Miroslav Stampar
6bc0b34031
Some more refactoring
2012-07-06 17:28:01 +02:00
Miroslav Stampar
e948e4d45b
Some more refactoring
2012-07-06 17:18:22 +02:00
Miroslav Stampar
1a8ebbfd43
Minor refactoring
2012-07-06 17:05:47 +02:00
Bernardo Damele
373fea03a3
fixed display of TABs
2012-07-06 15:13:23 +01:00
Miroslav Stampar
438a636973
Fix for issue Issue #60
2012-07-06 15:36:32 +02:00
Miroslav Stampar
76f7f907c6
Minor update for Issue #61
2012-07-06 14:33:40 +02:00
Miroslav Stampar
6a05e3fd79
Fix for Issue #61
2012-07-06 14:24:44 +02:00
Miroslav Stampar
1ebff35b19
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2012-07-06 12:25:21 +02:00
Miroslav Stampar
982fcde1c0
Fix for Issue #62
2012-07-06 12:24:55 +02:00
Bernardo Damele
4fa6d51d93
improved issues link
2012-07-05 16:26:50 +01:00
Miroslav Stampar
bc5025b06c
Fix for Issue #59
2012-07-05 12:34:27 +02:00
Miroslav Stampar
c3c1b9e957
Minor restyling
2012-07-04 20:28:18 +02:00
Miroslav Stampar
7ad6697446
Fix for Issue #57
2012-07-04 20:21:44 +02:00
Miroslav Stampar
23fb753759
Finishing work on Issue #52
2012-07-03 22:13:01 +02:00
Miroslav Stampar
40fc6488bf
Fix for Issue #56 (Google has changed few things for retrieving PR)
2012-07-03 21:00:18 +02:00
Miroslav Stampar
bbf41f6658
Removing debugging leftover
2012-07-03 16:50:05 +02:00
Miroslav Stampar
ada627a022
Another update for Issue #52
2012-07-03 16:49:34 +02:00
Miroslav Stampar
70f754f6c5
Making work on Issue #52
2012-07-03 16:34:11 +02:00
Bernardo Damele
793fa464e3
website url fix
2012-07-03 13:14:39 +01:00
Miroslav Stampar
51f35674ca
Removing obsolete switch --version as version is now displayed with every run (Issue #54 )
2012-07-03 13:11:09 +02:00
Miroslav Stampar
481b46a004
Restyling output for Issue #52
2012-07-03 13:06:52 +02:00
Miroslav Stampar
6b419067b7
Another minor update for Issue #54
2012-07-03 12:49:35 +02:00
Miroslav Stampar
8b8677b938
Another minor update for Issue #54
2012-07-03 12:29:42 +02:00
Miroslav Stampar
47b6e696d8
Minor update for Issue #54
2012-07-03 12:21:40 +02:00
Miroslav Stampar
3af1532700
Implementation for Issue #54
2012-07-03 12:09:18 +02:00
Miroslav Stampar
5af6ca58a0
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2012-07-03 00:50:45 +02:00
Miroslav Stampar
168aeadf76
Adding switch --output-dir (Issue #53 )
2012-07-03 00:50:23 +02:00
Bernardo Damele
fd4cfb0cc0
working on #51
2012-07-02 15:28:19 +01:00
Bernardo Damele
7335072ab8
leftover
2012-07-02 15:11:21 +01:00
Bernardo Damele
04d803c7fd
more tweaking for issue #34 , it's totally not as trivial as it may look (OPENROWSET has many limitations on MSSQL >= 2005)
2012-07-02 15:02:00 +01:00
Bernardo Damele
b7d2680e55
minor refactoring, issue #51
2012-07-02 12:50:26 +01:00
Miroslav Stampar
8eefe4b71f
Getting back revision number - displayed like in GitHub commits (Issue #52 )
2012-07-02 13:01:20 +02:00
Bernardo Damele
add8352804
make the runAsDBMSUser() generic and ported to abstraction.py so the same function will be used for PostgreSQL dblink() too
2012-07-02 02:14:03 +01:00
Bernardo Damele
6697927098
initial support for --dbms-cred for MSSQL: can be used to execute OS commands as another DB use - useful if you have retrieved and cracked the 'sa' DBA password by any mean and can provide it to sqlmap
2012-07-02 02:04:19 +01:00
Bernardo Damele
7b4ecd9df0
added skeleton code for issue #34 , still not usable
2012-07-02 00:22:34 +01:00
Bernardo Damele
4736d46677
just in case..
2012-07-02 00:00:46 +01:00
Bernardo Damele
03d2c9c818
placeholder message when --update is provided, remove when the function is updated to pull changes from git
2012-07-01 23:59:44 +01:00
Bernardo Damele
18be319d13
hexencoding the command is much shorter than unescaping with CHAR() for MSSQL, also no need for spaces between nested comments when forging the xp_cmdshell command to run
2012-07-01 23:41:10 +01:00
Bernardo Damele
ff9e97a42c
minor code refactoring
2012-07-01 23:31:45 +01:00
Bernardo Damele
ab412da27f
I am back on stage and here to stay!!! to start.. a removal of confirm switch which masked cases where file write operations failed when set to False automatically, now at least it asks the user and defaults to Yes
2012-07-01 23:25:05 +01:00
Miroslav Stampar
d7cd55fb28
Fix for Issue #47
2012-07-01 11:05:04 +02:00
Miroslav Stampar
21d9ae0a2c
some more refactoring
2012-07-01 01:19:54 +02:00
Miroslav Stampar
f6509db31a
minor refactoring
2012-07-01 00:33:19 +02:00
Miroslav Stampar
32f52cdd04
Another language update for Issue #45
2012-06-29 10:33:54 +02:00
Miroslav Stampar
f0e39c3fae
Language update for Issue #45
2012-06-29 10:33:00 +02:00
Miroslav Stampar
c0f16f0c1a
Fix for Issue #45
2012-06-29 10:31:03 +02:00
Miroslav Stampar
e51d3a02f1
Update for Issue #43 (renamed --disable-cracking to --disable-hash)
2012-06-28 18:53:47 +02:00
Miroslav Stampar
18b596ea75
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2012-06-28 18:48:18 +02:00
Miroslav Stampar
c8bac658f3
Fix for Issue #43
2012-06-28 18:47:55 +02:00
Miroslav Stampar
2a72fcce2b
Fix for Issue #42
2012-06-28 13:55:30 +02:00
jekil
c39e5a85ba
Removed $id$ tags
2012-06-27 20:56:43 +02:00
Miroslav Stampar
01be9381d5
minor update
2012-06-25 16:24:33 +00:00
Miroslav Stampar
6c4bd84d18
minor fix (turning back the functionality of kb.suppressResumeInfo)
2012-06-25 16:19:51 +00:00
Miroslav Stampar
ea5d483c86
session file no more
2012-06-21 11:19:30 +00:00
Miroslav Stampar
ec44e88db8
lots of refactoring regarding removal of already obsolete session file mechanism
2012-06-21 10:09:10 +00:00
Miroslav Stampar
1e67b4f0b9
minor fix
2012-06-20 14:16:26 +00:00
Miroslav Stampar
302d782a0f
minor style update
2012-06-19 08:33:51 +00:00
Miroslav Stampar
452ef202ae
minor fixes
2012-06-17 22:48:23 +00:00
Miroslav Stampar
b9f6943a42
minor update
2012-06-17 21:23:12 +00:00
Miroslav Stampar
e2a60b302f
minor fix
2012-06-17 21:21:45 +00:00
Miroslav Stampar
3da8f86e97
minor fix
2012-06-15 21:01:27 +00:00
Miroslav Stampar
fe49abd45f
minor fix
2012-06-15 20:49:28 +00:00
Miroslav Stampar
06be7bbb18
few just in case fixes (unarrayizeValue in dumpTable entries) and and some refactoring (unique is now not done for every union case but only if detected that there are duplicates in union test)
2012-06-15 20:41:53 +00:00
Miroslav Stampar
76c873a222
minor fix
2012-06-15 06:22:44 +00:00
Miroslav Stampar
76584ff0fa
unhidding --test-filter
2012-06-14 14:36:53 +00:00
Miroslav Stampar
d2dd47fb23
some more refactoring
2012-06-14 13:52:56 +00:00
Miroslav Stampar
facce2c0df
some more cleanup
2012-06-14 13:50:36 +00:00
Miroslav Stampar
d5e80089ff
minor summer cleanup
2012-06-14 13:44:16 +00:00
Miroslav Stampar
3a90105fbb
minor refactoring
2012-06-14 13:38:53 +00:00
Miroslav Stampar
1204eb00b2
minor fix
2012-06-14 12:46:32 +00:00
Miroslav Stampar
19c0efec59
just a minor refactoring
2012-06-14 09:10:28 +00:00
Miroslav Stampar
a51d8c4c79
replacing identifier safe char " with [] enclosing for MsSQL
2012-06-13 15:27:42 +00:00
Miroslav Stampar
367de838c1
minor update
2012-06-13 14:08:32 +00:00
Miroslav Stampar
4ac3794e80
minor update
2012-06-12 14:22:14 +00:00
Miroslav Stampar
d7f698fa14
minor update
2012-06-11 22:01:13 +00:00
Miroslav Stampar
96177393e1
minor update regarding --exact switch
2012-06-10 13:38:12 +00:00
Miroslav Stampar
b85a1fc271
minor fix
2012-06-05 22:55:42 +00:00
Miroslav Stampar
058a9c59a2
fix for a bug noticed in a multi target run (log files weren't saved properly - removed buffering as it didn't produce any noticeable results)
2012-06-05 22:40:55 +00:00
Miroslav Stampar
f94ebe3107
minor fix (credentials were only set for the first target)
2012-06-04 22:30:12 +00:00
Miroslav Stampar
738073105e
minor updates
2012-06-04 19:52:51 +00:00
Miroslav Stampar
7b282b1d6c
adding support for newer SSL protocols
2012-06-04 19:46:28 +00:00
Miroslav Stampar
10b0639a96
making a "--exact" switch on demand (choosing exact identifier names by default instead of LIKE)
2012-06-04 09:24:46 +00:00
Miroslav Stampar
76a4aa19ac
some more fine tunning
2012-05-28 19:50:12 +00:00
Miroslav Stampar
73dba249e8
one more just in case update
2012-05-28 19:34:47 +00:00
Miroslav Stampar
efb406fbfc
minor revert
2012-05-28 19:13:50 +00:00
Miroslav Stampar
f7cba8d2cb
minor update
2012-05-28 18:05:15 +00:00
Miroslav Stampar
a72cb29c1f
taking care of few issues regarding reverse address lookup of localhost/127.0.0.1 at remote DNS server
2012-05-28 16:57:10 +00:00
Miroslav Stampar
190ae4ca13
no need for conf.timeSec value as inference is always evaluated to False in DNS (large random values used for > ...)
2012-05-28 15:10:17 +00:00
Miroslav Stampar
89e90c3d84
revert of last commit
2012-05-28 15:01:56 +00:00
Miroslav Stampar
96c84e6e5b
minor update
2012-05-28 15:00:06 +00:00
Miroslav Stampar
a70a647aeb
few fixes regarding --dns-domain usage (time-based technique should not be used as a failback because of few things, --time-sec should be put to 0 just in case,...)
