Commit Graph

2627 Commits

Author SHA1 Message Date
Miroslav Stampar
1c3f4e9e54 minor update 2011-10-23 08:44:21 +00:00
Miroslav Stampar
25f0ec3597 some minor range to xrange conversion (where safe to do) 2011-10-21 22:34:27 +00:00
Miroslav Stampar
eb240243ea minor update 2011-10-21 22:21:41 +00:00
Miroslav Stampar
b4ce857f9b added some comments 2011-10-21 21:29:24 +00:00
Miroslav Stampar
7a3096ce25 some refactoring 2011-10-21 21:12:48 +00:00
Miroslav Stampar
9356f8005c important bug fix 2011-10-21 21:07:06 +00:00
Miroslav Stampar
0a8e45955c minor update 2011-10-21 20:44:18 +00:00
Miroslav Stampar
566d6e4974 minor fix 2011-10-21 20:21:29 +00:00
Miroslav Stampar
05b9951a8b minor beautification 2011-10-21 09:19:31 +00:00
Miroslav Stampar
0db0571f35 minor patch 2011-10-21 09:06:00 +00:00
Miroslav Stampar
12a7fd4054 quick fix 2011-10-20 08:28:57 +00:00
Miroslav Stampar
0cbcbf159c minor fix 2011-10-19 21:35:01 +00:00
Miroslav Stampar
e3a719e7d2 minor update 2011-10-11 22:40:00 +00:00
Miroslav Stampar
7956390631 minor update 2011-10-11 22:27:49 +00:00
Miroslav Stampar
a7a29f33ad minor update 2011-10-11 21:58:57 +00:00
Miroslav Stampar
dacfeafc5f minor optimization 2011-10-10 17:45:16 +00:00
Miroslav Stampar
4989e8e6d3 minor update 2011-10-10 17:29:54 +00:00
Miroslav Stampar
c204f2b221 minor optimization 2011-10-10 14:47:48 +00:00
Miroslav Stampar
47b27a5988 minor improvement of HashDB 2011-10-10 14:23:17 +00:00
Miroslav Stampar
323aa7bf2f minor update 2011-10-09 21:21:41 +00:00
Miroslav Stampar
a31a0aa8d4 minor update 2011-10-06 22:29:49 +00:00
Miroslav Stampar
8720aad6dc transformed cDel to pDel as a more generic option 2011-10-06 22:03:33 +00:00
Miroslav Stampar
dd0ed5f5da adding redirect response to the traffic file 2011-09-28 08:13:46 +00:00
Miroslav Stampar
6d2536f217 minor update 2011-09-27 22:27:34 +00:00
Miroslav Stampar
c0910ca2c8 added one more warning message by request 2011-09-27 22:25:15 +00:00
Miroslav Stampar
b888a84764 minor update 2011-09-27 14:31:58 +00:00
Miroslav Stampar
88f1110c44 adding a new (for now) hidden switch --test-filter for filtering tests by their name 2011-09-27 14:09:25 +00:00
Miroslav Stampar
fd9acfd7d2 fix 2011-09-26 13:36:08 +00:00
Miroslav Stampar
b3b4459c72 minor fix 2011-09-26 13:01:43 +00:00
Miroslav Stampar
34738129c9 minor update 2011-09-25 21:27:58 +00:00
Miroslav Stampar
7e80274fac refactoring 2011-09-25 21:10:45 +00:00
Miroslav Stampar
744636a8c1 switching to SQLite resume support (on error and union techniques this moment) 2011-09-25 20:36:32 +00:00
Miroslav Stampar
ba5eff1de6 minor bug fix 2011-09-23 18:29:45 +00:00
Miroslav Stampar
d95ff4350d bug fix 2011-09-20 13:08:35 +00:00
Miroslav Stampar
4a3580d10b minor fix 2011-09-19 19:08:08 +00:00
Bernardo Damele
f890b29f81 Proper reference to Metasploit Framework as now it's version 4, not 3 anymore 2011-09-12 17:26:22 +00:00
Miroslav Stampar
4fb6dab1a2 minor bug fix 2011-09-12 14:15:57 +00:00
Miroslav Stampar
1bdde51d0e minor just in case update 2011-09-11 16:41:07 +00:00
Miroslav Stampar
02f993583b minor bug fix 2011-09-09 11:36:09 +00:00
Miroslav Stampar
2f4e34f5a0 minor improvement for URI injections 2011-09-08 11:13:12 +00:00
Miroslav Stampar
d434047482 minor bug fix 2011-09-05 09:28:40 +00:00
Miroslav Stampar
08e0eb9b61 minor lower/upper case fix 2011-08-29 13:47:32 +00:00
Miroslav Stampar
9be89422da implemented parameter --skip 2011-08-29 13:29:42 +00:00
Miroslav Stampar
e0f521cf9d minor update regarding --randomize 2011-08-29 13:08:25 +00:00
Miroslav Stampar
ac00014c4a implemented --randomize switch by request 2011-08-29 12:50:52 +00:00
Miroslav Stampar
8fe069b495 minor fix 2011-08-23 21:48:39 +00:00
Miroslav Stampar
01014eca17 by request 2011-08-23 21:45:01 +00:00
Miroslav Stampar
cfc1f2b70b minor update 2011-08-22 22:43:14 +00:00
Miroslav Stampar
f4127a80d7 improvement of UNION based injection detection (with non-NULL kb.uChar values searching of the content inside -1 UNION.. pages is used) 2011-08-22 21:43:46 +00:00
Miroslav Stampar
8a174248dc fix for a bug reported by blueBoy 2011-08-20 20:08:11 +00:00
Miroslav Stampar
cb32d46f2a minor minor update 2011-08-18 06:09:12 +00:00
Miroslav Stampar
54bcc35ba7 important bug fix (connection exception was causing losing of already retrieved data) 2011-08-17 22:31:33 +00:00
