Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit d9e540e

Browse files
stamparmstamparm
committed
Couple of minor patches
1 parent e0ad99d commit d9e540e

5 files changed

Lines changed: 29 additions & 15 deletions

File tree

lib/controller/controller.py

Lines changed: 11 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -413,14 +413,17 @@ def start():
413413
parseTargetUrl()
414414

415415
else:
416-
message += "\ndo you want to test this URL? [Y/n/q]"
417-
choice = readInput(message, default='Y').upper()
418-
419-
if choice == 'N':
420-
dataToStdout(os.linesep)
421-
continue
422-
elif choice == 'Q':
423-
break
416+
if not conf.scope:
417+
message += "\ndo you want to test this URL? [Y/n/q]"
418+
choice = readInput(message, default='Y').upper()
419+
420+
if choice == 'N':
421+
dataToStdout(os.linesep)
422+
continue
423+
elif choice == 'Q':
424+
break
425+
else:
426+
pass
424427

425428
infoMsg = "testing URL '%s'" % targetUrl
426429
logger.info(infoMsg)

lib/core/option.py

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -425,6 +425,9 @@ def _setBulkMultipleTargets():
425425

426426
found = False
427427
for line in getFileItems(conf.bulkFile):
428+
if conf.scope and not re.search(conf.scope, line, re.I):
429+
continue
430+
428431
if re.match(r"[^ ]+\?(.+)", line, re.I) or kb.customInjectionMark in line:
429432
found = True
430433
kb.targets.add((line.strip(), conf.method, conf.data, conf.cookie, None))

lib/core/testing.py

Lines changed: 12 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -41,18 +41,20 @@ def vulnTest():
4141
TESTS = (
4242
("-h", ("to see full list of options run with '-hh'",)),
4343
("-u <url> --flush-session --wizard --check-internet", ("Please choose:", "back-end DBMS: SQLite", "current user is DBA: True", "banner: '3.", "~no connection detected")),
44+
("--dependencies", ("sqlmap requires", "third-party library")),
4445
(u"-c <config> --flush-session --sql-query=\"SELECT '\u0161u\u0107uraj'\" --technique=U", (u": '\u0161u\u0107uraj'",)),
4546
(u"-u <url> --flush-session --sql-query=\"SELECT '\u0161u\u0107uraj'\" --technique=B --no-escape --string=luther --unstable", (u": '\u0161u\u0107uraj'",)),
4647
("--dummy", ("all tested parameters do not appear to be injectable", "does not seem to be injectable", "there is not at least one", "~might be injectable")),
4748
("--list-tampers", ("between", "MySQL", "xforwardedfor")),
48-
("-r <request> --flush-session -v 5", ("CloudFlare", "possible DBMS: 'SQLite'", "User-agent: foobar")),
49+
("-r <request> --flush-session -v 5 --test-skip='heavy' --save=<tmp>", ("CloudFlare", "possible DBMS: 'SQLite'", "User-agent: foobar", "~Type: time-based blind")),
4950
("-l <log> --flush-session --keep-alive --skip-waf -v 5 --technique=U --union-from=users --banner --parse-errors", ("banner: '3.", "ORDER BY term out of range", "~xp_cmdshell", "Connection: keep-alive")),
5051
("-l <log> --offline --banner -v 5", ("banner: '3.", "~[TRAFFIC OUT]")),
52+
("-u <url> --flush-session --banner --technique=B --first=1 --last=2", ("banner: '3.'",)),
5153
("-u <url> --flush-session --encoding=ascii --forms --crawl=2 --threads=2 --banner", ("total of 2 targets", "might be injectable", "Type: UNION query", "banner: '3.")),
5254
("-u <url> --flush-session --data='{\"id\": 1}' --banner", ("might be injectable", "3 columns", "Payload: {\"id\"", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", "banner: '3.")),
5355
("-u <url> --flush-session -H 'Foo: Bar' -H 'Sna: Fu' --data='<root><param name=\"id\" value=\"1*\"/></root>' --union-char=1 --mobile --answers='smartphone=3' --banner --smart -v 5", ("might be injectable", "Payload: <root><param name=\"id\" value=\"1", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", "banner: '3.", "Nexus", "Sna: Fu", "Foo: Bar")),
54-
("-u <url> --flush-session --method=PUT --data='a=1&b=2&c=3&id=1' --skip-static --dump -T users --start=1 --stop=2", ("might be injectable", "Parameter: id (PUT)", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", "2 entries")),
55-
("-u <url> --flush-session -H 'id: 1*' --tables", ("might be injectable", "Parameter: id #1* ((custom) HEADER)", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", " users ")),
56+
("-u <url> --flush-session --method=PUT --data='a=1&b=2&c=3&id=1' --skip-static --har=<tmp> --dump -T users --start=1 --stop=2", ("might be injectable", "Parameter: id (PUT)", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", "2 entries")),
57+
("-u <url> --flush-session -H 'id: 1*' --tables -t <tmp>", ("might be injectable", "Parameter: id #1* ((custom) HEADER)", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", " users ")),
5658
("-u <url> --flush-session --banner --invalid-logical --technique=B --predict-output --test-filter='OR boolean' --tamper=space2dash", ("banner: '3.", " LIKE ")),
5759
("-u <url> --flush-session --cookie=\"PHPSESSID=d41d8cd98f00b204e9800998ecf8427e; id=1*; id2=2\" --tables --union-cols=3", ("might be injectable", "Cookie #1* ((custom) HEADER)", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", " users ")),
5860
("-u <url> --flush-session --null-connection --technique=B --tamper=between,randomcase --banner", ("NULL connection is supported with HEAD method", "banner: '3.")),
@@ -120,9 +122,15 @@ def _thread():
120122
dataToStdout("\r[%s] [INFO] complete: %s" % (time.strftime("%X"), status))
121123

