|
1 | 1 | # Version 1.0 (upcoming) |
2 | 2 |
|
3 | | -* Implemented support for automatic decoding of page content through detected charset (Miroslav) |
4 | | -* Implemented mechanism for proper data dumping on DBMSes not supporting LIMIT/OFFSET like mechanism(s) (e.g. Microsoft SQL Server, Sybase, etc.) (Miroslav) |
5 | | -* Major improvements to program stabilization based on user reports (Miroslav) |
6 | | -* Added new tampering scripts avoiding popular WAF/IPS/IDS mechanisms (Miroslav) |
7 | | -* Added support for setting Tor proxy type together with port (Miroslav) |
8 | | -* Fixed major bug with DNS leaking in Tor mode (Miroslav) |
9 | | -* Added wordlist compilation made of the most popular cracking dictionaries (Miroslav) |
10 | | -* Added support for mnemonics substantially helping user with program setup (Miroslav) |
11 | | -* Implemented multi-processor hash cracking routine(s) on Linux OS (Miroslav) |
12 | | -* Implemented advanced detection techniques for inband and time-based injections by usage of standard deviation method (Miroslav) |
13 | | -* Old resume files are now deprecated and replaced by faster SQLite based session mechanism (Miroslav) |
14 | | -* Substantial code optimization and smaller memory footprint (Miroslav) |
15 | | -* Added switch -m for scanning multiple targets enlisted in a given textual file (Miroslav) |
16 | | -* Added switch --randomize for randomly changing value of a given parameter(s) based on it's original form (Miroslav) |
17 | | -* Added switch --force-ssl for forcing usage of SSL/HTTPS requests (Miroslav) |
18 | | -* Added switch --host for manually setting HTTP Host header value (Miroslav) |
19 | | -* Added switch --eval for evaluating provided Python code (with resulting parameter values) right before the request itself (Miroslav) |
20 | | -* Added switch --skip for skipping tests for given parameter(s) (Miroslav) |
21 | | -* Added switch --titles for comparing pages based only on their titles (Miroslav) |
22 | | -* Added switch --charset for forcing character encoding used for data retrieval (Miroslav) |
23 | | -* Added switch --check-tor for checking if Tor is used properly (Miroslav) |
24 | | -* Added switch --crawl for multithreaded crawling of a given website starting from the target url (Miroslav) |
25 | | -* Added switch --csv-del for manually setting delimiting character used in CSV output (Miroslav) |
26 | | -* Added switch --hex for using DBMS hex conversion function(s) for data retrieval (Miroslav) |
27 | | -* Added switch --smart for conducting through tests only in case of positive heuristic(s) (Miroslav) |
28 | | -* Added switch --check-waf for checking of existence of WAF/IPS/IDS protection (Miroslav) |
29 | | -* Added --schema switch to enumerate DBMS schema: shows all columns of all databases' tables (Bernardo) |
30 | | -* Added --count switch to count the number of entries for a specific table or all database(s) tables (Bernardo) |
31 | | -* Major improvements to --tables and --columns switches (Bernardo) |
32 | | -* Takeover switch --os-pwn improved: stealthier, faster and AV-proof (Bernardo) |
33 | | -* Added --mobile switch to imitate a mobile device through HTTP User-Agent header (Miroslav) |
| 3 | +* Implemented support for automatic decoding of page content through detected charset |
| 4 | +* Implemented mechanism for proper data dumping on DBMSes not supporting LIMIT/OFFSET like mechanism(s) (e.g. Microsoft SQL Server, Sybase, etc.) |
| 5 | +* Major improvements to program stabilization based on user reports |
| 6 | +* Added new tampering scripts avoiding popular WAF/IPS/IDS mechanisms |
| 7 | +* Added support for setting Tor proxy type together with port |
| 8 | +* Fixed major bug with DNS leaking in Tor mode |
| 9 | +* Added wordlist compilation made of the most popular cracking dictionaries |
| 10 | +* Added support for mnemonics substantially helping user with program setup |
| 11 | +* Implemented multi-processor hash cracking routine(s) on Linux OS |
| 12 | +* Implemented advanced detection techniques for inband and time-based injections by usage of standard deviation method |
| 13 | +* Old resume files are now deprecated and replaced by faster SQLite based session mechanism |
| 14 | +* Substantial code optimization and smaller memory footprint |
| 15 | +* Added switch -m for scanning multiple targets enlisted in a given textual file |
| 16 | +* Added switch --randomize for randomly changing value of a given parameter(s) based on it's original form |
| 17 | +* Added switch --force-ssl for forcing usage of SSL/HTTPS requests |
