sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2026-01-13 03:56:14 +03:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: sqlmapproject:1.10
Branches Tags
sqlmapproject:master
sqlmapproject:gh-pages
sqlmapproject:1.10
sqlmapproject:1.9.12
sqlmapproject:1.9.11
sqlmapproject:1.9.10
sqlmapproject:1.9.9
sqlmapproject:1.9.8
sqlmapproject:1.9.7
sqlmapproject:1.9.6
sqlmapproject:1.9.5
sqlmapproject:1.9.4
sqlmapproject:1.9.3
sqlmapproject:1.9.2
sqlmapproject:1.9
sqlmapproject:1.8.12
sqlmapproject:1.8.11
sqlmapproject:1.8.10
sqlmapproject:1.8.9
sqlmapproject:1.8.8
sqlmapproject:1.8.7
sqlmapproject:1.8.6
sqlmapproject:1.8.5
sqlmapproject:1.8.4
sqlmapproject:1.8.3
sqlmapproject:1.8.2
sqlmapproject:1.8
sqlmapproject:1.8.1
sqlmapproject:1.7.1
sqlmapproject:1.7.12
sqlmapproject:1.7.11
sqlmapproject:1.7.10
sqlmapproject:1.7.9
sqlmapproject:1.7.8
sqlmapproject:1.7.7
sqlmapproject:1.7.6
sqlmapproject:1.7.5
sqlmapproject:1.7.4
sqlmapproject:1.7.3
sqlmapproject:1.7.2
sqlmapproject:1.7
sqlmapproject:1.6.12
sqlmapproject:1.6.11
sqlmapproject:1.6.10
sqlmapproject:1.6.9
sqlmapproject:1.6.8
sqlmapproject:1.6.7
sqlmapproject:1.6.6
sqlmapproject:1.6.5
sqlmapproject:1.6.4
sqlmapproject:1.6.3
sqlmapproject:1.6.2
sqlmapproject:1.6
sqlmapproject:1.5.12
sqlmapproject:1.5.11
sqlmapproject:1.5.10
sqlmapproject:1.5.9
sqlmapproject:1.5.8
sqlmapproject:1.5.7
sqlmapproject:1.5.6
sqlmapproject:1.5.5
sqlmapproject:1.5.4
sqlmapproject:1.5.3
sqlmapproject:1.5.2
sqlmapproject:1.5
sqlmapproject:1.4.12
sqlmapproject:1.4.11
sqlmapproject:1.4.10
sqlmapproject:1.4.9
sqlmapproject:1.4.8
sqlmapproject:1.4.7
sqlmapproject:1.4.6
sqlmapproject:1.4.5
sqlmapproject:1.4.4
sqlmapproject:0.19
sqlmapproject:1.4.3
sqlmapproject:1.4.2
sqlmapproject:1.4
sqlmapproject:1.3.12
sqlmapproject:1.3.11
sqlmapproject:1.3.10
sqlmapproject:1.3.9
sqlmapproject:1.3.8
sqlmapproject:1.3.7
sqlmapproject:1.3.6
sqlmapproject:1.3.5
sqlmapproject:1.3.4
sqlmapproject:1.3.3
sqlmapproject:1.3.2
sqlmapproject:1.3
sqlmapproject:1.2.12
sqlmapproject:1.2.11
sqlmapproject:1.2.10
sqlmapproject:1.2.9
sqlmapproject:1.2.8
sqlmapproject:1.2.7
sqlmapproject:1.2.6
sqlmapproject:1.2.5
sqlmapproject:1.2.4
sqlmapproject:1.2.3
sqlmapproject:1.2.2
sqlmapproject:1.2
sqlmapproject:1.1.12
sqlmapproject:1.1.11
sqlmapproject:1.1.10
sqlmapproject:1.1.9
sqlmapproject:1.1.8
sqlmapproject:1.1.7
sqlmapproject:1.1.6
sqlmapproject:1.1.5
sqlmapproject:1.1.4
sqlmapproject:1.1.3
sqlmapproject:1.1.2
sqlmapproject:1.1
sqlmapproject:1.0.12
sqlmapproject:1.0.11
sqlmapproject:1.0.10
sqlmapproject:1.0.9
sqlmapproject:1.0.8
sqlmapproject:1.0.7
sqlmapproject:1.0.6
sqlmapproject:1.0.5
sqlmapproject:1.0.4
sqlmapproject:1.0.3
sqlmapproject:1.0
sqlmapproject:0.6.2
sqlmapproject:0.6.3
sqlmapproject:0.6.4
sqlmapproject:0.7-rc1
sqlmapproject:0.8-rc2
sqlmapproject:0.8-rc3
sqlmapproject:0.7
sqlmapproject:0.8-rc4
sqlmapproject:0.8
sqlmapproject:0.9
..
compare: sqlmapproject:master
Branches Tags
sqlmapproject:master
sqlmapproject:gh-pages
sqlmapproject:1.10
sqlmapproject:1.9.12
sqlmapproject:1.9.11
sqlmapproject:1.9.10
sqlmapproject:1.9.9
sqlmapproject:1.9.8
sqlmapproject:1.9.7
sqlmapproject:1.9.6
sqlmapproject:1.9.5
sqlmapproject:1.9.4
sqlmapproject:1.9.3
sqlmapproject:1.9.2
sqlmapproject:1.9
sqlmapproject:1.8.12
sqlmapproject:1.8.11
sqlmapproject:1.8.10
sqlmapproject:1.8.9
sqlmapproject:1.8.8
sqlmapproject:1.8.7
sqlmapproject:1.8.6
sqlmapproject:1.8.5
sqlmapproject:1.8.4
sqlmapproject:1.8.3
sqlmapproject:1.8.2
sqlmapproject:1.8
sqlmapproject:1.8.1
sqlmapproject:1.7.1
sqlmapproject:1.7.12
sqlmapproject:1.7.11
sqlmapproject:1.7.10
sqlmapproject:1.7.9
sqlmapproject:1.7.8
sqlmapproject:1.7.7
sqlmapproject:1.7.6
sqlmapproject:1.7.5
sqlmapproject:1.7.4
sqlmapproject:1.7.3
sqlmapproject:1.7.2
sqlmapproject:1.7
sqlmapproject:1.6.12
sqlmapproject:1.6.11
sqlmapproject:1.6.10
sqlmapproject:1.6.9
sqlmapproject:1.6.8
sqlmapproject:1.6.7
sqlmapproject:1.6.6
sqlmapproject:1.6.5
sqlmapproject:1.6.4
sqlmapproject:1.6.3
sqlmapproject:1.6.2
sqlmapproject:1.6
sqlmapproject:1.5.12
sqlmapproject:1.5.11
sqlmapproject:1.5.10
sqlmapproject:1.5.9
sqlmapproject:1.5.8
sqlmapproject:1.5.7
sqlmapproject:1.5.6
sqlmapproject:1.5.5
sqlmapproject:1.5.4
sqlmapproject:1.5.3
sqlmapproject:1.5.2
sqlmapproject:1.5
sqlmapproject:1.4.12
sqlmapproject:1.4.11
sqlmapproject:1.4.10
sqlmapproject:1.4.9
sqlmapproject:1.4.8
sqlmapproject:1.4.7
sqlmapproject:1.4.6
sqlmapproject:1.4.5
sqlmapproject:1.4.4
sqlmapproject:0.19
sqlmapproject:1.4.3
sqlmapproject:1.4.2
sqlmapproject:1.4
sqlmapproject:1.3.12
sqlmapproject:1.3.11
sqlmapproject:1.3.10
sqlmapproject:1.3.9
sqlmapproject:1.3.8
sqlmapproject:1.3.7
sqlmapproject:1.3.6
sqlmapproject:1.3.5
sqlmapproject:1.3.4
sqlmapproject:1.3.3
sqlmapproject:1.3.2
sqlmapproject:1.3
sqlmapproject:1.2.12
sqlmapproject:1.2.11
sqlmapproject:1.2.10
sqlmapproject:1.2.9
sqlmapproject:1.2.8
sqlmapproject:1.2.7
sqlmapproject:1.2.6
sqlmapproject:1.2.5
sqlmapproject:1.2.4
sqlmapproject:1.2.3
sqlmapproject:1.2.2
sqlmapproject:1.2
sqlmapproject:1.1.12
sqlmapproject:1.1.11
sqlmapproject:1.1.10
sqlmapproject:1.1.9
sqlmapproject:1.1.8
sqlmapproject:1.1.7
sqlmapproject:1.1.6
sqlmapproject:1.1.5
sqlmapproject:1.1.4
sqlmapproject:1.1.3
sqlmapproject:1.1.2
sqlmapproject:1.1
sqlmapproject:1.0.12
sqlmapproject:1.0.11
sqlmapproject:1.0.10
sqlmapproject:1.0.9
sqlmapproject:1.0.8
sqlmapproject:1.0.7
sqlmapproject:1.0.6
sqlmapproject:1.0.5
sqlmapproject:1.0.4
sqlmapproject:1.0.3
sqlmapproject:1.0
sqlmapproject:0.6.2
sqlmapproject:0.6.3
sqlmapproject:0.6.4
sqlmapproject:0.7-rc1
sqlmapproject:0.8-rc2
sqlmapproject:0.8-rc3
sqlmapproject:0.7
sqlmapproject:0.8-rc4
sqlmapproject:0.8
sqlmapproject:0.9

39 Commits
1.10 ... master

Author SHA1 Message Date
Miroslav Stampar
38f3f16127 Minor update of common-outputs.txt 2026-01-12 23:32:06 +01:00
Miroslav Stampar
7c4e4247d8 Minor update of years 2026-01-12 23:17:10 +01:00
Miroslav Stampar
8c63d4c4a6 Minor patch for Snowflake implementation (#5980) 2026-01-12 23:11:46 +01:00
Miroslav Stampar
f36d040206 Adding support for --privileges to Snowflake implementation (#5980) 2026-01-12 22:51:48 +01:00
Miroslav Stampar
ef6c3d40d3 Adding support for --statements to Snowflake implementation (#5980) 2026-01-12 22:41:42 +01:00
Miroslav Stampar
07aa7f994d Adding support for --hostname to Snowflake implementation (#5980) 2026-01-12 22:35:56 +01:00
Miroslav Stampar
9e29d7af8c Fixing a typo for Snowflake implementation (#5980) 2026-01-12 22:02:03 +01:00
Miroslav Stampar
88f22c3440 Heuristic checks for Snowflake implementation (#5980) 2026-01-12 21:28:41 +01:00
Miroslav Stampar
3d70e2511b Trivial update 2026-01-12 20:24:13 +01:00
Miroslav Stampar
04bf68f4ea Fixes #6005 2026-01-12 20:22:29 +01:00
Miroslav Stampar
1da33b9901 Some more fixes for Snowflake implementation (#5980) 2026-01-12 19:39:22 +01:00
Miroslav Stampar
b5a1f6fa09 Lots of fixes for Snowflake implementation (#5980) 2026-01-12 19:26:14 +01:00
Miroslav Stampar
b0feb2a0fd Minor update (#5980) 2026-01-12 12:09:25 +01:00
Miroslav Stampar
29c5117ee3 Bump some years in headers 2026-01-12 12:02:57 +01:00
Miroslav Stampar
fd9045cbc6 Fixing python2 compatibility issue (#5980) 2026-01-12 12:01:41 +01:00
Jaggar Henry
279a9b3314
Added "Snowflake" DBMS support (#5980) 
* Added SQL queries for 'Snowflake' DBMS

* Added necessary constants for the 'Snowflake' DBMS

* Added the 'Snowflake' DBMS to existing conditional which adds dynamic values to hardcoded statements (queries.xml)

* Added plugin logic for the 'Snowflake' DBMS

* Modified 'dbs' query to include 'ORDER BY'

* Moved 'LIMIT' to appear before 'OFFSET'
 2026-01-12 11:59:00 +01:00
Miroslav Stampar
e9a9d90837 Minor patch to MsSQL fingerprinting 2026-01-11 23:23:43 +01:00
Miroslav Stampar
a995e1afb4 Minor update of vuln testing 2026-01-10 11:37:39 +01:00
Miroslav Stampar
bc0d2a11a3 Minor update 2026-01-09 17:01:00 +01:00
Miroslav Stampar
7bc3741a48 Minor patch 2026-01-09 00:08:03 +01:00
Miroslav Stampar
363a405fa0 Minor update 2026-01-08 23:59:47 +01:00
Miroslav Stampar
e2534b3c36 Adding test check for --titles 2026-01-08 23:47:06 +01:00
Miroslav Stampar
65ce6ba4c9 Implementing CSRF case into vuln testing 2026-01-08 23:31:40 +01:00
Miroslav Stampar
2e00154e38 Fixing thread-safety in getHeuristicCharEncoding 2026-01-08 20:59:40 +01:00
Miroslav Stampar
603295e68d Minor update of vulnserver testing 2026-01-08 20:49:17 +01:00
Miroslav Stampar
69a613ef67 Minor improvement 2026-01-07 17:34:26 +01:00
Miroslav Stampar
69eca57915 Minor update 2026-01-05 00:31:50 +01:00
Miroslav Stampar
5864dd4949 Minor patching 2026-01-04 23:48:50 +01:00
Miroslav Stampar
dc30e60082 Minor patches 2026-01-04 23:39:28 +01:00
Miroslav Stampar
4af6dad130 Minor patch 2026-01-04 20:54:50 +01:00
Miroslav Stampar
58ebc41b28 Minor update 2026-01-04 20:46:18 +01:00
Miroslav Stampar
9e436efbc5 Minor update 2026-01-04 20:36:46 +01:00
Miroslav Stampar
760fac59d8 Minor patch of max connection total size 2026-01-04 20:34:57 +01:00
Miroslav Stampar
15c65d084c Minor patch 2026-01-04 20:23:41 +01:00
Miroslav Stampar
6ef62d0201 Minor improvement of PKI handler 2026-01-04 20:22:02 +01:00
Miroslav Stampar
8c9e70496b Proper patch for #6000 2026-01-04 20:08:43 +01:00
Farhan Ansari
ec123bafb1
Fix broken GitHub downloads URL in update message (#6001) 
The /downloads endpoint was removed by GitHub years ago and now returns 404. Updated to point to /releases which has the actual download links.
 2026-01-04 20:05:13 +01:00
Miroslav Stampar
737f2279e2 Adding credits for --tui (#5965) 2026-01-02 01:35:56 +01:00
Miroslav Stampar
4a40101647 Dummy update 2026-01-01 19:29:27 +01:00
42 changed files with 834 additions and 169 deletions
Show Stats Expand all files Collapse all files

99
data/txt/common-outputs.txt
View File

@ -15,6 +15,14 @@
5.7. 5.7.
6.0. 6.0.
8.0. 8.0.
8.1.
8.2.
8.3.
8.4.
9.0.
9.1.
9.2.
9.3.
# PostgreSQL # PostgreSQL
PostgreSQL 7.0 PostgreSQL 7.0
@ -39,6 +47,10 @@ PostgreSQL 10.
PostgreSQL 11. PostgreSQL 11.
PostgreSQL 12. PostgreSQL 12.
PostgreSQL 13. PostgreSQL 13.
PostgreSQL 14.
PostgreSQL 15.
PostgreSQL 16.
PostgreSQL 17.
# Oracle # Oracle
Oracle Database 9i Standard Edition Release Oracle Database 9i Standard Edition Release
@ -59,6 +71,11 @@ Oracle Database 11g Express Edition Release 11.
Oracle Database 11g Enterprise Edition Release Oracle Database 11g Enterprise Edition Release
Oracle Database 11g Enterprise Edition Release 11. Oracle Database 11g Enterprise Edition Release 11.
Oracle Database 12c Oracle Database 12c
Oracle Database 18c
Oracle Database 19c
Oracle Database 21c
Oracle Database 23ai
Oracle Database 26ai
# Microsoft SQL Server # Microsoft SQL Server
Microsoft SQL Server 7.0 Microsoft SQL Server 7.0
@ -70,6 +87,8 @@ Microsoft SQL Server 2014
Microsoft SQL Server 2016 Microsoft SQL Server 2016
Microsoft SQL Server 2017 Microsoft SQL Server 2017
Microsoft SQL Server 2019 Microsoft SQL Server 2019
Microsoft SQL Server 2022
Microsoft SQL Server 2025
[Users] [Users]
@ -420,6 +439,10 @@ ReportServer
ReportServerTempDB ReportServerTempDB
tempdb tempdb
# Cloud Defaults
rdsadmin
innodb
azure_maintenance
[Tables] [Tables]
@ -1095,6 +1118,29 @@ vVendor
WorkOrder WorkOrder
WorkOrderRouting WorkOrderRouting
# Common tables
accounts
admin
audit
backup
config
configuration
customers
data
files
history
images
log
logs
members
messages
orders
products
settings
test
tokens
uploads
[Columns] [Columns]
@ -1236,20 +1282,51 @@ text
time time
timestamp timestamp
# common columns # Common columns
active
address
admin
blocked
category_id
city
confirmed
country
created_at created_at
updated_at
deleted_at
created_on created_on
modified_on customer_id
timestamp deleted
deleted_at
dob
email
enabled
first_name
flag
gender
hidden
is_active is_active
is_deleted is_deleted
is_published is_published
status last_name
enabled locked
user_id login
product_id modified_on
category_id name
order_id order_id
customer_id password
phone
private
product_id
public
role
salt
state
status
timestamp
token
type
updated_at
user_id
username
visible
zip
zip_code

