|
1 | 1 | # Version 1.0 (upcoming) |
2 | 2 |
|
3 | 3 | * Implemented support for automatic decoding of page content through detected charset. |
4 | | -* Implemented mechanism for proper data dumping on DBMSes not supporting ```LIMIT/OFFSET``` like mechanism(s) (e.g. Microsoft SQL Server, Sybase, etc.). |
| 4 | +* Implemented mechanism for proper data dumping on DBMSes not supporting `LIMIT/OFFSET` like mechanism(s) (e.g. Microsoft SQL Server, Sybase, etc.). |
5 | 5 | * Major improvements to program stabilization based on user reports. |
6 | 6 | * Added new tampering scripts avoiding popular WAF/IPS/IDS mechanisms. |
7 | 7 | * Added support for setting Tor proxy type together with port. |
|
12 | 12 | * Implemented advanced detection techniques for inband and time-based injections by usage of standard deviation method. |
13 | 13 | * Old resume files are now deprecated and replaced by faster SQLite based session mechanism. |
14 | 14 | * Substantial code optimization and smaller memory footprint. |
15 | | -* Added option ```-m``` for scanning multiple targets enlisted in a given textual file. |
16 | | -* Added option ```--randomize``` for randomly changing value of a given parameter(s) based on it's original form. |
17 | | -* Added switch ```--force-ssl``` for forcing usage of SSL/HTTPS requests. |
18 | | -* Added option ```--host``` for manually setting HTTP Host header value. |
19 | | -* Added option ```--eval``` for evaluating provided Python code (with resulting parameter values) right before the request itself. |
20 | | -* Added option ```--skip``` for skipping tests for given parameter(s). |
21 | | -* Added switch ```--titles``` for comparing pages based only on their titles. |
22 | | -* Added option ```--charset``` for forcing character encoding used for data retrieval. |
23 | | -* Added switch ```--check-tor``` for checking if Tor is used properly. |
24 | | -* Added option ```--crawl``` for multithreaded crawling of a given website starting from the target url. |
25 | | -* Added option ```--csv-del``` for manually setting delimiting character used in CSV output. |
26 | | -* Added switch ```--hex``` for using DBMS hex conversion function(s) for data retrieval. |
27 | | -* Added switch ```--smart``` for conducting through tests only in case of positive heuristic(s). |
28 | | -* Added switch ```--check-waf``` for checking of existence of WAF/IPS/IDS protection. |
29 | | -* Added switch ```--schema``` to enumerate DBMS schema: shows all columns of all databases' tables. |
30 | | -* Added switch ```--count``` to count the number of entries for a specific table or all database(s) tables. |
| 15 | +* Added option `-m` for scanning multiple targets enlisted in a given textual file. |
| 16 | +* Added option `--randomize` for randomly changing value of a given parameter(s) based on it's original form. |
| 17 | +* Added switch `--force-ssl` for forcing usage of SSL/HTTPS requests. |
| 18 | +* Added option `--host` for manually setting HTTP Host header value. |
| 19 | +* Added option `--eval` for evaluating provided Python code (with resulting parameter values) right before the request itself. |
| 20 | +* Added option `--skip` for skipping tests for given parameter(s). |
| 21 | +* Added switch `--titles` for comparing pages based only on their titles. |
| 22 | +* Added option `--charset` for forcing character encoding used for data retrieval. |
| 23 | +* Added switch `--check-tor` for checking if Tor is used properly. |
| 24 | +* Added option `--crawl` for multithreaded crawling of a given website starting from the target url. |
| 25 | +* Added option `--csv-del` for manually setting delimiting character used in CSV output. |
| 26 | +* Added switch `--hex` for using DBMS hex conversion function(s) for data retrieval. |
| 27 | +* Added switch `--smart` for conducting through tests only in case of positive heuristic(s). |
| 28 | +* Added switch `--check-waf` for checking of existence of WAF/IPS/IDS protection. |
| 29 | +* Added switch `--schema` to enumerate DBMS schema: shows all columns of all databases' tables. |
| 30 | +* Added switch `--count` to count the number of entries for a specific table or all database(s) tables. |
31 | 31 | * Major improvements to switches --tables and --columns. |
32 | 32 | * Takeover switch --os-pwn improved: stealthier, faster and AV-proof. |
33 | 33 | * Added switch --mobile to imitate a mobile device through HTTP User-Agent header. |
34 | 34 |
|
35 | 35 | # Version 0.9 (2011-04-10) |
36 | 36 |
|
