementation for an Issue #1360
2015-08-26 15:26:16 +02:00
Miroslav Stampar
b010fda695
Switch --save becomes an option (taking file path where to save config file)
2015-08-14 22:49:32 +02:00
Miroslav Stampar
2c1cde0f59
Minor fix (reported over ML - ignore saving of conf.saveCmdline)
2015-08-13 17:21:36 +02:00
Miroslav Stampar
b6ea2fdb07
Fixes #1170
2015-07-24 14:56:45 +02:00
Miroslav Stampar
16f8e4c8ba
Removing unused imports
2015-07-12 12:25:02 +02:00
Miroslav Stampar
a20da7a677
Patch for automatic reporting (GitHub has robots)
2015-07-12 12:05:19 +02:00
Miroslav Stampar
fa303ef8b1
Minor update
2015-07-10 16:39:18 +02:00
Miroslav Stampar
9e5ef094a3
Closes #1270
2015-06-16 22:20:21 +02:00
Miroslav Stampar
5ee7fd785a
Fixes #1235
2015-05-01 00:48:08 +02:00
Miroslav Stampar
5dfd3ef1e4
Another update
2015-03-26 12:25:32 +01:00
Miroslav Stampar
3be7a447a5
Update
2015-03-26 12:22:49 +01:00
Miroslav Stampar
e35c7fbb7a
Fixes #1172
2015-02-22 13:41:54 +01:00
Bernardo Damele
388c0dfd77
trivial layout fix
2015-02-21 12:57:49 +00:00
Miroslav Stampar
fd632e5ada
Update for unhandled exception mechanism (BADA)
2015-01-26 09:09:38 +01:00
Miroslav Stampar
2655b078d0
Patch for an Issue #1127
2015-01-22 08:52:15 +01:00
Miroslav Stampar
06ff8b3a16
Patch for an Issue #1105
2015-01-13 10:33:51 +01:00
Miroslav Stampar
8e03f4db0f
Patch for an Issue #1062
2015-01-09 15:33:53 +01:00
Miroslav Stampar
c4c4ac13fe
Better patch for an Issue #1095
2015-01-07 09:21:02 +01:00
Miroslav Stampar
2030311d50
Patch for an Issue #1095
2015-01-07 02:04:10 +01:00
Miroslav Stampar
45bdefd29b
Update of copyright
2015-01-06 15:02:16 +01:00
Miroslav Stampar
3d5ca1b25a
Minor update
2015-01-06 14:36:51 +01:00
Miroslav Stampar
6fc41ca940
Heuristically checking for WAF/IDS/IPS by default
2015-01-06 14:01:47 +01:00
Miroslav Stampar
c474c16b4a
Removing ML email address
2015-01-06 12:30:49 +01:00
Miroslav Stampar
e383df8e29
Patch for an Issue #1073
2014-12-30 09:16:50 +00:00
Miroslav Stampar
4f122ee008
Bug fix regarding a problem reported by user @blink2014
2014-12-20 00:23:31 +01:00
Miroslav Stampar
17db587e2c
Adding some friendly warning messages (regarding blocking)
2014-12-03 10:06:21 +01:00
Miroslav Stampar
f71a65a9a0
Patch for an Issue #979
2014-12-01 00:29:25 +01:00
Miroslav Stampar
05d5342f20
Update and patch for an Issue #2
2014-11-17 11:50:05 +01:00
Miroslav Stampar
a91fb4149b
Minor update (using lower frequency alphabet for kb.chars)
2014-11-05 10:56:30 +01:00
Miroslav Stampar
6f45596f28
Minor style update
2014-11-03 23:48:44 +01:00
Miroslav Stampar
19aed90ae5
Implementation for an Issue #874
2014-10-27 00:37:46 +01:00
Miroslav Stampar
01f4b76817
Minor update for the Issue #2
2014-10-23 14:03:44 +02:00
Miroslav Stampar
7143e61619
Minor update
2014-10-23 14:00:53 +02:00
Miroslav Stampar
60f2764c3d
Minor style update
2014-10-22 13:53:18 +02:00
Miroslav Stampar
f94ac8c69d
Second patch related to the Issue #846
2014-10-09 15:21:26 +02:00
Miroslav Stampar
2de12ef4a2
Potential fix for an Issue #843
2014-10-05 00:20:42 +02:00
Miroslav Stampar
fdef53aa67
Minor update of unhandled exception message
2014-10-01 14:23:45 +02:00
Miroslav Stampar
a2b059123a
Minor update of format exception strings
2014-10-01 14:12:30 +02:00
Miroslav Stampar
8c9014c39f
Adding a dummy (auxiliary) XSS check
2014-10-01 13:31:48 +02:00
Miroslav Stampar
7278af01ee
Implementation for an Issue #832
2014-09-16 14:12:43 +02:00
Miroslav Stampar
177fc0376d
Minor fix for HSQLDB
2014-08-30 21:37:38 +02:00
Miroslav Stampar
1a9a331422
Bug fix (proper extending of tests when dbms is known)
2014-08-30 21:34:23 +02:00
Miroslav Stampar
dcaad75a1e
Fix for an Issue #794
2014-08-22 15:08:05 +02:00
Miroslav Stampar
2ce3ccac46
Patch for an Issue #797 (switching to greedy because of performance; it shouldn't be a problem because it was a single line replacement in the first place)
2014-08-22 13:06:53 +02:00
Miroslav Stampar
c5b71cff10
Some filtering
2014-08-21 01:12:44 +02:00
Miroslav Stampar
0296081692
Minor refactoring
2014-08-20 23:42:40 +02:00
Miroslav Stampar
f51ea20bbd
Minor style update
2014-08-20 22:50:00 +02:00
Miroslav Stampar
e0216771ed
Minor update
2014-08-20 15:23:07 +02:00
Miroslav Stampar
c97782cfed
Minor update of banner
2014-08-20 15:10:21 +02:00
Miroslav Stampar
07f881e711
Minor fix
2014-08-20 14:02:04 +02:00
Miroslav Stampar
5a05271097
Minor fix
2014-08-19 22:34:07 +02:00
Miroslav Stampar
b0465a6a76
Adding a revision scheme for nongit checkouts
2014-08-19 22:32:16 +02:00
Miroslav Stampar
cd92de1702
Adding colorful banner
2014-08-19 22:19:22 +02:00
Miroslav Stampar
7d578d395f
Minor update for Apache on Windows
2014-08-16 16:01:18 +02:00
Miroslav Stampar
a8b4b96cd9
Extending list for brute forcing doc root
2014-08-16 15:16:03 +02:00
hydhyd
e7ffe92d8c
Update settings.py
...
Modified BRUTE_DOC_PREFIXES to include "/srv/www" used by default in OpenSUSE.