2012-05-28 14:51:23 +00:00
Miroslav Stampar
b1d82422a0
changing conf.dnsDomain to conf.dName just because of long text problems in help listing
2012-05-28 14:15:04 +00:00
Miroslav Stampar
d2bbfa4aad
minor style update
2012-05-28 14:04:17 +00:00
Miroslav Stampar
226547b7dc
minor fix for --skip-urlencode and custom post
2012-05-28 09:04:25 +00:00
Miroslav Stampar
75dd1d6a2b
minor fix
2012-05-27 21:54:56 +00:00
Miroslav Stampar
e967bbd70f
minor patch
2012-05-27 21:44:42 +00:00
Miroslav Stampar
76eeba10e2
unhiding --dns-domain switch
2012-05-27 18:41:06 +00:00
Miroslav Stampar
fed0212631
now working with recursive queries too
2012-05-27 10:03:02 +00:00
Miroslav Stampar
71ff081fde
minor update
2012-05-27 09:11:19 +00:00
Miroslav Stampar
09f2144485
full page read is not needed in DNS exfiltration mode
2012-05-26 21:28:43 +00:00
Miroslav Stampar
4e6fcce9ca
minor update
2012-05-26 07:04:32 +00:00
Miroslav Stampar
ce077137c9
minor language update
2012-05-26 07:01:37 +00:00
Miroslav Stampar
d335ec0c34
turning back on time auto-adjustment mechanism (if turned off) after a threshold run of valid chars
2012-05-26 07:00:26 +00:00
Miroslav Stampar
00d22f013f
some consistency in variable naming at the file level
2012-05-25 10:08:55 +00:00
Miroslav Stampar
db526bdbc0
minor update (tainted values are not checked any more in multipleTargets mode)
2012-05-25 09:52:17 +00:00
Miroslav Stampar
dc20bff1d0
minor update
2012-05-25 08:30:24 +00:00
Miroslav Stampar
c394610740
adding switch --skip-urlencode to skip URL encoding of POST data
2012-05-24 23:30:33 +00:00
Miroslav Stampar
7657bbeaf9
minor update
2012-05-24 22:32:06 +00:00
Miroslav Stampar
86fdad2bfa
minor update
2012-05-24 22:07:50 +00:00
Miroslav Stampar
eed8d7eb5d
finalizing support for IPv6
2012-05-24 21:55:57 +00:00
Miroslav Stampar
b6d37d766a
minor update regarding IPv6 support
2012-05-24 21:49:20 +00:00
Miroslav Stampar
92286104e3
minor just in case update
2012-05-24 21:39:10 +00:00
Miroslav Stampar
3e9c57d177
minor fix
2012-05-24 21:36:35 +00:00
Miroslav Stampar
be76928293
minor fix
2012-05-24 20:53:01 +00:00
Miroslav Stampar
1e18168cc8
fix for one silent bug and small language update
2012-05-23 16:35:40 +00:00
Miroslav Stampar
2538e2d5b4
fixing an issue with --file-read and ROW() MySQL payload (it's internal caching mechanism prevents error message if FROM part is not unique enough dumping only partial file content); minor refactoring
2012-05-22 09:33:22 +00:00
Miroslav Stampar
2c057d5b3d
minor style update
2012-05-21 22:40:52 +00:00
Miroslav Stampar
bbfa4b6d5d
minor update
2012-05-14 14:38:16 +00:00
Miroslav Stampar
333f8057a5
minor fix (when redirected path has non-ASCII char and conf.url is unicode) and bits along with pieces
2012-05-14 14:06:43 +00:00
Miroslav Stampar
595f69fa2c
minor language update
2012-05-10 18:30:25 +00:00
Miroslav Stampar
35f400b45b
minor language upgrade
2012-05-10 18:25:12 +00:00
Miroslav Stampar
80aedbe284
adding a warning about --tor switch
2012-05-10 18:17:32 +00:00
Miroslav Stampar
b81fe42d4b
turning off null connection on -o when --tor used (not compatible)
2012-05-10 17:50:54 +00:00
Miroslav Stampar
efdd86ddcc
minor just in case patch
2012-05-10 14:22:34 +00:00
Miroslav Stampar
6367f59b98
minor code refactoring
2012-05-10 14:15:17 +00:00
Miroslav Stampar
12d32f58f2
fix for that SOAP reported bug
2012-05-10 13:39:54 +00:00
Miroslav Stampar
1418ae9767
little refactoring of parseUnionPage together with a patch for some special case
2012-05-09 18:47:40 +00:00
Miroslav Stampar
7fb1f3fc70
minor renaming
2012-05-09 18:26:02 +00:00
Miroslav Stampar
11d9859199
making nice code
2012-05-09 18:25:04 +00:00
Miroslav Stampar
b0a8238774
minor fixes
2012-05-09 14:58:16 +00:00
Miroslav Stampar
9fa3619262
minor fix
2012-05-09 14:00:07 +00:00
Miroslav Stampar
56a3431be6
minor update for empty tables (skipping other techniques)
2012-05-09 10:34:21 +00:00
Miroslav Stampar
6177317a17
minor update
2012-05-09 10:06:23 +00:00
Miroslav Stampar
37f2709197
making a generic solution for all "Generic comment"/MsAccess cases (it's the only DBMS which doesn't accept --, hence replacing generic comment with %00 for it)
2012-05-09 09:08:23 +00:00
Miroslav Stampar
fdf61015ad
minor patch
2012-05-09 08:41:05 +00:00
Miroslav Stampar
e419177871
minor update
2012-05-08 17:28:19 +00:00
Miroslav Stampar
deec97dfe3
adding Frontbase to error message regexes
2012-05-08 17:02:58 +00:00
Miroslav Stampar
eccd4da00f
minor fix
2012-05-08 15:03:33 +00:00
Miroslav Stampar
938d9ff23e
doing all the work for the users so they wouldn't strain their little hands
2012-05-08 15:00:23 +00:00
Miroslav Stampar
524dd75ff2
that query variable hasn't been used anywhere (obsolete for some time)
2012-05-08 14:34:40 +00:00
Miroslav Stampar
6af110d631
avoiding --no-cast/--hex warning message before a DBMS is fingerprinted
2012-05-08 14:06:41 +00:00
Miroslav Stampar
64c241fe92
limiting original UNION query results to only 1 result (potentially speeding things up in some cases)
2012-05-08 13:45:53 +00:00
Miroslav Stampar
e00f4a8934
minor cosmetics
2012-05-08 10:50:04 +00:00
Miroslav Stampar
a121339395
automatically writing uncracked hashes to a file for eventual further processing
2012-05-08 10:46:05 +00:00
Miroslav Stampar
80ee687b41
minor beauty patch
2012-05-07 13:51:31 +00:00
Miroslav Stampar
96299d3d5d
minor refactoring
2012-05-03 22:34:18 +00:00
Miroslav Stampar
cc28f6db6b
minor update
2012-05-01 20:43:16 +00:00
Miroslav Stampar
17efeaae7f
causing too much confusion among dummy users
2012-05-01 09:04:11 +00:00
Miroslav Stampar
694b14111f
skipping suffix if comment is used in agent.suffixQuery (and --suffix not explicitly set)
2012-04-27 13:16:51 +00:00
Miroslav Stampar
6f67dc85ee
adding --invalid-bignum (Havij like bignum style for invalidating/negating values); renaming --logical-negate to --invalid-logical
2012-04-25 20:29:07 +00:00
Bernardo Damele
4da03d898e
Added support to create files with a visual basic script - no longer reliant on debug.exe so works on Windows 64-bit too. Fixes #236
2012-04-25 07:40:42 +00:00
Miroslav Stampar
cec432f94d
minor update
2012-04-23 14:43:59 +00:00
Miroslav Stampar
697768c01a
adding --purge-output to be one of mandatory switches
2012-04-23 14:42:24 +00:00
Miroslav Stampar
d57d5e4b2c
minor update
2012-04-23 14:33:36 +00:00
Miroslav Stampar
1eecfb3dce
adding new file related to the last commit
2012-04-23 14:25:16 +00:00
Miroslav Stampar
095b25e1d1
adding option '--purge'
2012-04-23 14:24:23 +00:00
Miroslav Stampar
3532d23933
automatically extending ranges for UNION tests in case where at least one other injection technique is usable (boundaries has been established)
2012-04-23 13:41:36 +00:00
Miroslav Stampar
be2da77bf8
minor update
2012-04-23 10:15:04 +00:00
Miroslav Stampar
21c6b52198
minor fix
2012-04-23 10:11:00 +00:00
Miroslav Stampar
775134639d
minor update
2012-04-20 20:33:15 +00:00
Miroslav Stampar
2b1b4c0742
minor fix
2012-04-18 10:01:04 +00:00
Miroslav Stampar
6ebb621228
adding support for (custom) POST injection (marking injection point with '*' in conf.data)
2012-04-17 14:23:00 +00:00
Miroslav Stampar
efd27d7ade
minor renaming
2012-04-17 08:41:19 +00:00
Miroslav Stampar
601d118c68
reverting back to UNION ALL scheme (UNION is doing another DISTINCT on data causing problems on some column types)
2012-04-15 16:59:03 +00:00
Miroslav Stampar
71b0acc16f
minor fix (checking for full inband should be done with ORIGINAL - more concise)
2012-04-15 16:43:18 +00:00
Miroslav Stampar
5772c52f46
minor refactoring/fix (randQuery is just a part (e.g. abc) of phrase (def 🔤 ghi) - phrase should be searched for, not just randQuery); both phrases should be inside the content for it to be full-inband injectable (...UNION ALL SELECT phrase UNION ALL SELECT phrase2....)