Miroslav Stampar
9d31322f3d update regarding special case when conf.uChar appears only in testable pages 2011-08-17 21:40:42 +00:00
Miroslav Stampar
75ec146224 minor beautification 2011-08-17 21:17:02 +00:00
Miroslav Stampar
f46baac70b bug fix (when comment is None this was errornous) 2011-08-17 10:58:29 +00:00
Bernardo Damele
9361e633f4 Minor bug fix - some applications do really set cookies like param="value" with double-quotes 2011-08-16 09:21:01 +00:00
Miroslav Stampar
e1dbb4443b minor update related to the last commit 2011-08-16 07:01:14 +00:00
Miroslav Stampar
7cc5743c5d minor adjustment of a time based char retrievals (no more infinite increasing of timeSec value for problematic characters) 2011-08-16 06:50:20 +00:00
Miroslav Stampar
600ef3eace minor patch 2011-08-16 06:22:04 +00:00
Miroslav Stampar
262996fc5b bug fix 2011-08-16 06:14:40 +00:00
Miroslav Stampar
df4abf1af1 lowering constant value from 10 to 7 for da peace in da houz 2011-08-12 17:19:19 +00:00
Bernardo Damele
702ed73a65 Added --code switch to match in boolean-based tests against the HTTP response code 2011-08-12 16:48:11 +00:00
Bernardo Damele
fff4c34e33 Search for --string and --regexp matches also in HTTP response headers 2011-08-12 15:33:37 +00:00
Bernardo Damele
5e5133b8e7 Should be fixed now 2011-08-12 15:00:11 +00:00
Bernardo Damele
1505cb2a80 typo 2011-08-12 14:51:39 +00:00
Bernardo Damele
702ca22d54 Minor bug fix for URI injections 2011-08-12 14:48:44 +00:00
Bernardo Damele
28bba9f5e6 More verbose warning message 2011-08-12 13:47:38 +00:00
Miroslav Stampar
10bdd90e60 minor speed optimizations (as a result of profiling) 2011-08-12 13:40:37 +00:00
Bernardo Damele
36280b33fa Ask the user wheather or not to adjust the time delay - there have been a case where the forcing of conf.timeSec screwed the result in an extremely lagged and unreliable site 2011-08-12 13:06:40 +00:00
Miroslav Stampar
41ae9bc7ff minor bug fix 2011-08-09 14:20:25 +00:00
Miroslav Stampar
2ad267132a minor update for empty normal responses (like AJAX requests) 2011-08-05 10:55:21 +00:00
Miroslav Stampar
e849b71027 minor typo 2011-08-03 14:31:42 +00:00
Miroslav Stampar
538b49bcc5 removing word "dramatically". i was too excited at the moment :). it is cool and all but we shouldn't put "highly subjective" attribs in reports 2011-08-03 13:26:38 +00:00
Miroslav Stampar
f7562da754 from now on proper union column count should be displayed in injection info output 2011-08-03 10:34:50 +00:00
Miroslav Stampar
9423d15fb3 ORDER BY technique used for finding proper UNION col count (dramatical improvement of speed and capabilities) and one minor bug fix 2011-08-03 09:08:16 +00:00
Miroslav Stampar
07afcd5440 fix for a bug reported by Ahmed Shawky (when user uses --suffix intermixing test default comments with the provided suffix is a big no no) 2011-08-02 18:20:21 +00:00
Miroslav Stampar
07c3d4fb18 minor adjustment 2011-08-02 17:35:43 +00:00
Miroslav Stampar
edab7d01a5 minor fix 2011-08-02 17:31:13 +00:00
Bernardo Damele
c15439ab7f Minor improvement to --passwords output 2011-08-02 09:04:34 +00:00
Miroslav Stampar
cb0981d858 proper way of handling 0 length results (as in __goInferenceProxy) 2011-08-02 08:39:32 +00:00
Miroslav Stampar
0643ced651 minor update 2011-08-02 08:12:43 +00:00
Miroslav Stampar
457f501bbd proper fix 2011-08-01 23:48:38 +00:00
Bernardo Damele
cbd0ea0866 Possible fix for a minor bug 2011-08-01 23:24:39 +00:00
Miroslav Stampar
018d7ed646 improvement for limited queries (more stable to have TOP/LIMIT/OFFSET mechanisms as part of a subquery) 2011-07-31 23:40:09 +00:00
Miroslav Stampar
0627bb02cb minor beautification 2011-07-31 10:21:47 +00:00
Miroslav Stampar
93ae1dfa2b minor bug fix 2011-07-31 08:52:48 +00:00
Miroslav Stampar
68ae8ea5b2 minor refactoring 2011-07-29 10:54:25 +00:00
Miroslav Stampar
e522263640 fix for a neverending data retrieval in large full inband cases 2011-07-29 10:45:09 +00:00
Miroslav Stampar
3fc603843e minor fix 2011-07-27 23:26:36 +00:00
Miroslav Stampar
107089c00b bug fix 2011-07-27 08:25:51 +00:00
Miroslav Stampar
f7eaffcec5 i believe that this could be ok 2011-07-26 21:28:48 +00:00
Bernardo Damele
a2483b3bc4 Aligned OS takeover functionalities to recent Metasploit improvements 2011-07-26 10:29:14 +00:00