| 18 | +* Added switch --host for manually setting HTTP Host header value |
| 19 | +* Added switch --eval for evaluating provided Python code (with resulting parameter values) right before the request itself |
| 20 | +* Added switch --skip for skipping tests for given parameter(s) |
| 21 | +* Added switch --titles for comparing pages based only on their titles |
| 22 | +* Added switch --charset for forcing character encoding used for data retrieval |
| 23 | +* Added switch --check-tor for checking if Tor is used properly |
| 24 | +* Added switch --crawl for multithreaded crawling of a given website starting from the target url |
| 25 | +* Added switch --csv-del for manually setting delimiting character used in CSV output |
| 26 | +* Added switch --hex for using DBMS hex conversion function(s) for data retrieval |
| 27 | +* Added switch --smart for conducting through tests only in case of positive heuristic(s) |
| 28 | +* Added switch --check-waf for checking of existence of WAF/IPS/IDS protection |
| 29 | +* Added --schema switch to enumerate DBMS schema: shows all columns of all databases' tables |
| 30 | +* Added --count switch to count the number of entries for a specific table or all database(s) tables |
| 31 | +* Major improvements to --tables and --columns switches |
| 32 | +* Takeover switch --os-pwn improved: stealthier, faster and AV-proof |
| 33 | +* Added --mobile switch to imitate a mobile device through HTTP User-Agent header |
34 | 34 |
|
35 | 35 | # Version 0.9 (2011-04-10) |
36 | 36 |
|
37 | | -* Rewritten SQL injection detection engine (Bernardo and Miroslav). |
38 | | -* Support to directly connect to the database without passing via a SQL injection, -d switch (Bernardo and Miroslav). |
39 | | -* Added full support for both time-based blind SQL injection and error-based SQL injection techniques (Bernardo and Miroslav). |
40 | | -* Implemented support for SQLite 2 and 3 (Bernardo and Miroslav). |
41 | | -* Implemented support for Firebird (Bernardo and Miroslav). |
42 | | -* Implemented support for Microsoft Access, Sybase and SAP MaxDB (Miroslav). |
43 | | -* Extended old '--dump -C' functionality to be able to search for specific database(s), table(s) and column(s), --search switch (Bernardo). |
44 | | -* Added support to tamper injection data with --tamper switch (Bernardo and Miroslav). |
45 | | -* Added automatic recognition of password hashes format and support to crack them with a dictionary-based attack (Miroslav). |
46 | | -* Added support to enumerate roles on Oracle, --roles switch (Bernardo). |
47 | | -* Added support for SOAP based web services requests (Bernardo). |
48 | | -* Added support to fetch unicode data (Bernardo and Miroslav). |
49 | | -* Added support to use persistent HTTP(s) connection for speed improvement, --keep-alive switch (Miroslav). |
50 | | -* Implemented several optimization switches to speed up the exploitation of SQL injections (Bernardo and Miroslav). |
51 | | -* Support to test and inject against HTTP Referer header (Miroslav). |
52 | | -* Implemented HTTP(s) proxy authentication support, --proxy-cred switch (Miroslav). |
53 | | -* Implemented feature to speedup the enumeration of table names (Miroslav). |
54 | | -* Support for customizable HTTP(s) redirections (Bernardo). |
55 | | -* Support to replicate the back-end DBMS tables structure and entries in a local SQLite 3 database, --replicate switch (Miroslav). |
56 | | -* Support to parse and test forms on target url, --forms switch (Bernardo and Miroslav). |
57 | | -* Added switches to brute-force tables names and columns names with a dictionary attack, --common-tables and --common-columns. Useful for instance when system table 'information_schema' is not available on MySQL (Miroslav). |
58 | | -* Basic support for REST-style URL parameters by using the asterisk (*) to mark where to test for and exploit SQL injection (Miroslav). |
59 | | -* Added safe URL feature, --safe-url and --safe-freq (Miroslav). |
60 | | -* Added --text-only switch to strip from the HTTP response body the HTML/JS code and compare pages based only on their textual content (Miroslav). |
61 | | -* Implemented few other features and switches (Bernardo and Miroslav). |
62 | | -* Over 100 bugs fixed (Bernardo and Miroslav). |
63 | | -* Major code refactoring (Bernardo and Miroslav). |
64 | | -* User's manual updated (Bernardo). |
| 37 | +* Rewritten SQL injection detection engine. |
| 38 | +* Support to directly connect to the database without passing via a SQL injection, -d switch. |