2012-04-15 16:33:47 +00:00
Miroslav Stampar
ae8c70e895
another cosmetics
2012-04-13 15:11:44 +00:00
Miroslav Stampar
d765cdc3a3
minor cosmetics
2012-04-13 15:10:40 +00:00
Miroslav Stampar
54576ab3a6
making a random choice from candidates
2012-04-13 10:54:30 +00:00
Miroslav Stampar
bbbcc95fe5
use it only if page is stable
2012-04-13 10:19:26 +00:00
Miroslav Stampar
052d9455fe
warning user in cases of "User xyz already has more than 'max_user_connections' active connections"
2012-04-12 09:44:54 +00:00
Miroslav Stampar
831f79b851
minor generalization
2012-04-12 09:30:19 +00:00
Miroslav Stampar
c7422546e1
tiny update
2012-04-11 23:01:38 +00:00
Miroslav Stampar
2bad73a981
minor update
2012-04-11 21:48:44 +00:00
Miroslav Stampar
e195de2093
correcting comment on reflective removal function
2012-04-11 21:41:48 +00:00
Miroslav Stampar
b45ae10da4
minor fixes
2012-04-11 21:36:37 +00:00
Miroslav Stampar
627bfc589f
some more updates in reflective removal mechanism
2012-04-11 21:26:00 +00:00
Miroslav Stampar
8b130f6497
minor improvement for reflective values (when missing first part of payload like in error reports)
2012-04-11 15:01:28 +00:00
Miroslav Stampar
01bd5d0ab2
some more updates for reflective mechanism
2012-04-11 10:41:33 +00:00
Miroslav Stampar
2e92d8636e
improvement of reflective mechanism
2012-04-11 08:58:03 +00:00
Miroslav Stampar
60ca44e0cf
minor adjustment
2012-04-11 08:35:09 +00:00
Miroslav Stampar
e33ea7c33a
minor fix
2012-04-10 22:29:39 +00:00
Miroslav Stampar
8541222080
minor update
2012-04-10 22:26:42 +00:00
Miroslav Stampar
9c2f244d47
minor fix
2012-04-10 22:20:53 +00:00
Miroslav Stampar
a82206cec4
minor cosmetics
2012-04-10 21:57:00 +00:00
Miroslav Stampar
119eec3598
improving "boolean detection" by automatic recognition of convenient --string candidate
2012-04-10 21:48:34 +00:00
Miroslav Stampar
8c6eb4faa9
adding support for PgSQL DNS data exfiltration
2012-04-07 14:06:11 +00:00
Miroslav Stampar
b2afa87e48
reading page responses in chunks, trimming unnecessary content (especially for large table dumps in full inband cases)
2012-04-06 08:42:36 +00:00
Miroslav Stampar
2223c884e5
minor refactoring
2012-04-05 12:55:26 +00:00
Miroslav Stampar
02924eb345
minor update
2012-04-04 23:47:06 +00:00
Miroslav Stampar
e0994947e2
minor update
2012-04-04 23:37:50 +00:00
Miroslav Stampar
b1dd03731a
minor cosmetics
2012-04-04 23:34:08 +00:00
Miroslav Stampar
83387d92bb
minor bug fix
2012-04-04 23:32:20 +00:00
Miroslav Stampar
c89a4162e2
bug fix for --dns-domain with --technique=TS
2012-04-04 18:01:39 +00:00
Miroslav Stampar
098c7c06dd
added few comments
2012-04-04 13:24:58 +00:00
Miroslav Stampar
a5b69eaea4
removing unused imports
2012-04-04 13:18:14 +00:00
Bernardo Damele
52796bb4da
revert
2012-04-04 13:02:50 +00:00
Miroslav Stampar
a4b95ab7dd
works against MySQL/Windows
2012-04-04 12:49:45 +00:00
Bernardo Damele
a1d97e9d7b
Add a space after a comment
2012-04-04 12:48:21 +00:00
Bernardo Damele
025c531d22
leftover
2012-04-04 12:44:25 +00:00
Bernardo Damele
c0946ce2c9
Minor refactoring
2012-04-04 12:42:58 +00:00
Bernardo Damele
75d1dab895
more cosmetics
2012-04-04 12:33:16 +00:00
Bernardo Damele
d106fb5184
layout adjustments
2012-04-04 12:27:24 +00:00
Miroslav Stampar
1b2cd44255
proper fix
2012-04-04 10:35:52 +00:00
Miroslav Stampar
7031ef8e00
removing default values for referer and host from higher level/risk options
2012-04-04 10:34:27 +00:00
Miroslav Stampar
5e358b51f9
few fixes related to bug report by Shadow Folder (AttributeError: 'list' object has no attribute 'isdigit')
2012-04-04 09:25:05 +00:00
Miroslav Stampar
5851badff1
minor refactoring
2012-04-03 14:46:09 +00:00
Miroslav Stampar
b0787f193c
getting rid of obsolete getCompiledRegex (in newer versions of Python regexes are already cached)
2012-04-03 14:34:15 +00:00
Miroslav Stampar
556b349be3
minor fix for retrieving non-printable chars in inference and non-multi threading mode
2012-04-03 14:04:07 +00:00
Miroslav Stampar
33bb9c5f19
much cleaner approach in that "flat" representation of retrieved items in union technique
2012-04-03 13:56:11 +00:00
Miroslav Stampar
7fb190f3b1
minor fix
2012-04-03 12:35:19 +00:00
Miroslav Stampar
886aa22efc
minor update
2012-04-03 12:19:37 +00:00
Miroslav Stampar
503988887c
minor update
2012-04-03 10:43:46 +00:00
Miroslav Stampar
78f51fd2e5
minor fix
2012-04-03 10:18:03 +00:00
Miroslav Stampar
2504f4edb8
minor fixes
2012-04-03 10:10:33 +00:00
Miroslav Stampar
e05109812f
minor improvements regarding data retrieval through DNS channel
2012-04-03 09:18:30 +00:00
Miroslav Stampar
5f94987b0f
fix for DNS method for MSSQL
2012-04-02 17:28:18 +00:00
Miroslav Stampar
2c28423cb8
minor update
2012-04-02 14:57:15 +00:00
Miroslav Stampar
8a9d09f79b
minor fixes
2012-04-02 14:11:23 +00:00
Miroslav Stampar
1cd3c3f7af
further update of DNS data retrieval mechanism through SQLi
2012-04-02 14:05:30 +00:00
Miroslav Stampar
1e01203562
few just in case "patches"
2012-04-02 12:58:10 +00:00
Miroslav Stampar
d908d078dd
minor fix
2012-04-02 12:27:30 +00:00
Miroslav Stampar
abffc39929
minor update regarding DNS data retrieval task
2012-04-02 12:22:40 +00:00
Miroslav Stampar
f7a664b120
enablind DNS server for DNS data exfiltration
2012-03-31 12:08:27 +00:00
Miroslav Stampar
8be9cd4ac4
bug fix (on Linux machine when os.geteuid() returns an integer value !=0 it was then returned and interpreted as TRUE value)
2012-03-31 10:22:50 +00:00
Miroslav Stampar
429b8396e9
minor update for DNSServer support
2012-03-30 13:20:29 +00:00
Miroslav Stampar
56638f9e95
making --no-cast unhidden and renaming --negative-logic to --logical-negate to prevent confusion with stuff used in OR boolean based injection
2012-03-30 10:50:01 +00:00
Miroslav Stampar
79c3d6f2aa
minor update
2012-03-30 10:37:46 +00:00
Miroslav Stampar
6acf6b193a
minor update regarding boolean logic comparison mechanism
2012-03-30 09:42:58 +00:00
Miroslav Stampar
5469186540
minor comment update
2012-03-29 14:35:47 +00:00
Miroslav Stampar
637a8d8273
improvement toward proper implementation of OR-based injection by usage of "negative logic" mechanism
2012-03-29 14:33:27 +00:00
Miroslav Stampar
ce4c697bbd
disabling "negative logic" as it's not half done (it was "luckily" working for --string/--regex/--code but it was a sheer luck); removing "dirty fix" from checks.py; proof that this was not ready for the release is that there was not check for negative logic anywhere for anything more then --string/--regex/--code
2012-03-29 13:39:12 +00:00
Miroslav Stampar
772ead8d03
fixed support for error-based injection on MySQL 4.1 (help table a needs more than 2 items inside); also, fixed some border issues with reflective values
2012-03-29 12:44:20 +00:00
Miroslav Stampar
c9cac957bb
adding one more case for false positive check (Generic tests without any DBMS knowledge)
2012-03-29 09:56:09 +00:00
Miroslav Stampar
60146481af
bug fix(es) (flags were used in place of count parameter in re.sub() calls)
2012-03-28 19:33:00 +00:00
Miroslav Stampar
9433bbe26d
memory optimization for reflective removal mechanism (there was no need for \n\r in the first place as there was no re.S flag used - also, one re.sub "flags <-> count" bug fixed)
2012-03-28 19:27:12 +00:00
Miroslav Stampar
7d131d1fb1
minor update
2012-03-28 13:46:31 +00:00
Miroslav Stampar
7fd64df167
minor code cleaning
2012-03-28 13:31:07 +00:00
Miroslav Stampar
769b0d0ae7
more minor updates regarding data retrieval through DNS channel
2012-03-27 19:29:24 +00:00
Miroslav Stampar
1b072f6415
laying foundation for DNS based data retrieval
2012-03-27 18:59:12 +00:00
Miroslav Stampar
3abcd6910a
strange combination of "Set-Cookie" and interleaved pattern of True/False like responses can result in bypassing of the ABAB test
2012-03-22 00:06:50 +00:00
Miroslav Stampar
e88687b1f0
revert of last commit (it would be faster for sure, but not sure if it's clever to do it by default regarding SQLi detection)
2012-03-21 23:15:59 +00:00
Miroslav Stampar
524c1d38ad
making default redirect choice to NO (making fewer requests by default and in lots of cases clearer pages for comparison - original page vs redirect message)
2012-03-21 23:03:57 +00:00
Miroslav Stampar
11132ba993
fix for a bug in reflection removal mechanism
2012-03-19 14:28:18 +00:00
Miroslav Stampar
8e7d360ea2
cleaner refactoring regarding last commit
2012-03-19 12:03:25 +00:00
Miroslav Stampar
401763b6f8
minor fix (it has to be level 1 array like it was with the previous re.findall mechanism)
2012-03-19 12:00:22 +00:00
Miroslav Stampar
037db9b3b8
minor removal of older stuff
2012-03-19 09:38:27 +00:00
Miroslav Stampar
da7f4eeffd
removing left over
2012-03-18 17:33:14 +00:00
Miroslav Stampar
0fc4288a7c
modifying redirection code for only two choices
2012-03-18 17:27:08 +00:00
Bernardo Damele
c03d0e24fb
it must stay as is
2012-03-16 17:42:00 +00:00
Bernardo Damele
3505503a08
no need to return here
2012-03-16 17:30:16 +00:00
Bernardo Damele
942d9e4fa8
code cleanup
2012-03-16 17:27:24 +00:00
Bernardo Damele
a1c943fc79
Major bug fix to comparison algorithm with OR based boolean-based injections
2012-03-16 17:22:55 +00:00
Miroslav Stampar
d66056fe39
one more related commit
2012-03-16 13:16:53 +00:00
Miroslav Stampar
ac02a2d92c
minor fix
2012-03-16 13:14:14 +00:00
Miroslav Stampar
cbdcbdd786
minor minor update
2012-03-16 11:18:18 +00:00
Miroslav Stampar
b130a9e14e
minor fix (writing to HashDB on any interrupt)
2012-03-16 10:15:43 +00:00
Miroslav Stampar
577caac4de
putting kb.negativeLogic setting to the safe place
2012-03-16 09:17:11 +00:00
Miroslav Stampar
209e795369
minor just in case update
2012-03-16 09:02:17 +00:00
Miroslav Stampar
adb5fff6b2
one more update related to the redirection mechanism
2012-03-15 20:17:40 +00:00
Miroslav Stampar
7d313ac911
few more fixes for proper redirecting mechanism
2012-03-15 19:47:59 +00:00
Bernardo Damele
86c4650058
Minor bug fix - revert
2012-03-15 17:12:24 +00:00
Bernardo Damele
cc15373769