75
data/txt/sha256sums.txt
View File

@ -26,7 +26,7 @@ c3a595fc1746ee07dbc0592ba7d5e207e6110954980599f63b8156d1d277f8ca data/shell/sta
82bcebc46ed3218218665794197625c668598eb7e861dd96e4f731a27b18a701 data/shell/stagers/stager.php_ 82bcebc46ed3218218665794197625c668598eb7e861dd96e4f731a27b18a701 data/shell/stagers/stager.php_
eb86f6ad21e597f9283bb4360129ebc717bc8f063d7ab2298f31118275790484 data/txt/common-columns.txt eb86f6ad21e597f9283bb4360129ebc717bc8f063d7ab2298f31118275790484 data/txt/common-columns.txt
63ba15f2ba3df6e55600a2749752c82039add43ed61129febd9221eb1115f240 data/txt/common-files.txt 63ba15f2ba3df6e55600a2749752c82039add43ed61129febd9221eb1115f240 data/txt/common-files.txt
5ead09a8e46b0043fae0ae35fbe1e67b284002e715b65eb26080d91e8b100d19 data/txt/common-outputs.txt 9610fbd4ede776ab60d003c0ea052d68625921a53cdcfa50a4965b0985b619ca data/txt/common-outputs.txt
44047281263ef297f27fdd8fa98a0b0438a25989f897ce184cb0e2e442fb6c11 data/txt/common-tables.txt 44047281263ef297f27fdd8fa98a0b0438a25989f897ce184cb0e2e442fb6c11 data/txt/common-tables.txt
ccba96624a0176b4c5acd8824db62a8c6856dafa7d32424807f38efed22a6c29 data/txt/keywords.txt ccba96624a0176b4c5acd8824db62a8c6856dafa7d32424807f38efed22a6c29 data/txt/keywords.txt
522cce0327de8a5dfb5ade505e8a23bbd37bcabcbb2993f4f787ccdecf24997e data/txt/smalldict.txt 522cce0327de8a5dfb5ade505e8a23bbd37bcabcbb2993f4f787ccdecf24997e data/txt/smalldict.txt
@ -78,18 +78,18 @@ a7eb4d1bcbdfd155383dcd35396e2d9dd40c2e89ce9d5a02e63a95a94f0ab4ea data/xml/banne
e2febc92f9686eacf17a0054f175917b783cc6638ca570435a5203b03245fc18 data/xml/banner/x-aspnet-version.xml e2febc92f9686eacf17a0054f175917b783cc6638ca570435a5203b03245fc18 data/xml/banner/x-aspnet-version.xml
3a440fbbf8adffbe6f570978e96657da2750c76043f8e88a2c269fe9a190778c data/xml/banner/x-powered-by.xml 3a440fbbf8adffbe6f570978e96657da2750c76043f8e88a2c269fe9a190778c data/xml/banner/x-powered-by.xml
1ac399c49ce3cb8c0812bb246e60c8a6718226efe89ccd1f027f49a18dbeb634 data/xml/boundaries.xml 1ac399c49ce3cb8c0812bb246e60c8a6718226efe89ccd1f027f49a18dbeb634 data/xml/boundaries.xml
47c444f260fcba24bb1f13e3d4819ed846909f8d2b6e715069d6372ea30f026f data/xml/errors.xml ffb3ce7c98e033b5fb7f392f833aa08781041d958b97c53179d1d667237b51af data/xml/errors.xml
cfa1f0557fb71be0631796a4848d17be536e38f94571cf6ef911454fbc6b30d1 data/xml/payloads/boolean_blind.xml cfa1f0557fb71be0631796a4848d17be536e38f94571cf6ef911454fbc6b30d1 data/xml/payloads/boolean_blind.xml
f2b711ea18f20239ba9902732631684b61106d4a4271669125a4cf41401b3eaf data/xml/payloads/error_based.xml f2b711ea18f20239ba9902732631684b61106d4a4271669125a4cf41401b3eaf data/xml/payloads/error_based.xml
b0f434f64105bd61ab0f6867b3f681b97fa02b4fb809ac538db382d031f0e609 data/xml/payloads/inline_query.xml b0f434f64105bd61ab0f6867b3f681b97fa02b4fb809ac538db382d031f0e609 data/xml/payloads/inline_query.xml
0648264166455010921df1ec431e4c973809f37ef12cbfea75f95029222eb689 data/xml/payloads/stacked_queries.xml 0648264166455010921df1ec431e4c973809f37ef12cbfea75f95029222eb689 data/xml/payloads/stacked_queries.xml
997556b6170964a64474a2e053abe33cf2cf029fb1acec660d4651cc67a3c7e1 data/xml/payloads/time_blind.xml 997556b6170964a64474a2e053abe33cf2cf029fb1acec660d4651cc67a3c7e1 data/xml/payloads/time_blind.xml
40a4878669f318568097719d07dc906a19b8520bc742be3583321fc1e8176089 data/xml/payloads/union_query.xml 40a4878669f318568097719d07dc906a19b8520bc742be3583321fc1e8176089 data/xml/payloads/union_query.xml
eeaec8f6590db3315a740b04f21fed8ae229d9d0ef8b85af5ad83a905e9bfd6e data/xml/queries.xml a2a2d3f8bf506f27ab0847ad4daa1fc41ca781dd58b70d2d9ac1360cf8151260 data/xml/queries.xml
abb6261b1c531ad2ee3ada8184c76bcdc38732558d11a8e519f36fcc95325f7e doc/AUTHORS abb6261b1c531ad2ee3ada8184c76bcdc38732558d11a8e519f36fcc95325f7e doc/AUTHORS
ce20a4b452f24a97fde7ec9ed816feee12ac148e1fde5f1722772cc866b12740 doc/CHANGELOG.md ce20a4b452f24a97fde7ec9ed816feee12ac148e1fde5f1722772cc866b12740 doc/CHANGELOG.md
2df1f15110f74ce4e52f0e7e4a605e6c7e08fbda243e444f9b60e26dfc5cf09d doc/THANKS.md 7af515e3ad13fb7e9cfa4debc8ec879758c0cfbe67642b760172178cda9cf5cb doc/THANKS.md
f939c6341e3ab16b0bb9d597e4b13856c7d922be27fd8dba3aa976b347771f16 doc/THIRD-PARTY.md 5112f71069f35d4b3737791ca680f2815f0c42fdf5c9bedff7654dde8372327f doc/THIRD-PARTY.md
25012296e8484ea04f7d2368ac9bdbcded4e42dbc5e3373d59c2bb3e950be0b8 doc/translations/README-ar-AR.md 25012296e8484ea04f7d2368ac9bdbcded4e42dbc5e3373d59c2bb3e950be0b8 doc/translations/README-ar-AR.md
c25f7d7f0cc5e13db71994d2b34ada4965e06c87778f1d6c1a103063d25e2c89 doc/translations/README-bg-BG.md c25f7d7f0cc5e13db71994d2b34ada4965e06c87778f1d6c1a103063d25e2c89 doc/translations/README-bg-BG.md
e85c82df1a312d93cd282520388c70ecb48bfe8692644fe8dbbf7d43244cda41 doc/translations/README-bn-BD.md e85c82df1a312d93cd282520388c70ecb48bfe8692644fe8dbbf7d43244cda41 doc/translations/README-bn-BD.md
@ -160,43 +160,43 @@ ca86d61d3349ed2d94a6b164d4648cff9701199b5e32378c3f40fca0f517b128 extra/shutils/
df768bcb9838dc6c46dab9b4a877056cb4742bd6cfaaf438c4a3712c5cc0d264 extra/shutils/recloak.sh df768bcb9838dc6c46dab9b4a877056cb4742bd6cfaaf438c4a3712c5cc0d264 extra/shutils/recloak.sh
1972990a67caf2d0231eacf60e211acf545d9d0beeb3c145a49ba33d5d491b3f extra/shutils/strip.sh 1972990a67caf2d0231eacf60e211acf545d9d0beeb3c145a49ba33d5d491b3f extra/shutils/strip.sh
1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3 extra/vulnserver/__init__.py 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3 extra/vulnserver/__init__.py
11fd73d2a49ae110dff6ee9c28a6703d7573187d639a11a190f699221612b488 extra/vulnserver/vulnserver.py 9e5e4d3d9acb767412259895a3ee75e1a5f42d0b9923f17605d771db384a6f60 extra/vulnserver/vulnserver.py
b8411d1035bb49b073476404e61e1be7f4c61e205057730e2f7880beadcd5f60 lib/controller/action.py b8411d1035bb49b073476404e61e1be7f4c61e205057730e2f7880beadcd5f60 lib/controller/action.py
460d3da652b8f55c9eaf0f90be33eddf3355355e5c5b1c98b7fc4d83b1c54fda lib/controller/checks.py e376093d4f6e42ee38b050af329179df9c1c136b7667b2f1cb559f5d4b69ebd9 lib/controller/checks.py
430475857a37fd997e73a47d7485c5dd4aa0985ef32c5a46b5e7bff01749ba66 lib/controller/controller.py 430475857a37fd997e73a47d7485c5dd4aa0985ef32c5a46b5e7bff01749ba66 lib/controller/controller.py
ccec2373f6393f3d644db3de2910e17ef705817063c03e7ca4417f9d7f622527 lib/controller/handler.py 1ecbca13afdc7c2bc8dc215c5d7fca453bf836dbe3ca377609750bfbc4874a85 lib/controller/handler.py
1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3 lib/controller/__init__.py 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3 lib/controller/__init__.py
6da126b359e67f73cea7848d3f35dd0890aece16374d04b60490b85e26bf7224 lib/core/agent.py 2a96190ced25d8929861b13866101812fcadf5cac23dd1dd4b29b1a915918769 lib/core/agent.py
1da4ec9cd9b67c8b54e4a3d314f8237d58778d8f3a00bc26a1e0540294dca30f lib/core/bigarray.py 1da4ec9cd9b67c8b54e4a3d314f8237d58778d8f3a00bc26a1e0540294dca30f lib/core/bigarray.py
ed02b196398b8351ed6989c8fd8ec2a8244f2f9da6ca7b08691219dcc63422d8 lib/core/common.py 3f1fbe7c15b929db81097d10c2897eb1e711f158de51ef9041b4c74e11f3f1d8 lib/core/common.py
a6397b10de7ae7c56ed6b0fa3b3c58eb7a9dbede61bf93d786e73258175c981e lib/core/compat.py a6397b10de7ae7c56ed6b0fa3b3c58eb7a9dbede61bf93d786e73258175c981e lib/core/compat.py
d6e80cecc32601e903aaf5faeb6fd2fe4c6b64a206d7eabb353b7a36e9f2bc46 lib/core/convert.py a9997e97ebe88e0bf7efcf21e878bc5f62c72348e5aba18f64d6861390a4dcf2 lib/core/convert.py
c03dc585f89642cfd81b087ac2723e3e1bb3bfa8c60e6f5fe58ef3b0113ebfe6 lib/core/data.py c03dc585f89642cfd81b087ac2723e3e1bb3bfa8c60e6f5fe58ef3b0113ebfe6 lib/core/data.py
421509c42dab738d908f2453cbdd6eb75eb672a7b6de68bee8c95d867fac79f1 lib/core/datatype.py e396b7971d38896e0e20b973a3a6a3fbc3171d080a21bc6e66a65bee452fd69c lib/core/datatype.py
90070160f9e8f166f9ea69975436fb358eaced6fec8a5947953b2cf050c51434 lib/core/decorators.py e18c0c2c5a57924a623792a48bfd36e98d9bc085f6db61a95fc0dc8a3bcedc0c lib/core/decorators.py
147823c37596bd6a56d677697781f34b8d1d1671d5a2518fbc9468d623c6d07d lib/core/defaults.py 147823c37596bd6a56d677697781f34b8d1d1671d5a2518fbc9468d623c6d07d lib/core/defaults.py
86fa0ffa7a3e7a7141eab730e3981faf6f0249125ea9a29a57aaa8b65b7503f9 lib/core/dicts.py 62f64070ad11cc2e48cbed81bf2bc2ec3212de990f0d4cf40befc741c8960425 lib/core/dicts.py
186f0331d66e861a942817a3321156a93a6f66c34a19ce90ec1d10aac8bc1cac lib/core/dump.py 143f0b5b30e0f24b3527945879497de1542ba1aee9e6f0f98865e626c4c9317e lib/core/dump.py
f5272cda54f7cdd07fb6154d5a1ed1f1141a2a4f39b6a85d3f325fd60ac8dc9a lib/core/enums.py 1abf1edeacb85eaf5cffd35fcbde4eee2da6f5fc722a8dc1f9287fb55d138418 lib/core/enums.py
5387168e5dfedd94ae22af7bb255f27d6baaca50b24179c6b98f4f325f5cc7b4 lib/core/exception.py 5387168e5dfedd94ae22af7bb255f27d6baaca50b24179c6b98f4f325f5cc7b4 lib/core/exception.py
1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3 lib/core/__init__.py 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3 lib/core/__init__.py
914a13ee21fd610a6153a37cbe50830fcbd1324c7ebc1e7fc206d5e598b0f7ad lib/core/log.py 914a13ee21fd610a6153a37cbe50830fcbd1324c7ebc1e7fc206d5e598b0f7ad lib/core/log.py
02a2264324caa249154e024a01bcd7cc40dbca4d647d5d10a50654b4415a6d77 lib/core/optiondict.py 02a2264324caa249154e024a01bcd7cc40dbca4d647d5d10a50654b4415a6d77 lib/core/optiondict.py
a9ead7442c8e1f34f03ad4db1145c08ee5907904c97e7dfd3202c752618b1092 lib/core/option.py 6576d40a66fa7871d3498c193f4e1e50a9fa9a380005d019c5c2266c1dc31c21 lib/core/option.py
fb0a08ac6f8bb07711e4e895eebf9fb3c8d452cc7aaebcdf78d926cdf051550d lib/core/patch.py 8171f6ee33e7742f06bb3014a28324496374beddee7b378ace10a26414a97762 lib/core/patch.py
49c0fa7e3814dfda610d665ee02b12df299b28bc0b6773815b4395514ddf8dec lib/core/profiling.py 49c0fa7e3814dfda610d665ee02b12df299b28bc0b6773815b4395514ddf8dec lib/core/profiling.py
03db48f02c3d07a047ddb8fe33a757b6238867352d8ddda2a83e4fec09a98d04 lib/core/readlineng.py 03db48f02c3d07a047ddb8fe33a757b6238867352d8ddda2a83e4fec09a98d04 lib/core/readlineng.py
73ef0895d728fe76bf9abda94d4b97951069532a088d603a064e793bb2ae45d9 lib/core/replication.py 48797d6c34dd9bb8a53f7f3794c85f4288d82a9a1d6be7fcf317d388cb20d4b3 lib/core/replication.py
3574639db4942d16a2dc0a2f04bb7c0913c40c3862b54d34c44075a760e0c194 lib/core/revision.py 3574639db4942d16a2dc0a2f04bb7c0913c40c3862b54d34c44075a760e0c194 lib/core/revision.py
888daba83fd4a34e9503fe21f01fef4cc730e5cde871b1d40e15d4cbc847d56c lib/core/session.py 888daba83fd4a34e9503fe21f01fef4cc730e5cde871b1d40e15d4cbc847d56c lib/core/session.py
3e2ecb51860fac6002973bc2d2149fe6d4f7860646768396e2f211bf41b9f327 lib/core/settings.py 73fe1528c485ca6afcffb40fc7fa3804e24e80bc599ebabcb54e797020ec6b5c lib/core/settings.py
cd5a66deee8963ba8e7e9af3dd36eb5e8127d4d68698811c29e789655f507f82 lib/core/shell.py cd5a66deee8963ba8e7e9af3dd36eb5e8127d4d68698811c29e789655f507f82 lib/core/shell.py
00dc9e87db2c13d7eaf18edd503267430460d91baf76760350be545d4a387a9f lib/core/subprocessng.py bcb5d8090d5e3e0ef2a586ba09ba80eef0c6d51feb0f611ed25299fbb254f725 lib/core/subprocessng.py
d35650179816193164a5f177102f18379dfbe6bb6d40fbb67b78d907b41c8038 lib/core/target.py d35650179816193164a5f177102f18379dfbe6bb6d40fbb67b78d907b41c8038 lib/core/target.py
85b7d6a724536bfcadd317972d4baec291e3813d6773921ee31755046a950a9a lib/core/testing.py ddf8c5a3dbebd6cdf8b8ba4417e36652d1e040f025175cb6487f1aebc0208836 lib/core/testing.py
cf4dca323645d623109a82277a8e8a63eb9abb3fff6c8a57095eb171c1ef91b3 lib/core/threads.py cf4dca323645d623109a82277a8e8a63eb9abb3fff6c8a57095eb171c1ef91b3 lib/core/threads.py
b9aacb840310173202f79c2ba125b0243003ee6b44c92eca50424f2bdfc83c02 lib/core/unescaper.py b9aacb840310173202f79c2ba125b0243003ee6b44c92eca50424f2bdfc83c02 lib/core/unescaper.py
492126b1f4c5ec0a352c507907a6f2067ec3a459250ed1c5d75f6457ef14a01f lib/core/update.py 10719f5ca450610ad28242017b2d8a77354ca357ffa26948c5f62d20cac29a8b lib/core/update.py
9ed5a0aef84f55d42894a006ff3616e8ee388a55790b04d968c80d1470c6d3bc lib/core/wordlist.py 9ed5a0aef84f55d42894a006ff3616e8ee388a55790b04d968c80d1470c6d3bc lib/core/wordlist.py
1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3 lib/__init__.py 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3 lib/__init__.py
54bfd31ebded3ffa5848df1c644f196eb704116517c7a3d860b5d081e984d821 lib/parse/banner.py 54bfd31ebded3ffa5848df1c644f196eb704116517c7a3d860b5d081e984d821 lib/parse/banner.py
@ -206,21 +206,21 @@ c5b258be7485089fac9d9cd179960e774fbd85e62836dc67cce76cc028bb6aeb lib/parse/hand
97361d481a97b600a3086b7f228f54ffa68a78df8b63b76bfaa5495d66770b63 lib/parse/headers.py 97361d481a97b600a3086b7f228f54ffa68a78df8b63b76bfaa5495d66770b63 lib/parse/headers.py
1ad9054cd8476a520d4e2c141085ae45d94519df5c66f25fac41fe7d552ab952 lib/parse/html.py 1ad9054cd8476a520d4e2c141085ae45d94519df5c66f25fac41fe7d552ab952 lib/parse/html.py
1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3 lib/parse/__init__.py 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3 lib/parse/__init__.py
4ca378496510a02c0184b45107889625dc7faf459073e83b3520c66674049af4 lib/parse/payloads.py d2e771cdacef25ee3fdc0e0355b92e7cd1b68f5edc2756ffc19f75d183ba2c73 lib/parse/payloads.py
80d26a30abe948faf817a14f746cc8b3e2341ea8286830cccaae253b8ac0cdff lib/parse/sitemap.py 80d26a30abe948faf817a14f746cc8b3e2341ea8286830cccaae253b8ac0cdff lib/parse/sitemap.py
1be3da334411657461421b8a26a0f2ff28e1af1e28f1e963c6c92768f9b0847c lib/request/basicauthhandler.py 1be3da334411657461421b8a26a0f2ff28e1af1e28f1e963c6c92768f9b0847c lib/request/basicauthhandler.py
a30f18e52463c7c483430201b194350b55a54855507b253af826992e7e5c8435 lib/request/basic.py a1c638493ecdc5194db7186bbfed815c6eed2344f2607cac8c9fa50534824266 lib/request/basic.py
bc61bc944b81a7670884f82231033a6ac703324b34b071c9834886a92e249d0e lib/request/chunkedhandler.py bc61bc944b81a7670884f82231033a6ac703324b34b071c9834886a92e249d0e lib/request/chunkedhandler.py
2daf0ce19eacda64687f441c90ef8da51714c3e8947c993ba08fb4ecdc4f5287 lib/request/comparison.py 2daf0ce19eacda64687f441c90ef8da51714c3e8947c993ba08fb4ecdc4f5287 lib/request/comparison.py
626bb6f3316a906a4629c0feb8ecbbcf473fb59e5bc532603c35b6b8f63f1deb lib/request/connect.py 626bb6f3316a906a4629c0feb8ecbbcf473fb59e5bc532603c35b6b8f63f1deb lib/request/connect.py
8e06682280fce062eef6174351bfebcb6040e19976acff9dc7b3699779783498 lib/request/direct.py 8e06682280fce062eef6174351bfebcb6040e19976acff9dc7b3699779783498 lib/request/direct.py
9ef303e18311e204727dac71c0ed8b814ab6aa1185f2af0a9703b95e5b3ea6e8 lib/request/dns.py cf019248253a5d7edb7bc474aa020b9e8625d73008a463c56ba2b539d7f2d8ec lib/request/dns.py
ea553def411d6e208fb831a219b0241397fada46aaad432fc3c34addf75a336e lib/request/httpshandler.py f56fc33251bd6214e3a6316c8f843eb192b2996aa84bd4c3e98790fdcf6e8cf0 lib/request/httpshandler.py
1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3 lib/request/__init__.py 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3 lib/request/__init__.py
aeeeb5f0148078e30d52208184042efc3618d3f2e840d7221897aae34315824e lib/request/inject.py aeeeb5f0148078e30d52208184042efc3618d3f2e840d7221897aae34315824e lib/request/inject.py
ada4d305d6ce441f79e52ec3f2fc23869ee2fa87c017723e8f3ed0dfa61cdab4 lib/request/methodrequest.py ada4d305d6ce441f79e52ec3f2fc23869ee2fa87c017723e8f3ed0dfa61cdab4 lib/request/methodrequest.py
5c3edfca5ad58153ad6cface03777e059d3308b2aa3c38db993b5054145faa8e lib/request/pkihandler.py 43a7fdf64e7ba63c6b2d641c9f999a63c12ac23b43b64fedfce4e05b863de568 lib/request/pkihandler.py
4efead49b76d1237c283ecf281673d8762e09575d05af2a1e24680900ca83d0b lib/request/rangehandler.py b90feeb16e89a844427df42373b0139eb6f6cf3c48ccec32b3e3a3f540c2451e lib/request/rangehandler.py
47a97b264fb588142b102d18100030ce333ce372c677b97ed6cb04105c6c9d30 lib/request/redirecthandler.py 47a97b264fb588142b102d18100030ce333ce372c677b97ed6cb04105c6c9d30 lib/request/redirecthandler.py
1bf93c2c251f9c422ecf52d9cae0cd0ff4ea2e24091ee6d019c7a4f69de8e5eb lib/request/templates.py 1bf93c2c251f9c422ecf52d9cae0cd0ff4ea2e24091ee6d019c7a4f69de8e5eb lib/request/templates.py
01600295b17c00d4a5ada4c77aa688cfe36c89934da04c031be7da8040a3b457 lib/takeover/abstraction.py 01600295b17c00d4a5ada4c77aa688cfe36c89934da04c031be7da8040a3b457 lib/takeover/abstraction.py
@ -395,7 +395,7 @@ ba04af3683b9a6e29e8fa6b3bf436a57e59435cebb042414f2df82018d91599e plugins/dbms/m
6bdc774463ac87b1bd1b6a9d5c2346b7edbf40d9848b7870a30d1eaedde4fc51 plugins/dbms/mssqlserver/connector.py 6bdc774463ac87b1bd1b6a9d5c2346b7edbf40d9848b7870a30d1eaedde4fc51 plugins/dbms/mssqlserver/connector.py
52c19e9067f22f5c386206943d1807af4c661500bf260930a5986e9a180e96c7 plugins/dbms/mssqlserver/enumeration.py 52c19e9067f22f5c386206943d1807af4c661500bf260930a5986e9a180e96c7 plugins/dbms/mssqlserver/enumeration.py
838ed364ce46ae37fb5b02f47d2767f7d49595f81caf4bc51c1e25fd18e4aa65 plugins/dbms/mssqlserver/filesystem.py 838ed364ce46ae37fb5b02f47d2767f7d49595f81caf4bc51c1e25fd18e4aa65 plugins/dbms/mssqlserver/filesystem.py
c378802702f6ccc3855ec117845f758794ea18baed64f7b571009c6bd7ffc8dd plugins/dbms/mssqlserver/fingerprint.py 38ade085f9f1b227eda8c89f78e3ce869e8f430c98bef0cc7cbd2c7dcd60c24e plugins/dbms/mssqlserver/fingerprint.py
1ecde09e80d7b709a710281f4983a6831bc02ca3458ae0b97b28446d6db241b4 plugins/dbms/mssqlserver/__init__.py 1ecde09e80d7b709a710281f4983a6831bc02ca3458ae0b97b28446d6db241b4 plugins/dbms/mssqlserver/__init__.py
a89074020253365b6c95a4fa53e41fb0dc16f26a209b31f28e65910f26b81d21 plugins/dbms/mssqlserver/syntax.py a89074020253365b6c95a4fa53e41fb0dc16f26a209b31f28e65910f26b81d21 plugins/dbms/mssqlserver/syntax.py
57f263084438e9b2ec2e62909fc51871e9eefb1a9156bbe87908592c5274b639 plugins/dbms/mssqlserver/takeover.py 57f263084438e9b2ec2e62909fc51871e9eefb1a9156bbe87908592c5274b639 plugins/dbms/mssqlserver/takeover.py
@ -434,6 +434,13 @@ b76606fe4dee18467bc0d19af1e6ab38c0b5593c6c0f2068a8d4c664d4bd71d8 plugins/dbms/r
3b49758a10ce88c5d8db081cdb4924168c726d1e060e6d09601796fba2a3fbee plugins/dbms/raima/__init__.py 3b49758a10ce88c5d8db081cdb4924168c726d1e060e6d09601796fba2a3fbee plugins/dbms/raima/__init__.py
1df5c5d522b381ef48174cfc5c9e1149194e15c80b9d517e3ed61d60b1a46740 plugins/dbms/raima/syntax.py 1df5c5d522b381ef48174cfc5c9e1149194e15c80b9d517e3ed61d60b1a46740 plugins/dbms/raima/syntax.py
5b9572279051ab345f45c1db02b02279a070aafdc651aedd7f163d8a6477390b plugins/dbms/raima/takeover.py 5b9572279051ab345f45c1db02b02279a070aafdc651aedd7f163d8a6477390b plugins/dbms/raima/takeover.py
5744531487abfb0368e55187a66cb615277754a14c2e7facea2778378e67d5c9 plugins/dbms/snowflake/connector.py
99f7a319652f7a46f724cfced5555bbaade28e64c90f80b5f0b3cfbbb29a958a plugins/dbms/snowflake/enumeration.py
3b52302bc41ab185d190bbef58312a4d6f1ee63caa8757309cda58eb91628bc5 plugins/dbms/snowflake/filesystem.py
16c215879ce089b408c7ee3b1a57b44d18f571623e63318384ce0358f5d0441a plugins/dbms/snowflake/fingerprint.py
1de7c93b445deb0766c314066cb122535e9982408614b0ff952a97cbae9b813a plugins/dbms/snowflake/__init__.py
859cc5b9be496fe35f2782743f8e573ff9d823de7e99b0d32dbc250c361c653e plugins/dbms/snowflake/syntax.py
da43fed8bfa4a94aaceb63e760c69e9927c1640e45e457b8f03189be6604693f plugins/dbms/snowflake/takeover.py
cae01d387617e3986b9cfb23519b7c6a444e2d116f2dc774163abec0217f6ed6 plugins/dbms/sqlite/connector.py cae01d387617e3986b9cfb23519b7c6a444e2d116f2dc774163abec0217f6ed6 plugins/dbms/sqlite/connector.py
fbcff0468fcccd9f86277d205b33f14578b7550b33d31716fd10003f16122752 plugins/dbms/sqlite/enumeration.py fbcff0468fcccd9f86277d205b33f14578b7550b33d31716fd10003f16122752 plugins/dbms/sqlite/enumeration.py
013f6cf4d04edce3ee0ede73b6415a2774e58452a5365ab5f7a49c77650ba355 plugins/dbms/sqlite/filesystem.py 013f6cf4d04edce3ee0ede73b6415a2774e58452a5365ab5f7a49c77650ba355 plugins/dbms/sqlite/filesystem.py
@ -464,8 +471,8 @@ e2e20e4707abe9ed8b6208837332d2daa4eaca282f847412063f2484dcca8fbd plugins/dbms/v
2b2dad6ba1d344215cad11b629546eb9f259d7c996c202edf3de5ab22418787e plugins/dbms/virtuoso/takeover.py 2b2dad6ba1d344215cad11b629546eb9f259d7c996c202edf3de5ab22418787e plugins/dbms/virtuoso/takeover.py
51c44048e4b335b306f8ed1323fd78ad6935a8c0d6e9d6efe195a9a5a24e46dc plugins/generic/connector.py 51c44048e4b335b306f8ed1323fd78ad6935a8c0d6e9d6efe195a9a5a24e46dc plugins/generic/connector.py
a967f4ebd101c68a5dcc10ff18c882a8f44a5c3bf06613d951a739ecc3abb9b3 plugins/generic/custom.py a967f4ebd101c68a5dcc10ff18c882a8f44a5c3bf06613d951a739ecc3abb9b3 plugins/generic/custom.py
ba5d7cdebd0619454ab23b474e36231085f35a70961bfe4e93d5753736799b82 plugins/generic/databases.py c091caecc93c01e17fa5432101555cae824492c060b9b7ee35cb49a211365076 plugins/generic/databases.py
c46904df889742d2c781749e153663cde29a7c77eb8cbaad6d1db3148e9a58bd plugins/generic/entries.py 4050f9dfa8a2f8dbe6ae75f91d71b3d1fa3a4b1bd28404c4a346d5a83ad512df plugins/generic/entries.py
d2de7fc135cf0db3eb4ac4a509c23ebec5250a5d8043face7f8c546a09f301b5 plugins/generic/enumeration.py d2de7fc135cf0db3eb4ac4a509c23ebec5250a5d8043face7f8c546a09f301b5 plugins/generic/enumeration.py
a02ac4ebc1cc488a2aa5ae07e6d0c3d5064e99ded7fd529dfa073735692f11df plugins/generic/filesystem.py a02ac4ebc1cc488a2aa5ae07e6d0c3d5064e99ded7fd529dfa073735692f11df plugins/generic/filesystem.py
efd7177218288f32881b69a7ba3d667dc9178f1009c06a3e1dd4f4a4ee6980db plugins/generic/fingerprint.py efd7177218288f32881b69a7ba3d667dc9178f1009c06a3e1dd4f4a4ee6980db plugins/generic/fingerprint.py
@ -474,11 +481,11 @@ ba07e54265cf461aed678df49fe3550aec90cb6d8aa9387458bd4b7064670d00 plugins/generi
7c1b1f91925d00706529e88a763bc3dabafaf82d6dbc01b1f74aeef0533537a1 plugins/generic/search.py 7c1b1f91925d00706529e88a763bc3dabafaf82d6dbc01b1f74aeef0533537a1 plugins/generic/search.py
da8cc80a09683c89e8168a27427efecda9f35abc4a23d4facd6ffa7a837015c4 plugins/generic/syntax.py da8cc80a09683c89e8168a27427efecda9f35abc4a23d4facd6ffa7a837015c4 plugins/generic/syntax.py
eb45fd711efa71ab9d91d815cc8abebc9abc4770311fbb827159008b000f4fc2 plugins/generic/takeover.py eb45fd711efa71ab9d91d815cc8abebc9abc4770311fbb827159008b000f4fc2 plugins/generic/takeover.py
3a92c47837e9aab99d1ee788fc59404b145b2bec2702ead7ce0a32f45e57a850 plugins/generic/users.py 45bfd00f09557e20115e6ce7fb52ff507930d705db215e535f991e5fbf7464de plugins/generic/users.py
1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3 plugins/__init__.py 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3 plugins/__init__.py
423d9bfaddb3cf527d02ddda97e53c4853d664c51ef7be519e4f45b9e399bc30 README.md 423d9bfaddb3cf527d02ddda97e53c4853d664c51ef7be519e4f45b9e399bc30 README.md
c6ad39bfd1810413402dedfc275fc805fa13f85fc490e236c1e725bde4e5100b sqlmapapi.py c6ad39bfd1810413402dedfc275fc805fa13f85fc490e236c1e725bde4e5100b sqlmapapi.py
168309215af7dd5b0b71070e1770e72f1cbb29a3d8025143fb8aa0b88cd56b62 sqlmapapi.yaml 4e993cfe2889bf0f86ad0abafd9a6a25849580284ea279b2115e99707e14bb97 sqlmapapi.yaml
a40607ce164eb2d21865288d24b863edb1c734b56db857e130ac1aef961c80b9 sqlmap.conf a40607ce164eb2d21865288d24b863edb1c734b56db857e130ac1aef961c80b9 sqlmap.conf
e9d3d52d4c0698b956cc0dc92c177d432b1f97c5918f750baa3e737de4ae574b sqlmap.py e9d3d52d4c0698b956cc0dc92c177d432b1f97c5918f750baa3e737de4ae574b sqlmap.py
eb37a88357522fd7ad00d90cdc5da6b57442b4fec49366aadb2944c4fbf8b804 tamper/0eunion.py eb37a88357522fd7ad00d90cdc5da6b57442b4fec49366aadb2944c4fbf8b804 tamper/0eunion.py