| 39 | +* Added full support for both time-based blind SQL injection and error-based SQL injection techniques. |
| 40 | +* Implemented support for SQLite 2 and 3. |
| 41 | +* Implemented support for Firebird. |
| 42 | +* Implemented support for Microsoft Access, Sybase and SAP MaxDB. |
| 43 | +* Extended old '--dump -C' functionality to be able to search for specific database(s), table(s) and column(s), --search switch. |
| 44 | +* Added support to tamper injection data with --tamper switch. |
| 45 | +* Added automatic recognition of password hashes format and support to crack them with a dictionary-based attack. |
| 46 | +* Added support to enumerate roles on Oracle, --roles switch. |
| 47 | +* Added support for SOAP based web services requests. |
| 48 | +* Added support to fetch unicode data. |
| 49 | +* Added support to use persistent HTTP(s) connection for speed improvement, --keep-alive switch. |
| 50 | +* Implemented several optimization switches to speed up the exploitation of SQL injections. |
| 51 | +* Support to test and inject against HTTP Referer header. |
| 52 | +* Implemented HTTP(s) proxy authentication support, --proxy-cred switch. |
| 53 | +* Implemented feature to speedup the enumeration of table names. |
| 54 | +* Support for customizable HTTP(s) redirections. |
| 55 | +* Support to replicate the back-end DBMS tables structure and entries in a local SQLite 3 database, --replicate switch. |
| 56 | +* Support to parse and test forms on target url, --forms switch. |
| 57 | +* Added switches to brute-force tables names and columns names with a dictionary attack, --common-tables and --common-columns. Useful for instance when system table 'information_schema' is not available on MySQL. |
| 58 | +* Basic support for REST-style URL parameters by using the asterisk (*) to mark where to test for and exploit SQL injection. |
| 59 | +* Added safe URL feature, --safe-url and --safe-freq. |
| 60 | +* Added --text-only switch to strip from the HTTP response body the HTML/JS code and compare pages based only on their textual content. |
| 61 | +* Implemented few other features and switches. |
| 62 | +* Over 100 bugs fixed. |
| 63 | +* Major code refactoring. |
| 64 | +* User's manual updated. |
65 | 65 |
|
66 | 66 | # Version 0.8 (2010-03-14) |
67 | 67 |
|
68 | | -* Support to enumerate and dump all databases' tables containing user provided column(s) by specifying for instance '--dump -C user,pass'. Useful to identify for instance tables containing custom application credentials (Bernardo). |
69 | | -* Support to parse -C (column name(s)) when fetching columns of a table with --columns: it will enumerate only columns like the provided one(s) within the specified table (Bernardo). |
70 | | -* Support for takeover features on PostgreSQL 8.4 (Bernardo). |
71 | | -* Enhanced --priv-esc to rely on new Metasploit Meterpreter's 'getsystem' command to elevate privileges of the user running the back-end DBMS instance to SYSTEM on Windows (Bernardo). |
72 | | -* Automatic support in --os-pwn to use the web uploader/backdoor to upload and execute the Metasploit payload stager when stacked queries SQL injection is not supported, for instance on MySQL/PHP and MySQL/ASP, but there is a writable folder within the web server document root (Bernardo and Miroslav). |
73 | | -* Fixed web backdoor functionality for --os-cmd, --os-shell and --os-pwn useful when web application does not support stacked queries (Bernardo). |
74 | | -* Added support to properly read (--read-file) also binary files via PostgreSQL by injecting sqlmap new sys_fileread() user-defined function (Bernardo and Miroslav). |
75 | | -* Updated active fingerprint and comment injection fingerprint for MySQL 5.1, MySQL 5.4 and MySQL 5.5 (Bernardo). |
76 | | -* Updated active fingerprint for PostgreSQL 8.4 (Bernardo). |
77 | | -* Support for NTLM authentication via python-ntlm third party library, http://code.google.com/p/python-ntlm/, --auth-type NTLM (Bernardo). |
78 | | -* Support to automatically decode deflate, gzip and x-gzip HTTP responses (Miroslav). |
79 | | -* Support for Certificate authentication, --auth-cert option added (Miroslav). |
80 | | -* Added support for regular expression based scope when parsing Burp or Web Scarab proxy log file (-l), --scope (Miroslav). |
81 | | -* Added option (-r) to load a single HTTP request from a text file (Miroslav). |
82 | | -* Added option (--ignore-proxy) to ignore system default HTTP proxy (Miroslav). |
83 | | -* Added support to ignore Set-Cookie in HTTP responses, --drop-set-cookie (Miroslav). |
