Getting rid of the codecs.open (python3.14)

Minor update for python3.14
Minor update
2025-08-13 16:44:46 +03:00 · 2025-08-11 17:10:31 +02:00 · 2025-08-11 16:56:12 +02:00 · 2025-08-11 12:26:11 +02:00 · 2025-08-11 11:30:42 +02:00 · 2025-08-05 14:57:58 +02:00
20 changed files with 207 additions and 109 deletions
--- a/README.md
+++ b/README.md
@ -53,6 +53,7 @@ Translations
 ----

 * [Arabic](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ar-AR.md)
+* [Bengali](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-bn-BD.md)
 * [Bulgarian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-bg-BG.md)
 * [Chinese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-zh-CN.md)
 * [Croatian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-hr-HR.md)
--- a/data/txt/sha256sums.txt
+++ b/data/txt/sha256sums.txt
@ -76,7 +76,7 @@ a7eb4d1bcbdfd155383dcd35396e2d9dd40c2e89ce9d5a02e63a95a94f0ab4ea  data/xml/banne
 e2febc92f9686eacf17a0054f175917b783cc6638ca570435a5203b03245fc18  data/xml/banner/x-aspnet-version.xml
 75672f8faa8053af0df566a48700f2178075f67c593d916313fcff3474da6f82  data/xml/banner/x-powered-by.xml
 1ac399c49ce3cb8c0812bb246e60c8a6718226efe89ccd1f027f49a18dbeb634  data/xml/boundaries.xml
-20fd2f2ba35ade45f242bd3c6e92898ac90b4ee6a63dbb8740cad06f91a395e5  data/xml/errors.xml
+47c444f260fcba24bb1f13e3d4819ed846909f8d2b6e715069d6372ea30f026f  data/xml/errors.xml
 cfa1f0557fb71be0631796a4848d17be536e38f94571cf6ef911454fbc6b30d1  data/xml/payloads/boolean_blind.xml
 f2b711ea18f20239ba9902732631684b61106d4a4271669125a4cf41401b3eaf  data/xml/payloads/error_based.xml
 b0f434f64105bd61ab0f6867b3f681b97fa02b4fb809ac538db382d031f0e609  data/xml/payloads/inline_query.xml
@ -90,6 +90,7 @@ abb6261b1c531ad2ee3ada8184c76bcdc38732558d11a8e519f36fcc95325f7e  doc/AUTHORS
 f939c6341e3ab16b0bb9d597e4b13856c7d922be27fd8dba3aa976b347771f16  doc/THIRD-PARTY.md
 3a8d6530c3aa16938078ee5f0e25178e8ce92758d3bad5809f800aded24c9633  doc/translations/README-ar-AR.md
 d739d4ced220b342316f5814216bdb1cb85609cd5ebb89e606478ac43301009e  doc/translations/README-bg-BG.md
+66ffca43a07c6d366fe68d5d4c93dca447c7adbff8d5e0f716fcbe54a2021854  doc/translations/README-bn-BD.md
 6882f232e5c02d9feb7d4447e0501e4e27be453134fb32119a228686b46492a5  doc/translations/README-ckb-KU.md
 9bed1c72ffd6b25eaf0ff66ac9eefaa4efc2f5e168f51cf056b0daf3e92a3db2  doc/translations/README-de-DE.md
 008c66ba4a521f7b6f05af2d28669133341a00ebc0a7b68ce0f30480581e998c  doc/translations/README-es-MX.md
@ -159,40 +160,40 @@ df768bcb9838dc6c46dab9b4a877056cb4742bd6cfaaf438c4a3712c5cc0d264  extra/shutils/
 4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811  extra/vulnserver/__init__.py
 eed1db5da17eca4c65a8f999166e2246eef84397687ae820bbe4984ef65a09df  extra/vulnserver/vulnserver.py
 96a39b4e3a9178e4e8285d5acd00115460cc1098ef430ab7573fc8194368da5c  lib/controller/action.py
-fad6640f60eac8ad1b65895cbccc39154864843a2a0b0f2ac596d3227edcd4f6  lib/controller/checks.py
+2c8652359d6790755117ec5c68d0ddffacff5f3377ad5004c4fffd29c2446d61  lib/controller/checks.py
 34e9cf166e21ce991b61ca7695c43c892e8425f7e1228daec8cadd38f786acc6  lib/controller/controller.py
 49bcd74281297c79a6ae5d4b0d1479ddace4476fddaf4383ca682a6977b553e3  lib/controller/handler.py
 4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811  lib/controller/__init__.py
 216c9399853b7454d36dcb552baf9f1169ec7942897ddc46504684325cb6ce00  lib/core/agent.py
-0c10a46c77d5366bc535a148c097d267f28aa82d981a328e76be66e11982a562  lib/core/bigarray.py
+fbba89420acafcdb9ba1a95428cf2161b13cfa2d1a7ad7d5e70c14b0e04861f0  lib/core/bigarray.py
 e3b8f8cf9607d12f3de5e6bcd5031f21f50d4b331844b8e921493dfde2efe0f7  lib/core/common.py
 d53a8aecab8af8b8da4dc1c74d868f70a38770d34b1fa50cae4532cae7ce1c87  lib/core/compat.py
 ebe518089733722879f5a13e73020ebe55d46fb7410cacf292ca4ea1d9d1c56a  lib/core/convert.py
 ae500647c4074681749735a4f3b17b7eca44868dd3f39f9cab0a575888ba04a1  lib/core/data.py
-a051955f483b281344ae16ecc1d26f77ea915db0a77a7b62c1a5b80feb2d4d87  lib/core/datatype.py
-1e4e4cb64c0102a6ef07813c5a6b6c74d50f27d1a084f47067d01e382cf32190  lib/core/decorators.py
+ffae7cfe9f9afb92e887b9a8dbc1630d0063e865f35984ae417b04a4513e5024  lib/core/datatype.py
+8a5a6f5313726d6880aeb1ffca35bc2ff6ecd3709b3e987551189a72fed25bf0  lib/core/decorators.py
 d573a37bb00c8b65f75b275aa92549683180fb209b75fd0ff3870e3848939900  lib/core/defaults.py
 ce6e1c1766acd95168f7708ddcacaa4a586c21ffc9e92024c4715611c802b60c  lib/core/dicts.py
 c9d1f64648062d7962caf02c4e2e7d84e8feb2a14451146f627112aae889afcd  lib/core/dump.py
-9187819a6fd55f4b9a64c6df1a9b4094718d453906fc6eeda541c8880b3b62c4  lib/core/enums.py
+8f7923e8bf58c3f9b0d39cf6d2dfef0c31fae5910059c1cc828d3eb9cd32027d  lib/core/enums.py
 00a9b29caa81fe4a5ef145202f9c92e6081f90b2a85cd76c878d520d900ad856  lib/core/exception.py
 629c0d06d4f4d093badfc8d1de49432d058f66f3223b08dded012eaf05719de2  lib/core/gui.py
 4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811  lib/core/__init__.py
 3d308440fb01d04b5d363bfbe0f337756b098532e5bb7a1c91d5213157ec2c35  lib/core/log.py
 2a06dc9b5c17a1efdcdb903545729809399f1ee96f7352cc19b9aaa227394ff3  lib/core/optiondict.py
-97378f241005dc1b8b4c0a67b9b39af76a9735d2bb0a49e8f2ef59c0d115d93e  lib/core/option.py
-866e93c93541498ecce70125037bdd376d78188e481d225f81843f21f4797d8c  lib/core/patch.py
+3ca1a6759c196aa104130af0ed47826cd01009beaa3fa836a25faabfec7dd18e  lib/core/option.py
+fd449fe2c707ce06c929fc164cbabb3342f3e4e2b86c06f3efc1fc09ac98a25a  lib/core/patch.py
 85f10c6195a3a675892d914328173a6fb6a8393120417a2f10071c6e77bfa47d  lib/core/profiling.py
 c4bfb493a03caf84dd362aec7c248097841de804b7413d0e1ecb8a90c8550bc0  lib/core/readlineng.py
 d1bd70c1a55858495c727fbec91e30af267459c8f64d50fabf9e4ee2c007e920  lib/core/replication.py
 1d0f80b0193ac5204527bfab4bde1a7aee0f693fd008e86b4b29f606d1ef94f3  lib/core/revision.py
 d2eb8e4b05ac93551272b3d4abfaf5b9f2d3ac92499a7704c16ed0b4f200db38  lib/core/session.py
-bf443de2412ceec81399f93923bdbc1575653122edc12c300737466663c491b5  lib/core/settings.py
+d427603d8f6127013c3731eb364dfb0cc3fad15b2811125f823df77dea868357  lib/core/settings.py
 1c5eab9494eb969bc9ce118a2ea6954690c6851cbe54c18373c723b99734bf09  lib/core/shell.py
 4eea6dcf023e41e3c64b210cb5c2efc7ca893b727f5e49d9c924f076bb224053  lib/core/subprocessng.py
 cdd352e1331c6b535e780f6edea79465cb55af53aa2114dcea0e8bf382e56d1a  lib/core/target.py
 6cf11d8b00fa761046686437fe90565e708809f793e88a3f02527d0e49c4d2a8  lib/core/testing.py
-1ba2ba8d39c5f655f45c7454b22870f1884ae7aa36e401e3df1a9ed4de691e3d  lib/core/threads.py