7
data/xml/errors.xml
View File

@ -237,4 +237,11 @@
<error regexp="Virtuoso S0002 Error"/> <error regexp="Virtuoso S0002 Error"/>
<error regexp="\[(Virtuoso Driver|Virtuoso iODBC Driver)\]\[Virtuoso Server\]"/> <error regexp="\[(Virtuoso Driver|Virtuoso iODBC Driver)\]\[Virtuoso Server\]"/>
</dbms> </dbms>
<dbms value="Snowflake">
<error regexp="001003 \(42000\):"/>
<error regexp="100038 \(22018\):"/>
<error regexp="000904 \(42000\):"/>
<error regexp="SQL compilation error: (syntax )?error line \d+ at position \d+"/>
</dbms>
</root> </root>

57
data/xml/queries.xml
View File

@ -1786,4 +1786,61 @@
<search_table/> <search_table/>
<search_column/> <search_column/>
</dbms> </dbms>
<dbms value="Snowflake">
<cast query="CAST(%s AS VARCHAR)"/>
<length query="LENGTH(%s)"/>
<isnull query="NVL(%s, ' ')"/>
<delimiter query="||"/>
<limit query="LIMIT %d OFFSET %d"/>
<limitregexp query="\s+LIMIT\s+([\d]+)\s+OFFSET\s+([\d]+)"/>
<limitgroupstart query="2"/>
<limitgroupstop query="1"/>
<limitstring query=" LIMIT "/>
<order query="ORDER BY %s ASC"/>
<count query="COUNT(%s)"/>
<comment query="--"/>
<concatenate query="%s||%s"/>
<case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/>
<inference query="ASCII(SUBSTR((%s),%d,1))>%d"/>
<banner query="CURRENT_VERSION()"/>
<current_user query="CURRENT_USER()"/>
<current_db query="CURRENT_SCHEMA()"/>
<hostname query="PARSE_JSON(SYSTEM$ALLOWLIST())[0]:host"/>
<table_comment/>
<column_comment/>
<is_dba query="CURRENT_ROLE()='ACCOUNTADMIN'"/>
<dbs>
<inband query="SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA"/>
<blind query="SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA ORDER BY SCHEMA_NAME LIMIT 1 OFFSET %d" count="SELECT COUNT(*) FROM INFORMATION_SCHEMA.SCHEMATA"/>
</dbs>
<tables>
<inband query="SELECT TABLE_SCHEMA, TABLE_NAME FROM INFORMATION_SCHEMA.TABLES" condition="TABLE_TYPE='BASE TABLE' AND TABLE_SCHEMA"/>
<blind query="SELECT TABLE_NAME FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA='%s' ORDER BY TABLE_NAME LIMIT 1 OFFSET %d" count="SELECT COUNT(TABLE_NAME) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA='%s'"/>
</tables>
<columns>
<inband query="SELECT COLUMN_NAME, DATA_TYPE FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='%s' AND TABLE_SCHEMA='%s'"/>
<blind query="SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='%s' AND TABLE_SCHEMA='%s' ORDER BY COLUMN_NAME" query2="SELECT DATA_TYPE FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='%s' AND COLUMN_NAME='%s' AND TABLE_SCHEMA='%s'" count="SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='%s' AND TABLE_SCHEMA='%s'"/>
</columns>
<dump_table>
<inband query="SELECT %s FROM %s"/>
<blind query="SELECT %s FROM %s.%s ORDER BY %s LIMIT 1 OFFSET %d" count="SELECT COUNT(*) FROM %s"/>
</dump_table>
<users>
<inband query="SELECT NAME FROM SNOWFLAKE.ACCOUNT_USAGE.USERS"/>
<blind query="SELECT NAME FROM SNOWFLAKE.ACCOUNT_USAGE.USERS LIMIT 1 OFFSET %d" count="SELECT COUNT(*) FROM SNOWFLAKE.ACCOUNT_USAGE.USERS"/>
</users>
<roles/>
<privileges>
<inband query="SELECT DISTINCT T1.GRANTEE_NAME, T2.PRIVILEGE FROM SNOWFLAKE.ACCOUNT_USAGE.GRANTS_TO_USERS AS T1 JOIN SNOWFLAKE.ACCOUNT_USAGE.GRANTS_TO_ROLES AS T2 ON T1.ROLE = T2.GRANTEE_NAME" condition="T1.GRANTEE_NAME"/>
<blind query="SELECT DISTINCT T2.PRIVILEGE FROM SNOWFLAKE.ACCOUNT_USAGE.GRANTS_TO_USERS AS T1 JOIN SNOWFLAKE.ACCOUNT_USAGE.GRANTS_TO_ROLES AS T2 ON T1.ROLE = T2.GRANTEE_NAME WHERE T1.GRANTEE_NAME='%s' ORDER BY T2.PRIVILEGE LIMIT 1 OFFSET %d" count="SELECT COUNT(DISTINCT T2.PRIVILEGE) FROM SNOWFLAKE.ACCOUNT_USAGE.GRANTS_TO_USERS AS T1 JOIN SNOWFLAKE.ACCOUNT_USAGE.GRANTS_TO_ROLES AS T2 ON T1.ROLE = T2.GRANTEE_NAME WHERE T1.GRANTEE_NAME='%s'"/>
</privileges>
<statements>
<inband query="SELECT QUERY_TEXT FROM TABLE(INFORMATION_SCHEMA.QUERY_HISTORY())"/>
<blind query="SELECT QUERY_TEXT FROM TABLE(INFORMATION_SCHEMA.QUERY_HISTORY()) ORDER BY START_TIME DESC LIMIT 1 OFFSET %d" count="SELECT COUNT(*) FROM TABLE(INFORMATION_SCHEMA.QUERY_HISTORY())"/>
</statements>
<search_db/>
<search_table/>
<search_column/>
</dbms>
</root> </root>

3
doc/THANKS.md
View File

@ -535,6 +535,9 @@ Duarte Silva <duarte.silva(at)serializing.me>
M Simkin, <mlsimkin(at)cox.net> M Simkin, <mlsimkin(at)cox.net>
* for suggesting a feature * for suggesting a feature
Tanaydin Sirin, <tanaydinsirin(at)gmail.com>
* for implementation of ncurses TUI (switch --tui)
Konrads Smelkovs, <konrads(at)smelkovs.com> Konrads Smelkovs, <konrads(at)smelkovs.com>
* for reporting a few bugs in --sql-shell and --sql-query on Microsoft SQL Server * for reporting a few bugs in --sql-shell and --sql-query on Microsoft SQL Server

6
doc/THIRD-PARTY.md
View File

@ -271,13 +271,13 @@ be bound by the terms and conditions of this License Agreement.
# MIT # MIT
* The `bottle` web framework library located under `thirdparty/bottle/`. * The `bottle` web framework library located under `thirdparty/bottle/`.
Copyright (C) 2012, Marcel Hellkamp. Copyright (C) 2018, Marcel Hellkamp.
* The `identYwaf` library located under `thirdparty/identywaf/`. * The `identYwaf` library located under `thirdparty/identywaf/`.
Copyright (C) 2019-2020, Miroslav Stampar. Copyright (C) 2019-2021, Miroslav Stampar.
* The `ordereddict` library located under `thirdparty/odict/`. * The `ordereddict` library located under `thirdparty/odict/`.
Copyright (C) 2009, Raymond Hettinger. Copyright (C) 2009, Raymond Hettinger.
* The `six` Python 2 and 3 compatibility library located under `thirdparty/six/`. * The `six` Python 2 and 3 compatibility library located under `thirdparty/six/`.
Copyright (C) 2010-2018, Benjamin Peterson. Copyright (C) 2010-2024, Benjamin Peterson.
* The `Termcolor` library located under `thirdparty/termcolor/`. * The `Termcolor` library located under `thirdparty/termcolor/`.
Copyright (C) 2008-2011, Volvox Development Team. Copyright (C) 2008-2011, Volvox Development Team.