Bernardo Damele
938716e361 Proper fix for --start and --stop consistency amongst different techniques 2011-07-26 10:06:28 +00:00
Bernardo Damele
e71f96afe7 Reverted dumb "fix" 2011-07-26 09:42:09 +00:00
Miroslav Stampar
6bbb8139a0 update (smaller memory footprint in postprocessing phase because of safecharencode part) 2011-07-25 20:40:31 +00:00
Miroslav Stampar
5770c08784 minor optimization and refactoring 2011-07-25 20:17:44 +00:00
Bernardo Damele
0a7a648694 Minor bug fix for --start, now all techniques return the same result (before blind techniques returned from one entry behind) 2011-07-25 11:15:18 +00:00
Bernardo Damele
6cbb927012 Partial fix for -o not resumed at following runs if missing from command line 2011-07-25 11:05:49 +00:00
Miroslav Stampar
2033a28ae7 minor update regarding last commit (cleaner code) 2011-07-24 20:44:17 +00:00
Miroslav Stampar
3a3561fdaa doing proper big table support for partial union too 2011-07-24 20:36:44 +00:00
Miroslav Stampar
ec1bc0219c hello big tables, this is sqlmap, sqlmap this is big tables 2011-07-24 09:19:33 +00:00
Miroslav Stampar
82e1e61554 minor speedup 2011-07-23 19:51:19 +00:00
Miroslav Stampar
094dc91e2d minor update (prior to some changes regarding large content retrieval) 2011-07-23 19:04:59 +00:00
Miroslav Stampar
a89140e1ce revisit of Oracle error-based payloads (added replace for '@' as a problematic char for XMLType function) 2011-07-23 06:07:00 +00:00
Miroslav Stampar
8a00ca83af refactoring. nothing special changed 2011-07-21 10:18:11 +00:00
Miroslav Stampar
963f54e6d2 minor fix for parameters containing '=' inside values itself (remark: no parameter name will have '=' nor '%3d' inside; tested and it does a good job) 2011-07-21 10:06:52 +00:00
Miroslav Stampar
7881ded60d quick fix (this other library was doing problems) 2011-07-20 22:20:16 +00:00
Bernardo Damele
d6b52242c7 Meterpreter's sniffer extension freezes 64-bit systems
Meterpreter's priv extension is loaded by default since Metasploit 3.5 or so.
There is no shellcodeexec 64-bit yet, anyway as the Metasploit payload is encoded with a 32-bit encoded (alphanumeric), it's all fine.
2011-07-20 13:50:02 +00:00
Miroslav Stampar
9d996c07fb another quick fix 2011-07-20 13:00:34 +00:00
Miroslav Stampar
fad77dd078 fix for a ImportError bug reported by g@brindi.si 2011-07-20 12:18:36 +00:00
Miroslav Stampar
9cf33ec997 now status is no longer represented in percentage (impossible in cases where we need to support too small and too large dictionaries - technical issues regarding counting) but by the rotating char 2011-07-15 13:24:13 +00:00
Miroslav Stampar
ff8fc90ac7 bug fix 2011-07-13 06:44:15 +00:00
Miroslav Stampar
5c162efbd8 more optimization 2011-07-12 23:21:15 +00:00
Miroslav Stampar
9933edc718 optimization of reflective removal mechanism 2011-07-12 22:28:19 +00:00
Bernardo Damele
cda25cda2f Cosmetics 2011-07-12 20:49:27 +00:00
Miroslav Stampar
3583d6dd1b quick fixes, more work to do 2011-07-12 20:32:19 +00:00
Miroslav Stampar
0126b8eb0e minor revert (it's illegal to use append for updating one array with another array) 2011-07-12 19:34:54 +00:00
Bernardo Damele
48b7245a33 Minor bug fix 2011-07-12 15:47:04 +00:00
Bernardo Damele
0b8c6e4c81 Minor bug fix 2011-07-12 15:30:40 +00:00
Miroslav Stampar
a46b5230f5 minor "patch" 2011-07-11 20:33:16 +00:00
Miroslav Stampar
1f826684f6 disabling multiprocessing (maybe permanently) support for Windows as of complications with sharing dictionary iterator 2011-07-11 13:16:59 +00:00
Miroslav Stampar
7bc6280d53 possible fix for a multi-processing "problem" reported by christopher.oakley@gmail.com 2011-07-11 11:40:27 +00:00
Miroslav Stampar
f5e45bf113 quick fix for a bug reported by jovon.itwaru@gmail.com 2011-07-11 08:54:39 +00:00
Miroslav Stampar
98958f8808 minor minor update 2011-07-10 15:41:45 +00:00
Miroslav Stampar
0d6afca7db adding new switch '--smart' by request 2011-07-10 15:16:58 +00:00
Miroslav Stampar
1e182e6c72 quick fix 2011-07-08 22:34:44 +00:00
Bernardo Damele
651349e229 More verbose critical message 2011-07-08 13:12:53 +00:00
Bernardo Damele
b5dd4d4a63 Minor bug fix for Microsoft Access case expressions (like --common-tables) in UNION query SQL injection 2011-07-08 10:19:01 +00:00
Miroslav Stampar