+2a179b7601026a8da092271b30ad353cdb6decd658e2614fa51983aaf6dd80e7  lib/core/threads.py
 6f61e7946e368ee1450c301aaf5a26381a8ae31fc8bffa28afc9383e8b1fbc3f  lib/core/unescaper.py
 f7245b99c17ef88cd9a626ca09c0882a5e172bb10a38a5dec9d08da6c8e2d076  lib/core/update.py
 cba481f8c79f4a75bd147b9eb5a1e6e61d70422fceadd12494b1dbaa4f1d27f4  lib/core/wordlist.py
@ -207,9 +208,9 @@ cfd4857ce17e0a2da312c18dcff28aefaa411f419b4e383b202601c42de40eec  lib/parse/head
 8baab6407b129985bf0acbea17c6a02d3a1b33b81fc646ce6c780d77fe2cc854  lib/parse/payloads.py
 d7082e4a5937f65cbb4862701bad7d4fbc096a826621ba7eab92e52e48ebd6d7  lib/parse/sitemap.py
 0f52f3c1d1f1322a91c98955bd8dc3be80964d8b3421d453a0e73a523c9cfcbf  lib/request/basicauthhandler.py
-18cb22d4dabdcc8e3381baf66edd52e74ad2d2067d0116e134a94ffc950c054e  lib/request/basic.py
+48bdb0f5f05ece57e6e681801f7ed765739ebe537f9fa5a0465332d4f3f91c06  lib/request/basic.py
 fdb4a9f2ca9d01480c3eb115f6fdf8d89f8ff0506c56a223421b395481527670  lib/request/chunkedhandler.py
-bb8a06257d170b268c66dcbd3c0fbe013de52eed1e63bb68caa112af5b9f8ca9  lib/request/comparison.py
+c56a2c170507861403e0ddebd68a111bcf3a5f5fddc7334a9de4ecd572fdcc2f  lib/request/comparison.py
 cfa172dbc459a3250db7fbaadb62b282b62d56b4f290c585d3abec01597fcd40  lib/request/connect.py
 a890be5dee3fb4f5cb8b5f35984017a5c172d587722cf0c690bf50e338deebfa  lib/request/direct.py
 a53fa3513431330ce1725a90e7e3d20f223e14605d699e1f66b41625f04439c7  lib/request/dns.py
@ -221,7 +222,7 @@ eba8b1638c0c19d497dcbab86c9508b2ce870551b16a40db752a13c697d7d267  lib/request/pk
 6336a6aba124905dab3e5ff67f76cf9b735c2a2879cc3bc8951cb06bea125895  lib/request/rangehandler.py
 14b402c3a927b7fb251622c9f4faf507993e033bd3b1cc281fe2873b9a382a51  lib/request/redirecthandler.py
 3157d66bb021b71b2e71e355b209578d15f83000f0655bcf0cd7c7eed5d4669b  lib/request/templates.py
-96f38f1b99648e72f99e419b2119f380635fca42a2a8854625b7ccc630f484a7  lib/takeover/abstraction.py
+5f5680c5b1db48ed2a13f47ba9de8b816d9d4f7f4c7abd07a48eb7ecbe9cf3ca  lib/takeover/abstraction.py
 250782249ee5afbcf3f398c596edbc3a9a1b35b3e11ac182678f6e22c1449852  lib/takeover/icmpsh.py
 4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811  lib/takeover/__init__.py
 24f4f85dad38b4641bd70c8c9a2e5221531a37fdd27e04731176c03b5b1784f5  lib/takeover/metasploit.py
@ -247,7 +248,7 @@ af67d25e8c16b429a5b471d3c629dc1da262262320bf7cd68465d151c02def16  lib/utils/brut
 3aca7632d53ab2569ddef876a1b90f244640a53e19b304c77745f8ddb15e6437  lib/utils/getch.py
 e67aa754b7eeb6ec233c27f7d515e10b6607448056a1daba577936d765551636  lib/utils/har.py
 00135cf61f1cfe79d7be14c526f84a841ad22e736db04e4fe087baeb4c22dc0d  lib/utils/hashdb.py
-acf5b98e409f1d1de8f104b994f97b7ad57768e5651898aa6754102563a25809  lib/utils/hash.py
+d1b4cea5658c0936e2003f01fbf7a9e6f6d6cd8503815cb2c358ed0c0e2f147f  lib/utils/hash.py
 ba862f0c96b1d39797fb21974599e09690d312b17a85e6639bee9d1db510f543  lib/utils/httpd.py
 4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811  lib/utils/__init__.py
 f1d84b1b99ce64c1ccb64aaa35f5231cf094b3dac739f29f76843f23ee10b990  lib/utils/pivotdumptable.py
@ -395,7 +396,7 @@ a1cf9a8cd5e263d1e48dc8b5281febaf868ee91f1e0587dee915949fdb6da1ea  plugins/dbms/m
 784d6065921a8efbba970864a2cb2e0ef1dd1fcea7181cfc3f737bbfa18f0574  plugins/dbms/mssqlserver/__init__.py
 79a887b5a2449bb086805560ff0ec2a2304dd142f47450ae9c2f88cf8bda9ac9  plugins/dbms/mssqlserver/syntax.py
 bb0edf756903d8a9df7b60272541768102c64e562e6e7a356c5a761b835efde3  plugins/dbms/mssqlserver/takeover.py
-9a1a69416af5a3fc60b93dd8a80fb23b3f190fe96f2564f170df2edeb5bb3599  plugins/dbms/mysql/connector.py
+d471eb61a33bd3aa1290cdcce40a5966ebc84af79970f75e8992a2688da4be42  plugins/dbms/mysql/connector.py
 1e29529d6c4938a728a2d42ef4276b46a40bf4309570213cf3c08871a83abdc1  plugins/dbms/mysql/enumeration.py
 200b2c910e6902ef8021fe40b3fb426992a016926414cbf9bb74a3630f40842d  plugins/dbms/mysql/filesystem.py
 b7aa7bf8b1f9ba38597bae7fc8bf436b111eeb5ee6a4ad0a977e56dca88a4afc  plugins/dbms/mysql/fingerprint.py
@ -472,11 +473,11 @@ ab661b605012168d72f84a92ff7e233542df3825c66714c99073e56acea37e2e  plugins/generi
 7bb6403d83cc9fd880180e3ad36dca0cc8268f05f9d7e6f6dba6d405eea48c3a  plugins/generic/takeover.py
 115ee30c77698bb041351686a3f191a3aa247adb2e0da9844f1ad048d0e002cd  plugins/generic/users.py
 4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811  plugins/__init__.py
-baaf7a29a1fe07e7cecc7fb1b1f6a6f327b12154b8d5619e9808b2cf43ad2198  README.md
+f5cad477023c8145c4db7aa530976fc75b098cf59a49905f28d02f6771fd9697  README.md
 535ab6ac8b8441a3758cee86df3e68abec8b43eee54e32777967252057915acc  sqlmapapi.py
 168309215af7dd5b0b71070e1770e72f1cbb29a3d8025143fb8aa0b88cd56b62  sqlmapapi.yaml
 c43cc0dd5b4026083ad420c04705a031504aa503cc99ab2236010c4cbd472d39  sqlmap.conf
-e29538ddcb7bb80fc3b07b3ccc23e46df1faf9ff4b6d7db0558a9a9587a6b8c6  sqlmap.py
+822b706e791eba9b994b08e7600a3adfc3843d360437edfa0bfd588a1f58a13c  sqlmap.py
 82caac95182ac5cae02eb7d8a2dc07e71389aeae6b838d3d3f402c9597eb086a  tamper/0eunion.py
 bc8f5e638578919e4e75a5b01a84b47456bac0fd540e600975a52408a3433460  tamper/apostrophemask.py
 c9c3d71f11de0140906d7b4f24fadb9926dc8eaf5adab864f8106275f05526ce  tamper/apostrophenullencode.py
@ -604,7 +605,7 @@ fd2084a132bf180dad5359e16dac8a29a73ebfd267f7c9423c814e7853060874  thirdparty/col
 4f4b2df6de9c0a8582150c59de2eb665b75548e5a57843fb6d504671ee6e4df3  thirdparty/fcrypt/fcrypt.py
 6a70ddcae455a3876a0f43b0850a19e2d9586d43f7b913dc1ffdf87e87d4bd3f  thirdparty/fcrypt/__init__.py
 dbd1639f97279c76b07c03950e7eb61ed531af542a1bdbe23e83cb2181584fd9  thirdparty/identywaf/data.json
-5aa308d6173ad9e2a5006a719fdbfe8c20d7e14b6d70c04045b935e44caa96d0  thirdparty/identywaf/identYwaf.py
+e5c0b59577c30bb44c781d2f129580eaa003e46dcc4f307f08bc7f15e1555a2e  thirdparty/identywaf/identYwaf.py
 edf23e7105539d700a1ae1bc52436e57e019b345a7d0227e4d85b6353ef535fa  thirdparty/identywaf/__init__.py
 d846fdc47a11a58da9e463a948200f69265181f3dbc38148bfe4141fade10347  thirdparty/identywaf/LICENSE
 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  thirdparty/__init__.py
--- a/data/xml/errors.xml
+++ b/data/xml/errors.xml
@ -27,7 +27,7 @@
        <error regexp="Npgsql\."/>
        <error regexp="PG::SyntaxError:"/>
        <error regexp="org\.postgresql\.util\.PSQLException"/>
-        <error regexp="ERROR:\s\ssyntax error at or near"/>
+        <error regexp="ERROR:\s+syntax error at or near"/>
        <error regexp="ERROR: parser: parse error at or near"/>
        <error regexp="PostgreSQL query failed"/>
        <error regexp="org\.postgresql\.jdbc"/>
@ -104,7 +104,7 @@