More explicit function name also getRatioValue parameter has nothing to do with comparison at this stage as far as I can see (that might have fixed another "bug", to be checked later)
2012-03-15 16:29:28 +00:00
Bernardo Damele
4520744b4d
second step toward negative logic support (ported to detection phase too) - works well with --string, --regexp and --code now
2012-03-15 16:25:26 +00:00
Miroslav Stampar
ddd92476a8
minor fix
2012-03-15 15:58:25 +00:00
Miroslav Stampar
19beb912fa
first step toward negative logic support
2012-03-15 15:52:12 +00:00
Miroslav Stampar
8dd570057b
minor fix (double traffic log for -t in case of HTTP error)
2012-03-15 14:51:16 +00:00
Miroslav Stampar
f7df755f37
minor update
2012-03-15 12:55:22 +00:00
Miroslav Stampar
3d39c6cb3b
some fixes here and there
2012-03-15 12:14:50 +00:00
Miroslav Stampar
3d9b1599d1
minor update
2012-03-15 11:45:32 +00:00
Miroslav Stampar
91f1d6141f
minor fix
2012-03-15 11:24:55 +00:00
Miroslav Stampar
a8c9a47092
redirect logic rewritten from scratch
2012-03-15 11:10:58 +00:00
Bernardo Damele
890bf708bc
Minor fixes to make --os-* switch work again against MySQL/Windows/ASP.NET (where stacked queries are supported)
2012-03-15 00:19:57 +00:00
Bernardo Damele
1e71b24dca
More info messages to prove xp_cmdshell (and temporary directory choosen) worked
2012-03-14 22:41:53 +00:00
Miroslav Stampar
52a8b25ff4
minor fix
2012-03-14 14:31:41 +00:00
Miroslav Stampar
ca0d068575
distinguishing NULL from BLANK
2012-03-14 13:52:23 +00:00
Miroslav Stampar
e38b59a2ae
minor update
2012-03-14 13:16:49 +00:00
Miroslav Stampar
cee9ff7885
proper parsing of content in partial union technique
2012-03-14 11:23:30 +00:00
Miroslav Stampar
61ad3b999a
fix for a crash with partial union and --hex
2012-03-14 10:31:24 +00:00
Miroslav Stampar
a7fbc55748
grammar fix
2012-03-13 22:03:23 +00:00
Miroslav Stampar
edfcddd3c3
minor fix for logging only cookies used by request (e.g. --load-cookies case)
2012-03-13 10:58:15 +00:00
Miroslav Stampar
34b0935cb3
refactoring "echo 1" quick test for xp_cmdshell console output
2012-03-13 10:36:49 +00:00
Miroslav Stampar
e827f41cdb
using pickle HIGHEST_PROTOCOL just in case
2012-03-13 09:35:37 +00:00
Miroslav Stampar
e6c610abab
minor fix
2012-03-13 09:14:56 +00:00
Miroslav Stampar
cda8815634
introducing safe deprecation mechanism for HashDB versioning
2012-03-12 22:55:57 +00:00
Miroslav Stampar
48bcde478e
more general update
2012-03-12 15:29:55 +00:00
Miroslav Stampar
1d0c8a7f44
minor update
2012-03-12 15:19:02 +00:00
Miroslav Stampar
6ed1b04bbe
minor update
2012-03-12 13:27:07 +00:00
Miroslav Stampar
c878dd3e5a
doing a dummy test for --os-shell in case of xp_cmdshell
2012-03-09 14:21:41 +00:00
Miroslav Stampar
a0b46963cb
minor fix for some special "unusable" cases (seen on Access/ODBC/Linux setup)
2012-03-09 10:28:19 +00:00
Miroslav Stampar
5a83f1c5f7
minor update
2012-03-08 15:43:22 +00:00
Bernardo Damele
c79807f5fb
Minor layout adjustments
2012-03-08 15:11:24 +00:00
Miroslav Stampar
775e424bf2
bug fix for using --no-cast and --hex switches together
2012-03-08 15:04:52 +00:00
Miroslav Stampar
11c7cc5224
minor temporary fix
2012-03-08 11:08:43 +00:00
Miroslav Stampar
98a3e43f53
bug fix for writing raw pickled data into SQLite HashDB
2012-03-08 10:57:47 +00:00
Miroslav Stampar
cd28eb6544
minor update regarding --load-cookies
2012-03-08 10:19:34 +00:00
Miroslav Stampar
2c87d061e9
minor update
2012-03-08 10:03:59 +00:00
Miroslav Stampar
9ca8bc4d51
minor bug fix
2012-03-08 09:52:33 +00:00
Miroslav Stampar
b4cf8b05b3
added switch --load-cookies
2012-03-07 14:48:45 +00:00
Miroslav Stampar
4cfea96471
minor update
2012-03-05 09:56:48 +00:00
Miroslav Stampar
0ead1fd87e
minor update
2012-03-05 09:42:52 +00:00
Miroslav Stampar
ac5a752b12
Oracle's XMLType doesn't like '#' char too
2012-03-01 11:59:37 +00:00
Miroslav Stampar
f4e410db16
minor fix
2012-03-01 10:17:39 +00:00
Miroslav Stampar
1ec56f93ec
minor update
2012-03-01 10:10:19 +00:00
Miroslav Stampar
2d3c12d2d0
shorter single line info
2012-03-01 09:10:24 +00:00
Miroslav Stampar
37db27b720
turning back on automatic adjusting of delays in time based queries
2012-02-29 15:51:23 +00:00
Miroslav Stampar
0205d96d7b
minor fix
2012-02-29 15:38:01 +00:00
Miroslav Stampar
1bdc07c279
minor update
2012-02-29 15:02:24 +00:00
Miroslav Stampar
8b9c5c66cc
code refactoring regarding charsetType inside inference/bisection
2012-02-29 14:36:23 +00:00
Miroslav Stampar
f6f98f1b41
minor improvement
2012-02-29 14:19:59 +00:00
Miroslav Stampar
d06182347f
fixing few potential problems
2012-02-29 13:56:40 +00:00
Miroslav Stampar
f142c0f782
minor update
2012-02-28 14:04:13 +00:00
Miroslav Stampar
22b3fa0749
minor update
2012-02-27 15:28:36 +00:00
Miroslav Stampar
a9bf0297f6
moving injection data to HashDB
2012-02-27 13:44:07 +00:00
Miroslav Stampar
68e08d2749
minor fix for not displaying 'None' but None in enumeration when data unavailable
2012-02-27 13:15:10 +00:00
Miroslav Stampar
a424de3102
minor fix
2012-02-27 12:55:28 +00:00
Miroslav Stampar
1e82405bb9
HashDB is now supported in -d too
2012-02-27 12:14:01 +00:00
Miroslav Stampar
3909658fc2
few minor just in case updates
2012-02-27 11:15:53 +00:00
Miroslav Stampar
85125018a1
minor bug fix
2012-02-25 22:54:32 +00:00
Miroslav Stampar
5d307cf886
minor update
2012-02-25 10:54:39 +00:00
Miroslav Stampar
06ab3fa134
minor update
2012-02-25 10:53:38 +00:00
Miroslav Stampar
74b19a0386
minor update
2012-02-25 10:43:10 +00:00
Miroslav Stampar
5b67af3b20
minor update
2012-02-24 15:03:39 +00:00
Miroslav Stampar
8a203ef79d
making session data strictly dependent on url through HashDB helper functions
2012-02-24 14:58:24 +00:00
Miroslav Stampar
c36cbbb3ae
minor fix
2012-02-24 14:54:10 +00:00
Miroslav Stampar
9d6fd2e507
bug fix for --schema --technique=BST
2012-02-24 14:12:19 +00:00
Miroslav Stampar
f94b91ad87
added helper function for HashDB data storing/retrieval
2012-02-24 13:07:20 +00:00
Miroslav Stampar
b481c0352f
minor update
2012-02-24 11:25:56 +00:00
Miroslav Stampar
1f6ce265b9
minor fix
2012-02-24 11:05:04 +00:00
Miroslav Stampar
5afbd52b61
more update related to last commits
2012-02-24 10:57:23 +00:00
Miroslav Stampar
570d3a19c2
more general fix
2012-02-24 10:53:28 +00:00
Miroslav Stampar
e8352e504f
fixing problems with chars deletition by logging messages in inference mode
2012-02-24 10:48:19 +00:00
Miroslav Stampar
71028a81f5
fix for proper retrieval of columns in SQLite
2012-02-24 09:55:13 +00:00
Miroslav Stampar
7941504c3a
minor update
2012-02-23 15:32:36 +00:00
Miroslav Stampar
0478e4166a
minor justin case fix
2012-02-23 15:19:20 +00:00
Miroslav Stampar
086c3a3662
minor fix
2012-02-23 13:31:50 +00:00
Miroslav Stampar
6e54cb171f
minor code restyling
2012-02-22 15:53:36 +00:00
Miroslav Stampar
61a25418a9
minor update
2012-02-22 10:45:10 +00:00
Miroslav Stampar
b3bd4144f5
removing of unused imports together with some general code refactoring
2012-02-22 10:40:11 +00:00
Miroslav Stampar
386e98a0e3
using UNION SELECT for where=..NEGATIVE
2012-02-22 09:41:58 +00:00
Miroslav Stampar
c9d570c83b
minor update
2012-02-21 13:49:30 +00:00
Miroslav Stampar
686eacda9a
minor update regarding --hex
2012-02-21 13:38:18 +00:00
Miroslav Stampar
bcf3255fe1
implementation of switch --hex for 4 major DBMSes
2012-02-21 11:44:48 +00:00
Miroslav Stampar
3e4db6d140
minor fix for Python v2.6
2012-02-20 19:35:57 +00:00
Miroslav Stampar
bc4dd7c0dd
fix for -g
2012-02-20 10:02:19 +00:00
Bernardo Damele
121148f27f
There was no point relying on a support table (sqlmapoutput) to get the stdout of executed OS commands when using direct connection (-d) and it saves also number of requests.
...
Also, BULK INSERT apparently does not work on MSSQL when running as Network Service (at least on Windows XP) so one more reason to avoid using support table.
Minor fix also to threat MSSQL's EXEC statements as SELECT ones
2012-02-17 15:54:49 +00:00
Miroslav Stampar
aee269cc14
gazillion changes, nothing will work, muhahaha
2012-02-17 14:22:48 +00:00
Miroslav Stampar
dcf7277a0f
some more refactorings
2012-02-16 14:42:28 +00:00
Miroslav Stampar
6632aa7308
some more refactoring
2012-02-16 13:46:01 +00:00
Miroslav Stampar
844fc8addb
minor cleanup
2012-02-16 10:19:36 +00:00
Miroslav Stampar
0e23521adc
some more refactoring
2012-02-16 09:54:29 +00:00
Miroslav Stampar
e1f86c97c4
minor refactoring
2012-02-16 09:46:41 +00:00
Miroslav Stampar
bcf9fc6c6f
minor refactoring
2012-02-16 09:32:47 +00:00
Miroslav Stampar
8d7912ad34
minor update and refactoring
2012-02-15 14:05:50 +00:00
Miroslav Stampar
bf923a97df
minor update
2012-02-15 13:45:10 +00:00
Miroslav Stampar
122db6e164
minor update
2012-02-15 13:24:02 +00:00
Miroslav Stampar
9059d30312
adding first code example for SPL snippets
2012-02-15 13:17:01 +00:00
Miroslav Stampar
edeb4b6113
bug fix for --os-shell on Windows (echo ... > requires double quotes if the piped filename contains whitespace, otherwise doesn't hurt)
2012-02-15 11:14:01 +00:00
Miroslav Stampar
35fa214a1e
minor update (it was working before too, but this is cleaner)
2012-02-15 10:14:29 +00:00
Bernardo Damele
1c44d6d3c7
Fixed annoying bug that prevented proper checkBooleanExpression() function to work with direct connection (-d). Now DBMS fingerprint should work properly with -d
2012-02-14 17:29:00 +00:00
Miroslav Stampar
23cc8b6974
minor fix for special cases when parameter value contains html encoded characters
2012-02-14 14:08:10 +00:00
Miroslav Stampar
c1ab02494c
minor grammar and cosmetics
2012-02-14 13:18:37 +00:00
Miroslav Stampar
bb5113980b
minor update
2012-02-14 10:27:56 +00:00
Miroslav Stampar
3f15c52188
minor change in workflow for "tainted" parameter values
2012-02-14 09:26:52 +00:00
Miroslav Stampar
2604e73d88
minor change in workflow
2012-02-13 11:18:47 +00:00
Miroslav Stampar
96f589fc89
minor fix
2012-02-12 19:22:33 +00:00
Miroslav Stampar
8a2bd3897d
minor output fix
2012-02-12 19:11:54 +00:00
Miroslav Stampar
c1368053e5
minor fix
2012-02-12 18:46:25 +00:00
Miroslav Stampar
249cb48b0b
minor fix
2012-02-10 15:59:11 +00:00
Miroslav Stampar
6be95194a7
