Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit c243c5f

Browse files
stamparmstamparm
committed
Implementing --skip-heuristics (#4414)
1 parent a35fc71 commit c243c5f

5 files changed

Lines changed: 16 additions & 1 deletion

File tree

lib/controller/checks.py

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -876,8 +876,12 @@ def heuristicCheckDbms(injection):
876876
to identify with a simple DBMS specific boolean-based test what the DBMS
877877
may be
878878
"""
879+
879880
retVal = False
880881

882+
if conf.skipHeuristics:
883+
return retVal
884+
881885
pushValue(kb.injection)
882886
kb.injection = injection
883887

@@ -1031,6 +1035,9 @@ def checkFilteredChars(injection):
10311035
kb.injection = popValue()
10321036

10331037
def heuristicCheckSqlInjection(place, parameter):
1038+
if conf.skipHeuristics:
1039+
return None
1040+
10341041
if kb.heavilyDynamic:
10351042
debugMsg = "heuristic check skipped because of heavy dynamicity"
10361043
logger.debug(debugMsg)

lib/core/optiondict.py

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -228,6 +228,7 @@
228228
"repair": "boolean",
229229
"saveConfig": "string",
230230
"scope": "string",
231+
"skipHeuristics": "boolean",
231232
"skipWaf": "boolean",
232233
"testFilter": "string",
233234
"testSkip": "string",

lib/core/settings.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@
1818
from thirdparty.six import unichr as _unichr
1919

2020
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
21-
VERSION = "1.4.11.3"
21+
VERSION = "1.4.11.4"
2222
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
2323
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
2424
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

lib/parse/cmdline.py

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -700,6 +700,9 @@ def cmdLineParser(argv=None):
700700
general.add_argument("--scope", dest="scope",
701701
help="Regexp for filtering targets")
702702

703+
general.add_argument("--skip-heuristics", dest="skipHeuristics", action="store_true",
704+
help="Skip heuristic detection of SQLi/XSS vulnerabilities")
705+
703706
general.add_argument("--skip-waf", dest="skipWaf", action="store_true",
704707
help="Skip heuristic detection of WAF/IPS protection")
705708

sqlmap.conf

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -787,6 +787,10 @@ repair = False
787787
# Example: (google|yahoo)
788788
scope =
789789

790+
# Skip heuristic detection of SQLi/XSS vulnerabilities.
791+
# Valid: True or False
792+
skipHeuristics = False
793+
790794
# Skip heuristic detection of WAF/IPS protection.
791795
# Valid: True or False
792796
skipWaf = False

0 commit comments

Comments
 (0)