37 | 37 | * Rewritten SQL injection detection engine. |
38 | | -* Support to directly connect to the database without passing via a SQL injection, option ```-d```. |
| 38 | +* Support to directly connect to the database without passing via a SQL injection, option `-d`. |
39 | 39 | * Added full support for both time-based blind SQL injection and error-based SQL injection techniques. |
40 | 40 | * Implemented support for SQLite 2 and 3. |
41 | 41 | * Implemented support for Firebird. |
42 | 42 | * Implemented support for Microsoft Access, Sybase and SAP MaxDB. |
43 | | -* Extended old ```--dump -C``` functionality to be able to search for specific database(s), table(s) and column(s), option ```--search```. |
44 | | -* Added support to tamper injection data with option ```--tamper```. |
| 43 | +* Extended old `--dump -C` functionality to be able to search for specific database(s), table(s) and column(s), option `--search`. |
| 44 | +* Added support to tamper injection data with option `--tamper`. |
45 | 45 | * Added automatic recognition of password hashes format and support to crack them with a dictionary-based attack. |
46 | 46 | * Added support to enumerate roles on Oracle, --roles switch. |
47 | 47 | * Added support for SOAP based web services requests. |
48 | 48 | * Added support to fetch unicode data. |
49 | | -* Added support to use persistent HTTP(s) connection for speed improvement, switch ```--keep-alive```. |
| 49 | +* Added support to use persistent HTTP(s) connection for speed improvement, switch `--keep-alive`. |
50 | 50 | * Implemented several optimization switches to speed up the exploitation of SQL injections. |
51 | 51 | * Support to test and inject against HTTP Referer header. |
52 | | -* Implemented HTTP(s) proxy authentication support, option ```--proxy-cred```. |
| 52 | +* Implemented HTTP(s) proxy authentication support, option `--proxy-cred`. |
53 | 53 | * Implemented feature to speedup the enumeration of table names. |
54 | 54 | * Support for customizable HTTP(s) redirections. |
55 | | -* Support to replicate the back-end DBMS tables structure and entries in a local SQLite 3 database, switch ```--replicate```. |
56 | | -* Support to parse and test forms on target url, switch ```--forms```. |
57 | | -* Added switches to brute-force tables names and columns names with a dictionary attack, ```--common-tables``` and ```--common-columns```. Useful for instance when system table ```information_schema``` is not available on MySQL. |
58 | | -* Basic support for REST-style URL parameters by using the asterisk (```*```) to mark where to test for and exploit SQL injection. |
59 | | -* Added safe URL feature, ```--safe-url``` and ```--safe-freq```. |
60 | | -* Added switch ```--text-only``` to strip from the HTTP response body the HTML/JS code and compare pages based only on their textual content. |
| 55 | +* Support to replicate the back-end DBMS tables structure and entries in a local SQLite 3 database, switch `--replicate`. |
| 56 | +* Support to parse and test forms on target url, switch `--forms`. |
| 57 | +* Added switches to brute-force tables names and columns names with a dictionary attack, `--common-tables` and `--common-columns`. Useful for instance when system table `information_schema` is not available on MySQL. |
| 58 | +* Basic support for REST-style URL parameters by using the asterisk (`*`) to mark where to test for and exploit SQL injection. |
| 59 | +* Added safe URL feature, `--safe-url` and `--safe-freq`. |
| 60 | +* Added switch `--text-only` to strip from the HTTP response body the HTML/JS code and compare pages based only on their textual content. |
61 | 61 | * Implemented few other features and switches. |
62 | 62 | * Over 100 bugs fixed. |
63 | 63 | * Major code refactoring. |
64 | 64 | * User's manual updated. |
65 | 65 |
|
66 | 66 | # Version 0.8 (2010-03-14) |
67 | 67 |
|
68 | | -* Support to enumerate and dump all databases' tables containing user provided column(s) by specifying for instance ```--dump -C user,pass```. Useful to identify for instance tables containing custom application credentials. |
69 | | -* Support to parse ```-C``` (column name(s)) when fetching columns of a table with ```--columns```: it will enumerate only columns like the provided one(s) within the specified table. |
| 68 | +* Support to enumerate and dump all databases' tables containing user provided column(s) by specifying for instance `--dump -C user,pass`. Useful to identify for instance tables containing custom application credentials. |