02bfd05b20 more general approach 2011-07-08 10:03:14 +00:00
Miroslav Stampar
5443e06430 cosmetics (in debug mode [0] is used) 2011-07-08 09:43:52 +00:00
Miroslav Stampar
c463c411b9 minor update 2011-07-08 09:32:58 +00:00
Miroslav Stampar
ba2c06c9dc quick fix 2011-07-08 09:01:32 +00:00
Miroslav Stampar
c517e97a44 few fixes and minor cosmetics 2011-07-08 06:02:31 +00:00
Bernardo Damele
aedcf8c8d7 Changed homepage address 2011-07-07 20:10:03 +00:00
Bernardo Damele
067354b97f Revert of last commit and proper fix to detect UNION query SQL injection against Microsoft Access 2011-07-07 13:20:40 +00:00
Bernardo Damele
9e1a6beb7a Major bug fix in UNION detection, it was a leftover 2011-07-07 00:06:20 +00:00
Bernardo Damele
fcd4e94c04 Higher chances to detect UNION query SQL injection against Microsoft Access 2011-07-06 23:52:44 +00:00
Bernardo Damele
23b4efdcaf Revamp of tamper scripts, now supporting dependencies() function as well. Improved a lot the docstring and retested all. Added a new one from Ahmad too. 2011-07-06 21:04:45 +00:00
Bernardo Damele
0d28c1e9e7 cosmetics 2011-07-06 20:41:13 +00:00
Bernardo Damele
6f6038b534 Quick fix (revert..) 2011-07-06 11:32:12 +00:00
Miroslav Stampar
93b296e02c few bug fixes (NTLM credential parsing was wrong), some switch reordering (few Misc to General), implemented --check-waf switch (irony is that this will also be called highly experimental/unstable while other things will be called "major/turbo/super bug fix/implementation") 2011-07-06 05:44:47 +00:00
Miroslav Stampar
b8ffcf9495 few fixes here and there and multi-core processing for dictionary based hash attack 2011-07-04 19:58:41 +00:00
Miroslav Stampar
34d9a91af1 bulk of fixes 2011-07-02 22:48:56 +00:00
Bernardo Damele
861cdb1b14 cosmetics 2011-07-01 10:04:34 +00:00
Miroslav Stampar
4513ef409e massive (like really massive) dictionary support 2011-06-30 23:44:49 +00:00
Miroslav Stampar
43db6b03a7 update with a feature request (file with list of wordlist files) 2011-06-30 08:42:43 +00:00
Miroslav Stampar
9e453e8709 fix for a bug reported by nightman@email.de 2011-06-29 17:49:59 +00:00
Miroslav Stampar
be9b8bca78 bug fix 2011-06-29 17:39:58 +00:00
Bernardo Damele
9eb683531d Minor improvement at blind SQL inj technique for DB2 2011-06-27 22:28:12 +00:00
Miroslav Stampar
75524c283d minor update 2011-06-27 21:59:31 +00:00
Miroslav Stampar
4be55c811f minor update 2011-06-27 21:48:26 +00:00
Miroslav Stampar
831f083223 minor update 2011-06-27 21:38:12 +00:00
Miroslav Stampar
5b4eaf48d9 minor fix (for those blank suffixes out of nowhere at the end of payload - not related to "-- ") 2011-06-27 21:34:49 +00:00
Miroslav Stampar
8a8b94883b minor update (that default quit in --batch was bothering me - my original idea and it was bad :) 2011-06-27 14:14:49 +00:00
Miroslav Stampar
d72db1bf91 minor update (all misc options are alphabetically ordered) 2011-06-27 08:21:33 +00:00
Bernardo Damele
36c96ef796 Added DB2 support - patch provided by Sebastian Bittig 2011-06-25 09:44:24 +00:00
Miroslav Stampar
e00cf81f7e minor update 2011-06-24 19:50:13 +00:00
Miroslav Stampar
e9286ddd5b fix for a bug reported by g@brindi.si (UnicodeDecodeError: 'ascii' codec can't decode byte 0xc2 in position
47: ordinal not in range(128))
2011-06-24 19:24:11 +00:00
Miroslav Stampar
c4cb367e65 looks nicer (though --tor is implicitly converted into --proxy) 2011-06-24 19:00:53 +00:00
Miroslav Stampar
aa83fe5c66 minor update 2011-06-24 18:19:33 +00:00
Miroslav Stampar
21010f702c minor beautification 2011-06-24 17:46:54 +00:00
Miroslav Stampar
2de88bd90b minor update 2011-06-24 17:19:24 +00:00
Miroslav Stampar
96190cf594 minor update 2011-06-24 17:15:15 +00:00
Bernardo Damele
406f2cda09 Got rid of useless TAB completion in --sql-shell 2011-06-24 13:05:13 +00:00
Bernardo Damele
35ce6dedcf Got rid of useless imports 2011-06-24 09:59:11 +00:00
Bernardo Damele
a78f5b4eb3 Minor adjustment to avoid function and variables with same name 2011-06-24 09:29:11 +00:00
Miroslav Stampar
eaa2a4202f changing to: --crawl=CRAWLDEPTH 2011-06-24 05:40:03 +00:00
Miroslav Stampar
3717b8423f cleanest fix this moment (conf.dbms will for sure deal problems later in any form) 2011-06-22 15:48:44 +00:00
Miroslav Stampar
5190440ea2 minor fix 2011-06-22 15:36:59 +00:00
Miroslav Stampar