    <!-- Interbase/Firebird -->
    <dbms value="Firebird">
-        <error regexp="Dynamic SQL Error"/>
+        <error regexp="Dynamic SQL Error.{1,10}SQL error code"/>
        <error regexp="Warning.*?\Wibase_"/>
        <error regexp="org\.firebirdsql\.jdbc"/>
        <error regexp="Pdo[./_\\]Firebird"/>
@ -122,6 +122,7 @@
        <error regexp="org\.sqlite\.JDBC"/>
        <error regexp="Pdo[./_\\]Sqlite"/>
        <error regexp="SQLiteException"/>
+        <error regexp="SqliteError:"/>
    </dbms>

    <dbms value="SAP MaxDB">
@ -129,7 +130,7 @@
        <error regexp="Warning.*?\Wmaxdb_"/>
        <error regexp="DriverSapDB"/>
        <error regexp="-3014.*?Invalid end of SQL statement"/>
-        <error regexp="com\.sap\.dbtech\.jdbc"/>
+        <error regexp="com\.sap\.db(tech)?\.jdbc"/>
        <error regexp="\[-3008\].*?: Invalid keyword or missing delimiter"/>
    </dbms>

@ -164,7 +165,7 @@

    <dbms value="H2">
        <error regexp="org\.h2\.jdbc"/>
-        <error regexp="\[42000-192\]"/>
+        <error regexp="\[42000-\d+\]"/>
    </dbms>

    <dbms value="MonetDB">
@ -211,7 +212,7 @@
    </dbms>

    <dbms value="ClickHouse">
-        <error regexp="Code: \d+. DB::Exception:"/>
+        <error regexp="Code: \d+[., ]+DB::Exception:"/>
        <error regexp="Syntax error: failed at position \d+"/>
    </dbms>

--- a/doc/translations/README-bn-BD.md
+++ b/doc/translations/README-bn-BD.md
@ -0,0 +1,62 @@
+# sqlmap ![](https://i.imgur.com/fe85aVR.png)
+
+[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![X](https://img.shields.io/badge/x-@sqlmap-blue.svg)](https://x.com/sqlmap)
+
+**SQLMap** একটি ওপেন সোর্স পেনিট্রেশন টেস্টিং টুল যা স্বয়ংক্রিয়ভাবে SQL ইনজেকশন দুর্বলতা সনাক্ত ও শোষণ করতে এবং ডাটাবেস সার্ভার নিয়ন্ত্রণে নিতে সহায়তা করে। এটি একটি শক্তিশালী ডিটেকশন ইঞ্জিন, উন্নত ফিচার এবং পেনিট্রেশন টেস্টারদের জন্য দরকারি বিভিন্ন অপশন নিয়ে আসে। এর মাধ্যমে ডাটাবেস ফিঙ্গারপ্রিন্টিং, ডাটাবেস থেকে তথ্য আহরণ, ফাইল সিস্টেম অ্যাক্সেস, এবং অপারেটিং সিস্টেমে কমান্ড চালানোর মতো কাজ করা যায়, এমনকি আউট-অফ-ব্যান্ড সংযোগ ব্যবহার করেও।
+
+
+
+স্ক্রিনশট
+---
+
+![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)
+
+আপনি [Wiki-তে](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) গিয়ে SQLMap-এর বিভিন্ন ফিচারের ডেমোনস্ট্রেশন দেখতে পারেন।
+
+ইনস্টলেশন
+---
+সর্বশেষ টারবলে ডাউনলোড করুন [এখানে](https://github.com/sqlmapproject/sqlmap/tarball/master) অথবা সর্বশেষ জিপ ফাইল [এখানে](https://github.com/sqlmapproject/sqlmap/zipball/master)।
+
+অথবা, সরাসরি [Git](https://github.com/sqlmapproject/sqlmap) রিপোজিটরি থেকে ক্লোন করুন:
+
+```
+git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
+```
+
+SQLMap স্বয়ংক্রিয়ভাবে [Python](https://www.python.org/download/) **2.6**, **2.7** এবং **3.x** সংস্করণে যেকোনো প্ল্যাটফর্মে কাজ করে।
+
+
+
+ব্যবহারের নির্দেশিকা
+---
+
+বেসিক অপশন এবং সুইচসমূহ দেখতে ব্যবহার করুন:
+
+```
+python sqlmap.py -h
+```
+
+সমস্ত অপশন ও সুইচের তালিকা পেতে ব্যবহার করুন:
+
+```
+python sqlmap.py -hh
+```
+
+আপনি একটি নমুনা রান দেখতে পারেন [এখানে](https://asciinema.org/a/46601)।
+SQLMap-এর সম্পূর্ণ ফিচার, ক্ষমতা, এবং কনফিগারেশন সম্পর্কে বিস্তারিত জানতে [ব্যবহারকারীর ম্যানুয়াল](https://github.com/sqlmapproject/sqlmap/wiki/Usage) পড়ার পরামর্শ দেওয়া হচ্ছে।
+
+
+
+লিঙ্কসমূহ
+---
+
+* হোমপেজ: https://sqlmap.org
+* ডাউনলোড: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) অথবা [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
+* কমিটস RSS ফিড: https://github.com/sqlmapproject/sqlmap/commits/master.atom
+* ইস্যু ট্র্যাকার: https://github.com/sqlmapproject/sqlmap/issues
+* ব্যবহারকারীর ম্যানুয়াল: https://github.com/sqlmapproject/sqlmap/wiki
+* সচরাচর জিজ্ঞাসিত প্রশ্ন (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
+* X: [@sqlmap](https://x.com/sqlmap)
+* ডেমো ভিডিও: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos)
+* স্ক্রিনশট: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots
+
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@ -73,7 +73,7 @@ from lib.core.exception import SqlmapUserQuitException
 from lib.core.settings import BOUNDED_INJECTION_MARKER
 from lib.core.settings import CANDIDATE_SENTENCE_MIN_LENGTH
 from lib.core.settings import CHECK_INTERNET_ADDRESS
-from lib.core.settings import CHECK_INTERNET_VALUE
+from lib.core.settings import CHECK_INTERNET_CODE
 from lib.core.settings import DEFAULT_COOKIE_DELIMITER
 from lib.core.settings import DEFAULT_GET_POST_DELIMITER
 from lib.core.settings import DUMMY_NON_SQLI_CHECK_APPENDIX
@ -1586,8 +1586,7 @@ def checkConnection(suppressOutput=False):
    return True