122124
cmd = "%s %s %s --batch --non-interactive" % (sys.executable, os.path.abspath(os.path.join(os.path.dirname(__file__), "..", "..", "sqlmap.py")), options.replace("<url>", url).replace("<direct>", direct).replace("<request>", request).replace("<log>", log).replace("<config>", config))
125+
126+
if "<tmp>" in cmd:
127+
handle, tmp = tempfile.mkstemp()
128+
os.close(handle)
129+
cmd = cmd.replace("<tmp>", tmp)
130+
123131
output = shellExec(cmd)
124132

125-
if not all((check in output if not check.startswith('~') else check[1:] not in output) for check in checks):
133+
if not all((check in output if not check.startswith('~') else check[1:] not in output) for check in checks) or "unhandled exception" in output:
126134
dataToStdout("---\n\n$ %s\n" % cmd)
127135
dataToStdout("%s---\n" % clearColors(output))
128136
retVal = False

lib/parse/cmdline.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -683,7 +683,7 @@ def cmdLineParser(argv=None):
683683
help="Save options to a configuration INI file")
684684

685685
general.add_argument("--scope", dest="scope",
686-
help="Regexp to filter targets from provided proxy log")
686+
help="Regexp for filtering targets")
687687

688688
general.add_argument("--skip-waf", dest="skipWaf", action="store_true",
689689
help="Skip heuristic detection of WAF/IPS protection")

lib/techniques/blind/inference.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -139,7 +139,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
139139
firstChar = len(partialValue)
140140
elif re.search(r"(?i)(\b|CHAR_)(LENGTH|LEN)\(", expression):
141141
firstChar = 0
142-
elif (kb.fileReadMode or dump) and conf.firstChar is not None and (isinstance(conf.firstChar, int) or (hasattr(conf.firstChar, "isdigit") and conf.firstChar.isdigit())):
142+
elif conf.firstChar is not None and (isinstance(conf.firstChar, int) or (hasattr(conf.firstChar, "isdigit") and conf.firstChar.isdigit())):
143143
firstChar = int(conf.firstChar) - 1
144144
if kb.fileReadMode:
145145
firstChar <<= 1
@@ -150,7 +150,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
150150

151151
if re.search(r"(?i)(\b|CHAR_)(LENGTH|LEN)\(", expression):
152152
lastChar = 0
153-
elif dump and conf.lastChar is not None and (isinstance(conf.lastChar, int) or (hasattr(conf.lastChar, "isdigit") and conf.lastChar.isdigit())):
153+
elif conf.lastChar is not None and (isinstance(conf.lastChar, int) or (hasattr(conf.lastChar, "isdigit") and conf.lastChar.isdigit())):
154154
lastChar = int(conf.lastChar)
155155
elif hasattr(lastChar, "isdigit") and lastChar.isdigit() or isinstance(lastChar, int):
156156
lastChar = int(lastChar)

0 commit comments

Comments
 (0)