102
extra/vulnserver/vulnserver.py
View File

@ -11,8 +11,10 @@ from __future__ import print_function
import base64 import base64
import json import json
import random
import re import re
import sqlite3 import sqlite3
import string
import sys import sys
import threading import threading
import traceback import traceback
@ -49,9 +51,70 @@ SCHEMA = """
); );
INSERT INTO users (id, name, surname) VALUES (1, 'luther', 'blisset'); INSERT INTO users (id, name, surname) VALUES (1, 'luther', 'blisset');
INSERT INTO users (id, name, surname) VALUES (2, 'fluffy', 'bunny'); INSERT INTO users (id, name, surname) VALUES (2, 'fluffy', 'bunny');
INSERT INTO users (id, name, surname) VALUES (3, 'wu', '179ad45c6ce2cb97cf1029e212046e81'); INSERT INTO users (id, name, surname) VALUES (3, 'wu', 'ming');
INSERT INTO users (id, name, surname) VALUES (4, 'sqlmap/1.0-dev (https://sqlmap.org)', 'user agent header'); INSERT INTO users (id, name, surname) VALUES (4, NULL, 'nameisnull');
INSERT INTO users (id, name, surname) VALUES (5, NULL, 'nameisnull'); INSERT INTO users (id, name, surname) VALUES (5, 'mark', 'lewis');
INSERT INTO users (id, name, surname) VALUES (6, 'ada', 'lovelace');
INSERT INTO users (id, name, surname) VALUES (7, 'grace', 'hopper');
INSERT INTO users (id, name, surname) VALUES (8, 'alan', 'turing');
INSERT INTO users (id, name, surname) VALUES (9, 'margaret','hamilton');
INSERT INTO users (id, name, surname) VALUES (10, 'donald', 'knuth');
INSERT INTO users (id, name, surname) VALUES (11, 'tim', 'bernerslee');
INSERT INTO users (id, name, surname) VALUES (12, 'linus', 'torvalds');
INSERT INTO users (id, name, surname) VALUES (13, 'ken', 'thompson');
INSERT INTO users (id, name, surname) VALUES (14, 'dennis', 'ritchie');
INSERT INTO users (id, name, surname) VALUES (15, 'barbara', 'liskov');
INSERT INTO users (id, name, surname) VALUES (16, 'edsger', 'dijkstra');
INSERT INTO users (id, name, surname) VALUES (17, 'john', 'mccarthy');
INSERT INTO users (id, name, surname) VALUES (18, 'leslie', 'lamport');
INSERT INTO users (id, name, surname) VALUES (19, 'niklaus', 'wirth');
INSERT INTO users (id, name, surname) VALUES (20, 'bjarne', 'stroustrup');
INSERT INTO users (id, name, surname) VALUES (21, 'guido', 'vanrossum');
INSERT INTO users (id, name, surname) VALUES (22, 'brendan', 'eich');
INSERT INTO users (id, name, surname) VALUES (23, 'james', 'gosling');
INSERT INTO users (id, name, surname) VALUES (24, 'andrew', 'tanenbaum');
INSERT INTO users (id, name, surname) VALUES (25, 'yukihiro','matsumoto');
INSERT INTO users (id, name, surname) VALUES (26, 'radia', 'perlman');
INSERT INTO users (id, name, surname) VALUES (27, 'katherine','johnson');
INSERT INTO users (id, name, surname) VALUES (28, 'hady', 'lamarr');
INSERT INTO users (id, name, surname) VALUES (29, 'frank', 'miller');
INSERT INTO users (id, name, surname) VALUES (30, 'john', 'steward');
CREATE TABLE creds (
user_id INTEGER,
password_hash TEXT,
FOREIGN KEY (user_id) REFERENCES users(id)
);
INSERT INTO creds (user_id, password_hash) VALUES (1, 'db3a16990a0008a3b04707fdef6584a0');
INSERT INTO creds (user_id, password_hash) VALUES (2, '4db967ce67b15e7fb84c266a76684729');
INSERT INTO creds (user_id, password_hash) VALUES (3, 'f5a2950eaa10f9e99896800eacbe8275');
INSERT INTO creds (user_id, password_hash) VALUES (4, NULL);
INSERT INTO creds (user_id, password_hash) VALUES (5, '179ad45c6ce2cb97cf1029e212046e81');
INSERT INTO creds (user_id, password_hash) VALUES (6, '0f1e2d3c4b5a69788796a5b4c3d2e1f0');
INSERT INTO creds (user_id, password_hash) VALUES (7, 'a1b2c3d4e5f60718293a4b5c6d7e8f90');
INSERT INTO creds (user_id, password_hash) VALUES (8, '1a2b3c4d5e6f708192a3b4c5d6e7f809');
INSERT INTO creds (user_id, password_hash) VALUES (9, '9f8e7d6c5b4a3928170605f4e3d2c1b0');
INSERT INTO creds (user_id, password_hash) VALUES (10, '3c2d1e0f9a8b7c6d5e4f30291807f6e5');
INSERT INTO creds (user_id, password_hash) VALUES (11, 'b0c1d2e3f405162738495a6b7c8d9eaf');
INSERT INTO creds (user_id, password_hash) VALUES (12, '6e5d4c3b2a190807f6e5d4c3b2a1908f');
INSERT INTO creds (user_id, password_hash) VALUES (13, '11223344556677889900aabbccddeeff');
INSERT INTO creds (user_id, password_hash) VALUES (14, 'ffeeddccbbaa00998877665544332211');
INSERT INTO creds (user_id, password_hash) VALUES (15, '1234567890abcdef1234567890abcdef');
INSERT INTO creds (user_id, password_hash) VALUES (16, 'abcdef1234567890abcdef1234567890');
INSERT INTO creds (user_id, password_hash) VALUES (17, '0a1b2c3d4e5f60718a9b0c1d2e3f4051');
INSERT INTO creds (user_id, password_hash) VALUES (18, '51f04e3d2c1b0a9871605f4e3d2c1b0a');
INSERT INTO creds (user_id, password_hash) VALUES (19, '89abcdef0123456789abcdef01234567');
INSERT INTO creds (user_id, password_hash) VALUES (20, '76543210fedcba9876543210fedcba98');
INSERT INTO creds (user_id, password_hash) VALUES (21, '13579bdf2468ace013579bdf2468ace0');
INSERT INTO creds (user_id, password_hash) VALUES (22, '02468ace13579bdf02468ace13579bdf');
INSERT INTO creds (user_id, password_hash) VALUES (23, 'deadbeefdeadbeefdeadbeefdeadbeef');
INSERT INTO creds (user_id, password_hash) VALUES (24, 'cafebabecafebabecafebabecafebabe');
INSERT INTO creds (user_id, password_hash) VALUES (25, '00112233445566778899aabbccddeeff');
INSERT INTO creds (user_id, password_hash) VALUES (26, 'f0e1d2c3b4a5968778695a4b3c2d1e0f');
INSERT INTO creds (user_id, password_hash) VALUES (27, '7f6e5d4c3b2a190807f6e5d4c3b2a190');
INSERT INTO creds (user_id, password_hash) VALUES (28, '908f7e6d5c4b3a291807f6e5d4c3b2a1');
INSERT INTO creds (user_id, password_hash) VALUES (29, '3049b791fa83e2f42f37bae18634b92d');
INSERT INTO creds (user_id, password_hash) VALUES (30, 'd59a348f90d757c7da30418773424b5e');
""" """
LISTEN_ADDRESS = "localhost" LISTEN_ADDRESS = "localhost"
@ -62,11 +125,15 @@ _cursor = None
_lock = None _lock = None
_server = None _server = None
_alive = False _alive = False
_csrf_token = None
def init(quiet=False): def init(quiet=False):
global _conn global _conn
global _cursor global _cursor
global _lock global _lock
global _csrf_token
_csrf_token = "".join(random.sample(string.ascii_letters + string.digits, 20))
_conn = sqlite3.connect(":memory:", isolation_level=None, check_same_thread=False) _conn = sqlite3.connect(":memory:", isolation_level=None, check_same_thread=False)
_cursor = _conn.cursor() _cursor = _conn.cursor()
@ -131,6 +198,28 @@ class ReqHandler(BaseHTTPRequestHandler):
self.url, self.params = path, params self.url, self.params = path, params
if self.url == "/csrf":
if self.params.get("csrf_token") == _csrf_token:
self.url = "/"
else:
self.send_response(OK)
self.send_header("Content-type", "text/html; charset=%s" % UNICODE_ENCODING)
self.end_headers()
form = (
"<html><body>"
"CSRF protection check<br>"
"<form action='/csrf' method='POST'>"
"<input type='hidden' name='csrf_token' value='%s'>"
"id: <input type='text' name='id'>"
"<input type='submit' value='Submit'>"
"</form>"
"</body></html>"
) % _csrf_token
self.wfile.write(form.encode(UNICODE_ENCODING))
return
if self.url == '/': if self.url == '/':
if not any(_ in self.params for _ in ("id", "query")): if not any(_ in self.params for _ in ("id", "query")):
self.send_response(OK) self.send_response(OK)
@ -139,7 +228,7 @@ class ReqHandler(BaseHTTPRequestHandler):
self.end_headers() self.end_headers()
self.wfile.write(b"<!DOCTYPE html><html><head><title>vulnserver</title></head><body><h3>GET:</h3><a href='/?id=1'>link</a><hr><h3>POST:</h3><form method='post'>ID: <input type='text' name='id'><input type='submit' value='Submit'></form></body></html>") self.wfile.write(b"<!DOCTYPE html><html><head><title>vulnserver</title></head><body><h3>GET:</h3><a href='/?id=1'>link</a><hr><h3>POST:</h3><form method='post'>ID: <input type='text' name='id'><input type='submit' value='Submit'></form></body></html>")
else: else:
code, output = OK, "" code, output = OK, "<body><html>"
try: try:
if self.params.get("echo", ""): if self.params.get("echo", ""):
@ -177,6 +266,11 @@ class ReqHandler(BaseHTTPRequestHandler):
else: else:
output += "no results found" output += "no results found"
if not results:
output = "<title>No results</title>" + output
else:
output = "<title>Results</title>" + output
output += "</body></html>" output += "</body></html>"
except Exception as ex: except Exception as ex:
code = INTERNAL_SERVER_ERROR code = INTERNAL_SERVER_ERROR

4
lib/controller/checks.py
View File

@ -554,7 +554,7 @@ def checkSqlInjection(place, parameter, value):
injectable = True injectable = True
elif (threadData.lastComparisonRatio or 0) > UPPER_RATIO_BOUND and not any((conf.string, conf.notString, conf.regexp, conf.code, kb.nullConnection)): elif (threadData.lastComparisonRatio or 0) > UPPER_RATIO_BOUND and not any((conf.string, conf.notString, conf.regexp, conf.code, conf.titles, kb.nullConnection)):
originalSet = set(getFilteredPageContent(kb.pageTemplate, True, "\n").split("\n")) originalSet = set(getFilteredPageContent(kb.pageTemplate, True, "\n").split("\n"))
trueSet = set(getFilteredPageContent(truePage, True, "\n").split("\n")) trueSet = set(getFilteredPageContent(truePage, True, "\n").split("\n"))
falseSet = set(getFilteredPageContent(falsePage, True, "\n").split("\n")) falseSet = set(getFilteredPageContent(falsePage, True, "\n").split("\n"))
@ -580,7 +580,7 @@ def checkSqlInjection(place, parameter, value):
break break
if injectable: if injectable:
if kb.pageStable and not any((conf.string, conf.notString, conf.regexp, conf.code, kb.nullConnection)): if kb.pageStable and not any((conf.string, conf.notString, conf.regexp, conf.code, conf.titles, kb.nullConnection)):
if all((falseCode, trueCode)) and falseCode != trueCode and trueCode != kb.heuristicCode: if all((falseCode, trueCode)) and falseCode != trueCode and trueCode != kb.heuristicCode:
suggestion = conf.code = trueCode suggestion = conf.code = trueCode

5
lib/controller/handler.py
View File

@ -41,6 +41,7 @@ from lib.core.settings import SQLITE_ALIASES
from lib.core.settings import SYBASE_ALIASES from lib.core.settings import SYBASE_ALIASES
from lib.core.settings import VERTICA_ALIASES from lib.core.settings import VERTICA_ALIASES
from lib.core.settings import VIRTUOSO_ALIASES from lib.core.settings import VIRTUOSO_ALIASES
from lib.core.settings import SNOWFLAKE_ALIASES
from lib.utils.sqlalchemy import SQLAlchemy from lib.utils.sqlalchemy import SQLAlchemy
from plugins.dbms.access.connector import Connector as AccessConn from plugins.dbms.access.connector import Connector as AccessConn
@ -99,6 +100,8 @@ from plugins.dbms.vertica.connector import Connector as VerticaConn
from plugins.dbms.vertica import VerticaMap from plugins.dbms.vertica import VerticaMap
from plugins.dbms.virtuoso.connector import Connector as VirtuosoConn from plugins.dbms.virtuoso.connector import Connector as VirtuosoConn
from plugins.dbms.virtuoso import VirtuosoMap from plugins.dbms.virtuoso import VirtuosoMap
from plugins.dbms.snowflake.connector import Connector as SnowflakeConn
from plugins.dbms.snowflake import SnowflakeMap
def setHandler(): def setHandler():
""" """
@ -107,6 +110,7 @@ def setHandler():
""" """
items = [ items = [
(DBMS.SNOWFLAKE, SNOWFLAKE_ALIASES, SnowflakeMap, SnowflakeConn),
(DBMS.MYSQL, MYSQL_ALIASES, MySQLMap, MySQLConn), (DBMS.MYSQL, MYSQL_ALIASES, MySQLMap, MySQLConn),
(DBMS.ORACLE, ORACLE_ALIASES, OracleMap, OracleConn), (DBMS.ORACLE, ORACLE_ALIASES, OracleMap, OracleConn),
(DBMS.PGSQL, PGSQL_ALIASES, PostgreSQLMap, PostgreSQLConn), (DBMS.PGSQL, PGSQL_ALIASES, PostgreSQLMap, PostgreSQLConn),
@ -135,6 +139,7 @@ def setHandler():
(DBMS.FRONTBASE, FRONTBASE_ALIASES, FrontBaseMap, FrontBaseConn), (DBMS.FRONTBASE, FRONTBASE_ALIASES, FrontBaseMap, FrontBaseConn),
(DBMS.RAIMA, RAIMA_ALIASES, RaimaMap, RaimaConn), (DBMS.RAIMA, RAIMA_ALIASES, RaimaMap, RaimaConn),
(DBMS.VIRTUOSO, VIRTUOSO_ALIASES, VirtuosoMap, VirtuosoConn), (DBMS.VIRTUOSO, VIRTUOSO_ALIASES, VirtuosoMap, VirtuosoConn),
# TODO: put snowflake stuff on this line
] ]
_ = max(_ if (conf.get("dbms") or Backend.getIdentifiedDbms() or kb.heuristicExtendedDbms or "").lower() in _[1] else () for _ in items) _ = max(_ if (conf.get("dbms") or Backend.getIdentifiedDbms() or kb.heuristicExtendedDbms or "").lower() in _[1] else () for _ in items)