| 69 | +* Support to parse `-C` (column name(s)) when fetching columns of a table with `--columns`: it will enumerate only columns like the provided one(s) within the specified table. |
70 | 70 | * Support for takeover features on PostgreSQL 8.4. |
71 | | -* Enhanced ```--priv-esc``` to rely on new Metasploit Meterpreter's 'getsystem' command to elevate privileges of the user running the back-end DBMS instance to SYSTEM on Windows. |
72 | | -* Automatic support in ```--os-pwn``` to use the web uploader/backdoor to upload and execute the Metasploit payload stager when stacked queries SQL injection is not supported, for instance on MySQL/PHP and MySQL/ASP, but there is a writable folder within the web server document root. |
73 | | -* Fixed web backdoor functionality for ```--os-cmd```, ```--os-shell``` and ```--os-pwn``` useful when web application does not support stacked queries. |
74 | | -* Added support to properly read (```--read-file```) also binary files via PostgreSQL by injecting sqlmap new ```sys_fileread()``` user-defined function. |
| 71 | +* Enhanced `--priv-esc` to rely on new Metasploit Meterpreter's 'getsystem' command to elevate privileges of the user running the back-end DBMS instance to SYSTEM on Windows. |
| 72 | +* Automatic support in `--os-pwn` to use the web uploader/backdoor to upload and execute the Metasploit payload stager when stacked queries SQL injection is not supported, for instance on MySQL/PHP and MySQL/ASP, but there is a writable folder within the web server document root. |
| 73 | +* Fixed web backdoor functionality for `--os-cmd`, `--os-shell` and `--os-pwn` useful when web application does not support stacked queries. |
| 74 | +* Added support to properly read (`--read-file`) also binary files via PostgreSQL by injecting sqlmap new `sys_fileread()` user-defined function. |
75 | 75 | * Updated active fingerprint and comment injection fingerprint for MySQL 5.1, MySQL 5.4 and MySQL 5.5. |
76 | 76 | * Updated active fingerprint for PostgreSQL 8.4. |
77 | | -* Support for NTLM authentication via python-ntlm third party library, http://code.google.com/p/python-ntlm/, ```--auth-type NTLM```. |
78 | | -* Support to automatically decode ```deflate```, ```gzip``` and ```x-gzip``` HTTP responses. |
79 | | -* Support for Certificate authentication, ```--auth-cert``` option added. |
80 | | -* Added support for regular expression based scope when parsing Burp or Web Scarab proxy log file (```-l```), ```--scope```. |
81 | | -* Added option ```-r``` to load a single HTTP request from a text file. |
82 | | -* Added switch ```--ignore-proxy``` to ignore the system default HTTP proxy. |
83 | | -* Added support to ignore Set-Cookie in HTTP responses, ```--drop-set-cookie```. |
84 | | -* Added support to specify which Google dork result page to parse, ```--gpage``` to be used together with ```-g```. |
85 | | -* Major bug fix and enhancements to the multi-threading (```--threads```) functionality. |
| 77 | +* Support for NTLM authentication via python-ntlm third party library, http://code.google.com/p/python-ntlm/, `--auth-type NTLM`. |
| 78 | +* Support to automatically decode `deflate`, `gzip` and `x-gzip` HTTP responses. |
| 79 | +* Support for Certificate authentication, `--auth-cert` option added. |
| 80 | +* Added support for regular expression based scope when parsing Burp or Web Scarab proxy log file (`-l`), `--scope`. |
| 81 | +* Added option `-r` to load a single HTTP request from a text file. |
| 82 | +* Added switch `--ignore-proxy` to ignore the system default HTTP proxy. |
| 83 | +* Added support to ignore Set-Cookie in HTTP responses, `--drop-set-cookie`. |
| 84 | +* Added support to specify which Google dork result page to parse, `--gpage` to be used together with `-g`. |
| 85 | +* Major bug fix and enhancements to the multi-threading (`--threads`) functionality. |
86 | 86 | * Fixed URL encoding/decoding of GET/POST parameters and Cookie header. |
87 | | -* Refactored ```--update``` to use ```python-svn``` third party library if available or ```svn``` command to update sqlmap to the latest development version from subversion repository. |
| 87 | +* Refactored `--update` to use `python-svn` third party library if available or `svn` command to update sqlmap to the latest development version from subversion repository. |
88 | 88 | * Major bugs fixed. |
89 | 89 | * Cleanup of UDF source code repository, https://svn.sqlmap.org/sqlmap/trunk/sqlmap/extra/udfhack. |
90 | 90 | * Major code cleanup. |
|
0 commit comments