 def checkInternet():
-    content = Request.getPage(url=CHECK_INTERNET_ADDRESS, checking=True)[0]
-    return CHECK_INTERNET_VALUE in (content or "")
+    return Request.getPage(url=CHECK_INTERNET_ADDRESS, checking=True)[2] == CHECK_INTERNET_CODE

 def setVerbosity():  # Cross-referenced function
    raise NotImplementedError
--- a/lib/core/bigarray.py
+++ b/lib/core/bigarray.py
@ -116,15 +116,16 @@ class BigArray(list):
            self.append(_)

    def pop(self):
-        if len(self.chunks[-1]) < 1:
-            self.chunks.pop()
-            try:
-                with open(self.chunks[-1], "rb") as f:
-                    self.chunks[-1] = pickle.loads(zlib.decompress(f.read()))
-            except IOError as ex:
-                errMsg = "exception occurred while retrieving data "
-                errMsg += "from a temporary file ('%s')" % ex
-                raise SqlmapSystemException(errMsg)
+        with self._lock:
+            if not self.chunks[-1] and len(self.chunks) > 1:
+                self.chunks.pop()
+                try:
+                    with open(self.chunks[-1], "rb") as f:
+                        self.chunks[-1] = pickle.loads(zlib.decompress(f.read()))
+                except IOError as ex:
+                    errMsg = "exception occurred while retrieving data "
+                    errMsg += "from a temporary file ('%s')" % ex
+                    raise SqlmapSystemException(errMsg)

        return self.chunks[-1].pop()

--- a/lib/core/datatype.py
+++ b/lib/core/datatype.py
@ -152,9 +152,10 @@ class LRUDict(object):
        return key in self.cache

    def __getitem__(self, key):
-        value = self.cache.pop(key)
-        self.cache[key] = value
-        return value
+        with self.__lock:
+            value = self.cache.pop(key)
+            self.cache[key] = value
+            return value

    def get(self, key):
        return self.__getitem__(key)
--- a/lib/core/decorators.py
+++ b/lib/core/decorators.py
@ -15,7 +15,6 @@ from lib.core.settings import UNICODE_ENCODING
 from lib.core.threads import getCurrentThreadData

 _cache = {}
-_cache_lock = threading.Lock()
 _method_locks = {}

 def cachedmethod(f):
@ -38,22 +37,27 @@ def cachedmethod(f):
    """

    _cache[f] = LRUDict(capacity=MAX_CACHE_ITEMS)
+    _method_locks[f] = threading.RLock()

    @functools.wraps(f)
    def _f(*args, **kwargs):
+        parts = (
+            f.__module__ + "." + f.__name__,
+            "|".join(repr(a) for a in args),
+            "|".join("%s=%r" % (k, kwargs[k]) for k in sorted(kwargs))
+        )
        try:
-            key = int(hashlib.md5("|".join(str(_) for _ in (f, args, kwargs)).encode(UNICODE_ENCODING)).hexdigest(), 16) & 0x7fffffffffffffff
+            key = int(hashlib.md5("|".join(parts).encode(UNICODE_ENCODING)).hexdigest(), 16) & 0x7fffffffffffffff
        except ValueError:  # https://github.com/sqlmapproject/sqlmap/issues/4281 (NOTE: non-standard Python behavior where hexdigest returns binary value)
            result = f(*args, **kwargs)
        else:
-            try:
-                with _cache_lock:
-                    result = _cache[f][key]
-            except KeyError:
-                result = f(*args, **kwargs)
-
-                with _cache_lock:
-                    _cache[f][key] = result
+            lock, cache = _method_locks[f], _cache[f]
+            with lock:
+                try:
+                    result = cache[key]
+                except KeyError:
+                    result = f(*args, **kwargs)
+                    cache[key] = result

        return result

@ -87,14 +91,12 @@ def stackedmethod(f):
    return _

 def lockedmethod(f):
+    lock = threading.RLock()
+
    @functools.wraps(f)
    def _(*args, **kwargs):
-        if f not in _method_locks:
-            _method_locks[f] = threading.RLock()
-
-        with _method_locks[f]:
+        with lock:
            result = f(*args, **kwargs)
-
        return result

    return _
--- a/lib/core/enums.py
+++ b/lib/core/enums.py
@ -192,11 +192,12 @@ class HASH(object):
    APACHE_SHA1 = r'\A\{SHA\}[a-zA-Z0-9+/]+={0,2}\Z'
    VBULLETIN = r'\A[0-9a-fA-F]{32}:.{30}\Z'
    VBULLETIN_OLD = r'\A[0-9a-fA-F]{32}:.{3}\Z'
+    OSCOMMERCE_OLD = r'\A[0-9a-fA-F]{32}:.{2}\Z'
    SSHA = r'\A\{SSHA\}[a-zA-Z0-9+/]+={0,2}\Z'
    SSHA256 = r'\A\{SSHA256\}[a-zA-Z0-9+/]+={0,2}\Z'
    SSHA512 = r'\A\{SSHA512\}[a-zA-Z0-9+/]+={0,2}\Z'
-    DJANGO_MD5 = r'\Amd5\$[^$]+\$[0-9a-f]{32}\Z'
-    DJANGO_SHA1 = r'\Asha1\$[^$]+\$[0-9a-f]{40}\Z'
+    DJANGO_MD5 = r'\Amd5\$[^$]*\$[0-9a-f]{32}\Z'
+    DJANGO_SHA1 = r'\Asha1\$[^$]*\$[0-9a-f]{40}\Z'
    MD5_BASE64 = r'\A[a-zA-Z0-9+/]{22}==\Z'
    SHA1_BASE64 = r'\A[a-zA-Z0-9+/]{27}=\Z'
    SHA256_BASE64 = r'\A[a-zA-Z0-9+/]{43}=\Z'
--- a/lib/core/option.py
+++ b/lib/core/option.py
@ -1657,6 +1657,8 @@ def _createTemporaryDirectory():
            errMsg += "temporary directory location ('%s')" % getSafeExString(ex)
            raise SqlmapSystemException(errMsg)

+    conf.tempDirs.append(tempfile.tempdir)
+
    if six.PY3:
        _pympTempLeakPatch(kb.tempDir)

@ -1982,6 +1984,8 @@ def _setConfAttributes():
    conf.dbmsHandler = None
    conf.dnsServer = None
    conf.dumpPath = None
+    conf.fileWriteType = None
+    conf.HARCollectorFactory = None
    conf.hashDB = None
    conf.hashDBFile = None
    conf.httpCollector = None
@ -1998,9 +2002,8 @@ def _setConfAttributes():
    conf.resultsFP = None
    conf.scheme = None
    conf.tests = []
+    conf.tempDirs = []
    conf.trafficFP = None
-    conf.HARCollectorFactory = None
-    conf.fileWriteType = None

 def _setKnowledgeBaseAttributes(flushAll=True):
    """
--- a/lib/core/patch.py
+++ b/lib/core/patch.py
@ -99,6 +99,15 @@ def dirtyPatches():
        else:
            os.urandom = lambda size: "".join(chr(random.randint(0, 255)) for _ in xrange(size))

+    # Reference: https://github.com/sqlmapproject/sqlmap/issues/5929
+    try:
+        global collections
+        if not hasattr(collections, "MutableSet"):
+            import collections.abc
+            collections.MutableSet = collections.abc.MutableSet
+    except ImportError:
+        pass
+
    # Reference: https://github.com/sqlmapproject/sqlmap/issues/5727
    # Reference: https://stackoverflow.com/a/14076841
    try:
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -19,7 +19,7 @@ from lib.core.enums import OS
 from thirdparty import six

 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.9.7.0"
+VERSION = "1.9.8.4"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
@ -64,18 +64,18 @@ UPPER_RATIO_BOUND = 0.98
 DUMMY_JUNK = "ahy9Ouge"