4
lib/core/agent.py
View File

@ -724,7 +724,7 @@ class Agent(object):
elif fieldsNoSelect: elif fieldsNoSelect:
concatenatedQuery = "CONCAT('%s',%s,'%s')" % (kb.chars.start, concatenatedQuery, kb.chars.stop) concatenatedQuery = "CONCAT('%s',%s,'%s')" % (kb.chars.start, concatenatedQuery, kb.chars.stop)
elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE, DBMS.DB2, DBMS.FIREBIRD, DBMS.HSQLDB, DBMS.H2, DBMS.MONETDB, DBMS.DERBY, DBMS.VERTICA, DBMS.MCKOI, DBMS.PRESTO, DBMS.ALTIBASE, DBMS.MIMERSQL, DBMS.CRATEDB, DBMS.CUBRID, DBMS.CACHE, DBMS.EXTREMEDB, DBMS.FRONTBASE, DBMS.RAIMA, DBMS.VIRTUOSO): elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE, DBMS.DB2, DBMS.FIREBIRD, DBMS.HSQLDB, DBMS.H2, DBMS.MONETDB, DBMS.DERBY, DBMS.VERTICA, DBMS.MCKOI, DBMS.PRESTO, DBMS.ALTIBASE, DBMS.MIMERSQL, DBMS.CRATEDB, DBMS.CUBRID, DBMS.CACHE, DBMS.EXTREMEDB, DBMS.FRONTBASE, DBMS.RAIMA, DBMS.VIRTUOSO, DBMS.SNOWFLAKE):
if fieldsExists: if fieldsExists:
concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'||" % kb.chars.start, 1) concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'||" % kb.chars.start, 1)
concatenatedQuery += "||'%s'" % kb.chars.stop concatenatedQuery += "||'%s'" % kb.chars.stop
@ -1045,7 +1045,7 @@ class Agent(object):
limitStr = queries[Backend.getIdentifiedDbms()].limit.query % (num, 1) limitStr = queries[Backend.getIdentifiedDbms()].limit.query % (num, 1)
limitedQuery += " %s" % limitStr limitedQuery += " %s" % limitStr
elif Backend.getIdentifiedDbms() in (DBMS.H2, DBMS.CRATEDB, DBMS.CLICKHOUSE): elif Backend.getIdentifiedDbms() in (DBMS.H2, DBMS.CRATEDB, DBMS.CLICKHOUSE, DBMS.SNOWFLAKE):
limitStr = queries[Backend.getIdentifiedDbms()].limit.query % (1, num) limitStr = queries[Backend.getIdentifiedDbms()].limit.query % (1, num)
limitedQuery += " %s" % limitStr limitedQuery += " %s" % limitStr

7
lib/core/common.py
View File

@ -3461,6 +3461,9 @@ def parseSqliteTableSchema(value):
columns[column] = match.group(3) or "TEXT" columns[column] = match.group(3) or "TEXT"
table[safeSQLIdentificatorNaming(conf.tbl, True)] = columns table[safeSQLIdentificatorNaming(conf.tbl, True)] = columns
if conf.db in kb.data.cachedColumns:
kb.data.cachedColumns[conf.db].update(table)
else:
kb.data.cachedColumns[conf.db] = table kb.data.cachedColumns[conf.db] = table
return retVal return retVal
@ -4291,7 +4294,7 @@ def safeSQLIdentificatorNaming(name, isTable=False):
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.ACCESS, DBMS.CUBRID, DBMS.SQLITE): # Note: in SQLite double-quotes are treated as string if column/identifier is non-existent (e.g. SELECT "foobar" FROM users) if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.ACCESS, DBMS.CUBRID, DBMS.SQLITE): # Note: in SQLite double-quotes are treated as string if column/identifier is non-existent (e.g. SELECT "foobar" FROM users)
retVal = "`%s`" % retVal retVal = "`%s`" % retVal
elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.DB2, DBMS.HSQLDB, DBMS.H2, DBMS.INFORMIX, DBMS.MONETDB, DBMS.VERTICA, DBMS.MCKOI, DBMS.PRESTO, DBMS.CRATEDB, DBMS.CACHE, DBMS.EXTREMEDB, DBMS.FRONTBASE, DBMS.RAIMA, DBMS.VIRTUOSO): elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.DB2, DBMS.HSQLDB, DBMS.H2, DBMS.INFORMIX, DBMS.MONETDB, DBMS.VERTICA, DBMS.MCKOI, DBMS.PRESTO, DBMS.CRATEDB, DBMS.CACHE, DBMS.EXTREMEDB, DBMS.FRONTBASE, DBMS.RAIMA, DBMS.VIRTUOSO, DBMS.SNOWFLAKE):
retVal = "\"%s\"" % retVal retVal = "\"%s\"" % retVal
elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.ALTIBASE, DBMS.MIMERSQL): elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.ALTIBASE, DBMS.MIMERSQL):
retVal = "\"%s\"" % retVal.upper() retVal = "\"%s\"" % retVal.upper()
@ -4330,7 +4333,7 @@ def unsafeSQLIdentificatorNaming(name):
if isinstance(name, six.string_types): if isinstance(name, six.string_types):
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.ACCESS, DBMS.CUBRID, DBMS.SQLITE): if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.ACCESS, DBMS.CUBRID, DBMS.SQLITE):
retVal = name.replace("`", "") retVal = name.replace("`", "")
elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.DB2, DBMS.HSQLDB, DBMS.H2, DBMS.INFORMIX, DBMS.MONETDB, DBMS.VERTICA, DBMS.MCKOI, DBMS.PRESTO, DBMS.CRATEDB, DBMS.CACHE, DBMS.EXTREMEDB, DBMS.FRONTBASE, DBMS.RAIMA, DBMS.VIRTUOSO): elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.DB2, DBMS.HSQLDB, DBMS.H2, DBMS.INFORMIX, DBMS.MONETDB, DBMS.VERTICA, DBMS.MCKOI, DBMS.PRESTO, DBMS.CRATEDB, DBMS.CACHE, DBMS.EXTREMEDB, DBMS.FRONTBASE, DBMS.RAIMA, DBMS.VIRTUOSO, DBMS.SNOWFLAKE):
retVal = name.replace("\"", "") retVal = name.replace("\"", "")
elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.ALTIBASE, DBMS.MIMERSQL): elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.ALTIBASE, DBMS.MIMERSQL):
retVal = name.replace("\"", "").upper() retVal = name.replace("\"", "").upper()

6
lib/core/convert.py
View File

@ -295,7 +295,11 @@ def getBytes(value, encoding=None, errors="strict", unsafe=True):
except (LookupError, TypeError): except (LookupError, TypeError):
encoding = UNICODE_ENCODING encoding = UNICODE_ENCODING
if isinstance(value, six.text_type): if isinstance(value, bytearray):
return bytes(value)
elif isinstance(value, memoryview):
return value.tobytes()
elif isinstance(value, six.text_type):
if INVALID_UNICODE_PRIVATE_AREA: if INVALID_UNICODE_PRIVATE_AREA:
if unsafe: if unsafe:
for char in xrange(0xF0000, 0xF00FF + 1): for char in xrange(0xF0000, 0xF00FF + 1):

13
lib/core/decorators.py
View File

@ -96,13 +96,24 @@ def stackedmethod(f):
result = f(*args, **kwargs) result = f(*args, **kwargs)
finally: finally:
if len(threadData.valueStack) > originalLevel: if len(threadData.valueStack) > originalLevel:
threadData.valueStack = threadData.valueStack[:originalLevel] del threadData.valueStack[originalLevel:]
return result return result
return _ return _
def lockedmethod(f): def lockedmethod(f):
"""
Decorates a function or method with a reentrant lock (only one thread can execute the function at a time)
>>> @lockedmethod
... def recursive_count(n):
... if n <= 0: return 0
... return n + recursive_count(n - 1)
>>> recursive_count(5)
15
"""
lock = threading.RLock() lock = threading.RLock()
@functools.wraps(f) @functools.wraps(f)

5
lib/core/dicts.py
View File

@ -39,6 +39,7 @@ from lib.core.settings import SYBASE_ALIASES
from lib.core.settings import VERTICA_ALIASES from lib.core.settings import VERTICA_ALIASES
from lib.core.settings import VIRTUOSO_ALIASES from lib.core.settings import VIRTUOSO_ALIASES
from lib.core.settings import CLICKHOUSE_ALIASES from lib.core.settings import CLICKHOUSE_ALIASES
from lib.core.settings import SNOWFLAKE_ALIASES
FIREBIRD_TYPES = { FIREBIRD_TYPES = {
261: "BLOB", 261: "BLOB",
@ -250,6 +251,7 @@ DBMS_DICT = {
DBMS.FRONTBASE: (FRONTBASE_ALIASES, None, None, None), DBMS.FRONTBASE: (FRONTBASE_ALIASES, None, None, None),
DBMS.RAIMA: (RAIMA_ALIASES, None, None, None), DBMS.RAIMA: (RAIMA_ALIASES, None, None, None),
DBMS.VIRTUOSO: (VIRTUOSO_ALIASES, None, None, None), DBMS.VIRTUOSO: (VIRTUOSO_ALIASES, None, None, None),
DBMS.SNOWFLAKE: (SNOWFLAKE_ALIASES, None, None, "snowflake"),
} }
# Reference: https://blog.jooq.org/tag/sysibm-sysdummy1/ # Reference: https://blog.jooq.org/tag/sysibm-sysdummy1/
@ -288,7 +290,8 @@ HEURISTIC_NULL_EVAL = {
DBMS.EXTREMEDB: "NULLIFZERO(hashcode(NULL))", DBMS.EXTREMEDB: "NULLIFZERO(hashcode(NULL))",
DBMS.RAIMA: "IF(ROWNUMBER()>0,CONVERT(NULL,TINYINT),NULL)", DBMS.RAIMA: "IF(ROWNUMBER()>0,CONVERT(NULL,TINYINT),NULL)",
DBMS.VIRTUOSO: "__MAX_NOTNULL(NULL)", DBMS.VIRTUOSO: "__MAX_NOTNULL(NULL)",
DBMS.CLICKHOUSE: "halfMD5(NULL) IS NULL", DBMS.CLICKHOUSE: "halfMD5(NULL)",
DBMS.SNOWFLAKE: "BOOLNOT(NULL)",
} }
SQL_STATEMENTS = { SQL_STATEMENTS = {

2
lib/core/dump.py
View File

@ -175,7 +175,7 @@ class Dump(object):
self.string("current user", data, content_type=CONTENT_TYPE.CURRENT_USER) self.string("current user", data, content_type=CONTENT_TYPE.CURRENT_USER)
def currentDb(self, data): def currentDb(self, data):
if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.PGSQL, DBMS.HSQLDB, DBMS.H2, DBMS.MONETDB, DBMS.VERTICA, DBMS.CRATEDB, DBMS.CACHE, DBMS.FRONTBASE): if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.PGSQL, DBMS.HSQLDB, DBMS.H2, DBMS.MONETDB, DBMS.VERTICA, DBMS.CRATEDB, DBMS.CACHE, DBMS.FRONTBASE, DBMS.SNOWFLAKE):
self.string("current database (equivalent to schema on %s)" % Backend.getIdentifiedDbms(), data, content_type=CONTENT_TYPE.CURRENT_DB) self.string("current database (equivalent to schema on %s)" % Backend.getIdentifiedDbms(), data, content_type=CONTENT_TYPE.CURRENT_DB)
elif Backend.getIdentifiedDbms() in (DBMS.ALTIBASE, DBMS.DB2, DBMS.MIMERSQL, DBMS.MAXDB, DBMS.VIRTUOSO): elif Backend.getIdentifiedDbms() in (DBMS.ALTIBASE, DBMS.DB2, DBMS.MIMERSQL, DBMS.MAXDB, DBMS.VIRTUOSO):
self.string("current database (equivalent to owner on %s)" % Backend.getIdentifiedDbms(), data, content_type=CONTENT_TYPE.CURRENT_DB) self.string("current database (equivalent to owner on %s)" % Backend.getIdentifiedDbms(), data, content_type=CONTENT_TYPE.CURRENT_DB)

2
lib/core/enums.py
View File

@ -60,6 +60,7 @@ class DBMS(object):
FRONTBASE = "FrontBase" FRONTBASE = "FrontBase"
RAIMA = "Raima Database Manager" RAIMA = "Raima Database Manager"
VIRTUOSO = "Virtuoso" VIRTUOSO = "Virtuoso"
SNOWFLAKE = "Snowflake"
class DBMS_DIRECTORY_NAME(object): class DBMS_DIRECTORY_NAME(object):
ACCESS = "access" ACCESS = "access"
@ -90,6 +91,7 @@ class DBMS_DIRECTORY_NAME(object):
FRONTBASE = "frontbase" FRONTBASE = "frontbase"
RAIMA = "raima" RAIMA = "raima"
VIRTUOSO = "virtuoso" VIRTUOSO = "virtuoso"
SNOWFLAKE = "snowflake"
class FORK(object): class FORK(object):
MARIADB = "MariaDB" MARIADB = "MariaDB"

2
lib/core/option.py
View File

@ -2038,7 +2038,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
kb.cache.addrinfo = {} kb.cache.addrinfo = {}
kb.cache.content = LRUDict(capacity=16) kb.cache.content = LRUDict(capacity=16)
kb.cache.comparison = {} kb.cache.comparison = {}
kb.cache.encoding = {} kb.cache.encoding = LRUDict(capacity=256)
kb.cache.alphaBoundaries = None kb.cache.alphaBoundaries = None
kb.cache.hashRegex = None kb.cache.hashRegex = None
kb.cache.intBoundaries = None kb.cache.intBoundaries = None

4
lib/core/patch.py
View File

@ -101,7 +101,7 @@ def dirtyPatches():
# Reference: https://github.com/sqlmapproject/sqlmap/issues/5929 # Reference: https://github.com/sqlmapproject/sqlmap/issues/5929
try: try:
global collections import collections
if not hasattr(collections, "MutableSet"): if not hasattr(collections, "MutableSet"):
import collections.abc import collections.abc
collections.MutableSet = collections.abc.MutableSet collections.MutableSet = collections.abc.MutableSet
@ -139,7 +139,7 @@ def dirtyPatches():
# Installing "reversible" unicode (decoding) error handler # Installing "reversible" unicode (decoding) error handler
def _reversible(ex): def _reversible(ex):
if INVALID_UNICODE_PRIVATE_AREA: if INVALID_UNICODE_PRIVATE_AREA:
return (u"".join(_unichr(int('000f00%2x' % (_ if isinstance(_, int) else ord(_)), 16)) for _ in ex.object[ex.start:ex.end]), ex.end) return (u"".join(_unichr(int('000f00%02x' % (_ if isinstance(_, int) else ord(_)), 16)) for _ in ex.object[ex.start:ex.end]), ex.end)
else: else:
return (u"".join(INVALID_UNICODE_CHAR_FORMAT % (_ if isinstance(_, int) else ord(_)) for _ in ex.object[ex.start:ex.end]), ex.end) return (u"".join(INVALID_UNICODE_CHAR_FORMAT % (_ if isinstance(_, int) else ord(_)) for _ in ex.object[ex.start:ex.end]), ex.end)

8
lib/core/replication.py
View File

@ -106,10 +106,12 @@ class Replication(object):
""" """
This function is used for selecting row(s) from current table. This function is used for selecting row(s) from current table.
""" """
_ = 'SELECT * FROM %s' % self.name query = 'SELECT * FROM "%s"' % self.name
if condition: if condition:
_ += 'WHERE %s' % condition query += ' WHERE %s' % condition
return self.execute(_)
self.execute(query)
return self.parent.cursor.fetchall()
def createTable(self, tblname, columns=None, typeless=False): def createTable(self, tblname, columns=None, typeless=False):
""" """