97d8729d71 probable fix for a bug reported by m4l1c3 (RuntimeError: maximum recursion depth exceeded) 2011-06-22 15:28:49 +00:00
Miroslav Stampar
52ba3c281e minor update 2011-06-22 14:59:49 +00:00
Miroslav Stampar
4ca37901da thread safe logging+stdout (no more overlapping of log messages and raw output) 2011-06-22 14:53:42 +00:00
Miroslav Stampar
84bc8c3a37 update 2011-06-22 14:39:31 +00:00
Miroslav Stampar
938db1b513 replacing xmlobject logic with our own 2011-06-22 14:33:52 +00:00
Bernardo Damele
1cb12ea659 replaced third-party library python-mysql with python pymysql, http://code.google.com/p/pymysql/ (MIT license) 2011-06-22 13:31:07 +00:00
Miroslav Stampar
e76cb19e35 minor patch 2011-06-22 09:11:12 +00:00
Miroslav Stampar
b16b92fe46 minor update 2011-06-21 20:59:34 +00:00
Miroslav Stampar
2220afbdf5 fix by request 2011-06-21 20:50:16 +00:00
Miroslav Stampar
9e232256f4 reverting that last commit because there is a mess with default dumping (startLimit is set to 0 which is not so friendly with --start and --stop logic) 2011-06-21 18:29:23 +00:00
Miroslav Stampar
3536320fc9 --stop is inclusive ("Last query output entry to retrieve") 2011-06-21 18:08:33 +00:00
Miroslav Stampar
dfc02d8c3c sorry Bernardo, i hope your mobile is turned off :))) 2011-06-20 22:47:24 +00:00
Miroslav Stampar
2a4a284a29 crawler fix (skip binary files) 2011-06-20 22:41:38 +00:00
Miroslav Stampar
20bb1a685b really minor update 2011-06-20 21:57:53 +00:00
Miroslav Stampar
812cd2f19b minor update 2011-06-20 21:47:03 +00:00
Miroslav Stampar
e8ac7414f2 bug fix 2011-06-20 21:36:15 +00:00
Miroslav Stampar
d6062e8fc9 minor fix for crawler and far less message overlaps in future 2011-06-20 21:18:12 +00:00
Miroslav Stampar
8968c708a0 minor update 2011-06-20 14:27:24 +00:00
Miroslav Stampar
17fac6f67f minor update 2011-06-20 13:53:39 +00:00
Miroslav Stampar
29314f425e minor fix 2011-06-20 13:42:31 +00:00
Miroslav Stampar
f09340fc89 minor update 2011-06-20 12:40:14 +00:00
Miroslav Stampar
4d1fa5596b added support for --scope in --crawl mode 2011-06-20 12:37:51 +00:00
Miroslav Stampar
42746cc706 bug fix 2011-06-20 12:18:46 +00:00
Miroslav Stampar
67fab9f2e2 putting this to info messages (user needs to know at this place why is it waiting) 2011-06-20 12:17:19 +00:00
Miroslav Stampar
b1426b5131 bug fix 2011-06-20 12:11:09 +00:00
Miroslav Stampar
cda39ca350 minor update 2011-06-20 11:46:23 +00:00
Miroslav Stampar
07e2c72943 adding Beautifulsoup (BSD) into extras; adding --crawl to options 2011-06-20 11:32:30 +00:00
Miroslav Stampar
8c04aa871a english typo 2011-06-20 11:00:23 +00:00
Miroslav Stampar
bdb530da1f minor update 2011-06-19 10:11:27 +00:00
Miroslav Stampar
d5bc149636 made changes by buawig request (504 is treated as a classical timeout) 2011-06-19 09:57:41 +00:00
Miroslav Stampar
83af83da9e minor beautification (WordsSet is considered as a bad english) 2011-06-18 15:47:19 +00:00
Bernardo Damele
f8c32cf6b9 Moved folder 2011-06-18 12:34:41 +00:00
Bernardo Damele
28ef61b997 Use getPageTextWordsSet() also in --common-columns 2011-06-18 12:30:26 +00:00
Bernardo Damele
6b2f44de14 Minor layout adjustment 2011-06-18 12:27:12 +00:00
Bernardo Damele
cd07139919 Layout adjustments 2011-06-18 11:58:14 +00:00
Miroslav Stampar
31ad0875b4 added by request 2011-06-18 11:34:51 +00:00
Miroslav Stampar
e4be141602 minor fix for --smoke-test 2011-06-18 11:26:17 +00:00
Bernardo Damele
c7e1aeeef2 layout 2011-06-18 11:02:48 +00:00
Miroslav Stampar
905fef0eae now user can explicitly state number of UNION affected columns via --union-cols (e.g. --union-cols=5) 2011-06-18 10:51:14 +00:00
Miroslav Stampar
fde3e4cece better 2011-06-18 09:52:07 +00:00
Miroslav Stampar
2f129b01c0 "Please consider to provide" is a bad English 2011-06-18 09:46:22 +00:00
Miroslav Stampar
1440c9f2d4 minor update 2011-06-17 22:28:07 +00:00
Miroslav Stampar
87e9842371 better language 2011-06-17 22:13:45 +00:00
Miroslav Stampar
ce3170edef minor update/better language 2011-06-17 22:11:40 +00:00
Miroslav Stampar
ec6fa384eb update 2011-06-17 22:04:25 +00:00
Miroslav Stampar
0c9fa5c550 fix 2011-06-17 17:12:47 +00:00
Miroslav Stampar
043f2f92c1 minor update 2011-06-17 17:10:52 +00:00
Miroslav Stampar
c9a6aad5c3 minor fix by request 2011-06-17 16:58:50 +00:00
Miroslav Stampar