2014-08-06 12:59:18 +04:00
Bernardo Damele
018748f52e
increase the timeout for the Metasploit session initialization to 5 minutes, better on slow speed connections
2014-07-01 00:34:09 +01:00
Miroslav Stampar
0f10cdfa4c
Minor update
2014-05-29 09:24:09 +02:00
Miroslav Stampar
2a55f75f86
Using a more generic XML recognition regex
2014-04-30 21:25:45 +02:00
Miroslav Stampar
ae8b1fe89c
Implementation for an Issue #678
2014-04-25 09:17:10 +02:00
Miroslav Stampar
15f92c4197
Bug fix (port was not being used properly with Burp exported history)
2014-04-03 09:46:37 +02:00
Miroslav Stampar
f6e1d9e026
Fix for an Issue #650
2014-03-24 10:46:23 +01:00
Miroslav Stampar
39ab3b9149
Minor fix for meta refresh
2014-03-20 13:13:47 +01:00
Miroslav Stampar
56d76e6bfd
Updating list of extensions to exclude from crawling
2014-03-14 21:34:16 +01:00
Miroslav Stampar
490d51258e
Raising number of minimum time responses (15 is statistically too low)
2014-03-03 20:49:58 +01:00
Miroslav Stampar
6369a38ebc
Adding support for JSON-like data with single quote
2014-02-26 08:56:17 +01:00
Miroslav Stampar
465f968be6
Minor cosmetic update
2014-02-26 08:41:23 +01:00
Miroslav Stampar
8521265526
Minor fix
2014-02-07 14:40:43 +01:00
Bernardo Damele
43a4e85749
updated copyright
2014-01-13 17:24:49 +00:00
Miroslav Stampar
7718edac9b
Fix for an Issue #570
2013-12-27 09:40:33 +01:00
Miroslav Stampar
bf3fbb0ae0
Ignore Google analytics cookies
2013-12-04 09:56:37 +01:00
Miroslav Stampar
7054586e8a
Update for an Issue #565 (more work TBD - DuckDuckGo has some kind of IP blocking mechanism)
2013-11-25 20:57:07 +01:00
Miroslav Stampar
0a4512e9ae
Implementation for an Issue #557
2013-11-08 09:23:38 +01:00
Miroslav Stampar
e197720def
Fix for an Issue #546
2013-10-19 20:54:52 +02:00
Miroslav Stampar
777d999e71
Minor update
2013-10-18 15:39:46 +02:00
Miroslav Stampar
6ff2b931ff
Another patch for an Issue #545
2013-10-17 23:42:51 +02:00
Miroslav Stampar
304c9822bd
Patch for an Issue #545
2013-10-17 16:38:07 +02:00
Miroslav Stampar
5b8d631dc0
Minor update
2013-10-16 11:48:00 +02:00
Miroslav Stampar
04dbee3bec
Update for a more generic JSON recognition regex
2013-10-16 11:39:04 +02:00
Miroslav Stampar
bc19f40d09
Minor update
2013-08-22 10:44:21 +02:00
Miroslav Stampar
6cc0cf3702
Minor comment update
2013-08-20 18:36:31 +02:00
Miroslav Stampar
1088011bf0
Adding new binary file formats for excluding in crawling
2013-08-02 23:07:13 +02:00
stamparm
be5ce760b6
Fix for an Issue #485 (failing back to single-thread mode if over some bisection length)
2013-07-09 10:24:48 +02:00
stamparm
f7d15cb465
Official naming is HSQLDB (and/or HyperSQL)
2013-07-01 11:57:47 +02:00
Meatballs
7b6cc3d183
Add hsql settings
2013-06-24 14:38:44 +01:00
Miroslav Stampar
cdb434805a
Using alpha character as a boundary in union/error techniques (instead of ':') to support wider range of (output filtering) cases
2013-06-10 22:14:45 +02:00
Miroslav Stampar
351c70b390
Locale module screws string.letters, etc. in some cases (e.g. IDLE run)
2013-06-01 14:06:58 +02:00
stamparm
fc57b7565d
Implementation for an Issue #432
2013-05-09 14:26:29 +02:00
stamparm
46557198a5
Minor update of doc root names
2013-04-29 11:29:59 +02:00
stamparm
10fbeaed7b
Code refactoring
2013-04-15 11:49:11 +02:00
Miroslav Stampar
0b449bb1d9
Fix for an Issue #433
2013-04-10 19:33:31 +02:00
stamparm
8c9da95343
Style and consistency update (url -> URL)
2013-04-09 11:48:42 +02:00
stamparm
e1ffdde532
Little cleaning a mess with url encoding and post hint types
2013-03-27 13:39:27 +01:00
Miroslav Stampar
8acf033715
Code refactoring
2013-03-19 19:24:14 +01:00
Miroslav Stampar
2ada9e9b84
Patch for an Issue Issue #416
2013-03-04 18:05:40 +01:00
Miroslav Stampar
0e89cc62a2
Adding a hidden switch --dummy used for dummy runs (getPage() returns random data) - usefull for testing purposes for skipping connections
2013-02-28 20:20:08 +01:00
stamparm
be50192d8d
Refactoring WAF scripts
2013-02-26 15:54:50 +01:00
stamparm
e5e39bc682
Fix for an Issue #410
2013-02-25 11:07:30 +01:00
stamparm
8e49872d7c
Finalizing implementation for an Issue #290
2013-02-21 14:33:12 +01:00
Miroslav Stampar
368a2fd297
Fix for an Issue #393
2013-02-14 16:18:16 +01:00
Bernardo Damele
4b9d8ed673
reverted a previous commit as not all distributions create a link file /usr/bin/python2 to the Python interpreter
2013-02-14 11:32:17 +00:00
Bernardo Damele
a67ef4117f
make sure to use Python 2 interpreter when default system Python is version 3
2013-02-14 11:25:04 +00:00
Miroslav Stampar
6629233de5
Minor update
2013-02-14 10:18:40 +01:00
Miroslav Stampar
d78a3e977b
Update (allowing regular char * to be inside SOAP/JSON/XML)
2013-02-13 12:24:42 +01:00
Miroslav Stampar
72984a578d
Update for --load-cookies
2013-02-12 12:42:12 +01:00
Miroslav Stampar
c0e59d94a9
Better naming
2013-02-08 16:28:58 +01:00
Miroslav Stampar
cdfe43560b
Update for an Issue #207 (and a potential patch for regression tests)
2013-02-08 16:20:48 +01:00
Miroslav Stampar
f4b8a3c1d8
Bug fix for boolean (multithreaded Ctrl+C) resumed values
2013-02-04 15:49:29 +01:00
Miroslav Stampar
e7b93b5b66
Implementation for an Issue #363
2013-02-01 17:24:04 +01:00
Miroslav Stampar
bd08ede117
Minor fine tuning
2013-01-29 21:06:02 +01:00
Miroslav Stampar
c06f94e2c8
Fix for an Issue #378
2013-01-25 16:38:41 +01:00
Miroslav Stampar
8c84a16cb7
Minor style update for an Issue #377
2013-01-25 12:52:31 +01:00
Miroslav Stampar
194a9e7b88
Implementation for an Issue #377
2013-01-25 12:34:57 +01:00
Miroslav Stampar
601eb1e49a
Unescaping is renamed to escaping
2013-01-18 15:40:37 +01:00
Bernardo Damele
a43202f3c0
updated copyright
2013-01-18 14:07:51 +00:00
Miroslav Stampar
bcc907ce09
Minor update
2013-01-18 11:00:21 +01:00
Miroslav Stampar
507f185b69
Revert of patch for an Issue #347
2013-01-17 18:38:37 +01:00
Miroslav Stampar
f7eda07d92
Patch for an Issue #347
2013-01-17 15:30:14 +01:00
Miroslav Stampar
51a77d1fe2
Minor update for an Issue #8
2013-01-17 11:37:45 +01:00
Bernardo Damele
542f6de72e
typo fix
2013-01-16 01:31:03 +00:00
Bernardo Damele
c51358953a
add more Oracle system dbs
2013-01-15 14:51:29 +00:00
Miroslav Stampar
934d41dac2
Minor style update (PEP8)
2013-01-10 15:02:28 +01:00
Miroslav Stampar
ca3d35a878
Some PEP8 related style cleaning
2013-01-10 13:18:44 +01:00