matter of concision
2012-02-10 15:37:43 +00:00
Miroslav Stampar
eab7a54e03
cosmetics
2012-02-10 15:34:04 +00:00
Miroslav Stampar
92590d0d59
minor fix
2012-02-10 15:26:55 +00:00
Miroslav Stampar
e36e9de57e
minor update by request
2012-02-10 15:12:23 +00:00
Miroslav Stampar
b140ef4a14
minor update (preparing for switching to HashDB from old sessionFile)
2012-02-10 10:24:48 +00:00
Miroslav Stampar
980367b7b2
minor update
2012-02-09 09:48:47 +00:00
Miroslav Stampar
7e9e582eca
minor update
2012-02-08 14:23:57 +00:00
Miroslav Stampar
2662fe84f7
minor update
2012-02-08 12:02:50 +00:00
Miroslav Stampar
85a4ef6593
minor update
2012-02-08 12:00:03 +00:00
Miroslav Stampar
93d7d6c355
minor patch
2012-02-08 10:38:58 +00:00
Miroslav Stampar
6bedb80ffa
adding --force-ssl switch (most useful in combination with -r)
2012-02-08 09:11:57 +00:00
Miroslav Stampar
e50d64546f
minor fix
2012-02-07 14:57:48 +00:00
Miroslav Stampar
2b05ded9c3
just a makeup
2012-02-07 12:05:23 +00:00
Miroslav Stampar
b4f4a982e4
minor update
2012-02-07 11:37:54 +00:00
Miroslav Stampar
11af0b1bbc
minor fix
2012-02-07 11:16:03 +00:00
Miroslav Stampar
f7bf1fbe94
upgrade/fixes for direct DBMS access
2012-02-07 10:46:55 +00:00
Miroslav Stampar
af71e3c563
minor update
2012-02-06 09:48:44 +00:00
Miroslav Stampar
8c45ff0d57
bug fix
2012-02-03 10:38:04 +00:00
Bernardo Damele
c0f4b4632d
Minor fix
2012-02-02 12:55:39 +00:00
Miroslav Stampar
a7970d094a
minor update
2012-02-01 15:10:06 +00:00
Miroslav Stampar
e56309f3b1
minor makeup update
2012-02-01 15:04:56 +00:00
Miroslav Stampar
8405ef59ac
some estetic updates
2012-02-01 14:49:42 +00:00
Miroslav Stampar
f4e7bf1d51
minor update regarding support for Unicode characters in Oracle
2012-02-01 14:17:27 +00:00
Miroslav Stampar
df43157284
minor patch
2012-02-01 12:28:06 +00:00
Miroslav Stampar
2ee198a381
minor "patch"
2012-02-01 11:00:01 +00:00
Miroslav Stampar
2589521ecf
fix of a wrong assumption (e.g. decodeIntToUnicode(12345) has been returning a "09" instead of a single unicode character)
2012-02-01 10:38:43 +00:00
Miroslav Stampar
4d9dcbf5db
minor fix
2012-02-01 10:14:23 +00:00
Miroslav Stampar
46f42f2fe4
minor fix
2012-01-30 13:10:35 +00:00
Miroslav Stampar
f2857e38ba
minor update
2012-01-30 10:19:03 +00:00
Miroslav Stampar
594579bef4
fix for a bug regarding --cookie and --crawl
2012-01-30 09:17:22 +00:00
Miroslav Stampar
2094c715db
minor update
2012-01-23 09:44:17 +00:00
Miroslav Stampar
9e5cf70a5a
minor fix
2012-01-20 11:13:25 +00:00
Miroslav Stampar
9eee6c252d
minor update for --scope
2012-01-16 10:28:21 +00:00
Miroslav Stampar
527ce070a3
minor fix
2012-01-16 10:04:18 +00:00
Miroslav Stampar
b2dad63000
some more refactoring
2012-01-13 22:00:34 +00:00
Miroslav Stampar
e5fe029a78
minor beautification
2012-01-13 21:03:50 +00:00
Miroslav Stampar
6634c4ac20
minor update
2012-01-13 21:01:58 +00:00
Miroslav Stampar
23117e72ca
minor improvement
2012-01-13 20:56:06 +00:00
Bernardo Damele
0043336620
Minor fix and removed leftover debug message
2012-01-13 17:04:59 +00:00
Bernardo Damele
e59ace5409
minor bug fix
2012-01-13 16:57:45 +00:00
Bernardo Damele
b03f91437b
Minor code refactoring
2012-01-13 16:49:52 +00:00
Miroslav Stampar
337973df77
reverting last 2 commits (better solution was the original one)
2012-01-13 15:58:47 +00:00
Miroslav Stampar
1f53ff0633
minor update regarding last commit
2012-01-13 15:56:50 +00:00
Miroslav Stampar
ff96c537a9
minor update for multithreaded mode
2012-01-13 15:50:38 +00:00
Bernardo Damele
7e560eec1f
Minor fix
2012-01-13 12:54:45 +00:00
Miroslav Stampar
dd295bbd4a
minor update regarding -d and time based injections
2012-01-13 12:45:02 +00:00
Miroslav Stampar
04686b83e3
minor update
2012-01-13 11:16:26 +00:00
Miroslav Stampar
305371b7a9
minor update
2012-01-12 14:58:23 +00:00
Miroslav Stampar
95f89ab63a
updating copyright date
2012-01-11 14:59:46 +00:00
Miroslav Stampar
1d0b43b1a2
implemented mechanism for merging cookies by request
2012-01-11 14:28:08 +00:00
Miroslav Stampar
ff52931140
some refactoring (skipping duplicate messages in case that UNION/ERROR techniques failed and BOOLEAN/TIMED/STACKED are not available)
2012-01-07 19:30:35 +00:00
Miroslav Stampar
18930539cd
more concise language
2012-01-07 17:45:45 +00:00
Miroslav Stampar
2b5e429dc2
one more level of defense against user himself
2012-01-07 17:16:14 +00:00
Miroslav Stampar
a675c88894
minor check added for invalid urls (e.g. deliberately too long)
2012-01-07 16:06:18 +00:00
Miroslav Stampar
164c8a4020
better message in case of update error
2012-01-07 15:47:38 +00:00
Miroslav Stampar
5a8fc44119
minor update
2012-01-07 15:26:54 +00:00
Miroslav Stampar
3f4afdf251
minor fix (crashing if no : in value)
2012-01-07 14:54:56 +00:00
Miroslav Stampar
759465bde5
minor fix
2012-01-06 00:06:38 +00:00
Miroslav Stampar
40398f358c
minor update
2012-01-05 14:55:23 +00:00
Miroslav Stampar
1f085a0241
now [SLEEPTIME] is changeable properly in vivo
2012-01-05 14:45:05 +00:00
Miroslav Stampar
9d50c806e1
bug fix
2012-01-05 10:55:58 +00:00
Miroslav Stampar
804629832d
minor fix
2012-01-05 10:24:27 +00:00
Miroslav Stampar
ea87c89c25
minor fix
2012-01-03 23:44:56 +00:00
Miroslav Stampar
13f2afbbc9
minor fix
2012-01-03 17:28:50 +00:00
Miroslav Stampar
40991a5d52
minor fix
2011-12-31 01:03:54 +00:00
Miroslav Stampar
94d43a4135
minor bug fix
2011-12-30 14:20:06 +00:00
Miroslav Stampar
63bc4ce116
minor patch
2011-12-30 14:11:02 +00:00
Miroslav Stampar
29f502fe29
some refactoring
2011-12-28 16:27:17 +00:00
Miroslav Stampar
37d78ffe01
minor optimization
2011-12-28 15:59:30 +00:00
Miroslav Stampar
22c3fe49bb
some refactoring
2011-12-28 13:50:03 +00:00
Miroslav Stampar
dda979a15a
minor refactoring
2011-12-27 12:31:29 +00:00
Miroslav Stampar
0a6334db22
minor speedup
2011-12-27 11:41:57 +00:00
Miroslav Stampar
b02363b1aa
minor update
2011-12-27 11:25:40 +00:00
Miroslav Stampar
068ff92dc4
optimizing a bit pyDes module used in Oracle hash cracking
2011-12-26 15:33:49 +00:00
Miroslav Stampar
08071f42d0
minor update
2011-12-26 14:31:59 +00:00
Miroslav Stampar
366e86c560
minor "patch"
2011-12-26 14:08:25 +00:00
Miroslav Stampar
c20546dcaa
minor refactoring
2011-12-26 12:24:39 +00:00
Miroslav Stampar
b71a81041d
implemented --tor-port by request
2011-12-23 10:57:09 +00:00
Miroslav Stampar
89d2c7c042
minor update
2011-12-22 20:54:20 +00:00
Miroslav Stampar
abb401879c
minor update
2011-12-22 20:42:57 +00:00
Miroslav Stampar
087e29d272
minor update
2011-12-22 20:14:56 +00:00
Miroslav Stampar
8a7b0406c8
minor optimization
2011-12-22 20:08:28 +00:00
Miroslav Stampar
094129a656
minor optimization
2011-12-22 15:42:21 +00:00
Miroslav Stampar
8585107e3d
minor update
2011-12-22 12:21:30 +00:00
Miroslav Stampar
f622995a29
compatibility with partial union and error technique resumed data
2011-12-22 12:20:21 +00:00
Miroslav Stampar
58a4a02b7e
minor fix
2011-12-22 11:56:42 +00:00
Miroslav Stampar
6f8d8a15aa
minor update
2011-12-22 11:55:02 +00:00
Miroslav Stampar
9f68e54fff
minor cleanup
2011-12-22 10:59:28 +00:00
Miroslav Stampar
aaa29d1f24
minor fix
2011-12-22 10:51:41 +00:00
Miroslav Stampar
4a1a0773b7
speedup of UNION dumping
2011-12-22 10:44:14 +00:00
Miroslav Stampar
1ae413a206
some refactoring/speedup around UNION technique
2011-12-22 10:32:21 +00:00
Miroslav Stampar
b77e2042f2
some optimization
2011-12-21 23:23:00 +00:00
Miroslav Stampar
a6310c0b21
minor update
2011-12-21 23:04:36 +00:00
Miroslav Stampar
526aacb640
code cleanup
2011-12-21 22:59:23 +00:00
Miroslav Stampar
41ccf88990
some more refactoring
2011-12-21 22:09:21 +00:00
Miroslav Stampar
0a039d84e0
some more refactoring
2011-12-21 19:40:42 +00:00
Miroslav Stampar
41b60b26fc
minor refactoring
2011-12-21 14:25:39 +00:00
Miroslav Stampar
81bd9a201b
minor refactoring
2011-12-21 11:50:49 +00:00
Miroslav Stampar
113ebf5e9d
minor update
2011-12-20 16:08:17 +00:00
Miroslav Stampar
8bfff4a28e
minor update
2011-12-20 15:01:27 +00:00
Miroslav Stampar
d3a428c9c8
minor bug fix regarding dumping tables with safe quotes
2011-12-20 13:17:24 +00:00
Miroslav Stampar
95cd9e2af3
adding support for scanning Host header values (-p host)
2011-12-20 12:52:41 +00:00
Miroslav Stampar
bdc724cb46
minor bug fix
2011-12-20 10:34:28 +00:00
Miroslav Stampar
1b16b5e0f1
minor fix
2011-12-20 09:10:44 +00:00
Miroslav Stampar
dcf842692b
minor fix
2011-12-16 12:34:26 +00:00
Miroslav Stampar
c57941c102
minor beautification
2011-12-15 23:33:44 +00:00
Miroslav Stampar
27d244b326
minor update
2011-12-15 23:29:11 +00:00
Miroslav Stampar
563c0c1066
adding switch --tor-type
2011-12-15 23:19:55 +00:00
Miroslav Stampar
316e27a809
minor update
2011-12-15 10:19:31 +00:00
Miroslav Stampar
c98f5f6f94
minor fix
2011-12-15 09:28:58 +00:00
Miroslav Stampar
8793fbc9f5
minor update
2011-12-14 12:59:25 +00:00
Miroslav Stampar
1fd1ec22a1
minor fix
2011-12-14 12:03:21 +00:00
Miroslav Stampar
e6820ebbd2
minor update
2011-12-14 10:26:03 +00:00
Miroslav Stampar
364113441b
adding (for now) hidden switch --tor-http (utilizing Tor proxy bundles)
2011-12-14 10:19:45 +00:00
Miroslav Stampar
73a500833d
minor bug fix
2011-12-12 14:38:06 +00:00
Miroslav Stampar
25cde9e2c7
minor fixes
2011-12-12 09:45:40 +00:00
Bernardo Damele
8fe72d87a8
minor bug fix for mysql -d --file-read
2011-12-06 10:57:23 +00:00
Miroslav Stampar
0f5d48ff20
minor update
2011-12-05 09:25:56 +00:00
Miroslav Stampar
a8a5e61ee1
minor update
2011-12-05 00:06:32 +00:00
Miroslav Stampar
9bc735963b
update of redirection mechanism (now 3-state - redirected, original and "ignored" (containing redirection message itself))
2011-12-04 22:42:19 +00:00
Miroslav Stampar
ec895c3d1a
revert of last commit
2011-12-04 16:37:18 +00:00
Miroslav Stampar
393843bf87
it seems that SOCKS4 is safer solution for TOR socks access
2011-12-04 16:23:08 +00:00
Miroslav Stampar
5f7dbec41f
minor patch
2011-12-03 12:11:46 +00:00
Miroslav Stampar
b9ae28dd5e
minor beautification
2011-12-02 14:11:43 +00:00
Miroslav Stampar
b03a5e8928
people don't know what's "standard deviation" and they are wrongly connecting it's value in seconds to the --time-sec value
