Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 7054586

Browse files
stamparmstamparm
committed
Update for an Issue #565 (more work TBD - DuckDuckGo has some kind of IP blocking mechanism)
1 parent 24e6728 commit 7054586

2 files changed

Lines changed: 55 additions & 1 deletion

File tree

lib/core/settings.py

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -53,9 +53,12 @@
5353
# Regular expression used for recognition of generic maximum connection messages
5454
MAX_CONNECTIONS_REGEX = r"max.+connections"
5555

56-
# Regular expression used for extracting results from google search
56+
# Regular expression used for extracting results from Google search
5757
GOOGLE_REGEX = r"url\?\w+=((?![^>]+webcache\.googleusercontent\.com)http[^>]+)&(sa=U|rct=j)"
5858

59+
# Regular expression used for extracting results from DuckDuckGo search
60+
DUCKDUCKGO_REGEX = r'"u":"([^"]+)'
61+
5962
# Regular expression used for extracting content from "textual" tags
6063
TEXT_TAG_REGEX = r"(?si)<(abbr|acronym|b|blockquote|br|center|cite|code|dt|em|font|h\d|i|li|p|pre|q|strong|sub|sup|td|th|title|tt|u)(?!\w).*?>(?P<result>[^<]+)"
6164

lib/utils/google.py

Lines changed: 51 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,13 +13,16 @@
1313
import urllib2
1414

1515
from lib.core.common import getUnicode
16+
from lib.core.common import readInput
1617
from lib.core.common import urlencode
1718
from lib.core.data import conf
1819
from lib.core.data import logger
1920
from lib.core.enums import CUSTOM_LOGGING
21+
from lib.core.enums import HTTP_HEADER
2022
from lib.core.exception import SqlmapConnectionException
2123
from lib.core.exception import SqlmapGenericException
2224
from lib.core.settings import GOOGLE_REGEX
25+
from lib.core.settings import DUCKDUCKGO_REGEX
2326
from lib.core.settings import UNICODE_ENCODING
2427
from lib.request.basic import decodePage
2528

@@ -103,4 +106,52 @@ def search(self, dork):
103106
warnMsg += "used IP address disabling further searches"
104107
raise SqlmapGenericException(warnMsg)
105108

109+
if not retVal:
110+
message = "no usable links found. "
111+
message += "do you want to (re)try with DuckDuckGo? [Y/n] "
112+
output = readInput(message, default="Y")
113+
114+
if output.strip().lower() != 'n':
115+
url = "https://duckduckgo.com/d.js?"
116+
url += "q=%s&p=%d&s=100" % (urlencode(dork, convall=True), gpage)
117+
118+
if not conf.randomAgent:
119+
conf.opener.addheaders = [_ for _ in conf.opener.addheaders if _[0].lower() != HTTP_HEADER.USER_AGENT.lower()]
120+
conf.opener.addheaders.append((HTTP_HEADER.USER_AGENT, "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:24.0) Gecko/20100101 Firefox/24.0"))
121+
122+
try:
123+
conn = self.opener.open(url)
124+
125+
requestMsg = "HTTP request:\nGET %s" % url
126+
requestMsg += " %s" % httplib.HTTPConnection._http_vsn_str
127+
logger.log(CUSTOM_LOGGING.TRAFFIC_OUT, requestMsg)
128+
129+
page = conn.read()
130+
code = conn.code
131+
status = conn.msg
132+
responseHeaders = conn.info()
133+
page = decodePage(page, responseHeaders.get("Content-Encoding"), responseHeaders.get("Content-Type"))
134+
135+
responseMsg = "HTTP response (%s - %d):\n" % (status, code)
136+
137+
if conf.verbose <= 4:
138+
responseMsg += getUnicode(responseHeaders, UNICODE_ENCODING)
139+
elif conf.verbose > 4:
140+
responseMsg += "%s\n%s\n" % (responseHeaders, page)
141+
142+
logger.log(CUSTOM_LOGGING.TRAFFIC_IN, responseMsg)
143+
except urllib2.HTTPError, e:
144+
try:
145+
page = e.read()
146+
except socket.timeout:
147+
warnMsg = "connection timed out while trying "
148+
warnMsg += "to get error page information (%d)" % e.code
149+
logger.critical(warnMsg)
150+
return None
151+
except (urllib2.URLError, socket.error, socket.timeout):
152+
errMsg = "unable to connect to DuckDuckGo"
153+
raise SqlmapConnectionException(errMsg)
154+
155+
retVal = [urllib.unquote(match.group(1)) for match in re.finditer(DUCKDUCKGO_REGEX, page, re.I | re.S)]
156+
106157
return retVal

0 commit comments

Comments
 (0)