14
lib/core/settings.py
View File

@ -19,7 +19,7 @@ from lib.core.enums import OS
from thirdparty import six from thirdparty import six
# sqlmap version (<major>.<minor>.<month>.<monthly commit>) # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.10" VERSION = "1.10.1.37"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
@ -61,7 +61,7 @@ LOWER_RATIO_BOUND = 0.02
UPPER_RATIO_BOUND = 0.98 UPPER_RATIO_BOUND = 0.98
# For filling in case of dumb push updates # For filling in case of dumb push updates
DUMMY_JUNK = "Aich8ooT" DUMMY_JUNK = "theim1Ga"
# Markers for special cases when parameter values contain html encoded characters # Markers for special cases when parameter values contain html encoded characters
PARAMETER_AMP_MARKER = "__PARAMETER_AMP__" PARAMETER_AMP_MARKER = "__PARAMETER_AMP__"
@ -292,6 +292,7 @@ EXTREMEDB_SYSTEM_DBS = ("",)
FRONTBASE_SYSTEM_DBS = ("DEFINITION_SCHEMA", "INFORMATION_SCHEMA") FRONTBASE_SYSTEM_DBS = ("DEFINITION_SCHEMA", "INFORMATION_SCHEMA")
RAIMA_SYSTEM_DBS = ("",) RAIMA_SYSTEM_DBS = ("",)
VIRTUOSO_SYSTEM_DBS = ("",) VIRTUOSO_SYSTEM_DBS = ("",)
SNOWFLAKE_SYSTEM_DBS = ("INFORMATION_SCHEMA",)
# Note: (<regular>) + (<forks>) # Note: (<regular>) + (<forks>)
MSSQL_ALIASES = ("microsoft sql server", "mssqlserver", "mssql", "ms") MSSQL_ALIASES = ("microsoft sql server", "mssqlserver", "mssql", "ms")
@ -322,20 +323,21 @@ EXTREMEDB_ALIASES = ("extremedb", "extreme")
FRONTBASE_ALIASES = ("frontbase",) FRONTBASE_ALIASES = ("frontbase",)
RAIMA_ALIASES = ("raima database manager", "raima", "raimadb", "raimadm", "rdm", "rds", "velocis") RAIMA_ALIASES = ("raima database manager", "raima", "raimadb", "raimadm", "rdm", "rds", "velocis")
VIRTUOSO_ALIASES = ("virtuoso", "openlink virtuoso") VIRTUOSO_ALIASES = ("virtuoso", "openlink virtuoso")
SNOWFLAKE_ALIASES = ("snowflake",)
DBMS_DIRECTORY_DICT = dict((getattr(DBMS, _), getattr(DBMS_DIRECTORY_NAME, _)) for _ in dir(DBMS) if not _.startswith("_")) DBMS_DIRECTORY_DICT = dict((getattr(DBMS, _), getattr(DBMS_DIRECTORY_NAME, _)) for _ in dir(DBMS) if not _.startswith("_"))
SUPPORTED_DBMS = set(MSSQL_ALIASES + MYSQL_ALIASES + PGSQL_ALIASES + ORACLE_ALIASES + SQLITE_ALIASES + ACCESS_ALIASES + FIREBIRD_ALIASES + MAXDB_ALIASES + SYBASE_ALIASES + DB2_ALIASES + HSQLDB_ALIASES + H2_ALIASES + INFORMIX_ALIASES + MONETDB_ALIASES + DERBY_ALIASES + VERTICA_ALIASES + MCKOI_ALIASES + PRESTO_ALIASES + ALTIBASE_ALIASES + MIMERSQL_ALIASES + CLICKHOUSE_ALIASES + CRATEDB_ALIASES + CUBRID_ALIASES + CACHE_ALIASES + EXTREMEDB_ALIASES + RAIMA_ALIASES + VIRTUOSO_ALIASES) SUPPORTED_DBMS = set(MSSQL_ALIASES + MYSQL_ALIASES + PGSQL_ALIASES + ORACLE_ALIASES + SQLITE_ALIASES + ACCESS_ALIASES + FIREBIRD_ALIASES + MAXDB_ALIASES + SYBASE_ALIASES + DB2_ALIASES + HSQLDB_ALIASES + H2_ALIASES + INFORMIX_ALIASES + MONETDB_ALIASES + DERBY_ALIASES + VERTICA_ALIASES + MCKOI_ALIASES + PRESTO_ALIASES + ALTIBASE_ALIASES + MIMERSQL_ALIASES + CLICKHOUSE_ALIASES + CRATEDB_ALIASES + CUBRID_ALIASES + CACHE_ALIASES + EXTREMEDB_ALIASES + RAIMA_ALIASES + VIRTUOSO_ALIASES + SNOWFLAKE_ALIASES)
SUPPORTED_OS = ("linux", "windows") SUPPORTED_OS = ("linux", "windows")
DBMS_ALIASES = ((DBMS.MSSQL, MSSQL_ALIASES), (DBMS.MYSQL, MYSQL_ALIASES), (DBMS.PGSQL, PGSQL_ALIASES), (DBMS.ORACLE, ORACLE_ALIASES), (DBMS.SQLITE, SQLITE_ALIASES), (DBMS.ACCESS, ACCESS_ALIASES), (DBMS.FIREBIRD, FIREBIRD_ALIASES), (DBMS.MAXDB, MAXDB_ALIASES), (DBMS.SYBASE, SYBASE_ALIASES), (DBMS.DB2, DB2_ALIASES), (DBMS.HSQLDB, HSQLDB_ALIASES), (DBMS.H2, H2_ALIASES), (DBMS.INFORMIX, INFORMIX_ALIASES), (DBMS.MONETDB, MONETDB_ALIASES), (DBMS.DERBY, DERBY_ALIASES), (DBMS.VERTICA, VERTICA_ALIASES), (DBMS.MCKOI, MCKOI_ALIASES), (DBMS.PRESTO, PRESTO_ALIASES), (DBMS.ALTIBASE, ALTIBASE_ALIASES), (DBMS.MIMERSQL, MIMERSQL_ALIASES), (DBMS.CLICKHOUSE, CLICKHOUSE_ALIASES), (DBMS.CRATEDB, CRATEDB_ALIASES), (DBMS.CUBRID, CUBRID_ALIASES), (DBMS.CACHE, CACHE_ALIASES), (DBMS.EXTREMEDB, EXTREMEDB_ALIASES), (DBMS.FRONTBASE, FRONTBASE_ALIASES), (DBMS.RAIMA, RAIMA_ALIASES), (DBMS.VIRTUOSO, VIRTUOSO_ALIASES)) DBMS_ALIASES = ((DBMS.MSSQL, MSSQL_ALIASES), (DBMS.MYSQL, MYSQL_ALIASES), (DBMS.PGSQL, PGSQL_ALIASES), (DBMS.ORACLE, ORACLE_ALIASES), (DBMS.SQLITE, SQLITE_ALIASES), (DBMS.ACCESS, ACCESS_ALIASES), (DBMS.FIREBIRD, FIREBIRD_ALIASES), (DBMS.MAXDB, MAXDB_ALIASES), (DBMS.SYBASE, SYBASE_ALIASES), (DBMS.DB2, DB2_ALIASES), (DBMS.HSQLDB, HSQLDB_ALIASES), (DBMS.H2, H2_ALIASES), (DBMS.INFORMIX, INFORMIX_ALIASES), (DBMS.MONETDB, MONETDB_ALIASES), (DBMS.DERBY, DERBY_ALIASES), (DBMS.VERTICA, VERTICA_ALIASES), (DBMS.MCKOI, MCKOI_ALIASES), (DBMS.PRESTO, PRESTO_ALIASES), (DBMS.ALTIBASE, ALTIBASE_ALIASES), (DBMS.MIMERSQL, MIMERSQL_ALIASES), (DBMS.CLICKHOUSE, CLICKHOUSE_ALIASES), (DBMS.CRATEDB, CRATEDB_ALIASES), (DBMS.CUBRID, CUBRID_ALIASES), (DBMS.CACHE, CACHE_ALIASES), (DBMS.EXTREMEDB, EXTREMEDB_ALIASES), (DBMS.FRONTBASE, FRONTBASE_ALIASES), (DBMS.RAIMA, RAIMA_ALIASES), (DBMS.VIRTUOSO, VIRTUOSO_ALIASES), (DBMS.SNOWFLAKE, SNOWFLAKE_ALIASES))
USER_AGENT_ALIASES = ("ua", "useragent", "user-agent") USER_AGENT_ALIASES = ("ua", "useragent", "user-agent")
REFERER_ALIASES = ("ref", "referer", "referrer") REFERER_ALIASES = ("ref", "referer", "referrer")
HOST_ALIASES = ("host",) HOST_ALIASES = ("host",)
# DBMSes with upper case identifiers # DBMSes with upper case identifiers
UPPER_CASE_DBMSES = set((DBMS.ORACLE, DBMS.DB2, DBMS.FIREBIRD, DBMS.MAXDB, DBMS.H2, DBMS.HSQLDB, DBMS.DERBY, DBMS.ALTIBASE)) UPPER_CASE_DBMSES = set((DBMS.ORACLE, DBMS.DB2, DBMS.FIREBIRD, DBMS.MAXDB, DBMS.H2, DBMS.HSQLDB, DBMS.DERBY, DBMS.ALTIBASE, DBMS.SNOWFLAKE))
# Default schemas to use (when unable to enumerate) # Default schemas to use (when unable to enumerate)
H2_DEFAULT_SCHEMA = HSQLDB_DEFAULT_SCHEMA = "PUBLIC" H2_DEFAULT_SCHEMA = HSQLDB_DEFAULT_SCHEMA = "PUBLIC"
@ -797,7 +799,7 @@ CHECK_ZERO_COLUMNS_THRESHOLD = 10
CHECK_SQLITE_TYPE_THRESHOLD = 100 CHECK_SQLITE_TYPE_THRESHOLD = 100
# Boldify all logger messages containing these "patterns" # Boldify all logger messages containing these "patterns"
BOLD_PATTERNS = ("' injectable", "provided empty", "leftover chars", "might be injectable", "' is vulnerable", "is not injectable", "does not seem to be", "test failed", "test passed", "live test final result", "test shows that", "the back-end DBMS is", "created Github", "blocked by the target server", "protection is involved", "CAPTCHA", "specific response", "NULL connection is supported", "PASSED", "FAILED", "for more than", "connection to ", "will be trimmed") BOLD_PATTERNS = ("' injectable", "provided empty", "leftover chars", "might be injectable", "' is vulnerable", "is not injectable", "does not seem to be", "test failed", "test passed", "live test final result", "test shows that", "the back-end DBMS is", "created Github", "blocked by the target server", "protection is involved", "CAPTCHA", "specific response", "NULL connection is supported", "PASSED", "FAILED", "for more than", "connection to ", "will be trimmed", "counterpart to database")
# Regular expression used to search for bold-patterns # Regular expression used to search for bold-patterns
BOLD_PATTERNS_REGEX = '|'.join(BOLD_PATTERNS) BOLD_PATTERNS_REGEX = '|'.join(BOLD_PATTERNS)

6
lib/core/subprocessng.py
View File

@ -75,7 +75,7 @@ class Popen(subprocess.Popen):
def recv_err(self, maxsize=None): def recv_err(self, maxsize=None):
return self._recv('stderr', maxsize) return self._recv('stderr', maxsize)
def send_recv(self, input='', maxsize=None): def send_recv(self, input=b'', maxsize=None):
return self.send(input), self.recv(maxsize), self.recv_err(maxsize) return self.send(input), self.recv(maxsize), self.recv_err(maxsize)
def get_conn_maxsize(self, which, maxsize): def get_conn_maxsize(self, which, maxsize):
@ -97,7 +97,7 @@ class Popen(subprocess.Popen):
try: try:
x = msvcrt.get_osfhandle(self.stdin.fileno()) x = msvcrt.get_osfhandle(self.stdin.fileno())
(_, written) = WriteFile(x, input) (_, written) = WriteFile(x, input)
except ValueError: except (ValueError, NameError):
return self._close('stdin') return self._close('stdin')
except Exception as ex: except Exception as ex:
if getattr(ex, "args", None) and ex.args[0] in (109, errno.ESHUTDOWN): if getattr(ex, "args", None) and ex.args[0] in (109, errno.ESHUTDOWN):
@ -187,7 +187,7 @@ def recv_some(p, t=.1, e=1, tr=5, stderr=0):
y.append(r) y.append(r)
else: else:
time.sleep(max((x - time.time()) / tr, 0)) time.sleep(max((x - time.time()) / tr, 0))
return b''.join(y) return b''.join(getBytes(i) for i in y)
def send_all(p, data): def send_all(p, data):
if not data: if not data:

23
lib/core/testing.py
View File

@ -43,7 +43,7 @@ def vulnTest():
("-u <url> --data=\"reflect=1\" --flush-session --wizard --disable-coloring", ("Please choose:", "back-end DBMS: SQLite", "current user is DBA: True", "banner: '3.")), ("-u <url> --data=\"reflect=1\" --flush-session --wizard --disable-coloring", ("Please choose:", "back-end DBMS: SQLite", "current user is DBA: True", "banner: '3.")),
("-u <url> --data=\"code=1\" --code=200 --technique=B --banner --no-cast --flush-session", ("back-end DBMS: SQLite", "banner: '3.", "~COALESCE(CAST(")), ("-u <url> --data=\"code=1\" --code=200 --technique=B --banner --no-cast --flush-session", ("back-end DBMS: SQLite", "banner: '3.", "~COALESCE(CAST(")),
(u"-c <config> --flush-session --output-dir=\"<tmpdir>\" --smart --roles --statements --hostname --privileges --sql-query=\"SELECT '\u0161u\u0107uraj'\" --technique=U", (u": '\u0161u\u0107uraj'", "on SQLite it is not possible", "as the output directory")), (u"-c <config> --flush-session --output-dir=\"<tmpdir>\" --smart --roles --statements --hostname --privileges --sql-query=\"SELECT '\u0161u\u0107uraj'\" --technique=U", (u": '\u0161u\u0107uraj'", "on SQLite it is not possible", "as the output directory")),
(u"-u <url> --flush-session --sql-query=\"SELECT '\u0161u\u0107uraj'\" --technique=B --no-escape --string=luther --unstable", (u": '\u0161u\u0107uraj'",)), (u"-u <url> --flush-session --sql-query=\"SELECT '\u0161u\u0107uraj'\" --titles --technique=B --no-escape --string=luther --unstable", (u": '\u0161u\u0107uraj'", "~with --string",)),
("-m <multiple> --flush-session --technique=B --banner", ("/3] URL:", "back-end DBMS: SQLite", "banner: '3.")), ("-m <multiple> --flush-session --technique=B --banner", ("/3] URL:", "back-end DBMS: SQLite", "banner: '3.")),
("--dummy", ("all tested parameters do not appear to be injectable", "does not seem to be injectable", "there is not at least one", "~might be injectable")), ("--dummy", ("all tested parameters do not appear to be injectable", "does not seem to be injectable", "there is not at least one", "~might be injectable")),
("-u \"<url>&id2=1\" -p id2 -v 5 --flush-session --level=5 --text-only --test-filter=\"AND boolean-based blind - WHERE or HAVING clause (MySQL comment)\"", ("~1AND",)), ("-u \"<url>&id2=1\" -p id2 -v 5 --flush-session --level=5 --text-only --test-filter=\"AND boolean-based blind - WHERE or HAVING clause (MySQL comment)\"", ("~1AND",)),
@ -62,19 +62,20 @@ def vulnTest():
("-u <base> --flush-session -H \"Foo: Bar\" -H \"Sna: Fu\" --data=\"<root><param name=\\\"id\\\" value=\\\"1*\\\"/></root>\" --union-char=1 --mobile --answers=\"smartphone=3\" --banner --smart -v 5", ("might be injectable", "Payload: <root><param name=\"id\" value=\"1", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", "banner: '3.", "Nexus", "Sna: Fu", "Foo: Bar")), ("-u <base> --flush-session -H \"Foo: Bar\" -H \"Sna: Fu\" --data=\"<root><param name=\\\"id\\\" value=\\\"1*\\\"/></root>\" --union-char=1 --mobile --answers=\"smartphone=3\" --banner --smart -v 5", ("might be injectable", "Payload: <root><param name=\"id\" value=\"1", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", "banner: '3.", "Nexus", "Sna: Fu", "Foo: Bar")),
("-u <base> --flush-session --technique=BU --method=PUT --data=\"a=1;id=1;b=2\" --param-del=\";\" --skip-static --har=<tmpfile> --dump -T users --start=1 --stop=2", ("might be injectable", "Parameter: id (PUT)", "Type: boolean-based blind", "Type: UNION query", "2 entries")), ("-u <base> --flush-session --technique=BU --method=PUT --data=\"a=1;id=1;b=2\" --param-del=\";\" --skip-static --har=<tmpfile> --dump -T users --start=1 --stop=2", ("might be injectable", "Parameter: id (PUT)", "Type: boolean-based blind", "Type: UNION query", "2 entries")),
("-u <url> --flush-session -H \"id: 1*\" --tables -t <tmpfile>", ("might be injectable", "Parameter: id #1* ((custom) HEADER)", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", " users ")), ("-u <url> --flush-session -H \"id: 1*\" --tables -t <tmpfile>", ("might be injectable", "Parameter: id #1* ((custom) HEADER)", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", " users ")),
("-u <url> --flush-session --banner --invalid-logical --technique=B --predict-output --test-filter=\"OR boolean\" --tamper=space2dash", ("banner: '3.", " LIKE ")), ("-u <url> --flush-session --banner --invalid-logical --technique=B --predict-output --titles --test-filter=\"OR boolean\" --tamper=space2dash", ("banner: '3.", " LIKE ")),
("-u <url> --flush-session --cookie=\"PHPSESSID=d41d8cd98f00b204e9800998ecf8427e; id=1*; id2=2\" --tables --union-cols=3", ("might be injectable", "Cookie #1* ((custom) HEADER)", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", " users ")), ("-u <url> --flush-session --cookie=\"PHPSESSID=d41d8cd98f00b204e9800998ecf8427e; id=1*; id2=2\" --tables --union-cols=3", ("might be injectable", "Cookie #1* ((custom) HEADER)", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", " users ")),
("-u <url> --flush-session --null-connection --technique=B --tamper=between,randomcase --banner --count -T users", ("NULL connection is supported with HEAD method", "banner: '3.", "users | 5")), ("-u <url> --flush-session --null-connection --technique=B --tamper=between,randomcase --banner --count -T users", ("NULL connection is supported with HEAD method", "banner: '3.", "users | 30")),
("-u <base> --data=\"aWQ9MQ==\" --flush-session --base64=POST -v 6", ("aWQ9MTtXQUlURk9SIERFTEFZICcwOjA",)), ("-u <base> --data=\"aWQ9MQ==\" --flush-session --base64=POST -v 6", ("aWQ9MTtXQUlURk9SIERFTEFZICcwOjA",)),
("-u <url> --flush-session --parse-errors --test-filter=\"subquery\" --eval=\"import hashlib; id2=2; id3=hashlib.md5(id.encode()).hexdigest()\" --referer=\"localhost\"", ("might be injectable", ": syntax error", "back-end DBMS: SQLite", "WHERE or HAVING clause (subquery")), ("-u <url> --flush-session --parse-errors --test-filter=\"subquery\" --eval=\"import hashlib; id2=2; id3=hashlib.md5(id.encode()).hexdigest()\" --referer=\"localhost\"", ("might be injectable", ": syntax error", "back-end DBMS: SQLite", "WHERE or HAVING clause (subquery")),
("-u <url> --banner --schema --dump -T users --binary-fields=surname --where \"id>3\"", ("banner: '3.", "INTEGER", "TEXT", "id", "name", "surname", "2 entries", "6E616D6569736E756C6C")), ("-u <url> --banner --schema --dump -T users --binary-fields=surname --where \"id>3\"", ("banner: '3.", "INTEGER", "TEXT", "id", "name", "surname", "27 entries", "6E616D6569736E756C6C")),
("-u <url> --technique=U --fresh-queries --force-partial --dump -T users --dump-format=HTML --answers=\"crack=n\" -v 3", ("performed 6 queries", "nameisnull", "~using default dictionary", "dumped to HTML file")), ("-u <url> --technique=U --fresh-queries --force-partial --dump -T users --dump-format=HTML --answers=\"crack=n\" -v 3", ("performed 31 queries", "nameisnull", "~using default dictionary", "dumped to HTML file")),
("-u <url> --flush-session --technique=BU --all", ("5 entries", "Type: boolean-based blind", "Type: UNION query", "luther", "blisset", "fluffy", "179ad45c6ce2cb97cf1029e212046e81", "NULL", "nameisnull", "testpass")), ("-u <url> --flush-session --technique=BU --all", ("30 entries", "Type: boolean-based blind", "Type: UNION query", "luther", "blisset", "fluffy", "179ad45c6ce2cb97cf1029e212046e81", "NULL", "nameisnull", "testpass")),
("-u <url> -z \"tec=B\" --hex --fresh-queries --threads=4 --sql-query=\"SELECT * FROM users\"", ("SELECT * FROM users [5]", "nameisnull")), ("-u <url> -z \"tec=B\" --hex --fresh-queries --threads=4 --sql-query=\"SELECT * FROM users\"", ("SELECT * FROM users [30]", "nameisnull")),
("-u \"<url>&echo=foobar*\" --flush-session", ("might be vulnerable to cross-site scripting",)), ("-u \"<url>&echo=foobar*\" --flush-session", ("might be vulnerable to cross-site scripting",)),
("-u \"<url>&query=*\" --flush-session --technique=Q --banner", ("Title: SQLite inline queries", "banner: '3.")), ("-u \"<url>&query=*\" --flush-session --technique=Q --banner", ("Title: SQLite inline queries", "banner: '3.")),
("-d \"<direct>\" --flush-session --dump -T users --dump-format=SQLITE --binary-fields=name --where \"id=3\"", ("7775", "179ad45c6ce2cb97cf1029e212046e81 (testpass)", "dumped to SQLITE database")), ("-d \"<direct>\" --flush-session --dump -T creds --dump-format=SQLITE --binary-fields=password_hash --where \"user_id=5\"", ("3137396164343563366365326362393763663130323965323132303436653831", "dumped to SQLITE database")),
("-d \"<direct>\" --flush-session --banner --schema --sql-query=\"UPDATE users SET name='foobar' WHERE id=5; SELECT * FROM users; SELECT 987654321\"", ("banner: '3.", "INTEGER", "TEXT", "id", "name", "surname", "5,foobar,nameisnull", "'987654321'",)), ("-d \"<direct>\" --flush-session --banner --schema --sql-query=\"UPDATE users SET name='foobar' WHERE id=4; SELECT * FROM users; SELECT 987654321\"", ("banner: '3.", "INTEGER", "TEXT", "id", "name", "surname", "4,foobar,nameisnull", "'987654321'",)),
("-u <base>csrf --data=\"id=1&csrf_token=1\" --banner --answers=\"update=y\" --flush-session", ("back-end DBMS: SQLite", "banner: '3.")),
("--purge -v 3", ("~ERROR", "~CRITICAL", "deleting the whole directory tree")), ("--purge -v 3", ("~ERROR", "~CRITICAL", "deleting the whole directory tree")),
) )
@ -182,7 +183,7 @@ def vulnTest():
for options, checks in TESTS: for options, checks in TESTS:
status = '%d/%d (%d%%) ' % (count, len(TESTS), round(100.0 * count / len(TESTS))) status = '%d/%d (%d%%) ' % (count, len(TESTS), round(100.0 * count / len(TESTS)))
dataToStdout("\r[%s] [INFO] complete: %s" % (time.strftime("%X"), status)) dataToStdout("\r[%s] [INFO] completed: %s" % (time.strftime("%X"), status))
if IS_WIN and "uraj" in options: if IS_WIN and "uraj" in options:
options = options.replace(u"\u0161u\u0107uraj", "sucuraj") options = options.replace(u"\u0161u\u0107uraj", "sucuraj")
@ -281,7 +282,7 @@ def smokeTest():
count += 1 count += 1
status = '%d/%d (%d%%) ' % (count, length, round(100.0 * count / length)) status = '%d/%d (%d%%) ' % (count, length, round(100.0 * count / length))
dataToStdout("\r[%s] [INFO] complete: %s" % (time.strftime("%X"), status)) dataToStdout("\r[%s] [INFO] completed: %s" % (time.strftime("%X"), status))
def _(node): def _(node):
for __ in dir(node): for __ in dir(node):

