adding option --csv-del

stamparm · stamparm · commit 71c46f50aa4c · 2011-11-30T17:39:41.000Z
diff --git a/lib/core/common.py b/lib/core/common.py
@@ -79,7 +79,6 @@
 from lib.core.settings import INFERENCE_UNKNOWN_CHAR
 from lib.core.settings import UNICODE_ENCODING
 from lib.core.settings import DBMS_DICT
-from lib.core.settings import DEFAULT_CSV_DELIMITER
 from lib.core.settings import DESCRIPTION
 from lib.core.settings import DUMMY_SQL_INJECTION_CHARS
 from lib.core.settings import IS_WIN
@@ -2989,7 +2988,7 @@ def safeCSValue(value):
 
     if retVal and isinstance(retVal, basestring):
         if not (retVal[0] == retVal[-1] == '"'):
-            if any(map(lambda x: x in retVal, [DEFAULT_CSV_DELIMITER, '"', '\n'])):
+            if any(map(lambda x: x in retVal, [conf.csvDel, '"', '\n'])):
                 retVal = '"%s"' % retVal.replace('"', '""')
 
     return retVal
diff --git a/lib/core/defaults.py b/lib/core/defaults.py
@@ -10,6 +10,7 @@
 from lib.core.datatype import AttribDict
 
 _defaults =  {
+               "csvDel":       ",",
                "timeSec":      5,
                "googlePage":   1,
                "cpuThrottle":  5,
diff --git a/lib/core/dump.py b/lib/core/dump.py
@@ -24,7 +24,6 @@
 from lib.core.data import logger
 from lib.core.enums import DBMS
 from lib.core.replication import Replication
-from lib.core.settings import DEFAULT_CSV_DELIMITER
 from lib.core.settings import TRIM_STDOUT_DUMP_SIZE
 from lib.core.settings import UNICODE_ENCODING
 
@@ -398,7 +397,7 @@ def dbTableValues(self, tableValues):
                     if field == fields:
                         dataToDumpFile(dumpFP, "%s" % safeCSValue(column))
                     else:
-                        dataToDumpFile(dumpFP, "%s%s" % (safeCSValue(column), DEFAULT_CSV_DELIMITER))
+                        dataToDumpFile(dumpFP, "%s%s" % (safeCSValue(column), conf.csvDel))
 
                 field += 1
 
@@ -444,7 +443,7 @@ def dbTableValues(self, tableValues):
                         if field == fields:
                             dataToDumpFile(dumpFP, "%s" % safeCSValue(value))
                         else:
-                            dataToDumpFile(dumpFP, "%s%s" % (safeCSValue(value), DEFAULT_CSV_DELIMITER))
+                            dataToDumpFile(dumpFP, "%s%s" % (safeCSValue(value), conf.csvDel))
 
                     field += 1
 
diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py
@@ -161,7 +161,9 @@
                                "trafficFile":       "string",
                                "batch":             "boolean",
                                "charset":           "string",
+                               "checkTor":          "boolean",
                                "crawlDepth":        "integer",
+                               "csvDel":            "string",
                                "eta":               "boolean",
                                "flushSession":      "boolean",
                                "forms":             "boolean",
@@ -170,7 +172,6 @@
                                "replicate":         "boolean",
                                "updateAll":         "boolean",
                                "tor":               "boolean",
-                               "checkTor":          "boolean"
                              },
 
             "Miscellaneous": {
diff --git a/lib/core/settings.py b/lib/core/settings.py
@@ -413,9 +413,6 @@
 # Common column names containing usernames (used for hash cracking in some cases)
 COMMON_USER_COLUMNS = ('user', 'username', 'user_name', 'benutzername', 'benutzer', 'utilisateur', 'usager', 'consommateur', 'utente', 'utilizzatore', 'usufrutuario', 'korisnik', 'usuario', 'consumidor')
 
-# Default delimiter used in CSV file format
-DEFAULT_CSV_DELIMITER = ','
-
 # Default delimiter in GET/POST values
 DEFAULT_GET_POST_DELIMITER = '&'
 
diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
@@ -238,12 +238,12 @@ def cmdLineParser():
 
         techniques.add_option("--technique", dest="tech",
                               help="SQL injection techniques to test for "
-                                   "(default %s)" % defaults.tech)
+                                   "(default \"%s\")" % defaults.tech)
 
         techniques.add_option("--time-sec", dest="timeSec",
                               type="int",
                               help="Seconds to delay the DBMS response "
-                                   "(default %s)" % defaults.timeSec)
+                                   "(default %d)" % defaults.timeSec)
 
         techniques.add_option("--union-cols", dest="uCols",
                               help="Range of columns to test for UNION query SQL injection")
@@ -487,9 +487,17 @@ def cmdLineParser():
         general.add_option("--charset", dest="charset",
                             help="Force character encoding used for data retrieval")
 
+        general.add_option("--check-tor", dest="checkTor", 
+                                  action="store_true",
+                                  help="Check to see if Tor is used properly")
+
         general.add_option("--crawl", dest="crawlDepth", type="int",
                                   help="Crawl the website starting from the target url")
 
+        general.add_option("--csv-del", dest="csvDel",
+                                  help="Delimiting character used in CSV output "
+                                  "(default \"%s\")" % defaults.csvDel)
+
         general.add_option("--eta", dest="eta",
                             action="store_true",
                             help="Display for each output the "
@@ -523,10 +531,6 @@ def cmdLineParser():
                                   action="store_true",
                                   help="Use default Tor (Vidalia/Privoxy/Polipo) proxy address")
 
-        general.add_option("--check-tor", dest="checkTor", 
-                                  action="store_true",
-                                  help="Check to see if Tor is used properly")
-
         general.add_option("--update", dest="updateAll",
                             action="store_true",
                             help="Update sqlmap")
diff --git a/sqlmap.conf b/sqlmap.conf
@@ -533,11 +533,19 @@ batch = False
 # Force character encoding used for data retrieval.
 charset = 
 
+# Check to see if Tor is used properly
+# Valid: True or False
+checkTor = False
+
 # Crawl the website starting from the target url
 # Valid: integer
 # Default: 0
 crawlDepth = 0
 
+# Delimiting character used in CSV output.
+# Default: ,
+csvDel = ,
+
 # Retrieve each query output length and calculate the estimated time of
 # arrival in real time.
 # Valid: True or False
@@ -567,10 +575,6 @@ replicate = False
 # Valid: True or False
 tor = False
 
-# Check to see if Tor is used properly
-# Valid: True or False
-checkTor = False
-
 # Update sqlmap.
 # Valid: True or False
 updateAll = False