a0129dcbcb this is confusing for normal users (i've just get a mail where dude thinks that he needs to use tamper script because of this :) 2011-06-17 16:52:39 +00:00
Miroslav Stampar
f3ee2c09fb cleaner fix 2011-06-17 15:32:23 +00:00
Miroslav Stampar
bb987ec98f fix for DNS leakage 2011-06-17 15:23:58 +00:00
Miroslav Stampar
9498a3f259 little stabilization of multi threading 2011-06-17 12:50:28 +00:00
Miroslav Stampar
d27afaed7e some fixes 2011-06-16 14:27:44 +00:00
Miroslav Stampar
6b1d5a0ab8 minor fix 2011-06-16 14:11:30 +00:00
Miroslav Stampar
530c296519 minor fix 2011-06-16 13:56:17 +00:00
Miroslav Stampar
0eeb48f8f5 some fixes 2011-06-16 13:41:02 +00:00
Miroslav Stampar
7733e5866a minor update regarding mnemonics (again) 2011-06-16 12:34:38 +00:00
Miroslav Stampar
17e4c6b564 minor update regarding mnemonics 2011-06-16 12:26:50 +00:00
Miroslav Stampar
25b923bbc3 minor fixes and minor updates 2011-06-16 12:12:30 +00:00
Miroslav Stampar
3995891ab4 new file containing default settings 2011-06-16 11:43:07 +00:00
Miroslav Stampar
6f681b45ad cleaning up a bit for a configuration mess 2011-06-16 11:42:13 +00:00
Bernardo Damele
f515c9c9e0 Dealt with SVN update login traceback. Need to investigate further why it asks for credentials sometimes 2011-06-16 10:11:11 +00:00
Miroslav Stampar
63d98d8ce6 fix for a bug reported by rdsears@mtu.edu (ignored config file items) 2011-06-16 08:08:49 +00:00
Miroslav Stampar
4d51fa8155 minor update planned for a long time (in case of heuristic test was positive warn the user properly at the end if program fails) 2011-06-15 17:37:28 +00:00
Miroslav Stampar
e0ad72031f minor update 2011-06-15 12:04:30 +00:00
Miroslav Stampar
1d93a03eeb introducing mnemonics 2011-06-15 11:58:50 +00:00
Miroslav Stampar
d55a242908 minor improvement. messages are now warnings (not errors because lots of them are not causing problems for a normal usage) and most of all it's being checked only if the --dependencies is used (until now this switch has been ignored and turned on by default - always) 2011-06-14 19:38:35 +00:00
Miroslav Stampar
a4328e914b minor update 2011-06-14 19:29:42 +00:00
Miroslav Stampar
1e17c0d4a1 switching to debug mode for missing dependencies 2011-06-14 08:47:06 +00:00
Bernardo Damele
8978fded03 typo fix 2011-06-13 19:00:27 +00:00
Bernardo Damele
7152a1ed3b Added --dependences to show which sqlmap dependences are not available 2011-06-13 18:44:02 +00:00
Miroslav Stampar
0990f16f7f minor update for invalid cases like 'iso-8859-1 (western europe)' 2011-06-12 08:36:21 +00:00
Miroslav Stampar
2da56ea507 fix of a language bug 2011-06-11 21:17:30 +00:00
Miroslav Stampar
9331abb96f minor update 2011-06-11 08:33:36 +00:00
Miroslav Stampar
f8dde2c23b adding --titles switch (killer switch for pages with lots of dynamicity and/or international ones) 2011-06-10 23:18:43 +00:00
Miroslav Stampar
15d72ec566 minor improvement for special cases with --string/--regexp 2011-06-10 23:05:47 +00:00
Miroslav Stampar
8fac4605a9 minor fix for None results 2011-06-10 22:28:15 +00:00
Miroslav Stampar
71093b1cad adding one more user friendly message 2011-06-09 09:58:42 +00:00
Miroslav Stampar
fae089646b minor fix 2011-06-09 08:38:17 +00:00
Miroslav Stampar
9202fedf7b minor fix 2011-06-09 08:14:54 +00:00
Miroslav Stampar
af5fe457bd revert of the revert (it's a good idea to have it like this because of problems with e.g. --text-only and binary content) 2011-06-09 07:53:31 +00:00
Miroslav Stampar
8ec4bc9d9d revert of the last commit. have to think about it 2011-06-09 06:32:53 +00:00
Miroslav Stampar
9c093d91f2 minor update 2011-06-09 06:14:35 +00:00
Bernardo Damele
d217cf71b2 Minor bug fix 2011-06-08 23:32:44 +00:00
Bernardo Damele
6aade8e6fc grammar fix, again 2011-06-08 16:40:22 +00:00
Bernardo Damele
d160888784 Grammar fix 2011-06-08 16:25:18 +00:00
Bernardo Damele
1c6ee1dc36 Rephrase 2011-06-08 16:22:16 +00:00
Bernardo Damele
0d8d6a4ace Cosmetics 2011-06-08 16:08:20 +00:00
Bernardo Damele
70cac24909 Cosmetics 2011-06-08 15:31:27 +00:00
Bernardo Damele
64bef644c3 This was missing 2011-06-08 15:30:59 +00:00
Miroslav Stampar
d8155dfae9 change by request 2011-06-08 14:44:11 +00:00
Miroslav Stampar
6387d98ab0 quick fix 2011-06-08 14:42:48 +00:00
Bernardo Damele
0d3e8a76d8 Cosmetics and a missing param 2011-06-08 14:40:42 +00:00