Miroslav Stampar
25f01a419f
Minor style update (for the sake of consistency over the code and our PEP8 adaptation)
2013-01-09 15:38:41 +01:00
Miroslav Stampar
648d91d790
Distinguishing invalid unicode from safe encoded characters (for proper potential decoding)
2012-12-27 22:43:39 +01:00
Bernardo Damele
e9ab33e9dd
standalone REST API, code cleanup ( #297 )
2012-12-20 14:35:02 +00:00
Bernardo Damele
61a838bb35
added more test cases
2012-12-18 15:59:48 +00:00
Bernardo Damele
2926c815bf
improved test switch --live-test and minor refactoring
2012-12-17 11:29:33 +00:00
Bernardo Damele
a2a71bb37b
cleanup from XML-RPC related stuff
2012-12-14 13:37:36 +00:00
Bernardo Damele
6e31e87de1
added initial support (hidden from -hh and not yet usable) for REST-JSON API
2012-12-14 02:49:25 +00:00
Miroslav Stampar
a6448e8768
Update for an Issue #287
2012-12-12 11:54:59 +01:00
Miroslav Stampar
b9f6fc5f4e
First commit (and working one) for an Issue #287 (XML-RPC server)
2012-12-11 16:02:06 +01:00
Miroslav Stampar
0cbdaaecfa
Revert of 99e9412f74
(because of an Issue #289 )
2012-12-08 08:53:25 +01:00
Miroslav Stampar
79fca8e9d5
Fix for an Issue #268
2012-12-03 12:13:59 +01:00
Miroslav Stampar
3b961c2550
Update for an Issue #254
2012-11-29 15:36:38 +01:00
Miroslav Stampar
753d0f18bf
First CSS style added for a HTML table dump format (Issue #254 )
2012-11-28 12:46:43 +01:00
Miroslav Stampar
cff0c59630
Implementation for an Issue #264
2012-11-28 11:41:39 +01:00
Miroslav Stampar
87a92ab330
Deprecating --replicate (Issue #254 )
2012-11-28 11:10:57 +01:00
Miroslav Stampar
d37be5f97b
Fix for an Issue #248
2012-11-14 15:54:24 +01:00
Miroslav Stampar
81ccf28785
Minor refactoring
2012-10-29 14:08:48 +01:00
Miroslav Stampar
359e734954
Minor refactoring
2012-10-29 10:48:49 +01:00
Miroslav Stampar
ca427af8b3
Minor refactoring/improvement
2012-10-28 01:42:08 +02:00
Miroslav Stampar
c1b8226329
Massive renaming (proper naming is inband = union & error techniques! - query naming stays as they are/in code things like forgeInbandQuery are renamed to forgeUnionQuery)
2012-10-28 00:36:09 +02:00
Miroslav Stampar
8a5844a364
Implementation for an Issue #222
2012-10-25 13:21:32 +02:00
Miroslav Stampar
d65d9e25cd
Implementation for an Issue #2
2012-10-19 11:02:14 +02:00
Miroslav Stampar
2cb1b054bb
Implementation for an Issue #79
2012-10-16 12:32:58 +02:00
Miroslav Stampar
ebc7088f94
Implementation for an Issue #128
2012-10-05 10:24:09 +02:00
Miroslav Stampar
8865fe69d7
Minor cleanup
2012-10-04 18:26:07 +02:00
Miroslav Stampar
3764d230be
Minor fix for Issue #197 and Issue #49
2012-10-04 11:43:37 +02:00
Miroslav Stampar
461e5ebc5f
Work for Issue #197 and Issue #49
2012-10-04 11:25:44 +02:00
Miroslav Stampar
bcbf0571a5
Implementation for an Issue #49
2012-10-02 14:23:58 +02:00
Miroslav Stampar
763dc98311
Minor refactoring
2012-10-02 13:36:15 +02:00
Miroslav Stampar
fccdb824bb
Patch for an Issue #193
2012-09-25 11:21:39 +02:00
Miroslav Stampar
cea5127ffd
Update for an Issue #6
2012-09-06 15:51:38 +02:00
Miroslav Stampar
c3d191e626
Minor update for an Issue #2
2012-09-06 14:13:54 +02:00
Miroslav Stampar
1e238b5a5a
Minor update
2012-09-06 13:36:34 +02:00
Miroslav Stampar
9674b174ee
One more minor update related to last commit
2012-08-23 15:37:17 +02:00
Miroslav Stampar
b79247c197
Minor update
2012-08-23 15:22:14 +02:00
Miroslav Stampar
52351e5d81
Update for an Issue #161 (now detecting format error messages too)
2012-08-22 15:51:47 +02:00
Miroslav Stampar
01f481c332
Minor refactoring of dictionaries
2012-08-21 11:19:15 +02:00
Miroslav Stampar
0d8fca30c9
Fix for an Issue #59
2012-08-16 11:31:43 +02:00
Miroslav Stampar
432b567584
Fix for an Issue #141
2012-08-08 00:03:58 +02:00
Miroslav Stampar
fec8a5cc9d
Fix for an Issue #139
2012-08-07 00:50:58 +02:00
Miroslav Stampar
922ea9d1f4
Update for Issue #118
2012-07-24 15:43:29 +02:00
Miroslav Stampar
a7d1a0c250
Implementation for an Issue #117
2012-07-23 14:14:22 +02:00
Bernardo Damele
5f876bdbbe
minor adjustments
2012-07-16 22:50:29 +01:00
Miroslav Stampar
786686da60
Minor language update
2012-07-13 14:53:42 +02:00
Miroslav Stampar
3c81f74823
Minor style update
2012-07-13 12:22:37 +02:00
Miroslav Stampar
c5ecc8b8db
Closing work on Issue #83
2012-07-13 11:23:21 +02:00
Bernardo Damele
162da75a04
modified homepage address
2012-07-12 18:38:03 +01:00
Miroslav Stampar
569c9214bf
Adding support for boldifying important logging messages
2012-07-12 16:30:35 +02:00
Miroslav Stampar
65639cdda6
First update for Issue #75 (error-based dumping)
2012-07-12 14:31:28 +02:00
Miroslav Stampar
c6464b44be
Some more refactoring
2012-07-11 20:13:23 +02:00
Miroslav Stampar
d7926b8aac
Minor refactoring
2012-07-11 19:54:21 +02:00
Bernardo Damele
eb7ffb8f91
setup for implementing logging colouring - issue #77
2012-07-10 02:54:37 +01:00
Miroslav Stampar
3ff28e58b4
Update regarding Issue #52
2012-07-08 19:24:25 +02:00
Bernardo Damele
4fa6d51d93
improved issues link
2012-07-05 16:26:50 +01:00
Miroslav Stampar
c3c1b9e957
Minor restyling
2012-07-04 20:28:18 +02:00
Bernardo Damele
793fa464e3
website url fix
2012-07-03 13:14:39 +01:00
Miroslav Stampar
481b46a004
Restyling output for Issue #52
2012-07-03 13:06:52 +02:00
Miroslav Stampar
3af1532700
Implementation for Issue #54
2012-07-03 12:09:18 +02:00
Miroslav Stampar
8eefe4b71f
Getting back revision number - displayed like in GitHub commits (Issue #52 )
2012-07-02 13:01:20 +02:00
Miroslav Stampar
21d9ae0a2c
some more refactoring
2012-07-01 01:19:54 +02:00
Miroslav Stampar
2a72fcce2b
Fix for Issue #42
2012-06-28 13:55:30 +02:00
jekil
c39e5a85ba
Removed $id$ tags
2012-06-27 20:56:43 +02:00
Miroslav Stampar
452ef202ae
minor fixes
2012-06-17 22:48:23 +00:00
Miroslav Stampar
b9f6943a42
minor update
2012-06-17 21:23:12 +00:00
Miroslav Stampar
06be7bbb18
few just in case fixes (unarrayizeValue in dumpTable entries) and and some refactoring (unique is now not done for every union case but only if detected that there are duplicates in union test)
2012-06-15 20:41:53 +00:00
Miroslav Stampar
058a9c59a2
fix for a bug noticed in a multi target run (log files weren't saved properly - removed buffering as it didn't produce any noticeable results)
2012-06-05 22:40:55 +00:00
Miroslav Stampar
d335ec0c34
turning back on time auto-adjustment mechanism (if turned off) after a threshold run of valid chars