 # Markers for special cases when parameter values contain html encoded characters
-PARAMETER_AMP_MARKER = "__AMP__"
-PARAMETER_SEMICOLON_MARKER = "__SEMICOLON__"
-BOUNDARY_BACKSLASH_MARKER = "__BACKSLASH__"
-PARAMETER_PERCENTAGE_MARKER = "__PERCENTAGE__"
+PARAMETER_AMP_MARKER = "__PARAMETER_AMP__"
+PARAMETER_SEMICOLON_MARKER = "__PARAMETER_SEMICOLON__"
+BOUNDARY_BACKSLASH_MARKER = "__BOUNDARY_BACKSLASH__"
+PARAMETER_PERCENTAGE_MARKER = "__PARAMETER_PERCENTAGE__"
 PARTIAL_VALUE_MARKER = "__PARTIAL_VALUE__"
 PARTIAL_HEX_VALUE_MARKER = "__PARTIAL_HEX_VALUE__"
-URI_QUESTION_MARKER = "__QUESTION__"
+URI_QUESTION_MARKER = "__URI_QUESTION__"
 ASTERISK_MARKER = "__ASTERISK__"
 REPLACEMENT_MARKER = "__REPLACEMENT__"
 BOUNDED_BASE64_MARKER = "__BOUNDED_BASE64__"
 BOUNDED_INJECTION_MARKER = "__BOUNDED_INJECTION__"
-SAFE_VARIABLE_MARKER = "__SAFE__"
+SAFE_VARIABLE_MARKER = "__SAFE_VARIABLE__"
 SAFE_HEX_MARKER = "__SAFE_HEX__"
 DOLLAR_MARKER = "__DOLLAR__"

@ -97,13 +97,13 @@ SELECT_FROM_TABLE_REGEX = r"\bSELECT\b.+?\bFROM\s+(?P<result>([\w.]|`[^`<>]+`)+)
 TEXT_CONTENT_TYPE_REGEX = r"(?i)(text|form|message|xml|javascript|ecmascript|json)"

 # Regular expression used for recognition of generic permission messages
-PERMISSION_DENIED_REGEX = r"(?P<result>(command|permission|access)\s*(was|is)?\s*denied)"
+PERMISSION_DENIED_REGEX = r"\b(?P<result>(command|permission|access|user)\s*(was|is|has been)?\s*(denied|forbidden|unauthorized|rejected|not allowed))"

 # Regular expression used in recognition of generic protection mechanisms
 GENERIC_PROTECTION_REGEX = r"(?i)\b(rejected|blocked|protection|incident|denied|detected|dangerous|firewall)\b"

 # Regular expression used to detect errors in fuzz(y) UNION test
-FUZZ_UNION_ERROR_REGEX = r"(?i)data\s?type|comparable|compatible|conversion|converting|failed|error"
+FUZZ_UNION_ERROR_REGEX = r"(?i)data\s?type|mismatch|comparable|compatible|conversion|convert|failed|error|unexpected"

 # Upper threshold for starting the fuzz(y) UNION test
 FUZZ_UNION_MAX_COLUMNS = 10
@ -142,13 +142,13 @@ BING_REGEX = r'<h2><a href="([^"]+)" h='
 DUMMY_SEARCH_USER_AGENT = "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0"

 # Regular expression used for extracting content from "textual" tags
-TEXT_TAG_REGEX = r"(?si)<(abbr|acronym|b|blockquote|br|center|cite|code|dt|em|font|h\d|i|li|p|pre|q|strong|sub|sup|td|th|title|tt|u)(?!\w).*?>(?P<result>[^<]+)"
+TEXT_TAG_REGEX = r"(?si)<(abbr|acronym|b|blockquote|br|center|cite|code|dt|em|font|h[1-6]|i|li|p|pre|q|strong|sub|sup|td|th|title|tt|u)(?!\w).*?>(?P<result>[^<]+)"

 # Regular expression used for recognition of IP addresses
 IP_ADDRESS_REGEX = r"\b(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\b"

 # Regular expression used for recognition of generic "your ip has been blocked" messages
-BLOCKED_IP_REGEX = r"(?i)(\A|\b)ip\b.*\b(banned|blocked|block list|firewall)"
+BLOCKED_IP_REGEX = r"(?i)(\A|\b)ip\b.*\b(banned|blocked|block\s?list|firewall)"

 # Dumping characters used in GROUP_CONCAT MySQL technique
 CONCAT_ROW_DELIMITER = ','
@ -264,16 +264,16 @@ IS_WIN = PLATFORM == "nt"
 IS_TTY = hasattr(sys.stdout, "fileno") and os.isatty(sys.stdout.fileno())

 # DBMS system databases
-MSSQL_SYSTEM_DBS = ("Northwind", "master", "model", "msdb", "pubs", "tempdb", "Resource", "ReportServer", "ReportServerTempDB")
-MYSQL_SYSTEM_DBS = ("information_schema", "mysql", "performance_schema", "sys")
-PGSQL_SYSTEM_DBS = ("information_schema", "pg_catalog", "pg_toast", "pgagent")
+MSSQL_SYSTEM_DBS = ("Northwind", "master", "model", "msdb", "pubs", "tempdb", "Resource", "ReportServer", "ReportServerTempDB", "distribution", "mssqlsystemresource")
+MYSQL_SYSTEM_DBS = ("information_schema", "mysql", "performance_schema", "sys", "ndbinfo")
+PGSQL_SYSTEM_DBS = ("postgres", "template0", "template1", "information_schema", "pg_catalog", "pg_toast", "pgagent")
 ORACLE_SYSTEM_DBS = ("ADAMS", "ANONYMOUS", "APEX_030200", "APEX_PUBLIC_USER", "APPQOSSYS", "AURORA$ORB$UNAUTHENTICATED", "AWR_STAGE", "BI", "BLAKE", "CLARK", "CSMIG", "CTXSYS", "DBSNMP", "DEMO", "DIP", "DMSYS", "DSSYS", "EXFSYS", "FLOWS_%", "FLOWS_FILES", "HR", "IX", "JONES", "LBACSYS", "MDDATA", "MDSYS", "MGMT_VIEW", "OC", "OE", "OLAPSYS", "ORACLE_OCM", "ORDDATA", "ORDPLUGINS", "ORDSYS", "OUTLN", "OWBSYS", "PAPER", "PERFSTAT", "PM", "SCOTT", "SH", "SI_INFORMTN_SCHEMA", "SPATIAL_CSW_ADMIN_USR", "SPATIAL_WFS_ADMIN_USR", "SYS", "SYSMAN", "SYSTEM", "TRACESVR", "TSMSYS", "WK_TEST", "WKPROXY", "WKSYS", "WMSYS", "XDB", "XS$NULL")
 SQLITE_SYSTEM_DBS = ("sqlite_master", "sqlite_temp_master")
-ACCESS_SYSTEM_DBS = ("MSysAccessObjects", "MSysACEs", "MSysObjects", "MSysQueries", "MSysRelationships", "MSysAccessStorage", "MSysAccessXML", "MSysModules", "MSysModules2")
+ACCESS_SYSTEM_DBS = ("MSysAccessObjects", "MSysACEs", "MSysObjects", "MSysQueries", "MSysRelationships", "MSysAccessStorage", "MSysAccessXML", "MSysModules", "MSysModules2", "MSysNavPaneGroupCategories", "MSysNavPaneGroups", "MSysNavPaneGroupToObjects", "MSysNavPaneObjectIDs")
 FIREBIRD_SYSTEM_DBS = ("RDB$BACKUP_HISTORY", "RDB$CHARACTER_SETS", "RDB$CHECK_CONSTRAINTS", "RDB$COLLATIONS", "RDB$DATABASE", "RDB$DEPENDENCIES", "RDB$EXCEPTIONS", "RDB$FIELDS", "RDB$FIELD_DIMENSIONS", " RDB$FILES", "RDB$FILTERS", "RDB$FORMATS", "RDB$FUNCTIONS", "RDB$FUNCTION_ARGUMENTS", "RDB$GENERATORS", "RDB$INDEX_SEGMENTS", "RDB$INDICES", "RDB$LOG_FILES", "RDB$PAGES", "RDB$PROCEDURES", "RDB$PROCEDURE_PARAMETERS", "RDB$REF_CONSTRAINTS", "RDB$RELATIONS", "RDB$RELATION_CONSTRAINTS", "RDB$RELATION_FIELDS", "RDB$ROLES", "RDB$SECURITY_CLASSES", "RDB$TRANSACTIONS", "RDB$TRIGGERS", "RDB$TRIGGER_MESSAGES", "RDB$TYPES", "RDB$USER_PRIVILEGES", "RDB$VIEW_RELATIONS")
 MAXDB_SYSTEM_DBS = ("SYSINFO", "DOMAIN")
-SYBASE_SYSTEM_DBS = ("master", "model", "sybsystemdb", "sybsystemprocs")
-DB2_SYSTEM_DBS = ("NULLID", "SQLJ", "SYSCAT", "SYSFUN", "SYSIBM", "SYSIBMADM", "SYSIBMINTERNAL", "SYSIBMTS", "SYSPROC", "SYSPUBLIC", "SYSSTAT", "SYSTOOLS")
+SYBASE_SYSTEM_DBS = ("master", "model", "sybsystemdb", "sybsystemprocs", "tempdb")
+DB2_SYSTEM_DBS = ("NULLID", "SQLJ", "SYSCAT", "SYSFUN", "SYSIBM", "SYSIBMADM", "SYSIBMINTERNAL", "SYSIBMTS", "SYSPROC", "SYSPUBLIC", "SYSSTAT", "SYSTOOLS", "SYSDEBUG", "SYSINST")
 HSQLDB_SYSTEM_DBS = ("INFORMATION_SCHEMA", "SYSTEM_LOB")
 H2_SYSTEM_DBS = ("INFORMATION_SCHEMA",) + ("IGNITE", "ignite-sys-cache")
 INFORMIX_SYSTEM_DBS = ("sysmaster", "sysutils", "sysuser", "sysadmin")
@ -430,7 +430,7 @@ META_CHARSET_REGEX = r'(?si)<head>.*<meta[^>]+charset="?(?P<result>[^"> ]+).*</h
 META_REFRESH_REGEX = r'(?i)<meta http-equiv="?refresh"?[^>]+content="?[^">]+;\s*(url=)?["\']?(?P<result>[^\'">]+)'