Miroslav Stampar
4a9640160e more concise 2011-06-08 14:35:23 +00:00
Miroslav Stampar
6b81eef65a refactoring 2011-06-08 14:30:12 +00:00
Bernardo Damele
cd6ceb733e Adjustment and refactoring for takeover via web backdoor 2011-06-08 14:16:53 +00:00
Bernardo Damele
cce3208b35 Cleanup 2011-06-08 14:15:34 +00:00
Bernardo Damele
7da3d8dbd1 minor layout adjustment 2011-06-08 13:01:33 +00:00
Miroslav Stampar
f65abdaae3 added switch --cookie-del by request 2011-06-08 08:27:24 +00:00
Miroslav Stampar
4eeeb3655e asking and skipping to the next google result page if no usable links found 2011-06-07 23:24:17 +00:00
Miroslav Stampar
1c633b7351 i am tired of pressing hundred times Ctrl+C in testing phase if --batch is specified 2011-06-07 22:14:18 +00:00
Miroslav Stampar
75c12c5edb fix for a bug reported by cclements@flatearth.​net (TypeError: argument of type 'NoneType' is not iterable) 2011-06-07 21:46:49 +00:00
Miroslav Stampar
e7e23d1b79 fix for a Ctrl+C bug reported by nightman@email.de 2011-06-07 17:16:01 +00:00
Miroslav Stampar
26062ec71e minor update 2011-06-07 15:13:51 +00:00
Miroslav Stampar
50dde39e68 minor update 2011-06-07 10:32:18 +00:00
Miroslav Stampar
e9bf768f23 more refactoring 2011-06-07 10:08:12 +00:00
Miroslav Stampar
7a3cc38e3c refactoring and stabilization of multithreading 2011-06-07 09:50:00 +00:00
Miroslav Stampar
5f7858455d fix for a bug reported by l0rda@l0rda.biz 2011-06-07 05:57:21 +00:00
Miroslav Stampar
03c3f83893 minor fix 2011-06-06 13:34:49 +00:00
Miroslav Stampar
24ed99e5a3 fix for a bug reported by aboynes@gmail.com 2011-06-06 08:50:48 +00:00
Miroslav Stampar
97d8c60c3f better language 2011-06-03 15:58:19 +00:00
Miroslav Stampar
0a620bf322 more info to the user 2011-06-03 15:43:50 +00:00
Miroslav Stampar
8c80413c52 well, important fix for blind based cases (especially OR ones) 2011-06-03 15:29:22 +00:00
Miroslav Stampar
f27181c628 minor improvement for blind based injections with reflected values 2011-06-03 14:41:36 +00:00
Miroslav Stampar
e9eafc2e94 minor update 2011-06-03 14:13:22 +00:00
Miroslav Stampar
64a862ed58 minor usability update 2011-06-03 14:04:02 +00:00
Miroslav Stampar
faf7814869 fix for a fuzz "bug" reported by daniele.rivetti@yahoo.com 2011-06-03 11:01:26 +00:00
Miroslav Stampar
08d6bb4f23 minor fix 2011-06-02 22:13:31 +00:00
Miroslav Stampar
8aa5625cd0 proper fix related to the last commit 2011-06-01 23:00:18 +00:00
Miroslav Stampar
fd57aae779 bug fix (until this moment we had UNION unfunctional for MSSQL) 2011-06-01 22:47:54 +00:00
Miroslav Stampar
fc96764f80 minor bug fix ("trimmed" error message was shown for empty cases too because u'' or None == None) 2011-06-01 22:06:06 +00:00
Miroslav Stampar
091c174bc4 better language 2011-06-01 08:30:06 +00:00
Miroslav Stampar
63145236b9 minor fix 2011-05-31 21:53:29 +00:00
Miroslav Stampar
42100e0e5b big bug fix 2011-05-30 23:15:29 +00:00
Miroslav Stampar
9600556dae better language 2011-05-30 23:04:49 +00:00
Miroslav Stampar
b7088440c2 better sentence 2011-05-30 22:47:17 +00:00
Miroslav Stampar
3c12799ff0 minor improvement 2011-05-30 20:34:34 +00:00
Miroslav Stampar
89559d1b0a better regex and now after we have that automatic switch off for reflective removal mechanism it's not so important to change it 2011-05-30 20:18:30 +00:00
Miroslav Stampar
b79dae6e95 minor update 2011-05-30 14:49:03 +00:00
Miroslav Stampar
20988e58ed warp 5 mr spock :) 2011-05-30 09:46:32 +00:00
Miroslav Stampar
001cbff2a9 speed up of 2 times for partial union technique 2011-05-30 09:07:48 +00:00
Miroslav Stampar
97820949f5 minor update 2011-05-30 08:33:01 +00:00
Miroslav Stampar
d5ede6afb4 fix for a dirty reading issue reported by skysbsb@gmail.com (IndexError: list index out of range) 2011-05-30 06:38:44 +00:00
Miroslav Stampar
23d7820de7 minor update 2011-05-29 23:56:41 +00:00
Miroslav Stampar
6fd8602f01 minor update 2011-05-29 23:33:34 +00:00
Miroslav Stampar
86455ceb9c implementation of multithreading for UNION and ERROR techniques 2011-05-29 23:17:50 +00:00
Miroslav Stampar
d51efa679d typo update 2011-05-29 06:26:28 +00:00
Miroslav Stampar
f848cc779e adding legal disclaimer as latest situation (these days news headlines) seems out of control 2011-05-28 18:54:14 +00:00
Miroslav Stampar
a5a70f0895 minor update 2011-05-28 18:21:03 +00:00