2012-05-26 07:00:26 +00:00
Miroslav Stampar
37f2709197
making a generic solution for all "Generic comment"/MsAccess cases (it's the only DBMS which doesn't accept --, hence replacing generic comment with %00 for it)
2012-05-09 09:08:23 +00:00
Miroslav Stampar
efd27d7ade
minor renaming
2012-04-17 08:41:19 +00:00
Miroslav Stampar
627bfc589f
some more updates in reflective removal mechanism
2012-04-11 21:26:00 +00:00
Miroslav Stampar
01bd5d0ab2
some more updates for reflective mechanism
2012-04-11 10:41:33 +00:00
Miroslav Stampar
9c2f244d47
minor fix
2012-04-10 22:20:53 +00:00
Miroslav Stampar
119eec3598
improving "boolean detection" by automatic recognition of convenient --string candidate
2012-04-10 21:48:34 +00:00
Miroslav Stampar
b2afa87e48
reading page responses in chunks, trimming unnecessary content (especially for large table dumps in full inband cases)
2012-04-06 08:42:36 +00:00
Bernardo Damele
d106fb5184
layout adjustments
2012-04-04 12:27:24 +00:00
Miroslav Stampar
1cd3c3f7af
further update of DNS data retrieval mechanism through SQLi
2012-04-02 14:05:30 +00:00
Miroslav Stampar
772ead8d03
fixed support for error-based injection on MySQL 4.1 (help table a needs more than 2 items inside); also, fixed some border issues with reflective values
2012-03-29 12:44:20 +00:00
Miroslav Stampar
9433bbe26d
memory optimization for reflective removal mechanism (there was no need for \n\r in the first place as there was no re.S flag used - also, one re.sub "flags <-> count" bug fixed)
2012-03-28 19:27:12 +00:00
Miroslav Stampar
a8c9a47092
redirect logic rewritten from scratch
2012-03-15 11:10:58 +00:00
Miroslav Stampar
ca0d068575
distinguishing NULL from BLANK
2012-03-14 13:52:23 +00:00
Miroslav Stampar
e827f41cdb
using pickle HIGHEST_PROTOCOL just in case
2012-03-13 09:35:37 +00:00
Miroslav Stampar
cda8815634
introducing safe deprecation mechanism for HashDB versioning
2012-03-12 22:55:57 +00:00
Miroslav Stampar
b3bd4144f5
removing of unused imports together with some general code refactoring
2012-02-22 10:40:11 +00:00
Miroslav Stampar
bc4dd7c0dd
fix for -g
2012-02-20 10:02:19 +00:00
Miroslav Stampar
aee269cc14
gazillion changes, nothing will work, muhahaha
2012-02-17 14:22:48 +00:00
Miroslav Stampar
dcf7277a0f
some more refactorings
2012-02-16 14:42:28 +00:00
Miroslav Stampar
bcf9fc6c6f
minor refactoring
2012-02-16 09:32:47 +00:00
Miroslav Stampar
23cc8b6974
minor fix for special cases when parameter value contains html encoded characters
2012-02-14 14:08:10 +00:00
Miroslav Stampar
2b05ded9c3
just a makeup
2012-02-07 12:05:23 +00:00
Miroslav Stampar
f7bf1fbe94
upgrade/fixes for direct DBMS access
2012-02-07 10:46:55 +00:00
Bernardo Damele
c0f4b4632d
Minor fix
2012-02-02 12:55:39 +00:00
Miroslav Stampar
f2857e38ba
minor update
2012-01-30 10:19:03 +00:00
Bernardo Damele
7e560eec1f
Minor fix
2012-01-13 12:54:45 +00:00
Miroslav Stampar
95f89ab63a
updating copyright date
2012-01-11 14:59:46 +00:00
Miroslav Stampar
2b5e429dc2
one more level of defense against user himself
2012-01-07 17:16:14 +00:00
Miroslav Stampar
759465bde5
minor fix
2012-01-06 00:06:38 +00:00
Miroslav Stampar
37d78ffe01
minor optimization
2011-12-28 15:59:30 +00:00
Miroslav Stampar
dda979a15a
minor refactoring
2011-12-27 12:31:29 +00:00
Miroslav Stampar
c20546dcaa
minor refactoring
2011-12-26 12:24:39 +00:00
Miroslav Stampar
89d2c7c042
minor update
2011-12-22 20:54:20 +00:00
Miroslav Stampar
abb401879c
minor update
2011-12-22 20:42:57 +00:00
Miroslav Stampar
087e29d272
minor update
2011-12-22 20:14:56 +00:00
Miroslav Stampar
094129a656
minor optimization
2011-12-22 15:42:21 +00:00
Miroslav Stampar
9f68e54fff
minor cleanup
2011-12-22 10:59:28 +00:00
Miroslav Stampar
526aacb640
code cleanup
2011-12-21 22:59:23 +00:00
Miroslav Stampar
81bd9a201b
minor refactoring
2011-12-21 11:50:49 +00:00
Miroslav Stampar
95cd9e2af3
adding support for scanning Host header values (-p host)
2011-12-20 12:52:41 +00:00
Miroslav Stampar
364113441b
adding (for now) hidden switch --tor-http (utilizing Tor proxy bundles)
2011-12-14 10:19:45 +00:00
Bernardo Damele
8fe72d87a8
minor bug fix for mysql -d --file-read
2011-12-06 10:57:23 +00:00
Miroslav Stampar
71c46f50aa
adding option --csv-del
2011-11-30 17:39:41 +00:00
Miroslav Stampar
02bd9a54f3
minor update
2011-11-30 17:19:21 +00:00
Miroslav Stampar
885b432808
minor update
2011-11-23 21:39:53 +00:00
Miroslav Stampar
2e10de8921
minor update
2011-11-22 12:18:24 +00:00
Miroslav Stampar
ac041399f0
minor patch
2011-11-22 11:04:43 +00:00
Miroslav Stampar
9697e80013
some more optimizations
2011-11-22 10:54:29 +00:00
Miroslav Stampar
eee03871d7
minor refactoring
2011-11-21 21:31:08 +00:00
Miroslav Stampar
440b7efe55
minor optimization
2011-11-20 20:14:47 +00:00
Miroslav Stampar
e1a92d59de
implementing WordPress phpass hash cracking routine
2011-11-20 19:10:46 +00:00
Miroslav Stampar
f1979936c8
minor update
2011-11-18 15:32:33 +00:00
Miroslav Stampar
d735582536
major speed improvement of hash cracking
2011-11-02 06:53:43 +00:00
Miroslav Stampar
7ce3af68fc
fixing support for parsing BURP logs
2011-10-27 17:31:34 +00:00
Miroslav Stampar
d64c0af461
minor update
2011-10-26 14:31:00 +00:00
Miroslav Stampar
86b4a3562f
added switch --check-tor
2011-10-25 17:37:43 +00:00
Miroslav Stampar
c1486ed4be
adding usage of non-encoded/decoded post data (if data is recognized to be already encoded) by user request
2011-10-25 09:53:44 +00:00
Miroslav Stampar
323aa7bf2f
minor update
2011-10-09 21:21:41 +00:00
Miroslav Stampar
e0f521cf9d
minor update regarding --randomize
2011-08-29 13:08:25 +00:00
Bernardo Damele
9361e633f4
Minor bug fix - some applications do really set cookies like param="value" with double-quotes
2011-08-16 09:21:01 +00:00
Miroslav Stampar
7cc5743c5d
minor adjustment of a time based char retrievals (no more infinite increasing of timeSec value for problematic characters)
2011-08-16 06:50:20 +00:00
Miroslav Stampar
df4abf1af1
lowering constant value from 10 to 7 for da peace in da houz
2011-08-12 17:19:19 +00:00
Miroslav Stampar
9423d15fb3
ORDER BY technique used for finding proper UNION col count (dramatical improvement of speed and capabilities) and one minor bug fix
2011-08-03 09:08:16 +00:00
Miroslav Stampar
5770c08784
minor optimization and refactoring