2011-12-01 13:30:47 +00:00
Miroslav Stampar
32ab7171ea
minor update
2011-12-01 10:07:39 +00:00
Miroslav Stampar
9975ff8d17
minor update
2011-11-30 19:26:03 +00:00
Miroslav Stampar
f1dfa5c860
minor update
2011-11-30 17:44:34 +00:00
Miroslav Stampar
71c46f50aa
adding option --csv-del
2011-11-30 17:39:41 +00:00
Miroslav Stampar
02bd9a54f3
minor update
2011-11-30 17:19:21 +00:00
Miroslav Stampar
872a73f631
minor refactoring
2011-11-29 19:17:07 +00:00
Miroslav Stampar
3cd8f47686
minor bug fix
2011-11-29 17:17:06 +00:00
Miroslav Stampar
2842c13d75
minor update
2011-11-29 16:59:06 +00:00
Miroslav Stampar
d958c2fe48
minor fix
2011-11-28 11:21:39 +00:00
Miroslav Stampar
885b432808
minor update
2011-11-23 21:39:53 +00:00
Miroslav Stampar
ba4234dc42
switching from HTTP proxy to SOCKS proxy for --tor (sick and tired of Polipo/Privoxy bull; either Tor flag is overwritten every here and there or they are putting all kinds of filter warnings)
2011-11-23 21:17:08 +00:00
Miroslav Stampar
8ea9b19b66
minor update regarding dumping of table content in --forms mode
2011-11-23 20:56:22 +00:00
Miroslav Stampar
d6f936b98d
minor update
2011-11-23 15:51:48 +00:00
Miroslav Stampar
40f21c3917
minor update
2011-11-23 15:38:31 +00:00
Miroslav Stampar
14e8ca6d41
minor fix
2011-11-23 14:26:40 +00:00
Miroslav Stampar
9b99530add
minor bug fix
2011-11-23 08:14:20 +00:00
Miroslav Stampar
d5cddd40f6
minor fix
2011-11-23 03:03:31 +00:00
Miroslav Stampar
f39170a2c4
minor update
2011-11-22 15:06:51 +00:00
Miroslav Stampar
e33f70269b
minor optimization
2011-11-22 12:44:28 +00:00
Miroslav Stampar
501fd85fa1
minor optimization
2011-11-22 12:40:12 +00:00
Miroslav Stampar
2e10de8921
minor update
2011-11-22 12:18:24 +00:00
Miroslav Stampar
ac041399f0
minor patch
2011-11-22 11:04:43 +00:00
Miroslav Stampar
9697e80013
some more optimizations
2011-11-22 10:54:29 +00:00
Miroslav Stampar
267d67b024
minor update
2011-11-22 10:41:56 +00:00
Miroslav Stampar
b117c40aa5
major improvement of HashDB speed in multi-threaded mode
2011-11-22 10:09:35 +00:00
Miroslav Stampar
e94efff187
some more optimization
2011-11-22 09:00:00 +00:00
Miroslav Stampar
2ed3efba12
speed optimization and bug fix (kb.absFilePaths were not stored previously; also, they are now extracted only in heuristic phase)
2011-11-22 08:39:13 +00:00
Miroslav Stampar
493e436e16
minor update
2011-11-22 07:32:39 +00:00
Miroslav Stampar
e905ea2a54
minor bug fix
2011-11-22 07:07:52 +00:00
Miroslav Stampar
f1f0828b28
minor update
2011-11-21 22:27:47 +00:00
Miroslav Stampar
704e1a4e74
minor minor update
2011-11-21 22:19:52 +00:00
Miroslav Stampar
fcac3d494b
minor beautification
2011-11-21 22:18:04 +00:00
Miroslav Stampar
753dcb3450
minor update
2011-11-21 22:12:24 +00:00
Miroslav Stampar
da51e8a9d1
minor fix
2011-11-21 21:55:05 +00:00
Miroslav Stampar
eee03871d7
minor refactoring
2011-11-21 21:31:08 +00:00
Miroslav Stampar
4fa24ec704
minor improvement
2011-11-21 17:39:18 +00:00
Miroslav Stampar
65b2b0ad87
adding switch --eval
2011-11-21 16:41:02 +00:00
Miroslav Stampar
df0b451389
minor update
2011-11-20 23:17:57 +00:00
Miroslav Stampar
49fddaf668
minor update (for cases with 404 original page - e.g. time based injections in some cases)
2011-11-20 23:11:18 +00:00
Miroslav Stampar
8c32b3653b
minor update of false positive check (in considerable amount of cases minus char is filtered/used for other means)
2011-11-20 20:27:30 +00:00
Miroslav Stampar
440b7efe55
minor optimization
2011-11-20 20:14:47 +00:00
Miroslav Stampar
7c1af97852
minor optimization
2011-11-20 19:38:56 +00:00
Miroslav Stampar
e1a92d59de
implementing WordPress phpass hash cracking routine
2011-11-20 19:10:46 +00:00
Miroslav Stampar
f1979936c8
minor update
2011-11-18 15:32:33 +00:00
Miroslav Stampar
0df768e24a
minor refactoring/optimization
2011-11-16 16:06:21 +00:00
Miroslav Stampar
7314de3490
language update
2011-11-15 11:17:39 +00:00
Miroslav Stampar
ad2762118d
minor update
2011-11-14 15:10:39 +00:00
Miroslav Stampar
b888829d12
minor update
2011-11-14 11:39:18 +00:00
Miroslav Stampar
367627c331
minor fix for Python 2.6
2011-11-13 19:09:13 +00:00
Miroslav Stampar
76fb6ba666
minor update
2011-11-13 10:38:27 +00:00
Miroslav Stampar
ccbd93cc2e
fix for redirect/HOST header bug
2011-11-11 11:28:27 +00:00
Miroslav Stampar
1061c06617
improvement of redirecting code
2011-11-11 11:07:49 +00:00
Miroslav Stampar
e183437f0b
minor typo
2011-11-10 10:30:53 +00:00
Miroslav Stampar
62f8f8d36c
bug fix (thanks to zhen zhou)
2011-11-10 10:22:35 +00:00
Miroslav Stampar
6c07573e30
minor update
2011-11-06 11:42:02 +00:00
Miroslav Stampar
030c57a0c8
minor update
2011-11-06 11:18:16 +00:00
Miroslav Stampar
2dbd51e357
fix for google searches
2011-11-06 08:55:09 +00:00
Miroslav Stampar
61e3621855
minor update
2011-11-02 14:33:23 +00:00
Miroslav Stampar
24bda96d9e
adding items from John the Ripper's word list to the dictionary for Oracle cracking
2011-11-02 11:21:49 +00:00
Miroslav Stampar
6ec522e14b
removal of minor obsolete thingy
2011-11-02 10:41:12 +00:00
Miroslav Stampar
ea125d820d
some more speed ups for hash cracking
2011-11-02 09:57:42 +00:00
Miroslav Stampar
2f355db230
minor fix
2011-11-02 09:32:15 +00:00
Miroslav Stampar
0e96af65e6
minor update
2011-11-02 07:06:07 +00:00
Miroslav Stampar
d735582536
major speed improvement of hash cracking
2011-11-02 06:53:43 +00:00
Miroslav Stampar
b3a57391e4
minor update
2011-11-01 20:39:22 +00:00
Miroslav Stampar
3e3f037f1e
improvement of hash cracking routine
2011-11-01 19:58:22 +00:00
Miroslav Stampar
4cafc5f31b
language update
2011-11-01 19:09:17 +00:00
Miroslav Stampar
43340a7ea5
language
2011-11-01 19:06:27 +00:00
Miroslav Stampar
f9bb762d1d
minor improvement (resuming of already cracked values)
2011-11-01 19:00:34 +00:00
Miroslav Stampar
c0cd29f01c
minor update
2011-10-31 15:20:40 +00:00
Miroslav Stampar
60cadf4747
better regex used
2011-10-29 10:31:52 +00:00
Miroslav Stampar
ef987c6954
adding compatibility support for using --crawl and --forms together
2011-10-29 09:32:20 +00:00
Miroslav Stampar
ddc4dfe5ff
minor refactoring for regarding --forms
2011-10-29 08:32:24 +00:00
Miroslav Stampar
d7866ac78d
added support for automatic filtering of badly formed HTML in --forms mode
2011-10-28 21:28:03 +00:00
Miroslav Stampar
1b45c5b56a
bug fix
2011-10-28 15:24:35 +00:00
Miroslav Stampar
666a7da12a
minor update
2011-10-28 11:28:21 +00:00
Miroslav Stampar
b83fe6113e
turning off time adjustment off (now is shown as a tip) because it seems that it never was actually used (payload always left the same)
2011-10-28 11:25:07 +00:00
Miroslav Stampar
e290f2b80b
minor update
2011-10-28 11:11:55 +00:00
Miroslav Stampar
7ce3af68fc
fixing support for parsing BURP logs
2011-10-27 17:31:34 +00:00
Miroslav Stampar
6b7920d89a
minor patch for --tor
2011-10-27 10:52:06 +00:00
Miroslav Stampar
3c31ccd16e
minor update
2011-10-26 22:37:04 +00:00
Miroslav Stampar
9d31230d5e
minor update
2011-10-26 21:56:26 +00:00
Miroslav Stampar
d64c0af461
minor update
2011-10-26 14:31:00 +00:00
Miroslav Stampar
9c1d1ca5d8
minor update
2011-10-26 14:13:38 +00:00
Miroslav Stampar
2a72c1ae68
minor fix
2011-10-26 11:30:10 +00:00
Miroslav Stampar
a99547363f
some fixes
2011-10-26 11:24:15 +00:00
Miroslav Stampar
3d883a2218
minor update
2011-10-26 11:10:15 +00:00
Miroslav Stampar
d467b40ff6
minor fix
2011-10-26 10:54:43 +00:00
Miroslav Stampar
8d668b1833
some updates regarding hash attack
2011-10-26 10:30:32 +00:00
Miroslav Stampar
f41ae9cf49
minor update
2011-10-26 09:40:47 +00:00
Miroslav Stampar
0b68144c8f
minor fixes for hash cracking
2011-10-26 09:29:41 +00:00
Miroslav Stampar
18affca0bc
minor update
2011-10-26 09:14:18 +00:00
Miroslav Stampar
64ca01ea0e
minor update
2011-10-25 22:06:47 +00:00
Miroslav Stampar
35c889a411
minor update
2011-10-25 18:07:33 +00:00
Miroslav Stampar
ee76fed56a
minor update
2011-10-25 17:48:20 +00:00
Miroslav Stampar
41ad7f9eab
minor update
2011-10-25 17:44:30 +00:00
Miroslav Stampar
86b4a3562f
added switch --check-tor
2011-10-25 17:37:43 +00:00
Miroslav Stampar
eaaf6041b9
minor fix
2011-10-25 11:20:42 +00:00
Miroslav Stampar
c1486ed4be
adding usage of non-encoded/decoded post data (if data is recognized to be already encoded) by user request
2011-10-25 09:53:44 +00:00
Miroslav Stampar
b07f165d60
quick fix
2011-10-24 18:11:34 +00:00
Miroslav Stampar
23bf52e496
minor refactoring
2011-10-24 09:55:50 +00:00
Miroslav Stampar
cd00c0d084
minor patch
2011-10-24 09:43:59 +00:00
Miroslav Stampar
6d64f87190
minor update
2011-10-24 00:46:54 +00:00
Miroslav Stampar
20ae1c2187
added switch --logic-negative
2011-10-24 00:40:06 +00:00
Miroslav Stampar
8bd3cfdc8e
minor update
2011-10-24 00:17:38 +00:00
Miroslav Stampar
d39d36f7a7
minor language beautification
2011-10-23 23:27:56 +00:00
Miroslav Stampar
7c626f1dbe
minor fix
2011-10-23 23:18:39 +00:00
Miroslav Stampar
d77a5f5928
update (generalizing ORDER BY approach)
2011-10-23 23:02:01 +00:00
Miroslav Stampar
1dd3fae930
minor fix
2011-10-23 22:27:45 +00:00
Miroslav Stampar
0c29311eb2
minor update
2011-10-23 22:24:57 +00:00
Miroslav Stampar
5863429fc1
minor update
2011-10-23 21:17:45 +00:00
Miroslav Stampar
4a469c3258
minor update
2011-10-23 21:12:34 +00:00
Miroslav Stampar
1f7d87c6a4
bug fix for --code (previously redirecting codes where not considered)
2011-10-23 20:48:37 +00:00
Miroslav Stampar
77e630d89e
replaced longer CHAR form of escaped MySQL strings with more compact hex form
2011-10-23 20:19:42 +00:00
Miroslav Stampar
3f0517d3f3
support for non-latin (e.g. cyrillic) URLs
2011-10-23 17:02:48 +00:00
Miroslav Stampar
1c3f4e9e54
minor update
2011-10-23 08:44:21 +00:00
Miroslav Stampar
25f0ec3597
some minor range to xrange conversion (where safe to do)
2011-10-21 22:34:27 +00:00
Miroslav Stampar
eb240243ea
minor update
2011-10-21 22:21:41 +00:00
Miroslav Stampar
b4ce857f9b
added some comments
2011-10-21 21:29:24 +00:00
Miroslav Stampar
7a3096ce25
some refactoring
2011-10-21 21:12:48 +00:00
Miroslav Stampar
9356f8005c
important bug fix