Miroslav Stampar
ecbeecdccf minor refactoring 2011-05-28 18:11:56 +00:00
Miroslav Stampar
eb9b84d1da type correction 2011-05-28 17:53:05 +00:00
Miroslav Stampar
03ef53f00a update regarding mysql function resolution and versionedkeywords 2011-05-28 17:34:43 +00:00
Miroslav Stampar
95dea1fbf9 sharp tuning UNION tests even more 2011-05-28 08:06:19 +00:00
Miroslav Stampar
c11ea35d53 adding some user input for "refreshing" cases (like redirect ones) 2011-05-27 22:42:23 +00:00
Miroslav Stampar
cf69809c3c minor update 2011-05-27 16:26:00 +00:00
Miroslav Stampar
8227298057 user friendliness uber 9000 2011-05-27 08:30:52 +00:00
Miroslav Stampar
a8b58afdb2 minor update 2011-05-27 08:21:02 +00:00
Miroslav Stampar
48f52d7697 minor beautification 2011-05-27 08:16:14 +00:00
Miroslav Stampar
61b960f65f minor update related to the last one 2011-05-26 22:05:10 +00:00
Miroslav Stampar
45caadbd4a important update - finally found what was causing headache for UNION payloads in noticeable number of cases 2011-05-26 21:54:19 +00:00
Miroslav Stampar
97bd5355dd minor update 2011-05-26 21:18:55 +00:00
Miroslav Stampar
5d56e89cf5 minor update 2011-05-26 21:08:46 +00:00
Miroslav Stampar
06108b6da6 minor update related to the last commit 2011-05-26 20:58:24 +00:00
Miroslav Stampar
4f46a5ab63 minor usability enhancement regarding warning for --text-only switch 2011-05-26 20:48:18 +00:00
Miroslav Stampar
ff030e4d24 minor cleanup of the leftover 2011-05-26 17:37:24 +00:00
Miroslav Stampar
bf2b58ba82 minor update 2011-05-26 15:23:28 +00:00
Miroslav Stampar
b6fe5b12a4 adding --schema to the wizard/Basic as it looks like a cool thingy to put there 2011-05-26 14:30:05 +00:00
Miroslav Stampar
4f2c999146 fix for a bug reported by mail@8dh.de (UnicodeDecodeError: requestMsg += "\n%s" % requestHeaders) 2011-05-26 13:47:20 +00:00
Miroslav Stampar
f3ed61af5f bug fix when using inference and kb.pageEncoding is None (like in binary cases) 2011-05-25 21:12:12 +00:00
Miroslav Stampar
5369657cd5 fix for cases with retrieved binary files (preventing difflib nagging around comparison) 2011-05-25 20:54:30 +00:00
Miroslav Stampar
a1fd2898a0 added friendly tip message for url encoding GET and POST payloads 2011-05-25 11:10:52 +00:00
Miroslav Stampar
0e480a9921 adding SYS to the ORACLE_SYSTEM_DBS 2011-05-25 10:55:47 +00:00
Miroslav Stampar
2f456bee75 minor beautification 2011-05-25 08:14:39 +00:00
Miroslav Stampar
8b7a3c5a6b making it easier for totally dummy users 2011-05-24 17:24:01 +00:00
Miroslav Stampar
bec2c04671 helping dummy users 2011-05-24 17:15:25 +00:00
Miroslav Stampar
a3466ff79c serving everything for the users 2011-05-24 16:34:08 +00:00
Miroslav Stampar
69eb173eca minor just in case patch 2011-05-24 15:07:37 +00:00
Miroslav Stampar
0072c3af8e fix for a bug reported by aboynes@gmail.com (for elt in self.a) 2011-05-24 15:03:21 +00:00
Miroslav Stampar
f774d8fea0 proper Tor settings (reverted r3915 and implemented it the right way) 2011-05-24 11:06:58 +00:00
Miroslav Stampar
915c206e3d minor fix for socks proxy issues 2011-05-24 09:47:10 +00:00
Miroslav Stampar
ad25bcc2be better way for dealing with relative paths 2011-05-24 05:26:51 +00:00
Miroslav Stampar
a536bf210f improved redirection mechanism 2011-05-23 23:20:03 +00:00
Miroslav Stampar
128a012121 this was causing that --suffix trouble 2011-05-23 19:59:07 +00:00
Miroslav Stampar
bfe8e51b7c minor fix for retrieving stuff like "SELECT * FROM testdb..users" 2011-05-23 19:45:40 +00:00
Miroslav Stampar
2b12b18357 incorporating metasploit patch from oliver.kuckertz@mologie.de 2011-05-23 15:27:10 +00:00
Miroslav Stampar
4542d4535f minor beautification 2011-05-23 14:28:05 +00:00
Miroslav Stampar
31b48ec11c removing space left 2011-05-23 14:18:33 +00:00
Miroslav Stampar
0ed03d474f now supporting "blank tables" - schema of the table will be preserved, even if it's empty - especially nice feature for --replicate 2011-05-23 11:09:44 +00:00
Miroslav Stampar
868fbe370b minor beautification 2011-05-23 10:39:58 +00:00
Miroslav Stampar
fb23beef6f most elegant way i could think of to deal with "collation incompatibilities" issue on some MySQL/UNION cases (affected about 5% of all targets tested) 2011-05-22 19:14:36 +00:00
Miroslav Stampar
4fdb6ac9b9 adding useful info 2011-05-22 15:30:19 +00:00