2011-07-25 20:17:44 +00:00
Miroslav Stampar
ec1bc0219c
hello big tables, this is sqlmap, sqlmap this is big tables
2011-07-24 09:19:33 +00:00
Miroslav Stampar
094dc91e2d
minor update (prior to some changes regarding large content retrieval)
2011-07-23 19:04:59 +00:00
Miroslav Stampar
9cf33ec997
now status is no longer represented in percentage (impossible in cases where we need to support too small and too large dictionaries - technical issues regarding counting) but by the rotating char
2011-07-15 13:24:13 +00:00
Miroslav Stampar
5c162efbd8
more optimization
2011-07-12 23:21:15 +00:00
Miroslav Stampar
5443e06430
cosmetics (in debug mode [0] is used)
2011-07-08 09:43:52 +00:00
Bernardo Damele
aedcf8c8d7
Changed homepage address
2011-07-07 20:10:03 +00:00
Bernardo Damele
067354b97f
Revert of last commit and proper fix to detect UNION query SQL injection against Microsoft Access
2011-07-07 13:20:40 +00:00
Bernardo Damele
fcd4e94c04
Higher chances to detect UNION query SQL injection against Microsoft Access
2011-07-06 23:52:44 +00:00
Miroslav Stampar
93b296e02c
few bug fixes (NTLM credential parsing was wrong), some switch reordering (few Misc to General), implemented --check-waf switch (irony is that this will also be called highly experimental/unstable while other things will be called "major/turbo/super bug fix/implementation")
2011-07-06 05:44:47 +00:00
Miroslav Stampar
b8ffcf9495
few fixes here and there and multi-core processing for dictionary based hash attack
2011-07-04 19:58:41 +00:00
Bernardo Damele
36c96ef796
Added DB2 support - patch provided by Sebastian Bittig
2011-06-25 09:44:24 +00:00
Miroslav Stampar
aa83fe5c66
minor update
2011-06-24 18:19:33 +00:00
Miroslav Stampar
21010f702c
minor beautification
2011-06-24 17:46:54 +00:00
Miroslav Stampar
96190cf594
minor update
2011-06-24 17:15:15 +00:00
Bernardo Damele
1cb12ea659
replaced third-party library python-mysql with python pymysql, http://code.google.com/p/pymysql/ (MIT license)
2011-06-22 13:31:07 +00:00
Miroslav Stampar
2a4a284a29
crawler fix (skip binary files)
2011-06-20 22:41:38 +00:00
Miroslav Stampar
d6062e8fc9
minor fix for crawler and far less message overlaps in future
2011-06-20 21:18:12 +00:00
Miroslav Stampar
31ad0875b4
added by request
2011-06-18 11:34:51 +00:00
Miroslav Stampar
ec6fa384eb
update
2011-06-17 22:04:25 +00:00
Miroslav Stampar
530c296519
minor fix
2011-06-16 13:56:17 +00:00
Miroslav Stampar
6f681b45ad
cleaning up a bit for a configuration mess
2011-06-16 11:42:13 +00:00
Miroslav Stampar
2da56ea507
fix of a language bug
2011-06-11 21:17:30 +00:00
Miroslav Stampar
f8dde2c23b
adding --titles switch (killer switch for pages with lots of dynamicity and/or international ones)
2011-06-10 23:18:43 +00:00
Bernardo Damele
7da3d8dbd1
minor layout adjustment
2011-06-08 13:01:33 +00:00
Miroslav Stampar
f27181c628
minor improvement for blind based injections with reflected values
2011-06-03 14:41:36 +00:00
Miroslav Stampar
89559d1b0a
better regex and now after we have that automatic switch off for reflective removal mechanism it's not so important to change it
2011-05-30 20:18:30 +00:00
Miroslav Stampar
20988e58ed
warp 5 mr spock :)
2011-05-30 09:46:32 +00:00
Miroslav Stampar
001cbff2a9
speed up of 2 times for partial union technique
2011-05-30 09:07:48 +00:00
Miroslav Stampar
d51efa679d
typo update
2011-05-29 06:26:28 +00:00
Miroslav Stampar
f848cc779e
adding legal disclaimer as latest situation (these days news headlines) seems out of control
2011-05-28 18:54:14 +00:00
Miroslav Stampar
03ef53f00a
update regarding mysql function resolution and versionedkeywords
2011-05-28 17:34:43 +00:00
Miroslav Stampar
4f46a5ab63
minor usability enhancement regarding warning for --text-only switch
2011-05-26 20:48:18 +00:00
Miroslav Stampar
0e480a9921
adding SYS to the ORACLE_SYSTEM_DBS
2011-05-25 10:55:47 +00:00
Miroslav Stampar
f774d8fea0
proper Tor settings (reverted r3915 and implemented it the right way)
2011-05-24 11:06:58 +00:00
Miroslav Stampar
a58aaf2e1a
better format for results file (easier for sorting when lots of files)
2011-05-22 07:02:36 +00:00
Miroslav Stampar
25fff8c135
changes in handling --tor (using SOCKS instead of HTTP for handling Tor - more standard way; doesn't require proxy bundle; fixes problems with default proxy ports on Win/Linux)
2011-05-21 11:46:57 +00:00
Miroslav Stampar
9e5856caf8
improvement for recognition of scalar vs multiple-row commands
2011-05-19 16:45:05 +00:00
Miroslav Stampar
3048e9f710
minor refactoring
2011-05-17 23:03:31 +00:00
Miroslav Stampar
faa74cd2bc
introducing results file for multiple target mode
2011-05-15 22:21:38 +00:00
Bernardo Damele
aae140080e
SVN roll back, DB2 patch will be recommitted after testing:
...
$ svn merge https://svn.sqlmap.org/sqlmap/trunk/sqlmap@HEAD https://svn.sqlmap.org/sqlmap/trunk/sqlmap@3847 .
2011-05-06 10:27:43 +00:00
Miroslav Stampar
6e392b6054
applying contributed patch for DB2
2011-05-06 09:30:39 +00:00
Miroslav Stampar
742b0ef76e
major improvement of ERROR data retrieval on MSSQL
2011-05-03 13:25:20 +00:00
Bernardo Damele
f56d135438
Minor code restyling
2011-04-30 13:20:05 +00:00
Bernardo Damele
d0dff82ce0
Minor code refactoring relating set/get back-end DBMS operating system and minor bug fix to properly enforce OS value with --os switch
2011-04-23 16:25:09 +00:00
Miroslav Stampar
f88aa4b165
implemented suppressResumeInfo mechanism (huge slowdown on large tables)
2011-04-22 19:58:10 +00:00
Bernardo Damele
06a00fe85e
For development version, print also the revision number in the banner
2011-04-21 21:34:57 +00:00
Miroslav Stampar
7a06af9a92
added "lagging" critical message
2011-04-19 10:37:20 +00:00
Miroslav Stampar
b79d4f70f3
cleaner solution for the problem solved with last commit
2011-04-18 14:51:48 +00:00
Miroslav Stampar
f5cff067c6
little hack for --time-sec
2011-04-18 14:46:18 +00:00
Miroslav Stampar
6fab44d635
minor refactoring and improving of used regex
2011-04-17 22:37:00 +00:00
Miroslav Stampar
c461fdca54
some refactoring
2011-04-15 13:51:06 +00:00
Miroslav Stampar
0387654166
update of copyright string (until year)
2011-04-15 12:33:18 +00:00
Miroslav Stampar
4d8a49a87c
more standard way to display hex encoded char (\xff instead of \ff) also compatible with python representation