 # Regular expression used for parsing Javascript redirect request
-JAVASCRIPT_HREF_REGEX = r'<script>\s*(\w+\.)?location\.href\s*=["\'](?P<result>[^"\']+)'
+JAVASCRIPT_HREF_REGEX = r'<script>\s*(\w+\.)?location\.href\s*=\s*["\'](?P<result>[^"\']+)'

 # Regular expression used for parsing empty fields in tested form data
 EMPTY_FORM_FIELDS_REGEX = r'(&|\A)(?P<result>[^=]+=)(?=&|\Z)'
@ -439,7 +439,7 @@ EMPTY_FORM_FIELDS_REGEX = r'(&|\A)(?P<result>[^=]+=)(?=&|\Z)'
 COMMON_PASSWORD_SUFFIXES = ("1", "123", "2", "12", "3", "13", "7", "11", "5", "22", "23", "01", "4", "07", "21", "14", "10", "06", "08", "8", "15", "69", "16", "6", "18")

 # Reference: http://www.the-interweb.com/serendipity/index.php?/archives/94-A-brief-analysis-of-40,000-leaked-MySpace-passwords.html
-COMMON_PASSWORD_SUFFIXES += ("!", ".", "*", "!!", "?", ";", "..", "!!!", ", ", "@")
+COMMON_PASSWORD_SUFFIXES += ("!", ".", "*", "!!", "?", ";", "..", "!!!", ",", "@")

 # Splitter used between requests in WebScarab log files
 WEBSCARAB_SPLITTER = "### Conversation"
@ -547,7 +547,7 @@ IGNORE_PARAMETERS = ("__VIEWSTATE", "__VIEWSTATEENCRYPTED", "__VIEWSTATEGENERATO
 ASP_NET_CONTROL_REGEX = r"(?i)\Actl\d+\$"

 # Regex for Google analytics cookie names
-GOOGLE_ANALYTICS_COOKIE_REGEX = r"(?i)\A(__utm|_ga|_gid|_gat|_gcl_au)"
+GOOGLE_ANALYTICS_COOKIE_REGEX = r"(?i)\A(_ga|_gid|_gat|_gcl_au|__utm[abcz])"

 # Prefix for configuration overriding environment variables
 SQLMAP_ENVIRONMENT_PREFIX = "SQLMAP_"
@ -613,7 +613,7 @@ DUMMY_SQL_INJECTION_CHARS = ";()'"
 DUMMY_USER_INJECTION = r"(?i)[^\w](AND|OR)\s+[^\s]+[=><]|\bUNION\b.+\bSELECT\b|\bSELECT\b.+\bFROM\b|\b(CONCAT|information_schema|SLEEP|DELAY|FLOOR\(RAND)\b"

 # Extensions skipped by crawler
-CRAWL_EXCLUDE_EXTENSIONS = ("3ds", "3g2", "3gp", "7z", "DS_Store", "a", "aac", "adp", "ai", "aif", "aiff", "apk", "ar", "asf", "au", "avi", "bak", "bin", "bk", "bmp", "btif", "bz2", "cab", "caf", "cgm", "cmx", "cpio", "cr2", "dat", "deb", "djvu", "dll", "dmg", "dmp", "dng", "doc", "docx", "dot", "dotx", "dra", "dsk", "dts", "dtshd", "dvb", "dwg", "dxf", "ear", "ecelp4800", "ecelp7470", "ecelp9600", "egg", "eol", "eot", "epub", "exe", "f4v", "fbs", "fh", "fla", "flac", "fli", "flv", "fpx", "fst", "fvt", "g3", "gif", "gz", "h261", "h263", "h264", "ico", "ief", "image", "img", "ipa", "iso", "jar", "jpeg", "jpg", "jpgv", "jpm", "jxr", "ktx", "lvp", "lz", "lzma", "lzo", "m3u", "m4a", "m4v", "mar", "mdi", "mid", "mj2", "mka", "mkv", "mmr", "mng", "mov", "movie", "mp3", "mp4", "mp4a", "mpeg", "mpg", "mpga", "mxu", "nef", "npx", "o", "oga", "ogg", "ogv", "otf", "pbm", "pcx", "pdf", "pea", "pgm", "pic", "png", "pnm", "ppm", "pps", "ppt", "pptx", "ps", "psd", "pya", "pyc", "pyo", "pyv", "qt", "rar", "ras", "raw", "rgb", "rip", "rlc", "rz", "s3m", "s7z", "scm", "scpt", "sgi", "shar", "sil", "smv", "so", "sub", "swf", "tar", "tbz2", "tga", "tgz", "tif", "tiff", "tlz", "ts", "ttf", "uvh", "uvi", "uvm", "uvp", "uvs", "uvu", "viv", "vob", "war", "wav", "wax", "wbmp", "wdp", "weba", "webm", "webp", "whl", "wm", "wma", "wmv", "wmx", "woff", "woff2", "wvx", "xbm", "xif", "xls", "xlsx", "xlt", "xm", "xpi", "xpm", "xwd", "xz", "z", "zip", "zipx")
+CRAWL_EXCLUDE_EXTENSIONS = frozenset(("3ds", "3g2", "3gp", "7z", "DS_Store", "a", "aac", "accdb", "access", "adp", "ai", "aif", "aiff", "apk", "ar", "asf", "au", "avi", "bak", "bin", "bin", "bk", "bkp", "bmp", "btif", "bz2", "c", "cab", "caf", "cfg", "cgm", "cmx", "com", "conf", "config", "cpio", "cpp", "cr2", "cue", "dat", "db", "dbf", "deb", "debug", "djvu", "dll", "dmg", "dmp", "dng", "doc", "docx", "dot", "dotx", "dra", "dsk", "dts", "dtshd", "dvb", "dwg", "dxf", "dylib", "ear", "ecelp4800", "ecelp7470", "ecelp9600", "egg", "elf", "env", "eol", "eot", "epub", "error", "exe", "f4v", "fbs", "fh", "fla", "flac", "fli", "flv", "fpx", "fst", "fvt", "g3", "gif", "go", "gz", "h", "h261", "h263", "h264", "ico", "ief", "img", "ini", "ipa", "iso", "jar", "java", "jpeg", "jpg", "jpgv", "jpm", "js", "jxr", "ktx", "lock", "log", "lvp", "lz", "lzma", "lzo", "m3u", "m4a", "m4v", "mar", "mdb", "mdi", "mid", "mj2", "mka", "mkv", "mmr", "mng", "mov", "movie", "mp3", "mp4", "mp4a", "mpeg", "mpg", "mpga", "msi", "mxu", "nef", "npx", "nrg", "o", "oga", "ogg", "ogv", "old", "otf", "ova", "ovf", "pbm", "pcx", "pdf", "pea", "pgm", "php", "pic", "pid", "pkg", "png", "pnm", "ppm", "pps", "ppt", "pptx", "ps", "psd", "py", "pya", "pyc", "pyo", "pyv", "qt", "rar", "ras", "raw", "rb", "rgb", "rip", "rlc", "rs", "run", "rz", "s3m", "s7z", "scm", "scpt", "service", "sgi", "shar", "sil", "smv", "so", "sock", "socket", "sqlite", "sqlitedb", "sub", "svc", "swf", "swo", "swp", "sys", "tar", "tbz2", "temp", "tga", "tgz", "tif", "tiff", "tlz", "tmp", "toast", "torrent", "ts", "ts", "ttf", "uvh", "uvi", "uvm", "uvp", "uvs", "uvu", "vbox", "vdi", "vhd", "vhdx", "viv", "vmdk", "vmx", "vob", "vxd", "war", "wav", "wax", "wbmp", "wdp", "weba", "webm", "webp", "whl", "wm", "wma", "wmv", "wmx", "woff", "woff2", "wvx", "xbm", "xif", "xls", "xlsx", "xlt", "xm", "xpi", "xpm", "xwd", "xz", "yaml", "yml", "z", "zip", "zipx"))