2011-10-21 21:07:06 +00:00
Miroslav Stampar
0a8e45955c
minor update
2011-10-21 20:44:18 +00:00
Miroslav Stampar
566d6e4974
minor fix
2011-10-21 20:21:29 +00:00
Miroslav Stampar
05b9951a8b
minor beautification
2011-10-21 09:19:31 +00:00
Miroslav Stampar
0db0571f35
minor patch
2011-10-21 09:06:00 +00:00
Miroslav Stampar
12a7fd4054
quick fix
2011-10-20 08:28:57 +00:00
Miroslav Stampar
0cbcbf159c
minor fix
2011-10-19 21:35:01 +00:00
Miroslav Stampar
e3a719e7d2
minor update
2011-10-11 22:40:00 +00:00
Miroslav Stampar
7956390631
minor update
2011-10-11 22:27:49 +00:00
Miroslav Stampar
a7a29f33ad
minor update
2011-10-11 21:58:57 +00:00
Miroslav Stampar
dacfeafc5f
minor optimization
2011-10-10 17:45:16 +00:00
Miroslav Stampar
4989e8e6d3
minor update
2011-10-10 17:29:54 +00:00
Miroslav Stampar
c204f2b221
minor optimization
2011-10-10 14:47:48 +00:00
Miroslav Stampar
47b27a5988
minor improvement of HashDB
2011-10-10 14:23:17 +00:00
Miroslav Stampar
323aa7bf2f
minor update
2011-10-09 21:21:41 +00:00
Miroslav Stampar
a31a0aa8d4
minor update
2011-10-06 22:29:49 +00:00
Miroslav Stampar
8720aad6dc
transformed cDel to pDel as a more generic option
2011-10-06 22:03:33 +00:00
Miroslav Stampar
dd0ed5f5da
adding redirect response to the traffic file
2011-09-28 08:13:46 +00:00
Miroslav Stampar
6d2536f217
minor update
2011-09-27 22:27:34 +00:00
Miroslav Stampar
c0910ca2c8
added one more warning message by request
2011-09-27 22:25:15 +00:00
Miroslav Stampar
b888a84764
minor update
2011-09-27 14:31:58 +00:00
Miroslav Stampar
88f1110c44
adding a new (for now) hidden switch --test-filter for filtering tests by their name
2011-09-27 14:09:25 +00:00
Miroslav Stampar
fd9acfd7d2
fix
2011-09-26 13:36:08 +00:00
Miroslav Stampar
b3b4459c72
minor fix
2011-09-26 13:01:43 +00:00
Miroslav Stampar
34738129c9
minor update
2011-09-25 21:27:58 +00:00
Miroslav Stampar
7e80274fac
refactoring
2011-09-25 21:10:45 +00:00
Miroslav Stampar
744636a8c1
switching to SQLite resume support (on error and union techniques this moment)
2011-09-25 20:36:32 +00:00
Miroslav Stampar
ba5eff1de6
minor bug fix
2011-09-23 18:29:45 +00:00
Miroslav Stampar
d95ff4350d
bug fix
2011-09-20 13:08:35 +00:00
Miroslav Stampar
4a3580d10b
minor fix
2011-09-19 19:08:08 +00:00
Bernardo Damele
f890b29f81
Proper reference to Metasploit Framework as now it's version 4, not 3 anymore
2011-09-12 17:26:22 +00:00
Miroslav Stampar
4fb6dab1a2
minor bug fix
2011-09-12 14:15:57 +00:00
Miroslav Stampar
1bdde51d0e
minor just in case update
2011-09-11 16:41:07 +00:00
Miroslav Stampar
02f993583b
minor bug fix
2011-09-09 11:36:09 +00:00
Miroslav Stampar
2f4e34f5a0
minor improvement for URI injections
2011-09-08 11:13:12 +00:00
Miroslav Stampar
d434047482
minor bug fix
2011-09-05 09:28:40 +00:00
Miroslav Stampar
08e0eb9b61
minor lower/upper case fix
2011-08-29 13:47:32 +00:00
Miroslav Stampar
9be89422da
implemented parameter --skip
2011-08-29 13:29:42 +00:00
Miroslav Stampar
e0f521cf9d
minor update regarding --randomize
2011-08-29 13:08:25 +00:00
Miroslav Stampar
ac00014c4a
implemented --randomize switch by request
2011-08-29 12:50:52 +00:00
Miroslav Stampar
8fe069b495
minor fix
2011-08-23 21:48:39 +00:00
Miroslav Stampar
01014eca17
by request
2011-08-23 21:45:01 +00:00
Miroslav Stampar
cfc1f2b70b
minor update
2011-08-22 22:43:14 +00:00
Miroslav Stampar
f4127a80d7
improvement of UNION based injection detection (with non-NULL kb.uChar values searching of the content inside -1 UNION.. pages is used)
2011-08-22 21:43:46 +00:00
Miroslav Stampar
8a174248dc
fix for a bug reported by blueBoy
2011-08-20 20:08:11 +00:00
Miroslav Stampar
cb32d46f2a
minor minor update
2011-08-18 06:09:12 +00:00
Miroslav Stampar
54bcc35ba7
important bug fix (connection exception was causing losing of already retrieved data)
2011-08-17 22:31:33 +00:00
Miroslav Stampar
9d31322f3d
update regarding special case when conf.uChar appears only in testable pages
2011-08-17 21:40:42 +00:00
Miroslav Stampar
75ec146224
minor beautification
2011-08-17 21:17:02 +00:00
Miroslav Stampar
f46baac70b
bug fix (when comment is None this was errornous)
2011-08-17 10:58:29 +00:00
Bernardo Damele
9361e633f4
Minor bug fix - some applications do really set cookies like param="value" with double-quotes
2011-08-16 09:21:01 +00:00
Miroslav Stampar
e1dbb4443b
minor update related to the last commit
2011-08-16 07:01:14 +00:00
Miroslav Stampar
7cc5743c5d
minor adjustment of a time based char retrievals (no more infinite increasing of timeSec value for problematic characters)
2011-08-16 06:50:20 +00:00
Miroslav Stampar
600ef3eace
minor patch
2011-08-16 06:22:04 +00:00
Miroslav Stampar
262996fc5b
bug fix
2011-08-16 06:14:40 +00:00
Miroslav Stampar
df4abf1af1
lowering constant value from 10 to 7 for da peace in da houz
2011-08-12 17:19:19 +00:00
Bernardo Damele
702ed73a65
Added --code switch to match in boolean-based tests against the HTTP response code
2011-08-12 16:48:11 +00:00
Bernardo Damele
fff4c34e33
Search for --string and --regexp matches also in HTTP response headers
2011-08-12 15:33:37 +00:00
Bernardo Damele
5e5133b8e7
Should be fixed now
2011-08-12 15:00:11 +00:00
Bernardo Damele
1505cb2a80
typo
2011-08-12 14:51:39 +00:00
Bernardo Damele
702ca22d54
Minor bug fix for URI injections
2011-08-12 14:48:44 +00:00
Bernardo Damele
28bba9f5e6
More verbose warning message
2011-08-12 13:47:38 +00:00
Miroslav Stampar
10bdd90e60
minor speed optimizations (as a result of profiling)
2011-08-12 13:40:37 +00:00
Bernardo Damele
36280b33fa
Ask the user wheather or not to adjust the time delay - there have been a case where the forcing of conf.timeSec screwed the result in an extremely lagged and unreliable site
2011-08-12 13:06:40 +00:00
Miroslav Stampar
41ae9bc7ff
minor bug fix
2011-08-09 14:20:25 +00:00
Miroslav Stampar
2ad267132a
minor update for empty normal responses (like AJAX requests)
2011-08-05 10:55:21 +00:00
Miroslav Stampar
e849b71027
minor typo
2011-08-03 14:31:42 +00:00
Miroslav Stampar
538b49bcc5
removing word "dramatically". i was too excited at the moment :). it is cool and all but we shouldn't put "highly subjective" attribs in reports
2011-08-03 13:26:38 +00:00
Miroslav Stampar
f7562da754
from now on proper union column count should be displayed in injection info output
2011-08-03 10:34:50 +00:00
Miroslav Stampar
9423d15fb3
ORDER BY technique used for finding proper UNION col count (dramatical improvement of speed and capabilities) and one minor bug fix
2011-08-03 09:08:16 +00:00
Miroslav Stampar
07afcd5440
fix for a bug reported by Ahmed Shawky (when user uses --suffix intermixing test default comments with the provided suffix is a big no no)
2011-08-02 18:20:21 +00:00
Miroslav Stampar
07c3d4fb18
minor adjustment
2011-08-02 17:35:43 +00:00
Miroslav Stampar
edab7d01a5
minor fix
2011-08-02 17:31:13 +00:00
Bernardo Damele
c15439ab7f
Minor improvement to --passwords output
2011-08-02 09:04:34 +00:00
Miroslav Stampar
cb0981d858
proper way of handling 0 length results (as in __goInferenceProxy)
2011-08-02 08:39:32 +00:00
Miroslav Stampar
0643ced651
minor update
2011-08-02 08:12:43 +00:00
Miroslav Stampar
457f501bbd
proper fix
2011-08-01 23:48:38 +00:00
Bernardo Damele
cbd0ea0866
Possible fix for a minor bug
2011-08-01 23:24:39 +00:00
Miroslav Stampar
018d7ed646
improvement for limited queries (more stable to have TOP/LIMIT/OFFSET mechanisms as part of a subquery)
2011-07-31 23:40:09 +00:00
Miroslav Stampar
0627bb02cb
minor beautification
2011-07-31 10:21:47 +00:00
Miroslav Stampar
93ae1dfa2b
minor bug fix
2011-07-31 08:52:48 +00:00
Miroslav Stampar
68ae8ea5b2
minor refactoring
2011-07-29 10:54:25 +00:00
Miroslav Stampar
e522263640
fix for a neverending data retrieval in large full inband cases
2011-07-29 10:45:09 +00:00
Miroslav Stampar
3fc603843e
minor fix
2011-07-27 23:26:36 +00:00
Miroslav Stampar
107089c00b
bug fix
2011-07-27 08:25:51 +00:00
Miroslav Stampar
f7eaffcec5
i believe that this could be ok
2011-07-26 21:28:48 +00:00
Bernardo Damele
a2483b3bc4
Aligned OS takeover functionalities to recent Metasploit improvements
2011-07-26 10:29:14 +00:00
Bernardo Damele
938716e361
Proper fix for --start and --stop consistency amongst different techniques
2011-07-26 10:06:28 +00:00
Bernardo Damele
e71f96afe7
Reverted dumb "fix"
2011-07-26 09:42:09 +00:00
Miroslav Stampar
6bbb8139a0
update (smaller memory footprint in postprocessing phase because of safecharencode part)
2011-07-25 20:40:31 +00:00
Miroslav Stampar
5770c08784
minor optimization and refactoring
2011-07-25 20:17:44 +00:00
Bernardo Damele
0a7a648694
Minor bug fix for --start, now all techniques return the same result (before blind techniques returned from one entry behind)
2011-07-25 11:15:18 +00:00
Bernardo Damele
6cbb927012
Partial fix for -o not resumed at following runs if missing from command line
2011-07-25 11:05:49 +00:00
Miroslav Stampar
2033a28ae7
minor update regarding last commit (cleaner code)
2011-07-24 20:44:17 +00:00
Miroslav Stampar
3a3561fdaa
doing proper big table support for partial union too
2011-07-24 20:36:44 +00:00
Miroslav Stampar
ec1bc0219c
hello big tables, this is sqlmap, sqlmap this is big tables
2011-07-24 09:19:33 +00:00
Miroslav Stampar
82e1e61554
minor speedup
2011-07-23 19:51:19 +00:00
Miroslav Stampar
094dc91e2d
minor update (prior to some changes regarding large content retrieval)
2011-07-23 19:04:59 +00:00
Miroslav Stampar
a89140e1ce
revisit of Oracle error-based payloads (added replace for '@' as a problematic char for XMLType function)
2011-07-23 06:07:00 +00:00
Miroslav Stampar
8a00ca83af
refactoring. nothing special changed
2011-07-21 10:18:11 +00:00
Miroslav Stampar
963f54e6d2
minor fix for parameters containing '=' inside values itself (remark: no parameter name will have '=' nor '%3d' inside; tested and it does a good job)
2011-07-21 10:06:52 +00:00
Miroslav Stampar
7881ded60d
quick fix (this other library was doing problems)
2011-07-20 22:20:16 +00:00
Bernardo Damele
d6b52242c7
Meterpreter's sniffer extension freezes 64-bit systems
...