2011-04-15 11:53:20 +00:00
Miroslav Stampar
ded28442fb
minor fixes and refactoring regarding safecharencoding
2011-04-14 15:54:00 +00:00
Miroslav Stampar
eafab03d99
safe decoding values going into --replicate (as we should have a "replicate" and sqlite3 supports all chars)
2011-04-14 13:53:56 +00:00
Miroslav Stampar
30bfefd638
minor fix
2011-04-14 12:58:03 +00:00
Bernardo Damele
5cf38cd0d7
More cookies to ignore
2011-04-14 12:46:14 +00:00
Miroslav Stampar
bb99bd2fbe
one more commit related to the issue with displaying of garbled characters
2011-04-14 09:43:36 +00:00
Miroslav Stampar
5dfb55effc
revert of the last commit because of this http://osvdb.org/show/osvdb/26582
2011-04-14 06:46:32 +00:00
Miroslav Stampar
786f305e1a
minor update
2011-04-14 06:43:08 +00:00
Miroslav Stampar
21114d1748
added IGNORE_PARAMETERS to skip testing of state/session web server parameters
2011-04-13 19:01:02 +00:00
Miroslav Stampar
d06ae9cd47
implemented retrieved items info for partial union too
2011-04-13 14:33:15 +00:00
Miroslav Stampar
f5f2201bbc
minor cosmetics for partial inband retrieval
2011-04-13 11:25:42 +00:00
Miroslav Stampar
c193b896be
just in case update to prevent gibberish "retrieved: " outputs
2011-04-12 23:07:50 +00:00
Miroslav Stampar
941daa1645
just in case to prevent "object of type 'NoneType' has no len()" error reports
2011-04-11 11:59:02 +00:00
Miroslav Stampar
08d14886fd
added new dev version string
2011-04-11 09:44:44 +00:00
Bernardo Damele
07d6b18c4e
cutting for 0.9 stable
2011-04-11 00:24:51 +00:00
Miroslav Stampar
8597409d9e
lowering the value
2011-04-10 22:57:17 +00:00
Bernardo Damele
c3b54cc222
Cosmetics
2011-04-01 16:40:28 +00:00
Miroslav Stampar
220366b6e8
minor update (ip addresses will not be confused any more for crypt_generic hashes)
2011-03-31 16:56:26 +00:00
Miroslav Stampar
c5de903eab
minor improvement ("quick defense against substr fields")
2011-03-31 09:35:09 +00:00
Miroslav Stampar
d28ca5809b
adding support for meta HTML header 'refresh' - popular one amongst login pages (stumbled when tested blind injections on Mutillidae login page)
2011-03-29 14:16:28 +00:00
Miroslav Stampar
7cf4ba83dc
minor refactoring and comment update
2011-03-29 12:08:07 +00:00
Miroslav Stampar
bf0e3c4662
improvement for --forms with empty fields
2011-03-28 22:48:00 +00:00
Miroslav Stampar
76b7e3517d
minor update
2011-03-27 07:58:15 +00:00
Miroslav Stampar
d79fae724c
minor refactoring
2011-03-24 09:16:21 +00:00
Miroslav Stampar
5c97f9a496
improvement of url encoding technique (implemented failsafe routine for shortening too long GET queries)
2011-03-09 09:36:56 +00:00
Miroslav Stampar
f27f05308a
minor update for masking sensitive data in error report (added aCred too)
2011-03-02 10:09:17 +00:00
Miroslav Stampar
7036190e8e
minor improvement of regular expression
2011-02-27 17:58:01 +00:00
Miroslav Stampar
21041f8b90
further reflective value handling improvement
2011-02-27 17:43:41 +00:00
Miroslav Stampar
708ddf5608
added protection mechanism against reflected values
2011-02-24 16:52:46 +00:00
Miroslav Stampar
3f8eadf4fe
minor refactoring
2011-02-22 13:00:58 +00:00
Miroslav Stampar
199f14df46
implementation of MySQL GROUP_CONCAT technique
2011-02-15 00:28:27 +00:00
Miroslav Stampar
50d25c3b4d
update regarding explicit testing of ua and referer when using -p
2011-02-13 21:58:48 +00:00
Miroslav Stampar
4295a78c5f
minor update
2011-02-10 19:51:34 +00:00
Miroslav Stampar
5b57a69f3e
fix
2011-02-09 11:20:03 +00:00
Miroslav Stampar
37f7001143
first commit with mysql/error/substringing
2011-02-08 16:23:33 +00:00
Miroslav Stampar
99e9412f74
minor update
2011-02-07 12:34:23 +00:00
Bernardo Damele
39decebe85
Minor fixes to checking/re-enabling of xp_cmdshell procedure
2011-02-07 12:17:19 +00:00
Miroslav Stampar
096efea282
added BULK to EXCLUDE_UNESCAPE and preventing crashes when output=[]
2011-02-07 10:22:43 +00:00
Bernardo Damele
ba3a8a69d4
More statements to exclude from unescap'ing
2011-02-07 00:33:54 +00:00
Bernardo Damele
2e00656235
Minor fix
2011-02-07 00:20:23 +00:00
Bernardo Damele
f3d6be7868
Code cleanup
2011-02-06 22:32:44 +00:00
Miroslav Stampar
acb986ae80
minor refactoring
2011-02-04 17:40:55 +00:00
Miroslav Stampar
accf4e6ce0
one important fix (URI injection parameter '*' now can go anywhere)
2011-02-04 12:43:18 +00:00
Miroslav Stampar
c19d481bb1
little clean up
2011-02-04 12:25:14 +00:00
Miroslav Stampar
e4933f0c92
refactoring
2011-02-03 23:25:56 +00:00
Miroslav Stampar
e5f54644f0
minor "statistical" update
2011-02-03 16:59:49 +00:00
Miroslav Stampar
6c87bd1c63
added maskSensitiveData function
2011-02-02 14:25:16 +00:00
Miroslav Stampar
d6c9515f78
minor update
2011-02-02 13:03:24 +00:00
Miroslav Stampar
e33428b833
adding __findUnionCharCount function
2011-02-02 11:22:35 +00:00
Miroslav Stampar
99aa38b58f
minor refactoring
2011-02-02 10:10:28 +00:00
Miroslav Stampar
fa58a9c86b
update (now URIs like www.site.com/id82 are automatically treated as possible URI injectable)
2011-01-31 20:36:01 +00:00
Miroslav Stampar
b1dc928e68
implemented validation for time-based inference
2011-01-31 16:07:23 +00:00
Miroslav Stampar
25463bc67c
fix for a bug (--predict-output) noticed by Bernardo
2011-01-31 15:00:41 +00:00
Miroslav Stampar
60a2364f2b
now union technique parses headers too
2011-01-31 12:41:39 +00:00
Miroslav Stampar
f9eac97fe8
refactoring of MSSQL XML banner parsing
2011-01-31 11:38:00 +00:00
Miroslav Stampar
fc9c626f9e
minor refactoring (removed URL_ENCODE_PAYLOAD)
2011-01-30 17:03:06 +00:00
Miroslav Stampar
ddf23ba7cc
refactoring
2011-01-30 11:36:03 +00:00
Miroslav Stampar
03413bd5e0
minor refactoring before a huge bug fix reported by Ahmed Shawky (we are falsely urlencoding ORIGINAL part of the injection payload)
2011-01-27 16:55:58 +00:00
Miroslav Stampar
4e5f0da1ae
minor update
2011-01-20 16:07:08 +00:00
Miroslav Stampar
7a060e756d
dummy fix for SQLite schema retrieval (lots of spaces inside)
2011-01-19 23:16:22 +00:00
Bernardo Damele
daebb0010b
Major bug fix to properly process custom queries (--sql-query/--sql-shell) when technique in use is error-based.
...
Alignment of SQL statement payload packing/unpacking between all of the techniques.
Minor bug fix to use the proper charset (2, numbers) when dealing with COUNT() in custom queries too.
Minor code cleanup.
