Implements #1215

stamparm · stamparm · commit 1e7f2d6da2bf · 2015-04-06T22:07:22.000+02:00
diff --git a/lib/core/option.py b/lib/core/option.py
@@ -2234,6 +2234,13 @@ def _basicOptionValidation():
             errMsg = "invalid regular expression '%s' ('%s')" % (conf.regexp, ex)
             raise SqlmapSyntaxException(errMsg)
 
+    if conf.crawlExclude:
+        try:
+            re.compile(conf.crawlExclude)
+        except re.error, ex:
+            errMsg = "invalid regular expression '%s' ('%s')" % (conf.crawlExclude, ex)
+            raise SqlmapSyntaxException(errMsg)
+
     if conf.dumpTable and conf.dumpAll:
         errMsg = "switch '--dump' is incompatible with switch '--dump-all'"
         raise SqlmapSyntaxException(errMsg)
@@ -2250,6 +2257,10 @@ def _basicOptionValidation():
         errMsg = "switch '--forms' requires usage of option '-u' ('--url'), '-g', '-m' or '-x'"
         raise SqlmapSyntaxException(errMsg)
 
+    if conf.crawlExclude and not conf.crawlDepth:
+        errMsg = "option '--crawl-exclude' requires usage of switch '--crawl'"
+        raise SqlmapSyntaxException(errMsg)
+
     if conf.csrfUrl and not conf.csrfToken:
         errMsg = "option '--csrf-url' requires usage of option '--csrf-token'"
         raise SqlmapSyntaxException(errMsg)
diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py
@@ -188,6 +188,7 @@
                                "batch":             "boolean",
                                "charset":           "string",
                                "crawlDepth":        "integer",
+                               "crawlExclude":      "string",
                                "csvDel":            "string",
                                "dumpFormat":        "string",
                                "eta":               "boolean",
diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
@@ -606,7 +606,10 @@ def cmdLineParser():
                             help="Force character encoding used for data retrieval")
 
         general.add_option("--crawl", dest="crawlDepth", type="int",
-                                  help="Crawl the website starting from the target URL")
+                            help="Crawl the website starting from the target URL")
+
+        general.add_option("--crawl-exclude", dest="crawlExclude",
+                           help="Regexp to exclude pages from crawling (e.g. \"logout\")")
 
         general.add_option("--csv-del", dest="csvDel",
                                   help="Delimiting character used in CSV output "
diff --git a/lib/utils/crawler.py b/lib/utils/crawler.py
@@ -48,6 +48,10 @@ def crawlThread():
                         current = threadData.shared.unprocessed.pop()
                         if current in visited:
                             continue
+                        elif conf.crawlExclude and re.search(conf.crawlExclude, current):
+                            dbgMsg = "skipping '%s'" % current
+                            logger.debug(dbgMsg)
+                            continue
                         else:
                             visited.add(current)
                     else:
diff --git a/sqlmap.conf b/sqlmap.conf
@@ -647,6 +647,9 @@ charset =
 # Default: 0
 crawlDepth = 0
 
+# Regexp to exclude pages from crawling (e.g. "logout").
+crawlExclude =
+
 # Delimiting character used in CSV output.
 # Default: ,
 csvDel = ,