Meterpreter's priv extension is loaded by default since Metasploit 3.5 or so.
There is no shellcodeexec 64-bit yet, anyway as the Metasploit payload is encoded with a 32-bit encoded (alphanumeric), it's all fine.
2011-07-20 13:50:02 +00:00
Miroslav Stampar
9d996c07fb
another quick fix
2011-07-20 13:00:34 +00:00
Miroslav Stampar
fad77dd078
fix for a ImportError bug reported by g@brindi.si
2011-07-20 12:18:36 +00:00
Miroslav Stampar
9cf33ec997
now status is no longer represented in percentage (impossible in cases where we need to support too small and too large dictionaries - technical issues regarding counting) but by the rotating char
2011-07-15 13:24:13 +00:00
Miroslav Stampar
ff8fc90ac7
bug fix
2011-07-13 06:44:15 +00:00
Miroslav Stampar
5c162efbd8
more optimization
2011-07-12 23:21:15 +00:00
Miroslav Stampar
9933edc718
optimization of reflective removal mechanism
2011-07-12 22:28:19 +00:00
Bernardo Damele
cda25cda2f
Cosmetics
2011-07-12 20:49:27 +00:00
Miroslav Stampar
3583d6dd1b
quick fixes, more work to do
2011-07-12 20:32:19 +00:00
Miroslav Stampar
0126b8eb0e
minor revert (it's illegal to use append for updating one array with another array)
2011-07-12 19:34:54 +00:00
Bernardo Damele
48b7245a33
Minor bug fix
2011-07-12 15:47:04 +00:00
Bernardo Damele
0b8c6e4c81
Minor bug fix
2011-07-12 15:30:40 +00:00
Miroslav Stampar
a46b5230f5
minor "patch"
2011-07-11 20:33:16 +00:00
Miroslav Stampar
1f826684f6
disabling multiprocessing (maybe permanently) support for Windows as of complications with sharing dictionary iterator
2011-07-11 13:16:59 +00:00
Miroslav Stampar
7bc6280d53
possible fix for a multi-processing "problem" reported by christopher.oakley@gmail.com
2011-07-11 11:40:27 +00:00
Miroslav Stampar
f5e45bf113
quick fix for a bug reported by jovon.itwaru@gmail.com
2011-07-11 08:54:39 +00:00
Miroslav Stampar
98958f8808
minor minor update
2011-07-10 15:41:45 +00:00
Miroslav Stampar
0d6afca7db
adding new switch '--smart' by request
2011-07-10 15:16:58 +00:00
Miroslav Stampar
1e182e6c72
quick fix
2011-07-08 22:34:44 +00:00
Bernardo Damele
651349e229
More verbose critical message
2011-07-08 13:12:53 +00:00
Bernardo Damele
b5dd4d4a63
Minor bug fix for Microsoft Access case expressions (like --common-tables) in UNION query SQL injection
2011-07-08 10:19:01 +00:00
Miroslav Stampar
02bfd05b20
more general approach
2011-07-08 10:03:14 +00:00
Miroslav Stampar
5443e06430
cosmetics (in debug mode [0] is used)
2011-07-08 09:43:52 +00:00
Miroslav Stampar
c463c411b9
minor update
2011-07-08 09:32:58 +00:00
Miroslav Stampar
ba2c06c9dc
quick fix
2011-07-08 09:01:32 +00:00
Miroslav Stampar
c517e97a44
few fixes and minor cosmetics
2011-07-08 06:02:31 +00:00
Bernardo Damele
aedcf8c8d7
Changed homepage address
2011-07-07 20:10:03 +00:00
Bernardo Damele
067354b97f
Revert of last commit and proper fix to detect UNION query SQL injection against Microsoft Access
2011-07-07 13:20:40 +00:00
Bernardo Damele
9e1a6beb7a
Major bug fix in UNION detection, it was a leftover
2011-07-07 00:06:20 +00:00
Bernardo Damele
fcd4e94c04
Higher chances to detect UNION query SQL injection against Microsoft Access
2011-07-06 23:52:44 +00:00
Bernardo Damele
23b4efdcaf
Revamp of tamper scripts, now supporting dependencies() function as well. Improved a lot the docstring and retested all. Added a new one from Ahmad too.
2011-07-06 21:04:45 +00:00
Bernardo Damele
0d28c1e9e7
cosmetics
2011-07-06 20:41:13 +00:00
Bernardo Damele
6f6038b534
Quick fix (revert..)
2011-07-06 11:32:12 +00:00
Miroslav Stampar
93b296e02c
few bug fixes (NTLM credential parsing was wrong), some switch reordering (few Misc to General), implemented --check-waf switch (irony is that this will also be called highly experimental/unstable while other things will be called "major/turbo/super bug fix/implementation")
2011-07-06 05:44:47 +00:00
Miroslav Stampar
b8ffcf9495
few fixes here and there and multi-core processing for dictionary based hash attack
2011-07-04 19:58:41 +00:00
Miroslav Stampar
34d9a91af1
bulk of fixes
2011-07-02 22:48:56 +00:00
Bernardo Damele
861cdb1b14
cosmetics
2011-07-01 10:04:34 +00:00
Miroslav Stampar
4513ef409e
massive (like really massive) dictionary support
2011-06-30 23:44:49 +00:00
Miroslav Stampar
43db6b03a7
update with a feature request (file with list of wordlist files)
2011-06-30 08:42:43 +00:00
Miroslav Stampar
9e453e8709
fix for a bug reported by nightman@email.de
2011-06-29 17:49:59 +00:00
Miroslav Stampar
be9b8bca78
bug fix
2011-06-29 17:39:58 +00:00
Bernardo Damele
9eb683531d
Minor improvement at blind SQL inj technique for DB2
2011-06-27 22:28:12 +00:00
Miroslav Stampar
75524c283d
minor update
2011-06-27 21:59:31 +00:00
Miroslav Stampar
4be55c811f
minor update
2011-06-27 21:48:26 +00:00
Miroslav Stampar
831f083223
minor update
2011-06-27 21:38:12 +00:00
Miroslav Stampar
5b4eaf48d9
minor fix (for those blank suffixes out of nowhere at the end of payload - not related to "-- ")
2011-06-27 21:34:49 +00:00
Miroslav Stampar
8a8b94883b
minor update (that default quit in --batch was bothering me - my original idea and it was bad :)
2011-06-27 14:14:49 +00:00
Miroslav Stampar
d72db1bf91
minor update (all misc options are alphabetically ordered)
2011-06-27 08:21:33 +00:00
Bernardo Damele
36c96ef796
Added DB2 support - patch provided by Sebastian Bittig
2011-06-25 09:44:24 +00:00
Miroslav Stampar
e00cf81f7e
minor update
2011-06-24 19:50:13 +00:00
Miroslav Stampar
e9286ddd5b
fix for a bug reported by g@brindi.si (UnicodeDecodeError: 'ascii' codec can't decode byte 0xc2 in position
...
47: ordinal not in range(128))
2011-06-24 19:24:11 +00:00
Miroslav Stampar
c4cb367e65
looks nicer (though --tor is implicitly converted into --proxy)
2011-06-24 19:00:53 +00:00
Miroslav Stampar
aa83fe5c66
minor update
2011-06-24 18:19:33 +00:00
Miroslav Stampar
21010f702c
minor beautification
2011-06-24 17:46:54 +00:00
Miroslav Stampar
2de88bd90b
minor update
2011-06-24 17:19:24 +00:00
Miroslav Stampar
96190cf594
minor update
2011-06-24 17:15:15 +00:00
Bernardo Damele
406f2cda09
Got rid of useless TAB completion in --sql-shell
2011-06-24 13:05:13 +00:00
Bernardo Damele
35ce6dedcf
Got rid of useless imports
2011-06-24 09:59:11 +00:00
Bernardo Damele
a78f5b4eb3
Minor adjustment to avoid function and variables with same name
2011-06-24 09:29:11 +00:00
Miroslav Stampar
eaa2a4202f
changing to: --crawl=CRAWLDEPTH
2011-06-24 05:40:03 +00:00
Miroslav Stampar
3717b8423f
cleanest fix this moment (conf.dbms will for sure deal problems later in any form)
2011-06-22 15:48:44 +00:00
Miroslav Stampar
5190440ea2
minor fix
2011-06-22 15:36:59 +00:00
Miroslav Stampar
97d8729d71
probable fix for a bug reported by m4l1c3 (RuntimeError: maximum recursion depth exceeded)
2011-06-22 15:28:49 +00:00
Miroslav Stampar
52ba3c281e
minor update
2011-06-22 14:59:49 +00:00
Miroslav Stampar
4ca37901da
thread safe logging+stdout (no more overlapping of log messages and raw output)
2011-06-22 14:53:42 +00:00
Miroslav Stampar
84bc8c3a37
update
2011-06-22 14:39:31 +00:00
Miroslav Stampar
938db1b513
replacing xmlobject logic with our own
2011-06-22 14:33:52 +00:00
Bernardo Damele
1cb12ea659
replaced third-party library python-mysql with python pymysql, http://code.google.com/p/pymysql/ (MIT license)
2011-06-22 13:31:07 +00:00
Miroslav Stampar
e76cb19e35
minor patch
2011-06-22 09:11:12 +00:00
Miroslav Stampar
b16b92fe46
minor update
2011-06-21 20:59:34 +00:00
Miroslav Stampar
2220afbdf5
fix by request
2011-06-21 20:50:16 +00:00
Miroslav Stampar
9e232256f4
reverting that last commit because there is a mess with default dumping (startLimit is set to 0 which is not so friendly with --start and --stop logic)
2011-06-21 18:29:23 +00:00
Miroslav Stampar
3536320fc9
--stop is inclusive ("Last query output entry to retrieve")
2011-06-21 18:08:33 +00:00
Miroslav Stampar
dfc02d8c3c
sorry Bernardo, i hope your mobile is turned off :)))
2011-06-20 22:47:24 +00:00
Miroslav Stampar
2a4a284a29
crawler fix (skip binary files)
2011-06-20 22:41:38 +00:00
Miroslav Stampar
20bb1a685b
really minor update
2011-06-20 21:57:53 +00:00
Miroslav Stampar
812cd2f19b
minor update
2011-06-20 21:47:03 +00:00
Miroslav Stampar
e8ac7414f2
bug fix
2011-06-20 21:36:15 +00:00
Miroslav Stampar
d6062e8fc9
minor fix for crawler and far less message overlaps in future
2011-06-20 21:18:12 +00:00
Miroslav Stampar
8968c708a0
minor update
2011-06-20 14:27:24 +00:00
Miroslav Stampar
17fac6f67f
minor update
2011-06-20 13:53:39 +00:00
Miroslav Stampar
29314f425e
minor fix
2011-06-20 13:42:31 +00:00
Miroslav Stampar
f09340fc89
minor update
2011-06-20 12:40:14 +00:00
Miroslav Stampar
4d1fa5596b
added support for --scope in --crawl mode
2011-06-20 12:37:51 +00:00