2011-01-18 23:02:11 +00:00
Miroslav Stampar
34d13be0d3
minor update regarding default page encoding
2011-01-17 10:23:37 +00:00
Miroslav Stampar
5c857779c1
important fix for unicode based character inference
2011-01-17 10:15:19 +00:00
Miroslav Stampar
0fcca671bd
information update regarding common password suffixes
2011-01-17 09:28:25 +00:00
Miroslav Stampar
5476a8a27e
russian sites are great for testing :)
2011-01-16 19:00:19 +00:00
Miroslav Stampar
30d6791968
update regarding time based data retrieval
2011-01-16 17:52:42 +00:00
Miroslav Stampar
3873d204bb
important update for dictionary attack
2011-01-15 15:56:11 +00:00
Miroslav Stampar
e17ac5fdca
update
2011-01-15 15:14:22 +00:00
Bernardo Damele
97ae7e330f
cosmetics
2011-01-07 17:10:58 +00:00
Miroslav Stampar
7ae5192070
adding filtering of strings for control chars in blind inference mode (way to handle either errornous values, or either binary data)
2011-01-05 10:25:07 +00:00
Miroslav Stampar
c83e9f6ca5
foundation for filtering binary string values (for example, replacement of non readable chars with #)
2011-01-04 21:56:37 +00:00
Miroslav Stampar
aa81ed4033
implementation of a feature suggested by pan@knownsec.com (usage of charset type from http-equiv attribute in case when charset is not defined in headers)
2011-01-04 15:49:20 +00:00
Miroslav Stampar
8625494ff2
added one new quick check for multiple target(s) mode
2011-01-03 08:32:06 +00:00
Miroslav Stampar
f762f32de8
bug fix for proper --parse-errors on .aspx pages
2011-01-02 13:00:04 +00:00
Miroslav Stampar
51a492e17d
pretty important commit (now dumped tables are prone to dictionary attack)
2010-12-27 10:56:28 +00:00
Miroslav Stampar
b472b96f92
bug fix, refactoring and improved extractErrorMessage capabilities
2010-12-25 10:16:20 +00:00
Miroslav Stampar
aab14fa2d3
minor refactoring/cosmetics
2010-12-24 11:06:57 +00:00
Miroslav Stampar
d5eebb1cbf
fix for a fundamentally bad presumtion (ratio should be > 0.6 in stable pages), especially today when we have stuff like where=2; also, just imagine 500s which could just say something like FALSE, while on ratio level it would be far below 0.6
2010-12-24 09:49:19 +00:00
Miroslav Stampar
7a525f28d4
cosmetics
2010-12-21 15:26:23 +00:00
Miroslav Stampar
b2e7f9484d
minor tuning (2 techniques MAX per value used)
2010-12-21 15:24:14 +00:00
Miroslav Stampar
6c1133c4d4
some code refactoring
2010-12-21 15:13:13 +00:00
Miroslav Stampar
fe67d3827c
code refactoring and some fixes
2010-12-18 09:51:34 +00:00
Miroslav Stampar
a19cb2c13a
code refactoring (added UNKNOWN_DBMS_VERSION instead of "Unknown")
2010-12-17 21:29:09 +00:00
Bernardo Damele
04caef6de0
Tuning
2010-12-13 23:04:26 +00:00
Miroslav Stampar
c93634b6c7
blind dumping of tables in sqlite implemented
2010-12-11 22:13:19 +00:00
Miroslav Stampar
f021548bd0
added inference failsafe (like in for instance Firebirds SUBSTR always returns a string value, no matter which starting index you use)
2010-12-11 10:52:04 +00:00
Miroslav Stampar
fe2039f5ba
coollyy little commits
2010-12-10 11:32:46 +00:00
Miroslav Stampar
64cc2588f1
now resume is available for time-based blinds too
2010-12-08 12:49:26 +00:00
Miroslav Stampar
dc651d59ec
little mathematics here and there (used "Rules for normally distributed data")
2010-12-07 19:19:12 +00:00
Miroslav Stampar
ecd4a5a532
added standard deviation check in time based tests
2010-12-07 16:39:31 +00:00
Miroslav Stampar
294119d2ec
more advanced time technique(s)
2010-12-07 16:04:53 +00:00
Miroslav Stampar
3d87489de5
minor update
2010-12-07 08:05:03 +00:00
Miroslav Stampar
61f82fd274
introducing [DELAYED] for heavy query time based payloads when response time is non-deterministic
2010-12-07 00:27:26 +00:00
Miroslav Stampar
2735848ab6
removed ERROR_SPACE
2010-12-06 22:40:07 +00:00
Bernardo Damele
2708aad504
Unified start and stop delimiters accross errror-based (detection engine) and union query (--union-test) tests.
2010-12-01 10:31:50 +00:00
Miroslav Stampar
2a8e270bef
proper handling of carriage return character from Windows target machines
2010-11-16 15:11:03 +00:00
Miroslav Stampar
88c00e61d3
another update
2010-11-09 23:35:37 +00:00
Miroslav Stampar
5ebd5d935c
another name change
2010-11-09 22:49:31 +00:00
Miroslav Stampar
06f00cf8c1
name change
2010-11-09 22:48:22 +00:00
Miroslav Stampar
fef60d5cb7
some fixes :)
2010-11-09 22:32:05 +00:00
Miroslav Stampar
862395ced1
further refactoring (all enumerations are now put into enums.py)
2010-11-08 09:20:02 +00:00
Bernardo Damele
b6da946883
Added one new verbose level, -v 3 now shows the full injected payload.
...
Fixed also -d verbose output.
2010-11-07 22:34:29 +00:00
Miroslav Stampar
685a8e7d2c
refactoring of hard coded dbms names
2010-11-02 11:59:24 +00:00
Miroslav Stampar
5a38ac7ea9
important update regarding (Bug #209 ) - probably more will be needed
2010-10-29 16:11:50 +00:00
Miroslav Stampar
be443c6947
refactoring regarding __START__,...
2010-10-21 09:51:07 +00:00
Miroslav Stampar
e24bff0497
nice refactoring
2010-10-20 09:46:57 +00:00
Miroslav Stampar
5d3cbec457
no more regex. web server independent.
2010-10-20 09:35:46 +00:00
Miroslav Stampar
8776db872c
minor refactoring
2010-10-19 23:05:24 +00:00
Miroslav Stampar
264e0a6fda
added support for displaying revision number at unhandled exception message
2010-10-19 08:55:14 +00:00
Miroslav Stampar
4f7f20b94f
sorry, cosmetics
2010-10-14 23:18:29 +00:00
Miroslav Stampar
8b48833136
large commit with copyright header modifications
2010-10-14 14:41:14 +00:00
Miroslav Stampar
f9f79ffbaf
basic stuff for sybase
2010-10-12 19:05:12 +00:00
Miroslav Stampar
48cc87f6a9
added support for fingerprinting SAP MaxDB (Issue 143)
2010-08-30 13:29:19 +00:00
Bernardo Damele
a21a7fc56d
Minor code refactoring
2010-05-21 12:09:31 +00:00
Bernardo Damele
a1b1f960cc
Finally fixed and adapted all code around to the new isWindowsDriveLetterPath() function
2010-04-23 16:34:20 +00:00
Bernardo Damele
b19de015c5
Minor bugs fixes
2010-03-31 13:52:51 +00:00
Bernardo Damele
0d559d14df
Initial support for SQLite (90% approx).
...
Initial support for Firebird (30% approx).
Initial support for Access (10% approx).
Shared libraries code/installation scripts ported to 64bit, directory structure adapted.
Minor code adjustments.
2010-03-18 17:20:54 +00:00
Bernardo Damele
7f5bc5e3fe
Increased version to 0.9-dev
2010-03-15 11:04:57 +00:00
Bernardo Damele
572b6fd920
sqlmap 0.8 stable!
2010-03-15 01:17:27 +00:00
Bernardo Damele
a654a426ef
Minor adjustments
2010-03-03 16:19:17 +00:00
Bernardo Damele
156fdd96ef
Updated copyright
2010-03-03 15:26:27 +00:00
Bernardo Damele
404927d04a
Adjusted banner, increased release candidate to rc7
2010-02-25 17:34:54 +00:00
Bernardo Damele
dcbbad642d
Minor self fix, switched to rc6
2010-01-28 10:27:47 +00:00
Bernardo Damele
c4215ce8d2
Minor code refactoring
2010-01-14 20:42:45 +00:00
Bernardo Damele
f316e722c1
sqlmap 0.8-rc4: --dump option now can also accept only -C: user can provide a string column and sqlmap will enumerate all databases, tables and columns that contain the 'provided_string' or '%provided_string%' then ask the user to dump the entries of only those columns.
...
--columns now accepts also -C option: user can provide a string column and sqlmap will enumerate all columns of a specific table like '%provided_string%'.
Minor enhancements.
Minor bug fixes.
2010-01-09 00:05:00 +00:00
Bernardo Damele
80df1fdcf9
Minor bug fix with --sql-query/shell when providing a statement with DISTINCT
2010-01-05 16:15:31 +00:00
Bernardo Damele
ce022a3b6e
sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup.
2010-01-02 02:02:12 +00:00
Bernardo Damele
e4e081cdc6
sqlmap 0.8-rc2: minor enhancement based on msfencode 3.3.3-dev -t exe-small so that also PostgreSQL supports again the out-of-band via Metasploit payload stager optionally to shellcode execution in-memory via sys_bineval() UDF. Speed up OOB connect back. Cleanup target file system after --os-pwn too. Minor bug fix to correctly forge file system paths with os.path.join() all around. Minor code refactoring and user's manual update.
2009-12-17 22:04:01 +00:00
Bernardo Damele
89c43893d4
Merged back from personal branch to trunk (svn merge -r846:940 ...)
...
Changes:
* Major enhancement to the Microsoft SQL Server stored procedure
heap-based buffer overflow exploit (--os-bof) to automatically bypass
DEP memory protection.
* Added support for MySQL and PostgreSQL to execute Metasploit shellcode
via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an
option instead of uploading the standalone payload stager executable.
* Added options for MySQL, PostgreSQL and Microsoft SQL Server to
read/add/delete Windows registry keys.
* Added options for MySQL and PostgreSQL to inject custom user-defined
functions.
* Added support for --first and --last so the user now has even more
granularity in what to enumerate in the query output.
* Minor enhancement to save the session by default in
'output/hostname/session' file if -s option is not specified.