84 | | -* Added support to specify which Google dork result page to parse, --gpage to be used together with -g (Miroslav). |
85 | | -* Major bug fix and enhancements to the multi-threading (--threads) functionality (Miroslav). |
86 | | -* Fixed URL encoding/decoding of GET/POST parameters and Cookie header (Miroslav). |
87 | | -* Refactored --update to use python-svn third party library if available or 'svn' command to update sqlmap to the latest development version from subversion repository (Bernardo and Miroslav). |
88 | | -* Major bugs fixed (Bernardo and Miroslav). |
89 | | -* Cleanup of UDF source code repository, https://svn.sqlmap.org/sqlmap/trunk/sqlmap/extra/udfhack (Bernardo and Miroslav). |
90 | | -* Major code cleanup (Miroslav). |
91 | | -* Added simple file encryption/compression utility, extra/cloak/cloak.py, used by sqlmap to decrypt on the fly Churrasco, UPX executable and web shells consequently reducing drastically the number of anti-virus softwares that mistakenly mark sqlmap as a malware (Miroslav). |
92 | | -* Updated user's manual (Bernardo and Miroslav). |
93 | | -* Created several demo videos, hosted on YouTube (http://www.youtube.com/user/inquisb) and linked from http://www.sqlmap.org/demo.html (Bernardo). |
| 68 | +* Support to enumerate and dump all databases' tables containing user provided column(s) by specifying for instance '--dump -C user,pass'. Useful to identify for instance tables containing custom application credentials. |
| 69 | +* Support to parse -C (column name(s)) when fetching columns of a table with --columns: it will enumerate only columns like the provided one(s) within the specified table. |
| 70 | +* Support for takeover features on PostgreSQL 8.4. |
| 71 | +* Enhanced --priv-esc to rely on new Metasploit Meterpreter's 'getsystem' command to elevate privileges of the user running the back-end DBMS instance to SYSTEM on Windows. |
| 72 | +* Automatic support in --os-pwn to use the web uploader/backdoor to upload and execute the Metasploit payload stager when stacked queries SQL injection is not supported, for instance on MySQL/PHP and MySQL/ASP, but there is a writable folder within the web server document root. |
| 73 | +* Fixed web backdoor functionality for --os-cmd, --os-shell and --os-pwn useful when web application does not support stacked queries. |
| 74 | +* Added support to properly read (--read-file) also binary files via PostgreSQL by injecting sqlmap new sys_fileread() user-defined function. |
| 75 | +* Updated active fingerprint and comment injection fingerprint for MySQL 5.1, MySQL 5.4 and MySQL 5.5. |
| 76 | +* Updated active fingerprint for PostgreSQL 8.4. |
| 77 | +* Support for NTLM authentication via python-ntlm third party library, http://code.google.com/p/python-ntlm/, --auth-type NTLM. |
| 78 | +* Support to automatically decode deflate, gzip and x-gzip HTTP responses. |
| 79 | +* Support for Certificate authentication, --auth-cert option added. |
| 80 | +* Added support for regular expression based scope when parsing Burp or Web Scarab proxy log file (-l), --scope. |
| 81 | +* Added option (-r) to load a single HTTP request from a text file. |
| 82 | +* Added option (--ignore-proxy) to ignore system default HTTP proxy. |
| 83 | +* Added support to ignore Set-Cookie in HTTP responses, --drop-set-cookie. |
| 84 | +* Added support to specify which Google dork result page to parse, --gpage to be used together with -g. |
| 85 | +* Major bug fix and enhancements to the multi-threading (--threads) functionality. |
| 86 | +* Fixed URL encoding/decoding of GET/POST parameters and Cookie header. |
| 87 | +* Refactored --update to use python-svn third party library if available or 'svn' command to update sqlmap to the latest development version from subversion repository. |
| 88 | +* Major bugs fixed. |
| 89 | +* Cleanup of UDF source code repository, https://svn.sqlmap.org/sqlmap/trunk/sqlmap/extra/udfhack. |
| 90 | +* Major code cleanup. |
| 91 | +* Added simple file encryption/compression utility, extra/cloak/cloak.py, used by sqlmap to decrypt on the fly Churrasco, UPX executable and web shells consequently reducing drastically the number of anti-virus softwares that mistakenly mark sqlmap as a malware. |
| 92 | +* Updated user's manual. |
| 93 | +* Created several demo videos, hosted on YouTube (http://www.youtube.com/user/inquisb) and linked from http://www.sqlmap.org/demo.html. |
94 | 94 |
|
95 | 95 | # Version 0.8 release candidate (2009-09-21) |
96 | 96 |
|
|
0 commit comments