 # Patterns often seen in HTTP headers containing custom injection marking character '*'
 PROBLEMATIC_CUSTOM_INJECTION_PATTERNS = r"(;q=[^;']+)|(\*/\*)"
@ -634,10 +634,10 @@ LAST_UPDATE_NAGGING_DAYS = 180
 MIN_ERROR_PARSING_NON_WRITING_RATIO = 0.05

 # Generic address for checking the Internet connection while using switch --check-internet (Note: https version does not work for Python < 2.7.9)
-CHECK_INTERNET_ADDRESS = "http://ipinfo.io/json"
+CHECK_INTERNET_ADDRESS = "http://www.google.com/generate_204"

-# Value to look for in response to CHECK_INTERNET_ADDRESS
-CHECK_INTERNET_VALUE = '"ip":'
+# HTTP code to look in response to CHECK_INTERNET_ADDRESS
+CHECK_INTERNET_CODE = 204

 # Payload used for checking of existence of WAF/IPS (dummier the better)
 IPS_WAF_CHECK_PAYLOAD = "AND 1=1 UNION ALL SELECT 1,NULL,'<script>alert(\"XSS\")</script>',table_name FROM information_schema.tables WHERE 2>1--/**/; EXEC xp_cmdshell('cat ../../../etc/passwd')#"
@ -689,7 +689,7 @@ PARAMETER_SPLITTING_REGEX = r"[,|;]"
 UNENCODED_ORIGINAL_VALUE = "original"

 # Common column names containing usernames (used for hash cracking in some cases)
-COMMON_USER_COLUMNS = ("login", "user", "username", "user_name", "user_login", "account", "account_name", "benutzername", "benutzer", "utilisateur", "usager", "consommateur", "utente", "utilizzatore", "utilizator", "utilizador", "usufrutuario", "korisnik", "uporabnik", "usuario", "consumidor", "client", "customer", "cuser")
+COMMON_USER_COLUMNS = frozenset(("login", "user", "uname", "username", "user_name", "user_login", "account", "account_name", "auth_user", "benutzername", "benutzer", "utilisateur", "usager", "consommateur", "utente", "utilizzatore", "utilizator", "utilizador", "usufrutuario", "korisnik", "uporabnik", "usuario", "consumidor", "client", "customer", "cuser"))

 # Default delimiter in GET/POST values
 DEFAULT_GET_POST_DELIMITER = '&'
@ -893,7 +893,7 @@ ZIP_HEADER = b"\x50\x4b\x03\x04"
 NETSCAPE_FORMAT_HEADER_COOKIES = "# Netscape HTTP Cookie File."

 # Infixes used for automatic recognition of parameters carrying anti-CSRF tokens
-CSRF_TOKEN_PARAMETER_INFIXES = ("csrf", "xsrf", "token")
+CSRF_TOKEN_PARAMETER_INFIXES = ("csrf", "xsrf", "token", "nonce")

 # Prefixes used in brute force search for web server document root
 BRUTE_DOC_ROOT_PREFIXES = {
--- a/lib/core/threads.py
+++ b/lib/core/threads.py
@ -166,8 +166,7 @@ def runThreads(numThreads, threadFunction, cleanupFunction=None, forwardExceptio
                _threadFunction()
            except (SqlmapUserQuitException, SqlmapSkipTargetException):
                pass
-            finally:
-                return
+            return

        kb.multiThreadMode = True

--- a/lib/request/basic.py
+++ b/lib/request/basic.py
@ -402,7 +402,7 @@ def processResponse(page, responseHeaders, code=None, status=None):
                            kb.identifiedWafs.add(waf)
                            errMsg = "WAF/IPS identified as '%s'" % identYwaf.format_name(waf)
                            singleTimeLogMessage(errMsg, logging.CRITICAL)
-            except SystemError as ex:
+            except Exception as ex:
                singleTimeWarnMessage("internal error occurred in WAF/IPS detection ('%s')" % getSafeExString(ex))

    if kb.originalPage is None:
--- a/lib/request/comparison.py
+++ b/lib/request/comparison.py
@ -21,9 +21,7 @@ from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.exception import SqlmapNoneDataException
-from lib.core.exception import SqlmapSilentQuitException
 from lib.core.settings import DEFAULT_PAGE_ENCODING
-from lib.core.settings import DEV_EMAIL_ADDRESS
 from lib.core.settings import DIFF_TOLERANCE
 from lib.core.settings import HTML_TITLE_REGEX
 from lib.core.settings import LOWER_RATIO_BOUND
@ -37,14 +35,16 @@ from lib.core.threads import getCurrentThreadData
 from thirdparty import six

 def comparison(page, headers, code=None, getRatioValue=False, pageLength=None):
-    try:
-        _ = _adjust(_comparison(page, headers, code, getRatioValue, pageLength), getRatioValue)
-        return _
-    except:
-        warnMsg = "there was a KNOWN issue inside the internals regarding the difflib/comparison of pages. "
-        warnMsg += "Please report details privately via e-mail to '%s'" % DEV_EMAIL_ADDRESS
-        logger.critical(warnMsg)
-        raise SqlmapSilentQuitException
+    if not isinstance(page, (six.text_type, six.binary_type, type(None))):
+        logger.critical("got page of type %s; repr(page)[:200]=%s" % (type(page), repr(page)[:200]))
+
+        try:
+            page = b"".join(page)
+        except:
+            page = six.text_type(page)
+
+    _ = _adjust(_comparison(page, headers, code, getRatioValue, pageLength), getRatioValue)
+    return _

 def _adjust(condition, getRatioValue):
    if not any((conf.string, conf.notString, conf.regexp, conf.code)):
--- a/lib/takeover/abstraction.py
+++ b/lib/takeover/abstraction.py
@ -143,6 +143,8 @@ class Abstraction(Web, UDF, XP_cmdshell):
            try:
                command = _input("os-shell> ")
                command = getUnicode(command, encoding=sys.stdin.encoding)
+            except UnicodeDecodeError:
+                pass
            except KeyboardInterrupt:
                print()
                errMsg = "user aborted"
--- a/lib/utils/hash.py
+++ b/lib/utils/hash.py
@ -478,6 +478,16 @@ def vbulletin_passwd(password, salt, **kwargs):

    return "%s:%s" % (md5(binascii.hexlify(md5(getBytes(password)).digest()) + getBytes(salt)).hexdigest(), salt)

+def oscommerce_old_passwd(password, salt, **kwargs):
+    """
+    Reference: http://ryanuber.com/09-24-2010/os-commerce-password-hashing.html
+
+    >>> oscommerce_old_passwd(password='testpass', salt='6b')
+    '16d39816e4545b3179f86f2d2d549af4:6b'
+    """
+
+    return "%s:%s" % (md5(getBytes(salt) + getBytes(password)).hexdigest(), salt)
+
 def phpass_passwd(password, salt, count, prefix, **kwargs):
    """
    Reference(s):
@ -570,6 +580,7 @@ __functions__ = {
    HASH.APACHE_SHA1: apache_sha1_passwd,
    HASH.VBULLETIN: vbulletin_passwd,
    HASH.VBULLETIN_OLD: vbulletin_passwd,
+    HASH.OSCOMMERCE_OLD: oscommerce_old_passwd,
    HASH.SSHA: ssha_passwd,
    HASH.SSHA256: ssha256_passwd,
    HASH.SSHA512: ssha512_passwd,
@ -1055,7 +1066,7 @@ def dictionaryAttack(attack_dict):
                            item = [(user, hash_), {"salt": hash_[0:2]}]
                        elif hash_regex in (HASH.UNIX_MD5_CRYPT, HASH.APACHE_MD5_CRYPT):
                            item = [(user, hash_), {"salt": hash_.split('$')[2], "magic": "$%s$" % hash_.split('$')[1]}]
-                        elif hash_regex in (HASH.JOOMLA, HASH.VBULLETIN, HASH.VBULLETIN_OLD):
+                        elif hash_regex in (HASH.JOOMLA, HASH.VBULLETIN, HASH.VBULLETIN_OLD, HASH.OSCOMMERCE_OLD):
                            item = [(user, hash_), {"salt": hash_.split(':')[-1]}]
                        elif hash_regex in (HASH.DJANGO_MD5, HASH.DJANGO_SHA1):
                            item = [(user, hash_), {"salt": hash_.split('$')[1]}]
@ -1302,8 +1313,12 @@ def crackHashFile(hashFile):
    i = 0
    attack_dict = {}