2
lib/core/update.py
View File

@ -163,7 +163,7 @@ def update():
infoMsg += "to use a GitHub for Windows client for updating " infoMsg += "to use a GitHub for Windows client for updating "
infoMsg += "purposes (https://desktop.github.com/) or just " infoMsg += "purposes (https://desktop.github.com/) or just "
infoMsg += "download the latest snapshot from " infoMsg += "download the latest snapshot from "
infoMsg += "https://github.com/sqlmapproject/sqlmap/downloads" infoMsg += "https://github.com/sqlmapproject/sqlmap/releases"
else: else:
infoMsg = "for Linux platform it's recommended " infoMsg = "for Linux platform it's recommended "
infoMsg += "to install a standard 'git' package (e.g.: 'apt install git')" infoMsg += "to install a standard 'git' package (e.g.: 'apt install git')"

9
lib/parse/payloads.py
View File

@ -44,7 +44,7 @@ def parseXmlNode(node):
for element in node.findall("boundary"): for element in node.findall("boundary"):
boundary = AttribDict() boundary = AttribDict()
for child in element: for child in element.findall("*"):
if child.text: if child.text:
values = cleanupVals(child.text, child.tag) values = cleanupVals(child.text, child.tag)
boundary[child.tag] = values boundary[child.tag] = values
@ -56,18 +56,19 @@ def parseXmlNode(node):
for element in node.findall("test"): for element in node.findall("test"):
test = AttribDict() test = AttribDict()
for child in element: for child in element.findall("*"):
if child.text and child.text.strip(): if child.text and child.text.strip():
values = cleanupVals(child.text, child.tag) values = cleanupVals(child.text, child.tag)
test[child.tag] = values test[child.tag] = values
else: else:
if len(child.findall("*")) == 0: progeny = child.findall("*")
if len(progeny) == 0:
test[child.tag] = None test[child.tag] = None
continue continue
else: else:
test[child.tag] = AttribDict() test[child.tag] = AttribDict()
for gchild in child: for gchild in progeny:
if gchild.tag in test[child.tag]: if gchild.tag in test[child.tag]:
prevtext = test[child.tag][gchild.tag] prevtext = test[child.tag][gchild.tag]
test[child.tag][gchild.tag] = [prevtext, gchild.text] test[child.tag][gchild.tag] = [prevtext, gchild.text]

25
lib/request/basic.py
View File

@ -10,7 +10,6 @@ import gzip
import io import io
import logging import logging
import re import re
import struct
import zlib import zlib
from lib.core.common import Backend from lib.core.common import Backend
@ -249,6 +248,7 @@ def checkCharEncoding(encoding, warn=True):
return encoding return encoding
@lockedmethod
def getHeuristicCharEncoding(page): def getHeuristicCharEncoding(page):
""" """
Returns page encoding charset detected by usage of heuristics Returns page encoding charset detected by usage of heuristics
@ -259,8 +259,11 @@ def getHeuristicCharEncoding(page):
'ascii' 'ascii'
""" """
key = hash(page) key = (len(page), hash(page))
retVal = kb.cache.encoding[key] if key in kb.cache.encoding else detect(page[:HEURISTIC_PAGE_SIZE_THRESHOLD])["encoding"]
retVal = kb.cache.encoding.get(key)
if retVal is None:
retVal = detect(page[:HEURISTIC_PAGE_SIZE_THRESHOLD])["encoding"]
kb.cache.encoding[key] = retVal kb.cache.encoding[key] = retVal
if retVal and retVal.lower().replace('-', "") == UNICODE_ENCODING.lower().replace('-', ""): if retVal and retVal.lower().replace('-', "") == UNICODE_ENCODING.lower().replace('-', ""):
@ -282,8 +285,8 @@ def decodePage(page, contentEncoding, contentType, percentDecode=True):
if not page or (conf.nullConnection and len(page) < 2): if not page or (conf.nullConnection and len(page) < 2):
return getUnicode(page) return getUnicode(page)
contentEncoding = contentEncoding.lower() if hasattr(contentEncoding, "lower") else "" contentEncoding = getText(contentEncoding).lower() if contentEncoding else ""
contentType = contentType.lower() if hasattr(contentType, "lower") else "" contentType = getText(contentType).lower() if contentType else ""
if contentEncoding in ("gzip", "x-gzip", "deflate"): if contentEncoding in ("gzip", "x-gzip", "deflate"):
if not kb.pageCompress: if not kb.pageCompress:
@ -291,14 +294,16 @@ def decodePage(page, contentEncoding, contentType, percentDecode=True):
try: try:
if contentEncoding == "deflate": if contentEncoding == "deflate":
data = io.BytesIO(zlib.decompress(page, -15)) # Reference: http://stackoverflow.com/questions/1089662/python-inflate-and-deflate-implementations obj = zlib.decompressobj(-15)
page = obj.decompress(page, MAX_CONNECTION_TOTAL_SIZE + 1)
page += obj.flush()
if len(page) > MAX_CONNECTION_TOTAL_SIZE:
raise Exception("size too large")
else: else:
data = gzip.GzipFile("", "rb", 9, io.BytesIO(page)) data = gzip.GzipFile("", "rb", 9, io.BytesIO(page))
size = struct.unpack("<l", page[-4:])[0] # Reference: http://pydoc.org/get.cgi/usr/local/lib/python2.5/gzip.py page = data.read(MAX_CONNECTION_TOTAL_SIZE + 1)
if size > MAX_CONNECTION_TOTAL_SIZE: if len(page) > MAX_CONNECTION_TOTAL_SIZE:
raise Exception("size too large") raise Exception("size too large")
page = data.read()
except Exception as ex: except Exception as ex:
if b"<html" not in page: # in some cases, invalid "Content-Encoding" appears for plain HTML (should be ignored) if b"<html" not in page: # in some cases, invalid "Content-Encoding" appears for plain HTML (should be ignored)
errMsg = "detected invalid data for declared content " errMsg = "detected invalid data for declared content "

5
lib/request/dns.py
View File

@ -89,15 +89,20 @@ class DNSServer(object):
def _check_localhost(self): def _check_localhost(self):
response = b"" response = b""
s = None
try: try:
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
s.settimeout(1.0)
s.connect(("", 53)) s.connect(("", 53))
s.send(binascii.unhexlify("6509012000010000000000010377777706676f6f676c6503636f6d00000100010000291000000000000000")) # A www.google.com s.send(binascii.unhexlify("6509012000010000000000010377777706676f6f676c6503636f6d00000100010000291000000000000000")) # A www.google.com
response = s.recv(512) response = s.recv(512)
except: except:
pass pass
finally: finally:
if s:
s.close()
if response and b"google" in response: if response and b"google" in response:
raise socket.error("another DNS service already running on '0.0.0.0:53'") raise socket.error("another DNS service already running on '0.0.0.0:53'")

3
lib/request/httpshandler.py
View File

@ -65,6 +65,7 @@ class HTTPSConnection(_http_client.HTTPSConnection):
# https://www.mnot.net/blog/2014/12/27/python_2_and_tls_sni # https://www.mnot.net/blog/2014/12/27/python_2_and_tls_sni
if hasattr(ssl, "SSLContext"): if hasattr(ssl, "SSLContext"):
for protocol in (_ for _ in _protocols if _ >= ssl.PROTOCOL_TLSv1): for protocol in (_ for _ in _protocols if _ >= ssl.PROTOCOL_TLSv1):
sock = None
try: try:
sock = create_sock() sock = create_sock()
if protocol not in _contexts: if protocol not in _contexts:
@ -94,6 +95,8 @@ class HTTPSConnection(_http_client.HTTPSConnection):
sock.close() sock.close()
except (ssl.SSLError, socket.error, _http_client.BadStatusLine, AttributeError) as ex: except (ssl.SSLError, socket.error, _http_client.BadStatusLine, AttributeError) as ex:
self._tunnel_host = None self._tunnel_host = None
if sock:
sock.close()
logger.debug("SSL connection error occurred for '%s' ('%s')" % (_lut[protocol], getSafeExString(ex))) logger.debug("SSL connection error occurred for '%s' ('%s')" % (_lut[protocol], getSafeExString(ex)))
elif hasattr(ssl, "wrap_socket"): elif hasattr(ssl, "wrap_socket"):

28
lib/request/pkihandler.py
View File

@ -5,12 +5,20 @@ Copyright (c) 2006-2026 sqlmap developers (https://sqlmap.org)
See the file 'LICENSE' for copying permission See the file 'LICENSE' for copying permission
""" """
ssl = None
try:
import ssl as _ssl
ssl = _ssl
except ImportError:
pass
from lib.core.data import conf from lib.core.data import conf
from lib.core.common import getSafeExString from lib.core.common import getSafeExString
from lib.core.exception import SqlmapConnectionException from lib.core.exception import SqlmapConnectionException
from thirdparty.six.moves import http_client as _http_client from thirdparty.six.moves import http_client as _http_client
from thirdparty.six.moves import urllib as _urllib from thirdparty.six.moves import urllib as _urllib
class HTTPSPKIAuthHandler(_urllib.request.HTTPSHandler): class HTTPSPKIAuthHandler(_urllib.request.HTTPSHandler):
def __init__(self, auth_file): def __init__(self, auth_file):
_urllib.request.HTTPSHandler.__init__(self) _urllib.request.HTTPSHandler.__init__(self)
@ -20,10 +28,24 @@ class HTTPSPKIAuthHandler(_urllib.request.HTTPSHandler):
return self.do_open(self.getConnection, req) return self.do_open(self.getConnection, req)
def getConnection(self, host, timeout=None): def getConnection(self, host, timeout=None):
if timeout is None:
timeout = conf.timeout
if not hasattr(_http_client, "HTTPSConnection"):
raise SqlmapConnectionException("HTTPS support is not available in this Python build")
try: try:
# Reference: https://docs.python.org/2/library/ssl.html#ssl.SSLContext.load_cert_chain if ssl and hasattr(ssl, "SSLContext") and hasattr(ssl, "create_default_context"):
return _http_client.HTTPSConnection(host, cert_file=self.auth_file, key_file=self.auth_file, timeout=conf.timeout) ctx = ssl.create_default_context()
except IOError as ex: ctx.load_cert_chain(certfile=self.auth_file, keyfile=self.auth_file)
try:
return _http_client.HTTPSConnection(host, timeout=timeout, context=ctx)
except TypeError:
pass
return _http_client.HTTPSConnection(host, cert_file=self.auth_file, key_file=self.auth_file, timeout=timeout)
except (IOError, OSError) as ex:
errMsg = "error occurred while using key " errMsg = "error occurred while using key "
errMsg += "file '%s' ('%s')" % (self.auth_file, getSafeExString(ex)) errMsg += "file '%s' ('%s')" % (self.auth_file, getSafeExString(ex))
raise SqlmapConnectionException(errMsg) raise SqlmapConnectionException(errMsg)

2
lib/request/rangehandler.py
View File

@ -25,5 +25,5 @@ class HTTPRangeHandler(_urllib.request.BaseHandler):
def http_error_416(self, req, fp, code, msg, hdrs): def http_error_416(self, req, fp, code, msg, hdrs):
# HTTP's Range Not Satisfiable error # HTTP's Range Not Satisfiable error
errMsg = "there was a problem while connecting " errMsg = "there was a problem while connecting "
errMsg += "target ('406 - Range Not Satisfiable')" errMsg += "target ('416 - Range Not Satisfiable')"
raise SqlmapConnectionException(errMsg) raise SqlmapConnectionException(errMsg)

2
plugins/dbms/mssqlserver/fingerprint.py
View File

@ -82,7 +82,7 @@ class Fingerprint(GenericFingerprint):
if conf.direct: if conf.direct:
result = True result = True
else: else:
result = inject.checkBooleanExpression("UNICODE(SQUARE(NULL)) IS NULL") result = inject.checkBooleanExpression("IS_SRVROLEMEMBER(NULL) IS NULL")
if result: if result:
infoMsg = "confirming %s" % DBMS.MSSQL infoMsg = "confirming %s" % DBMS.MSSQL

29
plugins/dbms/snowflake/__init__.py Normal file
View File

@ -0,0 +1,29 @@
#!/usr/bin/env python
"""
Copyright (c) 2006-2026 sqlmap developers (https://sqlmap.org)
See the file 'LICENSE' for copying permission
"""
from lib.core.enums import DBMS
from lib.core.settings import SNOWFLAKE_SYSTEM_DBS
from lib.core.unescaper import unescaper
from plugins.dbms.snowflake.enumeration import Enumeration
from plugins.dbms.snowflake.filesystem import Filesystem
from plugins.dbms.snowflake.fingerprint import Fingerprint
from plugins.dbms.snowflake.syntax import Syntax
from plugins.dbms.snowflake.takeover import Takeover
from plugins.generic.misc import Miscellaneous
class SnowflakeMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):
"""
This class defines Snowflake methods
"""
def __init__(self):
self.excludeDbsList = SNOWFLAKE_SYSTEM_DBS
for cls in self.__class__.__bases__:
cls.__init__(self)
unescaper[DBMS.SNOWFLAKE] = Syntax.escape

70
plugins/dbms/snowflake/connector.py Normal file
View File

@ -0,0 +1,70 @@
#!/usr/bin/env python
"""
Copyright (c) 2006-2026 sqlmap developers (https://sqlmap.org)
See the file 'LICENSE' for copying permission
"""
try:
import snowflake.connector
except:
pass
import logging
from lib.core.common import getSafeExString
from lib.core.convert import getText
from lib.core.data import conf
from lib.core.data import logger
from lib.core.exception import SqlmapConnectionException
from plugins.generic.connector import Connector as GenericConnector
class Connector(GenericConnector):
"""
Homepage: https://www.snowflake.com/
User guide: https://docs.snowflake.com/en/developer-guide/python-connector/python-connector
API: https://docs.snowflake.com/en/developer-guide/python-connector/python-connector-api
"""
def __init__(self):
GenericConnector.__init__(self)
def connect(self):
self.initConnection()
try:
self.connector = snowflake.connector.connect(
user=self.user,
password=self.password,
account=self.account,
warehouse=self.warehouse,
database=self.db,
schema=self.schema
)
cursor = self.connector.cursor()
cursor.execute("SELECT CURRENT_VERSION()")
cursor.close()
except Exception as ex:
raise SqlmapConnectionException(getSafeExString(ex))
self.initCursor()
self.printConnected()
def fetchall(self):
try:
return self.cursor.fetchall()
except Exception as ex:
logger.log(logging.WARNING if conf.dbmsHandler else logging.DEBUG, "(remote) '%s'" % getSafeExString(ex))
return None
def execute(self, query):
try:
self.cursor.execute(getText(query))
except Exception as ex:
logger.log(logging.WARNING if conf.dbmsHandler else logging.DEBUG, "(remote) '%s'" % getSafeExString(ex))
return None
def select(self, query):
self.execute(query)
return self.fetchall()

31
plugins/dbms/snowflake/enumeration.py Normal file
View File

@ -0,0 +1,31 @@
#!/usr/bin/env python
"""
Copyright (c) 2006-2026 sqlmap developers (https://sqlmap.org)
See the file 'LICENSE' for copying permission
"""
from lib.core.data import logger
from lib.core.exception import SqlmapUnsupportedFeatureException
from plugins.generic.enumeration import Enumeration as GenericEnumeration
class Enumeration(GenericEnumeration):
def getPasswordHashes(self):
warnMsg = "on Snowflake it is not possible to enumerate the user password hashes"
logger.warning(warnMsg)
return {}
def getRoles(self, *args, **kwargs):
warnMsg = "on Snowflake it is not possible to enumerate the user roles"
logger.warning(warnMsg)
return {}
def searchDb(self):
warnMsg = "on Snowflake it is not possible to search databases"
logger.warning(warnMsg)
return []
def searchColumn(self):
errMsg = "on Snowflake it is not possible to search columns"
raise SqlmapUnsupportedFeatureException(errMsg)

18
plugins/dbms/snowflake/filesystem.py Normal file
View File

@ -0,0 +1,18 @@
#!/usr/bin/env python
"""
Copyright (c) 2006-2026 sqlmap developers (https://sqlmap.org)
See the file 'LICENSE' for copying permission
"""
from lib.core.exception import SqlmapUnsupportedFeatureException
from plugins.generic.filesystem import Filesystem as GenericFilesystem
class Filesystem(GenericFilesystem):
def readFile(self, remoteFile):
errMsg = "on Snowflake it is not possible to read files"
raise SqlmapUnsupportedFeatureException(errMsg)
def writeFile(self, localFile, remoteFile, fileType=None, forceCheck=False):
errMsg = "on Snowflake it is not possible to write files"
raise SqlmapUnsupportedFeatureException(errMsg)