* Minor improvement to automatically remove sqlmap created temporary
files from the DBMS underlying file system.
* Minor bugs fixed.
* Major code refactoring.
2009-09-25 23:03:45 +00:00
Bernardo Damele
19c6804ded
Fixed two minor bugs with PostgreSQL reported by Sven Klemm, thanks!
2009-07-29 10:44:24 +00:00
Bernardo Damele
b2b2ec8a26
Preparing to release sqlmap 0.7 stable
2009-07-24 23:20:57 +00:00
Bernardo Damele
b4fd71e8b9
Minor adjustment to reflect Metasploit r6849 ( http://trac.metasploit.com/changeset/6849 ) and minor code refactoring.
2009-07-20 14:36:33 +00:00
Bernardo Damele
cb3d2bac16
Minor improvement so that sqlmap tests also all parameters with no value (ig. par=).
2009-07-09 11:25:35 +00:00
Bernardo Damele
150abc0f1e
sqlmap 0.7-rc3: Reset takeover OOB features (if any of --os-pwn, --os-smbrelay or --os-bof is selected) when running under Windows because msfconsole and msfcli are not supported on the native Windows Ruby interpreter. Correctly handle fcntl to be imported only on systems different from Windows. Minor code refactoring.
2009-06-11 15:01:48 +00:00
Bernardo Damele
16b4530bbe
Minor bug fixes to --os-shell (altought web backdoor functionality still to be reviewed).
...
Minor common library code refactoring.
Code cleanup.
Set back the default User-Agent to sqlmap for comparison algorithm reasons.
Updated THANKS.
2009-04-27 23:05:11 +00:00
Bernardo Damele
5121a4dcba
Send IE7.0 as default User-Agent
2009-04-24 20:13:21 +00:00
Bernardo Damele
8c0ac767f4
Updated to sqlmap 0.7 release candidate 1
2009-04-22 11:48:07 +00:00
Bernardo Damele
2355885712
Minor adjustment
2009-02-09 10:29:07 +00:00
Bernardo Damele
207e96e2b2
Major bug fix in the comparison algorithm to correctly handle also the
...
case that the url is stable and the False response changes the page
content very little.
2009-02-09 10:28:03 +00:00
Bernardo Damele
b12d955274
Updated packaging scripts, site and finalized the documentation to release version 0.6.4
2009-02-03 15:38:40 +00:00
Bernardo Damele
770e000cb4
Fixed another bug on Microsoft SQL Server custom "limited" query reported by Konrads Smelkovs
2009-02-02 23:44:19 +00:00
Bernardo Damele
6054090191
sqlmap 0.6-rc5: major bug fix to make --sql-shell and --sql-query work properly also with mixed case statements (i.e oRDeR bY). Thanks Konrads Smelkovs to notifying.
2009-01-28 14:53:11 +00:00
Bernardo Damele
c25b49e80e
Major bugfix to avoid "IFNULL and CAST" on CASE
2009-01-19 21:27:51 +00:00
Bernardo Damele
5560f0b68a
Updated the copyright
2009-01-12 21:35:38 +00:00
Bernardo Damele
e10ab5aa0e
Major bug fixes
2009-01-10 14:39:27 +00:00
Bernardo Damele
d0604ef513
Major bug fix to correctly handle custom SQL "limited" queries on Oracle
2009-01-03 01:19:04 +00:00
Bernardo Damele
9c42a883be
Major bug fix to make it work properly with MSSQL custom limited (SELECT
...
TOP ...) queries with both inferential blind and Full UNION query
injection
2009-01-02 23:26:45 +00:00
Bernardo Damele
a4d62af2ea
Minor layout adjustments to --union-tech
2008-12-29 18:48:23 +00:00
Bernardo Damele
64bb57d786
Minor bug fix to make the Partial UNION query SQL injection technique
...
work properly also on Oracle and Microsoft SQL Server.
2008-12-22 22:48:44 +00:00
Bernardo Damele
2f406b3e56
Minor adjustments
2008-12-22 00:04:28 +00:00
Bernardo Damele
996a872e51
We are already on sqlmap 0.6.4 release candidate 1..
2008-12-20 13:23:26 +00:00
Bernardo Damele
c18efe5084
Minor adjustments
2008-12-20 13:21:47 +00:00
Bernardo Damele
ad228e6947
Ahead with the improvements to the comparison algorithm.
...
Added support internally to forge CASE statements, used only by
--is-dba query at the moment.
Allow DDL, DML (INSERT, UPDATE, etc.) from user in SQL query and
SQL shell.
Minor code adjustments.
2008-12-19 20:09:46 +00:00
Bernardo Damele
bf2a857b9a
Minor adjustments and minor bug fixes. Documentation almost complete for sqlmap 0.6.3.
2008-12-12 19:06:31 +00:00
Bernardo Damele
9dbad512f1
sqlmap 0.6.3-rc4: minor enhancement to be able to specify extra HTTP headers
...
by providing option --headers. By default Accept, Accept-Language and
Accept-Charset headers are set.
Added support to get the injection payload prefix and postfix from user.
Minor bug fix to exclude image files when parsing (-l) proxies log files.
Minor code adjustments.
Updated documentation.
2008-12-08 21:24:24 +00:00
Bernardo Damele
7f055924a7
sqlmap 0.6.3-rc4:
...
Minor enhancement to be able to specify the number of seconds before
timeout the connection, default is set to 10 seconds.
Minor improvement to retry the HTTP request up to three times in case
an exception is raised during the connection to the target url.
Minor bug fix to correctly catch connection exceptions and notify to
the user also if they occur within a thread.
Minor code restyling.
Updated documentation.
2008-12-04 17:40:03 +00:00
Bernardo Damele
0f07e33e1a
Removed REVISION, makes no sense.
...
Import and use python psyco library to speed up if it's installed: it's optional.
2008-12-03 17:32:16 +00:00
Bernardo Damele
f97585c593
Show also SVN revision in error message when a traceback raises.
...
Fix typo.
2008-12-01 23:49:14 +00:00
Bernardo Damele
dc1f2deb74
Minor bug fix to correctly enumerate columns on Microsoft SQL Server.
...
Minor adjustments to XML signatures.
Updated documentation.
2008-11-25 11:33:44 +00:00
Bernardo Damele
ecc4a98071
Properly moved and improved inject.goStacked() function and newly
...
implemented Time based blind SQL injection now is a single test file
within the lib/techniques/ folder.
Renamed lib/techniques/inference to lib/techniques/blind, it is more
approriate and adapted the rest of the libraries.
Updated ChangeLog file.
2008-11-12 23:44:09 +00:00
Bernardo Damele
9329f8c9c4
Minor enhancement to be able to enumerate table columns and dump table
...
entries also if the database name is not provided by using the current
database on MySQL and MSSQL, the 'public' scheme on PostgreSQL and the
'USERS' TABLESPACE_NAME on Oracle.
Minor bug fix so that when the user provide as SELECT statement to be
processed an asterisk, now it also work if in the FROM there is no
database name specified.
Minor layout adjustments.
2008-11-12 22:53:25 +00:00
Bernardo Damele
81ed7c2086
Initial implementation of support for stacked queries.
...
Added method to test for Time based blind SQL injection query stacking
on the affected parameter a SLEEP() or similar DBMS specific function.
Adapted libraries, plugins and XML with the above changes.
Minor layout adjustments.
2008-11-12 00:36:50 +00:00
Bernardo Damele
0c5d3df546
sqlmap 0.6.3-rc1:
...
* Minor enhancement to be able to specify the number of seconds to wait between each HTTP request.
* Minor bug fix to handle session.error and session.timeout in HTTP requests.
* Updated documentation.
2008-11-09 16:57:47 +00:00
Bernardo Damele
56a5e8d390
Updated sqlmap packaging scripts, site and documentation, almost ready for sqlmap 0.6.2
2008-11-02 20:12:50 +00:00
Bernardo Damele
fc28372596
Added a comment
2008-10-26 16:06:43 +00:00
Bernardo Damele
892a7b2f8a
propsets..
2008-10-15 15:56:32 +00:00
Bernardo Damele
8e3eb45510
After the storm, a restore..
2008-10-15 15:38:22 +00:00