+    check = None
    for line in getFileItems(conf.hashFile):
-        if ':' in line:
+        if check is None and not attack_dict and ':' in line:
+            check = any(re.search(_, line) for _ in getPublicTypeMembers(HASH, True))
+
+        if ':' in line and check is False:
            user, hash_ = line.split(':', 1)
            attack_dict[user] = [hash_]
        else:
--- a/plugins/dbms/mysql/connector.py
+++ b/plugins/dbms/mysql/connector.py
@ -12,6 +12,7 @@ except:

 import logging
 import struct
+import sys

 from lib.core.common import getSafeExString
 from lib.core.data import conf
@ -33,7 +34,7 @@ class Connector(GenericConnector):
        self.initConnection()

        try:
-            self.connector = pymysql.connect(host=self.hostname, user=self.user, passwd=self.password, db=self.db, port=self.port, connect_timeout=conf.timeout, use_unicode=True)
+            self.connector = pymysql.connect(host=self.hostname, user=self.user, passwd=self.password.encode(sys.stdin.encoding), db=self.db, port=self.port, connect_timeout=conf.timeout, use_unicode=True)
        except (pymysql.OperationalError, pymysql.InternalError, pymysql.ProgrammingError, struct.error) as ex:
            raise SqlmapConnectionException(getSafeExString(ex))

--- a/sqlmap.py
+++ b/sqlmap.py
@ -513,7 +513,7 @@ def main():
            logger.critical(errMsg)
            raise SystemExit

-        elif "'cryptography' package is required":
+        elif "'cryptography' package is required" in excMsg:
            errMsg = "third-party library 'cryptography' is required"
            logger.critical(errMsg)
            raise SystemExit
@ -548,7 +548,7 @@ def main():
        errMsg = maskSensitiveData(errMsg)
        excMsg = maskSensitiveData(excMsg)

-        if conf.get("api") or not valid or kb.lastCtrlCTime:
+        if conf.get("api") or not valid or kb.get("lastCtrlCTime"):
            logger.critical("%s\n%s" % (errMsg, excMsg))
        else:
            logger.critical(errMsg)
@ -567,17 +567,17 @@ def main():

        kb.threadException = True

-        if kb.get("tempDir"):
+        for tempDir in conf.get("tempDirs", []):
            for prefix in (MKSTEMP_PREFIX.IPC, MKSTEMP_PREFIX.TESTING, MKSTEMP_PREFIX.COOKIE_JAR, MKSTEMP_PREFIX.BIG_ARRAY):
-                for filepath in glob.glob(os.path.join(kb.tempDir, "%s*" % prefix)):
+                for filepath in glob.glob(os.path.join(tempDir, "%s*" % prefix)):
                    try:
                        os.remove(filepath)
                    except OSError:
                        pass

-            if not filterNone(filepath for filepath in glob.glob(os.path.join(kb.tempDir, '*')) if not any(filepath.endswith(_) for _ in (".lock", ".exe", ".so", '_'))):  # ignore junk files
+            if any((conf.vulnTest, conf.smokeTest)) or not filterNone(filepath for filepath in glob.glob(os.path.join(tempDir, '*')) if not any(filepath.endswith(_) for _ in (".lock", ".exe", ".so", '_'))):  # ignore junk files
                try:
-                    shutil.rmtree(kb.tempDir, ignore_errors=True)
+                    shutil.rmtree(tempDir, ignore_errors=True)
                except OSError:
                    pass

--- a/thirdparty/identywaf/identYwaf.py
+++ b/thirdparty/identywaf/identYwaf.py
@ -63,11 +63,11 @@ NAME = "identYwaf"
 VERSION = "1.0.131"
 BANNER = r"""
                                   ` __ __ `
- ____  ___      ___  ____   ______ `|  T  T` __    __   ____  _____ 
+ ____  ___      ___  ____   ______ `|  T  T` __    __   ____  _____
 l    j|   \    /  _]|    \ |      T`|  |  |`|  T__T  T /    T|   __|
 |  T |    \  /  [_ |  _  Yl_j  l_j`|  ~  |`|  |  |  |Y  o  ||  l_
 |  | |  D  YY    _]|  |  |  |  |  `|___  |`|  |  |  ||     ||   _|
- j  l |     ||   [_ |  |  |  |  |  `|     !` \      / |  |  ||  ] 
+ j  l |     ||   [_ |  |  |  |  |  `|     !` \      / |  |  ||  ]
 |____jl_____jl_____jl__j__j  l__j  `l____/ `  \_/\_/  l__j__jl__j  (%s)%s""".strip("\n") % (VERSION, "\n")

 RAW, TEXT, HTTPCODE, SERVER, TITLE, HTML, URL = xrange(7)
@ -338,7 +338,7 @@ def load_data():
    global WAF_RECOGNITION_REGEX

    if os.path.isfile(DATA_JSON_FILE):
-        with codecs.open(DATA_JSON_FILE, "rb", encoding="utf8") as f:
+        with open(DATA_JSON_FILE, "r") as f:
            DATA_JSON.update(json.load(f))

        WAF_RECOGNITION_REGEX = ""
@ -371,7 +371,7 @@ def init():
        if os.path.isfile(options.proxy_file):
            print(colorize("[o] loading proxy list..."))

-            with codecs.open(options.proxy_file, "rb", encoding="utf8") as f:
+            with open(options.proxy_file, "r") as f:
                proxies.extend(re.sub(r"\s.*", "", _.strip()) for _ in f.read().strip().split('\n') if _.startswith("http"))
                random.shuffle(proxies)
        else:
Author	SHA1	Message	Date
Miroslav Stampar	2ecb9c2aa7	Getting rid of the codecs.open (python3.14)	2025-08-11 17:10:31 +02:00
Miroslav Stampar	60049f2ce9	Minor update for python3.14	2025-08-11 16:56:12 +02:00
Miroslav Stampar	bfbb5528f3	Minor update	2025-08-11 12:26:11 +02:00
Miroslav Stampar	f5b84ffbb3	Minor update	2025-08-11 11:30:42 +02:00
Miroslav Stampar	c79b87cb6c	Fixes #5936	2025-08-05 14:57:58 +02:00
Miroslav Stampar	1e57a377ad	Potentially fixes #5934	2025-07-29 15:51:45 +02:00
Miroslav Stampar	26d0b3b23b	Implements support of old OsCommerce hashing	2025-07-26 15:17:55 +02:00
Miroslav Stampar	8241cf6ea1	Adding support for unsalted Django hashes	2025-07-26 13:53:34 +02:00
Miroslav Stampar	48d717d08f	Minor improvements	2025-07-26 13:26:03 +02:00
Miroslav Stampar	96650e1c15	Minor improvement	2025-07-26 12:27:36 +02:00
Miroslav Stampar	23b19aa1f3	Minor improvements	2025-07-26 12:21:02 +02:00
Miroslav Stampar	6890048041	Modifying the mechanism to check for --check-internet	2025-07-26 12:13:57 +02:00
Miroslav Stampar	bb546015f9	Commit related to the #5864	2025-07-25 13:19:46 +02:00
Sheikh Mohammad Hasan	6bf64bfa88	Create README-bn-BD.md (#5864 )	2025-07-25 13:14:55 +02:00
Miroslav Stampar	2ffaaca3d0	Fixes #5929	2025-07-13 23:54:17 +02:00
Miroslav Stampar	12594c2dc7	Nobody is reporting comparison bug, thus, changing behavior	2025-07-11 12:21:20 +02:00
Miroslav Stampar	52e83cdca1	Fixes #5924	2025-07-10 14:09:49 +02:00
Miroslav Stampar	c3c1f35b35	Fixes #5926	2025-07-10 13:57:10 +02:00
Miroslav Stampar	de10cff3e0	Fixes leakage of sqlmap temporary directories	2025-07-09 23:18:48 +02:00
Miroslav Stampar	da65936a3c	Minor refactoring	2025-07-09 22:07:24 +02:00
Miroslav Stampar	ea892f9d62	Minor refactoring	2025-07-09 20:53:58 +02:00