96
plugins/dbms/snowflake/fingerprint.py Normal file
View File

@ -0,0 +1,96 @@
#!/usr/bin/env python
"""
Copyright (c) 2006-2026 sqlmap developers (https://sqlmap.org)
See the file 'LICENSE' for copying permission
"""
from lib.core.common import Backend
from lib.core.common import Format
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.enums import DBMS
from lib.core.session import setDbms
from lib.core.settings import METADB_SUFFIX
from lib.core.settings import SNOWFLAKE_ALIASES
from lib.request import inject
from plugins.generic.fingerprint import Fingerprint as GenericFingerprint
class Fingerprint(GenericFingerprint):
def __init__(self):
GenericFingerprint.__init__(self, DBMS.SNOWFLAKE)
def getFingerprint(self):
value = ""
wsOsFp = Format.getOs("web server", kb.headersFp)
if wsOsFp:
value += "%s\n" % wsOsFp
if kb.data.banner:
dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp)
if dbmsOsFp:
value += "%s\n" % dbmsOsFp
value += "back-end DBMS: "
if not conf.extensiveFp:
value += DBMS.SNOWFLAKE
return value
actVer = Format.getDbms()
blank = " " * 15
value += "active fingerprint: %s" % actVer
if kb.bannerFp:
banVer = kb.bannerFp.get("dbmsVersion")
if banVer:
banVer = Format.getDbms([banVer])
value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
htmlErrorFp = Format.getErrorParsedDBMSes()
if htmlErrorFp:
value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
return value
def checkDbms(self):
"""
References for fingerprint:
* https://docs.snowflake.com/en/sql-reference/functions/current_warehouse
* https://docs.snowflake.com/en/sql-reference/functions/md5_number_upper64
"""
if not conf.extensiveFp and Backend.isDbmsWithin(SNOWFLAKE_ALIASES):
setDbms("%s %s" % (DBMS.SNOWFLAKE, Backend.getVersion()))
self.getBanner()
return True
infoMsg = "testing %s" % DBMS.SNOWFLAKE
logger.info(infoMsg)
result = inject.checkBooleanExpression("CURRENT_WAREHOUSE()=CURRENT_WAREHOUSE()")
if result:
infoMsg = "confirming %s" % DBMS.SNOWFLAKE
logger.info(infoMsg)
result = inject.checkBooleanExpression("MD5_NUMBER_UPPER64('[RANDSTR]')=MD5_NUMBER_UPPER64('[RANDSTR]')")
if not result:
warnMsg = "the back-end DBMS is not %s" % DBMS.SNOWFLAKE
logger.warning(warnMsg)
return False
setDbms(DBMS.SNOWFLAKE)
self.getBanner()
return True
else:
warnMsg = "the back-end DBMS is not %s" % DBMS.SNOWFLAKE
logger.warning(warnMsg)
return False

22
plugins/dbms/snowflake/syntax.py Normal file
View File

@ -0,0 +1,22 @@
#!/usr/bin/env python
"""
Copyright (c) 2006-2026 sqlmap developers (https://sqlmap.org)
See the file 'LICENSE' for copying permission
"""
from lib.core.convert import getOrds
from plugins.generic.syntax import Syntax as GenericSyntax
class Syntax(GenericSyntax):
@staticmethod
def escape(expression, quote=True):
"""
>>> Syntax.escape("SELECT 'abcdefgh' FROM foobar") == "SELECT CHR(97)||CHR(98)||CHR(99)||CHR(100)||CHR(101)||CHR(102)||CHR(103)||CHR(104) FROM foobar"
True
"""
def escaper(value):
return "||".join("CHR(%d)" % _ for _ in getOrds(value))
return Syntax._escape(expression, quote, escaper)

28
plugins/dbms/snowflake/takeover.py Normal file
View File

@ -0,0 +1,28 @@
#!/usr/bin/env python
"""
Copyright (c) 2006-2026 sqlmap developers (https://sqlmap.org)
See the file 'LICENSE' for copying permission
"""
from lib.core.exception import SqlmapUnsupportedFeatureException
from plugins.generic.takeover import Takeover as GenericTakeover
class Takeover(GenericTakeover):
def osCmd(self):
errMsg = "on Snowflake it is not possible to execute commands"
raise SqlmapUnsupportedFeatureException(errMsg)
def osShell(self):
errMsg = "on Snowflake it is not possible to execute commands"
raise SqlmapUnsupportedFeatureException(errMsg)
def osPwn(self):
errMsg = "on Snowflake it is not possible to establish an "
errMsg += "out-of-band connection"
raise SqlmapUnsupportedFeatureException(errMsg)
def osSmb(self):
errMsg = "on Snowflake it is not possible to establish an "
errMsg += "out-of-band connection"
raise SqlmapUnsupportedFeatureException(errMsg)

13
plugins/generic/databases.py
View File

@ -83,7 +83,7 @@ class Databases(object):
if not kb.data.currentDb and Backend.isDbms(DBMS.VERTICA): if not kb.data.currentDb and Backend.isDbms(DBMS.VERTICA):
kb.data.currentDb = VERTICA_DEFAULT_SCHEMA kb.data.currentDb = VERTICA_DEFAULT_SCHEMA
if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.PGSQL, DBMS.MONETDB, DBMS.DERBY, DBMS.VERTICA, DBMS.PRESTO, DBMS.MIMERSQL, DBMS.CRATEDB, DBMS.CACHE, DBMS.FRONTBASE): if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.PGSQL, DBMS.MONETDB, DBMS.DERBY, DBMS.VERTICA, DBMS.PRESTO, DBMS.MIMERSQL, DBMS.CRATEDB, DBMS.CACHE, DBMS.FRONTBASE, DBMS.SNOWFLAKE):
warnMsg = "on %s you'll need to use " % Backend.getIdentifiedDbms() warnMsg = "on %s you'll need to use " % Backend.getIdentifiedDbms()
warnMsg += "schema names for enumeration as the counterpart to database " warnMsg += "schema names for enumeration as the counterpart to database "
warnMsg += "names on other DBMSes" warnMsg += "names on other DBMSes"
@ -108,7 +108,7 @@ class Databases(object):
warnMsg += "names will be fetched from 'mysql' database" warnMsg += "names will be fetched from 'mysql' database"
logger.warning(warnMsg) logger.warning(warnMsg)
elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.PGSQL, DBMS.MONETDB, DBMS.DERBY, DBMS.VERTICA, DBMS.PRESTO, DBMS.MIMERSQL, DBMS.CRATEDB, DBMS.CACHE, DBMS.FRONTBASE): elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.PGSQL, DBMS.MONETDB, DBMS.DERBY, DBMS.VERTICA, DBMS.PRESTO, DBMS.MIMERSQL, DBMS.CRATEDB, DBMS.CACHE, DBMS.FRONTBASE, DBMS.SNOWFLAKE):
warnMsg = "schema names are going to be used on %s " % Backend.getIdentifiedDbms() warnMsg = "schema names are going to be used on %s " % Backend.getIdentifiedDbms()
warnMsg += "for enumeration as the counterpart to database " warnMsg += "for enumeration as the counterpart to database "
warnMsg += "names on other DBMSes" warnMsg += "names on other DBMSes"
@ -621,14 +621,14 @@ class Databases(object):
condQueryStr = "%%s%s" % colCondParam condQueryStr = "%%s%s" % colCondParam
condQuery = " AND (%s)" % " OR ".join(condQueryStr % (condition, unsafeSQLIdentificatorNaming(col)) for col in sorted(colList)) condQuery = " AND (%s)" % " OR ".join(condQueryStr % (condition, unsafeSQLIdentificatorNaming(col)) for col in sorted(colList))
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.HSQLDB, DBMS.H2, DBMS.MONETDB, DBMS.VERTICA, DBMS.PRESTO, DBMS.CRATEDB, DBMS.CUBRID, DBMS.CACHE, DBMS.FRONTBASE, DBMS.VIRTUOSO, DBMS.CLICKHOUSE): if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.HSQLDB, DBMS.H2, DBMS.MONETDB, DBMS.VERTICA, DBMS.PRESTO, DBMS.CRATEDB, DBMS.CUBRID, DBMS.CACHE, DBMS.FRONTBASE, DBMS.VIRTUOSO, DBMS.CLICKHOUSE, DBMS.SNOWFLAKE):
query = rootQuery.inband.query % (unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(conf.db)) query = rootQuery.inband.query % (unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(conf.db))
query += condQuery query += condQuery
if Backend.isDbms(DBMS.MYSQL) and Backend.isFork(FORK.DRIZZLE): if Backend.isDbms(DBMS.MYSQL) and Backend.isFork(FORK.DRIZZLE):
query = re.sub("column_type", "data_type", query, flags=re.I) query = re.sub("column_type", "data_type", query, flags=re.I)
elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.DERBY, DBMS.ALTIBASE, DBMS.MIMERSQL): elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.DERBY, DBMS.ALTIBASE, DBMS.MIMERSQL, DBMS.SNOWFLAKE):
query = rootQuery.inband.query % (unsafeSQLIdentificatorNaming(tbl.upper()), unsafeSQLIdentificatorNaming(conf.db.upper())) query = rootQuery.inband.query % (unsafeSQLIdentificatorNaming(tbl.upper()), unsafeSQLIdentificatorNaming(conf.db.upper()))
query += condQuery query += condQuery
@ -757,7 +757,7 @@ class Databases(object):
condQueryStr = "%%s%s" % colCondParam condQueryStr = "%%s%s" % colCondParam
condQuery = " AND (%s)" % " OR ".join(condQueryStr % (condition, unsafeSQLIdentificatorNaming(col)) for col in sorted(colList)) condQuery = " AND (%s)" % " OR ".join(condQueryStr % (condition, unsafeSQLIdentificatorNaming(col)) for col in sorted(colList))
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.HSQLDB, DBMS.H2, DBMS.MONETDB, DBMS.VERTICA, DBMS.PRESTO, DBMS.CRATEDB, DBMS.CUBRID, DBMS.CACHE, DBMS.FRONTBASE, DBMS.VIRTUOSO, DBMS.CLICKHOUSE): if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.HSQLDB, DBMS.H2, DBMS.MONETDB, DBMS.VERTICA, DBMS.PRESTO, DBMS.CRATEDB, DBMS.CUBRID, DBMS.CACHE, DBMS.FRONTBASE, DBMS.VIRTUOSO, DBMS.CLICKHOUSE, DBMS.SNOWFLAKE):
query = rootQuery.blind.count % (unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(conf.db)) query = rootQuery.blind.count % (unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(conf.db))
query += condQuery query += condQuery
@ -838,6 +838,9 @@ class Databases(object):
query = rootQuery.blind.query % (unsafeSQLIdentificatorNaming(tbl.upper()), unsafeSQLIdentificatorNaming(conf.db.upper())) query = rootQuery.blind.query % (unsafeSQLIdentificatorNaming(tbl.upper()), unsafeSQLIdentificatorNaming(conf.db.upper()))
query = query.replace(" ORDER BY ", "%s ORDER BY " % condQuery) query = query.replace(" ORDER BY ", "%s ORDER BY " % condQuery)
field = None field = None
elif Backend.isDbms(DBMS.SNOWFLAKE):
query = rootQuery.blind.query % (unsafeSQLIdentificatorNaming(tbl.upper()), unsafeSQLIdentificatorNaming(conf.db.upper()))
field = None
elif Backend.getIdentifiedDbms() in (DBMS.MONETDB, DBMS.CLICKHOUSE): elif Backend.getIdentifiedDbms() in (DBMS.MONETDB, DBMS.CLICKHOUSE):
query = safeStringFormat(rootQuery.blind.query, (unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(conf.db), index)) query = safeStringFormat(rootQuery.blind.query, (unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(conf.db), index))
field = None field = None

8
plugins/generic/entries.py
View File

@ -185,9 +185,9 @@ class Entries(object):
entries = [] entries = []
query = None query = None
if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.DERBY, DBMS.ALTIBASE, DBMS.MIMERSQL): if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.DERBY, DBMS.ALTIBASE, DBMS.MIMERSQL, DBMS.SNOWFLAKE):
query = rootQuery.inband.query % (colString, tbl.upper() if not conf.db else ("%s.%s" % (conf.db.upper(), tbl.upper()))) query = rootQuery.inband.query % (colString, tbl.upper() if not conf.db else ("%s.%s" % (conf.db.upper(), tbl.upper())))
elif Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.ACCESS, DBMS.FIREBIRD, DBMS.MAXDB, DBMS.MCKOI, DBMS.EXTREMEDB, DBMS.RAIMA): elif Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.ACCESS, DBMS.FIREBIRD, DBMS.MAXDB, DBMS.MCKOI, DBMS.EXTREMEDB, DBMS.RAIMA, DBMS.SNOWFLAKE):
query = rootQuery.inband.query % (colString, tbl) query = rootQuery.inband.query % (colString, tbl)
elif Backend.getIdentifiedDbms() in (DBMS.SYBASE, DBMS.MSSQL): elif Backend.getIdentifiedDbms() in (DBMS.SYBASE, DBMS.MSSQL):
# Partial inband and error # Partial inband and error
@ -294,7 +294,7 @@ class Entries(object):
infoMsg += "in database '%s'" % unsafeSQLIdentificatorNaming(conf.db) infoMsg += "in database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
logger.info(infoMsg) logger.info(infoMsg)
if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.DERBY, DBMS.ALTIBASE, DBMS.MIMERSQL): if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.DERBY, DBMS.ALTIBASE, DBMS.MIMERSQL, DBMS.SNOWFLAKE):
query = rootQuery.blind.count % (tbl.upper() if not conf.db else ("%s.%s" % (conf.db.upper(), tbl.upper()))) query = rootQuery.blind.count % (tbl.upper() if not conf.db else ("%s.%s" % (conf.db.upper(), tbl.upper())))
elif Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.MAXDB, DBMS.ACCESS, DBMS.FIREBIRD, DBMS.MCKOI, DBMS.EXTREMEDB, DBMS.RAIMA): elif Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.MAXDB, DBMS.ACCESS, DBMS.FIREBIRD, DBMS.MCKOI, DBMS.EXTREMEDB, DBMS.RAIMA):
query = rootQuery.blind.count % tbl query = rootQuery.blind.count % tbl
@ -410,7 +410,7 @@ class Entries(object):
if column not in entries: if column not in entries:
entries[column] = BigArray() entries[column] = BigArray()
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.HSQLDB, DBMS.H2, DBMS.VERTICA, DBMS.PRESTO, DBMS.CRATEDB, DBMS.CACHE, DBMS.CLICKHOUSE): if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.HSQLDB, DBMS.H2, DBMS.VERTICA, DBMS.PRESTO, DBMS.CRATEDB, DBMS.CACHE, DBMS.CLICKHOUSE, DBMS.SNOWFLAKE):
query = rootQuery.blind.query % (agent.preprocessField(tbl, column), conf.db, conf.tbl, sorted(colList, key=len)[0], index) query = rootQuery.blind.query % (agent.preprocessField(tbl, column), conf.db, conf.tbl, sorted(colList, key=len)[0], index)
elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.DERBY, DBMS.ALTIBASE,): elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.DERBY, DBMS.ALTIBASE,):
query = rootQuery.blind.query % (agent.preprocessField(tbl, column), tbl.upper() if not conf.db else ("%s.%s" % (conf.db.upper(), tbl.upper())), index) query = rootQuery.blind.query % (agent.preprocessField(tbl, column), tbl.upper() if not conf.db else ("%s.%s" % (conf.db.upper(), tbl.upper())), index)

2
plugins/generic/users.py
View File

@ -457,7 +457,7 @@ class Users(object):
# In MySQL >= 5.0 and Oracle we get the list # In MySQL >= 5.0 and Oracle we get the list
# of privileges as string # of privileges as string
elif Backend.isDbms(DBMS.ORACLE) or (Backend.isDbms(DBMS.MYSQL) and kb.data.has_information_schema) or Backend.getIdentifiedDbms() in (DBMS.VERTICA, DBMS.MIMERSQL, DBMS.CUBRID): elif Backend.isDbms(DBMS.ORACLE) or (Backend.isDbms(DBMS.MYSQL) and kb.data.has_information_schema) or Backend.getIdentifiedDbms() in (DBMS.VERTICA, DBMS.MIMERSQL, DBMS.CUBRID, DBMS.SNOWFLAKE):
privileges.add(privilege) privileges.add(privilege)
# In MySQL < 5.0 we get Y if the privilege is # In MySQL < 5.0 we get Y if the privilege is

146
sqlmapapi.yaml
View File

@ -37,6 +37,106 @@ paths:
success: success:
type: boolean type: boolean
example: true example: true
/task/{taskid}/delete:
get:
description: Delete an existing task
parameters:
- in: path
name: taskid
required: true
schema:
type: string
description: Scan task ID
responses:
'200':
description: OK
content:
application/json:
schema:
type: object
properties:
success:
type: boolean
example: true
/option/{taskid}/list:
get:
description: List options for a given task ID
parameters:
- in: path
name: taskid
required: true
schema:
type: string
description: Scan task ID
responses:
'200':
description: OK
content:
application/json:
schema:
type: object
properties:
success:
type: boolean
example: true
options:
type: array
items:
type: object
/option/{taskid}/get:
post:
description: Get value of option(s) for a certain task ID
parameters:
- in: path
name: taskid
required: true
schema:
type: string
requestBody:
content:
application/json:
schema:
type: array
items:
type: string
example: ["url", "cookie"]
responses:
'200':
description: OK
content:
application/json:
schema:
type: object
properties:
success:
type: boolean
options:
type: object
/option/{taskid}/set:
post:
description: Set value of option(s) for a certain task ID
parameters:
- in: path
name: taskid
required: true
schema:
type: string
requestBody:
content:
application/json:
schema:
type: object
example: {"cookie": "id=1"}
responses:
'200':
description: OK
content:
application/json:
schema:
type: object
properties:
success:
type: boolean
/scan/{taskid}/start: /scan/{taskid}/start:
post: post:
description: Launch a scan description: Launch a scan
@ -120,31 +220,6 @@ paths:
success: success:
type: boolean type: boolean
example: true example: true
/scan/{taskid}/list:
get:
description: List options for a given task ID
parameters:
- in: path
name: taskid
required: true
schema:
type: string
description: Scan task ID
responses:
'200':
description: OK
content:
application/json:
schema:
type: object
properties:
success:
type: boolean
example: true
options:
type: array
items:
type: object
/scan/{taskid}/data: /scan/{taskid}/data:
get: get:
description: Retrieve the scan resulting data description: Retrieve the scan resulting data
@ -220,24 +295,3 @@ paths:
success: success:
type: boolean type: boolean
example: true example: true
/task/{taskid}/delete:
get:
description: Delete an existing task
parameters:
- in: path
name: taskid
required: true
schema:
type: string
description: Scan task ID
responses:
'200':
description: OK
content:
application/json:
schema:
type: object
properties:
success:
type: boolean
example: true